July 1, 2016 — WordPress Hardening is an underestimated problem for many people and even when you keep your system updated you are not completely risk free. Many projects, after golive, are left in the lurch without love… I’d like to share some small improvements that are achievable with very little effort and can make the difference.
June 7, 2016 — Newer Web APIs give developers abilities that were unthought of just a few years ago, making your website so much capable and powerful. However, these features are only available over HTTPS, to avoid security risks. Likewise, HTTP2 will only work over HTTPS encrypted connections. And even Google recently promised small bumps in their search results for sites served with HTTPS! Sadly, not only do HTTPS certificates cost money and are tedious to set up and maintain, but the renewal must be repeated annually… until now. Let’s Encrypt is a new authority that provides free and easy to manage certificates that work with all major browsers, with the aim of making encrypted connections the default. In this talk we’ll look at why you should add HTTPS to your WordPress installation, how Let’s Encrypt works and how to set it up in our WordPress websites, plus potential workflow improvements for the future.
May 18, 2016 — Nach einem kurzen einführenden Vortrag diskutieren wir das Thema in der Runde und Ihr könnt Fragen stellen.
Stefan Kremer kümmert sich mit seiner Firma AdminPress professionell um die Sicherheit von WordPress Seiten. Er ist ausserdem Mitglied im Orgateam für das WPMeetup Franken, das das nächste WordCamp Deutschland in Nürnberg im April 2016 auf die Beine stellt.
May 13, 2016 — You always think it will never happen to you but when it does, it’s all hands on deck. My personal site was almost hacked and since then I actively looked at what I could improve. During this talk I will talk what I had before and show all the improvements I made since then. It will be a mixed of using using the existing tools and my own creation in managing my sites.
May 12, 2016 — Unfortunately WordPress has reputation of weak security and the web is full of guides and plugins to enhance WordPress security. Unfortunately some advice is misleading or just false sales pitch. Understanding what is truly essential for security and what is irrelevant can be difficult. In this talk Otto will explain, based on his experience of maintaining hundreds of WordPress sites, what he doesn’t consider relevant and what you don’t need to worry about, and what are the actually important things you need to care for.
May 11, 2016 — Porozprávam o tom ako mi pred rokom hackli blog aj Facebook Fanpage a ako som ich získala naspäť. Načo to bolo celé dobré a čo všetko som potrebovala zmeniť – zmena hesiel, prosebné maily, nový dizajn, zmena kódov, iné pluginy,…
April 29, 2016 — This intermediate to advanced developer talk will focus on the types of vulnerabilities common in WordPress plugins by providing insight into the common vulnerabilities prevalent in WordPress plugins and themes including what they are, how they work and what a developer can do to prevent them. Topics will include XSS, CSRF and various other vulnerabilities often seen in WordPress.
April 26, 2016 — Although many times an afterthought, security should be built into a website from the beginning of the development process. From Binod and Logan’s research, a comprehensive discussion will be had about how to protect a website from its inception. Binod and Logan will take attendees through best practices of secure product development, including how to incorporate White box testing to ensure code security and real-life examples will be presented. Finally, Binod and Logan will share insight on post-deployment and how to monitor and patch websites—mitigating future attacks.
April 25, 2016 — Security can be complex, intimidating, and even frightening. Don’t let the enormity of it scare you into inaction. Learn what some of the security researchers and security professionals deal with, and then find out some simple steps you can take to secure your sites.