I was recently invited to give a presentation on my thoughts about security best-practices for the Charlotte Craft CMS Developers Group. I ended up giving a high-level overview of what I believe are the most important things everyone must understand in order to build secure sites and software.

Bike lock

I kicked off the presentation with a recap of the results of a phishing experiment I did, starting at minute 00:55, as a follow up to this article. Spoiler alert, I caught a phish!!

I then went on to present the following security best-practices at minute 09:44, which is where the video below begins. To summarise:

  1. Don’t make yourself an easy target.
  2. Keep software updated.
  3. Put an automated process in place to catch issues early.
  4. Leave an audit trail.
  5. Run security drills.
  6. Perform user training.

For a more in-depth look at securing Craft CMS, watch the full meet-up presentation with Justin Holt and Nevin Lyne.