December 10, 2023 — Learn security lessons through a humorous but “scary story” about a WordPress site owner Joe and his website security troubles.

October 15, 2023 — This talk expains what “script kiddies” and hackers do to breach your WordPress site, install malware, steal data and more. Examples will show how to understand and mitigate these attacks.

October 1, 2023 — Passkeys are a safer and easier alternative to passwords. With passkeys, users can sign-in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords.

Presentation Slides »

September 30, 2023 — This talk offers insights into the overall security of WordPress ecosystem and shows how 2022 has changed compared to 2021.

The presentation is based on data collected from 2022 by processing more than 4000 security vulnerabilities and analyzing logs of tens of millions of attacks.

Learn what to expect as open-source and supply-chain security aligns with national security, in combination with increasing regulation by European Union and US.

July 11, 2023 — In this short video tutorial, we will explore seven ways to improve your site’s security.

May 22, 2023 — Join us for a lively and informative discussion about protecting your website with this NEO WordPress Meetup, “Safeguarding Your Website: Smart WordPress Security.”

I will share tips and tricks for setting up smart security measures to protect your WordPress website from potential threats.

This presentation will be a great experience where you can follow along and learn how to install and/or utilize various security tools.

We’ll delve into these tools and explore basic insights that can help you understand your website’s security status.

Whether you’re a beginner or an experienced WordPress user, this meetup is perfect for anyone looking to learn about smart WordPress security.

Presentation Slides »

April 6, 2023 — In the plugin security best practices tutorial we covered the 5 top ways you can ensure your plugin is developed securely. However, it’s important to understand why you need to follow these principles.

In this tutorial, we will cover the top 3 Common Vulnerabilities that are found in plugins, and how to use the practices taught in the previous tutorial to combat them.

Presentation Slides »

March 10, 2023 — This session picks up from the last preventing common security vulnerabilities session (https://wordpress.tv/2023/03/03/lets-code-preventing-common-security-vulnerabilities/), and cover’s how to use nonces to prevent cross-site request forgery vulnerabilities

Presentation Slides »

March 3, 2023 — Earlier this year, we looked at the theory behind developing WordPress plugins and themes securely. We covered how to develop a security mindset, and the guiding principles of secure development, and looked at the five examples of these principles, Sanitizing Data, Validating Data, Escaping Data, Nonces, and User Roles and Capabilities.

In this session, we will look at how these principles are applied in real-world examples, by understanding common security vulnerabilities, how they can be exploited by would-be attackers, and what you can do to prevent them.

Presentation Slides »

October 27, 2022 — In a digital and business environment where 95% of businesses are small and medium-sized companies, it is our duty as software developers to make code and systems as robust as possible.
We are not just talking about defensive programming, but about taking security into account in all phases of the software lifecycle, from design to maintenance.
Code prophylaxis is about preventing any threat from penetrating our systems, controlling and eliminating any malware that interacts with our code and preventing any attacker from acting on our system.