Every day countless WordPress sites are compromised or hacked. This simple fact has led site owners around the world to ask one question: why is WordPress so insecure? The reality is the exact opposite. With a security team composed of many experts and security researchers constantly working to patch all discovered vulnerabilities, a fresh WordPress site in isolation is incredibly secure. Security is a journey, a process, a practice, and a mindset. The security of a website begins with an authentic copy of the WordPress software and ends wherever you and your team lead it. This session will teach you how to think with a security first mindset, how to write secure code, and how to protect your site against the number one threat: humans.