Portuguese English German

WordPress Security Fundamentals

Free


Lectures
78
Video
4 hours
Level
Beginner
Language
English

Course Description

This is a course focused on security fundamentals to get you prepared to either defend your WordPress installation or hack it, ethically, of course. Such fundamentals are a must prior to engage in more advanced courses. Just learning 'tips and tricks' today will get you outdated tomorrow.

In this course you'll learn from how machines communicate over the internet to the complete WordPress threat landscape. As soon as you grasp those fundamentals, you'll be ready to move onto the next level and learn WordPress Secure Architecture, WordPress Secure Installation, WordPress Ethical Hacking and WordPress Incident Response and Monitoring.

The path to master WordPress security starts here, with rock solid fundamentals from Anderson Dadario, a product security engineer with a decade of experience in software development and software security.

Course Requirements

Be familiar with WordPress. If you only accessed the WordPress Admin once, you're already good to go.

What are you going to get out of this course?

  • Understand WordPress inner workings
  • Understand the role of Web Server, Database and PHP related to WordPress
  • Understand basic network concepts (MAC Address, IP Address, DNS)
  • Understand WordPress installation threats
  • Understand WordPress operational threats
  • Understand personal computer threats
  • Understand registrar threats
  • Understand cloud computing provider threats
  • Be ready to take our next WordPress Security courses

What's the ideal audience for this course?

The WordPress Security Fundamentals course is focused on beginners who want to learn about threats related to their WordPress installation. On the other hand, this is not a course made to teach tips and tricks regarding how to protect your WordPress installation. This course focuses on concepts and has a few hands-on lectures related to WordPress installation.

Curriculum

Section 1: Course Prologue

  • [Lecture #1] Why this course and what to expect05:25

Section 2: WordPress Background Overview

  • [Lecture #2] What is WordPress anyway?03:53
  • [Lecture #3] Dependency #1: PHP02:43
  • [Lecture #4] Dependency #2: Database03:24
  • [Lecture #5] Dependency #3: Web Server02:03
  • [Lecture #6] Dependency #4: Operating System03:11
  • [Lecture #7] The Big Picture04:03
  • [Lecture #8] PHP Past Analysis07:10
  • [Lecture #9] MySQL Past Analysis03:28
  • [Lecture #10] Web Server Past Analysis03:11
  • [Lecture #11] Operating System Past Analysis02:06
  • [Lecture #12] WordPress Vulnerability History01:56

Section 3: WordPress Technical Overview

  • [Lecture #13] Module Introduction00:38
  • [Lecture #14] How machines communicate: Network Interfaces and MAC Addresses02:59
  • [Lecture #15] How machines communicate: IP Addresses04:12
  • [Lecture #16] How machines communicate: Domain Name System (DNS) Protocol03:38
  • [Lecture #17] Hypertext Transfer Protocol (HTTP) Introduction01:16
  • [Lecture #18] HTTP Request Overview04:06
  • [Lecture #19] HTTP Response Overview06:44
  • [Lecture #20] HTML Introduction and Rendering10:06
  • [Lecture #21] HTTP vs HTTP Secure (HTTPS)03:01
  • [Lecture #22] HTTPS Introduction and Authentication Example09:17
  • [Lecture #23] How Web Servers Work05:27
  • [Lecture #24] Ports and URLs03:51
  • [Lecture #25] How Web Servers Handle Requests01:55
  • [Lecture #26] Web Server Importance on Shared Hosting05:41
  • [Lecture #27] Example of Web Server Configuration (Nginx)06:20
  • [Lecture #28] How PHP Works07:05
  • [Lecture #29] MySQL and Structured Query Language (SQL)09:57

Section 4: WordPress Common Installation (Insecure)

  • [Lecture #30] Module Introduction00:59
  • [Lecture #31] Requirement #1: Domain Name06:02
  • [Lecture #32] Requirement #2: Server with valid IP Address08:12
  • [Lecture #33] Goal #1: Point the domain name to our server04:01
  • [Lecture #34] Goal #2: Install WordPress and its dependencies06:34
  • [Lecture #35] Installing PHP03:01
  • [Lecture #36] Installing MySQL and Nginx03:45
  • [Lecture #37] Installing and Configuring WordPress11:56
  • [Lecture #38] Goal #3: Create a simple WordPress post02:07

Section 5: WordPress Threat Landscape

  • [Lecture #39] Module Introduction00:26
  • [Lecture #40] Domain Name Registering Risks03:22
  • [Lecture #41] Risk Definition02:40
  • [Lecture #42] Server Creation Risks #1: Risk of provider abuse02:32
  • [Lecture #43] Server Creation Risks #2: Risk of Tampered Ubuntu Image01:24
  • [Lecture #44] Server Creation Risks #3: Risk of Cloud Provider be hacked01:41
  • [Lecture #45] Personal Computer Risks #1: Risk of WordPress admin account compromise01:35
  • [Lecture #46] Personal Computer Risks #2: Risk of SSH Key Leak01:51
  • [Lecture #47] Installation Risks #1: Risk of outdated applications01:47
  • [Lecture #48] Installation Risks #2: Risk of tampered updates01:32
  • [Lecture #49] Installation Risks #3: Risk of exposing MySQL to the internet00:38
  • [Lecture #50] Installation Risks #4: Risk of exposing unnecessary files on web server00:53
  • [Lecture #51] Installation Risks #5: Risk of leaking MySQL data01:15
  • [Lecture #52] Installation Risks #6: Risk of leaking WordPress files00:40
  • [Lecture #53] Installation Risks #7: Risk of leaking technical information01:23
  • [Lecture #54] Installation Risks #8: Risk of installing an outdated WordPress00:50
  • [Lecture #55] Installation Risks #9: Risk of leaking URLs on “robots.txt” files00:55
  • [Lecture #56] Installation Risks #10: Risk of having known MySQL table names01:20
  • [Lecture #57] Installation Risks #11: Risk of editing files from WordPress Admin01:08
  • [Lecture #58] Installation Risks #12: Risk of allowing “global registration”01:11
  • [Lecture #59] Operational Risks #1: Risk of software become outdated01:18
  • [Lecture #60] Operational Risks #2: Risk of losing MySQL data01:40
  • [Lecture #61] Operational Risks #3: Risk of (Distributed) Denial of Service01:01
  • [Lecture #62] Operational Risks #4: Risk of not being able to trackdown the intruder00:56
  • [Lecture #63] Operational Risks #5: Risk of being infected by malware01:09
  • [Lecture #64] Operational Risks #6: Risk of XML-RPC Brute Force Attack02:16
  • [Lecture #65] Operational Risks #7: Risk of unlimited login brute force attempts00:59
  • [Lecture #66] Operational Risks #8: Risk of Identifying WordPress installation00:52
  • [Lecture #67] Operational Risks #9: Risk of installing vulnerable WP Theme / Plugin02:28
  • [Lecture #68] Operational Risks #10: Risk of Shared Hosting Model01:31
  • [Lecture #69] Operational Risks #11: Risk of Having Software Compromised01:30
  • [Lecture #70] Operational Risks #12: Risk of receiving SPAM01:44
  • [Lecture #71] The Big Picture04:00

Section 6: Course Epilogue

  • [Lecture #72] Conclusion03:24
  • [Lecture #73] Course Ramifications00:33
  • [Lecture #74] WordPress Secure Architecture01:26
  • [Lecture #75] WordPress Secure Installation00:53
  • [Lecture #76] WordPress Ethical Hacking00:25
  • [Lecture #77] WordPress Incident Response and Monitoring00:33
  • [Lecture #78] Acknowledgment00:22