Wordpress Security - How To Stop Hackers
4.6 (410 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
3,538 students enrolled

Wordpress Security - How To Stop Hackers

Comprehensive, Step-By-Step & Easy Way to Secure your Wordpress Website from Hackers
4.6 (410 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
3,537 students enrolled
Created by Andrew Williams
Last updated 5/2020
English [Auto]
Current price: $61.99 Original price: $94.99 Discount: 35% off
2 days left at this price!
30-Day Money-Back Guarantee
This course includes
  • 2.5 hours on-demand video
  • 3 articles
  • 1 downloadable resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Know why hackers hack, and some of the common ways they do this
  • Understand the main threats that cause security problems with Wordpress websites
  • Understand that Wordpress is actually a secure platform, but it can easily be made insecure by the actions of those that run and administer the site
  • Secure a Wordpress website from hackers using a variety or common sense and technical tweaks to the site
  • "Copy" the security measures that have been set up on one site, and "import" them into other Wordpress websites they own, meaning security can be set up on subsequent sites in seconds
  • Find out more information about those trying to hack their site
  • Students need no previous knowledge or technical ability to take this course. Everything is explained and covered in step-by-step detail.
  • A basic understanding of Wordpress is useful

In 2019, it is even more important that you secure your WordPress website.

A couple of years ago it was estimated that only 44% of web traffic came from genuine visitors.  The rest was from bots, hacking tools, scrapers and spammers.  With that volume or dodgy web traffic coming to your website, are you confident that your website can withstand a hacker attack?  What if I told you that an estimated 37,000 websites are hacked EVERY DAY.  How confident are you now?

Securi, a top internet security service, reported that they dealt with 500 website infections a day, 7 days a week.  Out of 11,000 infected sites they dealt with, 78% were Wordpress sites.  

Once a site is hacked, it can be used for all kinds of malicious purposes, such as directing your traffic, stealing customer details, deleting files, changing your login details to lock you out, sending spam emails to millions of people (which will label your domain as spam and remove any chance it has of ranking in Google), you get the idea?

And hackers don't just target large, popular sites.  They'll use computer software to scan millions of websites for vulnerabilities, and then attack the soft targets.  There is no softer target than a newly setup Wordpress website!

There is obviously good reason to be concerned about your website security.  However, I don't want you to think that Wordpress is an insecure platform that should be avoided, it isn't.  Wordpress is actually very secure and if a security hole is found, it is usually plugged very quickly by the Wordpress security team and pushed out to all Wordpress installs - automatically.  The real security issues come from the people running the websites.  They often don't have enough knowledge to make educated decisions about the content they put on their site, the plugins they use or the themes they install.

This course has two aims:  

  1. I want to give you the knowledge you need so that you can understand where the main threats come from.  With that knowledge, you will understand how your administrative actions can affect the security of your website.  This knowledge gives you the power to stop hackers. 

  2. I want to give you a step-by-step solution to make your website as hackerproof as possible.  We'll install a single Wordpress plugin and go through the entire setup process.  Simply watch the tutorials, and follow along on your own site as I secure one of my own.

If you are not very technically minded, don't worry.  This course assumes no technical ability and no programming skills.  

About the Course

The course starts off with an introduction to hacking.  Why hackers hack, and what makes some Wordpress sites more vulnerable to hackers than others.

We'll then go through the main ways that you can harden up your Wordpress installation, and I'll show you how to manually set some of these up on your site.  You can try out some or all of these techniques yourself if you want to, but it is not essential (see lower down). You may just want to sit back and absorb the information so that you have the knowledge you need to make informed decisions on your Wordpress website going forward.

In the second half of the course, we'll install a Wordpress Security Plugin that covers all of the major security weaknesses outlined in the first half of the course, and work our way step-by-step, configuring the plugin to make our site virtually hack-proof.  

By the end of this course, you will have both the knowledge and the skill set to secure a Wordpress website against hackers. 

Who this course is for:
  • This course is for anyone that runs a Wordpress website.
  • It's for anyone that has a Wordpress website and doesn't want to wake up one day to find the site has been hacked, defaced or deleted.
  • This course is focused on securing Wordpress sites, so is not relevant to anyone running websites on other platforms.
Course content
Expand all 49 lectures 02:40:18
+ Introduction
4 lectures 12:54

This lecture introduces the Wordpress Security course and your instructor. There are a couple of ways you can use this course, and this lecture will cover those.

Preview 03:23

This lecture looks at whether or not Wordpress is a secure platform.  Can you trust Wordpress with your website?

Preview 02:13

Why do hackers hack?  There are a lot of reasons, none of them good.  This lecture looks at a few of the reasons, but also reassures you that your website will be very secure after following this course.

Preview 02:34

There are a lot of common hacks on Wordpress sites.  This lecture introduces a few and also points you to an authority web page if you want more details.

Preview 04:44
+ Security Measures
22 lectures 01:11:21

Everyone should backup their Wordpress website.  This lecture explains what you need to backup, and offers suggestions for tools that will allow you to do that.

Site Backups

There are a number of security plugins for Wordpress.  We will install and setup a good one later in this course, but for now, let me just introduce a few of the more popular plugins.

Security Plugins

Passwords need to be strong and random.  Weak passwords are one of the main ways hackers gain access to a website.  You'd be surprised how many people use the word "password" as their password.


