June 20, 2017 — Shivam is a Senior Software Engineer with BlogVault. He spends most of his time glued to a computer writing codes directly/indirectly related to WordPress.

WordPress is huge. One of the greatest things about WordPress is that it’s open source; which also means that it is really well understood. WordPress powers more than 25% of the web and it’s steadily moving towards the 30% mark. Thousands of third-party plugins and themes are available. All these points that make WordPress great, also make WordPress extremely vulnerable to hacking. Also, the scale and complexity of WordPress provides for a large attack surface.

June 19, 2017 — Learn some quick WordPress security measures and policies that do not require any programming knowledge.

Takeaways:

Initial Setup Configuration
Secure Login Form
Plugin To Help Secure Your Website

Presentation Slides »

June 19, 2017 — Mr. Koirala, Founder/ Director of Eminence Ways Pvt. Ltd, is a Software Engineer and an MBA holder with certification in IS0 27001:2013. He is an Information Security Enthusiast, who aims to create an environment for secure IT developments and its implementation in Nepal. He tried to familiarize the areas where site owners, developers and hosting companies need to be careful for a secure operation. Finally, his presentation will try to create trust among the users of WordPress in terms of security.

June 2, 2017 — WordPress is one of the most used content management systems in the world. Which also, inconveniently, makes it one of the most-targeted CMS’ for hackers. You know you should keep WordPress core, plugins, and themes up-to-date, but what else can you do to protect your system?

Join Sarah as she walks through some of the best practices for securing WordPress and explore the resources available to secure a site, especially if you’re maintaining or hosting sites for your clients. How do you reduce your security risks, so you have less headache over time, ensuring you don’t have nasty surprises, and can keep your clients happy.

May 23, 2017 — Toutes les semaines vous pouvez trouver des listes d’extensions et thèmes vulnérables à lire, toutes les semaines vous pouvez trouver des listes de sites piratés, toutes les semaines vous pouvez trouver des tweets d’alertes, toutes les semaines sur Facebook vous pouvez trouver des témoignages de personnes ayant eu leur site piraté la veille.

Et vous que faisiez-vous la semaine passée pour éviter ça ? La sécurité ce n’est pas qu’« un truc d’expert », ce n’est pas juste parce que « mon site n’est pas une cible », ce n’est pas qu’une « histoire de codeurs » non, la sécurité commence par un bon comportement envers elle.

Cette conférence casse un peu les standards des conférences traditionnelles sur la sécurité, nous n’allons pas présenter d’extensions ni de solutions miracles, il n’y en a pas. Vous n’apprendrez pas comment patcher une faille XSS, ni même ne saurez ce qu’est une faille XSS, ces conférences ont déjà été données dans le passé. La sécurité commence ailleurs : mettez à jour votre posture face à la sécurité WordPress.

Presentation Slides »

May 17, 2017 — El objetivo de esta ponencia es conocer por dónde nos puede atacar un usuario malintencionado, y aprender a solucionar las vulnerabilidades por nosotros mismos. Algo que debería hacer todo desarrollador de Páginas web con WordPress y que muy pocos lo hacemos. En esta ponencia realizaremos una auditoría de nuestra instalación de WordPress. Utilizaremos distintas herramientas para buscar vulnerabilidades en nuestras instalaciones. Se trata de herramientas online y scripts al alcance de cualquiera y que podemos conseguir de forma gratuita por la red. Aprenderemos lo que los ciberdelincuentes buscan y veremos como explotan esas vulnerabilidades para acceder a nuestras instalaciones.

Presentation Slides »

May 7, 2017 — On December 3rd, 2015 a service called Let’s Encrypt entered its public beta. Backed by several major sponsors, the service caught on quickly. As of summer 2016, more than 5 million SSL certificates had been issued by Let’s Encrypt, nearly four million of which were active and unexpired.

If you are not familiar, Let’s Encrypt is a free, automated, open certificate authority that allows users to encrypt the data flowing to and from their websites easily and for free. The goal of Let’s Encrypt is to make data transfer over the internet secure by default. Towards that end, they have invested a considerable amount of time and energy in making it easy for users of all stripes to secure the data flowing in and out of their websites.

You may have already considered encrypting your website before — perhaps to perform better in search engines, or to gain the ability to accept payments on your website. Regardless of whether you’ve considered enabling SSL on your website or not, the goal of this talk is to demonstrate why encryption on your website matters. We will look at some practical examples and live demos of what data can be stolen from your website, even if you are using an encrypted wifi connection. Likewise, we’ll talk about how encryption of all websites — whether they’re dealing with sensitive information or not — makes the web a safer place for all of us.

Last, of course, we will look at how you can get started with Let’s Encrypt on your website. We’ll review the options available to you on common hosting providers, as well as walk through the steps for how you can set this up for yourself, if you have administrative access to your server.

If you already have Let’s Encrypt enabled on your site, this talk may be basic for you (although we’ll do a few cool demos that make for great party tricks, so feel free to stop by).

If you’ve never accessed your hosting provider’s website admin area (CPanel, Plesk, etc), this talk might be a bit hard for you to follow (although you should totally come and ask questions both during the presentation and after).

If you have a website and you’ve thought about enabling SSL on it but you just haven’t gotten around to it yet, this talk will be perfect for you. By the end of this presentation, you should not only know how to enable encryption on your website, but you will understand why it’s so important that you do.

It sounds like an intimidating topic, but we can do this. Come on and let’s encrypt!

April 20, 2017 — Security can seem intimidating and complex for many of us, but we shouldn’t (can’t) let that stop us from making sure we’re doing everything we can to secure our WordPress sites. After all, our websites are often part of our livelihood.

In this session Adam will discuss the “big picture” of website security and break down the fundamental tasks needed for a strong security plan, in order of importance. Adam will provide an actionable checklist on what you can start doing today to better secure your WordPress websites.

After attending this session, audience members will have a better understanding of website security as a whole and what steps they can take to mitigate risk. Attendees will be able to start building their WordPress security master plan immediately.

Presentation Slides »

March 31, 2017 — WordPress is a favorite target of hackers who, for whatever reason, enjoy being mischievous. This talk will give you some pointers on how to protect your self-hosted WordPress site so that you make it harder for anyone to exploit weaknesses in your code and hosting setup.

March 29, 2017 — Security can be complex, intimidating, and even frightening. Don’t let the enormity of it scare you into inaction. Learn what some of the security researchers and security professionals deal with, and then find out some simple steps you can take to secure your sites.