Recapping Our Advice on WordPress Security

Screenshot of our WordPress Security with Confidence course

I’ve been writing about WordPress security solidly on WPShout for the last month or so, and today in place of your regular Tuesday post, I wanted to recap some of the posts, and give you another opportunity to give them a read:

  • Principles of Secure WordPress Code. Back in June, this post focussed on what you, as a developer, should be thinking about when writing PHP for WordPress if you want to avoid the obvious errors and security blunders. This is expanded on greatly in the course.
  • Security Through Obscurity is Not Security At All. Deliberately provocative, this post takes aim at the idea “security through obscurity” (ie hiding you’re running WordPress) is good practice.
  • Preventing XSS WordPress Attacks Complete Guide to Validating, Sanitizing, and Escaping Data. This post explores how cross-site scripting is dangerous, and how to do validation, sanitization, and escaping in WordPress, in order to protect your site.
  • What I Learned Interviewing 10 WordPress Security Experts. For the new course I talked to people like Aaron Campbell, Tony Perez, and Chris Weigman. This post rounds up the key lessons I took from each of these conversations, and makes for fascinating reading.

If you missed any of these, or need the opportunity to recap, really do take the opportunity. You can also take the opportunity to be inspired, and take your WordPress security knowledge to the next level:

Ready to Become a WordPress Security Expert?

WordPress Security with Confidence

WordPress Security with Confidence is our comprehensive guide to WordPress security.

Starting with general security principles, and advancing to very specific actionable steps, we explain all the details you need to understand in clear, jargon-free language. It’s your essential companion on WordPress security.

Become an absolute expert, and gain the confidence that you’re doing WordPress security right.

For further samples, you can read my complete guide to WordPress security, which runs through some basic beginner points that are essential for securing any WordPress site.


1 Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Viktor Szépe
November 18, 2017 8:16 am

After actively contributing to popular security plugins I’ve realized actual attack vectors are not mitigated by them 🙁

Then I’ve started to watch and log these attacks and develop a WAF which is basically two classes.
https://github.com/szepeviktor/wordpress-fail2ban
One for HTTP header analysis, one for WordPress specific events (this is the MU plugin).

Comments are welcome.