WordPress training 301

Christopher Ross

7 min read

WordPress & CMS engineering · Fort Erie, Ontario

Overhead view of a wooden desk: an open silver laptop showing an abstract diagnostic settings panel, a printed checklist with several items checked off in pencil, a small black notebook, and a pair of glasses resting at the corner of the frame. Soft natural daylight from the upper-left.

When the “is the site down?” message arrives at 11pm, you should already know your next three moves. This is the day that turns that panic into a written routine.

Who delivers this: Christopher Ross · WordPress trainer for site owners and ops leads · WordPress training delivery since 2007 (broader training practice since 2004) · MA Candidate, Learning and Technology, Royal Roads University

WordPress 301 is the practical day for the person responsible for keeping a WordPress site healthy. By the end of it you will know what the actual attack surface looks like, you will have walked through a real backup-and-restore drill, and you will leave with a written maintenance routine you can hand to anyone who covers for you when you are away.

Who this is for

  • Fit. Site owners and operations leads who run the WordPress site at a small business, non-profit, or association and want a calm, defensible routine.
  • Fit. Junior agency staff who have inherited a portfolio of client sites and need a sane week-by-week update playbook that does not break things.
  • Not fit. People whose real question is “how do I get this post to rank,” who care about headlines, internal links, and the SEO plugin rather than backups and updates. That is the content day. Book 201 instead.
  • Not fit. Teams who want a compliance checklist to hand to an auditor. This is an operating routine, not a SOC 2 artifact.

Prerequisites: you have admin access to at least one live WordPress site, you know what a plugin is, and you can tell me who your host is. That is the bar.

What you’ll be able to do after

  • Describe, in plain language, the realistic ways a WordPress site gets compromised, so you can stop worrying about the wrong things.
  • Read your host’s shared-responsibility model honestly, and know what they cover, what you cover, and where the gap sits.
  • Run a backup-and-restore drill on a staging copy, because a backup you have never restored is not a backup.
  • Apply core, plugin, and theme updates in an order that does not surprise you, with a rollback path you trust.
  • Set user roles by least privilege, so the person who writes the newsletter cannot accidentally delete the homepage.
  • Run the first thirty minutes of an incident calmly: triage, isolate, communicate, then call for senior help if it is over your head.

What your manager will see different on Monday

  • The monthly maintenance runbook sits on one page, on a shared drive, and anyone covering for the site operator can follow it without phoning for help.
  • A backup has been restored on staging in the last 90 days, not just taken, so the team actually knows the backups work.
  • The admin user list is short, current, and accounted for; the four abandoned admin accounts from past contractors are gone.
  • Updates run in a predictable order with a rollback path, and the team stops dreading the “update everything and hope” Friday.
  • The first thirty minutes of an incident look calm: triage, isolate, communicate, then call for senior help if it’s over the team’s head.

The day, block by block

  1. Know what actually breaks a small WordPress site, in proportion. Login brute-force, weak passwords, plugin and theme CVEs, abandoned plugins, supply chain. What happens to sites like yours in the wild, ranked by how often it happens, with no fear-mongering.
  2. Restore a site on purpose, before you ever have to do it in a panic. Why managed hosting matters and what it does not cover. Where backups should live, how often, and the test you have to run before you trust them. The first time you restore a site is going to be in this room, not on a bad Tuesday.
  3. Run updates that do not surprise you. Staging when it is worth it, and when a quick before-and-after check is enough. Reading a changelog. Holding back a plugin you do not yet trust. Knowing which updates can wait and which cannot.
  4. Lock down roles and walk through an incident with a written runbook. User roles by least privilege. The handful of monitoring signals worth watching. Your written runbook for the first thirty minutes of an incident. When to keep going and when to call a senior dev.

Real examples we’ll work through

  • A backup-and-restore drill on a staging copy of a real site, end to end, with timing.
  • A monthly maintenance routine written for your specific host and plugin stack, that fits on one page.
  • A user-role audit of a real site, removing the four admin accounts that nobody at the office can remember creating.

Where this fits in the WordPress training pathway

Shaped for: Site owners, operations leads, and the person responsible for keeping the WordPress site healthy day to day.

Most learners come here from: WordPress Training 101.

From here, the most common next steps:

The four WordPress courses are role-routed, not strictly sequential. Each one segments by the work you actually do on a WordPress site rather than by how long you have been around the dashboard. The full training catalogue shows how they sit alongside the Microsoft Office track.

Delivered as part of these service engagements

This course is included in the training scope of the following build and ongoing engagements, either at full public-cohort scope or as a compressed version tuned to your specific build. The audit-and-build credit policy on the service pages covers the training surface too: training hours already delivered as part of a build credit forward against any larger engagement that follows.

Looking to book the public cohort or a private team session directly, separate from a build engagement? The pricing and booking surface below covers that path.

Format, duration, and pricing

301 runs online only, over Zoom or Google Meet, with the recording sent to your team if you need it. The full-day session is the format most teams book so we can run real backup-and-restore drills end to end; the half-day is a compressed option when your team only has a morning. Pricing is by format, not by group size.

Training investment, up to 12 participants
FormatFrom price (CAD)Notes
Half-day (3 hours, focused)from $750A working introduction
Full-day (6 hours)from $1,495The standard format
Two half-days (split across one week)from $1,495For teams who cannot block a full day
In-person delivery within Niagara / GTA: add $500/day. Teams larger than 12, a custom program, or multi-cohort rollouts: let’s scope it together.

Currently booking through Q3 2026. Two virtual cohorts per month.

Working through something on your own site? Get in touch →