Creating a WP 2FA tab within the WooCommerce My Account dashboard

https://www.wpwhitesecurity.com/how-to-add-2fa-woocommerce/

If you’re running an online business using WooCommerce, ensuring your site’s security is of paramount importance. While security requires a 360-degree approach with continuous monitoring, improving, testing, and hardening, low-hanging fruit such as user 2FA authentication can protect you from security breaches due to weak passwords. Thankfully, our WP 2FA plugin makes this a breeze. If you’re not already using it, I strongly suggest doing so today, so you can increase your site’s security in a matter of minutes. This article will show you how you can enhance your WooCommerce store’s security by adding our 2FA configuration form to a […]

Interview with Aurelio Volle, WP Umbrella CMO & Product Owner

https://www.wpwhitesecurity.com/interview-aurelio-volle-wordpress-auditing/

Aurelio Volle is the Chief Marketing Officer and Product Owner of LIVEN – the umbrella company that has brought us Image SEO Optimizer and WP Umbrella – a PHP errors, performance, and uptime monitoring service for WordPress. With 4 degrees to his name, he works as a lobbyist and university lecturer by day, while handling marketing and communications for LIVEN by night. With several successful WordPress projects under his belt, we had a socially distant conversation with Aurelio. We got to know him a little bit better while getting some insight into how WP Umbrella helps WordPress site administrators, what […]

Using the WPScan plugin to find vulnerabilities in your WordPress website

https://www.wpwhitesecurity.com/find-wordpress-vulnerabilities-using-wpscan/

Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that you are using on your website do not have any known vulnerabilities. Luckily, this task can be automated with WPScan, a free WordPress plugin. The WPScan plugin can find out if the software you are running has vulnerabilities by carrying out regular scans. It checks the results against a dedicated up-to-date database of vulnerabilities, and informs you if there are any vulnerabilities on your website, such as SQL Injection. If […]

WP WhiteSecurity acquires Advanced noCaptcha & invisible Captcha (v2 & v3)

https://www.wpwhitesecurity.com/advanced-nocaptcha-recaptcha-joins-wp-white-security/

We are happy to announce our first plugin acquisition as we pursue our mission to build value-driven WordPress security and admin plugins. This new acquisition will undoubtedly help us deliver more value to our customers. The Advanced noCaptcha & invisible Captcha plugin complements our existing portfolio, which offers a robust set of WordPress plugins designed to improve the security and administration of websites and users. Why a CAPTCHA plugin? Through this acquisition, we will be better positioned to offer the WordPress community more ways to stay secure and protect their websites’ forms and login pages from automated spam and malicious […]

Password Policy Manager for WordPress Update 2.4.1 – Weekly summary email & other improvements

https://www.wpwhitesecurity.com/ppmwp-2-4-1/

We are happy to announce update 2.4.1 of the Password Policy Manager for WordPress plugin. This update includes several new features and housekeeping updates designed to improve the plugin’s functionality, usability, and performance. Let’s dive right in to see what is new and improved in this update of our password security plugin for WordPress. What’s new? With update 2.4.1, we have sought to include additional security features designed to keep WordPress administrators informed and in control with the least amount of effort. With security becoming an increasingly important topic, we recognize that administrators need more robust tools to keep their […]

Why you should use a log management service?

https://www.wpwhitesecurity.com/why-use-log-management-service/

Logs provide the foundational data to support performance, user and technical monitoring on your WordPress sites and the web servers they run on and the services they use. Using logs, you can monitor user and system activity on your website and use the log data to understand who changed what and when. You can then use this log data to troubleshoot technical and administrative issues, increase user accountability, and improve the security of your WordPress site. Where logs really shine, however, is during troubleshooting. They are a bit like the flight data recorder or “black box” on an airliner. You […]

Exposed backup and unreferenced files and how to find them

https://www.wpwhitesecurity.com/how-to-find-exposed-backup-files/

Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe. From ensuring passwords meet specific criteria to hardening PHP, these processes can go a long way in helping you ensure you run a tight, clean ship. One thing that tends to get overlooked is exposed backup and unreferenced files. These files can pose a security risk that can easily be managed by following best practices. WordPress uses directories to organize information. All pages and media reside within this […]

Admin Notices Manager 1.2: Better visibility of the notices & more new features

https://www.wpwhitesecurity.com/anm-1-2-0/

We are happy to announce the release of update 1.2.0 for Admin Notices Manager. This update sees the introduction of a number of new features, improvements to existing functionality, and a bug fix, designed to improve the management of admin notices. Now let’s dive right in and see all the new features and improvements in update 1.2 of the Admin Notices Manager plugin. New features Admin Notices Manager is designed to help you manage admin notices in an easy-to-use, unobtrusive interface. By installing the Admin Notices Manager plugin, you can ensure you do not miss any important notifications, without letting […]

Applying the principle of least privilege for improved WordPress security

https://www.wpwhitesecurity.com/wordpress-security-principle-of-least-privileges/

The principle of least privilege for WordPress misses out on the big headlines when breaches, data loss and DoS attacks occur. Yet it is one of the most effective, if overlooked, security best practices for WordPress websites. In this blog post, we first define the principle of least privilege, then examine when and where it applies, the risks of not adopting it, and why many website developers still are not building it into their WordPress websites. We also share some practical recommendations, so that you can immediately begin to improve the security of your WordPress websites. This blog post includes […]

WordPress PCI compliance for e-commerce & business sites

https://www.wpwhitesecurity.com/wordpress-pci-compliance-ecommerce-business-sites/

If you have an e-commerce or business WordPress site, most probably you’ve already heard of PCI DSS and PCI compliance. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal or Stripe, there are still some regulatory requirements your website has to adhere to. We have prepared this definitive guide to WordPress PCI compliance for site owners to help you build a PCI DSS compliant website. In this guide we explain in detail all you […]