December 10, 2019 — Why would a hacker hack YOUR website? For fun, for glory? Not anymore! Hacking websites is now a monetized criminal enterprise. They don’t care about your website, they care about your website computing resources.
An understanding of what the bad guys know (and how easy it is for them to operate) will motivate you to take a proactive approach to security prior to a hack – instead of spending tens of thousands to get your data back after the fact.

Presentation Slides »

November 18, 2019 — WordPress è sicuro? Sì, certo! Tuttavia, un’installazione obsoleta di WordPress, con una password debole e plugin mal scelti, è decisamente vulnerabile.

Si dice spesso che “la sicurezza è un processo” e la sicurezza del proprio sito inizia con l’installazione di WordPress. Perché dovresti preoccuparti della sicurezza dal primo giorno, quando il tuo sito è nuovo di zecca e solo tua mamma lo legge? Cosa dovresti fare da solo, mentre il tuo sito cresce, quando non hai (ancora) il budget per assumere un esperto? Come puoi rendere più sicura la navigazione dei tuoi visitatori? Come puoi minimizzare il rischio di essere hackerato?

In questo talk, esaminerò alcune best practice che è possibile implementare per rendere il tuo sito più sicuro e perché dovresti averne cura. Nessuno di questi richiede una singola riga di codice. Tutto ciò di cui hai bisogno è buon senso e una buona comprensione di cosa fare e cosa non fare quando gestisci il tuo sito.

Presentation Slides »

November 10, 2019 — Sometimes the bad guys get in, despite all the protections and precautions. If that happens, there are many techniques that can be used to stop further damage, track down what the intruder did and how they got in. Finally the site needs to be cleaned up and re-opened for visitors. In this talk the most important techniques are presented along with real-life examples when they were used.

Presentation Slides »

October 29, 2019 — You installed a security plugin, and you don’t get much traffic anyway since your business is small…so you don’t need to worry about getting hacked, right?

While there are several good security plugins that are a useful part of a security plan, securing a WordPress site requires more than a plugin. Plugins are handy tools but can give a false sense of security if the entire security landscape is not considered.

You may not have a lot of money to invest, but you can learn a framework and some basic actions to help you get a better grasp on security for your website – and your business.

September 19, 2019 — Ο Νίκος έχει δει τον ιστοχώρο σου. Και σε έχουν χακάρει. Πάνω από μία φορές. Γιατί συμβαίνει αυτό; Δεν έχεις κανένα τεράστιο αποτύπωμα στο Internet. Είναι τα πάντα ανασφαλή; Είναι απάντηση ο μηδενισμός; Ή μήπως τα πράγματα είναι κάπως διαφορετικά και μπορείς κι εσύ να προστατέψεις τον ιστοχώρο σου και τον ιστοχώρο του πελάτη σου χωρίς να φας τα νιάτα σου και χωρίς να ξοδέψεις μια περιουσία;

Presentation Slides »

August 11, 2019 — Everyone knows their site needs to be secure. But, just what does it take to make sure your site is optimally secure from compromise? In this workshop, whether you’re advanced or just starting out, we will help walk you through virtually every step it takes to make sure your WordPress environment is secure. We will start out with basics like what is security and general concepts about security. From there, we will walk you through selecting a secure hosting provider and choosing a secure password. Finally, we will go into more specific configuration details and the do’s and don’ts when securing your WordPress environment. By the time you walk out of this workshop you should feel like a WordPress security pro.

Presentation Slides »

June 25, 2019 — You know security is important and want your site to be secure, but what will actually help? There’s so much information to be found on securing your site, but what are the myths and what actually helps? Find out how to avoid the myths and implement real security.

June 10, 2019 — Sometimes the bad guys get in, despite all the protections and precautions. If that happens, there are many techniques that can be used to stop further damage, track down what the intruder did and how they got in. Finally the site needs to be cleaned up and re-opened for visitors. In this talk the most important techniques are presented along with real-life examples when they were used.

Presentation Slides »

June 10, 2019 — For a variety of reasons, we humans tend to be poor assessors of both the probability that something bad will happen, and the damage that is likely to result should such a thing occur. Academics have studied this phenomenon since about the 1960s under the rubric of risk assessment. What does this way of thinking have to teach us about WordPress security? Can we construct a risk matrix to help us choose which aspects of WordPress security are most in need of our limited time and attention?

In this session, I’ll draw on both on my own experience providing technical consulting in the areas of security and scaling to some of the world’s largest and most security-sensitive WordPress sites, and on the wisdom of community members who maintain smaller sites for businesses and individuals. In addition to providing a brief overview of the total security landscape as it applies to WordPress, we will attempt to use some of the tools of risk assessment to help us focus our attention in the right areas, including any we tend to naturally overlook.

This session, though touching on some technical topics, is suitable for anyone who administers, uses or develops WordPress sites.

Presentation Slides »

April 17, 2019 — The session will introduce best practices of website security and how to implement them.

The goal is to help webmasters effectively identify and reduce risks or website compromise.