April 24, 2020
Stories this week about targeted attacks using 0days in iOS devices & a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore that malicious attacks are becoming increasingly sophisticated. We also cover a plugin vulnerability in the MapPress Maps plugin affecting over 80k WordPress sites, Google’s report that they’re seeing more than 18M daily malware & phishing emails. We also cover Frontity's funding & what this might mean for WordPress.
April 17, 2020
The FTC is reporting numerous scams with over $12 million lost to Coronavirus-related scams. We also cover BBB warnings against oversharing on social media, Zoom credentials found on the dark web, Google's removal of malicious Chrome extensions, & recent plugin/theme vulnerabilities. We chat with Adam Silver, host of the KitchenSinkWP podcast, celebrating 6 years of podcasting. We ask Adam about his consistent success, experiences with WordCamps, & the impact of Open, the film about the WordPress community.
April 6, 2020
This week, we look at what’s new in WordPress 5.4, including that distraction free editing is now on by default. We also look at new plugin vulnerabilities, including Rank Math and a Contact From 7 helper plugin. We review the new updates to Fast or Slow, the free global website speed profiler. We also talk about Zoom’s recent security and privacy issues, including a recent discovery by a security researcher who found recordings of meetings containing sensitive information on Zoom’s cloud service.
March 25, 2020
With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin vulnerabilities as well as a new product from Wordfence, Fast or Slow, a global website speed profiler.
March 14, 2020
We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. We also cover two plugins with vulnerabilities, more cancelled WordCamps, some hackers taking advantage of the fear surrounding COVID-19, the rise of remote work, and what’s coming with full screen editing in WordPress 5.4.
March 6, 2020
Elementor announced that they've received $15 million in venture funding. After topping 4 million plugin installations in January, it appears that Elementor is on a path to do some big things with WordPress. This week, we chat with Elementor CRO Kfir Bitton asking how Elementor grew so quickly, what's next for this plugin-turned-platform. We also have news: how COVID-19 is affecting WordCamps, the Let's Encrypt domain control validation bug, and a coupon creation vulnerability in WooCommerce Smart Coupons.
February 29, 2020
This week, we review numerous plugin vulnerabilities in popular WordPress plugins & the attacks that are targeting them. We review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland's discovery of multiple vulnerabilities in the Pricing Table by Supsystic plugin. We also ask lead customer support engineer Tim Cantrell about the different ways to use Wordfence settings for brute force protection, blocking IP addresses, and how to prevent alert fatigue.
February 28, 2020
Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Almost all critical vulnerabilities boil down to a few common mistakes. In this talk from WordCamp Phoenix, Ramuel Gall reviews these common errors & provides advice on creating secure plugins. Check out the video on YouTube to see slides with example code. Transcript in the show notes.
February 21, 2020
A busy week in WordPress security with active attacks on a number of plugins including ThemeRex AddOns & Theme Grill Demo Importer plugins. We also look at a vulnerability uncovered in the wpCentral plugin installed on over 60,000 sites, a WHO phishing attack, & Malwarebytes’ State of Malware report. We also include the audio from Chloe Chamberland's talk from WordCamp Phoenix about working remotely as a nomad. Her talk starts at 19:13 to skip ahead, though we recommend watching the video on YouTube.
February 15, 2020
WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that had planned to travel to this inaugural regional WordCamp. We also cover a number of WordPress plugin vulnerabilities disclosed this week and over 500 malicious Chrome extensions affecting millions of browsers worldwide.
February 7, 2020
We take a look at the annual hacked site report from GoDaddy's Sucuri Security and the types of malware they found in various CMS and shopping cart applications. Microsoft reports they're finding 77k web shells daily, and WP Scan's roundup lists a number of popular plugins and themes with recent vulnerabilities. A report from students at Harvard University exposes the growing risks of online leaks & breaches.
January 30, 2020
Chloe Chamberland never wanted to get into security, yet in the last three years, she has emerged as one of our most prolific threat researchers. Not only does she find vulnerabilities in numerous popular plugins, she also travels the world while doing so. Chloe talked to me from a cabin in a remote area of Alaska, where she saw a moose for the first time. Chloe talks about how she got started in security & gives advice for young people who want to get into security.
