WordPress security mistakes are easy to make. The most common mistakes in your WordPress security can be based on outdated information, common WordPress security myths or just not knowing WordPress security best practices. While WordPress itself is secure, avoiding...
Forbidden from accessing your own WordPress website?It’s frustrating and most of the time, you’ll find yourself trying out a number of solutions that don’t work. This is because the causes and solutions for the 403 error differ based on various circumstances.In...
WordPress 5.6 Beta 1 is now available for testing! This software is still in development, so we recommend that you run this version on a test site. You can test the WordPress 5.6 beta in two ways: The current target for final release is December 8, 2020. This is...
The global pandemic has turned the world of work upside down. Commuting to the workplace is no longer a daily habit for up to 40% of the workforce. What’s more, it’s a trend set to stay in place long after the scientific community has found an effective treatment or...
On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the...
Sometimes our WordPress plugin users need to create an Admin user account for their sites. In this tutorial I will share a small PHP code with you that can be used to create a WordPress Administrator user to your site. Alternatively, you can also create a WordPress...
On September 9, 2020, our Threat Intelligence team discovered a vulnerability in Child Theme Creator by Orbisius, a WordPress plugin installed on over 30,000 sites. This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify...
Worried that shifting your WordPress site to an online server won’t work?You’re right to be. If migration is done incorrectly, it could cause errors that are hard to detect and resolve. Many give up on moving WordPress from a localhost to a server because it’s...
Struggling to access your WordPress admin?If you can’t access WordPress admin of your site, it spells a world of trouble. You won’t be able to make changes to your website or fix any errors. But worse, it could mean that a hacker has taken control of your site and...
In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we will cover Away Mode, a cool feature to create...
Frustrated by the error ‘This Site is Experiencing Technical Difficulties’ on your WordPress site? We’ve been there too. Considering this error doesn’t give you details of what’s wrong, it becomes difficult to pinpoint the cause and fix it. In the meantime,...
Tempted to use a nulled WordPress themes or plugins? Before you install them on your WordPress site, there are consequences you should consider.Although it’s free upfront, nulled software (better known as pirated software) can cost you a lot. It can cost you...
A vulnerability discovered by the Wordfence Threat Intelligence team in the WPBakery plugin exposes over 4 million sites. High severity vulnerabilities were discovered in the Post Grid and Team Showcase plugins. The online avatar service Gravatar, has been exposed to...
We all know that plenty of WordPress sites are getting hacked each year. Is it because WordPress is an insecure system? Is it a global WordPress issue, or does it come from those webmasters’ actions? How, and why is it happening? Whether you are running a personal...
We are happy to announce the launch of WP Activity Log 4.1.4. This update includes a lot of improvements, and is particularly important for Yoast SEO plugin users. From now on the activity log for Yoast SEO functionality will be available through an extension. With...
On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites. This flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript...
In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we will cover the iThemes Security Pro WordPress Security Logs,...
On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with over 60,000 installations. While investigating one of these vulnerabilities, we discovered that almost identical vulnerabilities were...
We already know the security of your site is important.But this is an undertaking that is hard to do properly without the expertise of a website professional who truly specializes in website security (and backups). Finding the right expert is equally as important, as...
Shopify reports that two rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers’ earnings. Symantec reports that a state-sponsored...
A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of...