A Real Hacker's Perspective on WordPress Security with Mat Rollings

WordPress security often gets questioned, but many of those questions are directed at plugin developers. So, in this video, we sat down with Mat Rollings, a.k.a. Stealthcopter, to get a real hacker’s (security researcher’s) perspective and bring you an inside look at WordPress security. In this video, we sat down with a security researcher to talk all about security: 02:20 – About Mat Rollings (a.k.a Stealthcopter) 05:01 – How to find vulnerable plugins 06:55 – How to exploit a vulnerability 10:03 – Writing the report 11:02 – How to pick a bug bounty program 14:00 – Reporting bugs directly to plugin developers 17:50 – WordPress bug bounty vs other bug bounties 21:07 – Mat’s favorite vulnerability 26:01 – Easiest vulnerability to find 26:50 – Why Mat doesn’t use WordPress 30:00 – How to secure WordPress 30:04 – Security practices at established companies vs indie developers 35:16 – Is WordPress Core secure? 39:51 – Using artificial intelligence for bug hunting 45:20 – Closing Remarks ---- 🎤 Mat Rollings / Stealthcopter Mat is a seasoned developer turned full-time bug bounty hunter with 500+ WordPress plugin vulnerabilities under his belt. He's the creator of wpctf.org, an educational platform for WordPress CTF and static code analysis. When he's not digging through plugins, he’s mentoring aspiring hackers and volunteering to teach kids to code. 👉 GitHub: https://github.com/stealthcopter 👉 X: https://x.com/stealthcopter