WordPress Security Hardening for Beginners to Advanced Blog

 

Having hard luck stopping brute-force attacks on your site? Done with all security implementation but still under heavy DDoS? We bet you haven’t done ‘EVERYTHING’!

 

With the growing impact of Internet on all facets of life, websites are increasingly dealing with private and sensitive customer data. A security breach can lead to your website getting hacked. It can result in a major security lapse for well-established businesses. It could potentially lead to irreparable damage to your reputation. Website developers need to understand security issues and take steps towards hardening WordPress security. As a web developer, you need to be able to assess the risks you’re facing. WordPress security is a complicated topic. In this article, we help you gain an overall better understanding of WordPress security. We also explain techniques to minimise and manage the security risks to your WordPress website. Most of these techniques are general and also, can be used for other Content Management Systems like Joomla, Magento etc.

Table of Contents

  1. What is WordPress Security Hardening?
  2. WordPress Security Issues
  3. What makes WordPress a target for Hackers?
  4. WordPress Vulnerabilities
  5. Hardening WordPress Security
  6. Methods for Hardening WordPress Security
  7. Checking if WordPress Site is hacked
  8. Fixing Hacked WordPress Site
  9. WordPress Security Best Practices: Risk Reduction over Risk Elimination
  10. Security – Being aware and involved
  11. How TemplateToaster helps?

 

What is WordPress Security Hardening?

WordPress is a popular content management system and a target for hackers. According to W3Techs, the WordPress platform accounts for more than 25% of the websites worldwide. It is well known that WordPress is no longer just a blogging platform. A majority of the WordPress sites serve a broad range of other purposes.The worst nightmare for a WordPress developer is to get his websites hacked. Hacks are very much common and happening frequently, with 38.9% developers reporting a compromise in the last 12 months. WordPress Security Hardening basically means taking precautionary and preventive steps to lock down your WordPress website. This would essentially prevent hackers and vulnerabilities from affecting the website or blog.

The worst nightmare for a WordPress developer is to get his websites hacked. Hacks are very much common and happening frequently, with 38.9% developers reporting a compromise in the last 12 months. WordPress Security Hardening basically means taking precautionary and preventive steps to lock down your WordPress website. This would essentially prevent hackers and vulnerabilities from affecting the website or blog.

Security is the most important concern for organisations these days. A well-known and reliable resource of information related to web application security is the OWASP, non-profit online community. The Open Web Application Security Project creates articles, tools, and technologies on web security. Their website is a comprehensive resource for information on latest vulnerabilities, threats, attacks and countermeasures.

Let us look at security from WordPress standpoint and the details of WordPress vulnerabilities and security issues. We will also try to understand the strategies and techniques for hardening WordPress security.

 

WordPress Security Issues

WordPress is known to be prone to security vulnerabilities and inherently not being a safe platform for secure businesses. As per a Q2 2016 report by Sucuri, WordPress at 74% continues to lead the number of infected websites they worked on.

In most cases, website hacking occurs primarily since users continue to follow industry-proven security worst-practices. These include using obsolete WordPress software, improper system administration, unmanaged credentials’ handling and more. Most beginner WordPress users lack the necessary knowledge, on hardening WordPress Security, which makes their websites vulnerable. Advanced users also have the opinion that security practices once implemented will protect their websites forever. They are not aware of the need to revise, review and update the security measures on a regular basis.

 

What makes WordPress a target for Hackers?

As per a recent investigation, reported by WordPress security outfit WP White Security, 73% of the 40,000 most popular WordPress are vulnerable to attack.

WordPress is the most popular CMS and this has resulted in an ecosystem which includes over 42,000 plugins. Plugins are a very important asset to a WordPress site. An average of over 10 plugins are in use on every website. The foremost advantage of WordPress is its extensibility. However, it is also the cause of the vast number of WordPress security vulnerabilities. As per a survey conducted by Wordfence, around 61.1% of WordPress sites are customised substantially.

degree of wordpress theme customisation

 

With a multitude of theme and plugin combinations, vulnerabilities continue to exist and are frequently being discovered. Each new plugin is prone to adding additional vulnerabilities.

 

WordPress Vulnerabilities

There are three main components of WordPress that are important from a security perspective.

