March 3, 2023 — Earlier this year, we looked at the theory behind developing WordPress plugins and themes securely. We covered how to develop a security mindset, and the guiding principles of secure development, and looked at the five examples of these principles, Sanitizing Data, Validating Data, Escaping Data, Nonces, and User Roles and Capabilities.

In this session, we will look at how these principles are applied in real-world examples, by understanding common security vulnerabilities, how they can be exploited by would-be attackers, and what you can do to prevent them.

Presentation Slides »

February 16, 2023 — Seu WordPress está seguro? Você já verificou se a versão que você utiliza ou seus plugins possuem alguma vulnerabilidade conhecida? Seu servidor está expondo somente o que é necessário? Suas configurações estão corretas? Vamos conhecer algumas ferramentas para verificar a segurança do seu WordPress.

September 28, 2022 — WordPress software is used on millions of sites and is considered secure; however, sites still get hacked every day. What can you as a WordPress user do to make sure your site is secure?

Join in as we take a look at the big picture of website security and break things down in a simple, approachable way. We’ll walk you through some of the most important things you can do today to secure your WordPress site better and help to mitigate risk.

June 23, 2022 — This talk explains how bad actors use AI to find WordPress sites with vulnerabilities and repurpose them as cyberterrorist botnets in the “Hacking World War.”

May 31, 2022 — Muchos piensan que una vez que se instala un plugin de seguridad ya lo han hecho todo y no tienen que estar pendientes de nada más. Te lo decimos desde ya: no basta con instalar un plugin y dejar que el plugin haga “todo el trabajo”

Tampoco se trata de ser alarmistas, por eso en esta meetup queremos que veas la importancia de la seguridad y que aprendás lo necesario para tener tu WordPress seguro.

Presentation Slides »

May 25, 2022 — Look over the shoulder of a security expert whose process will discover how a favicon could turn a site into a zombie node.

Presentation Slides »

May 15, 2022 — This talk offers recommendations and step-by-step instructions for improving the security of your WordPress site.

Presentation Slides »

November 26, 2021 — “Při bezpečnostních auditech už léta stále dokola nacházím velké i menší bezpečnostní chyby. Některé vznikají nepozorností tvůrce, některé chybným nastavením serveru a za některé mohou různé zero day zranitelnosti, jejichž dopady však mohly být minimalizovány vhodnou prevencí a včasným updatem.

V přednášce si projdeme jaké to jsou, co mohou způsobit, jaká je (alespoň částečná) obrana a také si ukážeme pár tipů, jak se je na svém webu pokusit najít.”

November 6, 2021 — Cos’è la sicurezza controllata dalle intestazioni, quali sono i vantaggi nell’impostare correttamente i comandi di sicurezza negli headers e presentazione del plugin Headers Security Advanced & HSTS WP per fare tutto con un semplice click.

Presentation Slides »

November 6, 2021 — Nel nostro intervento affronteremo l’argomento della sicurezza e nello specifico parleremo di come rendere sicura un’installazione di WordPress partendo dalla gestione del sistema operativo e del servizio di hosting per poi proseguire con la piattaforma stessa di WordPress. Verranno analizzati i tipi di attacchi più frequenti e si vedranno nel concreto come poter difendersi. Si analizzeranno gli aspetti critici più comuni (installazione, temi, plugin) e le soluzioni da adottare. Infine si andranno a suggerire alcune soluzioni ready to use per rendere automatica la gestione di questi processi tramite l’utilizzo di plugin o pannelli di controllo avanzati.

Presentation Slides »