Category: Development
-
Secure-by-design: hardening plugins with PHP 8.x
—
by
In the WordPress ecosystem, we are often forced to choose between supporting the “lowest common denominator” of hosting and implementing modern security. But in 2026, writing legacy PHP 7 code isn’t just a bad habit, it’s an active invitation for automated exploitation. It’s time to stop playing “whack-a-mole” with sanitization and start building products that…
-
Get your plugin ready for submission to the directory
—
by
You’ve spent weeks coding the perfect plugin, and you’re finally ready to share it with the WordPress community. You hit “submit,” wait, and then… the team’s volunteers point out a lot of issues you didn’t even know you were causing. Getting your plugin into the official directory doesn’t have to be a trial by fire.…
-
HTML API practicum: a deep dive
—
by
The HTML API is almost three years old, but continues to evolve with each WordPress release. It’s seen deployment in WordPress’ backend, in Gutenberg, and in many plugins and themes. The HTML API’s core values have even expanded into new pipelines for working with block structure and text encodings, helping to modernize, optimize, and harden…
-
The AI-first WordPress site: crawler to citation
—
by
AI platforms generated 1.13 billion referral visits by mid-2025, yet most WordPress sites aren’t ready. This practical session covers the complete AI optimization stack: strategic robots.txt configuration, structured data for AI comprehension, content patterns that earn citations, and measuring AI visibility. Leave with an actionable checklist to make your WordPress site AI-ready today.
-
The hidden DDoS threat in WordPress: abusing the search endpoint
—
by
Discover how attackers weaponize WordPress native search endpoint for devastating DDoS attacks, while learning practical defense strategies from a cybersecurity perspective. This talk reveals a hidden vulnerability in standard WordPress installations and provides easy solutions.
-
Fighting spam and bots on WordPress with AI
—
by
Learn how AI-powered solutions can help WordPress sites combat spam, bots, and fake sign-ups. Discover how lightweight, privacy-friendly AI detects abnormal behavior to enhance security and performance.
-
Headless WordPress API security in 10 minutes
—
by
Learn the five steps to design secure headless WordPress architectures. This talk focuses on API-first security, attack surface reduction, and practical decisions when exposing WordPress APIs to mobile apps and PWAs.
-
Improving the performance of the WordPress Query classes
—
by
The WordPress Performance team was established in 2021 with the goal of improving the performance of WordPress Core. As a fundamental part of rendering each and every page of a WordPress site, the `WP_Query` class has received a lot of attention. In this talk, Peter will discuss how the performance of `WP_Query` and the WordPress…
-
Build your developer portfolio: a hands-on guide to FSE
—
by
Full Site Editing isn’t just for DIY users—it is a powerful architectural tool for professionals. Join this workshop to master the lifecycle of a modern Block Theme. We will build a portfolio site to showcase your work, focusing on three core skills: scaffolding with the Create Block Theme plugin, configuring design systems via theme.json, and…
-
Accessibility in themes: easier than you think
—
by
Many theme developers assume accessibility-ready requirements are hard to meet — but that’s rarely true. This session shares practical insights from real theme reviews and shows how both block and classic themes can reach accessibility-ready status with manageable effort.