The 3 P's of WordPress Security
Passwords, Plugins & Permissions
Building Inclusive Digital Economies
Andrew Ssanya
WordPress Dev | Digital Skills Facilitator
@X: SAndrewug
@LinkedIn: andrewssanya
Building Inclusive Digital Economies
The 3 P's
P�
P�
P�
P3
Permissions
Who can do what
P1
Passwords
Your first line of defence
P3
Plugins
Power — and risk
Building Inclusive Digital Economies
Why the 3 P's?
Most WordPress hacks trace back to just one of these three things.
86%
of breaches involve
weak or stolen passwords
56%
of hacked WP sites had vulnerable plugins
34%
of compromised sites had
excessive permissions
Building Inclusive Digital Economies
❌ Weak Password Examples
🚫 admin / password123
🚫 yourname + birthday
🚫 sitename2026
🚫 qwerty / 123456
✅ Strong Password Examples
✔ T!ger$MaK3_82#run
✔ Masaka@2026!WordCamp
✔ 7Blue$Hippo!Runs
✔ Use a password manager
✅ 12+ characters minimum — longer is always better
✅ Enable 2FA with the WP 2FA plugin (free)
✅ Change default 'admin' username immediately
✅ Use Bitwarden to manage passwords
P1 — Password Checklist
Building Inclusive Digital Economies
Last Updated
✅ Within 6 months
❌ Over 1 year ago
Active Installs
✅ 10,000+ installs
❌ Under 100 installs
Rating
✅ 4+ stars, many reviews
❌ Few reviews, low rating
WP Compatible
✅ Tested with your WP version
❌ Untested / incompatible
P2 — Plugin Checklist
🗑️ Delete plugins you don't use — deactivated ≠ safe
🔄 Update plugins every week — not just when you remember
🔍 Scan with Wordfence after any new install
How to Evaluate a Plugin Before Installing
shan256789
Building Inclusive Digital Economies
P3 — Permissions
Who can do what on your site?
Administrator
Everything — install, delete, manage
Editor
Publish & manage all posts/pages
Author
Publish & manage own posts only
Subscriber
Read only — no editing at all
Contributor
Write-only — no-publish access pages
Who can do what on your site?
Building Inclusive Digital Economies
Take Home
Update everything this week — WordPress core, every plugin, every theme (then set a weekly reminder).
Check who has access — Review Users → All Users. Remove anyone who shouldn't be there.
Audit your passwords — Change weak ones, enable 2FA, install a password manager.
Building Inclusive Digital Economies
Questions?
Building Inclusive Digital Economies
Thank you ☺
Building Inclusive Digital Economies