You know WordPress security is important 🔐
You heard someone say they had a site hacked at your local WordPress meetup
Now you can know it won't happen to you 😎
The internet gives so much advice on security, and so much of it is inaccurate, conflicting, or trivial.
Rarely does someone explain clearly and concisely why these concepts are (or in many cases aren’t) relevant to WordPress. Instead:
- People give conflicting advice---some make you think it's crucial you remove the login page, others tell you it's irrelevant---with no one to help sort truth from fiction.
- Lots of advice comes from people with something to sell: just buy the author's off-the-shelf security product and you'll be "set" for security. But which product is right, what does it actually do to protect you, and is it really sufficient?
- Many security concepts are locked behind difficult-to-understand technical terms: “SQL injection,” “XSS,” “CSRF”---all bad, but what are they?
What you really need are straight answers to your questions and concerns.
What you need is someone to explain WordPress security to you in a comprehensive and plain way. Without all the hype and mumbo-jumbo, and without any motive to sell you a particular plugin or hosting.
That’s why we created WordPress Security with Confidence: a WordPress security course that equips you with the confidence to know you’re always making the right choices about your WordPress websites.
Already convinced? Get the WordPress Security With Confidence Course
WordPress Security for Site-Owners: Everything You Need to Secure Your WordPress Site(s)
For website owners, we’ve created a package that contains all the explanation you need about maintaining and building secure WordPress websites, without needing to touch any PHP.
You’ll learn quickly, with a carefully crafted video curriculum covering all the security information you need to know---and nothing you don’t.
Take the course at your own pace, and enjoy 45+ easy-to-follow video tutorials, diving into 9 focused chapters. The course breaks down complex security topics into approachable and digestible lessons.
You’ve been waiting for the opportunity to feel confident about WordPress security. Now it’s time to gain that confidence. 💪
Everything you need to know about WordPress security: clear, compact and organized
We’ve designed WordPress Security with Confidence to be your essential companion. We won’t waste your time---instead we explain the detail you need in clear, jargon-free language.
Once you’ve completed the course, you'll understand exactly which parts of WordPress security you've been doing correctly all along, and you'll be able to confidently put the rest right.
The course starts with general security principles, and advances to very specific actionable steps Everything’s easy to find and with zero bloat, so you’ll learn fast.
Meet your expert WordPress security tutor
Hi, I'm David Hayes, an expert WordPress developer and teacher. I'll teach you all about WordPress security.
I'm the co-editor of the leading WordPress development blog WPShout, where I've written hundreds of articles on WordPress development, and in 2015 co-wrote the critically acclaimed "learn WordPress development" course Up and Running.
As a professional WordPress developer for the last decade, and the last five years spent working on WordPress websites---from small to enterprise---at boutique web agency Press Up Inc, I’m experienced dealing with WordPress Security issues at all scales.
I have both the depth of knowledge, and accessible teaching style needed to ensure you learn WordPress Security, with Confidence.
The WordPress security course you’ve been waiting for...
WordPress Security for Site-Owners is the course you wish you always had.
Ready to get going? Learn WordPress Security today.
Choose the security course edition suited to your needs
Whether you’re a site-owner or a developer, we have you covered.
We’ve created two editions of the WordPress Security with Confidence course to perfectly suit your needs.
Here’s what you’ll find in the Site-Owner and Developer editions:
The Site-Owner Edition is for anyone who manages a WordPress site and wants to be confident about its security, without getting into code. This is for WordPress users, power-users, “implementers”, and anyone working with WordPress but not working with code.
Featuring 60 video tutorials broken into 9 sections, you’ll understand the most common risks, vulnerabilities, and attacks a WordPress site faces, and how to secure against them. This is the perfect solution if you want to take WordPress security seriously.
You'll also enjoy a selection of five highly practical interviews with world-leading experts including Tony Perez (Sucuri), Chris Wiegman (original author, iThemes Security), and Michele Butcher-Jones (WP Rocket).
The Developer Edition is for anyone who works with code, and needs confidence in its security. This is for developers working on small client projects, all the way through to enterprise. You’ll also get access to everything in the Site-Owner Edition.
