This session takes you through the journey of security, from how vulnerabilities are found in plugins, themes and core to how attackers exploit them and finally to how site owners and developers can defend against them.
We’ll cover both sides of the equation: techniques for discovering flaws (static code analysis, zero-days, exploit development) and practical steps for securing WordPress (hardening, monitoring, and SIEM-style visibility). The goal is to help attendees think like an attacker but act as a defender, building resilient WordPress sites that can withstand modern threats.
Key Takeaways:
- How vulnerabilities are discovered in WordPress plugins, themes, and core.
- Static code analysis for identifying flaws before exploitation.
- Insights into zero-days, exploit development, and CVEs.
- Practical security implementations and hardening strategies.
- Preventing new attacks and mitigating zero-day risks.
- Why WordPress needs SIEM-style monitoring for early detection.
- Actionable steps to move from patching to proactive defense.