1 of 10

The 3 P's of WordPress Security

Passwords, Plugins & Permissions

Building Inclusive Digital Economies

2 of 10

Andrew Ssanya

WordPress Dev | Digital Skills Facilitator

@X: SAndrewug

@LinkedIn: andrewssanya

Building Inclusive Digital Economies

3 of 10

The 3 P's

P

P

P

P3

Permissions

Who can do what

P1

Passwords

Your first line of defence

P3

Plugins

Power — and risk

Building Inclusive Digital Economies

4 of 10

Why the 3 P's?

Most WordPress hacks trace back to just one of these three things.

86%

of breaches involve

weak or stolen passwords

56%

of hacked WP sites ​ had​ vulnerable plugins

34%

of compromised sites had

excessive permissions

Building Inclusive Digital Economies

5 of 10

❌  Weak Password Examples

🚫 admin / password123

🚫 yourname + birthday

🚫 sitename2026

🚫 qwerty / 123456

✅ Strong Password Examples

✔ T!ger$MaK3_82#run

✔ Masaka@2026!WordCamp

✔ 7Blue$Hippo!Runs

✔ Use a password manager

✅ 12+ characters minimum — longer is always better

✅ Enable 2FA with the WP 2FA plugin (free)

✅ Change default 'admin' username immediately

✅ Use Bitwarden to manage passwords

P1 — Password Checklist

Building Inclusive Digital Economies

6 of 10

Last Updated

✅ Within 6 months

❌ Over 1 year ago

Active Installs

✅ 10,000+ installs

❌ Under 100 installs

Rating

✅ 4+ stars, many reviews

❌ Few reviews, low rating

WP Compatible

✅ Tested with your WP version

❌ Untested / incompatible

P2 — Plugin Checklist

🗑️ Delete plugins you don't use — deactivated ≠ safe

🔄 Update plugins every week — not just when you remember

🔍 Scan with Wordfence after any new install

How to Evaluate a Plugin Before Installing

shan256789

Building Inclusive Digital Economies

7 of 10

P3 — Permissions

Who can do what on your site?

Administrator

Everything — install, delete, manage

Editor

Publish & manage all posts/pages

Author

Publish & manage own posts only

Subscriber

Read only — no editing at all

Contributor

Write-only  no-publish access pages

Who can do what on your site?

Building Inclusive Digital Economies

8 of 10

Take Home

Update everything this week —  WordPress core, every plugin, every theme (then set a weekly reminder).

Check who has access —  Review Users → All Users. Remove anyone who shouldn't be there.

Audit your passwords —  Change weak ones, enable 2FA, install a password manager.

Building Inclusive Digital Economies

9 of 10

Questions?

Building Inclusive Digital Economies

10 of 10

Thank you ☺

Building Inclusive Digital Economies