WordPress Security Tips: Check if the login form is protected by captcha test
Wordpress Security: Using a captcha test on your login form to prevent brute-force attacks and prevent some 0-day exploits from gaining access to your site.
Wordpress Security: Using a captcha test on your login form to prevent brute-force attacks and prevent some 0-day exploits from gaining access to your site.
Security keys are used to ensure better encryption of information stored in the user’s cookies and hashed passwords. You don’t have to remember these keys. In fact once you set them you’ll never see them again. Therefore there’s no excuse for not setting them properly. Security keys (there are eight) are defined in wp-config.php as […]
By default on failed login attempts WordPress will tell you whether username or password is wrong. An attacker can use that to find out which usernames are active on your system and then use brute-force methods to hack the password. The solution to this problem is simple. Whether user enters wrong username or wrong password […]
As with the WordPress version it’s not wise to disclose the exact PHP version you’re using because it makes the job of attacking your site much easier. This issue is not directly WP related but it definitely affects your site. You’ll most probably have to ask your hosting company to configure the HTTP server not […]
You should be proud that your site is powered by WordPress but also hide the exact version you’re using. readme.html contains WP version info and if left on the default location (WP root) attackers can easily find out your WP version. This is a very easy problem to solve. Rename the file to something more […]
You should be proud that your site is powered by WordPress and there’s no need to hide that information. However disclosing the full WP version info in the default location (page header meta) is not wise. People with bad intentions can easily use Google to find site’s that use a specific version of WordPress and […]
As with the WordPress core, keeping the theme up to date is one of the most important and easier way to keep your site secure. Since many themes are free and therefore their code is available to anyone, having the latest version will ensure you’re not prone to attacks based on known vulnerabilities. If you […]
Did you know that around 75% of all WordPress sites are easy to hack? This is usually because whoever set up the site didn’t understand the tweaks that are required to strengthen WordPress. Please see our famous WordPress Hack Prevention Checklist for a list of what these tweaks are, if you want to do this […]
There is no such thing as an “unimportant password”! The same goes for WordPress database password. Although most servers are configured so that the database can’t be accessed from other hosts that doesn’t mean your database passsword should be “12345”. Choose a proper password, at least 8 characters long with a combination of letters, numbers […]
Your world is crashing down around you. Some <expletive deleted> person has got into your precious WordPress web site and ruined it. You want revenge, sure. But what you really NEED is to get your site cleaned up and working again. Here at Gecko Gully, we’ve cleaned up a LOT of web sites. WordPress and […]