January 17, 2020
Welcome to 2020! We're making some changes to Think Like a Hacker and wanted to let you know. We're moving to an audio-only version of the podcast, publishing twice per month. We also wanted to let you know about 3 major vulnerabilities in WordPress plugins potentially affecting over 400,000 WordPress installations. Details are on the Wordfence blog as well.
December 20, 2019
We've had quite a year with Think Like a Hacker, the podcast about WordPress, security & innovation. For our end of year episode, we take a look back at a few of our favorite interviews & news stories. We review conversations with Josepha Haden, Brandy Lawson, Jennifer Bourn, Matt Cromwell, and we look back at the Pipdig story. Thank you to everyone who chatted with us over the first year, and thank you to our audience for listening. Happy holidays to everyone celebrating, and we'll see you in 2020.
December 18, 2019
With Google Chrome experimenting with a badge of shame for websites that load slowly, there is a new urgency for high performance interfaces for web users. Gatsby, Gridsome & other static site interfaces are hot in the development community right now, especially when talking about headless WordPress. At WordCamp US, Mark chats with Dave Ryan about these technologies, reminding us that no matter the technology we use to create a website, our decisions during development matter to the end users' experience.
December 12, 2019
A small furor erupted over a top influencers in WordPress list that neglected to show the diverse nature of the WordPress community. We talk about the impossibility of making an accurate list reflecting WordPress influence or contribution, & the diversity we saw during production on Open, our film project. We also talk about Google plans to give slow websites a new badge of shame in Chrome, password security updates in Chrome 79, & the DHS reconsiders a plan to use facial recognition on U.S. travelers.
December 10, 2019
Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email abuse, a constant battle that Mailpoet is winning. They also talk about net promoter scores and what it means for the success of a SaaS business.
December 6, 2019
Yoast, the SEO plugin installed on 9 million sites, ran a Black Friday sale, experimenting with an ad in the WordPress admin dashboard. The furor was dramatic, & Yoast's CEO Marieke van de Rakt took ownership, showing exceptional leadership. We discuss the ad & the response, & the challenges of running a plugin business under a freemium model. We also cover stories about AVG & Avast browser extensions, the Magento Marketplace hack, the private equity purchase of .org & a data leak affecting 1.2 billion.
November 22, 2019
Maddy Osman is a SEO content strategist that has worked with a number of familiar brands in both the WordPress and SaaS spaces. She spoke at WordCamp US and took some time to chat with us at the Wordfence sponsor booth. Maddy talks about how she got started in SEO content strategy after doing web design and development, and also what the entrepreneurial journey has been like for her. Maddy also shows off some of her lock picking skills she picked up while hanging out at the Wordfence booth.
November 20, 2019
We review the premiere of Open, The Community Code, a film about the WordPress community that world premiered at the State of the Word Keynote at WordCamp US. Mark & Kathy talk about what it was like watching friends in the community see the film for the first time. We also discuss recent updates in WordPress 5.3, especially improvements to the Gutenberg editor, accessibility, & site health. We also cover Google Chrome's plans to warn & block mixed content and how to prepare now for these upcoming changes.
November 14, 2019
At WordCamp US in Saint Louis, Mark sat down with Yoast CEO Marieke van de Rakt and COO Michiel Heijmans in the Wordfence booth to talk about not only how Yoast began, but also how they've grown to over 9 million active installations and the challenges of managing such a large user base. Marieke and Michiel also talk about the big changes coming in 2020 for the Yoast plugin as well as training and educational efforts via Yoast Academy.
November 8, 2019
Kathy Zant gave a presentation about The Hacker Mindset at WordCamp US 2019 in St. Louis. Learning to think like a hacker in the security realm is a big part of keeping your assets safe, and there are additional benefits. Kathy illustrates how the hacker mindset is much more than protecting your site. Thinking like a hacker can also help you break through perceived limitations, overcome obstacles, and capitalize on opportunities to innovate.