  • Core – the basic default WordPress installation files that provide most of the functionality.
  • Plugins – additional code to improve and extend the basic functionality.
  • Theme – the presentation layer that may offer some limited extended functionality.

A point to note is that WordPress security vulnerabilities go beyond the core into the third-party themes or plugins. A recent report by wpscan.org, states that from the 3,972 known WordPress security vulnerabilities:

52% are from WordPress plugins

37% are from core WordPress

11% are from WordPress themes

The goal of a website hacker is to gain unauthorised access to your WordPress site with administrative access. This is done either from WordPress dashboard or on the server side by inserting scripts or files. Hacking may not always be initiated by a person; the below terms are usually used to describe the hacking system:

  • Single Bot is an automated computer that can attack one site at a time or a small number of sites simultaneously. The attacks are usually unsophisticated attacks.
  • A Person who goes into hacking systems manually, attacks one site at a time. This method is slow but comprehensive.
  • A Botnet is a group of computers that at the same time attack multiple sites rapidly. These attacks are unsophisticated but a large number of computers with multiple IPs add to the complexity.

There are two primary types of attacks that can take place against WordPress websites:

Non-targeted automated attacks are generic and take advantage of a known vulnerability. These attacks may work by scanning a range of IP addresses. The automated system looks for a specific version of WordPress or a plugin. These are usually versions known to be exposed to a potentially exploitable vulnerability.

Targeted attacks happen when a hacker targets a website specifically. Note that the more popular websites are more likely to be targeted.

Listed below are the common security issues and risks associated with WordPress:

  1. Brute Force Attacks: These attacks refer to the repeated entering of multiple username and password combinations until success is achieved. The brute force attack method exploits the WordPress login screen to get access to the website. WordPress, by default, doesn’t limit login attempts. Bots can attack the WordPress login page using the brute force method.
  2. File Inclusion Exploits: A WordPress website runs at the backend on PHP code. Vulnerabilities in the PHP code are the next most common security issue with WordPress. File inclusion exploits occur when a vulnerable code is used to load remote unsafe files. These allow hackers to gain access to the website and its wp-config.php file.
  3. SQL Injections: WordPress uses SQL to query the database. This makes it vulnerable to SQL Injection Attacks. SQL injections occur when an attacker gains access to the WordPress database and the website data. He may be able to create a new admin user account. He can then login and get full access to the WordPress website. SQL injections may also insert new data into the WordPress database such as links to malicious or spam websites.
  4. Cross-site scripting (XSS): The most common vulnerability found in WordPress plugins, XSS vulnerabilities are very common and likewise complex. The attacker gets an innocent victim to load web pages with insecure JavaScript scripts. These scripts are used to steal data from vulnerable WordPress website.
  5. Cross-site Request Forgery (CSRF): A hacking mechanism tricks a user into performing an unwanted action. This usually is done from within a web application they are authenticated in. For example, a phishing email with a link to a page that would delete a user’s account in the WordPress admin.
  6. Malware: The malicious software or Malware, is code that can gain unauthorised access to a website and gather sensitive data. With thousands of types of malware infections on the web, WordPress is not vulnerable to all of them. The four most common WordPress malware infections are:
  • Backdoors
  • Drive-by downloads
  • Pharma hacks
  • Malicious redirects

 

Hardening WordPress Security

The first set to hardening WordPress security is to keep the website up-to-date and to be well-informed of the latest vulnerabilities. You will then be able to update your site for every new vulnerability. But updating the WordPress is not enough. There are more issues to handle to be able to truly secure your WordPress websites.

 

What needs to be protected?

It is just not about protecting the website and its files. The user or customer data is most crucial to be protected. The WordPress MySQL database is the backend for WordPress and stores this data.

You need to primarily protect the customers’ data. If the website is insecure and gets hacked, the data becomes impossible to recover.

Next, you need to protect your website. This includes protecting the website files also. It would be disastrous if an attacker is able to read or modify your website files or source code. They can collect user data and also gain admin login access. Once the files are compromised the user data gets compromised too.

 

Methods for Hardening WordPress Security

As we have discussed above, security practices are many both for the beginners and the advanced users. The key is to identify WordPress vulnerabilities and adopt techniques and tools to get around them. The article here discusses some of the potential WordPress vulnerabilities and countermeasures for them. What we do below is a quick walk-through of the basic techniques for hardening WordPress security. We then elaborate the advanced issues and how to tackle them with slightly more effort.

