Protect WordPress wp-login with nginx HTTP Auth + fail2ban

Protecting wp-login.php for WordPress is essential for brute force protection from hackers. Most WordPress administrators will use a plugin like All-in-One Security (recommended) or Wordfence to block users who are making excessive login attempts. The problem with the plugin technique is that these brute force protection methods are still expensive for your web server. When a user … Learn more…

Install WPScan on Debian 8 for WordPress Vulnerability Scanning

WPScan is a WordPress vulnerability scanner written in Ruby. It is sponsored by Sucuri and hosted on github. Using its security vulnerability database for WordPress core, plugins and themes it will provide a report on your site’s known security problems which can be exploited by hackers. Install WPScan dependencies for Debian 8 Install the WPScan … Learn more…

Protect WordPress wp-login with Apache HTTP Auth + fail2ban

Most tutorials for protecting wp-login.php for WordPress block users who are actually trying to make login attempts which makes logical sense. The problem with this method is that these brute force protection methods are still expensive for your web server. When a user tries to log in, PHP processing occurs and MySQL queries are made … Learn more…

Install WPScan on Ubuntu 16.04 for WordPress Vulnerability Scanning

WPScan is a WordPress vulnerability scanner written in Ruby. It is sponsored by Sucuri and hosted on github. Using its security vulnerability database for WordPress core, plugins and themes it will provide a report on your site’s known security problems which can be exploited by hackers. If you ever wondered how a hacker knows your … Learn more…