Brute force attacks are so often that both WordPress and Drupal have pages dedicated to this specific aspect of website security. Two common alternatives for handling these are hiding the login page and using a VPN. Which is safer? How much does each cost? And how much extra time does it take, and …
Security
Cloudflare “Cloudbleed” threat: security assessment and tasks
A memory leak on some of Cloudflare's code caused sensitive information to be exposed. Worse yet, some of the exposed information was cached by search engines. Despite all the hype, "cloudbleed" affects a fraction of Cloudflare's sites. Cloudbleed threat summary The likelihood of a site being …
Chrome shows “not secure” warning unless using HTTPS
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. (Google security blog) All websites, whether they require users log in or not, should switch to HTTPS in the near future. …