Complete WordPress Security Course: Go from zero to hero

If you get overwhelmed (like me!) deciding the security practices to apply from the sea of content online, then this course is for you. You will get simplified security in the easiest form of content to consume i.e. videos.

The videos are well-spaced to give you time to actually implement each lesson on your website. You can surely apply to And after you have learned and implemented each of these security gospels, you can be sure that your website is almost free from vulnerabilities.

Although there are no hard and fast rules for learning, some tricks could boost your learning. Some of these are:

The course preview is as follows-

1. Move wp-config outside the root folder

2. Roles and users proper usage

3. We’ll learn how to restrict access to your WP Admin

4. Set correct Wp-file permissions

5. How to control & filter spam comments

6. How to change DB prefix

7. How to set up secret keys

8. How to disable directory browsing or the Directory listing of your WP files

9. After that, we’ll learn how to secure your WP login & your WP Admin

10. How & Why to use a Web Application Firewall and understand its advanced features

Opting these strategies right now will be your best investment(time) today.

Welcome to Lesson 1 of WordPress Security series. Learn how to set pre-defined and custom roles to users on your WordPress site.

Here are the steps to defining user roles:

Step 1 - Go to your 'Users' section.

Step 2 - Define roles to each user from the pre-defined roles

Step 3 - Or, you can install a plugin 'User role editor'

Step 4 - Again go to the 'Users' section>Other roles and define extra roles.

As you know the wp-config file contains confidential information about your website's configuration, database, etc. It is generally located in the root directory of your website and faces risks due to the obviousness of location.

Here is how you can move wp-config out of root directory:

• Step 1 - Go to your FTP client like Filezilla

• Step 2 - Navigate to public_html folder and copy the contents of the wp-config file.

• Step 3 - Create a wp-config folder outside the public_html and paste the contents there.

• Step 4 - Save the contents and refresh your website to see if it's working fine.

Eight more lessons to go before you ace your website's security. Just like these lessons, Astra simplifies security for everyone.

This lesson will teach you how to restrict access to your WP Admin. As you know, the wp-admin area is the administrative area on your website. wp-admin is where all details and powers of your site reside.

Here is how to restrict wp-admin access:

• Step 1 - Use an FTP client like Filezilla and access your wp site

• Step 2 - Navigate to public_html/wp-admin/

• Step 3 - Create a .htaccess file there

• Step 4 - Paste the following code in this file and save it.

Order Deny, Allow

Deny from all

Allow from [Your IP]

Think you are already a wordpress security expert? Take a quiz here and flaunt additional generated certificate with the world :)

In this lesson, you will learn how to set secure file permissions for your files and folders in your WordPress.

The steps look something like this:

• Step 1- Connect to your server using an FTP client

• Step 2 - In the Remote Site tab, select 'public_html' directory.
  Set these permissions to important files: wp-config.php = 400, wp-content = 755, wp-content/uploads = 755, wp-includes = 644.

Six more lessons to go before your ace your WordPress security. Are you finding the lessons useful? Comment or raise in Q/A, I will be happy to help our students :)

In this lesson, you will learn how to control & filter spam in your WordPress.

Here is how to set review for comments on your wp site:

• Step 1 - Install and Set up Askimet Plugin

• Step 2 - Go to Settings and check the following fields and save in order to control spam-
  Show the number of approved comments beside each comment author
  Silently discard pervasive spam

Pat yourself on the back for coming this far into the journey. Only 5 more lessons to go before you secure yourself. Wanna know more advanced WordPress security measures? Comment or raise this in Q/A Section.

In this lesson, you will learn how to change database prefix in your WordPress. A WordPress database is where all the crucial information like user data, configuration data, site URLs, etc rests. Changing the DB prefix can help it be more secure.

Here is how you can change WordPress DB prefix:

• Step 1 - Log in to an FTP client like Filezilla and access your website

• Step 2 - Navigate to 'public_html'

• Step 3 - Right-click on wp-config file and edit the default prefix 'wp_'

• Step 4 - Run an SQL command to render this prefix in all the tables

You can also choose to skip all this and install a plugin to change this prefix.

4 more lessons to go. We have got a surprise for you in the next lesson, do come back to find out.

In this lesson, you will learn how to set up secret keys in your WordPress website.

Here is how you can change WordPress DB prefix:

• Step 1 - Generate secret keys using the link - https://api.wordpress.org/secret-key/1.1/salt/

• Step 2 - Log in to an FTP client like Filezilla and access your website

• Step 3 - Navigate to 'public_html'

• Step 4 - Right-click on wp-config file go to edit.

• Step 5- Paste the secret keys in the file and save it.

3, 2, 1 and you will be the true master of your website.

Welcome to Lesson 8 of the WordPress security series. The last lesson taught you to set secret keys on your site. In this lesson, you will learn how to disable directory listing.

Here is how you can change WordPress DB prefix:

• Step 1 - Log in to an FTP client like Filezilla and access your website

• Step 2 - Navigate to 'public_html'

• Step 3 - Right-click on the .htaccess file and got to edit.

• Step 4 - Paste the following code in it and save. And you are good to go.

In this lesson, you will learn how to secure your wp-login and wp-admin. Securing these can immune your website from Bruteforce attacks on your website.

Here are the steps to secure wp-login & wp-admin:

1. To secure wp-login, install & Activate 'Protect your admin' plugin on your website

2. To limit login attempts, install & activate 'WPS limit login' on your website

Only one more lesson to go into this WordPress Security Course.

Until we meet again, keep learning :)

You did it! We have reached the end of this email course. Your perseverance rocks. The previous lesson talked about how to secure your wp-login and wp-admin.

In this last lesson of this series, you will learn how a firewall protects your website and why every website needs one.

A firewall is nothing but a continuous monitoring system and works the same way as a watchman protects a building. Firewalls can identify and block hacking attempts on its own while you relax. Not only does it enhance your website security but also positively impact its speed and performance.