 

Easy Methods for DIY Users

 

  1. Backup your website: The most important thing is to backup your website data on a regular basis. If your website is hacked you can restore your WordPress site from a non-infected backup. It is also critical to store the backup data at a trusted location. You also need to take care and remove all old backups of the site from your website.
  2. Pick a solid WordPress host: Selecting a WordPress Host gives the option to choose from shared-hosts, managed-hosts and a number of other variations. It is important to setup proper permissions on your server and follow proactive security practices. Server hardening is an important component of hardening WordPress security. Security measures at both hardware and software level are required in IT infrastructure hosting the WordPress sites. Pick a reliable hosting company and choose wisely when you decide how to host your website.
  3. Use reputable themes and plugins: Download add-ons for your site from reputable sources as it reduces the scope for potential hackers. Most well-established WordPress plugin or theme developers get a third-party audit done from a company like Sucuri prior to release. Vulnerabilities can occur in these plugins also. However, these developers are expected to be more proactive in their approach to security.
  4. Use secure protocols: Communication between the web server and the browser needs to be done on secure protocols. Using HTTPS enables encrypted communication between browser and web server. You can follow your hosting provider’s instructions to enable HTTPS. Once HTTPS is enabled, you need to edit the “.htaccess” and the “wp-config.php” file as per the information here. Use sFTP in place of normal FTP for file transfers and other commands. The sFTP protocol uses strong encryption to sign-in and works on SSH which is already installed on most web servers.
  5. Change the WordPress login URL: A WordPress site’s default login URL is domain.com/wp-admin. This is also known to the bots, hackers, and hacking scripts. You can change the URL and be better protected from brute force attacks. You can change the WordPress login URL from the “General” section in settings.
  6. Use a strong username & password: Being a WordPress admin it is important to follow good WordPress password security practices. Use strong passwords, do not share passwords and changing passwords regularly are some of the easy to follow rules.
  7. Enable WordPress two-factor authentication: It is also crucial to make login to all your accounts challenging as possible. Use unique, and difficult to guess usernames and passwords across all your accounts, not just your WordPress login. With Two-factor authentication other than the password, an additional time-sensitive code is required to login. This method is one to lock down the WordPress login. It almost minimises the potential of successful brute force attacks.
  8. Limit access to vital parts of your WordPress website: You need to make it more difficult for a hacker to access specific pieces of the WordPress installation. Though this can be accomplished with a security plugin, you can also take the few manual actions below:
    • Manually change the default WordPress in the” wp-config.php” file.
    • Secure your “wp-config.php” file by moving it from the default location like one directory above the WordPress installation. To move the wp-config.php file copy everything to a different file. In the wp-config.php file add a PHP include statement to include the other file.
    • Secure the “.htaccess” file by adding allow and deny rules to it.
    • Turn off XML-RPC in the “.htaccess” file. Keeping the XML-RPC enabled is the cause of Brute Force attacks and Denial of Service attacks. It is recommended to turn-off XML-RPC in the settings altogether.
    • Change directories and files to have the correct permissions both on the WordPress installation and on the web server. Set the permissions on the wp-config.php file to 440 or 400 to prevent other users from reading or writing to it.
    • Add server access control: In the default mode, WordPress runs as apache/apache, which is the default web server role. Try to create a new user that will be the default and disallow the rights to the web server user.
    • Assign appropriate user roles. Don’t assign an administrator role unless a person actually requires admin functionality. Admin privileges provide a lot of added permissions. Use the different degrees of roles and permissions provided by WordPress and restrict user access to sensitive data. This would keep you protected from “sensitive data exposure”.
    • Password protect the “wp-admin” directory. Add an extra layer of authentication to protect the “wp-admin” directory apart from the login password. More details on how to do this can be found here.
    • Disable directory browsing in WordPress. Disable the File Editor in the WordPress Admin panel. Hackers also usually try to edit PHP files or themes using the Appearance Editor. Add the ‘DISALLOW_FILE_EDIT’ rule in the wp-config.php file. Hackers will not be able to access files without an FTP access.
  9. Run scheduled malware scans: Keep tabs on potential malware infections with scheduled malware scans. Most scan tools give you a report on the website’s malware status.
  10. Keep your WordPress site updated: Keep your WordPress site updated to avoid potential WordPress security issues. If there are any premium WordPress plugins or themes installed keep them updated. Ensure to renew the license to get updates.
  11. Use a WordPress Security Plugin: Use a WordPress security plugin for your WordPress website. Most security plugins offer options to set important and recommended WordPress security settings. It is easier and safe to rely on a one-stop security solution. Some of the popular plugins available are:
    • iThemes Security: This plugin is available in both a free and premium version. iThemes provides over 30 different ways for hardening WordPress security.
    • WordFence: This is another security plugin in both a free and premium version. With over 11 million downloads, WordFence has a strong user base.
    • Sucuri –Sucuri maintains a free plugin in the WordPress repository. They also provide a more comprehensive plugin for malware and blacklist scanning, DDoS protection, malware cleanup etc. The Sucuri service also includes a cleanup option if the site is compromised.

