This session is a broad discussion methods that can be used to make the themes, plugins and server configuration behind a WordPress site safer. Terms such as CSRF, XSRF, XSS, SQL Injection, and HTTP header injection, http referrers, and nonces are given on an early screen to be certain that the audience is comfortable with the level of the talk. Several demonstrations of previous WordPress vulnerabilities (in slide format) are given along with the core teams responses as the 7 year history of the hardening of the WordPress core is described. The history leads into a discussion of the current state of WordPress security and how adding code to your WordPress site can bypass all of the improvements made by WordPress over these years. The discussion moves into how to this. Server hardening is first discussed, followed by best practices for theme and plugin creation. A demonstration of how to review the safety of a plugin leads into a discussion of the best way to provide this information to a plugin developer. The topic of what to do if you find a hole in the WordPress core follows. The session concludes with a discussion of social hacking, the risks of unencrypted wifi and safe tips for blogging. This is a much less technical discussion and closes the session with a lighter subject.