Security Night: Real WordPress Incidents and Hardening That Matters

This month’s theme is Security Night: Real WordPress Incidents and Hardening That Matters. This is not a doom-and-gloom night, and it’s not a sales pitch. It’s practical, real-world WordPress security, what actually goes wrong (plugins, creds, hosting, supply chain, misconfig, “helpful” admin users), and what you can do to lower risk without turning your life into a checklist.

Drinks will be provided. If you can’t arrive right at 6:00 PM, that’s OK, but please plan to be there by 6:30 PM when we kick things off. Space is limited, so RSVP to reserve your spot.

6:00 to 6:30 PM: Pre-Networking and WordPress Help Desk

• Food and drinks
• Help desk table (bring your security questions)
• Optional: “Ask a security question anonymously” box (paper or QR)

6:30 to 6:40 PM: Welcome

• Quick hello + format for the night
• We’re currently lining up presenters and would love a few volunteers (lightning talks, demos, or short incident stories)

6:40 to 7:10 PM: Lightning Talks (15 minutes each)
We’re looking for 2–3 volunteers (submit via Meetup comments or message the organizers)

• Suggested topics:
• “How WordPress sites actually get hacked”
• “The plugin supply chain: what’s real risk vs noise”
• “Hardening wp-admin without breaking clients”
• “Security basics agencies skip (and regret)”
• “WooCommerce security: fraud, accounts, and permissions”
• Speakers: slides or demos encouraged
• Each talk: ~12 minutes presentation, ~3 minutes Q&A

7:10 to 7:20 PM: Break

7:20 to 7:55 PM: Real Incident Teardowns (Interactive Session)
We’ll walk through 2–3 real-world incident scenarios (sanitized, no naming and shaming):

• What happened (symptoms and timeline)
• Root cause (what actually allowed it)
• Containment steps (what to do in the first hour)
• Recovery steps (cleanup, restores, password rotation, review)
• Prevention (the few changes that would have stopped it)

Example scenarios we can cover:

• Stolen admin creds + no MFA
• Vulnerable plugin + messy update strategy
• Malicious redirects injected via a rogue plugin/theme
• Infected uploads or backdoors hiding in plain sight

7:55 to 8:10 PM: Hardening That Matters (The Short List)
A fast, opinionated checklist:

• MFA + role hygiene
• Updates with a rollback plan
• Backups you’ve tested (and restores you’ve practiced)
• Least privilege, disable file editing, limit admin exposure
• WAF/CDN basics and rate limiting
• Monitoring: what to alert on (and what to ignore)

8:10 to 8:20 PM: Community Announcements & Closing

• Upcoming WordPress events and updates
• Job postings, collaborations, shoutouts
• Next meetup teaser
• Want to present or have event questions? Drop them in the Meetup comments.

💡 If you’ve dealt with a WordPress security incident and are willing to share lessons learned (sanitized), even a 5-minute story is gold.