Mark Maunder co-founded Wordfence in 2011 after his WordPress site was hacked and he learned how hard it was to clean and secure. Today the team has grown to over 35 members world-wide and Wordfence protects over 3 million WordPress sites. Join Mark as he and his colleague Kathy Zant cover interesting topics related to WordPress, security and innovation. Episodes alternate between security news and interviews with innovators from WordPress and information security communities.
Stories this week about targeted attacks using 0days in iOS devices & a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore that malicious attacks are becoming increasingly sophisticated. We also cover a plugin vulnerability in the MapPress Maps plugin affecting over 80k WordPress sites, Google’s report that they’re seeing more than 18M daily malware & phishing emails. We also cover Frontity's funding & what this might mean for WordPress.
The FTC is reporting numerous scams with over $12 million lost to Coronavirus-related scams. We also cover BBB warnings against oversharing on social media, Zoom credentials found on the dark web, Google's removal of malicious Chrome extensions, & recent plugin/theme vulnerabilities. We chat with Adam Silver, host of the KitchenSinkWP podcast, celebrating 6 years of podcasting. We ask Adam about his consistent success, experiences with WordCamps, & the impact of Open, the film about the WordPress community.
This week, we look at what’s new in WordPress 5.4, including that distraction free editing is now on by default. We also look at new plugin vulnerabilities, including Rank Math and a Contact From 7 helper plugin. We review the new updates to Fast or Slow, the free global website speed profiler. We also talk about Zoom’s recent security and privacy issues, including a recent discovery by a security researcher who found recordings of meetings containing sensitive information on Zoom’s cloud service.
With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin vulnerabilities as well as a new product from Wordfence, Fast or Slow, a global website speed profiler.
We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. We also cover two plugins with vulnerabilities, more cancelled WordCamps, some hackers taking advantage of the fear surrounding COVID-19, the rise of remote work, and what’s coming with full screen editing in WordPress 5.4.
Elementor announced that they've received $15 million in venture funding. After topping 4 million plugin installations in January, it appears that Elementor is on a path to do some big things with WordPress. This week, we chat with Elementor CRO Kfir Bitton asking how Elementor grew so quickly, what's next for this plugin-turned-platform. We also have news: how COVID-19 is affecting WordCamps, the Let's Encrypt domain control validation bug, and a coupon creation vulnerability in WooCommerce Smart Coupons.
This week, we review numerous plugin vulnerabilities in popular WordPress plugins & the attacks that are targeting them. We review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland's discovery of multiple vulnerabilities in the Pricing Table by Supsystic plugin. We also ask lead customer support engineer Tim Cantrell about the different ways to use Wordfence settings for brute force protection, blocking IP addresses, and how to prevent alert fatigue.
Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Almost all critical vulnerabilities boil down to a few common mistakes. In this talk from WordCamp Phoenix, Ramuel Gall reviews these common errors & provides advice on creating secure plugins. Check out the video on YouTube to see slides with example code. Transcript in the show notes.
A busy week in WordPress security with active attacks on a number of plugins including ThemeRex AddOns & Theme Grill Demo Importer plugins. We also look at a vulnerability uncovered in the wpCentral plugin installed on over 60,000 sites, a WHO phishing attack, & Malwarebytes’ State of Malware report. We also include the audio from Chloe Chamberland's talk from WordCamp Phoenix about working remotely as a nomad. Her talk starts at 19:13 to skip ahead, though we recommend watching the video on YouTube.
WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that had planned to travel to this inaugural regional WordCamp. We also cover a number of WordPress plugin vulnerabilities disclosed this week and over 500 malicious Chrome extensions affecting millions of browsers worldwide.
We take a look at the annual hacked site report from GoDaddy's Sucuri Security and the types of malware they found in various CMS and shopping cart applications. Microsoft reports they're finding 77k web shells daily, and WP Scan's roundup lists a number of popular plugins and themes with recent vulnerabilities. A report from students at Harvard University exposes the growing risks of online leaks & breaches.
Chloe Chamberland never wanted to get into security, yet in the last three years, she has emerged as one of our most prolific threat researchers. Not only does she find vulnerabilities in numerous popular plugins, she also travels the world while doing so. Chloe talked to me from a cabin in a remote area of Alaska, where she saw a moose for the first time. Chloe talks about how she got started in security & gives advice for young people who want to get into security.
Welcome to 2020! We're making some changes to Think Like a Hacker and wanted to let you know. We're moving to an audio-only version of the podcast, publishing twice per month. We also wanted to let you know about 3 major vulnerabilities in WordPress plugins potentially affecting over 400,000 WordPress installations. Details are on the Wordfence blog as well.
