A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Lessons Learned by the WordPress Security Team - Aaron D. Campbell Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Lessons Learned by the WordPress Security Team
Aaron D. Campbell
Derbycon 2018

Managing security for the WordPress project is a challenge to say the least. The sheer volume of reports, the resulting noise, securing an aging codebase, handling disclosure - all difficult to handle, but just the tip of the iceberg. How do you motivate and organize a volunteer team? How do you keep sites and users secure with so much third-party code? How do you educate users? When is it okay to break things to fix security issues and how do you manage reputation when you do? Should you backport? How far? They may not have it all figured out, but over the years they’ve learned a lot - often the hard way. Aaron has led the WordPress Security Team since the end of 2016 and been a part of it for over five years. He’ll share what he’s learned along the way, how things have improved, what changes didn’t help (even when they were sure they would), and what things they still struggle with. He’ll also share an overview of the tools they use and processes they follow, in hopes that no one else has to learn the hard way.

Aaron is the WordPress Security Team lead, has been a regular contributor to WordPress for more than a decade, and is currently funded by GoDaddy to work full time on the WordPress open source project. He has over eighteen years of web development experience and worked with clients ranging from small local businesses to Google, Yahoo, Disney, and Harvard. He’s been called both a coffee snob and a beer snob, but considers both to be compliments. When not buried in code, he enjoys spending time with his wife and son, riding his motorcycle, and reading sci-fi/fantasy books.


Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast