Category: WordPress Security

Inactive Users on WordPress

Last updated on by Dawn Baird

Once upon a time, they were active on your site, adding comments or buying products. Now, they’re nowhere to be found, clogging up your stats and creating a security risk. What’s the solution to this problem of inactive WordPress users? Is there some sort of logout plugin that gives them an auto logout? Can you send them a warning message with a countdown to kicking them out?

In this blog post for beginners, we define inactive WordPress users, explain the website application security risks and business implications, and suggest proactive measures you can take to eliminate some risks, reduce others and mitigate the potential harm to your organization.

How to strengthen website security with a comprehensive monitoring strategy

Last updated on by Joel Farrugia

As cybersecurity threats continue to evolve, organizations big and small are placing a stronger emphasis on security. Increasingly, WordPress websites are coming under the spotlight due to their widespread usage by many modern businesses. Monitoring and tracking are two essential aspects of any security policy, with OWASP listing insufficient logging and monitoring as one of […]

How to track & monitor WordPress database changes?

Last updated on by Robert Abela

Did you know that you can track and monitor changes that occur within your WordPress’ site database? This post explains how you can do just that, as well as learn more about the benefits of monitoring WordPress databases and the types of alerts you can receive whenever something has changed within your database. What are […]

PCI DSS for WordPress | Requirement 10: Track & monitor all access

Last updated on by Robert Abela

PCI DSS stands for Payment Card Industry Data Security Standards. It is a set of compliance regulations that any eCommerce and WordPress site that deals with cardholder data has to adhere to. Websites have to be compliant even if they do not store cardholder data and uses a third party payment gateway. PCI DSS compliance […]

OWASP Top 10 & WordPress Activity Logs – Addressing A10: Insufficient logging & monitoring

Last updated on by Robert Abela

Logging and monitoring are so important in web application and WordPress security that lack of logging functionality in web applications has now been added to the OWASP Top 10 list: Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, […]

Building a WordPress Intrusion Detection System (IDS)

Last updated on by Robert Abela

An Intrusion Detection System (IDS) is a software that monitors networks or systems for malicious activity. In this article we will be seeing how you can setup an IDS for your WordPress website. Suspicious activity is typically a sign that someone is trying to find a security hole on your WordPress website. Sometimes, it is […]