Over the past few months, I have gathered every piece of information I could find on WordPress hardening, which resulted in the creation of a WordPress Security Framework (to be released soon). Essentially, it is a consolidation of my security-related knowledge combined with a comprehensive collection of articles addressing security concerns in WordPress websites. The framework treats security as an ongoing process rather than simply installing WordFence and assuming the job is done 😉
Since security can be a dry topic for many until they experience its impact, I decided to present it as an experiment. I built a honeypot, exposed it on a public IP address, and collected extensive data that I’d like to share during the presentation. I have already presented this concept in Poland, and I now plan to extend it by unveiling the WordPress Security Framework. My goal is to encourage people to review their setups periodically [after all, we’ve all had clients with domains registered under someone who hasn’t been working for months] and to introduce a community plugin that logs information that typically remains invisible.
During my presentations I always highlight WordPress is secure. It is the internet, and us, people, who make it complicated.