Category Archive: General Security
This entry was posted in General Security, Wordfence, WordPress Security on December 10, 2018 by Mark Maunder 3 Replies
This weekend I had a really fun conversation with Doc Pop from Torque Magazine. Torque is a great news source for WordPress news. They are part of WP Engine, but maintain editorial independence. I chatted with Doc in Nashville, in the Music City Center where WordCamp US was being held. Music City Center is an …
Read More
This entry was posted in General Security, WordPress Security on October 30, 2018 by Mark Maunder 0 Replies
WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, …
Read More
This entry was posted in General Security, WordPress Security on October 02, 2018 by Mikey Veenstra 20 Replies
Considering the amount of malicious activity that takes place on the internet, it’s no surprise that successful attacks on WordPress sites are launched across a wide variety of vectors. Whether outdated plugin code is to blame, or password reuse, or any number of other security flaws, no site owner sets out to introduce a vulnerability …
Read More
This entry was posted in General Security, WordPress Security on September 18, 2018 by Mikey Veenstra 13 Replies
Last week’s article covering the decision to distrust Symantec-issued TLS certificates generated a great response from our readers. One common question we received, and one that pops up just about any time SSL/TLS comes up, is how to determine when a site does and does not need such a certificate. Spoiler: Your site should probably …
Read More
This entry was posted in General Security on September 13, 2018 by James 7 Replies
This is a final reminder that legacy TLS certificates issued by Symantec, including those issued by authorities like Thawte, Geotrust, and RapidSSL which used Symantec as a central authority, will be distrusted by both Google Chrome and Mozilla Firefox beginning in October. Apple products have partially distrusted these certificates and plan to also distrust the full …
Read More
This entry was posted in General Security, Vulnerabilities on September 06, 2018 by Mikey Veenstra 2 Replies
In an advisory published yesterday, Mozilla disclosed the presence of nine security flaws in Firefox 61 which have been patched in the latest release of the browser. Some of the bugs are severe, but at this time do not appear to be receiving attacks in the wild. To protect yourself as a Firefox user, ensure …
Read More
This entry was posted in General Security, Learning on July 10, 2018 by Mikey Veenstra 7 Replies
In the context of cybersecurity, the adage “An ounce of prevention is worth a pound of cure” is a massive understatement. Make no mistake, the easiest way to handle a security incident is to prevent it from ever happening in the first place. We continually remind our readers about security best practices because the time …
Read More
This entry was posted in General Security, Research, WordPress Security on June 26, 2018 by Mikey Veenstra 4 Replies
Last spring, after discussing the tools and tech used by our team, we published a list of 51 Tools for Security Analysts. The article was well-received, and the comments offered some great suggestions to top it all off. In the spirit of that list we’d like to offer our updated 2018 edition, featuring the Defiant …
Read More
This entry was posted in General Security, WordPress Security on April 03, 2018 by Mark Maunder 31 Replies
I recently got a call from a friend I haven’t seen for a while asking me if I’d like to grab a coffee. He had a few questions about whether WordPress is secure. I’m always looking for an excuse to visit the hip Georgetown neighborhood just south of Seattle, so I jumped at the chance. …
Read More
This entry was posted in General Security on March 29, 2018 by Dan Moen 6 Replies
Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected – about 9% of …
Read More
Protect your websites with the #1 WordPress Security Plugin
Get Premium
Over 90 million downloads