State of WordPress Security: Today and beyond

Shivam Singh

Regular Talk Regular Talk

WordPress is huge. One of the greatest things about WordPress is that it’s open source; which also means that it is really well understood. WordPress powers more than 25% of the web and it’s steadily moving towards the 30% mark. Thousands of third-party plugins and themes are available. All these points that make WordPress great, also make WordPress extremely vulnerable to hacking. Also, the scale and complexity of WordPress provides for a large attack surface.

The WordPress team is invested in maintaining the integrity of the application, and all core related security issues are quickly addressed. However the same cannot be said for thousands of plugins/themes out there which makes WordPress vulnerable.

Being in the backup business, Shivam and his team have spent a lot of time helping customers restore and clean their hacked sites. All this experience and learning was later translated into code that empowers their new product.

Shivam will be sharing some important takeaways from this experience in his talk.

  • Why will anyone hack you?

  • What are the common hacks?

  • How to prevent one’s sites against them?

  • Analyzing security related data collected from over 100K WordPress sites.

    The talk will discuss what these data mean to the WordPress ecosystem in current times and what can it lead to in the future.