 

Advanced WordPress Security Methods

 

In this section, we provide more in-depth knowledge on hardening WordPress security and adding extra layers of security WordPress sites.

Remember that you can’t just setup and configure a number of settings or programs for WordPress security and think you are done with security. A point to keep in mind is that hardening WordPress security is an ongoing responsibility. Keep the WordPress site on a schedule for malware and vulnerability scanning, and analyse the logs carefully and regularly.

Every few years, OWASP releases the “OWASP Top 10”, a list of the Top 10 critical security risks. The primary goal is to help developers and security teams implement better security for the applications. The OWASP Top 10 list is revised each time to reflect new risks as they evolve. Also added are techniques and best practices for avoiding and remediating the vulnerabilities.

The Current OWASP Top 10

  • A1 – Injection
  • A2 – Broken Authentication and Session Management
  • A3 – Cross-Site Scripting XSS
  • A4 – Insecure Direct Object References
  • A5 – Security Misconfiguration
  • A6 – Sensitive Data Exposure
  • A7 – Missing Function Level Access Control
  • A8 – Cross-Site Request Forgery
  • A9 – Using Components with Known Vulnerabilities
  • A10 – Invalidated Redirects and Forwards

The chart below shows the spread of the most common vulnerabilities trends and the security risk of the applications.

type of website vulnerabilities and attacks

 

Note that 32% of these attacks are from A3 – Cross-Site Scripting XSS or from A1 – Injection. 20% of the attacks are by unknown methods which do not give any data for the background of the attacks. The rest of the attacks are due to miscellaneous methods, many of which are in the OWASP Top 10. You can read more about these security risks at the OWASP listing for Top 10 -2013.

We know that WordPress is quite secure as long as developers follow standard security practices. The tips mentioned ahead are for added security and are advanced methods of hardening WordPress security. Most of these techniques are complicated and you need to understand them well. It is strongly recommended to first test these on a test site. The coding details of most of these methods can be found here.

We know that WordPress is quite secure as long as developers follow standard security practices. The tips mentioned ahead are for added security and are advanced methods of hardening WordPress security. Most of these techniques are complicated and you need to understand them well. It is strongly recommended to first test these on a test site. The coding details of most of these methods can be found here.

1. Disable HTTP Trace Method

The Cross Site Tracing (XST) and the Cross Site Scripting (XSS) attacks target systems which have the HTTP TRACE functionality. HTTP TRACE is a default functional feature on most webservers and is used for things like debugging. Hackers who use XST typically steal cookies and other sensitive information using header requests. You can disable the trace functionality by adding the following in your .htaccess file:

RewriteEngine On

RewriteCond %{REQUEST_METHOD} ^TRACE

RewriteRule .* - [F]

 

2. Remove header outputs from your WordPress Installation

WordPress at times adds a lot of output in the header. This output is specific to the various services that are part of WordPress. To remove this output, add the following code to your theme’s “functions.php” file:

remove_action('wp_head', 'index_rel_link');

remove_action('wp_head', 'feed_links', 2);

remove_action('wp_head', 'feed_links_extra', 3);

remove_action('wp_head', 'rsd_link');

remove_action('wp_head', 'wlwmanifest_link');

remove_action('wp_head', 'parent_post_rel_link', 10, 0);

remove_action('wp_head', 'start_post_rel_link', 10, 0);

remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);

remove_action('wp_head', 'wp_generator');

remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);

remove_action('wp_head', 'noindex', 1);

 

3. Change your default WordPress DB prefix

WordPress uses a default prefix value of “wp_” for the DB tables. This can be used by malicious bots and hackers to guess your DB table names. Changing the WP DB prefix value is much easier to do at installation time because it is set in the wp-config.php file. However, if the site is already live then the method is a more complicated.

