The authority on WordPress security you've been waiting for.

You know it’s important to secure your WordPress site 🔐

But you don’t feel confident you’re doing it right 😨


There are so many different concepts related to security online.

Mostly we just let them wash over us from time to time, making us feel uneasy.

Rarely does someone explain clearly and concisely why these concepts are (or in many cases aren’t) relevant to WordPress.

  • People give conflicting advice—some make you think it’s crucial you remove the login page, others tell you it’s irrelevant—and no one helps you understand what any of it means.
  • Security plugin vendors tell you you’ll just need to get the right security plugin and you’ll be set. But it’s not clear to you what the right security plugin is, or why you need one at all. And it’s not really clear what any of them do to protect you anyway.
  • If you’re a developer, you have some vague notion that “SQL injection” is bad, but you’re not sure if you’re doing that or not. Or really what it even means. Or maybe you understand that part, but XSS, CSRF, and other acronyms dance lightly in your mind.

What you really need are straight answers to your concerns.

What you need is someone to explain WordPress security to you in a comprehensive and plain way. Without all the hype and mumbo-jumbo, and without any motive to sell you a particular plugin or hosting.

That’s why we created WordPress Security with Confidence: a WordPress security course that equips you with the confidence to know you’re always making the right choices about your WordPress websites.

Get the WordPress Security With Confidence Course

WordPress Security with Confidence: a comprehensive security course for website owners and developers


For website owners, we’ve created a package that contains all the explanation you need about maintaining and building secure WordPress websites, without needing to touch any PHP.

For developers, you get all that information, plus we add tons of detail about CSRF, XSS, OWASP, 2FA (and other security acronyms!), along with what they all mean for your WordPress site.

WordPress Security With Confidence

You’ll learn quickly, with a carefully crafted video curriculum covering all the security information you need to know – and nothing you don’t.

Take the course at your own pace, and enjoy 90+ easy-to-follow video tutorials, diving into 17 focused chapters. The course breaks down complex security topics into approachable and digestible lessons.

You’ve been waiting for the opportunity to feel confident about WordPress security. Now it’s time to gain that confidence 🙂

Check out the Security course outline

Everything you need to know about WordPress security: clear, compact and organized

We’ve designed WordPress Security with Confidence to be your essential companion. We won’t waste your time – instead we explain the detail you need in clear, jargon-free language.

Once you’ve completed the course, hopefully you’ll discover you’ve had your WordPress security under control all along! But, if that isn’t the case, don’t worry. If it turns out you’ve overlooked some (or many!) areas, WordPress Security with Confidence equips you with the knowledge you need to confidently put things right.

The course starts with general security principles, and advances to very specific actionable steps.

Everything’s easy to find and with zero bloat, so you’ll learn fast.

Meet your expert WordPress security tutor

Hi, I’m David Hayes, an expert WordPress developer and teacher. I’ll teach you all about WordPress security.

I’m the co-editor of the leading WordPress development blog WPShout, where I’ve written hundreds of articles on WordPress development, and in 2015 co-wrote the critically acclaimed “learn WordPress development” course Up and Running.

As a professional WordPress developer for the last decade, and the last five years spent working on WordPress websites – from small to enterprise – at boutique web agency Press Up Inc, I’m experienced dealing with WordPress Security issues at all scales.

I have both the depth of knowledge, and accessible teaching style needed to ensure you learn WordPress Security, with Confidence.

The WordPress security course you’ve been waiting for…

WordPress Security with Confidence is the course you wish you always had.

Ready to get going? Learn WordPress Security today.

Get confident about WordPress security now!

Choose the security course edition suited to your needs

Whether you’re a site-owner or a developer, we have you covered.

We’ve created two editions of the WordPress Security with Confidence course to perfectly suit your needs.

Here’s what you’ll find in the Site-Owner and Developer editions:

Site-Owner Edition

The Site-Owner Edition is for anyone who manages a WordPress site and wants to be confident about its security, without getting into code. This is for WordPress users, power-users, “implementers”, and anyone working with WordPress but not working with code.

Featuring 60 video tutorials broken into 9 sections, you’ll understand the most common risks, vulnerabilities, and attacks a WordPress site faces, and how to secure against them. This is the perfect solution if you want to take WordPress security seriously.

You’ll also enjoy a selection of five highly practical interviews with world-leading experts including Tony Perez (Sucuri), Chris Wiegman (original author, iThemes Security), and Michele Butcher-Jones (WP Rocket).