November 1, 2019
Mark and Kathy connect in person on Halloween in St. Louis to talk about what's happening at WordCamp US. We review what's new at WCUS, some of the more interesting sessions, and all of the fun activities Wordfence is bringing to North America's largest WordCamp. Kathy and Mark also tear down the 4th wall to talk to award-winning Director Sean Korbitz, the creative force behind OPEN | The Community Code, the movie about the WordPress community that premieres Saturday, November 2.
October 18, 2019
Andrea Zoellner has been an organizer of WordCamp Montreal and is the Chief Content Creator at SiteGround. Andrea focuses on supporting SiteGround customers in the North American & English-speaking market. With a background in journalism, Andrea found WordPress as the easiest way to get online. She talked with us at WordCamp Sacramento about her WordPress origin story and how her position at SiteGround puts her in a unique position to innovate through new tools & services for WordPress users at SiteGround.
October 16, 2019
We cover WeWork's failed IPO & financial woes and how this likely led to Meetup's introduction of an RSVP fee. We discuss why this doesn't bode well for WeWork's future. We also look at the WordPress 5.2.4 security release & what fixes are included. We discuss the release of PHP 7.4 & how WordPress core is preparing. We also get a little excited about our plans for WordCamp US & our party to celebrate the worldwide premiere of the open-source film about the WordPress community: Open, The Community Code.
October 10, 2019
Jennifer Bourn has been a leader in the WordPress community for years, helping WordPress users of all experience levels get the most out of WordPress. She has created websites for recognizable brands through her design company, Bourn Creative. At WordCamp Sacramento, we talked about how the community has opened experiences for her entire family, her new ventures in training including Content Camp and the Profitable Project Plan, the Bourn family goal of visiting all national parks & the future of WordPress.
October 3, 2019
At WordCamp Minneapolis, our Lead Customer Service Engineer Tim Cantrell chats with Lindsey Miller about her work as Partner Marketing Manager at LiquidWeb. Tim and Lindsey also talk about the challenges of being a remote worker, and how the connections in the WordPress community can help individuals make connections that grow a business. Lindsey also turns the tables and interviews Tim, asking how he got involved in WordPress and came to be the lead customer service engineer at Wordfence.
October 1, 2019
Salesforce Ventures invested $300 million into Automattic at a $3 billion valuation. We discuss what this might mean for Automattic, the WordPress community, and the WordPress ecosystem by analyzing the roots of Salesforce and the opportunities it brings to WordPress. We also talk about features and fixes coming in November to WordPress 5.3 especially within the block editor and site health check. We also look at the DoorDash breach affecting nearly 5 million users.
September 26, 2019
At WordCamp Sacramento, Matt Cromwell from GiveWP talked with us about how Give began, democratizing generosity, & how they handled the vulnerability disclosure from our team. When our security researchers reached out, Give & Wordfence worked together to ensure that the vulnerability was patched in the safest way possible. Matt also tells us how he got involved with WordPress & how he gives back to the community through the Advanced WordPress Facebook group with over 30K members.
September 25, 2019
We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team's work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.
September 20, 2019
This week, our lead customer service engineer Tim Cantrell interviews Zach Stepek, CEO of MindSize, a digital agency focused on helping customers scale and succeed with eCommerce. Zach talks about how he got started with WordPress and WooCommerce, new features in JetPack that add functionality to WooCommerce, and how critical security is to site owners no matter what platform they use to sell goods and services online.
September 10, 2019
WordPress core version 5.2.3 was released on Sept. 4. This was a security release patching eight vulnerabilities in WordPress core, most of which were cross site scripting. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey's Twitter account, and the lessons for all of us in using our cellphones and mobile devices for securing our online accounts.
September 5, 2019
This week, we chat about WordPress 5.3 and some of the new features we will see added to WordPress in November, including improvements to the editor and a switch to meta tags for better control over search engine indexing. We also cover the latest developments with our threat intelligence team's research into an ongoing malvertising campaign targeting WordPress plugin vulnerabilities. This story received news coverage, and that coverage caused Wix to Tweet a cheeky dig at WordPress that fell flat.
