December 10, 2023 — Learn security lessons through a humorous but “scary story” about a WordPress site owner Joe and his website security troubles.

October 21, 2023 — Der Login-Bereich von WordPress ist aus Sicht der Sicherheit eine Schwachstelle. Alles und Jeder mit einer groben Vorstellung von Benutzername und/oder Passwort kommt von hier aus an Admin-Rechte, kann grundlegende Änderungen an Plugins, Aussehen und Inhalt einer Website vornehmen.
Mit welchen Maßnahmen der Login abgesichert werden kann, schauen wir uns in diesem Vortrag an.

October 20, 2023 — WordPress websites can sometimes have hidden data leak problems, which occur more frequently than one might initially think.
In this talk, I will highlight some common issues concerning data protection in WordPress. We’ll review real examples, discuss why I encountered these issues in certain projects, and I’ll provide tips on how to address them. Whether you’re new to WordPress or have been using it for years, I think it’s essential to be aware of these problems.

October 15, 2023 — This talk expains what “script kiddies” and hackers do to breach your WordPress site, install malware, steal data and more. Examples will show how to understand and mitigate these attacks.

October 13, 2023 — Learn about the approaches that enterprise agencies use to keep client sites secure. Find out why the White’s Local Family Business site gets hacked but whitehouse.gov does not.

September 30, 2023 — This talk offers insights into the overall security of WordPress ecosystem and shows how 2022 has changed compared to 2021.

The presentation is based on data collected from 2022 by processing more than 4000 security vulnerabilities and analyzing logs of tens of millions of attacks.

Learn what to expect as open-source and supply-chain security aligns with national security, in combination with increasing regulation by European Union and US.

July 11, 2023 — In this short video tutorial, we will explore seven ways to improve your site’s security.

May 22, 2023 — Join us for a lively and informative discussion about protecting your website with this NEO WordPress Meetup, “Safeguarding Your Website: Smart WordPress Security.”

I will share tips and tricks for setting up smart security measures to protect your WordPress website from potential threats.

This presentation will be a great experience where you can follow along and learn how to install and/or utilize various security tools.

We’ll delve into these tools and explore basic insights that can help you understand your website’s security status.

Whether you’re a beginner or an experienced WordPress user, this meetup is perfect for anyone looking to learn about smart WordPress security.

Presentation Slides »

March 10, 2023 — This session picks up from the last preventing common security vulnerabilities session (https://wordpress.tv/2023/03/03/lets-code-preventing-common-security-vulnerabilities/), and cover’s how to use nonces to prevent cross-site request forgery vulnerabilities

Presentation Slides »

March 3, 2023 — Earlier this year, we looked at the theory behind developing WordPress plugins and themes securely. We covered how to develop a security mindset, and the guiding principles of secure development, and looked at the five examples of these principles, Sanitizing Data, Validating Data, Escaping Data, Nonces, and User Roles and Capabilities.

In this session, we will look at how these principles are applied in real-world examples, by understanding common security vulnerabilities, how they can be exploited by would-be attackers, and what you can do to prevent them.

Presentation Slides »