October 7-10, 2012, in Milwaukee, Wisconsin

Session Details

Securing the Open Source CMS Doesn't Take a Dissertation

#TPR4 Technical: Propeller Hats Required Track

103 C, Frontier Airlines Center


As the author of the Better WP Security WordPress plugin, Chris Wiegman has spent a bit of time over the last couple of years securing WordPress and other open source CMS installs and fixing sites for those who did not. That said, making a reasonably secure site with open source software isn’t all that hard if you know what to look for. This session will focus on the practical aspects of setting up a site with security in mind and maintaining it so as to keep the wolves at bay.  He's spent the last 6 years focusing on the security of Drupal, WordPress, Joomlaand MediaWiki sites, which has included installation, configuration and response to numerous attacks. Over that time there are a number of vectors he's found that, when implemented from the beginning and with the correct frame of mind, can make an open source website at least as secure, if not more secure, than any other product on the market. This session will cover the basics of why to secure, common vectors used by attackers, mitigation strategies and basic training strategies to help make sure your site is safe from attack. In short, Wiegman will show folks how securing their open source CMS doesn't take a dissertation worth of work.


Chris Wiegman
Web Developer, St. Edward's University

Chris Wiegman has been developing websites for higher ed since 1998. He has worked as a web developer for St. Edward's University since January 2012 (a gig he can credit to HighEdWeb 2011). He specializes in the integration and security of opensource content management systems, including WordPress, Drupal and MediaWiki.