August 29, 2019
Bill Rice is the CEO of Kaleidico. We chatted at WordCamp Minneapolis about WordPress and the community, and his work creating websites that convert. Bill spoke at WordCamp Minneapolis about trends in WordPress website design that allow businesses to deeply engage with site visitors. Mobile browsing has changed the way users interact with the web on all devices, including desktop. In this episode, Bill tells us how this shift creates new opportunities to design compelling digital experiences.
August 22, 2019
As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at WordCamp Orlando as well as a homeschooling mom, and runs a digital agency helping small businesses benefit from data-driven marketing.
August 20, 2019
WordPress core developers recently discussed removing support for code signing in WordPress core, included with the WordPress 5.2 release. The discussion suggested implementing SSL verification & hashes to verify code integrity instead. We chat about the history behind the vulnerability found by Wordfence's Matt Barry, which motivated the addition of code signing. We review several supply chain attacks, discussing how SSL & hashes wouldn't protect against a sophisticated attack on WordPress core servers.
August 16, 2019
Topher DeRosia is the Developer Evangelist for BigCommerce & a frequent WordCamp speaker. He's worked with WordPress for a long time & is the man behind HeroPress, telling the stories of transformed lives because of WordPress. HeroPress is now syndicated on At WordCamp Boston, Topher and Kathy talked about everything WordPress from security to eCommerce, HeroPress, headless WordPress, headless eCommerce & how these new methods of distributing content & commerce will change publishing.
August 13, 2019
The Wall Street Journal reported on August 12 that Verizon is selling social media & blogging platform Tumblr to Automattic. Automattic CEO Matt Mullenweg answered questions on PostStatus, outlining plans to migrate off of Verizon, move Tumblr's backend to WordPress, and support the same APIs on both & Tumblr. Mullenweg noted that this is "by far the largest investment or acquisition Automattic has ever made." In this episode, we discuss the implications for Tumblr, WordPress, and Automattic.
August 8, 2019
In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability. He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design.
August 7, 2019
This week, we talk about our corporate trip to DEF CON, the WordPress security team's proposal to backport security fixes to fewer releases, a new feature proposal called WP Notify that has a number of very positive implications for WordPress users, Cloudflare's decision to terminate service for 8Chan, and a European court's ruling that companies using the Facebook "like" button are liable for data collection.
August 2, 2019
Jem Turner was one of the security researchers that found malicious code in Pipdig's P3 plugin. Both Jem and Wordfence's Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features. At WordCamp Europe, Mark sat down with Jem and asked about her process of finding this malicious code. Jem also talks about the unexpected reaction from the Pipdig developer and their users, and how the community of bloggers banded together to help each other.
July 31, 2019
This week we talk about the Capital One breach affecting over 100 million customers and some important takeaway lessons from that case. We also look at news with the the Equifax settlement, a spearphishing campaign targeting ProtonMail users, the conclusion to Marcus Hutchins' legal woes, and Facebook's $5 billion fine and new regulation from the FTC, amongst other stories.
July 26, 2019
David Jardin is the Security Strike Team Lead for Joomla, an open-source content management system powering more than 2.5 million websites. At WordCamp Europe, Mark and David sat down and talked about the workflow for Joomla security reports and why a proper proof of concept makes fixing vulnerabilities easier for security teams. They also discussed the improvements in cryptographic code signing expected in Joomla 4, its next major release.
July 23, 2019
This week, we cover WordPress vulnerabilities targeted by a malvertising campaign and an important iOS security update. We also look at Equifax's $700 million settlement and a recent uptick of new breaches added to Have I Been Pwned. Along with other news and a summary of WordCamp Boston, we talk about the film project we've worked on since late last year. Open | The Community Code will premiere November 2019. We talk about how and why we created this film about the open-source WordPress community.
July 19, 2019
At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the world. You can find Chris on Twitter @technerdteitzel and learn more about his company at
July 17, 2019
This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google's decision to remove Chrome's built-in XSS protection, a researcher's discovery of vulnerability in Instagram's 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.
