November 26, 2021 — “Při bezpečnostních auditech už léta stále dokola nacházím velké i menší bezpečnostní chyby. Některé vznikají nepozorností tvůrce, některé chybným nastavením serveru a za některé mohou různé zero day zranitelnosti, jejichž dopady však mohly být minimalizovány vhodnou prevencí a včasným updatem.

V přednášce si projdeme jaké to jsou, co mohou způsobit, jaká je (alespoň částečná) obrana a také si ukážeme pár tipů, jak se je na svém webu pokusit najít.”

November 6, 2021 — Cos’è la sicurezza controllata dalle intestazioni, quali sono i vantaggi nell’impostare correttamente i comandi di sicurezza negli headers e presentazione del plugin Headers Security Advanced & HSTS WP per fare tutto con un semplice click.

Presentation Slides »

November 6, 2021 — Nel nostro intervento affronteremo l’argomento della sicurezza e nello specifico parleremo di come rendere sicura un’installazione di WordPress partendo dalla gestione del sistema operativo e del servizio di hosting per poi proseguire con la piattaforma stessa di WordPress. Verranno analizzati i tipi di attacchi più frequenti e si vedranno nel concreto come poter difendersi. Si analizzeranno gli aspetti critici più comuni (installazione, temi, plugin) e le soluzioni da adottare. Infine si andranno a suggerire alcune soluzioni ready to use per rendere automatica la gestione di questi processi tramite l’utilizzo di plugin o pannelli di controllo avanzati.

Presentation Slides »

February 24, 2021 — Tres consejos muy simples de seguridad que ayudarán a mejorar mucho la protección de tu proyecto con WordPress.

El primero de ellos va a ayudarte a proteger los formularios y el abuso de los comentarios en entradas y páginas.

El segundo de ellos va a ayudarte a proteger el acceso a tu panel de administración de WordPress.

Y el tercero, va a ampliar la seguridad de tu contraseña para que, en caso de que alguien consiga descubrirla o se te haya olvidado poner una muy segura, siga sin poder acceder a tu proyecto.

January 2, 2021 — En la misma hablaré medidas de seguridad sencillas que puedes implementar para asegurar tu tienda y los clientes, prevenir ataques de hackers y mantener tu contenido a salvo. Incluiré las mejores soluciones y precauciones de seguridad para WooCommerce.

November 30, 2020 — In this session, Adam addresses the “big picture” of personal and website security and breaks down the fundamental tasks needed for a strong security plan online. He provides an actionable checklist on what audience members can implement immediately to better secure themselves online in addition to their WordPress websites.

After attending this session, audience members will have a better understanding of personal security online and how it affects website security as a whole, as well as steps they can take to mitigate risk in the future.

November 4, 2020 — With new threats constantly emerging, how can website owners protect themselves and their business? In this session we will cover this crucial topic for SEOs and share several demos of these threats, plus how they can be prevented. Find out what Google is seeing in hacking trends, Google’s view on what HTTPS does (and doesn’t do), and how to best address a hacked site.

Attendees will learn how to protect against SQL injection attacks, sanitize user generated input, and come away with other practical tips that can immediately be implemented to secure their sites.

July 17, 2020 — Die Sicherheit von WordPress-Websites ist ein beliebtes Thema. Interessanterweise geht es dabei häufig um viele Einstellungen und “Security by Obscurity”, echte Sicherheit wird damit nicht hergestellt.

Alternativ gibt es “Web Application Firewalls” (WAFs), die (je nach Ausprägung) einen tatsächlichen und relevanten Schutz vor Angriffen bieten.

Marc Nilius stellt die verschiedenen Arten von WAFs sowie deren Vor- und Nachteile vor und gibt einen Einblick, worauf man bei der Konfiguration und beim Einsatz achten muss.

July 11, 2020 — In this talk, I will be sharing the best strategies to secure a site based on my analysis of 100+ hacked sites. I’d give the audience a walkthrough of the logs of the hacked sites and decode the weak points and the method used to hack the sites. I will then explain the different ways one can protect a WordPress site from hacks. This would range from using existing firewall and security plugins to adding custom rules on the backend.
WordPress Security at its very core is constantly evolving. As hackers constantly find new ways to exploit, it’s imperative to stay dynamic and be prepared for the worst. I believe that understanding how hackers are hacking a site can go a long way in protecting it. Over the last 10 years, I’ve dealt with more than 200,000 hacked sites. I’d like to use my learning from them to push people to identify their site’s weak points and hopefully be a catalyst to them taking security more seriously.

June 19, 2020 — Keeping your site secure is difficult, and often times knowing where to start is the hardest step. With terms and acronyms like cross site scripting (XSS), cross site request forgery (CSRF) and others, it’s hard to know just what to do to keep your site secure.
Sometimes the best way to know how to protect a site is to hack one yourself! In this talk we’ll all join forces and become hackers for a short time to hack a live site and learn just what these various attacks are. Most importantly, we’ll also discuss how to protect your site from being exploited.