Lessons Learned by the WordPress Security Team
DerbyCon 2018
Aaron D. Campbell
@AaronCampbell
+
Our Goal
Keep WordPress Users Secure
Lesson 1:
Users Over Software
Users on Out of Date Versions of WordPress are Less Secure – What do we do?
Upgrade for them
Auto Updates
Should We Backport?
Will it help keep WordPress users secure?
↓
Yes?
↓
Backport it
Securing Users is Complex
Educate Users
Lesson 1b:
Educating Users is Hard
But Important
15 Years of WordPress
WordPress % of Internet
Extrapolated Terribly to # Sites
Lesson 2:
Reassess Regularly
Lesson 4:
Relationships are Important