WordPress Security Tips Part 5 – Restrict Access to wp-admin Directory

Password protecting your WordPress admin area through a layer of HTTP authentication is an effective measure to thwart attackers attempting to guess users’ passwords. Additionally, if attackers manages to steal a user’s password, they will need to get past HTTP authentication in order to gain access to WordPress login form. Warning – Basic HTTP Authentication […]

Read More →

Blind SQL Injection: The Basics

All system administrators know about SQL injection and should also know how to protect their system against such an attack. However, what they might be less informed about is Blind SQL injection; albeit a much lengthier process for the hacker, if someone is determined to get at your data then this is a way they […]

Read More →

5 most dangerous software bugs of 2014

Wired have just released the 5 most dangerous software bugs in 2014 – 3 of which affect web security. Once again, web sites, web applications and web servers are the main source of concern for IT administrators trying to prevent unauthorised access from the internet. The 3 most dangerous software bugs which challenged web security […]

Read More →

WordPress Security Tips Part 4 – Complex Security Keys

Heads up – Depending on your webserver’s configuration, activated plugins and/or themes, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers. Complex WordPress Security Keys WordPress makes use of a set of long, random and complex Security Keys. […]

Read More →

WordPress Security Tips, Part 3 – Security Configurations

Heads up – Depending on your webserver’s configuration, activated plugins and/or themes, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers. Prevent Directory Listing Directory Listing occurs when the web server does not find an index file (i.e. […]

Read More →

How to avoid eBay hack attacks

Back in September, eBay made the headlines due to a number of Cross Site Scripting (XSS) vulnerabilities found on their site. Following pressure from security experts and users, a few of these vulnerabilities were patched, although eBay were quoted as saying they would not remove the active content functionality which allows such attacks. In September, […]

Read More →