WordPress Hacking and Hardening in Simple Steps
When it comes to WordPress security, there are a lot of things you can do to lock down your site to prevent hackers
Watch Promo
When it comes to WordPress security, there are a lot of things you can do to lock down your site to prevent hackers and vulnerabilities from affecting your e-commerce site or blog. The last thing you want to happen is to wake up one morning to discover your site in shambles.
Did you know that more than 73 million web sites in the world run on the WordPress publishing platform? This makes WordPress more popular than Microsoft SharePoint, Blogger, or Drupal. It also means that WordPress is a large target for hackers.
Half of the WordPress sites out there are self-hosted, which means that the WordPress administrator carries the lion's share of responsibility for a secure installation. Out of the box, there are several ways that WordPress security can be tightened down, but only a fraction of sites actually do so. This makes WordPress an even more popular target for hackers.
The strategies that you will learn in this course can help any WordPress installation become significantly more secure, and raise awareness of the types of vulnerabilities to defend against.
What you'll learn
- Secure WordPress Websites
- Scan their Wordpress Instance for vulnerabilities
- Prevent Spam
- Prevent Brute Force Attacks
- Secure HTTP Headers
- Configure 2factor Authentication
- File Integrity Protection
- Web Application Firewall Configuration
- Block malicious IPs and attacks
- Advanced Steps to Further Secure the Wordpress Instance
Your Instructor
Senior Information Security Consultant
- I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.
- Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking).
- Make recommendations on security weaknesses and report on activities and findings.
- Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated)
- Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment
- Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.)
- Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures
- Assist with the development of remediation services for identified findings
- Customize, operate, audit, and maintain security related tools and applications
IT Trainer
- CEH, ECSA, CHFI from EC-Council
- Cisco CCNA, CCNA Security, Linux Essentials
- Various Custom Trainings
Certifications
- OSWE
- OSCE
- OSWP
- CREST Registered Penetration Tester (CRT)
- OSCP
- CHFI (Computer Hacking Forensic Investigator)
- ISO 270001 Lead Auditor
- ECSA (EC-Council Security Analyst)
- CEH (Certified Ethical Hacker)
- CCNA and CCNA Security
- CCNP Routing and CCNP Switching
- Advanced Linux&InfoSEC
- VMWare vSphere Install, Configure, Manage
- Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.
Course Curriculum
Introduction
Available in
days
days
after you enroll
Overview of a Wordpress attack
Available in
days
days
after you enroll
Securing your WordPress - basics steps
Available in
days
days
after you enroll
-
StartBackup your WordPress Instance (6:46)
-
StartRestore from backup
-
StartUpdate WordPress and Plugins (4:00)
-
StartHTTPS introduction (8:22)
-
StartManually configuring HTTPS - generating certificates (15:53)
-
StartAutomatic configuration and free signed certificate (7:47)
-
StartHTTP to HTTPS Redirect. Manual and using WordPress Plugins (3:12)
-
StartSecurity Plugins (4:00)
-
StartWordfence Security Plugin and 2 Factor Authentication (19:04)
-
StartBrute Force Demo - IP and User Block (5:24)
-
StartSpam protection. Captcha on login and comments (4:39)
-
StartHTTP Secure Hearders and TLS scan - free scan your website (11:22)
-
StartHTTP Security Headers using plugins - demo (3:44)
Frequently Asked Questions
When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.