Finally, clear advice about making sure your WordPress site doesn't get hacked!

You know WordPress security is important 🔐

You heard someone say they had a site hacked at your local WordPress meetup

Now you can know it won't happen to you 😎

The internet gives so much advice on security, and so much of it is inaccurate, conflicting, or trivial.

Rarely does someone explain clearly and concisely why these concepts are (or in many cases aren’t) relevant to WordPress. Instead:

  • People give conflicting advice---some make you think it's crucial you remove the login page, others tell you it's irrelevant---with no one to help sort truth from fiction.
  • Lots of advice comes from people with something to sell: just buy the author's off-the-shelf security product and you'll be "set" for security. But which product is right, what does it actually do to protect you, and is it really sufficient?
  • Many security concepts are locked behind difficult-to-understand technical terms: “SQL injection,” “XSS,” “CSRF”---all bad, but what are they?

What you really need are straight answers to your questions and concerns.

What you need is someone to explain WordPress security to you in a comprehensive and plain way. Without all the hype and mumbo-jumbo, and without any motive to sell you a particular plugin or hosting.

That’s why we created WordPress Security with Confidence: a WordPress security course that equips you with the confidence to know you’re always making the right choices about your WordPress websites.

Already convinced? Get the WordPress Security With Confidence Course

WordPress Security for Site-Owners: Everything You Need to Secure Your WordPress Site(s)

For website owners, we’ve created a package that contains all the explanation you need about maintaining and building secure WordPress websites, without needing to touch any PHP.

WordPress Security With Confidence

You’ll learn quickly, with a carefully crafted video curriculum covering all the security information you need to know---and nothing you don’t.

Take the course at your own pace, and enjoy 45+ easy-to-follow video tutorials, diving into 9 focused chapters. The course breaks down complex security topics into approachable and digestible lessons.

You’ve been waiting for the opportunity to feel confident about WordPress security. Now it’s time to gain that confidence. 💪

Everything you need to know about WordPress security: clear, compact and organized

We’ve designed WordPress Security with Confidence to be your essential companion. We won’t waste your time---instead we explain the detail you need in clear, jargon-free language.

Once you’ve completed the course, you'll understand exactly which parts of WordPress security you've been doing correctly all along, and you'll be able to confidently put the rest right.

The course starts with general security principles, and advances to very specific actionable steps Everything’s easy to find and with zero bloat, so you’ll learn fast.

Meet your expert WordPress security tutor

Hi, I'm David Hayes, an expert WordPress developer and teacher. I'll teach you all about WordPress security.

I'm the co-editor of the leading WordPress development blog WPShout, where I've written hundreds of articles on WordPress development, and in 2015 co-wrote the critically acclaimed "learn WordPress development" course Up and Running.

As a professional WordPress developer for the last decade, and the last five years spent working on WordPress websites---from small to enterprise---at boutique web agency Press Up Inc, I’m experienced dealing with WordPress Security issues at all scales.

I have both the depth of knowledge, and accessible teaching style needed to ensure you learn WordPress Security, with Confidence.

The WordPress security course you’ve been waiting for...

WordPress Security for Site-Owners is the course you wish you always had.

Ready to get going? Learn WordPress Security today.

Get confident about WordPress security now!

Choose the security course edition suited to your needs

Whether you’re a site-owner or a developer, we have you covered.

We’ve created two editions of the WordPress Security with Confidence course to perfectly suit your needs.

Here’s what you’ll find in the Site-Owner and Developer editions:

Site-Owner Edition

The Site-Owner Edition is for anyone who manages a WordPress site and wants to be confident about its security, without getting into code. This is for WordPress users, power-users, “implementers”, and anyone working with WordPress but not working with code.

Featuring 60 video tutorials broken into 9 sections, you’ll understand the most common risks, vulnerabilities, and attacks a WordPress site faces, and how to secure against them. This is the perfect solution if you want to take WordPress security seriously.

You'll also enjoy a selection of five highly practical interviews with world-leading experts including Tony Perez (Sucuri), Chris Wiegman (original author, iThemes Security), and Michele Butcher-Jones (WP Rocket).

Get The Site-Owner Edition

Developer Edition

The Developer Edition is for anyone who works with code, and needs confidence in its security. This is for developers working on small client projects, all the way through to enterprise. You’ll also get access to everything in the Site-Owner Edition.

90+ video tutorials broken into 17 chapters give you all the information you need to confidently secure code (whether yours or third party's), understand and protect against common WordPress attacks and vulnerabilities, and audit a WordPress site of any size.

You’ll also enjoy nine interviews with some of the leading experts in the WordPress security field, including Aaron D. Campbell (WordPress Security Team Lead), Hristo Pandjarov (SiteGround), Julio Potier (SecuPress) – plus all the interviews in the the Site-Owner Edition.


