Rock Solid Wordpress Security - Secure Web Development
4.6 (112 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
6,232 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Rock Solid Wordpress Security - Secure Web Development to your Wishlist.

Add to Wishlist

Rock Solid Wordpress Security - Secure Web Development

Secure and protect your website from hackers and save time, resources and stress.
4.6 (112 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
6,232 students enrolled
Created by Jason Rybka
Last updated 1/2015
Price: Free
  • 1.5 hours on-demand video
  • 4 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Secure your Wordpress website using proven security methods.
  • Secure your Wordpress installation from hackers and malicious code.
  • Modify the permissions of key administrative folder and files so they cannot be accessed by just anybody.
  • Deny access to certain parts of their website.
  • Use built in server tools to further secure their website by changing common defaults.
  • Rest easy knowing your site is secure.
View Curriculum
  • Students should have a certain understanding of how Wordpress operates, but no technical skill is required, it will be covered within the course.

Secure your website today!

Find Out What Hackers Don't Want You to Know!

Rock Solid Wordpress Security is changing the security landscape for thousands of Wordpress sites! 

Updated: We are currently in the process of updating this course (February, 14, 2017).

Secure your Wordpress website today!


Secure your Wordpress website today!

Having a website is essential to your online identity. Chances are you chose to use Wordpress as a website platform due to its ease and flexibility. Along with the popularity of the Wordpress platform, as with anything else, come risks, security risks. Not everyone on the Internet has good intentions, not everyone wants to see you succeed, there are even a select few that take pride in tearing down what others have created.

Secure your Wordpress login and admin area!

Don't fall victim to those looking to destroy your site, and don't think for just a moment that just because you aren't some big name that everyone is playing nice. It is the age of the Internet, and Internet security for your website, especially your Wordpress login area, has never been more important.

Use the simple steps in this course to secure Wordpress!

There is good news! In just a few, simple steps I will show you how to secure your Wordpress installation so you never have to worry about hackers again. I am addressing Wordpress security with a no-code approach so anyone can secure their site. You can rest easy knowing that your site will be there in the morning, just the way you left it, from this point forward.

Wordpress Security Best Practices

This course is regularly updated to reflect the Wordpress security best practices based on the most current Wordpress version and recent security threats.

Who is the target audience?
  • Anyone who has a Wordpress website and is looking to secure their installation.
  • Wordpress users that are concerned or unsure if their site is protected.
  • Wordpress users that have been targeted by hackers and want full protection.
  • Anyone thinking about using Wordpress as a website platform that wants to start out the right way and be protected.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
23 Lectures
Welcome and Expectations!
3 Lectures 06:23

This video describes exactly what you will learn by taking this course. What can you expect to have once it is completed? What new skills will you attain along the way? Listen to the short video to find out!

Welcome and What to Expect from this Course!

With well over a decade of Internet experience, I have seen my fair share of hacks and hack attempts. At one point, in 2010, one of my most popular websites was irreversibly hacked, that changed my entire outlook on website security.

Who I Am and My Experience with Internet Security.

Internet security is a true beast to tame, looking back at just 2014 you'll recall that some big names where in the news because they were hacked. Home Depot, Target, Xbox Live, and Sony were all hacked... the bottom line, nothing is ever 100% bullet-proof. In this course we'll do everything possible and reasonable to secure you Wordpress website.

An Important Note About Internet Security
Understanding the Risks of a Default Wordpress Installation
5 Lectures 08:15

In this video we will discuss some of the risks associated with maintaining a nearly default installation of Wordpress and the typical methods that hackers employ to compromise your site.

What are the Risks? Should I Really Worry?

Just a quick question about hacked sites.

Hacked Sites
2 questions

Use this checklist to help you work through securing your Wordpress website(s).

Rock Solid Wordpress Security Checklist
1 page

There are a few common errors people make when installing Wordpress that leaves their site open to be hacked more easily, don't make these common mistakes. If you have, we will correct them in the upcoming videos

The Most Common Wordpress Installation Errors.

It is vitally important that you keep your site up to date. Updates are released for a variety of reason, one of which is security updates. When a security update is available it is important that you update all elements of your site including Wordpress itself, plugins, and theme files. With that said, it is recommended that you remove any unused plugins and themes.

The Importance of Updating Your Site

When you are adding content to your site and decide to change your theme or add a plugin be sure to only add from trusted sources. Adding a plugin or a theme from an untrusted source can contain malicious code that will allow a hacker to gain entry to your site through a back door.

Use Only Trusted Sources for Plugins and Themes

Some assumptions we should not make.

Let us assume some things.
2 questions
Securing Your Site - Close the Door!
7 Lectures 35:02

It may simply be overstated in today's age, but a truly secure password is the first step at thwarting an attack. If an attacker is using a brute force method to try to gain access to your site, and you have yet to implement the other protections described in this course, your only line of defense is a solid password. Set that up now, then we'll move on to the rest. Here you will learn some secrets to creating a solid password.

How to Create a Rock Solid Password!

