I love WordPress. But WordPress sites are regularly compromised by bad code (and a lack of updates), that's the ugly truth of the situation. In this workshop we'll work to make sure that our code is never the reason that such a thing could happen. We'll start with a discussion of the security essentials for WordPress, and then in WP and PHP code. Then we'll dive into code, auditing and fixing a plugin with real and common security vulnerabilities. At the end, we'll gather back together and talk about what we found and what we missed.