July 12, 2019
At WordCamp Atlanta, Mark sat down with Chris Wiegman, creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about being a flight captain flying over Hawaii & what happened when an earthquake occurred shortly after takeoff. He also describes creating Better WP Security, selling the plugin to iThemes & the tools he's created in his new role at WP Engine. He describes his move to WP Engine as "the move I didn't know I needed to make."
July 9, 2019
A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. We also cover the WP Engine acquisition of Flywheel, cPanel's new pricing, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches & leaks of the week, amongst other stories.
July 5, 2019
Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization's mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success. You can connect with Carrie on LinkedIn or at
June 27, 2019
Ryan Dewhurst is an ethical hacker & penetration tester who has developed tools that make finding vulnerabilities in WordPress easier. Ryan is 1 of 3 contributors to WPScan, a command line tool that streamlines this testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan & Mark talk about these services, how they work, how they're used & how you can use them to test your own site's security.
June 24, 2019
From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. A phishing breach at Oregon DHS affects over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp data breach.
June 21, 2019
Mark sat down with Frank Robinson at WordCamp Atlanta a few weeks ago. Frank started Studio Media 22 in 2008, an agency focused on building sites and digital media in the beauty industry. Frank is a software designer and entrepreneur growing his business. We talk about why he focused on the beauty industry and how that gives him a competitive advantage, the opportunities for business, film and technology in Atlanta as well as why security and Wordfence is such a critical part of his business.
June 20, 2019
This week, we're at WordCamp Europe in Berlin & there is a lot of news to cover. We talk about a WordPress VIP outage, WordPress version 5.2.2, vulns in two Facebook WordPress plugins, a Google Chrome Suspicious Site Reporter & a Chrome extension hijacking search results. We talk about Troy Hunt's Have I Been Pwned project as he preps its sale, a Firefox 0Day and 2 more American municipalities affected by malware amongst other stories.
June 13, 2019
Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this powerful form builder. James & Mark talk about revenue models that work, how to find new opportunities, experimentation with new products & learning from your customers. They also discuss how to choose your next project when you have too many ideas, & new businesses WP Ninjas are exploring in eCommerce.
June 11, 2019
This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port attack.
June 7, 2019
At WordCamp OC, Nathan Ingram participated in a business track discussion about failure, something with which most entrepreneurs are familiar. In this interview, both Mark & Nathan talk about being an entrepreneur and how "the best lessons in life are learned from failure." Nathan recently lost 50 pounds in 2 months. He talks about the micro-habits that he leveraged to make big successful changes. The interview has a number of lessons for optimizing business processes & finding better balance in life.
June 6, 2019
In episode 19 we talk to Brad Haas about recently patched service vulnerabilities that impacted four popular hosting companies. We also talk about a new login security plugin for WordPress that we've launched. In the news we cover a wave of SIM swapping attacks hitting cryptocurrency users, NGINX vulnerabilities and recent data breaches affecting the personal information of millions of people.
May 31, 2019
At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to an agency as well as trust & interdependence in remote work. Verious is always striving to learn new things to optimize performance and improve workflow.
May 29, 2019
Mikey Veenstra joins us to talk about 3 WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress sites. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, 0day Windows exploits released by a disgruntled security researcher, 2 large scale data leaks affecting millions and revisit the Baltimore ransomware incident.
May 24, 2019
If you've ever attended a WordCamp or a WordPress meetup, that community experience was based on the guidance & support from WordCamp Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps & over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers organizing events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups & WordCamps, challenges facing the growing community & getting involved.
May 21, 2019
In this week's news we have a lot to cover. We talk about an intrusion at StackOverflow, a proposal to modify the WordPress plugin guidelines, how Chinese hackers are getting better at stealing US cyber secrets, ethical issues of firms promising ransomware solutions that only include paying the ransomware, a breach on the Joomla extension directory server, Google's aggregation of your purchase receipts and suspension of Android support for Huawei amongst many other stories.
May 16, 2019
Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had the pleasure of talking with Andy at WordCamp Orange County. He's a fascinating person and I really think you'll enjoy our conversation.
