June 7, 2016 — Newer Web APIs give developers abilities that were unthought of just a few years ago, making your website so much capable and powerful. However, these features are only available over HTTPS, to avoid security risks. Likewise, HTTP2 will only work over HTTPS encrypted connections. And even Google recently promised small bumps in their search results for sites served with HTTPS! Sadly, not only do HTTPS certificates cost money and are tedious to set up and maintain, but the renewal must be repeated annually… until now. Let’s Encrypt is a new authority that provides free and easy to manage certificates that work with all major browsers, with the aim of making encrypted connections the default. In this talk we’ll look at why you should add HTTPS to your WordPress installation, how Let’s Encrypt works and how to set it up in our WordPress websites, plus potential workflow improvements for the future.
May 18, 2016 — Nach einem kurzen einführenden Vortrag diskutieren wir das Thema in der Runde und Ihr könnt Fragen stellen.
Stefan Kremer kümmert sich mit seiner Firma AdminPress professionell um die Sicherheit von WordPress Seiten. Er ist ausserdem Mitglied im Orgateam für das WPMeetup Franken, das das nächste WordCamp Deutschland in Nürnberg im April 2016 auf die Beine stellt.
May 13, 2016 — You always think it will never happen to you but when it does, it’s all hands on deck. My personal site was almost hacked and since then I actively looked at what I could improve. During this talk I will talk what I had before and show all the improvements I made since then. It will be a mixed of using using the existing tools and my own creation in managing my sites.
May 12, 2016 — Unfortunately WordPress has reputation of weak security and the web is full of guides and plugins to enhance WordPress security. Unfortunately some advice is misleading or just false sales pitch. Understanding what is truly essential for security and what is irrelevant can be difficult. In this talk Otto will explain, based on his experience of maintaining hundreds of WordPress sites, what he doesn’t consider relevant and what you don’t need to worry about, and what are the actually important things you need to care for.
May 11, 2016 — Porozprávam o tom ako mi pred rokom hackli blog aj Facebook Fanpage a ako som ich získala naspäť. Načo to bolo celé dobré a čo všetko som potrebovala zmeniť – zmena hesiel, prosebné maily, nový dizajn, zmena kódov, iné pluginy,…
April 29, 2016 — This intermediate to advanced developer talk will focus on the types of vulnerabilities common in WordPress plugins by providing insight into the common vulnerabilities prevalent in WordPress plugins and themes including what they are, how they work and what a developer can do to prevent them. Topics will include XSS, CSRF and various other vulnerabilities often seen in WordPress.
April 26, 2016 — Although many times an afterthought, security should be built into a website from the beginning of the development process. From Binod and Logan’s research, a comprehensive discussion will be had about how to protect a website from its inception. Binod and Logan will take attendees through best practices of secure product development, including how to incorporate White box testing to ensure code security and real-life examples will be presented. Finally, Binod and Logan will share insight on post-deployment and how to monitor and patch websites—mitigating future attacks.
April 25, 2016 — Security can be complex, intimidating, and even frightening. Don’t let the enormity of it scare you into inaction. Learn what some of the security researchers and security professionals deal with, and then find out some simple steps you can take to secure your sites.
April 21, 2016 — What does it mean when someone has abused your WordPress environment? How would you even know? We’ll explore the meaningful impacts as a website owner and attackers abusing your site, your brand, your audience and ultimately: your wallet.
I’ll touch on the following key items:
The types of attacks that can abuse a WordPress site (defacement, re-directs, phishing, etc.)
How a compromise can abuse your visitors and Google’s involvement in this process.
How does this affect you financially? I’ll convey stories on clients who lost massive income from the smallest of hacks.