Get The Site-Owner Edition

Developer Edition

The Developer Edition is for anyone who works with code, and needs confidence in its security. This is for developers working on small client projects, all the way through to enterprise. You’ll also get access to everything in the Site-Owner Edition.

90+ video tutorials broken into 17 chapters give you all the information you need to confidently secure code (whether yours or third party’s), understand and protect against common WordPress attacks and vulnerabilities, and audit a WordPress site of any size.

You’ll also enjoy nine interviews with some of the leading experts in the WordPress security field, including Aaron D. Campbell (WordPress Security Team Lead), Hristo Pandjarov (SiteGround), Julio Potier (SecuPress) – plus all the interviews in the the Site-Owner Edition.


Get The Developer Edition

What other people say about David’s teaching 👏

Here’s what past students, readers, and peers have said about David’s WordPress tutorials.

Before I went through WordPress Security with Confidence, I hadn’t seen a truly comprehensive security course for WordPress professionals who need to provide premium security for their clients.

I went from knowing a lot about different areas of WordPress security to having a comprehensive understanding of how to implement security across the entire WordPress ecosystem for any website.

If WordPress security is part of your job, investing in this course is a no-brainer!

Joe Howard
Head Buff at WP Buffs

David is one of the best WordPress tutors, and it’s a real treat to see him tackle the complex world of WordPress security.

For the cost of one year of a premium WordPress security plugin, WordPress Security With Confidence gives you all the knowledge you need to confidently deal with security, forever. I’ve enjoyed David’s writing on WordPress for years, and this new course is no exception.

Josh Pollock
WordPress developer, and co-founder Caldera Forms

WPShout is a consistent resource to the WordPress development community.

Whether or not you’re someone who’s just starting out, someone who’s looking for references to other articles, or looking for solid material to help you grow in your skillset, both Fred and David do an excellent job of always providing for the readers.

Tom McFarlin
WordPress developer, and founder of Pressware

I love the detailed tutorials on WPShout. I can’t tell you how many times I’ve Googled a question and WPShout has the answer I need. There’s something for developers of all levels on their site – do yourself a favor and bookmark it!

Carrie Dils
WordPress developer, and entrepreneur

Ready to join our list of happy customers?

Get the course!

What will I learn in WordPress Security with Confidence?

The course is built around a carefully crafted curriculum covering everything you need for WordPress Security with Confidence.

With over 17 modules and 90+ individual videos (10 hour runtime), you’ll learn how to think about WordPress security, how to actually secure WordPress, and in the Developer Edition, how to secure and audit code (whether yours, a colleague’s, or a plugin’s).

The Developer Edition features the full 17 modules, while the Site-Owner Edition features the first nine modules.

Here’s a breakdown of all of the content:

Module 1: Developing a Security Mindset Site-Owner 🖥Developer 🔐

  • What WordPress security is (4 mins)
  • Layered Security (4 mins)
  • Threat Model (4 mins)

Module 2: Common WordPress Security Myths Site-Owner 🖥Developer 🔐

  • WordPress Security Myths (21 mins)

Module 3: Personal Security Hygiene Site-Owner 🖥Developer 🔐

  • Introduction to Personal Security Hygiene (1 min)
  • Secure Passwords (8 mins)
  • Updates (3 mins)
  • Network Security (5 mins)
  • Sharing Data (3 mins)
  • Viruses (4 mins)

Module 4: Site Owner Security Concepts Site-Owner 🖥Developer 🔐

  • Security Concepts Introduction (1 min)
  • What is WordPress, as it relates to security (4 mins)
  • Infection Types (6 mins)
  • Why Update (6 mins)
  • Good Passwords (5 mins)
  • Principle of Least Privilege (5 mins)
  • Distributed Denial of Service Attacks (4 mins)
  • CAPTCHAs (5 mins)
  • HTTPS (3 mins)
  • Social Engineering (3 mins)
  • Web Application Firewalls (4 mins)
  • Malware Scans (3 mins)
  • Audit Logs (3 mins)
  • Monitoring (2 mins)
  • Security by Obscurity (3 mins)

Module 5: Hardening WordPress: Practical Steps Site-Owner 🖥Developer 🔐

  • Introduction to “Hardening” (1 min)
  • Disallow File Edit in Admin Area (3 mins)
  • Remove Unused Plugins and Themes (3 mins)
  • Prevent Directory Listings with Blank Indexes (3 mins)
  • Force Admin SSL (3 mins)
  • Lockdown wp-config (4 mins)
  • Remove Readme (4 mins)
  • Set/Verify/Change Salts (3 mins)
  • Block PHP execution in Uploads (Apache) (3 mins)
  • WP-Includes Web-Block (2 mins)
  • Database Passwords (2 mins)
  • Not Plugins and Firewalls (1 min)
  • Change Database Prefix (3 mins)
  • Good Passwords (4 mins)
  • Reputation Monitoring (1 min)
  • Use SFTP (2 mins)
  • Backups (3 mins)
  • Choosing Plugins (4 mins)
  • File Permission (5 mins)
  • No Random Registration (2 mins)
  • (Not) Infrastructure Security (1 min)
  • Turning Off Comments (2 mins)

