Staying ahead of the hack attack

Employing early warning systems help web site owners can fend off hack attacks.

Here is an article from Wordfence that provides information about tools to detect intrusion.

See how a two line script creates a powerful attack platform

Wordfence posts an article that walks you through how an attack platform works and the scripts and capabilities that it provides.

Wordfence reports:

“During a recent investigation of a very large infection we found a trove of attack tools that all pointed back to a single ‘meta’ script. This script was only two lines long but provided an attacker with a powerful capability. Once it fully installs itself it provides what we are referring to as an ‘attack platform’.”

Moving to Endpoint Security for WordPress

Wordfence has been providing endpoint security for WordPress powered web sites since 2012. Here is a recent blog post on providing information about what endpoint security is.

You’ve probably seen the term ‘endpoint’ talked about in the press recently in the context of information security. Lets discuss what a network endpoint is, why securing endpoints can dramatically strengthen your overall security posture and why big vendors like Intel Security (formerly McAfee) and a number of startups are launching products that focus on endpoint security…

Full article at

Should You Disable XML-RPC on WordPress?

Wordfence has posted a well written blog post that describes the XML-RPC API and how disabling it will affect your WordPress hosted web site.

Recent improvements to WordPress and Wordfence’s blocking tools have lessened the need to disable the API.

Here is the blog post:

Wordfence is one of the most effective plugins to manage  security for WordPress powered web sites. Learn more about it here:

Where is WordPress headed in 2015?

WordPress logos


Here are two views on the future of WordPress which may be of interest to WordPress developers and hosts.

They talk about the inclusion of WP-API and how it will facilitate a broader implementation of custom dashboards, something I’ve been seeking for a long time. Why is this important? Imagine WP-Admin as a seamless integration of presentation and administration. Expect front-end editing.

Noel Tock’s other thoughts include language, since the majority of WordPress sites are not English serving and the WordPress community.

Tim Nash makes some dire predictions in the area of security: That a serious security failure will visit a major commercial plugin developer and even the WordPress core itself. He also discusses Drupal, Magento, SSL and PHP.

Noel Tock from Human Made
WordPress in 20153

Tim Nash (developer-centric)
Tim’s 2015 WordPress Predictions3