When the “is the site down?” message arrives at 11pm, you should already know your next three moves. This is the day that turns that panic into a written routine.
Who delivers this: Christopher Ross · WordPress trainer for site owners and ops leads · WordPress training delivery since 2007 (broader training practice since 2004) · MA Candidate, Learning and Technology, Royal Roads University
WordPress 301 is the practical day for the person responsible for keeping a WordPress site healthy. By the end of it you will know what the actual attack surface looks like, you will have walked through a real backup-and-restore drill, and you will leave with a written maintenance routine you can hand to anyone who covers for you when you are away.
Who this is for
- Fit. Site owners and operations leads who run the WordPress site at a small business, non-profit, or association and want a calm, defensible routine.
- Fit. Junior agency staff who have inherited a portfolio of client sites and need a sane week-by-week update playbook that does not break things.
- Not fit. People whose real question is “how do I get this post to rank,” who care about headlines, internal links, and the SEO plugin rather than backups and updates. That is the content day. Book 201 instead.
- Not fit. Teams who want a compliance checklist to hand to an auditor. This is an operating routine, not a SOC 2 artifact.
Prerequisites: you have admin access to at least one live WordPress site, you know what a plugin is, and you can tell me who your host is. That is the bar.
What you’ll be able to do after
- Describe, in plain language, the realistic ways a WordPress site gets compromised, so you can stop worrying about the wrong things.
- Read your host’s shared-responsibility model honestly, and know what they cover, what you cover, and where the gap sits.
- Run a backup-and-restore drill on a staging copy, because a backup you have never restored is not a backup.
- Apply core, plugin, and theme updates in an order that does not surprise you, with a rollback path you trust.
- Set user roles by least privilege, so the person who writes the newsletter cannot accidentally delete the homepage.
- Run the first thirty minutes of an incident calmly: triage, isolate, communicate, then call for senior help if it is over your head.
What your manager will see different on Monday
- The monthly maintenance runbook sits on one page, on a shared drive, and anyone covering for the site operator can follow it without phoning for help.
- A backup has been restored on staging in the last 90 days, not just taken, so the team actually knows the backups work.
- The admin user list is short, current, and accounted for; the four abandoned admin accounts from past contractors are gone.
- Updates run in a predictable order with a rollback path, and the team stops dreading the “update everything and hope” Friday.
- The first thirty minutes of an incident look calm: triage, isolate, communicate, then call for senior help if it’s over the team’s head.
The day, block by block
- Know what actually breaks a small WordPress site, in proportion. Login brute-force, weak passwords, plugin and theme CVEs, abandoned plugins, supply chain. What happens to sites like yours in the wild, ranked by how often it happens, with no fear-mongering.
- Restore a site on purpose, before you ever have to do it in a panic. Why managed hosting matters and what it does not cover. Where backups should live, how often, and the test you have to run before you trust them. The first time you restore a site is going to be in this room, not on a bad Tuesday.
- Run updates that do not surprise you. Staging when it is worth it, and when a quick before-and-after check is enough. Reading a changelog. Holding back a plugin you do not yet trust. Knowing which updates can wait and which cannot.
- Lock down roles and walk through an incident with a written runbook. User roles by least privilege. The handful of monitoring signals worth watching. Your written runbook for the first thirty minutes of an incident. When to keep going and when to call a senior dev.
Real examples we’ll work through
- A backup-and-restore drill on a staging copy of a real site, end to end, with timing.
- A monthly maintenance routine written for your specific host and plugin stack, that fits on one page.
- A user-role audit of a real site, removing the four admin accounts that nobody at the office can remember creating.
Where this fits in the WordPress training pathway
Shaped for: Site owners, operations leads, and the person responsible for keeping the WordPress site healthy day to day.
Most learners come here from: WordPress Training 101.
From here, the most common next steps:
- WordPress Training 201, if you also write the content the site publishes.
- WordPress Training 401, if you are stepping into developer-level work and want the senior track.
The four WordPress courses are role-routed, not strictly sequential. Each one segments by the work you actually do on a WordPress site rather than by how long you have been around the dashboard. The full training catalogue shows how they sit alongside the Microsoft Office track.
Delivered as part of these service engagements
This course is included in the training scope of the following build and ongoing engagements, either at full public-cohort scope or as a compressed version tuned to your specific build. The audit-and-build credit policy on the service pages covers the training surface too: training hours already delivered as part of a build credit forward against any larger engagement that follows.
- Owner-Run Unlimited Growth ($17,000+), full session covering the operations surface and the admin handover.
- Scaled Team Site / WordPress Website Development ($24,000+), delivered to the platform owner and the operations team.
- Newspaper Regional News ($20,000+), delivered to the platform owner and ad-ops team, with the paywall and metering surface covered.
- Newspaper National Influencer ($75,000+), delivered to platform owners, ad ops, subscriber-revenue, and the operations team.
- E-commerce National ($60,000+), delivered to the platform owner and the fulfilment-and-customer-service teams.
- Learning Post-Secondary ($30,000+), delivered to platform owners, IT operations, and learner-support leads.
- Maintenance Active ($1,800/mo), available as an add-on at relationship start; the operations curriculum lines up with the cadence of work in this retainer.
- Maintenance Concierge ($4,000/mo), included in the half-day relationship-start workshop, tailored to your runbook and on-call procedures.
- SEO Enterprise ($5,000/mo), delivered to the platform owners and operations leads.
- WordPress Security & Hardening ($1,375+), delivered as part of the audit-and-remediation tier, tuned to the operator-side hardening practices and the runbook for the next plugin install.
Looking to book the public cohort or a private team session directly, separate from a build engagement? The pricing and booking surface below covers that path.
Format, duration, and pricing
301 runs online only, over Zoom or Google Meet, with the recording sent to your team if you need it. The full-day session is the format most teams book so we can run real backup-and-restore drills end to end; the half-day is a compressed option when your team only has a morning. Pricing is by format, not by group size.
| Format | From price (CAD) | Notes |
|---|---|---|
| Half-day (3 hours, focused) | from $750 | A working introduction |
| Full-day (6 hours) | from $1,495 | The standard format |
| Two half-days (split across one week) | from $1,495 | For teams who cannot block a full day |
| In-person delivery within Niagara / GTA: add $500/day. Teams larger than 12, a custom program, or multi-cohort rollouts: let’s scope it together. | ||
Currently booking through Q3 2026. Two virtual cohorts per month.
