WordPress Hacking & Hardening in Simple Steps

Name: WordPress Hacking & Hardening in Simple Steps
Rating: 4.6 (151 reviews)

This course is a quick step by step guide for beginners to secure WordPress Website using mostly FREE tools

Created byGabriel Avramescu

Last updated 4/2021

English

What you'll learn

Secure WordPress Websites
Scan their Wordpress Instance for vulnerabilities
Prevent Spam
Prevent Brute Force Attacks
Secure HTTP Headers
Configure 2factor Authentication
File Integrity Protection
Web Application Firewall Configuration
Block malicious IPs and attacks
Advanced Steps to Further Secure the Wordpress Instance

Course content

5 sections • 41 lectures • 5h 8m total length

Let's meet0:54
About me. And Course Outline13:49
Lab Setup2:48
Join our Online Classroom!0:54

Backup your Wordpress instance, database and plugins6:46
Update WordPress and Plugins4:00
HTTPS introduction8:22
Learn why HTTPS secures user–server communication, compare self-signed and trusted SSL certificates, and explore SEO, browser trust signals, and Let's Encrypt options.
Manually configuring HTTPS - generating certificates15:53
Automatic configuration and free signed certificate7:47
HTTP to HTTPS Redirect3:13
Discover how to redirect HTTP to HTTPS for your WordPress site using plugins or manual configuration to enforce secure connections and protect SSL setup.
Security Plugins4:00
WordFence Security Plugin and 2 Factor Authentication Security19:04
Brute Force Demo - IP and User Block5:24
Spam protection. Captcha on login and comments4:39
Enable captcha on login and comments to stop spam on WordPress, using the advanced no-captcha plugin and Google API keys to verify users and deter brute-force attacks.
HTTP Secure Hearders and TLS scan - free scan your website11:22
HTTP Security Headers using plugins - demo3:45
Configure http security headers for WordPress using the ATP headers plugin, enable key headers, and test changes with curl and securityheaders.com to harden sites with authentication, access control, and caching.

How to find the source of spamming14:00
Vulnerabilities and exploits9:14
Discover WordPress vulnerabilities and exploits, and why keeping core and plugins up to date matters. Learn to use WPScan, CVE details, and exploit databases to stay informed.
How to Change Your WordPress Login URL4:32
SQL Injection and URL Hacking5:36
Protect Sensitive Files3:24
Block access to sensitive WordPress files by configuring htaccess rules to deny directory listing and restrict the WordPress configuration, install scripts, and readme files.
Default usernames3:33
Disable XML-RPC2:07
Hide your WordPress version4:21
DDos Protection5:09

Bonus Section0:30
SQL Injection9:09
Exploiting SQLi using sqlmap10:07
Cross-Site Scripting Introduction8:27
Reflected XSS - Session Hjacking10:29
Explore reflected cross-eyed scripting, how an attacker injects javascript via a dynamic page parameter, and how stolen cookies enable session hijacking and impersonation.
Stored XSS6:59
Using XSS to grab cookies, Facebook username and passwords. Social Engineering16:12
OWASP Top 10 Vulnerabilities18:16
Upload and file execution10:43
Cross-Site Request Forgery7:19
Further Information0:17
Join Our Online Classroom!0:54

Requirements

Basic knowledge of Wordpress and HTTP
Basic knowledge of Linux

Description

Just launched!!

When it comes to WordPress security, there are a lot of things you can do to lock down your site to prevent hackers and vulnerabilities from affecting your ecommerce site or blog. The last thing you want to happen is to wake up one morning to discover your site in shambles.

This course is a quick step by step guide for beginners to secure WordPress Website using mostly FREE tools.

When it comes to WordPress security, there are a lot of things you can do to lock down your site to prevent hackers.

Did you know that more than 73 million web sites in the world run on the WordPress publishing platform? This makes WordPress more popular than Microsoft SharePoint, Blogger, or Drupal. It also means that WordPress is a large target for hackers.

Half of the WordPress sites out there are self-hosted, which means that the WordPress administrator carries the lion's share of responsibility for a secure installation. Out of the box, there are several ways that WordPress security can be tightened down, but only a fraction of sites actually do so. This makes WordPress an even more popular target for hackers.

The strategies that you will learn in this course can help any WordPress installation become significantly more secure, and raise awareness of the types of vulnerabilities to defend against.

Who this course is for:

Students and security enthusiasts
Website owners

WordPress Hacking & Hardening in Simple Steps

What you'll learn

Explore related topics

Course content

Introduction - the basics4 lectures • 18min

Overview of a WordPress Attack4 lectures • 45min

Securing your WordPress - basics steps12 lectures • 1hr 34min

More Advanced Wordpress Security9 lectures • 52min

Bonus - Learn more about web security12 lectures • 1hr 39min

Requirements

Description

Who this course is for: