Friday, October 15 • 11:00am - 12:00pm
How To Keep Your Blog From Being Hacked, Stolen Or Otherwise Violated

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This session is a broad discussion methods that can be used to make the themes, plugins and server configuration behind a WordPress site safer.  Terms such as CSRF, XSRF, XSS, SQL Injection, and HTTP header injection, http referrers, and nonces are given on an early screen to be certain that the audience is comfortable with the level of the talk.  Several demonstrations of previous WordPress vulnerabilities (in slide format) are given along with the core teams responses as the 7 year history of the hardening of the WordPress core is described.    The history leads into a discussion of the current state of WordPress security and how adding code to your WordPress site can bypass all of the improvements made by WordPress over these years.  The discussion moves into how to this.  Server hardening is first discussed, followed by best practices for theme and plugin creation.  A demonstration of how to review the safety of a plugin leads into a discussion of the best way to provide this information to a plugin developer.  The topic of what to do if you find a hole in the WordPress core follows.  The session concludes with a discussion of social hacking, the risks of unencrypted wifi and safe tips for blogging. This is a much less technical discussion and closes the session with a lighter subject.

avatar for Brian Layman

Brian Layman

Brian Layman is an independent web development consultant. He specializes in custom website solutions and managed WordPress hosting eHermitsInc.com. As a featured WordPress Developer in “WordPress for Dummies (2nd edition)” by Lisa Sabin-Wilson, Brian has been able to assist... Read More →

Friday October 15, 2010 11:00am - 12:00pm PDT
Islander D/5

Attendees (0)