Use this document as a reference for creating a rock solid password.

Secure Password Creation and Testing
1 page

These rock solid passwords really rock!

Rock Solid Passwords
1 question

In this video I will be installing Wordpress with just about every security vulnerability we discussed. Keep in mind this is only being done this way so we have an example to work with, DO NOT install Wordpress like this on your server. If there is one site on a shared host with vulnerabilities, it is bad news for the rest of the sites as well.

Please DO NOT install Wordpress like this!

This is probably one of the most common errors among Wordpress users, you simply must avoid common login names such as the following for users with any level of control on your site:

  • admin
  • administrator
  • webmaster
  • your public email address
  • your.real.nickname

Instead, choose a relatively difficult to guess name, and then have Wordpress display your full name instead. Note that the full name field does not need to contain your real full name either.

If you've already made this mistake, we will go over how to change this site wide using phpMyAdmin.

Avoiding and Changing Common Login Names Like Admin or Webmaster.

Most hack attempts to your site will generally assume one thing - that your database prefix is wp_, which is the Wordpress default. A simple way to foil a large majority of hack attempts and cross site scripting attacks is to change this prefix setting. The best and easiest time to make this change is during the install, after the install it becomes a bit more complicated, but still reasonable. You'll need to change the setting in one file and in several places within the database, and we'll cover how to do both in this video.

Change the Default Database Prefix from wp_ to Something Unique

A lot of the changes we make have the potential to impact your site in a very negative way if you make a mistake. For this reason, we will make sure we know how to make a current backup of your database and how to restore that database. Now, should anything unintended happen, we'll be able to simply restore your data. We will look at how to do this manually and through the use of a plugin. It is highly recommended that your first database backup be a manual backup made via phpMyAdmin.

Database - How to Backup Your Database!

While actually moving the default location of the admin folder would prove quite a burden, there are some 120+ references to these files within Wordpress. There are however a couple simpler and just as effective solutions. In this video we will look at how we can secure the admin login area more effectively using a couple excellent plugins which require additional fields and visually entered data.

Additional Security for the Admin Login Area.

Just a couple questions for enquiring minds.

Login Names and Prefixes
2 questions
Additional Options
8 Lectures 45:50

Here we will discuss several options for using the .htaccess file(s) to protect or restrict access to vital files and folders on your website.

Using .htaccess to Protect Includes and Admin

This document will help you create or modify your .htaccess files.

.htaccess Reference and Examples
2 pages

Have you been looking at your traffic patterns and seeing a lot of 404 errors from the same IP addresses. Chances are these are bots searching for known vulnerable URLs and URL patterns so they can attack your site via SQL injection. In this video we will take a look at how to effectively eliminate this as a threat using the tools we already have!

Dealing with Exploit Scanners and Handling 404 Error Codes

A robots.txt files tells search engine crawlers like Google where they can and cannot index content for inclusion in their search results. You may think granting them full access will help your SEO efforts, but there are certain places you simply should not allow them access to, and not limiting their access is, as you may have guessed, a security threat.

Adding a robots.txt file
1 page

In this video we take a closer look at the Wordfence plugin.

Wordfence - A Closer Look

In this video we introduce and take a close look at the iThemes security plugin.

iThemes Security - A Closer Look

I'm constantly asked this question... Are premium security plugins worth the cost? Watch the video to find out my answer.

Should I Buy a Premium Security Plugin

Your site should be fully secure now that you've reach this video. However, if you have a more complicated setup and need additional help, please post in the discussion area or send me a message. I try to respond to messages within 24 hours. Also, if you found this site to be of value consider leaving a review, or post a discussion thread with any comments to help make the course better! Finally, thank you so much for securing your site with me!

Congratulations and Final Thoughts!
About the Instructor
Jason Rybka
4.4 Average rating
1,805 Reviews
43,156 Students
5 Courses
Swift Developer, Web Developer, Internet Security Consultant

I've been developing web sites and programming since 1999, I know about a dozen different programming languages and I am an expert in Internet Security.

I am fluent in the following languages; Ajax, Applescript, HTML 5, CSS 3, PHP, Java, Javascript, jQuery, Python, Ruby, Objective-C, Swift, and XML.

Out of all the languages I know the newcomer Swift is one of my favorites. I began studying the language the day the documents where released to the world by Apple and I have yet to stop. In my courses I apply the concepts I've learned in a language that is clear and understandable to even non-programmers. I understand learning a new language sometimes has a high learning curve and I minimize this obstacle by adapting proven teaching methods and reinforcement messages to make sure my students fully understand the material.

In 2010 I fulfilled my dream and became a successful full time web designer and app developer creating my own small business XBSJASON TECH SERVICES. I spend my time developing web sites, creating Enterprise applications, making custom code solutions, and evaluating and advising on security thresholds for clients in the New Jersey, New York metro area.

I love being creative and solving problems, programming and web design allow for this passion quite nicely. I also love teaching, I think information and knowledge is power, and we should never stop learning new things.