90+ video tutorials broken into 17 chapters give you all the information you need to confidently secure code (whether yours or third party's), understand and protect against common WordPress attacks and vulnerabilities, and audit a WordPress site of any size.
You’ll also enjoy nine interviews with some of the leading experts in the WordPress security field, including Aaron D. Campbell (WordPress Security Team Lead), Hristo Pandjarov (SiteGround), Julio Potier (SecuPress) – plus all the interviews in the the Site-Owner Edition.
What other people say about David's teaching 👏
Here's what past students, readers, and peers have said about David's WordPress tutorials.
Joe Howard for Security Course
Before I went through WordPress Security with Confidence, I hadn’t seen a truly comprehensive security course for WordPress professionals who need to provide premium security for their clients.
I went from knowing a lot about different areas of WordPress security to having a comprehensive understanding of how to implement security across the entire WordPress ecosystem for any website.
If WordPress security is part of your job, investing in this course is a no-brainer!
Josh Pollock (Security)
David is one of the best WordPress tutors, and it’s a real treat to see him tackle the complex world of WordPress security.
For the cost of one year of a premium WordPress security plugin, WordPress Security With Confidence gives you all the knowledge you need to confidently deal with security, forever. I’ve enjoyed David’s writing on WordPress for years, and this new course is no exception.
Aileen Forbes (Security)
The WordPress Security with Confidence course has been extremely helpful for me! It covers so many things that I half-knew, but which I understand completely after taking the course. I now know exactly where and how to approach tightening up security in my plugins and functions.
Ready to join our list of happy customers?
What will I learn in WordPress Security for Site-Owners??The course is built around a carefully crafted curriculum covering everything you need for WordPress Security with Confidence. With over 17 modules and 90+ individual videos (10 hour runtime), you’ll learn how to think about WordPress security, how to actually secure WordPress, and in the Developer Edition, how to secure and audit code (whether yours, a colleague’s, or a plugin’s). The Developer Edition features the full 17 modules, while the Site-Owner Edition features the first nine modules. Here’s a breakdown of all of the content:
Module 1: Developing a Security Mindset
- What WordPress security is (4 mins)
- Layered Security (4 mins)
- Threat Model (4 mins)
Module 2: Common WordPress Security Myths
- WordPress Security Myths (21 mins)
Module 3: Personal Security Hygiene
- Introduction to Personal Security Hygiene (1 min)
- Secure Passwords (8 mins)
- Updates (3 mins)
- Network Security (5 mins)
- Sharing Data (3 mins)
- Viruses (4 mins)
Module 4: Site Owner Security Concepts
- Security Concepts Introduction (1 min)
- What is WordPress, as it relates to security (4 mins)
- Infection Types (6 mins)
- Why Update (6 mins)
- Good Passwords (5 mins)
- Principle of Least Privilege (5 mins)
- Distributed Denial of Service Attacks (4 mins)
- CAPTCHAs (5 mins)
- HTTPS (3 mins)
- Social Engineering (3 mins)
- Web Application Firewalls (4 mins)
- Malware Scans (3 mins)
- Audit Logs (3 mins)
- Monitoring (2 mins)
- Security by Obscurity (3 mins)
Module 5: Hardening WordPress: Practical Steps
- Introduction to “Hardening” (1 min)
- Disallow File Edit in Admin Area (3 mins)
- Remove Unused Plugins and Themes (3 mins)
- Prevent Directory Listings with Blank Indexes (3 mins)
- Force Admin SSL (3 mins)
- Remove Readme (4 mins)
- Set/Verify/Change Salts (3 mins)
- Block PHP execution in Uploads (Apache) (3 mins)
- WP-Includes Web-Block (2 mins)
- Database Passwords (2 mins)
- Not Plugins and Firewalls (1 min)
- Change Database Prefix (3 mins)
- Good Passwords (4 mins)
- Reputation Monitoring (1 min)
- Use SFTP (2 mins)
- Backups (3 mins)
- Choosing Plugins (4 mins)
- File Permission (5 mins)
- No Random Registration (2 mins)
- (Not) Infrastructure Security (1 min)
- Turning Off Comments (2 mins)
Module 6: Comparison of WordPress Security Plugins & Services
- Comparison of WordFence, Sucuri, SiteLock, iThemes, SecuPress, All in One Security, and many more (7 mins)
- Runthroughs of what it's like to use 11 different security products (11 videos)
Module 7: Collaborating (with Clients)
- Introduction to Secure Collaboration (2 mins)
- Sharing Secrets (8 mins)
- Talking about Security (with clients) (9 mins)
- Security After Launch (6 mins)
Module 8: Server Security (and what’s beyond)
- Server Security – Don’t Built Your Own LAMP (8 mins)
- How To Pick a WordPress Host (10 mins)
Module 9: Site-Owner Security Interviews
- Tony Perez (Sucuri)
- Chris Wiegman (iThemes Security)
- Michele Butcher-Jones (WP Rocket)
- Meher Bala (freelancer)
- Joe Howard (WP Buffs)
Learn from the security experts
WordPress Security with Confidence offers the incredible opportunity to get highly practical security advice directly from the experts.
