How to block your WordPress site from being scanned by WPScan with Nginx

Hello! First and foremost, why would you want to block WPScan from probing your site? Well we all know that security through obscurity is a bad practice. That said the risks of malicious activity on your site is undoubtedly heightened through many points of information disclosure that is freely available to parse and organize to make an accurate security risk assessment of your WordPress site. This type of information is easily attainable through automated scanners like WPScan. Tools like this scan for version tags in readme files, file size fingerprints and meta tags to determine not only the version of WordPress you are running but the version of each of the plugins you have installed. Why is information disclosure bad? Some would argue its not bad. Others would also point out that a 0-day WordPress core or plugin vulnerability could mean that minutes and hours of circumvention or lowered risk […]

Tips to secure your WordPress site

Security is a huge deal. Sometimes your at the mercy of the open source solution or content management system that you choose. There are occasions that even after ensuring your CMS and the subsidiary plugins are consistently up to date, you still fall mercy to a zero day exploit that circumvents the security of your site and allows an attacker to upload a file or modify your backend database. That’s not good! Especially if you are diligent to the best of your abilities. We’ve decided to put together a quick security guide specifically to help people ensure their WordPress implementation is as secure as possible. Web Hosting environment This is obviously a big one. Your hosting environment may or may not be able to provide layers of security as requests to your website are processed and served. There are elements that most web hosting companies should be able to provide […]