Understanding and Mitigating the Biggest Threats to WordPress Today: You and Your Users

The prevailing opinion in the WordPress community today is that plugin vulnerabilities are the primary and most effective attack vectors leading to compromised sites. It’s actually compromised user accounts (possibly in combination with one or more vulnerabilities) that lead to hacked sites. Current research shows stolen sessions and account credentials are the targets threat actors are hitting most successfully by exploiting human vulnerabilities: bad personal security practices leading to stolen or guessed passwords, AI-powered social engineering (pre-texting and spearphishing), and a lack of enforced user security policies that protect WordPress user sessions and sensitive data. In this presentation, you’ll learn how to protect yourself, your WordPress sites, and your users from a potentially devastating security breach.