WordPress Security from WordCamp Asheville 2016

One of the coolest things about WordCamp is that they post videos of each talk and presentation on WordPress.tv for viewing afterwards. It give you the chance to see all the great presentations you may have missed, or to revisit the ones you attended.

With so many WordCamps happening all over the world, it is a great resource.

My presentation from WordCamp Asheville 2016, titled WordPress Security: Don’t Be a Target, is now live on WordPress.tv.

Speaking at WordCamp Asheville – June 3 – 5, 2016

Tickets are on sale for WordCamp Asheville, and I hope many of you will come. This is my first opportunity to attend WordCamp, and I’ll actually be getting to speak at it. Come check it out if you are attending.

My presentation will be about WordPress security, how to make yourself less of a target, and how to harden your WordPress website against hackers using freely available tools.

Come say Hi if you attend!

Are You Putting Your WordPress Site at Risk?

WordPress as a platform has been a solid, secure application over the years. The few times a vulnerability has been found, the WP team has been super-fast to patch it, publicize it, and take care of business.

That said, there are two major areas where WordPress lacks in security:

1. Plugins

2. Administrators

There are so many plugins for WordPress, which is part of what makes it so great. However, those plugins can also present attack vectors, and we see evidence of this almost every day.

It was just revealed that most WP users have very little understanding of the risk they are lending to their own websites. Not updating plugins, not updating WP itself, and not doing backups, are the most easily fixed things that people tend to not do.

This puts WP websites at risk, lets them get hacked, and gives WordPress as a whole a bad wrap.

The survey of 503 WordPress users, which took place online during February this year, revealed that WordPress users are more exposed to security problems than expected. In total, 54 percent of respondents said they updated WordPress between once a week and every few weeks, and yet only 24 percent back their websites up — and only 23 percent have received training in the use of tools such as backup plugins.


On that note, I thought I’d mention that the most popular SEO plugin for WordPress, Yoast’s WP SEO, has a new, major vulnerability in it. GO UPDATE!

Find The Perfect WordPress Theme

If you are not a fan of making your own theme, you can use the nifty Find Themes website to pick one that suits your needs. While I have built many a WordPress theme from scratch, on this site, I tend to try out different themes other people have made so that I can learn more about the whole process. Now that I’ve found Find Themes, you may be seeing the theme here change again very soon.