XML-RPC has been the method of choice for many hackers. The term may sound too technical for a majority of WordPress users but in short, XML-RPC an API that allows you to publish posts without having to be logged in to your WordPress admin. The benefits of XML-RPC is that it allows third-party applications like JetPack to push content and commands to your WordPress site, creating a more streamlined experience for users like yourself. Read more
https://zenwp.co/wp-content/uploads/2019/09/xml-rpc.png3021003Joel Runionhttps://zenwp.co/wp-content/uploads/2017/08/logo2017darkmedmargin.pngJoel Runion2019-10-18 17:53:082019-10-18 17:53:08Disable XML-RPC API in WordPress
When websites are hacked, lines of code are typically injected into existing files through the WordPress admin. If you become the unfortunate victim of a hack, you can still prevent the most common attacks by preventing anyone from editing your files – your last line of defense when the worst happens. Read more
Most of the time, when you set up a new WordPress site, you’re set up with an administrator account whose username is “admin.” It’s the default setting for WordPress. This is problematic for a number of reasons. Read more
https://zenwp.co/wp-content/uploads/2019/08/Dont-Use-Admin-As-Your-Username.png7201280Joel Runionhttps://zenwp.co/wp-content/uploads/2017/08/logo2017darkmedmargin.pngJoel Runion2019-08-09 06:48:292019-08-09 06:51:13Don't Use Admin As Your Username
Every WordPress database table is prefixed with wp_ by default. This means that if there is a theme, plugin, or a version of WordPress with a vulnerability, hackers can run automated attacks across tens of thousands of websites that use the particular software and target their databases by referencing the standard database prefix. But if you change your WordPress database table prefix, you can avoid scenarios like this and have a second layer of defense against such attacks.
If you’re using a plugin that provides some level of protection or monitors all login attempt activity such as Loginizer, you might be getting tons of email notifications about failed login attempts. If it’s really bad, you might be getting hundreds of these email notifications every week.
https://zenwp.co/wp-content/uploads/2018/09/Image-for-Hide-the-WordPress-Login-URL-Article.jpeg7801410Joel Runionhttps://zenwp.co/wp-content/uploads/2017/08/logo2017darkmedmargin.pngJoel Runion2018-09-21 06:58:472018-09-21 07:23:27Hide the WordPress Login URL - The Best Plugins
The most common hacking method is nothing sophisticated or new. It’s the attempt at guessing your username and password. Unfortunately, many users leave their username vulnerable by leaving it as the default “admin.”
In this article, we’ll go through the ways in which you can secure your administrator user account, more specifically the username. We have a separate article written that dives deeper into the password which you can read here.
https://zenwp.co/wp-content/uploads/2018/02/Securing-the-WordPress-Admin-User-From-Unauthorized-Access.png10022096Joel Runionhttps://zenwp.co/wp-content/uploads/2017/08/logo2017darkmedmargin.pngJoel Runion2018-02-02 21:34:472018-03-19 20:20:43Securing the WordPress Admin User From Unauthorized Access
In my webinars, I always get questions about security. It always seems like the people whose WordPress sites get hacked believe that it happened through some sort of unknown vulnerability that’s beyond their technical comprehension. Though it is true that outdated software does leave vulnerabilities open, in many of my observations, I found that these same users did not follow basic security protocols like using a strong password.
Here’s a real story: I had a client several years back whose website constantly got hacked. So they came to me for help. The name of their company was Sons X, where X represents what their business did, for example, Sons Window Cleaning or Sons Automotive. I omitted their full business name for their privacy. They were using a firewall (as should everyone) so they were confused as to how they were getting hacked more often than their peers.
After they began to work with me, I immediately found a red flag. Their admin credentials were:
https://zenwp.co/wp-content/uploads/2017/09/strong-password.png8842070Joel Runionhttps://zenwp.co/wp-content/uploads/2017/08/logo2017darkmedmargin.pngJoel Runion2017-09-11 14:07:302018-03-19 20:22:44Make Sure You Use a Strong Password & Why Your Weak Password Can Be Guessed in Less Than One Second
Two-Factor Authentication is one of the few guaranteed security methods that every WordPress website should use. The method is popular among many websites (WordPress or non-WordPress) that take security seriously such as banks because it ensures that unauthorized users will not be able to access your account, even if they have your password.
So why is it so secure? Two-Factor Authentication relies on two elements in order for someone to login:
Using a firewall for your WordPress website is the best way to protect yourself against any hacking attempts. The reason why firewalls are so effective is because they can be used to deny access to your website if the visitor does not belong there. This means that the potential hacker will not even have an opportunity to compromise your website.
https://zenwp.co/wp-content/uploads/2017/02/Firewall-2.png6571897Joel Runionhttps://zenwp.co/wp-content/uploads/2017/08/logo2017darkmedmargin.pngJoel Runion2017-03-01 05:52:592017-12-18 18:25:47WordPress Firewall - What They Are and Installation Guide
In a basic scenario where your WordPress login password is as simple as “password1” and a bot is making attempts to guess your password, it would probably take less than 2 billion attempts to get it right, which would take only a couple of seconds, depending on your server. One of the best ways to combat this is to simply lock out users who have guessed their passwords incorrectly too many times. Limit login attempts on your site through the use of simple plugins.
https://zenwp.co/wp-content/uploads/2016/12/Limit-Login-Attempts.png624934Joel Runionhttps://zenwp.co/wp-content/uploads/2017/08/logo2017darkmedmargin.pngJoel Runion2017-01-02 06:46:402017-12-18 18:49:49Limit Login Attempts on Your WordPress Site