November 2, 2025 — C’è un vecchio adagio – di dubbia attribuzione ma piuttosto efficace – che dice: gli USA innovano, l’Asia copia, l’Europa regola. E in effetti, quando una piccola agenzia si ritrova tra le mani le 150 pagine della direttiva NIS2, è difficile non pensarci. La prima reazione è: “Tanto non ci riguarda, noi facciamo siti web”. Poi, scavando un po’, ti accorgi che magari non sei nel mirino diretto, ma i tuoi clienti – PMI, enti pubblici, società regolamentate – sì. E che la catena degli approvvigionamenti, dove tu sei solo un piccolo anello, potrebbe dover rispondere di sicurezza, tracciabilità, gestione del rischio.
Questo talk non è una lezione tecnica né una disamina giuridica. È il racconto di come, in Black Studio, abbiamo iniziato a studiare la direttiva, a porci domande, a cercare soluzioni proporzionate alla nostra scala. Condividerò riflessioni, approcci e qualche strumento concreto che stiamo usando per non farci cogliere impreparati. Nessuna pretesa di avere risposte definitive, ma una checklist – volutamente non esaustiva – che può essere utile a chi, come noi, cerca di orientarsi in un contesto sempre più regolato, ma non sempre pensato per chi lavora in piccolo.

December 10, 2023 — Learn security lessons through a humorous but “scary story” about a WordPress site owner Joe and his website security troubles.

October 21, 2023 — Der Login-Bereich von WordPress ist aus Sicht der Sicherheit eine Schwachstelle. Alles und Jeder mit einer groben Vorstellung von Benutzername und/oder Passwort kommt von hier aus an Admin-Rechte, kann grundlegende Änderungen an Plugins, Aussehen und Inhalt einer Website vornehmen.
Mit welchen Maßnahmen der Login abgesichert werden kann, schauen wir uns in diesem Vortrag an.

October 20, 2023 — WordPress websites can sometimes have hidden data leak problems, which occur more frequently than one might initially think.
In this talk, I will highlight some common issues concerning data protection in WordPress. We’ll review real examples, discuss why I encountered these issues in certain projects, and I’ll provide tips on how to address them. Whether you’re new to WordPress or have been using it for years, I think it’s essential to be aware of these problems.

October 15, 2023 — This talk expains what “script kiddies” and hackers do to breach your WordPress site, install malware, steal data and more. Examples will show how to understand and mitigate these attacks.

October 13, 2023 — Learn about the approaches that enterprise agencies use to keep client sites secure. Find out why the White’s Local Family Business site gets hacked but whitehouse.gov does not.

September 30, 2023 — This talk offers insights into the overall security of WordPress ecosystem and shows how 2022 has changed compared to 2021.

The presentation is based on data collected from 2022 by processing more than 4000 security vulnerabilities and analyzing logs of tens of millions of attacks.

Learn what to expect as open-source and supply-chain security aligns with national security, in combination with increasing regulation by European Union and US.

July 11, 2023 — In this short video tutorial, we will explore seven ways to improve your site’s security.

May 22, 2023 — Join us for a lively and informative discussion about protecting your website with this NEO WordPress Meetup, “Safeguarding Your Website: Smart WordPress Security.”

I will share tips and tricks for setting up smart security measures to protect your WordPress website from potential threats.

This presentation will be a great experience where you can follow along and learn how to install and/or utilize various security tools.

We’ll delve into these tools and explore basic insights that can help you understand your website’s security status.

Whether you’re a beginner or an experienced WordPress user, this meetup is perfect for anyone looking to learn about smart WordPress security.

Presentation Slides »

March 10, 2023 — This session picks up from the last preventing common security vulnerabilities session (https://wordpress.tv/2023/03/03/lets-code-preventing-common-security-vulnerabilities/), and cover’s how to use nonces to prevent cross-site request forgery vulnerabilities

Presentation Slides »