If your WordPress site is being served by an NGINX web-server there are a couple of configuration directives you will want to add to your server configuration. If you are uncertain about how to do this, consult with your hosting provider and they can help you.
Categories for Security
What is WP-Bruiser?
WP-Bruiser, formerly known as “Goodbye Captcha” is a free plugin for WordPress which blocks bot spam in your comment forms. It also has some non-free extensions which integrate with various popular contact forms and other addons to block bot spam in those as well. It does this using a clever token system which bots cannot defeat. This eliminates the need to annoy your users with a “Captcha” and presents a more professional web experience to your visitors. WP-Bruiser also includes some security features which is and what we are going to focus on today.
WordPress is the most popular and possibly best software for operating a modern website. The built in tools that it provides for free are extremely valuable for any web project. WordPress is built on top of PHP which is a “Server Side” programming language. That means when WordPress performs computational tasks it is performing them on the server, rather than in the visitor’s browser. This presents significant security risks, because hackers can exploit vulnerabilities in WordPress to take over the server, which they can then add to their botnets to perform DDoS for Hire attacks, or to act as Crypto-Miners, or to grow their BotNet by infecting the machines of your visitors.