Wordpress Security - How To Stop Hackers
4.8 (129 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1,215 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Wordpress Security - How To Stop Hackers to your Wishlist.

Add to Wishlist

Wordpress Security - How To Stop Hackers

Comprehensive, Step-By-Step & Easy Way to Secure your Wordpress Website from Hackers
Bestselling
4.8 (129 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1,215 students enrolled
Created by Andrew Williams
Last updated 1/2017
English
Current price: $14 Original price: $95 Discount: 85% off
30-Day Money-Back Guarantee
Includes:
  • 2.5 hours on-demand video
  • 2 Articles
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Know why hackers hack, and some of the common ways they do this
  • Understand the main threats that cause security problems with Wordpress websites
  • Understand that Wordpress is actually a secure platform, but it can easily be made insecure by the actions of those that run and administer the site
  • Secure a Wordpress website from hackers using a variety or common sense and technical tweaks to the site
  • "Copy" the security measures that have been set up on one site, and "import" them into other Wordpress websites they own, meaning security can be set up on subsequent sites in seconds
  • Find out more information about those trying to hack their site
View Curriculum
Requirements
  • Students need no previous knowledge or technical ability to take this course. Everything is explained and covered in step-by-step detail.
  • A basic understanding of Wordpress is useful
Description

In 2016 it is estimated that only 44% of web traffic if from humans.  The rest is from bots, hacking tools, scrapers and spammers.  With that volume or dodgy web traffic coming to your website, are you confident that your website can withstand a hacker attack?  What if I told you that an estimated 37,000 websites are hacked EVERY DAY.  How confident are you now?

Securi, a top internet security service, reported that in the first quarter of 2016, they dealt with 500 website infections a day, 7 days a week.  Out of 11,000 infected sites they dealt with, 78% were Wordpress sites.  

Once a site is hacked, it can be used for all kinds of malicious purposes, such as directing your traffic, stealing customer details, deleting files, changing your login details to lock you out, sending spam emails to millions of people (which will label your domain as spam and remove any chance it has of ranking in Google), you get the idea?

And hackers don't just target large, popular sites.  They'll use computer software to scan millions of websites for vulnerabilities, and then attack the soft targets.  There is no softer target than a newly setup Wordpress website!

There is obviously good reason to be concerned about your website security.  However, I don't want you to think that Wordpress is an insecure platform that should be avoided, it isn't.  Wordpress is actually very secure and if a security hole is found, it is usually plugged very quickly by the Wordpress security team and pushed out to all Wordpress installs - automatically.  The real security issues come from the people running the websites.  They often don't have enough knowledge to make educated decisions about the content they put on their site, the plugins they use or the themes they install.

This course has two aims:  

  1. I want to give you the knowledge you need so that you can understand where the main threats come from.  With that knowledge, you will understand how your administrative actions can affect the security of your website.  This knowledge gives you the power to stop hackers. 
  2. I want to give you a step-by-step solution to make your website as hackerproof as possible.  We'll install a single Wordpress plugin and go through the entire setup process.  Simply watch the tutorials, and follow along on your own site as I secure one of my own.

If you are not very technically minded, don't worry.  This course assumes no technical ability and no programming skills.  

About the Course

The course starts off with an introduction to hacking.  Why hackers hack, and what makes some Wordpress sites more vulnerable to hackers than others.

We'll then go through the main ways that you can harden up your Wordpress installation, and I'll show you how to manually set some of these up on your site.  You can try out some or all of these techniques yourself if you want to, but it is not essential (see lower down). You may just want to sit back and absorb the information so that you have the knowledge you need to make informed decisions on your Wordpress website going forward.

In the second half of the course, we'll install a Wordpress Security Plugin that covers all of the major security weaknesses outlined in the first half of the course, and work our way step-by-step, configuring the plugin to make our site virtually hack-proof.  

By the end of this course, you will have both the knowledge and the skill set to secure a Wordpress website against hackers. 


