Categories
Security

Using Innocent Roles to Hide Admin Users

Using Innocent Roles to Hide Admin Users

All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles.

The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed to do.

How WordPress Sets Role Capabilities

First, let’s take a look at how WordPress manages the capabilities of the roles and what they are allowed to do, such as:

  • add users;
  • remove users;
  • create posts;
  • delete posts, etc.

Continue reading Using Innocent Roles to Hide Admin Users at Sucuri Blog.

Categories
Security

New WordPress Security Email Course

New WordPress Security Email Course

Recent statistics show that over 32% of website administrators across the web use WordPress.

Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit and target unhardened WordPress sites. If a site is compromised, it often becomes the host of malicious malware or spam campaigns, harming your website’s reputation and visitors in the process.

Knowledge is power, and we’re here to help! We’ve created a new WordPress Security Email Course to help improve your website’s security posture and reduce the risk of a security incident.

Continue reading New WordPress Security Email Course at Sucuri Blog.

Categories
Security

Why You Should Care about Website Security on Your Small Site

Why You Should Care about Website Security on Your Small Site

Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vulnerability to hack. Under most circumstances however, bad actors don’t manually hand-pick websites to attack since it’s a tedious and time consuming process. Instead, they rely on automation to identify vulnerable websites and execute their attacks.

The unfortunate reality is that websites big or small are targeted daily and the majority of these attacks are automated.

Continue reading Why You Should Care about Website Security on Your Small Site at Sucuri Blog.

Categories
Security

Hacking WordPress Sites on Shared Servers

A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites that share the same server permissions. This is called cross-site contamination. When it comes to WordPress websites, the core structure is well known by…

The post Hacking WordPress Sites on Shared Servers appeared first on Sucuri Blog.