Patchstack Weekly

I have recorded weekly monologues about WordPress security as Patchstack’s Security Advocate since 2021. The target audience varied between developers, site owners, agencies and security researchers. With the intent of each episode being to share knowledge about a broad security topic, and highlight the landscape of trends in WordPress security.

I have hand picked a few episodes that answer important questions:

• #60: Should You Convert WordPress To a Static Site?
  Published on 2023-02-20
• #58: Do You Need a security.txt file?
  Published on 2023-02-06
• #57: Expanding Your Idea of Security
  Published on 2023-01-30
• #49: Hunting Open-Source Security Bugs with SAST.
  Published on 2022-11-21
• #47: What Is Type Juggling in PHP?
  Published on 2022-11-07
• #46: How To Protect WordPress Against Cross-Site Scripting Attacks (XSS)
  Published on 2022-10-31
• #45: What Is an Open Redirect Bug?
  Published on 2022-10-24
• #38: What is Your Time to Patch?
  Published on 2022-08-29
• #37: What Is a CVSS Score?
  Published on 2022-08-22
• #33: What is Server Side Request Forgery (SSRF)?
  Published on 2022-07-25
• #30: What is CSV Injection?
  Published on 2022-07-04
• #27: How to Update wp_options Securely
  Published on 2022-06-13
• #25: How To Create An Incident Response Plan.
  Published on 2022-05-30
• #22: Secure AJAX Endpoints & WordPress Vulnerabilities
  Published on 2022-05-09
• #21: PHP Object Injection aka Insecure Deserialize
  Published on 2022-05-02
• #20: Egoless Programming And Security Bugs
  Published on 2022-04-25
• #18: WordPress Security History
  Published on 2022-04-11
• #10: Preparing for SQL Injection (SQLi)
  Published on 2022-02-14
• #09: Open Source & Vulnerability Disclosure Policy
  Published on 2022-02-03
• #07: Cross-Site Request Forgery (CSRF)
  Published on 2022-01-20
• #05: Dependency Confusion
  Published on 2021-12-02
• #02: Authentication vs Authorization
  Published on 2021-11-11