Authentication

Posts in this archive

3 insights

1. Security Hardening · July 10, 2024 · 6 min read

   Passkeys for WordPress: when 2FA isn’t enough anymore.

   The standard WordPress account security posture in 2024 looks roughly like: enforce strong passwords, require 2FA via TOTP, hope for the best. That’s been adequate...

   Read the article →

2. Security Hardening · April 23, 2024 · 6 min read

   XML-RPC, REST, and the WordPress surfaces still leaking attack surface.

   Every WordPress install ships with two API surfaces enabled by default. /xmlrpc.php has existed since the late 2000s, originally for desktop blogging clients that nobody...

   Read the article →

3. Security Hardening · December 5, 2023 · 15 min read

   WordPress security isn’t a plugin problem.

   Most WordPress sites have a security plugin. Most still get hacked. The disconnect is structural — the dangerous problems are architectural, and a hardening plugin won't fix them. What real WordPress security hardening looks like, layer by layer.

   Read the article →

No insights match the current filters. Clear filters to see everything.