Posts in the category: Website Security

If you are unsure what the WordPress REST API is, or you know you aren’t going to be using it, then you should consider limiting access to it. Put simply the REST API is an endpoint which other applications and services can use to retrieve data from your WordPress website. By default it exposes posts, pages, comments, and users with authored content. Although some information is restricted to authenticated users only. Click here to see...

To follow up on my previous post regarding the use of passphrases over passwords, I think it is also worth mentioning that an excellent way to improve security is to combine passphrases with the use of two factor authentication. Also known as 2FA. Two factor authentication is effectively a code sent to your phone via SMS or email, or via authenticator apps which are particularly useful as you aren’t relying on SMS messages containing codes...