WordPress powers over 43% of the web, yet many sites – especially those by NGOs, small businesses, and local organizations – operate with minimal security resources even the government. Drawing from my experience investigating database breaches, website defacements, and plugin vulnerabilities, including government and private sector systems in Nepal, this session presents practical, zero-budget strategies to secure WordPress sites.
The talk covers hardening wp-config.php, role-based access control, brute-force mitigation, and native WordPress security mechanisms, along with techniques to detect early signs of compromise and respond effectively in resource-constrained environments. Beyond technical steps, it emphasizes the importance of security awareness, mindset, and ongoing maintenance to maintain resilience against evolving threats.
Attendees will leave with actionable, low-cost methods to protect their WordPress environments, understand common attack vectors, and gain the confidence to implement defenses immediately. This session demonstrates that effective cybersecurity is achievable without expensive tools, empowering developers, site owners, and administrators to safeguard their digital presence efficiently.