A site’s health is similar to a human’s health. It’s simpler and cheaper to prevent an issue than treat it. Most webmasters don’t spend 30–60 minutes a week to improve the site’s security but will pay thousands of dollars to regain the control when a hacker takes over.
Most of us rely on a complex security plugin and a little bit of good luck. That’s not bad, but it’s not enough. You have to stay up-to-date on what’s new in the web-security world. Most blogs for WordPress users cover this subject but only in addition to many others topics. However, a couple of sites focus exclusively on WordPress security.
We did some extensive research, and here are our findings. Enjoy our list, and don’t forget to leave a comment if we missed your favorite security information source.
Wordfence
Wordfence is a complete security plugin that firmly secures your site. In addition to downloading and installing the plugin, you should visit Wordfence site for two reasons.
First, if you want to have a full understanding of site security, you have to visit the WordPress Security Learning Center. The posts are structured to get the information across hassle-free! Beginners should opt for WordPress Security Fundamentals while more experienced users should choose WordPress Security for Developers.
Second, their blog is full of posts related to security. It’s a top-class resource to learn WordPress security.
Sucuri Guides
Sucuri is a leading company in the website security industry. I recommend checking out the “Resources” section periodically because this is where the company shares actionable tips to improve your site’s security. You will find guides, webinars, infographics, and a blog to learn how to protect your site better.
People who lack knowledge of basic security concepts should read “An Introduction to WordPress Security.” It’s one of the most in-depth guides I have ever read.
WP White Security
WP White Security is another resource focused on WordPress security. Unfortunately, it’s updated inconstantly, but the posts are genuinely useful. The posts under the security category are preponderant, but there are also interviews, tips related to site maintenance, and exciting deals.
I like very much the articles featuring the WordPress core, plugin, and theme vulnerability roundups. These posts help users get a strategic overview of WordPress security and entice them to pay closer attention to any vulnerability.
SecuPress Blog
Compared to other sites, this blog doesn’t have many articles. In spite of that, I am sure that you will enjoy reading the ones it does have. The posts are short and captivating.
For instance, each WordPress security release is featured in a post. It’s a unique type of post, and you get a full report of the security improvements.
SecuPress’ archives contain other cool articles, like “‘Backdoor User’ or How to Become an Admin without an Account.” Sounds pretty intriguing, doesn’t it?
Rack Aid
The most debated topic of this blog is site maintenance, but there are some top-class security articles. “How to Scan WordPress Like a Hacker” puts you in the shoes of a hacker. “How to Stop Brute-Force Attacks” is another valuable piece of content. You have more than enough reasons to subscribe to Rack Aid’s mailing list or visit the blog regularly.
Plugin Vulnerabilities
Do you want to know if your plugins are vulnerable? Visit Plugin Security Checker and test your plugins. If you own an account, you get an insightful review, but you get useful hints even without signing up.
The blog is another worth-mentioning resource because it showcases significant plugins and their vulnerabilities. Additionally, a roundup of plugin vulnerabilities is published each month. Overall, it’s a great resource for WordPress security for advanced users.
WP Scan Vulnerability Database
WP Scan Vulnerability Database – The name of this resource is self-describing. It’s a database of WordPress core, plugin, and theme vulnerabilities. You can check the database to discover the weaknesses of your themes and plugins, and, you can get notified by email for new vulnerabilities or submit a vulnerability.
Cybrary
Cybrary is not a resource for WordPress users only; it’s for anyone willing to know more about online security. Cybrary’s library is full of video courses related to security, networking, development, dev ops, and more. There are many useful courses regardless of your experience. I suggest the following classes, but I recommend taking a look through the library yourself and finding the proper courses for your needs:
- The End User Security Fundamentals Certification Course will help you get a complete overview of security fundamentals.
- In the Cross-Site Scripting Certification Course, you will learn what cross-site scripting is and how to protect your site against this vulnerability.
- In the SQL Injection Certification Course, you will learn about SQL injection and the ins and outs of this hacking method.
Head to the library and search for you courses that meet your needs. There are many useful courses, and signing up to watch the videos is free of charge.
WP Scans Blog
WP Scans is a web application that analyses WordPress sites and generates a detailed security report. You have to create an account and log in to access it. The free account is enough for personal projects, and the premium account is great for medium to large sites or people who want full control over their sites’ security.
WP Scans Blog should be on the radar of advanced WordPress users. It has many articles to sharpen and learn WordPress security skills.
WordPress.org
The support section of WordPress.org has a complete chapter focused on WordPress strengthening. You need to read it from A to Z to learn how to secure your site. Pay close attention because these pieces of advice are written by professional WordPress users. Consequently, read and apply their recommendations.
Wrapping Up
These ten resources cover all the security aspects regardless of the users’ knowledge level. As with everything man-made, this list is perfect, and I will gladly update it with your favorite security resources. Please leave a comment with your suggestions!
- The Complete Guide to Selling Your WordPress Blog - April 19, 2019
- 20+ Great WordPress Premium Theme Providers of 2019 - January 15, 2019
- The Pros and Cons of Selling WordPress Services on Fiverr - October 15, 2018