We've had quite a year with Think Like a Hacker, the podcast about WordPress, security & innovation. For our end of year episode, we take a look back at a few of our favorite interviews & news stories. We review conversations with Josepha Haden, Brandy Lawson, Jennifer Bourn, Matt Cromwell, and we look back at the Pipdig story. Thank you to everyone who chatted with us over the first year, and thank you to our audience for listening. Happy holidays to everyone celebrating, and we'll see you in 2020.
With Google Chrome experimenting with a badge of shame for websites that load slowly, there is a new urgency for high performance interfaces for web users. Gatsby, Gridsome & other static site interfaces are hot in the development community right now, especially when talking about headless WordPress. At WordCamp US, Mark chats with Dave Ryan about these technologies, reminding us that no matter the technology we use to create a website, our decisions during development matter to the end users' experience.
A small furor erupted over a top influencers in WordPress list that neglected to show the diverse nature of the WordPress community. We talk about the impossibility of making an accurate list reflecting WordPress influence or contribution, & the diversity we saw during production on Open, our film project. We also talk about Google plans to give slow websites a new badge of shame in Chrome, password security updates in Chrome 79, & the DHS reconsiders a plan to use facial recognition on U.S. travelers.
Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email abuse, a constant battle that Mailpoet is winning. They also talk about net promoter scores and what it means for the success of a SaaS business.
Yoast, the SEO plugin installed on 9 million sites, ran a Black Friday sale, experimenting with an ad in the WordPress admin dashboard. The furor was dramatic, & Yoast's CEO Marieke van de Rakt took ownership, showing exceptional leadership. We discuss the ad & the response, & the challenges of running a plugin business under a freemium model. We also cover stories about AVG & Avast browser extensions, the Magento Marketplace hack, the private equity purchase of .org & a data leak affecting 1.2 billion.
Maddy Osman is a SEO content strategist that has worked with a number of familiar brands in both the WordPress and SaaS spaces. She spoke at WordCamp US and took some time to chat with us at the Wordfence sponsor booth. Maddy talks about how she got started in SEO content strategy after doing web design and development, and also what the entrepreneurial journey has been like for her. Maddy also shows off some of her lock picking skills she picked up while hanging out at the Wordfence booth.
We review the premiere of Open, The Community Code, a film about the WordPress community that world premiered at the State of the Word Keynote at WordCamp US. Mark & Kathy talk about what it was like watching friends in the community see the film for the first time. We also discuss recent updates in WordPress 5.3, especially improvements to the Gutenberg editor, accessibility, & site health. We also cover Google Chrome's plans to warn & block mixed content and how to prepare now for these upcoming changes.
At WordCamp US in Saint Louis, Mark sat down with Yoast CEO Marieke van de Rakt and COO Michiel Heijmans in the Wordfence booth to talk about not only how Yoast began, but also how they've grown to over 9 million active installations and the challenges of managing such a large user base. Marieke and Michiel also talk about the big changes coming in 2020 for the Yoast plugin as well as training and educational efforts via Yoast Academy.
Kathy Zant gave a presentation about The Hacker Mindset at WordCamp US 2019 in St. Louis. Learning to think like a hacker in the security realm is a big part of keeping your assets safe, and there are additional benefits. Kathy illustrates how the hacker mindset is much more than protecting your site. Thinking like a hacker can also help you break through perceived limitations, overcome obstacles, and capitalize on opportunities to innovate.
Mark and Kathy connect in person on Halloween in St. Louis to talk about what's happening at WordCamp US. We review what's new at WCUS, some of the more interesting sessions, and all of the fun activities Wordfence is bringing to North America's largest WordCamp. Kathy and Mark also tear down the 4th wall to talk to award-winning Director Sean Korbitz, the creative force behind OPEN | The Community Code, the movie about the WordPress community that premieres Saturday, November 2.
Andrea Zoellner has been an organizer of WordCamp Montreal and is the Chief Content Creator at SiteGround. Andrea focuses on supporting SiteGround customers in the North American & English-speaking market. With a background in journalism, Andrea found WordPress as the easiest way to get online. She talked with us at WordCamp Sacramento about her WordPress origin story and how her position at SiteGround puts her in a unique position to innovate through new tools & services for WordPress users at SiteGround.
We cover WeWork's failed IPO & financial woes and how this likely led to Meetup's introduction of an RSVP fee. We discuss why this doesn't bode well for WeWork's future. We also look at the WordPress 5.2.4 security release & what fixes are included. We discuss the release of PHP 7.4 & how WordPress core is preparing. We also get a little excited about our plans for WordCamp US & our party to celebrate the worldwide premiere of the open-source film about the WordPress community: Open, The Community Code.
Jennifer Bourn has been a leader in the WordPress community for years, helping WordPress users of all experience levels get the most out of WordPress. She has created websites for recognizable brands through her design company, Bourn Creative. At WordCamp Sacramento, we talked about how the community has opened experiences for her entire family, her new ventures in training including Content Camp and the Profitable Project Plan, the Bourn family goal of visiting all national parks & the future of WordPress.