Who is the target audience?
  • This course is for anyone that runs a Wordpress website.
  • It's for anyone that has a Wordpress website and doesn't want to wake up one day to find the site has been hacked, defaced or deleted.
  • This course is focused on securing Wordpress sites, so is not relevant to anyone running websites on other platforms.
Curriculum For This Course
48 Lectures
02:43:12
+
Introduction
4 Lectures 12:54

This lecture introduces the Wordpress Security course and your instructor. There are a couple of ways you can use this course, and this lecture will cover those.

Preview 03:23

This lecture looks at whether or not Wordpress is a secure platform.  Can you trust Wordpress with your website?

Preview 02:13

Why do hackers hack?  There are a lot of reasons, none of them good.  This lecture looks at a few of the reasons, but also reassures you that your website will be very secure after following this course.

Preview 02:34

There are a lot of common hacks on Wordpress sites.  This lecture introduces a few and also points you to an authority web page if you want more details.

Preview 04:44
+
Security Measures
22 Lectures 01:11:21

Everyone should backup their Wordpress website.  This lecture explains what you need to backup, and offers suggestions for tools that will allow you to do that.

Site Backups
05:23

There are a number of security plugins for Wordpress.  We will install and setup a good one later in this course, but for now, let me just introduce a few of the more popular plugins.

Security Plugins
03:52

Passwords need to be strong and random.  Weak passwords are one of the main ways hackers gain access to a website.  You'd be surprised how many people use the word "password" as their password.

Passwords
05:31

Usernames are another weak area for many Wordpress users.  Pick a username that cannot be guessed.

Wordpress Usernames
01:55

Know the URL that you use for signing into your website.  A simple hacker trick could get your username and password without you realising you've been tricked.

Signing In
01:19

PHP error reporting can give hackers some sensitive information.  You can easily disable this though.

Disable PHP Error Reporting
02:15

The file editor built into the Dashboard is one of the first ports of calls if a hacker gains access to your site.  It's therefore a good idea to disable it.

Disable File Editor
02:38

You need to be careful about code embedded into Wordpress posts or pages.  If you don't trust the code 100%, leave it out.

Content of Posts & Pages
04:40

Wordpress security is only as strong as it's weakest link, and users may be that weak link.  This lecture looks at correctly assigning roles to users, to give them just enough security clearance to perform their job.

New Users
07:32

Inserting any kind of code in your site can open up security holes.  You have to be very careful, and this lecture explains what to look out for.

Widgets & Code
04:41

Plugins can be another source of security holes.  This lecture looks at some common sense measure to ensure your website is secure.

Plugins
03:05

Themes can also provide backdoors to hackers, so make sure you use themes from reputable sources, and that those themes are regularly maintained and updated.

Themes
01:54

Comment Spam
07:35

A good measure to take is to stop someone repeatedly trying to log into your site on the login page.  If a user fails to login a couple of times, they are probably not authorised to access the site, so block them.

Limiting Login Attempts
02:22

You may already be familiar with 2-Factor authentication.  Your Google account may use this, or your online banking.  You can add this layer of security to your Wordpress site if you wish.

2-Factor Authentication
02:12

The login page is the gateway to your Wordpress Dashboard, so protect it!

Protect the Login Page
01:20

A simple security measure you can take is to change the default Wordpress table prefix.  This is typically done when you install Wordpress, but you can change it at a later date as well.

Database Table Prefix
03:23

Wordpress security keys are an extra layer of protection for your site.  If you install Wordpress using a one-click installer, you don't need to do anything as these will be created for you at the time of the installation.

Wordpress Security Keys
02:35

XML-RPC is a programming interface that developers can use to "talk" to Wordpress.  It's also a potential security threat.

XML-RPC
02:22

A good web host can help increase the security of your website.

Web Host
01:39

This is an important configuration file that contains sensitive information about your site.  You may want to protect it.

