One of the simplest ways to keep your WordPress site secure is to stay on top of regular updates. Developers are constantly releasing bugfixes to help close security hole, and as good users of open-source software it’s our duty to stay up-to-date.
For many WordPress sites, it’s immediately obvious when updates are available: you log into WordPress, and it says “hey, there are updates! Click here to install them!”. Unfortunately, that ability compromises site security for ease-of-use; WordPress should not be able to edit its own files on the web server.
Earlier this week, I was in Salt Lake City, UT for LoopConf 2.1, a developer conference focused on WordPress.
The conference was two days (plus a workshop day on Monday) of sessions from some of the biggest names in WordPress, including WP REST API Co-Lead Ryan McCue, Reaktiv Studios Founder & Lead Developer Andrew Norcross, and BuddyPress & bbPress Lead John James Jacoby. Somehow, I also made the list.
During the event, a live stream was provided by premiere sponsor SiteGround, and videos of the LoopConf sessions (including mine, Writing WP-CLI Commands That Work), are now available on YouTube.