Course Description

This is a course focused on security fundamentals to get you prepared to either defend your WordPress installation or hack it, ethically, of course. Such fundamentals are a must prior to engage in more advanced courses. Just learning 'tips and tricks' today will get you outdated tomorrow.

In this course you'll learn from how machines communicate over the internet to the complete WordPress threat landscape. As soon as you grasp those fundamentals, you'll be ready to move onto the next level and learn WordPress Secure Architecture, WordPress Secure Installation, WordPress Ethical Hacking and WordPress Incident Response and Monitoring.

The path to master WordPress security starts here, with rock solid fundamentals from Anderson Dadario, a product security engineer with a decade of experience in software development and software security.

Course Requirements

Be familiar with WordPress. If you only accessed the WordPress Admin once, you're already good to go.

What are you going to get out of this course?

Understand WordPress inner workings

Understand the role of Web Server, Database and PHP related to WordPress

Understand basic network concepts (MAC Address, IP Address, DNS)

Understand WordPress installation threats

Understand WordPress operational threats

Understand personal computer threats

Understand registrar threats

Understand cloud computing provider threats

Be ready to take our next WordPress Security courses

What's the ideal audience for this course?

The WordPress Security Fundamentals course is focused on beginners who want to learn about threats related to their WordPress installation. On the other hand, this is not a course made to teach tips and tricks regarding how to protect your WordPress installation. This course focuses on concepts and has a few hands-on lectures related to WordPress installation.

Curriculum

Section 1: Course Prologue

[Lecture #1] Why this course and what to expect 05:25

Section 2: WordPress Background Overview

[Lecture #2] What is WordPress anyway? 03:53

What is WordPress anyway? [Lecture #3] Dependency #1: PHP 02:43

Dependency #1: PHP [Lecture #4] Dependency #2: Database 03:24

Dependency #2: Database [Lecture #5] Dependency #3: Web Server 02:03

Dependency #3: Web Server [Lecture #6] Dependency #4: Operating System 03:11

Dependency #4: Operating System [Lecture #7] The Big Picture 04:03

The Big Picture [Lecture #8] PHP Past Analysis 07:10

PHP Past Analysis [Lecture #9] MySQL Past Analysis 03:28

MySQL Past Analysis [Lecture #10] Web Server Past Analysis 03:11

Web Server Past Analysis [Lecture #11] Operating System Past Analysis 02:06

Operating System Past Analysis [Lecture #12] WordPress Vulnerability History 01:56

Section 3: WordPress Technical Overview

[Lecture #13] Module Introduction 00:38

Module Introduction [Lecture #14] How machines communicate: Network Interfaces and MAC Addresses 02:59

How machines communicate: Network Interfaces and MAC Addresses [Lecture #15] How machines communicate: IP Addresses 04:12

How machines communicate: IP Addresses [Lecture #16] How machines communicate: Domain Name System (DNS) Protocol 03:38

How machines communicate: Domain Name System (DNS) Protocol [Lecture #17] Hypertext Transfer Protocol (HTTP) Introduction 01:16

Hypertext Transfer Protocol (HTTP) Introduction [Lecture #18] HTTP Request Overview 04:06

HTTP Request Overview [Lecture #19] HTTP Response Overview 06:44

HTTP Response Overview [Lecture #20] HTML Introduction and Rendering 10:06

HTML Introduction and Rendering [Lecture #21] HTTP vs HTTP Secure (HTTPS) 03:01

HTTP vs HTTP Secure (HTTPS) [Lecture #22] HTTPS Introduction and Authentication Example 09:17

HTTPS Introduction and Authentication Example [Lecture #23] How Web Servers Work 05:27

How Web Servers Work [Lecture #24] Ports and URLs 03:51

Ports and URLs [Lecture #25] How Web Servers Handle Requests 01:55

How Web Servers Handle Requests [Lecture #26] Web Server Importance on Shared Hosting 05:41

Web Server Importance on Shared Hosting [Lecture #27] Example of Web Server Configuration (Nginx) 06:20

Example of Web Server Configuration (Nginx) [Lecture #28] How PHP Works 07:05

How PHP Works [Lecture #29] MySQL and Structured Query Language (SQL) 09:57

Section 4: WordPress Common Installation (Insecure)

[Lecture #30] Module Introduction 00:59

Module Introduction [Lecture #31] Requirement #1: Domain Name 06:02

Requirement #1: Domain Name [Lecture #32] Requirement #2: Server with valid IP Address 08:12

Requirement #2: Server with valid IP Address [Lecture #33] Goal #1: Point the domain name to our server 04:01

Goal #1: Point the domain name to our server [Lecture #34] Goal #2: Install WordPress and its dependencies 06:34

Goal #2: Install WordPress and its dependencies [Lecture #35] Installing PHP 03:01

