Explore key insights from the WordPress Security Team in this 47-minute conference talk. Gain valuable knowledge about the challenges of maintaining security for a widely-used content management system. Learn about the importance of balancing user experience with robust security measures, the process of formalizing existing security practices, and strategies for educating users on best practices. Discover how the team approaches backporting security updates to older versions and adapts to the growing WordPress ecosystem. Understand the significance of building relationships within the security community and the limitations of relying solely on tools to solve security issues. Conclude with a Q&A session addressing audience inquiries on WordPress security.
Overview
Syllabus
Intro
Secret vs Secure
Who am I
What I do for GoDaddy
Its a tough go
Formalizing what already existed
Keeping WordPress secure
Giving users a voice
Users are more important
Older users arent as secure
Backporting to older versions
Securing users
Educating users
WordPress is really old
WordPress growth
WordPress build tools
Reassess
Tools
Slack
Tools dont fix problems
Relationships are important
Questions
