April 25, 2026 — Starting in September 2026, parts of the Cyber Resilience Act (CRA) are going into effect. There are some things to prepare for agencies, developers and maintainers of open source software like WordPress plugins. This session will give you a primer on the key points of CRA, and equip you with the knowledge (and a handy checklist) to navigate the uncertain waters of European regulations.

March 16, 2026

November 2, 2025 — C’è un vecchio adagio – di dubbia attribuzione ma piuttosto efficace – che dice: gli USA innovano, l’Asia copia, l’Europa regola. E in effetti, quando una piccola agenzia si ritrova tra le mani le 150 pagine della direttiva NIS2, è difficile non pensarci. La prima reazione è: “Tanto non ci riguarda, noi facciamo siti web”. Poi, scavando un po’, ti accorgi che magari non sei nel mirino diretto, ma i tuoi clienti – PMI, enti pubblici, società regolamentate – sì. E che la catena degli approvvigionamenti, dove tu sei solo un piccolo anello, potrebbe dover rispondere di sicurezza, tracciabilità, gestione del rischio.
Questo talk non è una lezione tecnica né una disamina giuridica. È il racconto di come, in Black Studio, abbiamo iniziato a studiare la direttiva, a porci domande, a cercare soluzioni proporzionate alla nostra scala. Condividerò riflessioni, approcci e qualche strumento concreto che stiamo usando per non farci cogliere impreparati. Nessuna pretesa di avere risposte definitive, ma una checklist – volutamente non esaustiva – che può essere utile a chi, come noi, cerca di orientarsi in un contesto sempre più regolato, ma non sempre pensato per chi lavora in piccolo.

December 10, 2023 — Learn security lessons through a humorous but “scary story” about a WordPress site owner Joe and his website security troubles.

October 21, 2023 — Der Login-Bereich von WordPress ist aus Sicht der Sicherheit eine Schwachstelle. Alles und Jeder mit einer groben Vorstellung von Benutzername und/oder Passwort kommt von hier aus an Admin-Rechte, kann grundlegende Änderungen an Plugins, Aussehen und Inhalt einer Website vornehmen.
Mit welchen Maßnahmen der Login abgesichert werden kann, schauen wir uns in diesem Vortrag an.

October 20, 2023 — WordPress websites can sometimes have hidden data leak problems, which occur more frequently than one might initially think.
In this talk, I will highlight some common issues concerning data protection in WordPress. We’ll review real examples, discuss why I encountered these issues in certain projects, and I’ll provide tips on how to address them. Whether you’re new to WordPress or have been using it for years, I think it’s essential to be aware of these problems.

October 15, 2023 — This talk expains what “script kiddies” and hackers do to breach your WordPress site, install malware, steal data and more. Examples will show how to understand and mitigate these attacks.

October 13, 2023 — Learn about the approaches that enterprise agencies use to keep client sites secure. Find out why the White’s Local Family Business site gets hacked but whitehouse.gov does not.

September 30, 2023 — This talk offers insights into the overall security of WordPress ecosystem and shows how 2022 has changed compared to 2021.

The presentation is based on data collected from 2022 by processing more than 4000 security vulnerabilities and analyzing logs of tens of millions of attacks.

Learn what to expect as open-source and supply-chain security aligns with national security, in combination with increasing regulation by European Union and US.

July 11, 2023 — In this short video tutorial, we will explore seven ways to improve your site’s security.