Watch video interviews with leading WordPress Security experts, including the lead of the WordPress Security Team Aaron Campbell, Sucuri CEO Tony Perez, and original author of iThemes Security Chris Wiegman.
Each of the nine interviews runs for roughly half an hour, and all are packed with valuable security insights. You can hear how the very best people in the business think, and deal with WordPress security – and then how to apply their practices.
The Developer Edition features all of these interviews, covering both user security and approaches for developers, and the Site-Owner Edition features a selection focussed on practical user security.
Meet the WordPress security experts:
WP Security Lead
Creator of iThemes Security
Expert Hack Remediator
WordPress Lead at SiteGround
WordPress Evangelist at SiteLock
CEO of Sucuri
CEO of WP Buffs
Founder of SecuPress
Choose Your WordPress Security with Confidence Plan
Will I always have access to the WordPress Security for Site-Owners course?
Yes! You’ll always have access to the course, and can take the lessons at your own pace. There’s no expiry date, time limit, or deadline; you can re-take individual lessons as many times as you like, whenever you like.
I’m busy. What if I can’t keep up with the course?
You’ll get a login to our beautiful course-management website, and from there can watch individual lessons – at your own pace. If you want to retake any material, it’s always available for you to retake as and when you need.
Is this course suitable for me?
If you want to have the confidence to deal with WordPress security, this is the right course for you.
WordPress Security for Site-Owners is for WordPress users, power-users, “implementers”, and anyone managing WordPress sites who is not writing their own code. You’ll learn everything you need to know to make a WordPress site secure, without touching the code. Plus, for roughly the price of one year of any premium WordPress security plugin, you will learn everything you need to know, forever.
We want everyone who buys the course to be delighted with their purchase, so do get in touch with us if you’re not sure which version is for you. Furthermore, if you do purchase and decide this isn’t quite the course for you, that’s totally fine! You can just let us know, and we’ll happily give you a full refund.
How does the course website work?
You’ll get to take the course in a purpose built, beautifully responsive website dedicated to making sure you get the most out of WordPress Security with Confidence.
Each chapter is available with its videos, and you can mark each as complete in order to feel progress as you move through the course. You can access the course on any device with a browser, anywhere you have an internet connection – so whether you learn best on desktop, tablet, or mobile, you can get the learning style which matches what works best for you.
Who made this excellent WordPress security course?
Great question! Hi! I’m David Hayes, the author of this excellent course. I’m co-founder of boutique web consultancy Press Up, co-author of WPShout, and co-author of the critically acclaimed WordPress development course Up and Running. I’m a WordPress security expert, lead all of the course’s content, and will be your personal guide through your WordPress development journey.
I’m supported by Fred Meyer and Alex Denning; Fred is my business partner at Press Up, and Alex originally founded WPShout in 2009. Both have a wealth of experience teaching WordPress, and are here to make sure you have the best possible experience.
Do you do bulk or team discounts?
Yes! We’ll happily offer a discount for purchases of five or more. Please contact us for details.
Any other questions?
Get in touch! If you have any queries at all about the course, drop us an email and we’ll happily get back to you. You can email us here.