• Home
  • About Mitch
  • Speaking
  • Articles
  • Contact
  • Home
  • About Mitch
  • Speaking
  • Articles
  • Contact

Digital Strategist

WordPress Developer

Content Creator

Unapologetic Punk

Mitch Canter

  • X
  • Bluesky
  • GitHub
  • Twitch
  • YouTube
  • LinkedIn
Conferences, Security

Level Up Your WordPress Security

CMDR Mitchcraft

Reading time: 2 minutes

I had an amazing time speaking and networking at the #WPCampus Event in Buffalo this past weekend.  I was fortunate to be able to share some insight on the realm of Security, and make it (hopefully) more than a fruitless, confusion quest.

First of all, here are my slides:

https://www.slideshare.net/studionashvegas/level-up-your-wordpress-security

And now, the caveats/prologues:

  • I had someone reach out on Twitter and mention that the 56% was too low of a number to spend so much time on. We’ve since connected and expounded on that, but the biggest thing I want to mention is that this is a talk from the perspective of the WordPress user/administrator.  There are TONS of other ways that someone can hack into your website, and a lot of them have nothing to do with your code:
    • Social Engineering – people playing fast and loose with user information that protects their password identity
    • A 3rd party hack – Website A gets hacked, and since the passwords were stored incorrectly there that allows the hacker to gain access to Website B through the same password.
    • Bad Passwords – dictionary attacks on passwords that are just plain bad can be brute-forced and overcome in a few minutes (unless you disallow access based on failed password attempts!)
  • A lot of attendees explained that they don’t have a lot of control over the server-side of things. That’s fine – that’s why I positioned it like I did (as something that’s innate, but that you may not have a lot of sway over). That’s why the site-specific stuff is so important. It allows you to do something to prevent baddies from gettting in.
  • There are more items coming out nearly daily, which is why the external resources and information gathering is so important. Education on a problem means you know what to look for and how to fix it!

Thanks to everyone that came to the sessions – I hope I was able to teach something, and that you come away knowing even a tiny bit more about security than you did when you came in!

Hacking, Security, WPCampus
  • Latest WordPress Hack – Check your Permalinks, People!

    Latest WordPress Hack – Check your Permalinks, People!

    Reading time: 2 minutes

    I’ll type this without the normal pleasantries to make sure this gets out quickly. There’s a WordPress hacker on the loose, and he’s pretty sneaky – he creates a user unseeable to the naked eye (except for the one extra user in the administrator users menu) and masks himself to you, making it easy for…

    WordPress
  • WordPress: The Ultimate Content Management System (CMS)

    WordPress: The Ultimate Content Management System (CMS)

    Reading time: 2 minutes

    For years WordPress has been touted as the number one blogging platform.  And without mistake – it is.  But as we creep closer to WordPress 3.1 it’s nice to take a step back and see just how far its’ come.  From winning the CMS Hall of Fame Award to the multiple thousands of plugins that…

    WordPress