What are supply chain attacks and how can you guard against them? A supply chain attack is an attempt to break into your website, not via a backdoor or an exploit in a piece of code but instead exploiting a trusted relationship between software sellers or authors and their customers. In WordPress this usually means via
Category Archives: blog
Much of WordPress security focuses, quite rightly, on prevention methods. However, with WordPress backup in place, you can have a strategy in place to cope with a worst case scenario. With the best intentions and, even when following the best practice, in terms of security, it is still possible for almost any website to be
The importance of getting a proper WordPress security policy in place, including a backup plan for worst case scenarios, cannot be over stated. However, there are a few simple things you can do in the meantime to help make your WordPress install less vulnerable. 1.Ensure that your site is backed up. If you don’t already
There is some confusion amongst many folk about the different aspects of website security. What are the key components of website security – and, in particular, WordPress security? We try to clarify a free things here. This article does not attempt to deal with server security. That is beyond the scope of this page. Instead
A website with an SSL certificate configured for the domain starts with an https rather than an http – signifying that it uses SSL. If that SSL is properly configured, you might also see a little symbol of a closed padlock. But what does this actually mean ? There is some confusion around what exactly
Cloudflare offers a Cloud based Web Application Firewall (WAF) as a means to setup a WordPress Firewall. This means your website traffic is routed through their web-based firewall, where traffic is filtered according to their firewall rules. This sounds great. However, there are 2 flaws in this approach: 1. The re-routing of your website traffic
Hosting is hosting – right? Wrong. Not all hosting is the same. All webservers are not the same. They come in many types, loads of versions and thousands of different configurations. WordPress hosting is hosting on a webserver that has been specifically designed and configured to provide optimised WordPress hosting, enhanced WordPress security and an
“Rubbish”, I hear people say, indignantly. “Elitist claptrap! Anyone can use WordPress and create a great looking site in a few minutes!” We beg to differ and here’s why. It’s a natural and forgivable mistake but a mistake none the less to think that any WordPress project beyond a simple brochure site could be developed
With cars being the obvious analogy for talking about speed and WordPress, all WordPress sites are really a kit car. There’s no such thing as a Ferrari or Porsche with a WordPress site. In other words, a factory manufactured fast WordPress site. You can’t simply buy a fast site – you have to build it.
Website security was, for a long time, a problem to solve for the webmasters of big corporate sites, ecommerce sites or other mission critical sites. Today it affects every website from the smallest blog to the biggest retailer. In the last few years the Internet has seen an exponential rise in malicious activity against websites.
We have been banging on for years about the importance of adding extra levels of security hardening to WordPress sites, keeping everything up to date and monitoring the activity on the site in real time. This week, in the news, an example of a site being hacked where that was not done, has been in