May 23, 2017 — Toutes les semaines vous pouvez trouver des listes d’extensions et thèmes vulnérables à lire, toutes les semaines vous pouvez trouver des listes de sites piratés, toutes les semaines vous pouvez trouver des tweets d’alertes, toutes les semaines sur Facebook vous pouvez trouver des témoignages de personnes ayant eu leur site piraté la veille.
Et vous que faisiez-vous la semaine passée pour éviter ça ? La sécurité ce n’est pas qu’« un truc d’expert », ce n’est pas juste parce que « mon site n’est pas une cible », ce n’est pas qu’une « histoire de codeurs » non, la sécurité commence par un bon comportement envers elle.
Cette conférence casse un peu les standards des conférences traditionnelles sur la sécurité, nous n’allons pas présenter d’extensions ni de solutions miracles, il n’y en a pas. Vous n’apprendrez pas comment patcher une faille XSS, ni même ne saurez ce qu’est une faille XSS, ces conférences ont déjà été données dans le passé. La sécurité commence ailleurs : mettez à jour votre posture face à la sécurité WordPress.
May 17, 2017 — El objetivo de esta ponencia es conocer por dónde nos puede atacar un usuario malintencionado, y aprender a solucionar las vulnerabilidades por nosotros mismos. Algo que debería hacer todo desarrollador de Páginas web con WordPress y que muy pocos lo hacemos. En esta ponencia realizaremos una auditoría de nuestra instalación de WordPress. Utilizaremos distintas herramientas para buscar vulnerabilidades en nuestras instalaciones. Se trata de herramientas online y scripts al alcance de cualquiera y que podemos conseguir de forma gratuita por la red. Aprenderemos lo que los ciberdelincuentes buscan y veremos como explotan esas vulnerabilidades para acceder a nuestras instalaciones.
May 7, 2017 — On December 3rd, 2015 a service called Let’s Encrypt entered its public beta. Backed by several major sponsors, the service caught on quickly. As of summer 2016, more than 5 million SSL certificates had been issued by Let’s Encrypt, nearly four million of which were active and unexpired.
If you are not familiar, Let’s Encrypt is a free, automated, open certificate authority that allows users to encrypt the data flowing to and from their websites easily and for free. The goal of Let’s Encrypt is to make data transfer over the internet secure by default. Towards that end, they have invested a considerable amount of time and energy in making it easy for users of all stripes to secure the data flowing in and out of their websites.
You may have already considered encrypting your website before — perhaps to perform better in search engines, or to gain the ability to accept payments on your website. Regardless of whether you’ve considered enabling SSL on your website or not, the goal of this talk is to demonstrate why encryption on your website matters. We will look at some practical examples and live demos of what data can be stolen from your website, even if you are using an encrypted wifi connection. Likewise, we’ll talk about how encryption of all websites — whether they’re dealing with sensitive information or not — makes the web a safer place for all of us.
Last, of course, we will look at how you can get started with Let’s Encrypt on your website. We’ll review the options available to you on common hosting providers, as well as walk through the steps for how you can set this up for yourself, if you have administrative access to your server.
If you already have Let’s Encrypt enabled on your site, this talk may be basic for you (although we’ll do a few cool demos that make for great party tricks, so feel free to stop by).
If you’ve never accessed your hosting provider’s website admin area (CPanel, Plesk, etc), this talk might be a bit hard for you to follow (although you should totally come and ask questions both during the presentation and after).
If you have a website and you’ve thought about enabling SSL on it but you just haven’t gotten around to it yet, this talk will be perfect for you. By the end of this presentation, you should not only know how to enable encryption on your website, but you will understand why it’s so important that you do.
It sounds like an intimidating topic, but we can do this. Come on and let’s encrypt!
April 20, 2017 — Security can seem intimidating and complex for many of us, but we shouldn’t (can’t) let that stop us from making sure we’re doing everything we can to secure our WordPress sites. After all, our websites are often part of our livelihood.
In this session Adam will discuss the “big picture” of website security and break down the fundamental tasks needed for a strong security plan, in order of importance. Adam will provide an actionable checklist on what you can start doing today to better secure your WordPress websites.
After attending this session, audience members will have a better understanding of website security as a whole and what steps they can take to mitigate risk. Attendees will be able to start building their WordPress security master plan immediately.
March 31, 2017 — WordPress is a favorite target of hackers who, for whatever reason, enjoy being mischievous. This talk will give you some pointers on how to protect your self-hosted WordPress site so that you make it harder for anyone to exploit weaknesses in your code and hosting setup.
March 29, 2017 — Security can be complex, intimidating, and even frightening. Don’t let the enormity of it scare you into inaction. Learn what some of the security researchers and security professionals deal with, and then find out some simple steps you can take to secure your sites.
March 24, 2017 — Every second WordPress sites are being attacked, and sites get compromised every day. I will bring you stories from the front lines detailing what the attackers are doing to get into sites, as well as not only how to defend, but hopefully how you can incorporate concepts of security not only in your site but every day life.
March 18, 2017 — WordPress upgrades, they bring us new features, faster sites, and better security. But pushing that upgrade button can be a scary moment, unless you’ve ensured your site is ready and compatible. I’ll show you the best practices for ensuring your site is ready including a simple strategy that works whether you manage one site or hundreds.
March 18, 2017 — Common Security Issues with Plugins
March 16, 2017 — Unfortunately WordPress has reputation of weak security and the web is full of guides and plugins to enhance WordPress security. Unfortunately some advice is misleading or just false sales pitch. Understanding what is truly essential for security and what is irrelevant can be difficult. In this talk I explain, based on my experience of maintaining hundreds of WordPress sites, what I don’t consider relevant and what you don’t need to worry about, and what are the actually important things you need to care for.