Get The Developer Edition

What other people say about David's teaching 👏

Here's what past students, readers, and peers have said about David's WordPress tutorials.

Joe Howard for Security Course

Before I went through WordPress Security with Confidence, I hadn’t seen a truly comprehensive security course for WordPress professionals who need to provide premium security for their clients.

I went from knowing a lot about different areas of WordPress security to having a comprehensive understanding of how to implement security across the entire WordPress ecosystem for any website.

If WordPress security is part of your job, investing in this course is a no-brainer!

Joe Howard
Head Buff at WP Buffs

Josh Pollock (Security)

David is one of the best WordPress tutors, and it’s a real treat to see him tackle the complex world of WordPress security.

For the cost of one year of a premium WordPress security plugin, WordPress Security With Confidence gives you all the knowledge you need to confidently deal with security, forever. I’ve enjoyed David’s writing on WordPress for years, and this new course is no exception.

Josh Pollock
WordPress developer, and co-founder Caldera Forms

Aileen Forbes (Security)

The WordPress Security with Confidence course has been extremely helpful for me! It covers so many things that I half-knew, but which I understand completely after taking the course. I now know exactly where and how to approach tightening up security in my plugins and functions.

Aileen Forbes

Ready to join our list of happy customers?

Get the course!

What will I learn in WordPress Security for Site-Owners??

The course is built around a carefully crafted curriculum covering everything you need for WordPress Security with Confidence. With over 17 modules and 90+ individual videos (10 hour runtime), you’ll learn how to think about WordPress security, how to actually secure WordPress, and in the Developer Edition, how to secure and audit code (whether yours, a colleague’s, or a plugin’s). The Developer Edition features the full 17 modules, while the Site-Owner Edition features the first nine modules. Here’s a breakdown of all of the content:

Module 1: Developing a Security Mindset

  • What WordPress security is (4 mins)
  • Layered Security (4 mins)
  • Threat Model (4 mins)

Module 2: Common WordPress Security Myths

  • WordPress Security Myths (21 mins)

Module 3: Personal Security Hygiene

  • Introduction to Personal Security Hygiene (1 min)
  • Secure Passwords (8 mins)
  • Updates (3 mins)
  • Network Security (5 mins)
  • Sharing Data (3 mins)
  • Viruses (4 mins)

Module 4: Site Owner Security Concepts

  • Security Concepts Introduction (1 min)
  • What is WordPress, as it relates to security (4 mins)
  • Infection Types (6 mins)
  • Why Update (6 mins)
  • Good Passwords (5 mins)
  • Principle of Least Privilege (5 mins)
  • Distributed Denial of Service Attacks (4 mins)
  • CAPTCHAs (5 mins)
  • HTTPS (3 mins)
  • Social Engineering (3 mins)
  • Web Application Firewalls (4 mins)
  • Malware Scans (3 mins)
  • Audit Logs (3 mins)
  • Monitoring (2 mins)
  • Security by Obscurity (3 mins)

Module 5: Hardening WordPress: Practical Steps

  • Introduction to “Hardening” (1 min)
  • Disallow File Edit in Admin Area (3 mins)
  • Remove Unused Plugins and Themes (3 mins)
  • Prevent Directory Listings with Blank Indexes (3 mins)
  • Force Admin SSL (3 mins)
  • Lockdown wp-config (4 mins)
  • Remove Readme (4 mins)
  • Set/Verify/Change Salts (3 mins)
  • Block PHP execution in Uploads (Apache) (3 mins)
  • WP-Includes Web-Block (2 mins)
  • Database Passwords (2 mins)
  • Not Plugins and Firewalls (1 min)
  • Change Database Prefix (3 mins)
  • Good Passwords (4 mins)
  • Reputation Monitoring (1 min)
  • Use SFTP (2 mins)
  • Backups (3 mins)
  • Choosing Plugins (4 mins)
  • File Permission (5 mins)
  • No Random Registration (2 mins)
  • (Not) Infrastructure Security (1 min)
  • Turning Off Comments (2 mins)

Module 6: Comparison of WordPress Security Plugins & Services

  • Comparison of WordFence, Sucuri, SiteLock, iThemes, SecuPress, All in One Security, and many more (7 mins)
  • Runthroughs of what it's like to use 11 different security products (11 videos)

Module 7: Collaborating (with Clients)

  • Introduction to Secure Collaboration (2 mins)
  • Sharing Secrets (8 mins)
  • Talking about Security (with clients) (9 mins)
  • Security After Launch (6 mins)

Module 8: Server Security (and what’s beyond)

  • Server Security – Don’t Built Your Own LAMP (8 mins)
  • How To Pick a WordPress Host (10 mins)

Module 9: Site-Owner Security Interviews

  • Tony Perez (Sucuri)
  • Chris Wiegman (iThemes Security)
  • Michele Butcher-Jones (WP Rocket)
  • Meher Bala (freelancer)
  • Joe Howard (WP Buffs)

Learn from the security experts

WordPress Security with Confidence offers the incredible opportunity to get highly practical security advice directly from the experts.

