• Based in Richmond, VA
web design world logo
Get Started
Course Content
01 – Website Setup & WordPress Basics
This module teaches the foundational steps required to build a fully functional WordPress website from scratch. You will learn how to choose and register a domain name, set up reliable hosting, configure SSL, create email accounts, and install WordPress using both 1-click and manual methods. The lessons guide you through the WordPress dashboard, essential settings, and the key differences between posts and pages. You’ll also learn how to install and configure critical plugins for SEO, security, and backups, as well as how to select and activate the right theme for your website’s goals. By the end of this module, you will understand how to create pages, build navigation menus, and implement basic security practices to keep your site safe. This section provides the technical foundation needed to confidently build and manage your WordPress website.
0/12
What You Need to Build a Website (Domains, Hosting, WordPress)
How to Choose and Register a Domain Name
Setting Up Hosting (cPanel, SSL, Email Accounts)
Installing WordPress (1-Click Install + Manual Install)
WordPress Dashboard Overview
General Settings (Permalinks, Reading, Writing, Timezone)
Installing Essential Plugins (SEO, Security, Backups)
Choosing and Installing a Theme
Understanding Posts vs Pages
Creating Your First Page
Creating a Navigation Menu
WordPress Security Basics
02 – Elementor Page Building
This module shows you how to design professional, visually engaging website pages using Elementor’s drag-and-drop page builder. You will learn how to install Elementor, navigate the editor, and use sections, columns, and widgets to create clean, modern layouts. The lessons cover global colors and typography, designing hero sections, using containers with Flexbox, and building fully responsive pages for desktop, tablet, and mobile. You’ll also learn how to add images, videos, icons, galleries, buttons, forms, and calls-to-action that drive user engagement. This module teaches you how to build site-wide elements such as headers, footers, and reusable templates using Elementor’s Theme Builder. By the end, you’ll be able to design polished, conversion-focused website pages—without writing any code.
0/12
Installing Elementor + Elementor Pro (Optional)
Overview of the Elementor Editor
Using Sections, Columns, and Widgets
Global Colors and Global Typography
Designing Hero Sections
How to Use Containers (If Elementor Flexbox is On)
Building Responsive Layouts (Mobile + Tablet)
Creating Buttons, Forms, and Call-to-Actions
Adding Images, Galleries, Icons, and Videos
Building Headers and Footers
Creating Reusable Templates
Using Elementor’s Theme Builder
03 – Business Website Essentials
This module teaches you how to structure, plan, and create the essential pages every high-performing business website needs. You’ll learn how to clearly communicate what your business does, who you help, and why visitors should choose you. The lessons walk you through building an effective Home page, writing a compelling About page, creating a Services page that converts, and designing a Contact page with professional forms. You’ll also learn how to add trust-building elements such as testimonials, logos, and badges, as well as how to set up strategic calls-to-action throughout your site. This module covers blog creation, content planning, and the structure of your first posts, along with important legal pages your site must include. By the end, you’ll know how to create a complete, conversion-optimized business website that supports your goals and builds credibility with your audience.
0/12
Planning Your Website Structure
Writing Clear Business Messaging (What You Do + Who You Help)
Creating an Effective Home Page
How to Write an Impactful About Page
Creating Your Services Page (Layout + Copywriting)
Building a Contact Page With a Form
Adding Trust Elements (Testimonials, Logos, Badges)
Setting Up Calls-to-Action That Convert
Creating a Blog Page
Structuring Your First Blog Posts
