June 8, 2026 — Plugins help us in many ways, especially SEO plugins. I’m not a denier, but sometimes we forget that WordPress is there, and that it has lots of native tools and features with an impressive range of things you can do, completely with WordPress, without any plugins, to improve—or even destroy—a website’s SEO and GEO. From comment settings to how to use the block editor for positioning and brand presence, there is a lot to do, and in this workshop, I want attendees to get the most out of WordPress to position their content, without installing any plugins.

June 8, 2026 — Take your block development skills to the next level! In this hands-on workshop, you’ll build a fully functional, touch-enabled gallery slider using the WordPress Interactivity API (IAPI)—the modern standard for adding dynamic, reactive experiences to WordPress blocks. What You’ll Build: A production-ready gallery slider featuring slide navigation, infinite carousel mode, auto-play, and mobile swipe gestures—all powered by reactive state management. What You’ll Learn: Core IAPI concepts: stores, state, context, directives, actions, and callbacks How to extend WordPress core blocks with interactivity using PHP filters Adding editor controls for user-configurable settings Implementing touch event handling for mobile-friendly experiences Who Should Attend: WordPress plugin and theme developers comfortable with block development basics who want to create richer, more interactive user experiences without relying on external JavaScript frameworks. You’ll Leave With: Working code, a deeper understanding of the Interactivity API, and practical patterns you can apply to your own projects immediately. 👉 Bring your laptop and be ready to code!

June 8, 2026 — Caching in WooCommerce isn’t one thing p it’s fifty. In this hands-on workshop, we demystify the full spectrum of WordPress and WooCommerce caching layers: OPcache, server-level cache, page/HTML cache, object cache, and WooCommerce-specific caching quirks. No theory for theory’s sake – we’ll walk through real examples, debug common cache misses, and show live demos of how each layer impacts performance, stability, and TTFB.

June 8, 2026 — So you’ve heard about the WordPress Core AI projects. Maybe you’ve read the blog posts, skimmed the GitHub repositories, or watched a talk about what’s coming. But there’s a massive difference between understanding something conceptually and actually building with it. If that’s the case, then this workshop is for you. In this workshop, you’ll learn to build a working AI-powered WordPress plugin from scratch. You’ll leave with functioning code on your laptop and a solid understanding of how each of these tools works, so you can start experimenting on your own. What we’ll build: We’re going to create a plugin that registers custom abilities, exposes them via the Model Context Protocol, and uses the WP AI Client to add intelligent behaviour. By the end, you’ll have a plugin that lets an AI assistant interact with your WordPress site—discovering what’s possible and taking actions on your behalf. Prerequisites: A laptop with a local WordPress development environment that you are familiar with (I’ll be using WordPress Studio) Familiarity with WordPress plugin development, PHP, and JavaScript Composer and Node.js are installed and working, the latest stable versions An API key from one of the following AI model providers: Google, Anthropic, OpenAI (You can register one for free via Google AI Studio) If you prefer not to register an API Key with one of these providers, you can also install Ollama and a local model of your choice. However, that model must support the ability to read image files. One of the following MCP-compatible agentic AI applications: Claude Desktop, VS Code with GitHub Copilot, or Cursor Claude Code is also acceptable if you use that. You may use your own MCP-compatible AI agent, but I won’t be able to support you if things go wrong. The patience to troubleshoot if things don’t work the first time (they rarely do, and that’s part of learning) Fair warning: once you see an AI assistant execute an ability you wrote yourself, you’ll probably spend the rest of the weekend thinking of things to build. Don’t say I didn’t warn you.

June 8, 2026 — Full Site Editing isn’t just for DIY users—it is a powerful architectural tool for professionals. Join this workshop to master the lifecycle of a modern Block Theme. We will build a portfolio site to showcase your work, focusing on three core skills: scaffolding with the Create Block Theme plugin, configuring design systems via theme.json, and implementing governance (locking APIs) to protect your design. Leave with a working theme and a repeatable workflow for your next client project.

June 8, 2026 — “Secure hosting” is everywhere in WordPress, but what does it actually protect against? We put this claim to the test with real penetration testing: 30 known vulnerabilities, multiple hosting providers, standardized methodology validated by independent observers. The findings reveal a critical gap between marketing and reality. WordPress-specific attacks succeed most of the time. This talk shares the complete results and explains why generic security fails.

June 8, 2026 — The WordPress Performance team was established in 2021 with the goal of improving the performance of WordPress Core. As a fundamental part of rendering each and every page of a WordPress site, the `WP_Query` class has received a lot of attention. In this talk, Peter will discuss how the performance of `WP_Query` and the WordPress Query component have been improved with increased caching, and how that can be taken full advantage of when building WordPress sites at scale.

June 8, 2026 — Learn the five steps to design secure headless WordPress architectures. This talk focuses on API-first security, attack surface reduction, and practical decisions when exposing WordPress APIs to mobile apps and PWAs.

June 8, 2026 — NIS2 puts an incident on a clock. If a client is affected, an early warning is due within 24 hours, a full notification within 72 hours, and a final report within 30 days. Most small WordPress agencies and freelancers are not in scope themselves, but their clients are, and the supply chain rules pull us in anyway. This 10-minute lightning talk walks through that reporting workflow from a small agency’s point of view: what counts as an incident, what to have ready before anything breaks, and the five steps from detection to the 30-day report. It also shows where AI can help.

June 8, 2026 — Discover how attackers weaponize WordPress native search endpoint for devastating DDoS attacks, while learning practical defense strategies from a cybersecurity perspective. This talk reveals a hidden vulnerability in standard WordPress installations and provides easy solutions.