May 14, 2019
This week we cover the WhatsApp zero-day vulnerability that allegedly was used to infect phones with malware. We announce a new Wordfence update, making an updated two-factor authentication feature available to all Wordfence users. We cover a story about SIM hijacking and discuss why we need to move away from SMS authentication. We also cover an ongoing supply-chain attack affecting thousands of sites, three antivirus companies that have been compromised, a malvertiser indictment, and other stories.
May 11, 2019
Dave Ryan is an Interdisciplinary WordPress Developer at Bluehost, where he focuses on helping build WordPress and supporting the WordPress community. He is an organizer for Phoenix area WordPress meetups and WordCamp Phoenix. He also speaks at numerous WordCamps around the country. In the past Dave has worked for large publishers and universities and scaling high-traffic WordPress sites by blending his skills in information design, journalism and web development.
May 8, 2019
Welcome to the 10th episode of Think Like a Hacker. We're doing things differently this week, separating news & our interview into 2 episodes. Today we cover the news & we will share our interview later this week. We discuss new cryptographic protection against supply chain attacks in WordPress 5.2. We talk about Israel's missile attack against Hamas hackers, a data breach affecting 80M households, the Gutenberg accessibility audit, a "do not track" bill, a hacker selling Windows 0-Days & other stories.
May 1, 2019
We cover quite a few stories: 2 plugins with vulnerabilities, WordPress 5.2 & a now-defunct dark web marketplace. We follow up on Google's Sensorvault, Richard Stallman's comments on Facebook & JetBlue's use of facial recognition. We look at GoDaddy's removal of 15k spam subdomains, a Docker breach & Slack's upcoming IPO. Listen to a great conversation with Jon Brown, CEO of 9seeds, a digital agency in Idyllwild, CA. Jon & I talk about running an agency, remote work, being a digital nomad & WordPress.
April 23, 2019
We look at Troy Hunt's pen testing of the TicTocTrack watch, changes coming in the AMP project & implications of the UK's new porn age restriction law. We review a story about "SeaTurtle" espionage campaign. We look at why the Nigerian prince scam is still netting over $700k / year, and how the City of Chicago lost over $1 million in a phishing scam. I also speak with Chris & Katie Bayer, the owners of Black Mountain Coffee Roasting. If you love coffee and WordPress you're going to love this interview.
April 17, 2019
This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google's Sensorvault and how it's being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a new AirBnB scam. I also talked to Tyler Lau at WordCamp Phoenix last month, and we share that interview with you today. Tyler is the Social Community Manager at Sandhills Development.
April 10, 2019
This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you'll really enjoy.
April 3, 2019
This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress and the co-founder of agency Mode Effect. Raquel and I chat about her adventures as a mom in tech, Gutenberg, her approach to networking, what it is like being a WordCamp Phoenix organizer and what she is up to for the rest of this year. Enjoy!! ~Mark Maunder
March 26, 2019
This week we have an update on the Social Warfare plugin vulnerability, how it was more serious than originally thought, and a feud that has broken out between a security researcher and forum moderators. We also have some interesting data on how WordPress will become more secure soon with code signing. And along with several other news items, we have a spectacular interview with Aaron Campbell, the former head of WordPress security. Enjoy!!
March 21, 2019
This week we have breaking news with a serious vulnerability in the Easy WP SMTP WordPress plugin. We are seeing exploits actively target this vulnerability. We also cover the week's news with Kathy Zant and have a spectacular interview with Cory Miller where he chats about how he started iThemes, why he sold to Liquid Web, some of the challenges of being a founder and what is next for him. Enjoy!!
March 12, 2019
Welcome to Think Like a Hacker, Episode 2. In this episode Mikey Veenstra, a threat analyst at Wordfence discusses a serious XSS vulnerability in an abandoned cart plugin. We also chat with Adam Warner, a well known figure in the WordPress community. In our interview we chat about Adam's personal WordPress journey, community engagement success and the future of WordPress. And as always we cover the news with Kathy Zant.
March 7, 2019
Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users' security and more.
      0:00:00 / 0:00:00