  • Do a full database backup and save the backup somewhere. You may use a backup tool for this.
  • Do a complete dump of your WordPress database using “phpmyadmin” into a text file. You may also take a backup of this text file.
  • Replace all instances of “wp_” with your own prefix using a code editor.
  • In the admin panel, deactivate all plugins.
  • Using the “phpmyadmin”, remove the old DB and import the new one using the file edited in step 3.
  • Edit the wp-config.php file with the new DB prefix value.
  • Re-activate the WP plugins
  • Perform a save on the permalink settings by going to Settings->Permalinks. This would refresh the permalink structure.

 

4. Deny Potentially Dangerous Strings

Identify the potentially dangerous query strings. Add the following code in your .htaccess file to help prevent XSS attacks. These set of rules will strip the URL requests of many dangerous attack injections. You can add more strings here though we have included the common ones. Note that the functionality of some plugins or themes could break if you do not exclude strings which are used by them.

<IfModule mod_rewrite.c>

RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]

RewriteCond %{QUERY_STRING} ../ [NC,OR]

RewriteCond %{QUERY_STRING} boot.ini [NC,OR]

RewriteCond %{QUERY_STRING} tag= [NC,OR]

RewriteCond %{QUERY_STRING} ftp: [NC,OR]

RewriteCond %{QUERY_STRING} http: [NC,OR]

RewriteCond %{QUERY_STRING} https: [NC,OR]

RewriteCond %{QUERY_STRING} mosConfig [NC,OR]

RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>|'|"|;|?|*).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]

RewriteRule ^(.*)$ - [F,L]

</IfModule>

 

5. Apply PHP hardening to your system

You can install and enable a PHP hardening system on your server. This can further increase the security of the system by protecting against various vulnerabilities.

6. Don’t Let the Hackers Know Your WordPress Version

It is important to hide the version of WordPress you are using from hackers. If it is publicly available, it would help hackers identify the vulnerability they can use to hack the site. WordPress 2.6 and above automatically adds the version in the WP_head section. However, you can remove it in the header.php file.

7. Lock-out Users with Failed Login Attempts

It is still possible that even with so much password protection, hackers may still find ways to crack the password of your WordPress admin. Let us see how login lockdown works. If a user makes too many failed login attempts, they will immediately be locked out from logging in the site for the next few hours. This feature is available with most security plugins in WordPress. This is one of the effective defenses against brute-force attacks.

 

Checking if WordPress Site is hacked

We know that even the most alert system administrators will not be able to constantly monitor their site. Even the best monitoring tools may have a delay between each site scan. There are various ways you can yourself use to detect if your site has been hacked.

  • Your browser would in most cases alert you about the hack.
  • Your hosting provider takes your site offline because it is hacked.
  • Google search results flag your site as hacked or harmful.
  • Google’s search console alerts you to malware on your site.
  • Your malware scanner alerts you to an infection or hack.
  • A customer contacts you about your site being hacked.
  • Use a source code scanner to detect a hack.
  • Use a monitoring service to detect if more than a very small percentage of the page has changed.
  • Monitor site traffic and watch for increasing activity spikes.
  • Visit your Site Regularly for sanity checks.
  • Use a Remote Scanner that looks at the HTML that your site produces. This detects a hack if the hacker includes malware in the HTML.

More details on these methods can be found here.

 

Fixing Hacked WordPress Site

So can you really fix a hacked WordPress site or all is lost when your website is hacked? A hacked website can be easily recovered; let us see how it can be done:

  • Restore your website from backup if available. Change all passwords immediately.
  • If you can login to the site as admin, then remove the hacked files and seal the point of entry.
  • Scan and remove malware.
  • If you cannot login to the site then ask for help from your web host.
  • Backup important files and reinstall WordPress.Contact professional services if you cannot do anything to restore your site.
  • Contact professional services if you cannot do anything to restore your site.

