Disable XML-RPC API in WordPress

Cover Image: XML RPC Article

XML-RPC has been the method of choice for many hackers. The term may sound too technical for a majority of WordPress users but in short, XML-RPC an API that allows you to publish posts without having to be logged in to your WordPress admin. The benefits of XML-RPC is that it allows third-party applications like JetPack to push content and commands to your WordPress site, creating a more streamlined experience for users like yourself. Read more

How to Disable File Editing

Image: File Editing

When websites are hacked, lines of code are typically injected into existing files through the WordPress admin. If you become the unfortunate victim of a hack, you can still prevent the most common attacks by preventing anyone from editing your files – your last line of defense when the worst happens. Read more

Don’t Use Admin As Your Username

Image: Dont Use Admin As Your Username

Most of the time, when you set up a new WordPress site, you’re set up with an administrator account whose username is “admin.” It’s the default setting for WordPress. This is problematic for a number of reasons. Read more

How to Change the WordPress Database Prefix

Image: WordPress Database Table Prefix

Every WordPress database table is prefixed with wp_ by default. This means that if there is a theme, plugin, or a version of WordPress with a vulnerability, hackers can run automated attacks across tens of thousands of websites that use the particular software and target their databases by referencing the standard database prefix. But if you change your WordPress database table prefix, you can avoid scenarios like this and have a second layer of defense against such attacks.

Read more

Securing the WordPress Admin User From Unauthorized Access

Securing the WordPress Admin User From Unauthorized Access

The most common hacking method is nothing sophisticated or new. It’s the attempt at guessing your username and password. Unfortunately, many users leave their username vulnerable by leaving it as the default “admin.”

In this article, we’ll go through the ways in which you can secure your administrator user account, more specifically the username. We have a separate article written that dives deeper into the password which you can read here.

Read more

Make Sure You Use a Strong Password & Why Your Weak Password Can Be Guessed in Less Than One Second

strong password

In my webinars, I always get questions about security. It always seems like the people whose WordPress sites get hacked believe that it happened through some sort of unknown vulnerability that’s beyond their technical comprehension. Though it is true that outdated software does leave vulnerabilities open, in many of my observations, I found that these same users did not follow basic security protocols like using a strong password.

Here’s a real story: I had a client several years back whose website constantly got hacked. So they came to me for help. The name of their company was Sons X, where X represents what their business did, for example, Sons Window Cleaning or Sons Automotive. I omitted their full business name for their privacy. They were using a firewall (as should everyone) so they were confused as to how they were getting hacked more often than their peers.

After they began to work with me, I immediately found a red flag. Their admin credentials were:

Read more

Use Two-Factor Authentication to Bulletproof your WordPress Login

Two-Factor Authentication

Two-Factor Authentication is one of the few guaranteed security methods that every WordPress website should use. The method is popular among many websites (WordPress or non-WordPress) that take security seriously such as banks because it ensures that unauthorized users will not be able to access your account, even if they have your password.

So why is it so secure? Two-Factor Authentication relies on two elements in order for someone to login:

  1. Your Password – Something you know.
  2. Your Mobile Device – Something you have.

Read more

WordPress Firewall – What They Are and Installation Guide

Firewall 2

Using a firewall for your WordPress website is the best way to protect yourself against any hacking attempts. The reason why firewalls are so effective is because they can be used to deny access to your website if the visitor does not belong there. This means that the potential hacker will not even have an opportunity to compromise your website.

Read more

Limit Login Attempts on Your WordPress Site

Limit Login Attempts

In a basic scenario where your WordPress login password is as simple as “password1” and a bot is making attempts to guess your password, it would probably take less than 2 billion attempts to get it right, which would take only a couple of seconds, depending on your server. One of the best ways to combat this is to simply lock out users who have guessed their passwords incorrectly too many times. Limit login attempts on your site through the use of simple plugins.

Read more