Lessons Learned by the WordPress Security Team

DerbyCon 2018

 

Aaron D. Campbell

Top Secret

Aaron D. Campbell

WordPress Security Team Lead

GoDaddy

+

WordPress

Our Goal

 

Keep WordPress Users Secure

Lesson 1:

Users Over Software

Users on Out of Date Versions of WordPress are Less Secure – What do we do?

Upgrade for them

Auto Updates

Should We Backport?

Will it help keep WordPress users secure?

Yes?

Backport it

Securing Users is Complex

Educate Users

Lesson 1b:

Educating Users is Hard

But Important

15 Years of WordPress

WordPress % of Internet

Extrapolated Terribly to # Sites


Lesson 2:

Reassess Regularly

Tools

  • Slack
  • Trac
  • HackerOne

Lesson 3:

Tools Don’t Fix Most Problems

Lesson 4:

Relationships are Important

Q & A

Aaron D. Campbell – @AaronCampbell
GoDaddy

Slides: https://adcwp.me/derbycon2018

This presentation is running on WordPress using the Presenter plugin

https://adcwp.me/derbycon2018