Adding Legal Pages (Privacy, Terms, Cookie Policy)
Connecting Social Media Links
04 – Branding & Visual Design
This module teaches you how to create a cohesive, professional visual identity for your website and brand. You’ll learn the fundamentals of branding, including how to choose color palettes, pair fonts, and create a consistent look across every page. The lessons cover layout balance, white space, and visual hierarchy so your designs are clean, modern, and easy to navigate. You’ll also learn how to create a simple logo using DIY tools like Canva, select brand-appropriate images, and use icons and graphics effectively. This module shows you how to build a complete brand style guide and avoid common design mistakes, while ensuring your website remains accessible for all users. By the end, you’ll be able to design a cohesive, visually appealing website that strengthens your brand identity and improves user experience.
0/12
Understanding Branding Basics
Choosing Color Palettes for Your Website
Typography Basics (Fonts, Pairing, Readability)
Creating a Consistent Brand Look
Designing With White Space + Layout Balance
Creating a Logo (DIY Tools like Canva)
Choosing Images That Match Your Brand
Using Icons and Graphics Correctly
Creating a Brand Style Guide
Visual Hierarchy Principles
Design Mistakes to Avoid
Designing for Accessibility
05 – SEO & Website Traffic
This module teaches you how to optimize your website for Google search and attract consistent, high-quality traffic. You’ll learn what SEO is, why it matters, and how to choose the right keywords for your business. The lessons cover on-page SEO essentials such as titles, meta descriptions, alt text, internal linking, and proper blog structure. You’ll also learn how to create local SEO pages, optimize images for speed, and set up Google Analytics and Google Search Console to track your performance. This module shows you how to create content that ranks and attracts customers, as well as how to drive additional traffic through social media. By the end, you’ll understand how to build a search-friendly, high-visibility website that brings in more visitors and potential customers over time.
0/12
What SEO Is & Why It Matters for Small Businesses
Keyword Research for Beginners
How to Choose the Right Keywords for Your Website
On-Page SEO (Titles, Meta Descriptions, Alt Text)
How to Structure Blog Posts for SEO
Internal Linking for Better Rankings
Creating Local SEO Pages (Service Areas, Maps, NAP Info)
Optimizing Images and Speed
Setting Up Google Analytics
Setting Up Google Search Console
Creating Content That Attracts Customers
How to Get Traffic From Social Media
06 – Website Launch & Maintenance
This module teaches you how to successfully launch, manage, and maintain your WordPress website for long-term performance. You’ll learn how to follow a complete pre-launch checklist, test your site across devices, and ensure all links, forms, and layouts work correctly. The lessons cover essential speed optimization techniques such as caching and minification, along with key security practices including firewalls, malware scans, and automatic backups. You’ll also learn how to connect your domain using DNS, monitor site propagation, and use analytics tools to track traffic and performance. This module shows you how to safely update WordPress, themes, and plugins, troubleshoot common errors, maintain mobile responsiveness, and follow a monthly website maintenance routine. By the end, you’ll know how to keep your site fast, secure, and running smoothly long after launch.
0/12
Pre-Launch Checklist (Testing Links + Devices)
Speed Optimization (Caching, Minification)
Security Essentials (Firewalls, Malware Scans)
Setting Up Automatic Backups
Launching Your Website (DNS, Propagation)
Tracking Performance (Analytics + Search Console)
Updating WordPress, Themes, and Plugins Safely
Fixing Common WordPress Errors
Monitoring Uptime & Site Health
How to Add New Pages or Edit Existing Ones
Keeping Your Site Mobile Friendly
Monthly Website Maintenance Checklist
How to Make a Website

