PROTECT MY WP

WordPress Security at the Server Level

Nginx config, PHP-FPM, MySQL hardening, Fail2Ban, UFW. Written for people who manage their own infrastructure.

Buy Now for £19 Read a free chapter

Beyond the plugin layer

🖥️

Server hardening, SSH, UFW, Fail2Ban, PHP-FPM isolation

🗄️

MySQL security, table prefix hardening, database user privileges

📡

SSL configuration, security headers, Nginx rules

“Most WordPress security advice stops at the plugin layer. The interesting problems are underneath.”

What's inside

  • Nginx security configuration, with the rules worth using and the ones that cause more problems than they solve
  • PHP-FPM pool isolation, one pool per site, done properly
  • MySQL hardening and the database user privileges WordPress actually needs
  • UFW and Fail2Ban, set up so they catch real traffic without locking you out
  • SSH hardening, key based authentication, and why to disable root login first thing
  • SSL certificate management, HSTS, and the headers that make HTTPS actually mean something
  • Security headers in depth, CSP, X-Frame-Options, HSTS, Referrer-Policy
  • Server level log analysis and intrusion detection

From Chapter 2: WordPress Core Hardening 

location ~* /(wp-config\.php|xmlrpc\.php|readme\.html|license\.txt) {
    deny all;
    return 404;
}

Who wrote this

I've spent a long time managing the infrastructure underneath WordPress sites as well as the WordPress itself. Nginx configs, PHP-FPM pools, MySQL tuning, SSH and firewall rules, the layer most WordPress security advice never reaches.

The handbook is written for developers and sysadmins who run their own infrastructure and want to secure WordPress from the ground up. Every chapter is grounded in production setups I have actually run.

Get the WordPress security book

All 13 chapters, kept up to date. Single payment, access for life.

Buy Protect My WP for £19