‘security’ Videos

  • Chathu Vishwajith: Hardening WordPress and Driving a Vehicle

    Chathu Vishwajith: Hardening WordPress and Driving a Vehicle

    WordCamp Utrecht 2018Speaker: Chathu Vishwajith

    February 25, 2020 — I would like to talk about recent serious security incidents had with WordPress installations and Start with the general points that anybody who is going to use or currently using WordPress needs to put their attention compared with driving a vehicle. Then I will suggest few plugins and services that I use and will request the audience to engage and let their suggestions too.I have mastered Art of hardening WordPress installation more than 30+ in Sri Lanka and other clients abroad.

  • Mikey Veenstra: 3 Security Mistakes You Didn’t Realize You Made

    Mikey Veenstra: 3 Security Mistakes You Didn’t Realize You Made

    WordCamp Portland 2018Speaker: Mikey Veenstra

    December 31, 2019 — We all take shortcuts sometimes. Whether you were swamped with client work and a corner had to be cut, or you’re stretched so thinly trying to wear every hat that something fell through the cracks, we’ve all encountered mistakes we made ourselves. While they’re mostly all forgivable, it becomes a bit of a different issue when a mistake leads to a security concern. In this talk we’ll look at three common security mistakes made by WordPress site owners every day, why they get made in the first place, and how to resolve them.

    Presentation Slides »

  • Vladimir Smitka: WordPress through the bad guys' glassed

    Vladimir Smitka: WordPress through the bad guys’ glassed

    WordCamp Europe 2019Speaker: Vladimír Smitka

    December 30, 2019 — Vladimír will give a 10-minute preview of common but not often-mentioned mistakes he saw during security scans of WordPress sites, specifically: Username and email leaking, full path disclosures, accessible backups, open .git repositories and DoS capable endpoints. He will also provide tips on how to reduce risks, where it is worth restricting access, how to enable Bcrypt password hashing and 2FA, and what configuration directives you need to check.

  • Todd Dow: WordPress Security 101

    Todd Dow: WordPress Security 101

    WordCamp Niagara 2019Speaker: Todd Dow

    December 30, 2019 — Security is hard. And scary. And oh so confusing. But it doesn’t have to be that way. With WordPress, the basics are built in and you’re a simple checklist away from hardening your WordPress site like a pro. In this session, Todd will use plain english, entertaining stories and an all encompassing top 10 list to take you from newbie to knowledgeable in less than an hour.

  • Mikey Veenstra: What The Hack? Fortifying Your Security by Understanding Your Adversary

    Mikey Veenstra: What The Hack? Fortifying Your Security by Understanding Your Adversary

    WordCamp Seattle 2018Speaker: Mikey Veenstra

    December 19, 2019 — Malicious activity is an unfortunate reality when maintaining a web presence today. Most people involved in the web industry know someone who encountered the aftermath of a disruptive attack–if they haven’t themselves. Because of this, awareness of security best practices is at an all-time high. To many, though, it may not be clear exactly why these measures are important.

    To remedy that, we’ll be taking a practical look at what’s actually happening when a website gets attacked, as well as discussing the hows and whys along the way. From understanding why small sites still get hacked, to why password reuse is really as bad as everyone says, we’ll explore the rationale behind the security principles you’re always being told to follow.

    Presentation Slides »

  • Chris Teitzel: With Great Power Comes Great Responsibility

    Chris Teitzel: With Great Power Comes Great Responsibility

    WordCamp Seattle 2018Speaker: Chris Teitzel

    December 19, 2019 — As developers, we are capable of many amazing feats. We can create experiences that touch the lives of millions, brings aid to the corners of the world, empowers new businesses and bring a voice to the voiceless. WordPress powers over 30% of the entire web! However with this capability, we must also take on the responsibility for the people, and data, we interact with.

    During this session, we’ll discuss how a culture of security can benefit not only your organization but also protect your end users and yes even the world. We’ll look at the ethics of privacy, secure web design and architecture, and the impact our decisions have on the community and our users. Mixed in will be best practices for secure coding, how to manage sensitive data from clients and users, compliance with various regulations and laws around privacy, and how to foster a culture of security even while you manage distributed teams. I’ll share my experiences from almost a decade in Open Source and some of the mistakes and successes I’ve had along the way.

    Most of all, as WordPress continues to empower more and more of our digital world, it is up to us to decide as a community how we will use this influence and together we can work to make the world a better and safer place for people no matter where they come from.

    Presentation Slides »

  • Steve Schwartz: How An Attacker Sees Your Website

    Steve Schwartz: How An Attacker Sees Your Website

    WordCamp Birmingham 2019Speaker: Steve Schwartz

    December 10, 2019 — Why would a hacker hack YOUR website? For fun, for glory? Not anymore! Hacking websites is now a monetized criminal enterprise. They don’t care about your website, they care about your website computing resources.
    An understanding of what the bad guys know (and how easy it is for them to operate) will motivate you to take a proactive approach to security prior to a hack – instead of spending tens of thousands to get your data back after the fact.

    Presentation Slides »

  • Francesca Marano: Sicurezza per il tuo sito senza una riga di codice

    Francesca Marano: Sicurezza per il tuo sito senza una riga di codice

    WordCamp Catania 2019Speaker: Francesca Marano

    November 18, 2019 — WordPress è sicuro? Sì, certo! Tuttavia, un’installazione obsoleta di WordPress, con una password debole e plugin mal scelti, è decisamente vulnerabile.

    Si dice spesso che “la sicurezza è un processo” e la sicurezza del proprio sito inizia con l’installazione di WordPress. Perché dovresti preoccuparti della sicurezza dal primo giorno, quando il tuo sito è nuovo di zecca e solo tua mamma lo legge? Cosa dovresti fare da solo, mentre il tuo sito cresce, quando non hai (ancora) il budget per assumere un esperto? Come puoi rendere più sicura la navigazione dei tuoi visitatori? Come puoi minimizzare il rischio di essere hackerato?

    In questo talk, esaminerò alcune best practice che è possibile implementare per rendere il tuo sito più sicuro e perché dovresti averne cura. Nessuno di questi richiede una singola riga di codice. Tutto ciò di cui hai bisogno è buon senso e una buona comprensione di cosa fare e cosa non fare quando gestisci il tuo sito.

    Presentation Slides »

  • Otto Kekäläinen: How to investigate and recover from a security breach – real-life experiences

    Otto Kekäläinen: How to investigate and recover from a security breach – real-life experiences

    WordCamp Stuttgart 2019Speaker: Otto Kekäläinen

    November 10, 2019 — Sometimes the bad guys get in, despite all the protections and precautions. If that happens, there are many techniques that can be used to stop further damage, track down what the intruder did and how they got in. Finally the site needs to be cleaned up and re-opened for visitors. In this talk the most important techniques are presented along with real-life examples when they were used.

    Presentation Slides »

  • Stacy M. Clements: WordPress Security: Beyond The Plugin

    Stacy M. Clements: WordPress Security: Beyond The Plugin

    WordCamp Birmingham 2019Speaker: Stacy M. Clements

    October 29, 2019 — You installed a security plugin, and you don’t get much traffic anyway since your business is small…so you don’t need to worry about getting hacked, right?

    While there are several good security plugins that are a useful part of a security plan, securing a WordPress site requires more than a plugin. Plugins are handy tools but can give a false sense of security if the entire security landscape is not considered.

    You may not have a lot of money to invest, but you can learn a framework and some basic actions to help you get a better grasp on security for your website – and your business.