We live in a dangerous world. An insecure plugin or theme opens up a WordPress site to any number of ill fates. Your first responsibility as a developer is to write defensive code, protecting your users from both malicious hacks and innocent mistakes. This presentation gives an overview of potential attack vectors, demonstrates how vulnerable code can be exploited, and shows what you, the developer, can do to defend your code against the Dark Arts.