Module 6: Comparison of WordPress Security Plugins & Services Site-Owner 🖥Developer 🔐

  • Comparison of WordFence, Sucuri, SiteLock, iThemes, SecuPress, All in One Security, and many more (7 mins)
  • Runthroughs of what it’s like to use 11 different security products (11 videos)

Module 7: Collaborating (with Clients) Site-Owner 🖥Developer 🔐

  • Introduction to Secure Collaboration (2 mins)
  • Sharing Secrets (8 mins)
  • Talking about Security (with clients) (9 mins)
  • Security After Launch (6 mins)

Module 8: Server Security (and what’s beyond) Site-Owner 🖥Developer 🔐

  • Server Security – Don’t Built Your Own LAMP (8 mins)
  • How To Pick a WordPress Host (10 mins)

Module 9: Site-Owner Security Interviews Site-Owner 🖥Developer 🔐

  • Tony Perez (Sucuri)
  • Chris Wiegman (iThemes Security)
  • Michele Butcher-Jones (WP Rocket)
  • Meher Bala (freelancer)
  • Joe Howard (WP Buffs)


Module 10: Development Basics –– CSRF, XSS, SQLi Developer 🔐

  • SQLi (5 mins)
  • XSS (7 mins)
  • File inclusion (5 mins)
  • User capability (4 mins)
  • Cross-site request forgery (4 mins)
  • Dev basics (7 mins)

Module 11: Examples & Data of WordPress Vulnerabilities Developer 🔐

  • Survey of Disclosed Vulnerabilities in WordPress (20 mins)

Module 12: Open Web Application Security Project’s Top 10 Developer 🔐

  • Introduction (2 mins)
  • Injection (6 mins)
  • Broken Authentication/Session Management (4 mins)
  • Cross-Site Scripting (XSS) (6 mins)
  • Insecure Direct Object References (3 mins)
  • Security Misconfiguration (5 mins)
  • Sensitive Data Exposure (4 mins)
  • Missing Access Control (3 mins)
  • Cross-Site Request Forgery (3 mins)
  • Using Components With Known Vulnerabilities (3 mins)
  • Unvalidated Redirects and Forwards (2 mins)
  • Updating the top 10 list for 2017 (6 mins)

Module 13: Attacking WordPress Vulnerabilities Developer 🔐

  • Brute Force Attacks (9 mins)
  • Exploiting an SQL Injection Vulnerability (9 mins)
  • Cross-Site Scripting (XSS) (5 mins)
  • Local File Inclusion (7 mins)

Module 14: Code Audit Checklist Developer 🔐

  • WordPress Code Audit Checklist (7 mins)
  • PLUS: A custom checklist to give you the confidence in WordPress code’s security

Module 15: Securing An Intentionally Vulnerable Plugin Developer 🔐

  • Introduction to an Intentionally Vulnerable Plugin (1 min)
  • Setting Up a Vulnerable Plugin (2 mins)
  • SQLi (10 mins)
  • Cross-Site Scripting (16 mins)
  • Cross-Site Request Forgeries and Nonces (4 mins)
  • User Capabilities (6 mins)
  • Redirects (3 mins)
  • Review (6 mins)

Module 16: Writing New Code Securely (how to make a new plugin, securely) Developer 🔐

  • Introduction (3 mins)
  • Plugin header and enqueue (4 mins)
  • Start on JS (3 mins)
  • Basic AJAX (4 mins)
  • Saving and XSS protection (8 mins)
  • CSRF and user cap (7 mins)
  • Conclusion (2 mins)

Module 17: Developer Security Interviews Developer 🔐

  • Aaron Campbell (WordPress Security Team)
  • Ben Gillbanks (Pro Theme Design, TimThumb)
  • Hristo Pandjarov (SiteGround)
  • Julio Potier (SecuPress)

See Pricing!

Learn from the security experts

WordPress Security with Confidence offers the incredible opportunity to get highly practical security advice directly from the experts.

Watch video interviews with leading WordPress Security experts, including the lead of the WordPress Security Team Aaron Campbell, Sucuri CEO Tony Perez, and original author of iThemes Security Chris Wiegman.

