Home of WP-Members, The Original WordPress Membership Plugin
Chad Butler · ·
WP-Members Security 1.6.2 has been released. This is a minor update with some feature elements that didn’t quite make it into the previous two packages. Most of the changes are related to WP CLI commands.
Continue Reading →Chad Butler · ·
The WP-Members Security extension version 1.6.1 has been released. This version contains a few bug fixes as well as some additional CLI features.
Continue Reading →Chad Butler · ·
WP-Members Security 1.6.0 has been released. This is a fairly extensive update and it includes many bug fixes, improvements, and some additional features. It incorporates some updates that were included in two unreleased versions, 1.5.1 and 1.5.2.
Continue Reading →Chad Butler · ·
Recently, the Wordfence Threat Intelligence team announce a critical vulnerability in the Litespeed Cache plugin. This is a privilege escalation vulnerability, which means that an attacker who gains access as a low level user can exploit the vulnerability to gain admin rights on an affected site.
I am pointing this out because I know a lot of WP-Members’ users also utilize cache plugins, which can include Litespeed Cache. If you’re one of those users, please make sure that you update your version of Litespeed cache to a version higher than 6.3.0.1 as all other versions are vulnerable.
You can read more about this reported vulnerability here:
Chad Butler · ·
We’ve discussed building a honey pot for the registration form to prevent spam signups by bots. But what about the login form? With WordPress being so much more ubiquitous across the Internet today, there are many more attempts to hack and exploit it. Many of these attempts are automated by bots.
Whether the login attempt comes from a bot or a human, the most common attempt for an exploit is to use the username “admin”. WordPress used to install the default admin account with the username “admin”. Fortunately, it no longer does this so you don’t have to delete the account to create a more secure admin account. But unfortunately, a great many people still create admin accounts with “admin” as the username.
An ounce of prevention is worth a pound of cure, so your best initial defense is to not have obvious usernames for administrative users. But a good second line of defense is to create a honey pot for the login form.
Continue Reading →Ready to get started?