WordPress Guides

Shield Plugin Banner

Understanding Your WordPress Risk from the PHP Mailer Vulnerability

By | News, WordPress Guides, WordPress Security | No Comments

So nearly 3 weeks ago, we started hearing about the vulnerability within the PHP Mailer library that’s also used within the WordPress Core.

And everyone ran for the hills with their hair on fire (again).

Was this a critical security vulnerability? Yes.
Was WordPress susceptible? Actually, no.
So was it necessary to lose the plot and wet ourselves? No.

Anybody that pays attention to WordPress core security releases will know that when there’s a serious security vulnerability in the core, it gets patched pretty damn quick. There’s no messing around.

But isn’t it odd that WordPress didn’t get patched immediately following the announcement of this php mailer vulnerability?  Why haven’t the Core team released a security patch already?!

When something in life is weird, it’s probably not weird – you likely just don’t know all pertinent information, yet.

So it’s not odd. Why? Because, from WordPress themselves:

The Security Team has spent some time analysing this vulnerability, and how it applies to WordPress. This vulnerability does not appear to be directly exploitable in WordPress Core, or any major plugins in the plugin directory. The wp_mail() function, which WordPress Core and most plugins use for sending email, blocks this vulnerability from being exploited.

Unfortunately when a “security” expert posts on Facebook, or any where for that matter, it doesn’t mean it’s worth getting upset about. Now they may say “we’re not trying to alarm you” and other nice stuff, but unless there is a reason that goes beyond “making you aware”, it’s probably not going to help you at all. Read More

Shield Plugin Banner

Get Your Head Straight With WordPress HTTP Security Headers

By | News, WordPress Guides, WordPress Plugins, WordPress Security | 10 Comments

HTTP Security Headers are perhaps the most overlooked way to protect visitors on your WordPress websites. But they’re one of the most powerful.

HTTP Headers tell web browsers what they can and cannot do with your website.

This is important, as it can protect your visitors from malicious content loaded from 3rd parties, as well as high-jacking (aka ClickJacking) your website.

We’ll outline what HTTP Headers are, and what we’re doing to help lock down your site. All the while never making things complicated for you or your visitors.

Sound too good to be true? Don’t worry, our clients are already used to this. 😉 Read More

Mandrill Monkey Face

Will Your Email Go Down? Goodbye Mandrill, Hello Mailgun

By | News, WordPress Guides | No Comments

We’re one week away from M-Day.  The day that MandrillApp turns off its email service.  Are you ready?

If your WordPress website, CMS or e-commerce site sends email, chances are that you will be affected – you site will stop sending emails.

“So Mandrill is used to send email from my website?”. It’s quite possible. Chances are that, as we advised a year ago, you or your webmaster setup Mandrill to do this heavy lifting.

If this is in-fact the case, it means that on April 27th email on your website will not work. The end.

Read on to find out if you’re affected, and what you need to do. Read More

WordPress Security Basics Series Pt.3 – Web Hosting Isolation

By | WordPress Guides, WordPress News and Updates | One Comment

WordPressWordPress website security can be achieved with various methods, but we often overlook simple ways to protect our sites.

In this WordPress tutorial I’ll outline how to better protect your websites by isolating them from others in the way that you host them.

More specifically:

  • What exactly is WordPress website hosting isolation
  • Why you need web hosting isolation.
  • How you can apply the principle of isolation for your WordPress sites.

Read More