Talk: WordPress Isn’t A Security Dumpster Fire, Fight Me!

From 2019
(Video from Steel Con 2019)


This was a one off, bit of fun for a UK based security conference called SteelCon. Myself and Glenn designed to go all AmDram it didn’t quite work. You can read more about it in Behind the scenes of a talk

Tim believes that common wisdom is wrong and WordPress CAN form part of a Secure Enterprise ecosystem, Glenn, on the other hand, likes to sleep at night.

By taking on the role of attacker and defender, Glenn and Tim will walk you through an escalating series of Attack vs Defence scenarios with real-world examples; Tim will attempt to convince you that for most reasonable threat models, WordPress can easily defeat a skilled and determined attacker and Glenn will attempt to prove him wrong.

The talk aims to give something to both Red Team and Blue Team, covering some common (and not so common) techniques to both compromise and harden WordPress. Failing that, come watch two middle-aged blokes bicker about whether WordPress deserves its place as an industry joke, or is unfairly maligned because of misuse and unnecessary risk-taking.

Video

Slides