Each of the nine interviews runs for roughly half an hour, and all are packed with valuable security insights. You can hear how the very best people in the business think, and deal with WordPress security – and then how to apply their practices.

The Developer Edition features all of these interviews, covering both user security and approaches for developers, and the Site-Owner Edition features a selection focussed on practical user security.

Meet the WordPress security experts:

Aaron Campbell,
WP Security Lead
Chris Wiegman,
Creator of iThemes Security
Michele Butcher-Jones,
Expert Hack Remediator
Hristo Pandjaron,
WordPress Lead at SiteGround
Adam Warner,
WordPress Evangelist at SiteLock
Tony Perez,
CEO of Sucuri
Meher Bala,
WordPress Freelancer
Ben Gillbanks,
Theme Author
Joe Howard,
CEO of WP Buffs
Julio Potier,
Founder of SecuPress

Choose Your WordPress Security with Confidence Plan

WordPress Security with Confidence for Site-Owners
🚀 Learn everything you need to know to make a WordPress site secure, without touching the code.
🔐 Access 9 chapters, and 60+ in-depth video tutorials; learn at your own pace
🗣 With six of the expert security interviews.
WordPress Security with Confidence for Developers
👏 The complete package, for developers. Get everything in the Site-Owner Edition, plus...
🖥 You get 8 modules about auditing, authoring, and fixing the security of WordPress PHP code.
📹 That's all 17 modules, and all 90+ video tutorials; learn the full course at your own pace.


30-day money-back guarantee. We’re highly confident you’ll love WordPress Security with Confidence, and find it an incredibly valuable and worthwhile course.

If, however, you’re not delighted with your purchase, email us within 30 days and we’ll happily issue a full refund, no questions asked.




Can I upgrade to the Developer Plan later if I buy the Site-Owner Plan now?

Of course! We want you to be delighted with your purchase, and if you want to learn even more about WordPress security, we’ll be happy to have you upgrade by paying the difference between the two tiers.

Will I always have access to the WordPress Security with Confidence course?

Yes! You’ll always have access to the course, and can take the lessons at your own pace. There’s no expiry date, time limit, or deadline; you can re-take individual lessons as many times as you like, whenever you like.

I’m busy. What if I can’t keep up with the course?

You’ll get a login to our beautiful course-management website, and from there can watch individual lessons – at your own pace. If you want to retake any material, it’s always available for you to retake as and when you need.

Is this course suitable for me?

If you want to have the confidence to deal with WordPress security, this is the right course for you. The Developer and Site-Owner editions offer something suitable for all skill levels:

  • The Site-Owner Edition is for WordPress users, power-users, “implementers”, and anyone managing WordPress sites who is not writing their own code. You’ll learn everything you need to know to make a WordPress site secure, without touching the code. Plus, for roughly the price of one year of any premium WordPress security plugin, you will learn everything you need to know, forever.
  • The Developer Edition includes everything in the Site-Owner Edition, plus what you need to know about keeping WordPress secure if you are writing your own code.

We want everyone who buys the course to be delighted with their purchase, so do get in touch with us if you’re not sure which version is for you. Furthermore, if you do purchase and decide this isn’t quite the course for you, that’s totally fine! You can just let us know, and we’ll happily give you a full refund.

How does the course website work?

You’ll get to take the course in a purpose built, beautifully responsive website dedicated to making sure you get the most out of WordPress Security with Confidence.

Each chapter is available with its videos, and you can mark each as complete in order to feel progress as you move through the course. You can access the course on any device with a browser, anywhere you have an internet connection – so whether you learn best on desktop, tablet, or mobile, you can get the learning style which matches what works best for you.

Who made this excellent WordPress security course?

Great question! Hi! I’m David Hayes, the author of this excellent course. I’m co-founder of boutique web consultancy Press Up, co-author of WPShout, and co-author of the critically acclaimed WordPress development course Up and Running. I’m a WordPress security expert, lead all of the course’s content, and will be your personal guide through your WordPress development journey.

I’m supported by Fred Meyer and Alex Denning; Fred is my business partner at Press Up, and Alex originally founded WPShout in 2009. Both have a wealth of experience teaching WordPress, and are here to make sure you have the best possible experience.

Do you do bulk or team discounts?

Yes! We’ll happily offer a discount for purchases of five or more. Please contact us for details.

Any other questions?

Get in touch! If you have any queries at all about the course, drop us an email and we’ll happily get back to you. You can email us here.

Get the WordPress Security with Confidence course!