Security Essentials (Firewalls & Malware Scans)

Keeping WordPress secure is an ongoing process. Use a web application firewall (WAF), schedule malware scans, harden login access, and maintain backups so you can recover quickly if anything goes wrong.

1) Core Principles

    • Least privilege: Only give users the access they need (Editor, Shop Manager, etc.).

    • Layers of defense: Hosting security + CDN/WAF + WordPress firewall plugin + strong access controls.

    • Visibility & response: Logging, alerts, scheduled scans, and a tested recovery plan.

Quick win: Enable 2FA for all Administrator accounts and disable file editing in the dashboard.

2) Choose Your Firewall

CDN / Edge WAF

    • Cloudflare WAF: Blocks threats before they reach your server; add rules, rate limiting, bot fight mode.

    • Host-provided WAF: Some managed hosts include edge firewalls and DDoS protection.

    • Best for: Broad attack filtering, performance boost via CDN.

Plugin / Application WAF

    • Wordfence: Endpoint firewall, malware scanner, login security.

    • NinjaFirewall / iThemes Security / Sucuri: Rulesets, hardening, and alerts.

    • Best for: WordPress-specific rules, easy per-site management.

Use one main firewall layer in WordPress. Running multiple security plugins with overlapping features can cause conflicts.

3) Recommended Baseline Settings

    • Force HTTPS (SSL) and enable HSTS at the edge (if available).

    • 2-Factor Authentication for all Admins; require strong passwords for all users.

    • Login protection: Limit login attempts, enable reCAPTCHA/turnstile, and rename/hide wp-login.php if offered.

    • XML-RPC: Disable or restrict; allowlist Jetpack/mobile IPs only if you need it.

    • File editing off: Add define('DISALLOW_FILE_EDIT', true); to wp-config.php.

    • Firewall rules: Block common exploits (SQLi/XSS), rate-limit /wp-login.php and /xmlrpc.php, block countries/bots if relevant.

    • Security headers: Add Content-Security-Policy (start with report-only), X-Frame-Options, X-Content-Type-Options, and Referrer-Policy via host or plugin.

4) Malware Scans & Integrity Checks

    • Schedule scans (daily/weekly): core files, themes, plugins, uploads for suspicious files, backdoors, and modified core.

    • File change detection: Alert when files are added/edited; review diffs for unexpected changes.

    • Blacklist checks: Monitor search engine and security vendor blocklists.

    • Quarantine or auto-repair infected core files; always review before deleting in uploads.

Never clean without a backup. Verify you have a recent, off-site backup before removing or repairing files.

5) Hardening Checklist

    • Keep everything updated: WordPress core, themes, plugins. Remove anything unused.

    • Backups: Daily database + weekly full files; store off-site (S3/Drive) with 30–90 day retention. Test restores.

    • Least privilege users: Convert old Admins to lower roles or remove; use separate admin account (no blogging as Admin).

    • Lock down wp-admin: Optional IP allowlist or HTTP Auth for high-risk sites.

    • Disable directory indexing and restrict wp-content execution where possible.

    • Enforce plugin/theme integrity (block nulled software) and verify signatures/hashes when available.

6) Incident Response (If You Suspect a Hack)

    • Isolate: Put the site in maintenance mode or restrict traffic via WAF; take a fresh backup for forensics.

    • Scan with your security plugin and at the server/edge; check recent file changes and admin users.

    • Clean: Quarantine or remove malicious files; replace core, theme, plugin files from official sources.

    • Reset credentials: All WordPress users, hosting panel, SFTP/SSH, database, API keys.

    • Patch & harden: Update components, close entry points (vulnerable plugins, weak passwords, exposed endpoints).

    • Request blacklist review (if flagged) and monitor logs for recurring activity.

7) Example Configs (Practical Defaults)

Cloudflare (Free/Pro)

    • Enable WAF Managed Rules + Bot Fight.

    • Rate-limit /wp-login.php and /xmlrpc.php (e.g., 5 req / 10s).

    • Always Use HTTPS + HSTS; set Security Level to Medium/High.

Wordfence / iThemes

    • Firewall: Enabled & Learning Mode for 1–2 days, then Enabled & Protecting.

    • Brute force: limit to 5–10 retries; lock out 10–30 min; enable reCAPTCHA/Turnstile.

    • Scans: schedule daily; enable file change detection + email alerts.

WooCommerce Notes

    • Never cache Cart/Checkout/My Account pages; exclude from WAF rules that block cookies/sessions.

    • Require 2FA for Admins/Shop Managers; enable fraud/abuse protection at gateway/CDN.

    • Log webhook endpoints and allowlist them in firewall rate limits.

8) Final Security Checklist

    • Edge or plugin firewall enabled and tested.

    • 2FA + strong passwords for all privileged users.

    • Login rate limiting + CAPTCHA/Turnstile active.

    • XML-RPC restricted; file editing disabled.

    • Scheduled malware scans and file change alerts.

    • Backups off-site with recent restore test.

    • Security headers and HTTPS/HSTS configured.

    • Incident response steps documented.

Run a Malware Scan

Previous
Next