Category: security

Sourcing responsibly is crucial to the security, efficiency, and success of any WordPress site. Faced with millions of open source plugins and themes on the repository, how do you evaluate the add-ons you use to enhance your website? This introductory talk will go over best practices for ensuring you select the best and most necessary plugins for your website needs. I will also cover security basics, such as how to update your plugins and themes to ensure they don’t leave vulnerabilities on your website that could lead to being hacked.

Malicious activity is an unfortunate reality when maintaining a web presence today. Most people involved in the web industry know someone who encountered the aftermath of a disruptive attack–if they haven’t themselves. Because of this, awareness of security best practices is at an all-time high. To many, though, it may not be clear exactly why these measures are important.

To remedy that, we’ll be taking a practical look at what’s actually happening when a website gets attacked, as well as discussing the hows and whys along the way. From understanding why small sites still get hacked, to why password reuse is really as bad as everyone says, we’ll explore the rationale behind the security principles you’re always being told to follow.

Extending WordPress above and beyond the core functionality is part of what makes WordPress so powerful. However, the sheer number of plugins available can be overwhelming. A strategy for evaluating plugins makes both developing managing WordPress easier.

In this presentation, attendees will learn:
Strategies and tools for evaluating one plugin over another
– Key factors to consider
– Evaluation tools
Paid plugins versus free: do you get what you paid for?
Managing plugins and updates
Evaluating plugin security:
– How to research plugin security history
– Identify functionality that may be risky

Attendees will also receive a plugin evaluation checklist they can take home to help choose plugins that fit their project’s objectives.

In this session you’ll hear about my passion for WordPress and the first time I experienced having my website hacked helped me create a secured online presence for our family project, turned multinational charity program and landed me my dream job, allowing me to work to protect WordPress sites from hackers. It opened opportunities, allows me to work remotely for an American company, while still living in Europe (Cluj, Romania) and also providing enough time to manage the volunteers behind the ShoeBox Project.

As developers, we are capable of many amazing feats. We can create experiences that touch the lives of millions, brings aid to the corners of the world, empowers new businesses and bring a voice to the voiceless. WordPress powers over 30% of the entire web! However with this capability, we must also take on the responsibility for the people, and data, we interact with.

During this session, we’ll discuss how a culture of security can benefit not only your organization but also protect your end users and yes even the world. We’ll look at the ethics of privacy, secure web design and architecture, and the impact our decisions have on the community and our users. Mixed in will be best practices for secure coding, how to manage sensitive data from clients and users, compliance with various regulations and laws around privacy, and how to foster a culture of security even while you manage distributed teams. I’ll share my experiences from almost a decade in Open Source and some of the mistakes and successes I’ve had along the way.

Most of all, as WordPress continues to empower more and more of our digital world, it is up to us to decide as a community how we will use this influence and together we can work to make the world a better and safer place for people no matter where they come from.