The WPScan is a security scanner tool that helps us in the verification of the security and identifies possible vulnerabilities of the WordPress projects, which is made to test the security of web pages developed in WordPress.

With WPScan is possible to do a series of tests like relate the users, break weak passwords, enumerate vulnerabilities of the core and installed plugins and themes.

And you need to know that WPScan is free of charge for a non-commercial use.

This is the main way that hackers use to break and hack WordPress sites, but otherwise, this tool can help you to identify gaps on your website as well.

What is WPSan?

Preview 00:55

How to Install the WPScan and Update Vulnerability Database

02:29

Hands on WPScan seeking for vulnerabilities

05:36

+ – Users and Passwords

3 lectures 04:20

Admin Username and user_id = 1

Preview 00:50

Using Strong Passwords

01:15

Blocking Access to the User List

02:15

+ – Secret Keys and Salts

2 lectures 04:27

What are the Secret Keys and Salts?

02:41

How to update this keys?

01:46

+ – Debug and your implications

2 lectures 04:01

Debug Constants

Preview 02:45

Location and Protection of the debug.log

01:16

+ – Version Exposure

3 lectures 03:52

Where the WordPress version is exposed?

02:02

How to hide the WordPress version

00:45

Removing the version from the core files

01:05

+ – What is FPD (Full Path Disclosure)?

3 lectures 03:11

The FPD vulnerability in WordPress core

01:30

How to avoid FPD gaps

00:51

Prevent FPD in your own code

00:50

+ – Database protection

2 lectures 03:40

Table prefix and how to change it

02:57

Proper permissions

00:43

+ – What is SQL Injection?

3 lectures 03:56

How to prevent SQL Injection

01:07

How to certify that plugins and themes are free of SQL Injection?

01:25

Prevent against SQL Injection

01:24

+ – What is SSL and why it’s so Important use it?

1 lecture 02:35

How to implement SSL in WordPress?

Preview 02:35

3 more sections

Requirements

You need to understand the principles of WordPress development

Description

The security topic is one of the most important in these days when we talk about web applications including WordPress. With the increasing number of vulnerabilities and attempts of attacks by hackers, it's very important to protect your application.

I will show to you great practices and how can you implement a series of procedures that can definitely increase the security of your WordPress environments.

Why should you take this course?

We will cover the most recent topics related to security
Learn the hackers techniques to avoid them to reach your website
Implement security procedures in your database
Implement security procedures in your server
Protect the traffic of your information
Protect the directories and files of your website
Improve your security skills
And much more!

Let me know if some content is missing I'll be glad add more topics to this course.

Who this course is for:

The course is perfect for intermediate users of WordPress
Anyone that want's to improve the security of your WordPress site.