Usernames are another weak area for many Wordpress users.  Pick a username that cannot be guessed.

Wordpress Usernames

Know the URL that you use for signing into your website.  A simple hacker trick could get your username and password without you realising you've been tricked.

Signing In

PHP error reporting can give hackers some sensitive information.  You can easily disable this though.

Disable PHP Error Reporting

The file editor built into the Dashboard is one of the first ports of calls if a hacker gains access to your site.  It's therefore a good idea to disable it.

Disable File Editor

You need to be careful about code embedded into Wordpress posts or pages.  If you don't trust the code 100%, leave it out.

Content of Posts & Pages

Wordpress security is only as strong as it's weakest link, and users may be that weak link.  This lecture looks at correctly assigning roles to users, to give them just enough security clearance to perform their job.

New Users

Inserting any kind of code in your site can open up security holes.  You have to be very careful, and this lecture explains what to look out for.

Widgets & Code

Plugins can be another source of security holes.  This lecture looks at some common sense measure to ensure your website is secure.


Themes can also provide backdoors to hackers, so make sure you use themes from reputable sources, and that those themes are regularly maintained and updated.

Comment Spam

A good measure to take is to stop someone repeatedly trying to log into your site on the login page.  If a user fails to login a couple of times, they are probably not authorised to access the site, so block them.

Limiting Login Attempts

You may already be familiar with 2-Factor authentication.  Your Google account may use this, or your online banking.  You can add this layer of security to your Wordpress site if you wish.

2-Factor Authentication

The login page is the gateway to your Wordpress Dashboard, so protect it!

Protect the Login Page

A simple security measure you can take is to change the default Wordpress table prefix.  This is typically done when you install Wordpress, but you can change it at a later date as well.

Database Table Prefix

Wordpress security keys are an extra layer of protection for your site.  If you install Wordpress using a one-click installer, you don't need to do anything as these will be created for you at the time of the installation.

Wordpress Security Keys

XML-RPC is a programming interface that developers can use to "talk" to Wordpress.  It's also a potential security threat.


A good web host can help increase the security of your website.

Web Host

This is an important configuration file that contains sensitive information about your site.  You may want to protect it.


The files and folders on your server are given permissions, which basically control who can read and write to those files and folders.  There are specific permissions required within your Wordpress installation.

File Permissions
+ Set Up All In One Security on your Website
21 lectures 01:06:55

Find and install the plugin in the Wordpress repository.

Installing the Plugin

Before you begin, we need to backup important Wordpress files.  If anything goes wrong with the configuration of the plugin, you can always use these to restore access to your Dashboard and site.

Backup Important Files

As you secure your site, you should keep taking backups of important files as mentioned above.  However, it is possible you will get locked out.  This tutorial shows you what to do if that happens.

If You Get Locked Out?

If you want to just play it safe, you can only enable the security features that are safe to implement and not cause your site problems.  If you are more adventurous, you can try activating all measures.  This lecture explains how to identify the safe from the "adventurous".

Classification of Security Measures

The Dashboard gives you a birds eye view of your security setup on the site.   Check out how secure your website is.


The settings screen gives you quick access to a couple of useful tools.  We've already used two of the tools to backup files, but let's see what else is here.


Your username, display name and password settings are accessible from this screen.  Do you need to change them?  Are they secure enough?

User Accounts

Stop brute force attempts by locking out users that consistently try to login, but fail.

User Login

If you allow people to register on your site, then these settings need to be selected as well.

User Registration

Remember we talked about the table prefix and how Wordpress liked to use a default of wp_ ??  This lecture shows you how you can change your prefix if you need to, or just want to.  Don't forget to backup the database first (instructions included in this video).

Database Security

Files and folders need the correct permissions set, to keep them secure.  This lecture shows you how to make sure everything is correct, and also how to disable the PHP editor if you didn't do that earlier in the course.

Filesystem Security

Check out details of people trying to access your site.

WHOIS Lookup

Blacklist IPs so that they cannot access your website.

Blacklist Manager

Setup a firewall on your Wordpress website, to add an extra layer of security.


The plugin has some great tools to help prevent brute force attacks.  This lecture shows you how to set these up.

Brute Force

This section of the plugin helps to deal with spam comments by adding a math captcha to the comment form.  It's not the greatest spam eliminator, but it is quick to implement and will help a little. A more useful feature is the auto-blocking of repeat spam commenters.

Spam Prevention

One way of detecting whether your site has been hacked is to monitor the Wordpress files on your server and compare them to the original Wordpress files from Wordpress.org.  This is a built in feature of the plugin.


If you need to, you can block all access to your site front end while you do maintenance.  This lecture shows you how to do this.


A final few security measures for your website, and you are done.  What is your final security score?


What is your Security Strength after completing the security settings?


I have created a Checklist for you to follow as you secure your Wordpress websites.  I've made it available as a PDF file which you can download as the resource for this lecture.

Wordpress Security Checklist
+ Resources
2 lectures 09:08

If you are new to Udemy, please watch this lecture that shows you around the Udemy interface, and how to get the most out of your Udemy experience as you take this, and other, courses.

Preview 08:45

A final lecture with some information and resources you may find useful.

Bonus: Resources