At WordCamp Minneapolis, our Lead Customer Service Engineer Tim Cantrell chats with Lindsey Miller about her work as Partner Marketing Manager at LiquidWeb. Tim and Lindsey also talk about the challenges of being a remote worker, and how the connections in the WordPress community can help individuals make connections that grow a business. Lindsey also turns the tables and interviews Tim, asking how he got involved in WordPress and came to be the lead customer service engineer at Wordfence.
Salesforce Ventures invested $300 million into Automattic at a $3 billion valuation. We discuss what this might mean for Automattic, the WordPress community, and the WordPress ecosystem by analyzing the roots of Salesforce and the opportunities it brings to WordPress. We also talk about features and fixes coming in November to WordPress 5.3 especially within the block editor and site health check. We also look at the DoorDash breach affecting nearly 5 million users.
At WordCamp Sacramento, Matt Cromwell from GiveWP talked with us about how Give began, democratizing generosity, & how they handled the vulnerability disclosure from our team. When our security researchers reached out, Give & Wordfence worked together to ensure that the vulnerability was patched in the safest way possible. Matt also tells us how he got involved with WordPress & how he gives back to the community through the Advanced WordPress Facebook group with over 30K members.
We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team's work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.
This week, our lead customer service engineer Tim Cantrell interviews Zach Stepek, CEO of MindSize, a digital agency focused on helping customers scale and succeed with eCommerce. Zach talks about how he got started with WordPress and WooCommerce, new features in JetPack that add functionality to WooCommerce, and how critical security is to site owners no matter what platform they use to sell goods and services online.
WordPress core version 5.2.3 was released on Sept. 4. This was a security release patching eight vulnerabilities in WordPress core, most of which were cross site scripting. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey's Twitter account, and the lessons for all of us in using our cellphones and mobile devices for securing our online accounts.
This week, we chat about WordPress 5.3 and some of the new features we will see added to WordPress in November, including improvements to the editor and a switch to meta tags for better control over search engine indexing. We also cover the latest developments with our threat intelligence team's research into an ongoing malvertising campaign targeting WordPress plugin vulnerabilities. This story received news coverage, and that coverage caused Wix to Tweet a cheeky dig at WordPress that fell flat.
Bill Rice is the CEO of Kaleidico. We chatted at WordCamp Minneapolis about WordPress and the community, and his work creating websites that convert. Bill spoke at WordCamp Minneapolis about trends in WordPress website design that allow businesses to deeply engage with site visitors. Mobile browsing has changed the way users interact with the web on all devices, including desktop. In this episode, Bill tells us how this shift creates new opportunities to design compelling digital experiences.
As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at WordCamp Orlando as well as a homeschooling mom, and runs a digital agency helping small businesses benefit from data-driven marketing.
WordPress core developers recently discussed removing support for code signing in WordPress core, included with the WordPress 5.2 release. The discussion suggested implementing SSL verification & hashes to verify code integrity instead. We chat about the history behind the vulnerability found by Wordfence's Matt Barry, which motivated the addition of code signing. We review several supply chain attacks, discussing how SSL & hashes wouldn't protect against a sophisticated attack on WordPress core servers.
Topher DeRosia is the Developer Evangelist for BigCommerce & a frequent WordCamp speaker. He's worked with WordPress for a long time & is the man behind HeroPress, telling the stories of transformed lives because of WordPress. HeroPress is now syndicated on WordPress.org/news. At WordCamp Boston, Topher and Kathy talked about everything WordPress from security to eCommerce, HeroPress, headless WordPress, headless eCommerce & how these new methods of distributing content & commerce will change publishing.
The Wall Street Journal reported on August 12 that Verizon is selling social media & blogging platform Tumblr to Automattic. Automattic CEO Matt Mullenweg answered questions on PostStatus, outlining plans to migrate off of Verizon, move Tumblr's backend to WordPress, and support the same APIs on both WordPress.com & Tumblr. Mullenweg noted that this is "by far the largest investment or acquisition Automattic has ever made." In this episode, we discuss the implications for Tumblr, WordPress, and Automattic.
In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability. He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design.
This week, we talk about our corporate trip to DEF CON, the WordPress security team's proposal to backport security fixes to fewer releases, a new feature proposal called WP Notify that has a number of very positive implications for WordPress users, Cloudflare's decision to terminate service for 8Chan, and a European court's ruling that companies using the Facebook "like" button are liable for data collection.
