Protect WordPress wp-login with Apache HTTP Auth + fail2ban

Most tutorials for protecting wp-login.php for WordPress block users who are actually trying to make login attempts which makes logical sense. The problem with this method is that these brute force protection methods are still expensive for your web server. When a user tries to log in, PHP processing occurs and MySQL queries are made … Learn more…

Install WPScan on Ubuntu 16.04 for WordPress Vulnerability Scanning

WPScan is a WordPress vulnerability scanner written in Ruby. It is sponsored by Sucuri and hosted on github. Using its security vulnerability database for WordPress core, plugins and themes it will provide a report on your site’s known security problems which can be exploited by hackers.If you ever wondered how a hacker knows your WordPress … Learn more…

Autoupdate WordPress Site Plugins with WP-CLI Bash Script Cronjob

We all know how important it is to keep your WordPress plugins updated to maintain security and avoid being hacked. A WordPress plugin vulnerability database is maintained by WPScan and can be found here. It is a tedious task to update multiple WordPress installations, some tools exist like ManageWP and InfiniteWP to ease the monotony.I … Learn more…

How to Configure Automatic Security Updates for Debian

Securing your web server running WordPress is very important, this tutorial will show you how to automatically install the latest security updates for Debian even while you sleep using the UnattendedUpgrades package. Configuring automatic security updates for your web server hosting WordPress can mean your server is not exploited using some vulnerability. This is highly … Learn more…