WP Builds 415 – Feeling Insecure? with Tim Nash. Episode 3 – The state of WordPress security and the transition to bcrypt
9 snips
Mar 27, 2025 Tim Nash, a cybersecurity expert with a background in physical penetration testing, dives into the critical state of WordPress security. He discusses the alarming rise in vulnerabilities, emphasizing the importance of the Patchstack report. Listeners learn about the transition to bcrypt for password hashing in WordPress 6.8, which greatly enhances security. Nash highlights the need for regular updates and monitoring plugins, while stressing that more vulnerabilities discovered can ultimately lead to better security practices.
AI Snips
Chapters
Transcript
Episode notes
Tim Nash's Penetration Testing Story
- Tim Nash shared his fascinating past in physical penetration testing, using social engineering rather than force.
- He cleverly used clipboards and friendly receptionist interactions to gain access to secure buildings.
More Vulnerabilities Mean Better Security
- More vulnerabilities found in WordPress plugins and themes reflect increased scrutiny, not necessarily decreased security.
- Increased discovery means vulnerabilities get fixed sooner, improving overall safety.
Use WordPress Plugin Checker
- Use the new WordPress.org plugin checker tool that enforces security code standards to prevent vulnerabilities.
- Ensure new and updated plugins comply with sanitization and escaping best practices to reduce risks.