Writing secure code is more than three-letter acronyms, escaping, and sanitization. It’s a state of mind, just like writing useful and maintainable software. This talk shows the natural evolution of the attitude towards security of a WordPress plugin developer.