General

When running a WordPress site, you probably already have far too many plugins to keep track of. You could use a full-featured plugin to add security headers, but why add the extra overhead if you don't have to? In this article, we'll show you how to add security headers by using a quick drop-in p...

Within your site, you may want to restrict the amount of information that is sent when a user clicks on a link. This is known as the HTTP Referrer. To assist with restricting the amount of information that is sent when a link is clicked, the Referrer-Policy header exists. This header simply instr...

Embedding a website inside another is one way that attackers may try to steal information. To avoid having your website embedded into another, modern web browsers are equipped to read an X-Frame-Options header to determine if the embed is allowed. By default, WordPress enables this header on admi...

When accessing your website’s content, browsers will often attempt to identify (and sometimes change) how some content types are handled. Unfortunately, an unintended consequence of this is that some content could be mishandled. To avoid the accidental mishandling of content types, the X-Content-...

During your time at Pagely, you may find the need to run some commands with elevated access. For your safety, we don't allow full root access, but we'll be happy to enable limited sudo access in the event that you require it. How to Get Limited Sudo Access To gain limited sudo access, simply requ...

Are you getting an "Insecure Login Prevented" message when attempting to log into your WordPress site? In this article, we'll provide more information on what causes this page to appear and how you can resolve it. What Causes This Message? Here at Pagely, we take security very seriously. In an ef...

XML-RPC can be useful for external services to access your WordPress site, but can also cause additional resource usage and security issues from being active. As a general rule, we recommend disabling any services you're not using, and depending on your particular use-case, XML-RPC might be one o...

Note: We are constantly applying security patches that might affect our customers. You can follow our security page here to keep in on the loop. In some instances vulnerability scanners will report issues due to outdated versions of a package being detected by the scanner. The oversight made in ...

Multi-Factor, or Two Step Authentication is an incredibly important step to securing any account. As such, we implore our customers to undertake these steps to ensure their account is more secure than the simple username/password authentication. For a deeper explanation, please read the following...

When running a large WordPress site, performance can be critical. In the case of unwanted crawlers on your site, you might be giving up valuable resources without any benefit. Of course, blocking crawlers isn't a replacement for proper site optimization and these bots usually aren't much of an is...

Our NGINX layer provides rate limiting and protection from the most common application level attacks, including brute force attacks against the WordPress login. We protect against this activity by enforcing CAPTCHAs after too many failed attempts and not allowing anyone to log in with the usernam...

Your site's PCI compliance is determined by a third-party approved scanning vendors. Hosting providers are not allowed to perform these scans themselves for the benefit of our customers. Once you have an approved scanning vendor chosen and are ready to scan your site, you can schedule a PCI compl...

If you need to perform a security scan, we ask that you submit our Security Assessment Request Form as early as possible before the scan. This includes: PCI compliance scans. Vulnerability assessments. Penetration testing. Security compliance scans. Any other security-related scanning/testing. ...

What Are Pagely's Default CORS Headers? By default, Pagely adds CORS headers on ARES for webfonts such as "eot|otf|svg|ttc|ttf|woff2". What If We Want To Add Additional CORS Headers? Most cross-origin-resources should work out of the box. If there are any security concerns about using the wildcar...

If you're seeing the Rate Limiting error, there can be few reasons for that: A WPMU network may not be using the correct domain(s) Proxy traffic is not being forwarded properly Excessive POST requests when accessing a section of the admin dashboard. NOTE: Rate limiting only affects users at a c...