Nexcess
Nexcess Blog Logo
Category : Security
March 05, 2018

Is Your WordPress Site As Secure As You Think?

WordPress is — as content management systems go — very secure. It’s the most targeted web application in the world, but it’s also the best protected. It is in the interest of many thousands of developers and users to seek and destroy any vulnerabilities that may find their way into the code of WordPress Core, […]

December 08, 2017

OpenVPN Helps To Keep Your Magento And WordPress Dedicated Servers Safe

When a user connects to your Magento store, they connect over HTTPS, a secure protocol that uses an SSL certificate to encrypt data sent between the shopper’s browser and the server that hosts the store. Without HTTPS, it is possible for a third-party to intercept the data, putting the shopper and the store at risk. […]

November 29, 2017

What's Wrong With Security By Obscurity For WordPress?

We instinctively hide the things we find valuable. It makes sense: if thieves and other bad actors can’t find our valuables, how can they take them? In the digital age, we act on the same instinct. A common security precaution taken by WordPress site owners is to move the login page to a different location; […]

October 25, 2017

Are WordPress Plugins Safe?

Over the last couple of months, we’ve seen several incidents of previously trusted plugins being infected with malware by malicious developers. Plugin vulnerabilities are nothing new: developers make mistakes and those mistakes have consequences for security. But many of the recent attacks involved the deliberate introduction of malicious code. Does that mean we can’t trust […]

October 18, 2017

WordPress Security Basics: What Is A Drive-By Download Attack?

In previous articles we’ve talked about why criminals are interested in attacking WordPress sites and some of the methods they use. Today we’re going to look at drive-by downloads, a common category of attack used by criminals to infect site visitors with malware. Drive-by downloads are software downloads made to a device without the permission […]

October 03, 2017

WordPress Display Widgets Plugin Injects Malicious Content

The Display Widgets plugins has been removed from the WordPress Plugin repository after it was found to contain malicious code that was used to inject spam content onto the pages of WordPress sites. Display Widgets should be uninstalled immediately. The plugin should be removed even if the site’s owners and admins see no sign their […]

September 08, 2017

Why Do Spammers Attack WordPress Sites?

A WordPress site with web-facing forms will be spammed. If there’s a form to be filled in, it will be filled in by spammers, even when there is no clear motivation for doing so. Spammers register for membership of any site they find, they fill in forms for gated content, they submit fake email addresses […]

August 31, 2017

How Two-Factor Authentication Can Help Keep Your WordPress Site Safe

There are lots of hacked WordPress sites on the web. Hacked sites are often the victims of botnets that brute force the login process, trying lots of different combinations of usernames and passwords until they hit one that lets them in. After they have access they can plant malware or other undesirable content on a […]

August 15, 2017

WordPress Security Basics: What Do WordPress File Permissions Mean?

A WordPress site is made of files. Database aside — which is a special set of files — everything else is a chunk of data stored on the server’s file system. That includes content like images and the executable PHP files that comprise WordPress Core, themes, and plugins. It’s vitally important that only the right […]

July 27, 2017

Three WordPress Theme Red Flags You Should Know About

One of the WordPress ecosystem’s most attractive features is its endless variety of themes. Thousands of developers have created tens of thousands of themes, many of them free. There’s almost certainly a theme in the official repository or premium marketplaces to suit any style or functional requirement. For the most part, that’s a good thing, […]