Wordfence has posted an important article revealing how WordPress’ automatic update system is vulnerable to compromise. It’s thick reading, but well worth understanding.
Automatic updates is by default “on” with all installations of WordPress.
Wordfence has been providing endpoint security for WordPress powered web sites since 2012. Here is a recent blog post on https://www.wordfence.com providing information about what endpoint security is.
You’ve probably seen the term ‘endpoint’ talked about in the press recently in the context of information security. Lets discuss what a network endpoint is, why securing endpoints can dramatically strengthen your overall security posture and why big vendors like Intel Security (formerly McAfee) and a number of startups are launching products that focus on endpoint security…
Wordfence has posted a well written blog post that describes the XML-RPC API and how disabling it will affect your WordPress hosted web site.
Recent improvements to WordPress and Wordfence’s blocking tools have lessened the need to disable the API.
Here is the blog post: https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-wordpress/
Wordfence is one of the most effective plugins to manage security for WordPress powered web sites. Learn more about it here: https://www.wordfence.com/
I wish I had seen this in December as I like to do year-end cleanup and new year planning during the holidays. Since it was only published yesterday, I’ll share it with you anyway because it has such wonderful information.
These things should be done on a regular basis, not just at the start of each year. It will serve as a good reminder checklist. Here are the thirteen items it lists:
I see a number of things that I’ve been meaning to do and think that perhaps 2015 will be a good time to start. Things like the last three items on the list.
Here is the link to the full article:
Start the Year off Right with These WordPress Housekeeping Tips (Daniel Pataki, wpmudev.org)