Using WP-CLI to Scan for WordPress Security Vulnerabilities

Previously I have shown how to install WPScan on Ubuntu installation guide (for Ubuntu 16.04) and debian but what if you want to scan locally and not remotely? Especially if a site is protected from WPScan using protection methods  that prevent enumeration or access to files that expose the WordPress theme or plugins you are using. … Learn more…

Install and Use WPScan on Ubuntu 18.04

WPScan is a WordPress vulnerability scanner created in the Ruby language. Sucuri sponsors this project and it is hosted open source on github.  WPScan uses Sucuri’s vulnerability database for WordPress core, plugins and themes it creates a report on your site’s known security vulnerabilities which could be exploited by a hacker or script kiddie. Install … Learn more…

Protecting wp-admin Brute Force Attacks with nginx Rate Limiting

WordPress is gaining in popularity and therefore the number of attacks specific to WordPress keep increasing. I manage servers for some political websites which get attacked relentlessly so that means I get to create new firewall rules and rate limiting directives to help keep the site running – very fun! Recently this site was being … Learn more…

Let’s Encrypt Wildcard SSL nginx for WordPress Ubuntu 18.04

Let’s Encrypt has transformed the internet. Every website can now have a free SSL certificate! You can authenticate your website with Let’s Encrypt using the .well-known path but if you have multiple virtual hosts then this can get tedious so Let’s Encrypt made it possible to add wildcard SSL certificates by using DNS to authenticate … Learn more…