 

WordPress Security Best Practices: Risk Reduction over Risk Elimination

We have looked at the methods to improve the security of your WordPress sites. It is a well-known fact that risk reduction wins over risk elimination. Risk reduction is proactive and will keep you safe in all scenarios. Thus security is about risk reduction, not risk elimination since risk will never be zero. You should deploy security controls that best address the risks and threats.

Let us now collate the security best practices which if followed will result in hardening WordPress security. These best practices will surely protect your site from possible attacks and vulnerabilities.

  • Make WordPress core code updates quickly. You can also auto-configure the updates.
  • Proactively upgrade plugins and themes as new versions become available.
  • Prevent sniffed login attempts by adding password protection.
  • Enforce strong passwords.
  • Actively block and log incoming security attacks.
  • Ensure proper file permissions, isolate sites, and decouple databases.
  • Conduct frequent, proactive vulnerability and malware scanning on all systems.
  • Perform regular penetration tests by independent security experts. Track remediation of the findings of these test. Train application developers and architects in secure development.
  • Apply procedures for secure development.
  • Report Bugs and Vulnerabilities.
  • Keep track of Zero-day vulnerabilities. When a zero day is announced, you will need to work closely with the vendor to find out when a fix will be released and then apply that fix.

 

Security – Being aware and involved

We know by now that WordPress security is on ongoing activity. You need to work towards hardening WordPress security and keeping your WordPress sites secure. This would be a contribution towards prevention of malicious activity. These activities can harm websites, web servers, users’ PCs, tablets, and other smart devices. WordPress is a popular CMS and knowledge about WordPress security is widely available. Being aware of the security hardening practices and putting them in your workflow is a must. While running a maintenance on your website and web server remember to be security minded. You will not only have proper control over your web content but also do your part to make the Internet a secure place. Always remember,

SEC_RITY is incomplete without “U” (you). Click To Tweet

 

Here we have specially compiled an Ultimate List of websites to look for Security Updates for you:

  1. https://wordpress.org/news/category/security/
  2. securityaffairs.co/
  3. www.darkreading.com
  4. www.cyberdefensemagazine.com/
  5. blog.trendmicro.com/
  6. https://blog.kaspersky.com/
  7. www.symantec.com/connect/symantec-blogs/sr
  8. https://www.techworm.net/
  9. https://www.hackread.com/
  10. http://www.securityweek.com/
  11. https://www.tripwire.com/state-of-security/
  12. http://krebsonsecurity.com/
  13. https://blog.malwarebytes.com/
  14. https://www.forbes.com/security/
  15. https://hotforsecurity.bitdefender.com/

Also available are security bulletins that contain important information about security. Some of them are:

  1. https://technet.microsoft.com/en-us/security/bulletins.aspx
  2. https://helpx.adobe.com/security.html
  3. https://www.akamai.com/us/en/our-thinking/threat-advisories/index.jsp
  4. http://googleonlinesecurity.blogspot.in/
  5. https://www.us-cert.gov/
  6. http://blog.azimuthsecurity.com/
  7. https://www.qualys.com/research/security-advisories/
  8. https://ics-cert.us-cert.gov/
  9. https://www.alienvault.com/blogs
  10. https://blog.lookout.com/blog/category/security/
  11. http://blog.fortinet.com/
  12. http://googleprojectzero.blogspot.in/
  13. http://www.oracle.com/technetwork/topics/security/alerts-086861.html
  14. http://blogs.adobe.com/psirt/
  15. https://www.europol.europa.eu/latest_press_releases
  16. http://www.coresecurity.com/grid/advisories
  17. http://blog.cert.societegenerale.com/
  18. http://blogs.cisco.com/security
  19. http://www.isightpartners.com/blog/

 

How TemplateToaster helps?

Developing a robust security for WordPress sites can be a daunting task. It is complicated to keep everything in mind whether you do it alone or with a trusted partner. WordPress requires active security management. Hardening WordPress security is critical for site security and success. Developers can opt for a managed WordPress platform or tool to comprehensively ensure the security of your WordPress environments. TemplateToaster is a tool for developing websites across multiple CMS including WordPress. Themes developed with TT are secure and as per WordPress standards. Incorporating TemplateToaster in your workflow will give you a range of securely implemented themes to work with. You can stay assured that your WordPress security will be further enhanced with the themes created using this tool.

Best Drag and Drop interface to Design stunning WordPress Themes