‘security’ Videos

  • Julio Potier: Mise à jour sur la sécurité de WordPress

    Julio Potier: Mise à jour sur la sécurité de WordPress

    WordCamp Bordeaux 2017Speaker: Julio Potier

    May 23, 2017 — Toutes les semaines vous pouvez trouver des listes d’extensions et thèmes vulnérables à lire, toutes les semaines vous pouvez trouver des listes de sites piratés, toutes les semaines vous pouvez trouver des tweets d’alertes, toutes les semaines sur Facebook vous pouvez trouver des témoignages de personnes ayant eu leur site piraté la veille.

    Et vous que faisiez-vous la semaine passée pour éviter ça ? La sécurité ce n’est pas qu’« un truc d’expert », ce n’est pas juste parce que « mon site n’est pas une cible », ce n’est pas qu’une « histoire de codeurs » non, la sécurité commence par un bon comportement envers elle.

    Cette conférence casse un peu les standards des conférences traditionnelles sur la sécurité, nous n’allons pas présenter d’extensions ni de solutions miracles, il n’y en a pas. Vous n’apprendrez pas comment patcher une faille XSS, ni même ne saurez ce qu’est une faille XSS, ces conférences ont déjà été données dans le passé. La sécurité commence ailleurs : mettez à jour votre posture face à la sécurité WordPress.

    Presentation Slides »

  • Tomás Sierra: ¿Seguro que creo webs seguras?

    Tomás Sierra: ¿Seguro que creo webs seguras?

    WordCamp Madrid 2017Speaker: Tomas Sierra

    May 17, 2017 — El objetivo de esta ponencia es conocer por dónde nos puede atacar un usuario malintencionado, y aprender a solucionar las vulnerabilidades por nosotros mismos. Algo que debería hacer todo desarrollador de Páginas web con WordPress y que muy pocos lo hacemos. En esta ponencia realizaremos una auditoría de nuestra instalación de WordPress. Utilizaremos distintas herramientas para buscar vulnerabilidades en nuestras instalaciones. Se trata de herramientas online y scripts al alcance de cualquiera y que podemos conseguir de forma gratuita por la red. Aprenderemos lo que los ciberdelincuentes buscan y veremos como explotan esas vulnerabilidades para acceder a nuestras instalaciones.

    Presentation Slides »

  • Nancy Thanki: Let’s Encrypt! Wait. How? Why?

    Nancy Thanki: Let’s Encrypt! Wait. How? Why?

    WordCamp Pune 2017Speaker: Nancy Thanki

    May 7, 2017 — On December 3rd, 2015 a service called Let’s Encrypt entered its public beta. Backed by several major sponsors, the service caught on quickly. As of summer 2016, more than 5 million SSL certificates had been issued by Let’s Encrypt, nearly four million of which were active and unexpired.

    If you are not familiar, Let’s Encrypt is a free, automated, open certificate authority that allows users to encrypt the data flowing to and from their websites easily and for free. The goal of Let’s Encrypt is to make data transfer over the internet secure by default. Towards that end, they have invested a considerable amount of time and energy in making it easy for users of all stripes to secure the data flowing in and out of their websites.

    You may have already considered encrypting your website before — perhaps to perform better in search engines, or to gain the ability to accept payments on your website. Regardless of whether you’ve considered enabling SSL on your website or not, the goal of this talk is to demonstrate why encryption on your website matters. We will look at some practical examples and live demos of what data can be stolen from your website, even if you are using an encrypted wifi connection. Likewise, we’ll talk about how encryption of all websites — whether they’re dealing with sensitive information or not — makes the web a safer place for all of us.

    Last, of course, we will look at how you can get started with Let’s Encrypt on your website. We’ll review the options available to you on common hosting providers, as well as walk through the steps for how you can set this up for yourself, if you have administrative access to your server.

    If you already have Let’s Encrypt enabled on your site, this talk may be basic for you (although we’ll do a few cool demos that make for great party tricks, so feel free to stop by).

    If you’ve never accessed your hosting provider’s website admin area (CPanel, Plesk, etc), this talk might be a bit hard for you to follow (although you should totally come and ask questions both during the presentation and after).

