Security

WordPress Forms Usage

Posted on May 2, 2023 in Security

Website administrators using form tools made available via WordPress or by WordPress plugins, such as Gravity Forms, should understand the potential security risks associated with them before using them to collect information on public facing websites.  WordPress form tools are not as secure as other methods of collecting data, and poorly configured web forms may ...
Read More WordPress Forms Usage

ETS is requiring that all web forms include a CAPTCHA field for security purposes. The CAPTCHA service has already been pre-registered with your WordPress site’s Gravity Forms plugin. A CAPTCHA is a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. The term CAPTCHA ...
Read More Add a CAPTCHA Field to a Gravity Form

Guidelines for Safe Posting

Posted on Feb 27, 2015 in Content, Security

Site Administrators are bestowed a lot of power with an administrator account. But with that power comes great responsibility. Admins should be aware that they have the unfiltered_html capability. ...
Read More Guidelines for Safe Posting unfiltered_html: Allows user to post HTML markup or even JavaScript code in pages, posts, comments and widgets....
Read More Guidelines for Safe Posting Editor and contributor roles are restricted from posting ...
Read More Guidelines for Safe Posting

Preventing Display of Usernames

Posted on Aug 14, 2013 in Content, Security

...
Read More Preventing Display of Usernames Please help us tighten security on your WordPress site by making sure your display name is not the same as your username....
Read More Preventing Display of Usernames Overview The most frequent type of attack against WordPress is a brute force attack against the login page. Hackers will use automated software in attempt to gain access to a website ...
Read More Preventing Display of Usernames

Removing Inactive User Accounts

Posted on Mar 28, 2013 in Content, Security

If you are a website administrator, part of your responsibility may involve maintaining the users for your WordPress site.  It is good housekeeping as well as proper security practice to remove users that no longer need access to your website.  For example, if a user leaves your agency, you must remove their user account from ...
Read More Removing Inactive User Accounts