Get a demo Acunetix Website Security Scanner Get a demo
  • Product
  • Why Acunetix?
    • Solutions
      • INDUSTRIES
        • IT & Telecom
        • Government
        • Financial Services
        • Education
        • Healthcare
      • ROLES
        • CTO & CISO
        • Engineering Manager
        • Security Engineer
        • DevSecOps
    • Case Studies
    • Customers
    • Testimonials
  • Pricing
  • About Us
    • Our story
    • In the news
    • Careers
    • Contact
  • Resources
    • Blog
    • Webinars
    • White papers
    • Buyer’s guide
    • Partners
    • Documentation
  • Get a demo

Author Archives Ian Muscat

THE AUTHOR
Ian Muscat
Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.

WordPress Security Tips Part 10 – Secure Your Debug Logs

Web Security Zone | February 3, 2015 by Ian Muscat

During development of plugins or themes, as well as during deployment of a WordPress site, developers or system administrators may enable debug logs to log any PHP errors that occur. WordPress makes use of the WP_DEBUG constant which is defined in wp-config.php. The constant is…

Read more

Don’t Let a GHOST Vulnerability Haunt Your Systems

Web Security Zone | January 30, 2015 by Ian Muscat

This week a new Linux vulnerability called GHOST (CVE-2015-0235) has been published and subsequently patched, including an update to Acunetix, which can now detect the vulnerability in both its online and on-premises forms. While some cited GHOST as being as dangerous as Shellshock or Heartbleed,…

Read more

WordPress Security Tips Part 9 – Prevent PHP files from executing

Articles | January 30, 2015 by Ian Muscat

Since WordPress sites need to allow their users to upload new content, WordPress’ upload directory needs to be writable. To such an extent, your wp-contnet/uploads directory should be considered a potential entry point. The biggest potential threat is the uploading of PHP files. WordPress won’t…

Read more

WordPress Security Tips Part 8 – Restrict Direct Access to Plugin and Theme PHP files

Web Security Zone | January 27, 2015 by Ian Muscat

Allowing direct access to PHP files can be dangerous for a number of reasons. Some plugins and theme files can contain PHP files that are not designed to be called directly because the file would be calling functions that would have been defined in other…

Read more

WordPress Security Tips Part 7 – Enabling HTTPS for all logins and wp-admin

Web Security Zone | January 20, 2015 by Ian Muscat

Strictly speaking, HTTPS is not a protocol in and of itself, but it is rather HTTP encapsulated in TLS/SSL. TLS, or SSL, as it is commonly referred to, provides websites and web applications with encryption of data being transmitted and authentication to verify the identity…

Read more

WordPress Security Tips Part 6 – Disable File Editing

Web Security Zone | January 16, 2015 by Ian Muscat

Disable File Editing By default, WordPress allows administrative users to edit PHP files of plugins and themes inside of the WordPress admin interface.  This is often the first thing an attacker would look for if they manage to gain access to an administrative account since…

Read more

WordPress Security Tips Part 5 – Restrict Access to wp-admin Directory

Web Security Zone | January 14, 2015 by Ian Muscat

Password protecting your WordPress admin area through a layer of HTTP authentication is an effective measure to thwart attackers attempting to guess users’ passwords. Additionally, if attackers manages to steal a user’s password, they will need to get past HTTP authentication in order to gain…

Read more

WordPress Security Tips Part 4 – Complex Security Keys

Web Security Zone | December 29, 2014 by Ian Muscat

Heads up – Depending on your webserver’s configuration, activated plugins and/or themes, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers. Complex WordPress Security Keys WordPress makes use…

Read more

WordPress Security Tips, Part 3 – Security Configurations

Web Security Zone | December 22, 2014 by Ian Muscat

Heads up – Depending on your webserver’s configuration, activated plugins and/or themes, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers. Prevent Directory Listing Directory Listing occurs when…

Read more

  • 1
  • …
  • 7
  • 8
  • 9
  • 10
  • 9 / 10
Subscribe by Email

Get the latest content on web security in your inbox each week.

We respect your privacy

Learn More
  • IIS Security
  • Apache Troubleshooting
  • Security Scanner
  • DAST vs SAST
  • Threats, Vulnerabilities, & Risks
  • Vulnerability Assessment vs Pen Testing
  • Server Security
  • Google Hacking
Blog Categories
  • Articles
  • Web Security Zone
  • News
  • Events
  • Product Releases
  • Product Articles

Take action and discover your vulnerabilities

Get a demo
Client: AWS
Client: Cognizant
Client: Garmin
Client: Airforce
Client: NASA
Client: American Express
Product Information
  • AcuSensor Technology
  • AcuMonitor Technology
  • Acunetix Integrations
  • Vulnerability Scanner
  • Support Plans
Use Cases
  • Penetration Testing Software
  • Website Security Scanner
  • External Vulnerability Scanner
  • Web Application Security
  • Vulnerability Management Software
Website Security
  • Cross-site Scripting
  • SQL Injection
  • Reflected XSS
  • CSRF Attacks
  • Directory Traversal
Learn More
  • White Papers
  • TLS Security
  • WordPress Security
  • Web Service Security
  • Prevent SQL Injection
Company
  • About Us
  • Customers
  • Become a Partner
  • Careers
  • Contact
Documentation
  • Case Studies
  • Documentation
  • Videos
  • Vulnerability Index
  • Webinars
  • Login
  • Invicti Subscription Services Agreement
  • Privacy Policy
  • Terms of Use
  • Sitemap
  • Find us on Facebook
  • Follow us on Twiter
  • Follow us on LinkedIn

© Acunetix 2025, by Invicti