WordPress LMS Website Security With Chris Badgett

This episode is brought to you by Popup Maker

Boost Your Website’s Leads & Sales with Popup Maker

Get started for free or save 15% OFF Popup Maker Premium—the most trusted WordPress popup plugin to grow your email list and increase sales conversions.

Get Popup Maker Now

In his LMScast solo episode, Chris Badgett discusses the new safeguards in LifterLMS 9.0 and delves further into the significance of WordPress LMS website security.

He describes how tools like Akismet spam detection, sophisticated CAPTCHA integrations with Cloudflare Turnstile and Google reCAPTCHA, and IP blocking for repeatedly unsuccessful checkouts help guard against bots and fraudulent activities. By implementing secured media, Chris also resolves a persistent WordPress problem with the Media Library, guaranteeing that only enrolled students can access course materials and downloads.

He highlights effective practices, including employing technologies like Vimeo’s domain limitation for video security, depending on safe hosting with backups, evaluating admin accounts, and enforcing strong passwords.

Chris emphasizes that LifterLMS has always placed a high priority on protecting course developers, their users, and their intellectual property going one step further with version 9.0 while understanding the necessity to strike a balance between security and user experience.

2025 WordPress LMS Buyer’s Guide

Exclusive Download! Stop wasting time and money researching online course and membership site tech.

Download the Buyer’s Guide

Here’s Where To Go Next…

Get the Course Creator Starter Kit to help you (or your client) create, launch, and scale a high-value online learning website.

Also visit the creators of the LMScast podcast over at LifterLMS, the world’s leading most customizable learning management system software for WordPress. Create courses, coaching programs, online schools, and more with LifterLMS.

Browse more recent episodes of the LMScast podcast here or explore the entire back catalog since 2014.

And be sure to subscribe to get new podcast episodes delivered to your inbox every week.

Episode Transcript

Chris Badgett: You’ve come to the right place if you’re looking to create, launch, and scale a high value online training program. I’m your guide, Chris Badget. I’m the co-founder of lifter LMS, the most powerful learning management system for WordPress. State of the end, I’ve got something special for you. Enjoy the show.

Hello, and welcome back to another episode of LMS Cast. Today I’m joined by a special guest and it’s just me. I haven’t done a solo episode in a while. My name’s Chris Badgett. I’m the CEO and co-founder of Lifter LMS and host of the LMS CAST Podcast. Today we’re gonna do an episode about. WordPress websites and security, particularly in the learning management system niche.

So recently Lifter LMS released a new version, a major version, which is called Lifter, LMS 9.0, and it has a lot of new security features in it. And I wanted to discuss security with you because it’s helpful to understand and get into the details. Security, what it is, how it works, what it’s preventing, and so on.

So some of the great things about Lifter LMS 9.0 there’s so many things security related, but just to go through them the first is that we now have a setting you can turn on to block IP addresses that have 10 failed checkouts in 15 minutes. And basically what that does. Is that prevents bots on the internet or scammers from essentially trying to create free accounts or use stolen credit cards or fraudulent credit cards to test them on your website to see if they can find one that works.

So the reality of the internet is there is a lot of. Scammers, bots that are trying to get access to your website. There’s probably actually a lot more of it going on all the time than you realize. But the truth is WordPress is actually a very secure platform. LifterLMS is known as the most secure learning management system because since day one. Which is over 12 years ago, we’ve always been focused on security.

And protecting the users of lifter LMS, but also your users. Users. So we’ve implemented from day one the best security practices and we have continuously improved as time goes on, making things more secure, adapting to new issues of the time. So on. When someone tries to, check out too many times in a row, it’s not a real transaction and lifter LMS will stop that and block their IP address temporarily.

So if somebody made a honest to goodness mistake and, entered 10 different credit cards of their own trying to make it work, they are gonna be able to get back in, but they’re gonna be locked out for a while. And most of the stuff that is gonna block is actual fraudulent activity.

And if you don’t know what a IP address is, it’s just a location on the internet where somebody is trying to access your website from. So your router, your wifi, has a specific IP address or a location that you are connecting from. So if a spammer is at home. Trying to test credit cards on your website, they’re gonna get blocked.

Anybody in that home is not going to be able to keep doing what they’re doing. And the reality is that most of that is actually bots or computer programs that are running and, trying to test hundreds or even thousands or tens of thousands of cards on a schedule. So it will shut those.

Fraudsters, scammers, and scammers down in their tracks. The other thing we implemented in lifter LMS 9.0 is the most advanced capture protection currently available. So there’s two types of the main tools that you can integrate with for free to create a kind of a login or checkout. Or registration blocker if somebody is not a legitimate human or real user of your site.

Those two integrations that we’ve added natively into the free version of LifterLMS one is called Recapture and the other is called Turnstile by CloudFlare. And basically what these technologies do, you basically sign up for free, you get an API key. You put it on your site and through the lifter LMS settings.

And what they’re gonna do is they’re gonna use the advanced capture technology that those companies have to essentially score your user’s behavior on your website. And if anything looks out of line like it’s a bot that’s like clicking on a million things at once. Or, too many like rapid actions all at once.

It’s not really a human activity and there’s a lot more that goes into scoring than just that. But just as an example it will stop those people from being able to register or log in or in some way get into your site when they’re not a legitimate user. And it’s likely, again, not a person, it is likely a computer program.

That a spammer or a scammer is using to try to get into your website. So LifterLMS is implemented the most advanced capture technology currently available for free to Protect You, and we have resources on our website that show you how to set it up. It’s really just a couple things you have to copy and paste and turn on, and you’re good to go and you have dramatically improved the security and protection of your website.

We also did a native deeper integration with Akismet, which is also an anti-spam solution that you can turn on to prevent spammers from registering and commenting and doing things on your website that you don’t want ’em. There to do. So Smit has been around WordPress for a really long time. I highly recommend it.

It’s a great tool. You can get started for free with that as well. Again, the integration of that is built for free into the core free version of Lifter LMS. Now, let’s talk about a different aspect of security. Let’s talk about your intellectual property, your content, your media. So lifter, LMS as if you’ve been using our learning management system, you know you have to enroll in a course or a membership, and maybe you have to pay to enroll or maybe it’s free.

But either way, you have to become a, a user of the site that is allowed or granted access to specific course content or other membership protected content on your website. That whole user system protects your intellectual property from just being public on the internet. And for a lot of people, they’re charging for access to their courses and memberships with Lyft or LMS, and it might not be lifetime access.

Maybe you have to pay a monthly fee or you sign up for an annual membership. There’s a million different pricing models you can implement, but in terms of protecting your intellectual property. WordPress has had a challenge for a long time where the way that it handles media, like in the WordPress Media Library, which you’ve probably heard of those media files are actually public on the internet, and a lot of people don’t realize that.

If you’re in a course, if you’re a course creator. And you’re adding a PDF or a PowerPoint presentation, or an audio file o