Watch video interviews with leading WordPress Security experts, including the lead of the WordPress Security Team Aaron Campbell, Sucuri CEO Tony Perez, and original author of iThemes Security Chris Wiegman.

Each of the nine interviews runs for roughly half an hour, and all are packed with valuable security insights. You can hear how the very best people in the business think, and deal with WordPress security – and then how to apply their practices.

The Developer Edition features all of these interviews, covering both user security and approaches for developers, and the Site-Owner Edition features a selection focussed on practical user security.

Meet the WordPress security experts:

Aaron Campbell,
WP Security Lead
Chris Wiegman,
Creator of iThemes Security
Michele Butcher-Jones,
Expert Hack Remediator
Hristo Pandjaron,
WordPress Lead at SiteGround
Adam Warner,
WordPress Evangelist at SiteLock
Tony Perez,
CEO of Sucuri
Meher Bala,
WordPress Freelancer
Ben Gillbanks,
Theme Author
Joe Howard,
CEO of WP Buffs
Julio Potier,
Founder of SecuPress

Choose Your WordPress Security with Confidence Plan

WordPress Security with Confidence for Site-Owners
🚀 Learn everything you need to know to make a WordPress site secure, without touching the code.
🔐 Access 9 chapters, and 60+ in-depth video tutorials; learn at your own pace
🗣 With six of the expert security interviews.
WordPress Security with Confidence for Developers
👏 The complete package, for developers. Get everything in the Site-Owner Edition, plus...
🖥 You get 8 modules about auditing, authoring, and fixing the security of WordPress PHP code.
📹 That's all 17 modules, and all 90+ video tutorials; learn the full course at your own pace.
30-day money-back guarantee. We're highly confident you'll love WordPress Security with Confidence, and find it an incredibly valuable and worthwhile course. If, however, you’re not delighted with your purchase, email us within 30 days and we’ll happily issue a full refund, no questions asked.


Will I always have access to the WordPress Security for Site-Owners course?

Yes! You’ll always have access to the course, and can take the lessons at your own pace. There’s no expiry date, time limit, or deadline; you can re-take individual lessons as many times as you like, whenever you like.

I’m busy. What if I can’t keep up with the course?

You’ll get a login to our beautiful course-management website, and from there can watch individual lessons – at your own pace. If you want to retake any material, it’s always available for you to retake as and when you need.

Is this course suitable for me?

If you want to have the confidence to deal with WordPress security, this is the right course for you.

WordPress Security for Site-Owners is for WordPress users, power-users, “implementers”, and anyone managing WordPress sites who is not writing their own code. You’ll learn everything you need to know to make a WordPress site secure, without touching the code. Plus, for roughly the price of one year of any premium WordPress security plugin, you will learn everything you need to know, forever.

We want everyone who buys the course to be delighted with their purchase, so do get in touch with us if you’re not sure which version is for you. Furthermore, if you do purchase and decide this isn’t quite the course for you, that’s totally fine! You can just let us know, and we’ll happily give you a full refund.

How does the course website work?

You’ll get to take the course in a purpose built, beautifully responsive website dedicated to making sure you get the most out of WordPress Security with Confidence.

Each chapter is available with its videos, and you can mark each as complete in order to feel progress as you move through the course. You can access the course on any device with a browser, anywhere you have an internet connection – so whether you learn best on desktop, tablet, or mobile, you can get the learning style which matches what works best for you.

Who made this excellent WordPress security course?

Great question! Hi! I’m David Hayes, the author of this excellent course. I’m co-founder of boutique web consultancy Press Up, co-author of WPShout, and co-author of the critically acclaimed WordPress development course Up and Running. I’m a WordPress security expert, lead all of the course’s content, and will be your personal guide through your WordPress development journey.

I’m supported by Fred Meyer and Alex Denning; Fred is my business partner at Press Up, and Alex originally founded WPShout in 2009. Both have a wealth of experience teaching WordPress, and are here to make sure you have the best possible experience.

Do you do bulk or team discounts?

Yes! We’ll happily offer a discount for purchases of five or more. Please contact us for details.

Any other questions?

Get in touch! If you have any queries at all about the course, drop us an email and we’ll happily get back to you. You can email us here.

Get the WordPress Security with Confidence course!