Are you having problems renewing an SSL certificate using cPanel’s AutoSSL feature on a domain which is also using Cloudflare? Read on for a solution, and an explanation for why this happens. The Symptoms Typically, you’ll be alerted to the fact that your SSL certificate is having problems renewing or has expired when you receive…
Block brute force on wp-login with CloudFlare page rules
As a WordPress user, developer or web host you may have experienced the pain of a brute force attack targeting wp-login.php. What is a brute force attack? It’s when a malicious script hammers your wp-login.php page, trying usernames and passwords, over and over again, trying to break in. If you have a weak username or password,…
How to install SSL on a WordPress site
Step 1 – Install an SSL certificate This is done at a server level (via your cPanel). Most hosts make free SSL certificates available using a service called “Let’s Encrypt” or another equivalent provider. These free certificates are ‘domain validated’ and offer a sufficient level of protection for personal sites and small business sites where…
Speaking at WordCamp Sydney
WordCamp Sydney is kicking off soon – woo! I’m heading over from Perth for the weekend, and look forward to catching up with you eastern state folk. I’ll be giving a presentation on WordPress Security – don’t worry, should be pretty accessible for users and developers alike. There’s even a joke about bears in there….
WordPress Security 102
Now that you’ve learnt the basics of improving your WordPress security and backup, we’re going to show you how to harden your WordPress setup by following the tips below. Here’s WordPress Security 102. Use SFTP Instead of FTP It’s common to use FTP (File Transfer Protocol) to transfer files between your computer and website. However, we…
WordPress Security 101
Following a great WordPress meetup last month, we’ve had a lot of questions on how to improve WordPress security and backup. Firstly, we’re going to reveal something that you probably don’t want to hear: nothing is 100% hack-proof. But WordPress security is all about the basics, and a few simple steps will go a long…