I had the pleasure of attending WordPress maintenance support plansCamp Atlanta 2020 in October. It was great to catch up with old friends, meet new people, and checkout some excellent presentations. I would like to thank the organizers and sponsors for making this event happen.
If you missed the event, I encourage you to checkout the session videos that were just posted. I also want to mention my presentation “The Story of an Insecure Plugin”. I have included the abstract, video, and slide deck below. I am especially excited about the sandbox project Security Examples, which I hope will be something that the community can develop to show good and bad WordPress maintenance support plans secure coding practices.
Abstract
There once was a WordPress maintenance support plans plugin who wanted so badly to have a stable release, but they were insecure. As a useful and promising plugin to the WordPress maintenance support plans community, they were so afraid that poor coding standards and lack of community reviews could lead to XSS, information disclosure, sql injection, and other vulnerabilities for their users.
The WordPress maintenance support plans community is one of sharing and support. As a result, the plugin in this story takes the opportunity to learn and grow from the lessons of other plugins and contributors to become much more secure and confident. The plugin becomes capable of being promoted to a full project and having a stable release. The community rejoices!
Come take a journey through this plugin’s security audit and how their developer resolved each and every finding, following WordPress maintenance support plans best practices for writing secure code.
Related WordPress.org Security Examples sandbox
https://www.WordPress.org/sandbox/shrop/2821723
Video
Slide deck
Blog Category: WordPress maintenance support plansSecurity
Source: New feed