<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Website Security &#8211; Secremedy</title>
	<atom:link href="https://secremedy.com/resources/category/website-security/feed/" rel="self" type="application/rss+xml" />
	<link>https://secremedy.com</link>
	<description>Proactive cybersecurity for UK SMEs</description>
	<lastBuildDate>Tue, 14 Jul 2026 15:19:15 +0000</lastBuildDate>
	<language>en-GB</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0.1</generator>

<image>
	<url>https://secremedy.com/wp-content/uploads/2026/07/fav.svg</url>
	<title>Website Security &#8211; Secremedy</title>
	<link>https://secremedy.com</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>The 2026 WordPress hardening checklist for UK businesses.</title>
		<link>https://secremedy.com/resources/wordpress-hardening-2026/</link>
					<comments>https://secremedy.com/resources/wordpress-hardening-2026/#respond</comments>
		
		<dc:creator><![CDATA[sajdoko]]></dc:creator>
		<pubDate>Sun, 12 Jul 2026 09:00:00 +0000</pubDate>
				<category><![CDATA[Website Security]]></category>
		<category><![CDATA[Backups]]></category>
		<category><![CDATA[MFA]]></category>
		<category><![CDATA[WordPress]]></category>
		<guid isPermaLink="false">https://secremedy.com/wordpress-hardening-2026/</guid>

					<description><![CDATA[Ten practical steps to close the gaps attackers exploit most — no plugins-for-everything approach required.]]></description>
										<content:encoded><![CDATA[<p>Most WordPress compromises do not begin with a sophisticated zero-day. They start with an overlooked update, an old administrator account, or a backup nobody has tried to restore. Hardening is the disciplined work of closing those ordinary gaps.</p>
<h2>Your baseline should be boring — and complete.</h2>
<p>The goal is not to install every security product you can find. It is to reduce the number of ways an attacker can get in, limit what they can do if they do, and make recovery predictable.</p>
<h2>The five controls to put in place first</h2>
<ul>
<li>Keep WordPress core, themes, and plugins patched on a defined schedule.</li>
<li>Remove inactive plugins and themes instead of simply deactivating them.</li>
<li>Require unique passwords and multi-factor authentication for every administrator.</li>
<li>Keep an off-site backup that you can restore and test regularly.</li>
<li>Review administrator accounts, file permissions, and hosting access at least quarterly.</li>
</ul>
<h2>Updates are a security control, not housekeeping.</h2>
<p>Create a simple patching rhythm: review critical updates promptly, test material changes on a staging copy where possible, and document who owns the decision. Unused plugins deserve no place in production — deactivate and delete them.</p>
<h2>Treat every administrator account as a key to your business.</h2>
<p>Use named accounts, strong unique passwords, and multi-factor authentication. Remove access the moment a contractor or employee no longer needs it. Avoid shared logins: they make incident investigation almost impossible.</p>
<blockquote>
<p><strong>A backup is only real if it restores.</strong> Keep a separate, off-site copy and rehearse a restore before you need one. Ransomware and accidental deletion both become manageable when recovery is proven.</p>
</blockquote>
<h2>Give the site less to defend.</h2>
<p>Review file permissions, disable features you do not use, and keep production separate from testing tools. Your host, CDN, forms, analytics scripts, and third-party integrations all belong on the same security inventory.</p>
<h2>Monitoring catches the small changes.</h2>
<p>File-integrity checks, malware monitoring, and a regular vulnerability scan are practical early-warning systems. Pair them with a clear incident contact and an escalation plan your team can actually follow.</p>
<h2>What to do next</h2>
<p>Start with the areas you can verify today: current updates, named administrator accounts, and a tested backup. Then ask for an independent view of the gaps your team may not be equipped to see.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://secremedy.com/resources/wordpress-hardening-2026/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>How to spot a phishing email before someone clicks</title>
		<link>https://secremedy.com/resources/spot-phishing-email/</link>
					<comments>https://secremedy.com/resources/spot-phishing-email/#respond</comments>
		
		<dc:creator><![CDATA[sajdoko]]></dc:creator>
		<pubDate>Mon, 04 May 2026 09:00:00 +0000</pubDate>
				<category><![CDATA[Website Security]]></category>
		<category><![CDATA[MFA]]></category>
		<category><![CDATA[Phishing]]></category>
		<guid isPermaLink="false">https://secremedy.com/spot-phishing-email/</guid>

					<description><![CDATA[The practical signals staff can check when an email feels urgent, unusual, or just slightly wrong.]]></description>
										<content:encoded><![CDATA[<p>Good phishing awareness gives people a simple decision process and a safe way to report uncertainty.</p>
<h2>Start with a clear baseline.</h2>
<p>Before buying another tool, document what you run, who can access it, and which information matters most. A short, accurate inventory makes every security decision easier.</p>
<h2>Focus on the gaps attackers can use.</h2>
<p>Phishing prevention works best when ownership is clear and the checks happen on a predictable schedule. Record what you find, prioritise the highest-impact issues, and assign every action to a named person.</p>
<ul>
<li>Confirm the systems and accounts in scope.</li>
<li>Remove access, software, and integrations you no longer need.</li>
<li>Patch important weaknesses and verify the change.</li>
<li>Keep evidence your team can understand and reuse.</li>
</ul>
<blockquote>
<p>Simple controls applied consistently prevent more incidents than a long list of tools nobody owns.</p>
</blockquote>
<h2>Turn the findings into action.</h2>
<p>Set a review date and test the plan with the people who will use it. If an area is difficult to verify internally, ask for an independent assessment before the uncertainty becomes an incident.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://secremedy.com/resources/spot-phishing-email/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
