WP Security 101 with Professional Doomspeaker Tim Nash

Start your WordPress security journey.

Take your WordPress security skills to the next level with Tim Nash

We provide dedicated online training for you and your team, led by WordPress security consultant Tim Nash.

Tim’s workshop was full of practical advice, useful insights and blood-curdling terror, in equal measure. Thoroughly recommended for anyone managing WordPress websites at any level.

— Nick Wilmot

WordPress Security Fundamentals

9 Modules covering a wide range of topics

52 Individual Topics & Lessons

Over 4 hours of Video Content, Practice Labs & additional resources

Examination and Certification

Join the waiting list

Learn from industry veteran Tim Nash

Tim Nash is a WordPress security consultant with over 20 years’ experience in WordPress security and a background in teaching. He is an international speaker, having presented at hundreds of events ranging from small meetups to major conferences, including WordCamp Europe, BrightonSEO, PayPal Innovate, and many others.

He is passionate, funny, and excellent at breaking down even the most complex subjects. If he can explain thermodynamics to six-year-olds, there’s a good chance he can explain WordPress security to you and your team.

Find out more about Tim:

Tim Nash standing on the stage at WCEU in Athens delivering a talk

Helping you keep your clients safe.

Building the skills you need today to help you navigate the sometimes complex world of WordPress security.

Module 1 – Introduction to WordPress Security

This module is designed to introduce the course and the basic concepts of WordPress security, including common terminology.

Introduction to the course and the learning outcomes
Why do bad actors compromise sites
Life cycle of a hack
Security Concepts
OWASP Top 10 as a classification of common hacks
OWAP ASVS and how to apply it to WordPress sites
Common WordPress Compromises
Common security myths

Module 2 – User Management

This module is designed to help harden user security, from understanding the concept of what a user is and what they can do, through to auditing who is and isn’t accessing the site

What is a user
Understanding user roles and capabilities
Password & Session Management
Multi-Factor Authentication
Single Sign-on and alternative login mechanisms
Auditing users

Module 3 – Update Management

This module covers keeping everything up to date and the best approaches to maintaining secure sites..

Why updating is so important
Building a SBOM (Software bill of materials)
Identifying critical updates
The Pros and Cons of Automatic Updates
Testing and Process Flows
Patching vs updating
Package Management

Module 4 – Browser Security

This module introduces concepts around browser security, such as security headers, and how they provide a layer of defence as well as reporting potential issues

Introduction to Security Headers
Introduction to Content Security Policies
Introduction to CORS
Implementing Security Headers

Module 5 – Configuration Management

This module covers configuration changes to WordPress to improve the security of a site, as well as hardening individual components..

WordPress Config Hardening
Database hardening
API Hardening XML-RPC/REST
SMTP Email hardening
Managing Secrets

Module 6 – Hosting & Backups

This module covers the role of services that are often outside of our direct control, including hosting, backups, and offsite services such as Cloudflare.

Understanding the role of Hosting in security
Choosing between Managed and Non Managed Hosting
Managing Backups
Managing PHP
Managing Apache/Nginx
Working with CDNs and proxy based WAF

Module 7 – Monitoring

This module covers the basics of user and site monitoring, and introduces the process of building a SIEM (Security Information and Event Management) solution.

Introduction to logging, monitoring solutions and SIEM
Introduction to User activity monitoring
Introduce to access/error and PHP specific logging
Identifying compromises with logging
Alerting and proactive monitoring

Module 8 – Compliance

This module covers the main requirements and differences between the major information security compliance standards, and how they apply to WordPress.

Why Compliance can sometimes be a good thing
WordPress and EU Cyber Resilience Act (CRA) ( & UK proposed bill)
WordPress and GDPR
WordPress and CyberEssentials
WordPress and PCI-DSS
WordPress and ISO27001

Module 9 – Putting it all together

This final module focuses on taking everything we have learnt and putting it into practice.

Risk Management
Starting from scratch
Auditing Existing Sites
Incremental changes

Register Your Interest

Be one of the first to hear when we launch and get an exclusive discount off the launch price.

Don’t worry by registering your interest, you’re not signing up or agreeing to anything!
It’s free to join, and even if you don’t ultimately buy the course, you’ll still have access to all the free material.
You’ll receive the occasional email from Tim as he prepares the course, and if you’d like to get involved, you can help by providing feedback on the course content as it’s finalised.
Get exclusive access before we launch the course to everyone else!
You’ll also have the option to “pre-buy” the course at a significant discount as launch approaches.

First Name

Last Name

What role closest matches you?

How did you hear about us?

Yes, sign me up! By checking this box, I agree I want to receive news and other promotional materials from and about Tim Nash (Tempered Ltd). I consent to Tempered Ltd, its affiliates and service providers processing my personal data for these purposes and as described in the Privacy Policy. I understand that I can withdraw my consent at any time.

Frequently Asked

Learn about WordPress Security

Got a question? We’ve got you covered! Check out the resources below, and be sure to let us know if there’s anything else we can help with.

What is WordPress Security Fundamentals?

WordPress Security Fundamentals is an online course designed to introduce the basics of WordPress security. It’s a mix of video content and other resources, and includes certification upon successful completion.

Will the course be free?

WordPress Security Fundamentals won’t be free, but rather a paid course. While the exact pricing hasn’t been finalised yet, we expect the course to be around £195. By registering your interest before launch, you’ll receive a substantial discount!

Can I buy it yet?

Not quite! The aim is to have everything ready for launch by the end of May 2025. We’ll be opening up pre-launch sales before then, once over 50% of the course has been recorded. Please note, you won’t be able to receive your certification until the course officially launches.

What skills are needed for the course?

The course is aimed at all WordPress users, although it’s expected that you have a good understanding of the WordPress admin area. While you don’t need to be a developer, some of the training does cover code-related topics. At a minimum, you should be comfortable adding plugins and themes, managing users, and understanding the basics of content editing. Familiarity with WP-CLI will be advantageous but is not a requirement.

Who should come on the course?

You! This course was developed for WordPress professionals—but what is a “professional”? In our case, we define that as someone who works with WordPress as part of their day-to-day job, whether in-house, freelance, or within an agency.

The course includes content suitable for system administrators, developers, and site configurators. If you manage a WordPress site or support those who do, this is the course for you.

How does certification work?

The course is designed to fit into your continuing personal development plan and includes certification upon successful completion of the course and final exam.