WP-Config.php
01:45

The files and folders on your server are given permissions, which basically control who can read and write to those files and folders.  There are specific permissions required within your Wordpress installation.

File Permissions
01:23
+
Set Up All In One Security on your Website
21 Lectures 01:04:41

Find and install the plugin in the Wordpress repository.

Installing the Plugin
01:05

Before you begin, we need to backup important Wordpress files.  If anything goes wrong with the configuration of the plugin, you can always use these to restore access to your Dashboard and site.

Backup Important Files
04:58

As you secure your site, you should keep taking backups of important files as mentioned above.  However, it is possible you will get locked out.  This tutorial shows you what to do if that happens.

If You Get Locked Out?
04:02

If you want to just play it safe, you can only enable the security features that are safe to implement and not cause your site problems.  If you are more adventurous, you can try activating all measures.  This lecture explains how to identify the safe from the "adventurous".

Classification of Security Measures
02:08

The Dashboard gives you a birds eye view of your security setup on the site.   Check out how secure your website is.

Dashboard
05:44

The settings screen gives you quick access to a couple of useful tools.  We've already used two of the tools to backup files, but let's see what else is here.

Settings
04:04

Your username, display name and password settings are accessible from this screen.  Do you need to change them?  Are they secure enough?

User Accounts
03:27

Stop brute force attempts by locking out users that consistently try to login, but fail.

User Login
04:41

If you allow people to register on your site, then these settings need to be selected as well.

User Registration
01:02

Remember we talked about the table prefix and how Wordpress liked to use a default of wp_ ??  This lecture shows you how you can change your prefix if you need to, or just want to.  Don't forget to backup the database first (instructions included in this video).

Database Security
02:05

Files and folders need the correct permissions set, to keep them secure.  This lecture shows you how to make sure everything is correct, and also how to disable the PHP editor if you didn't do that earlier in the course.

Filesystem Security
04:31

Check out details of people trying to access your site.

WHOIS Lookup
01:30

Blacklist IPs so that they cannot access your website.

Blacklist Manager
04:15

Setup a firewall on your Wordpress website, to add an extra layer of security.

Firewall
07:45

The plugin has some great tools to help prevent brute force attacks.  This lecture shows you how to set these up.

Brute Force
05:13

This section of the plugin helps to deal with spam comments by adding a math captcha to the comment form.  It's not the greatest spam eliminator, but it is quick to implement and will help a little. A more useful feature is the auto-blocking of repeat spam commenters.

Spam Prevention
02:18

One way of detecting whether your site has been hacked is to monitor the Wordpress files on your server and compare them to the original Wordpress files from Wordpress.org.  This is a built in feature of the plugin.

Scanner
02:08

If you need to, you can block all access to your site front end while you do maintenance.  This lecture shows you how to do this.

Maintenance
01:09

A final few security measures for your website, and you are done.  What is your final security score?

Miscellaneous
02:11

What is your Security Strength after completing the security settings?

Homework
00:22

I have created a Checklist for you to follow as you secure your Wordpress websites.  I've made it available as a PDF file which you can download as the resource for this lecture.

Wordpress Security Checklist
00:03
+
Resources
1 Lecture 14:16

If you are new to Udemy, please watch this lecture that shows you around the Udemy interface, and how to get the most out of your Udemy experience as you take this, and other, courses.

Preview 14:16
About the Instructor
Andrew Williams
4.5 Average rating
4,335 Reviews
32,151 Students
23 Courses
Wordpress & SEO Expert, teacher and author

I have written and published a number of books that are available on Amazon, including best selling books on Wordpress ("Wordpress for Beginners 2017") and search engine optimization ("SEO 2017 & Beyond").  I also run a website called ezSEONews, where I teach my visitors and newsletter subscribers a number of skills required for running a successful website.

As an ex-schoolteacher, I hope I can make complicated topics simple to understand. I certainly enjoy trying!