Installing PHP [Lecture #36] Installing MySQL and Nginx 03:45

Installing MySQL and Nginx [Lecture #37] Installing and Configuring WordPress 11:56

Installing and Configuring WordPress [Lecture #38] Goal #3: Create a simple WordPress post 02:07

Section 5: WordPress Threat Landscape

[Lecture #39] Module Introduction 00:26

Module Introduction [Lecture #40] Domain Name Registering Risks 03:22

Domain Name Registering Risks [Lecture #41] Risk Definition 02:40

Risk Definition [Lecture #42] Server Creation Risks #1: Risk of provider abuse 02:32

Server Creation Risks #1: Risk of provider abuse [Lecture #43] Server Creation Risks #2: Risk of Tampered Ubuntu Image 01:24

Server Creation Risks #2: Risk of Tampered Ubuntu Image [Lecture #44] Server Creation Risks #3: Risk of Cloud Provider be hacked 01:41

Server Creation Risks #3: Risk of Cloud Provider be hacked [Lecture #45] Personal Computer Risks #1: Risk of WordPress admin account compromise 01:35

Personal Computer Risks #1: Risk of WordPress admin account compromise [Lecture #46] Personal Computer Risks #2: Risk of SSH Key Leak 01:51

Personal Computer Risks #2: Risk of SSH Key Leak [Lecture #47] Installation Risks #1: Risk of outdated applications 01:47

Installation Risks #1: Risk of outdated applications [Lecture #48] Installation Risks #2: Risk of tampered updates 01:32

Installation Risks #2: Risk of tampered updates [Lecture #49] Installation Risks #3: Risk of exposing MySQL to the internet 00:38

Installation Risks #3: Risk of exposing MySQL to the internet [Lecture #50] Installation Risks #4: Risk of exposing unnecessary files on web server 00:53

Installation Risks #4: Risk of exposing unnecessary files on web server [Lecture #51] Installation Risks #5: Risk of leaking MySQL data 01:15

Installation Risks #5: Risk of leaking MySQL data [Lecture #52] Installation Risks #6: Risk of leaking WordPress files 00:40

Installation Risks #6: Risk of leaking WordPress files [Lecture #53] Installation Risks #7: Risk of leaking technical information 01:23

Installation Risks #7: Risk of leaking technical information [Lecture #54] Installation Risks #8: Risk of installing an outdated WordPress 00:50

Installation Risks #8: Risk of installing an outdated WordPress [Lecture #55] Installation Risks #9: Risk of leaking URLs on “robots.txt” files 00:55

Installation Risks #9: Risk of leaking URLs on “robots.txt” files [Lecture #56] Installation Risks #10: Risk of having known MySQL table names 01:20

Installation Risks #10: Risk of having known MySQL table names [Lecture #57] Installation Risks #11: Risk of editing files from WordPress Admin 01:08

Installation Risks #11: Risk of editing files from WordPress Admin [Lecture #58] Installation Risks #12: Risk of allowing “global registration” 01:11

Installation Risks #12: Risk of allowing “global registration” [Lecture #59] Operational Risks #1: Risk of software become outdated 01:18

Operational Risks #1: Risk of software become outdated [Lecture #60] Operational Risks #2: Risk of losing MySQL data 01:40

Operational Risks #2: Risk of losing MySQL data [Lecture #61] Operational Risks #3: Risk of (Distributed) Denial of Service 01:01

Operational Risks #3: Risk of (Distributed) Denial of Service [Lecture #62] Operational Risks #4: Risk of not being able to trackdown the intruder 00:56

Operational Risks #4: Risk of not being able to trackdown the intruder [Lecture #63] Operational Risks #5: Risk of being infected by malware 01:09

Operational Risks #5: Risk of being infected by malware [Lecture #64] Operational Risks #6: Risk of XML-RPC Brute Force Attack 02:16

Operational Risks #6: Risk of XML-RPC Brute Force Attack [Lecture #65] Operational Risks #7: Risk of unlimited login brute force attempts 00:59

Operational Risks #7: Risk of unlimited login brute force attempts [Lecture #66] Operational Risks #8: Risk of Identifying WordPress installation 00:52

Operational Risks #8: Risk of Identifying WordPress installation [Lecture #67] Operational Risks #9: Risk of installing vulnerable WP Theme / Plugin 02:28

Operational Risks #9: Risk of installing vulnerable WP Theme / Plugin [Lecture #68] Operational Risks #10: Risk of Shared Hosting Model 01:31

Operational Risks #10: Risk of Shared Hosting Model [Lecture #69] Operational Risks #11: Risk of Having Software Compromised 01:30

Operational Risks #11: Risk of Having Software Compromised [Lecture #70] Operational Risks #12: Risk of receiving SPAM 01:44

Operational Risks #12: Risk of receiving SPAM [Lecture #71] The Big Picture 04:00

Section 6: Course Epilogue