4.54 out of 5
522 reviews on Udemy

WordPress Security – How To Stop Hackers

Comprehensive, Step-By-Step & Easy Way to Secure your Wordpress Website from Hackers
Andrew Williams
4,338 students enrolled
English [Auto]
Know why hackers hack, and some of the common ways they do this
Understand the main threats that cause security problems with Wordpress websites
Understand that Wordpress is actually a secure platform, but it can easily be made insecure by the actions of those that run and administer the site
Secure a Wordpress website from hackers using a variety or common sense and technical tweaks to the site
"Copy" the security measures that have been set up on one site, and "import" them into other Wordpress websites they own, meaning security can be set up on subsequent sites in seconds
Find out more information about those trying to hack their site

In 2019, it is even more important that you secure your WordPress website.

A couple of years ago it was estimated that only 44% of web traffic came from genuine visitors.  The rest was from bots, hacking tools, scrapers and spammers.  With that volume or dodgy web traffic coming to your website, are you confident that your website can withstand a hacker attack?  What if I told you that an estimated 37,000 websites are hacked EVERY DAY.  How confident are you now?

Securi, a top internet security service, reported that they dealt with 500 website infections a day, 7 days a week.  Out of 11,000 infected sites they dealt with, 78% were WordPress sites.  

Once a site is hacked, it can be used for all kinds of malicious purposes, such as directing your traffic, stealing customer details, deleting files, changing your login details to lock you out, sending spam emails to millions of people (which will label your domain as spam and remove any chance it has of ranking in Google), you get the idea?

And hackers don’t just target large, popular sites.  They’ll use computer software to scan millions of websites for vulnerabilities, and then attack the soft targets.  There is no softer target than a newly setup WordPress website!

There is obviously good reason to be concerned about your website security.  However, I don’t want you to think that WordPress is an insecure platform that should be avoided, it isn’t.  Wordpress is actually very secure and if a security hole is found, it is usually plugged very quickly by the WordPress security team and pushed out to all WordPress installs – automatically.  The real security issues come from the people running the websites.  They often don’t have enough knowledge to make educated decisions about the content they put on their site, the plugins they use or the themes they install.

This course has two aims:  

  1. I want to give you the knowledge you need so that you can understand where the main threats come from.  With that knowledge, you will understand how your administrative actions can affect the security of your website.  This knowledge gives you the power to stop hackers. 

  2. I want to give you a step-by-step solution to make your website as hackerproof as possible.  We’ll install a single WordPress plugin and go through the entire setup process.  Simply watch the tutorials, and follow along on your own site as I secure one of my own.

If you are not very technically minded, don’t worry.  This course assumes no technical ability and no programming skills.  

About the Course

The course starts off with an introduction to hacking.  Why hackers hack, and what makes some WordPress sites more vulnerable to hackers than others.

We’ll then go through the main ways that you can harden up your WordPress installation, and I’ll show you how to manually set some of these up on your site.  You can try out some or all of these techniques yourself if you want to, but it is not essential (see lower down). You may just want to sit back and absorb the information so that you have the knowledge you need to make informed decisions on your WordPress website going forward.

In the second half of the course, we’ll install a WordPress Security Plugin that covers all of the major security weaknesses outlined in the first half of the course, and work our way step-by-step, configuring the plugin to make our site virtually hack-proof.  

By the end of this course, you will have both the knowledge and the skill set to secure a WordPress website against hackers. 



This lecture introduces the Wordpress Security course and your instructor. There are a couple of ways you can use this course, and this lecture will cover those.

Is Wordpress an Insecure Platform?

This lecture looks at whether or not Wordpress is a secure platform.  Can you trust Wordpress with your website?

Why Hackers Hack.

Why do hackers hack?  There are a lot of reasons, none of them good.  This lecture looks at a few of the reasons, but also reassures you that your website will be very secure after following this course.

Common Hacks

There are a lot of common hacks on Wordpress sites.  This lecture introduces a few and also points you to an authority web page if you want more details.

Security Measures

Site Backups

Everyone should backup their Wordpress website.  This lecture explains what you need to backup, and offers suggestions for tools that will allow you to do that.

Security Plugins

There are a number of security plugins for Wordpress.  We will install and setup a good one later in this course, but for now, let me just introduce a few of the more popular plugins.


Passwords need to be strong and random.  Weak passwords are one of the main ways hackers gain access to a website.  You'd be surprised how many people use the word "password" as their password.

Wordpress Usernames

Usernames are another weak area for many Wordpress users.  Pick a username that cannot be guessed.

Signing In

Know the URL that you use for signing into your website.  A simple hacker trick could get your username and password without you realising you've been tricked.

Disable PHP Error Reporting

PHP error reporting can give hackers some sensitive information.  You can easily disable this though.

Disable File Editor

The file editor built into the Dashboard is one of the first ports of calls if a hacker gains access to your site.  It's therefore a good idea to disable it.

Content of Posts & Pages

You need to be careful about code embedded into Wordpress posts or pages.  If you don't trust the code 100%, leave it out.

New Users

Wordpress security is only as strong as it's weakest link, and users may be that weak link.  This lecture looks at correctly assigning roles to users, to give them just enough security clearance to perform their job.

