WordPress Hacking and Hardening in Simple Steps – Gabriel Avramescu

Salepage link: At HERE. Archive: https://archive.is/wip/xf208

When it comes to WordPress security, there are a lot of things you can do to lock down your site to prevent hackers and vulnerabilities from affecting your e-commerce site or blog. The last thing you want to happen is to wake up one morning to discover your site in shambles.

Did you know that more than 73 million web sites in the world run on the WordPress publishing platform? This makes WordPress more popular than Microsoft SharePoint, Blogger, or Drupal. It also means that WordPress is a large target for hackers.

Half of the WordPress sites out there are self-hosted, which means that the WordPress administrator carries the lion’s share of responsibility for a secure installation. Out of the box, there are several ways that WordPress security can be tightened down, but only a fraction of sites actually do so. This makes WordPress an even more popular target for hackers.

The strategies that you will learn in this course can help any WordPress installation become significantly more secure, and raise awareness of the types of vulnerabilities to defend against.

What you’ll learn

• Secure WordPress Websites
• Scan their WordPress Instance for vulnerabilities
• Prevent Spam
• Prevent Brute Force Attacks
• Secure HTTP Headers
• Configure 2factor Authentication
• File Integrity Protection
• Web Application Firewall Configuration
• Block malicious IPs and attacks
• Advanced Steps to Further Secure the WordPress Instance

Course Curriculum

Introduction

• Let’s meet (0:54)
• About me. And Course Outline (13:49)
• Lab Setup (2:48)

Overview of a WordPress attack

• Scanning WordPress for vulnerabilities (10:26)
• Exploit Vulnerable WordPress Plugin (9:18)
• Upload a backdoor (7:36)
• Sending spam (17:20)

Securing your WordPress – basics steps

• Backup your WordPress Instance (6:46)
• Restore from backup
• Update WordPress and Plugins (4:00)
• HTTPS introduction (8:22)
• Manually configuring HTTPS – generating certificates (15:53)
• Automatic configuration and free signed certificate (7:47)
• HTTP to HTTPS Redirect. Manual and using WordPress Plugins (3:12)
• Security Plugins (4:00)
• Wordfence Security Plugin and 2 Factor Authentication (19:04)
• Brute Force Demo – IP and User Block (5:24)
• Spam protection. Captcha on login and comments (4:39)
• HTTP Secure Hearders and TLS scan – free scan your website (11:22)
• HTTP Security Headers using plugins – demo (3:44)

More Advanced WordPress Security

• Finding the source of spam (14:00)
• Vulnerabilities and exploits (9:14)
• How to Change Your WordPress Login URL (4:32)
• SQL Injection and URL Hacking (5:36)
• Protect Sensitive Files (3:24)
• Default usernames (3:33)
• Disable XML-RPC (2:07)
• Hide your WordPress version (4:21)
• DDos Protection (5:09)

Bonus – Learn more about web security

• Bonus Section (0:30)
• SQL Injection (9:09)
• Automatic Exploitation. of SQL Injection (10:07)
• Cross-Site Scripting Introduction. Attacking Users. (8:27)
• Reflected XSS – Session Hjacking (10:29)
• Stored XSS (6:59)
• Using XSS to grab cookies, Facebook username and passwords. Social Engineering (16:12)
• Upload and file execution (10:43)
• Cross-Site Request Forgery (7:19)
• Promo – further information
• Owasp Top 10 Vulnerabilities – Further Reading (18:16)