Main Topics

  • PressARMOR™

    PressARMOR is a comprehensive security architecture developed by Pagely® that hardens and protects our network, hardware, and WordPress applications. The primary focus is on prevention and the mitigation of risk to clients. Web Application Firewall Secure WordPress Hosting is just how we do busin...

  • Adding Security Headers to WordPress Without 3rd-Party Plugins

    When running a WordPress site, you probably already have far too many plugins to keep track of. You could use a full-featured plugin to add security headers, but why add the extra overhead if you don't have to? In this article, we'll show you how to add security headers by using a quick drop-in p...

  • Setting a HTTP Referrer Policy (Referrer-Policy Headers) in WordPress

    Within your site, you may want to restrict the amount of information that is sent when a user clicks on a link. This is known as the HTTP Referrer. To assist with restricting the amount of information that is sent when a link is clicked, the Referrer-Policy header exists. This header simply instr...

  • Enabling Clickjacking Protection (X-Frame-Options) in WordPress

    Embedding a website inside another is one way that attackers may try to steal information. To avoid having your website embedded into another, modern web browsers are equipped to read an X-Frame-Options header to determine if the embed is allowed. By default, WordPress enables this header on admi...

  • Disabling Content Sniffing in WordPress (X-Content-Type-Options: nosniff)

    When accessing your website’s content, browsers will often attempt to identify (and sometimes change) how some content types are handled. Unfortunately, an unintended consequence of this is that some content could be mishandled. To avoid the accidental mishandling of content types, the X-Content-...

  • Gaining Limited Sudo Access

    During your time at Pagely, you may find the need to run some commands with elevated access. For your safety, we don't allow full root access, but we'll be happy to enable limited sudo access in the event that you require it. How to Get Limited Sudo Access To gain limited sudo access, simply requ...

  • Resolving "Insecure Login Prevented" Messages

    Are you getting an "Insecure Login Prevented" message when attempting to log into your WordPress site? In this article, we'll provide more information on what causes this page to appear and how you can resolve it. What Causes This Message? Here at Pagely, we take security very seriously. In an ef...

  • Disabling XML-RPC

    XML-RPC can be useful for external services to access your WordPress site, but can also cause additional resource usage and security issues from being active. As a general rule, we recommend disabling any services you're not using, and depending on your particular use-case, XML-RPC might be one o...

  • Vulnerability Scanners returning false positives due to backporting

    Note: We are constantly applying security patches that might affect our customers. You can follow our security page here to keep in on the loop. In some instances vulnerability scanners will report issues due to outdated versions of a package being detected by the scanner. The oversight made in ...

  • Activating 2-Factor Auth (2FA) in Atomic

    Multi-Factor, or Two Step Authentication is an incredibly important step to securing any account. As such, we implore our customers to undertake these steps to ensure their account is more secure than the simple username/password authentication. For a deeper explanation, please read the following...

  • How to Block Crawlers and Other User Agents

    When running a large WordPress site, performance can be critical. In the case of unwanted crawlers on your site, you might be giving up valuable resources without any benefit. Of course, blocking crawlers isn't a replacement for proper site optimization and these bots usually aren't much of an is...

  • How Pagely Handles DDoS Protection

    Our NGINX layer provides rate limiting and protection from the most common application level attacks, including brute force attacks against the WordPress login. We protect against this activity by enforcing CAPTCHAs after too many failed attempts and not allowing anyone to log in with the usernam...

  • Getting PCI Compliance

    Your site's PCI compliance is determined by a third-party approved scanning vendors. Hosting providers are not allowed to perform these scans themselves for the benefit of our customers. Once you have an approved scanning vendor chosen and are ready to scan your site, you can schedule a PCI compl...

  • Performing Security Scans on Your Pagely Hosted Site

    If you need to perform a security scan, we ask that you submit our Security Assessment Request Form as early as possible before the scan. This includes: PCI compliance scans. Vulnerability assessments. Penetration testing. Security compliance scans. Any other security-related scanning/testing. ...

  • Fixing CORS Errors

    What Are Pagely's Default CORS Headers? By default, Pagely adds CORS headers on ARES for webfonts such as "eot|otf|svg|ttc|ttf|woff2". What If We Want To Add Additional CORS Headers? Most cross-origin-resources should work out of the box. If there are any security concerns about using the wildcar...

  • Rate Limiting

    If you're seeing the Rate Limiting error, there can be few reasons for that: A WPMU network may not be using the correct domain(s) Proxy traffic is not being forwarded properly Excessive POST requests when accessing a section of the admin dashboard. NOTE: Rate limiting only affects users at a c...