• Home
  • About Mitch
  • Speaking
  • Articles
  • Contact
  • Home
  • About Mitch
  • Speaking
  • Articles
  • Contact

Digital Strategist

WordPress Developer

Content Creator

Unapologetic Punk

Mitch Canter

  • X
  • Bluesky
  • GitHub
  • Twitch
  • YouTube
  • LinkedIn
Conferences, Security

Level Up Your WordPress Security

CMDR Mitchcraft

Reading time: 2 minutes

I had an amazing time speaking and networking at the #WPCampus Event in Buffalo this past weekend.  I was fortunate to be able to share some insight on the realm of Security, and make it (hopefully) more than a fruitless, confusion quest.

First of all, here are my slides:

https://www.slideshare.net/studionashvegas/level-up-your-wordpress-security

And now, the caveats/prologues:

  • I had someone reach out on Twitter and mention that the 56% was too low of a number to spend so much time on. We’ve since connected and expounded on that, but the biggest thing I want to mention is that this is a talk from the perspective of the WordPress user/administrator.  There are TONS of other ways that someone can hack into your website, and a lot of them have nothing to do with your code:
    • Social Engineering – people playing fast and loose with user information that protects their password identity
    • A 3rd party hack – Website A gets hacked, and since the passwords were stored incorrectly there that allows the hacker to gain access to Website B through the same password.
    • Bad Passwords – dictionary attacks on passwords that are just plain bad can be brute-forced and overcome in a few minutes (unless you disallow access based on failed password attempts!)
  • A lot of attendees explained that they don’t have a lot of control over the server-side of things. That’s fine – that’s why I positioned it like I did (as something that’s innate, but that you may not have a lot of sway over). That’s why the site-specific stuff is so important. It allows you to do something to prevent baddies from gettting in.
  • There are more items coming out nearly daily, which is why the external resources and information gathering is so important. Education on a problem means you know what to look for and how to fix it!

Thanks to everyone that came to the sessions – I hope I was able to teach something, and that you come away knowing even a tiny bit more about security than you did when you came in!

Hacking, Security, WPCampus
  • Things I Learned from #wcatl (and a Few I Learned on My Own)

    Things I Learned from #wcatl (and a Few I Learned on My Own)

    Reading time: 1 minute

    View more documents from Jane Wells. 2. The PHP and WordPress communities can learn a lot from each other. @technosailor gave a fantastic presentation (re: lecture in a discussion-y way) on how the core communities of both the PHP world and the WordPress world could stand to play nicer to each other.  Personally, I think…

    WordPress
  • Twitch Conditional – A WordPress Plugin for Twitch Streamers

    Twitch Conditional – A WordPress Plugin for Twitch Streamers

    Reading time: 2 minutes

    I love Twitch. I actually spend my work day with one browser dedicated to Twitch, and subscribe to MrHappy’s daily Stream. So when rumors surfaced a few years ago their API, of course I wanted a way to interface with that API. In doing research, I realized that a lot of streamers don’t have real…

    WordPress