    If you have a website and you’ve thought about enabling SSL on it but you just haven’t gotten around to it yet, this talk will be perfect for you. By the end of this presentation, you should not only know how to enable encryption on your website, but you will understand why it’s so important that you do.

    It sounds like an intimidating topic, but we can do this. Come on and let’s encrypt!

  • Adam W. Warner: WordPress Security for Beginners - Simple Steps to Build Your Master Plan

    Adam W. Warner: WordPress Security for Beginners – Simple Steps to Build Your Master Plan

    WordCamp Louisville 2016Speaker: Adam W Warner

    April 20, 2017 — Security can seem intimidating and complex for many of us, but we shouldn’t (can’t) let that stop us from making sure we’re doing everything we can to secure our WordPress sites. After all, our websites are often part of our livelihood.

    In this session Adam will discuss the “big picture” of website security and break down the fundamental tasks needed for a strong security plan, in order of importance. Adam will provide an actionable checklist on what you can start doing today to better secure your WordPress websites.

    After attending this session, audience members will have a better understanding of website security as a whole and what steps they can take to mitigate risk. Attendees will be able to start building their WordPress security master plan immediately.

    Presentation Slides »

  • Burke Ingraffia: Hardening WordPress Security

    Burke Ingraffia: Hardening WordPress Security

    WordCamp New Orleans 2016Speaker: Burke Ingraffia

    March 31, 2017 — WordPress is a favorite target of hackers who, for whatever reason, enjoy being mischievous. This talk will give you some pointers on how to protect your self-hosted WordPress site so that you make it harder for anyone to exploit weaknesses in your code and hosting setup.

  • Aaron D. Campbell: Website Security – The Big Picture w/ Simple Steps to Take

    Aaron D. Campbell: Website Security – The Big Picture w/ Simple Steps to Take

    WordCamp Atlanta 2017Speaker: Aaron D. Campbell

    March 29, 2017 — Security can be complex, intimidating, and even frightening. Don’t let the enormity of it scare you into inaction. Learn what some of the security researchers and security professionals deal with, and then find out some simple steps you can take to secure your sites.

  • Robert Rowley: WordPress Security - Know Your Enemy

    Robert Rowley: WordPress Security – Know Your Enemy

    WordCamp Bangkok 2017Speaker: Robert Rowley

    March 24, 2017 — Every second WordPress sites are being attacked, and sites get compromised every day. I will bring you stories from the front lines detailing what the attackers are doing to get into sites, as well as not only how to defend, but hopefully how you can incorporate concepts of security not only in your site but every day life.

    Presentation Slides »

  • Dustin Meza: WordPress Upgrade Anxiety No More - 5 Steps to Having a No Surprise Upgrade

    Dustin Meza: WordPress Upgrade Anxiety No More – 5 Steps to Having a No Surprise Upgrade

    WordCamp Nashville 2016Speaker: Dustin Meza

    March 18, 2017 — WordPress upgrades, they bring us new features, faster sites, and better security. But pushing that upgrade button can be a scary moment, unless you’ve ensured your site is ready and compatible. I’ll show you the best practices for ensuring your site is ready including a simple strategy that works whether you manage one site or hundreds.

    Presentation Slides »

  • Samuel Wood (Otto): Common Security Issues with Plugins

    Samuel Wood (Otto): Common Security Issues with Plugins

    WordCamp Nashville 2016Speaker: Samuel "Otto" Wood

    March 18, 2017 — Common Security Issues with Plugins

  • Otto Kekalainen: WordPress Security 101

    Otto Kekalainen: WordPress Security 101

    WordCamp Manchester 2016Speaker: Otto Kekäläinen

    March 16, 2017 — Unfortunately WordPress has reputation of weak security and the web is full of guides and plugins to enhance WordPress security. Unfortunately some advice is misleading or just false sales pitch. Understanding what is truly essential for security and what is irrelevant can be difficult. In this talk I explain, based on my experience of maintaining hundreds of WordPress sites, what I don’t consider relevant and what you don’t need to worry about, and what are the actually important things you need to care for.