Widgets & Code

Inserting any kind of code in your site can open up security holes.  You have to be very careful, and this lecture explains what to look out for.


Plugins can be another source of security holes.  This lecture looks at some common sense measure to ensure your website is secure.


Themes can also provide backdoors to hackers, so make sure you use themes from reputable sources, and that those themes are regularly maintained and updated.

Comment Spam
Limiting Login Attempts

A good measure to take is to stop someone repeatedly trying to log into your site on the login page.  If a user fails to login a couple of times, they are probably not authorised to access the site, so block them.

2-Factor Authentication

You may already be familiar with 2-Factor authentication.  Your Google account may use this, or your online banking.  You can add this layer of security to your Wordpress site if you wish.

Protect the Login Page

The login page is the gateway to your Wordpress Dashboard, so protect it!

Database Table Prefix

A simple security measure you can take is to change the default Wordpress table prefix.  This is typically done when you install Wordpress, but you can change it at a later date as well.

Wordpress Security Keys

Wordpress security keys are an extra layer of protection for your site.  If you install Wordpress using a one-click installer, you don't need to do anything as these will be created for you at the time of the installation.


XML-RPC is a programming interface that developers can use to "talk" to Wordpress.  It's also a potential security threat.

Web Host

A good web host can help increase the security of your website.


This is an important configuration file that contains sensitive information about your site.  You may want to protect it.

File Permissions

The files and folders on your server are given permissions, which basically control who can read and write to those files and folders.  There are specific permissions required within your Wordpress installation.

Set Up All In One Security on your Website

Installing the Plugin

Find and install the plugin in the Wordpress repository.

Backup Important Files

Before you begin, we need to backup important Wordpress files.  If anything goes wrong with the configuration of the plugin, you can always use these to restore access to your Dashboard and site.

If You Get Locked Out?

As you secure your site, you should keep taking backups of important files as mentioned above.  However, it is possible you will get locked out.  This tutorial shows you what to do if that happens.

Classification of Security Measures

If you want to just play it safe, you can only enable the security features that are safe to implement and not cause your site problems.  If you are more adventurous, you can try activating all measures.  This lecture explains how to identify the safe from the "adventurous".


The Dashboard gives you a birds eye view of your security setup on the site.   Check out how secure your website is.


The settings screen gives you quick access to a couple of useful tools.  We've already used two of the tools to backup files, but let's see what else is here.

User Accounts

Your username, display name and password settings are accessible from this screen.  Do you need to change them?  Are they secure enough?

User Login

Stop brute force attempts by locking out users that consistently try to login, but fail.

User Registration

If you allow people to register on your site, then these settings need to be selected as well.

Database Security

Remember we talked about the table prefix and how Wordpress liked to use a default of wp_ ??  This lecture shows you how you can change your prefix if you need to, or just want to.  Don't forget to backup the database first (instructions included in this video).

Filesystem Security

Files and folders need the correct permissions set, to keep them secure.  This lecture shows you how to make sure everything is correct, and also how to disable the PHP editor if you didn't do that earlier in the course.

WHOIS Lookup

Check out details of people trying to access your site.

Blacklist Manager

Blacklist IPs so that they cannot access your website.


Setup a firewall on your Wordpress website, to add an extra layer of security.

Brute Force

The plugin has some great tools to help prevent brute force attacks.  This lecture shows you how to set these up.

Spam Prevention

This section of the plugin helps to deal with spam comments by adding a math captcha to the comment form.  It's not the greatest spam eliminator, but it is quick to implement and will help a little. A more useful feature is the auto-blocking of repeat spam commenters.


One way of detecting whether your site has been hacked is to monitor the Wordpress files on your server and compare them to the original Wordpress files from Wordpress.org.  This is a built in feature of the plugin.


If you need to, you can block all access to your site front end while you do maintenance.  This lecture shows you how to do this.


A final few security measures for your website, and you are done.  What is your final security score?


What is your Security Strength after completing the security settings?

Wordpress Security Checklist

I have created a Checklist for you to follow as you secure your Wordpress websites.  I've made it available as a PDF file which you can download as the resource for this lecture.


Need Help With Udemy Interface?

If you are new to Udemy, please watch this lecture that shows you around the Udemy interface, and how to get the most out of your Udemy experience as you take this, and other, courses.

Bonus Lecture

A final lecture with some information and resources you may find useful.

You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don't have an internet connection, some instructors also let their students download course lectures. That's up to the instructor though, so make sure you get on their good side!
4.5 out of 5
522 Ratings

Detailed Rating

Stars 5
Stars 4
Stars 3
Stars 2
Stars 1
30-Day Money-Back Guarantee


3 hours on-demand video
3 articles
Full lifetime access
Access on mobile and TV
Certificate of Completion
WordPress Security – How To Stop Hackers
$104.98 $69


For Professionals

For Businesses

We support Sales, Marketing, Account Management and CX professionals. Learn new skills. Share your expertise. Connect with experts. Get inspired.


Partnership Opportunities

Layer 1
Register New Account
Compare items
  • Total (0)