Maintenance
How to Configure the HTTP Strict-Transport-Security (HSTS) Header in WordPress
In the modern web, securing data transmission is not just best practice—it’s essential. That’s where HTTP Strict Transport Security (HSTS) comes into play, particularly for WordPress site administrators who are serious about cybersecurity. Configuring the HSTS header on your WordPress website can appear daunting at first, but it is a vital step in fortifying your […]
Read More
MalCare Stands Strong Against Attacks Exploiting the Elementor Plugin v3.18.1 RCE Vulnerability
Recently, a critical vulnerability was discovered in the Elementor plugin, the popular page-building tool for WordPress. This vulnerability posed a significant risk to the millions of websites using the plugin worldwide. Here, we detail the nature of the vulnerability and how MalCare’s state-of-the-art Atomic Security provided a timely defense for all the WordPress sites it […]
Read More
Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall, two-factor authentication and more. We’ve just released Wordfence CLI 2.1.0 which includes […]
Read More
Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) vulnerability on your site, which allows attackers to execute malwares and steal your data, user […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were 109 vulnerabilities disclosed in 98 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence […]
Read More
Critical RCE Vulnerability Patched in Backup Migration Plugin
On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days later after users were given an opportunity to install the patch, although the official CVE is still locked down in “reserved” mode. Website administrators are advised to update to the […]
Read More
SiteLock Review: Is It Worth It?
Several comparison articles may place it in the limelight, but does SiteLock really deliver? Is it worth parting with your hard-earned cash for? More importantly, can it be the dependable guard your WordPress site needs? As seasoned WordPress security experts, we understand what makes a truly reliable security plugin stand out from the crowd. We […]
Read More
How to Configure the X-Content-Type-Options Header in WordPress
Securing your WordPress site is non-negotiable in an age where digital threats are evolving rapidly. Key players in your security lineup are HTTP security headers, and a star defender is the X-Content-Type-Options (XCTO) header. Configuring the XCTO header is a simple yet effective tactic that helps fortify your WordPress site’s defenses with just a few […]
Read More
4 Ways to Get WordPress PHP Error Logs
When working with WordPress, encountering errors is a common part of the development and maintenance process. However, the real challenge lies in accurately diagnosing and resolving these issues. One of the most effective tools at your disposal is the PHP error log. By using PHP error logs, you can gain invaluable insights into the underlying […]
Read More