General

When running a PCI scan on your site, you may run across a warning stating that your version of OpenSSH is outdated. In this article, we'll show you what causes this warning, how to check your OpenSSH version, and possible false positives that can occur. Checking Your OpenSSH Version If you're on...

For additional security, you may want to add additional response headers, such as Content Security Policy or Access Control headers. These additional headers can help browsers protect you and your WordPress site's visitors from cross site scripting attacks by restricting where your content is all...

A little bit of extra security is never a bad thing. If you need to restrict access to a particular part of your WordPress site, you can easily add access rules from directly within Pagely's Atomic control panel. An important thing to note is that access controls here differ from plugin or other ...

What are Content Security Policy Headers? Content Security Policy headers are used for restricting the content types and sources that browsers will load. They help to protect your site visitors by instructing their browsers to produce an error and prevent disallowed content from loading on the pa...

When running a WordPress site, you probably already have far too many plugins to keep track of. You could use a full-featured plugin to add security headers, but why add the extra overhead if you don't have to? In this article, we'll show you how to add security headers from inside Atomic or opti...

Within your site, you may want to restrict the amount of information that is sent when a user clicks on a link. This is known as the HTTP Referrer. To assist with restricting the amount of information that is sent when a link is clicked, the Referrer-Policy header exists. This header simply instr...

Embedding a website inside another is one way that attackers may try to steal information. To avoid having your website embedded into another, modern web browsers are equipped to read an X-Frame-Options header to determine if the embed is allowed. By default, WordPress enables this header on admi...

When accessing your website’s content, browsers will often attempt to identify (and sometimes change) how some content types are handled. Unfortunately, an unintended consequence of this is that some content could be mishandled. To avoid the accidental mishandling of content types, the X-Content-...

During your time at Pagely, you may find the need to run some commands with elevated access. For your safety, we don't allow full root access, but we'll be happy to enable limited sudo access in the event that you require it. How to Get Limited Sudo Access To gain limited sudo access, simply requ...

Are you getting an "Insecure Login Prevented" message when attempting to log into your WordPress site? In this article, we'll provide more information on what causes this page to appear and how you can resolve it. What Causes This Message? Here at Pagely, we take security very seriously. In an ef...

XML-RPC can be useful for external services to access your WordPress site, but can also cause additional resource usage and security issues from being active. As a general rule, we recommend disabling any services you're not using, and depending on your particular use-case, XML-RPC might be one o...

Note: We are constantly applying security patches that might affect our customers. You can follow our security page here to keep in on the loop. In some instances vulnerability scanners will report issues due to outdated versions of a package being detected by the scanner. The oversight made in ...

Multi-factor authentication, otherwise known as 2-factor authentication is an incredibly important step to securing any account. As such, we implore our customers to undertake these steps to ensure their account is more secure than the simple username/password authentication. For a deeper explana...

When running a large WordPress site, performance can be critical. In the case of unwanted crawlers on your site, you might be giving up valuable resources without any benefit. Of course, blocking crawlers isn't a replacement for proper site optimization and these bots usually aren't much of an is...

Our NGINX layer provides rate limiting and protection from the most common application level attacks, including brute force attacks against the WordPress login. We protect against this activity by enforcing CAPTCHAs after too many failed attempts and not allowing anyone to log in with the usernam...

Your site's PCI compliance is determined by a third-party approved scanning vendors. Hosting providers are not allowed to perform these scans themselves for the benefit of our customers. Once you have an approved scanning vendor chosen and are ready to scan your site, you can schedule a PCI compl...

If you need to perform a security scan, we ask that you submit our Security Assessment Request Form as early as possible before the scan. This includes: PCI compliance scans. Vulnerability assessments. Penetration testing. Security compliance scans. Any other security-related scanning/testing. ...

What Are Pagely's Default CORS Headers? By default, Pagely adds CORS headers on ARES for webfonts such as "eot|otf|svg|ttc|ttf|woff2". What If We Want To Add Additional CORS Headers? Most cross-origin-resources should work out of the box. If there are any security concerns about using the wildcar...

If you're seeing the Rate Limiting error, there can be few reasons for that: A WordPress Multisite network may not be using the correct domain(s) Proxy traffic is not being forwarded properly Excessive POST requests when accessing a section of the admin dashboard. Note: Rate limiting only affec...