WordPress Security Hangout – Grand Rapids WP Meetup

Every now and then, trying to summarize a conversation doesn’t do it any justice. Here is the discussion in its entirety between Dre Armeda, Mark Jaquith and I, Tony Perez, for the recent Grand Rapids WP Meetup. As you might imagine, it’s about WordPress Security:

It’s lengthy, true, but it covers a number of subjects. Everything from passwords, their management, to hardening and appropriate security controls.

If you’re not familiar with Mark Jaquith, you should be. He has been actively engaged in the WordPress community for 8 years +, is a lead developer for the project and has contributed countless patches to the core, many addressing security issues. If you’re looking for development advise or for a third party audit of your code then he’s about as good as it gets, be sure to check him out at http://coveredwebservices.com/

The Mission of Security Awareness

This article was written by Christopher Vera, CISSP, HISP, GCFA, GLEG for Sucuri.

The Mission of Security Awareness

Of all the elements of a successful cyber security program, security awareness is probably one of the least understood. Some cyber security professionals have even gone as far as to claim that security awareness doesn’t work. Their observations are not entirely unfounded. The key is that successful awareness programs must provide value to their audiences. When they don’t provide value they are ignored, and thus ineffective, plain and simple. Further, a security awareness program cannot protect a user from everything. With new platform-agnostic attacks bypassing even fully patched systems with host-based firewalls and the most recent anti-virus signatures, it’s easy to throw one’s arms up in frustration. But defense in depth is one of our most trusted principles. We understand that no one security control can protect us from every threat. Otherwise, we’d have tossed out our network firewalls years ago. The advantage of a successful security awareness program is that it’s much less expensive to implement and maintain.

Read More