Jem Turner was one of the security researchers that found malicious code in Pipdig's P3 plugin. Both Jem and Wordfence's Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features. At WordCamp Europe, Mark sat down with Jem and asked about her process of finding this malicious code. Jem also talks about the unexpected reaction from the Pipdig developer and their users, and how the community of bloggers banded together to help each other.
This week we talk about the Capital One breach affecting over 100 million customers and some important takeaway lessons from that case. We also look at news with the the Equifax settlement, a spearphishing campaign targeting ProtonMail users, the conclusion to Marcus Hutchins' legal woes, and Facebook's $5 billion fine and new regulation from the FTC, amongst other stories.
David Jardin is the Security Strike Team Lead for Joomla, an open-source content management system powering more than 2.5 million websites. At WordCamp Europe, Mark and David sat down and talked about the workflow for Joomla security reports and why a proper proof of concept makes fixing vulnerabilities easier for security teams. They also discussed the improvements in cryptographic code signing expected in Joomla 4, its next major release.
This week, we cover WordPress vulnerabilities targeted by a malvertising campaign and an important iOS security update. We also look at Equifax's $700 million settlement and a recent uptick of new breaches added to Have I Been Pwned. Along with other news and a summary of WordCamp Boston, we talk about the film project we've worked on since late last year. Open | The Community Code will premiere November 2019. We talk about how and why we created this film about the open-source WordPress community.
At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the world.
You can find Chris on Twitter @technerdteitzel and learn more about his company at www.lockr.io.
This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google's decision to remove Chrome's built-in XSS protection, a researcher's discovery of vulnerability in Instagram's 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.
At WordCamp Atlanta, Mark sat down with Chris Wiegman, creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about being a flight captain flying over Hawaii & what happened when an earthquake occurred shortly after takeoff. He also describes creating Better WP Security, selling the plugin to iThemes & the tools he's created in his new role at WP Engine. He describes his move to WP Engine as "the move I didn't know I needed to make."
A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists.
We also cover the WP Engine acquisition of Flywheel, cPanel's new pricing, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches & leaks of the week, amongst other stories.
Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization's mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success. You can connect with Carrie on LinkedIn or at liquidweb.com.
Ryan Dewhurst is an ethical hacker & penetration tester who has developed tools that make finding vulnerabilities in WordPress easier. Ryan is 1 of 3 contributors to WPScan, a command line tool that streamlines this testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan & Mark talk about these services, how they work, how they're used & how you can use them to test your own site's security.
From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. A phishing breach at Oregon DHS affects over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp data breach.
Mark sat down with Frank Robinson at WordCamp Atlanta a few weeks ago. Frank started Studio Media 22 in 2008, an agency focused on building sites and digital media in the beauty industry. Frank is a software designer and entrepreneur growing his business. We talk about why he focused on the beauty industry and how that gives him a competitive advantage, the opportunities for business, film and technology in Atlanta as well as why security and Wordfence is such a critical part of his business.
This week, we're at WordCamp Europe in Berlin & there is a lot of news to cover. We talk about a WordPress VIP outage, WordPress version 5.2.2, vulns in two Facebook WordPress plugins, a Google Chrome Suspicious Site Reporter & a Chrome extension hijacking search results. We talk about Troy Hunt's Have I Been Pwned project as he preps its sale, a Firefox 0Day and 2 more American municipalities affected by malware amongst other stories.
Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this powerful form builder. James & Mark talk about revenue models that work, how to find new opportunities, experimentation with new products & learning from your customers. They also discuss how to choose your next project when you have too many ideas, & new businesses WP Ninjas are exploring in eCommerce.
This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port attack.
At WordCamp OC, Nathan Ingram participated in a business track discussion about failure, something with which most entrepreneurs are familiar. In this interview, both Mark & Nathan talk about being an entrepreneur and how "the best lessons in life are learned from failure." Nathan recently lost 50 pounds in 2 months. He talks about the micro-habits that he leveraged to make big successful changes. The interview has a number of lessons for optimizing business processes & finding better balance in life.
In episode 19 we talk to Brad Haas about recently patched service vulnerabilities that impacted four popular hosting companies. We also talk about a new login security plugin for WordPress that we've launched. In the news we cover a wave of SIM swapping attacks hitting cryptocurrency users, NGINX vulnerabilities and recent data breaches affecting the personal information of millions of people.
At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to an agency as well as trust & interdependence in remote work. Verious is always striving to learn new things to optimize performance and improve workflow.
Mikey Veenstra joins us to talk about 3 WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress sites. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, 0day Windows exploits released by a disgruntled security researcher, 2 large scale data leaks affecting millions and revisit the Baltimore ransomware incident.
If you've ever attended a WordCamp or a WordPress meetup, that community experience was based on the guidance & support from WordCamp Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps & over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers organizing events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups & WordCamps, challenges facing the growing community & getting involved.
In this week's news we have a lot to cover. We talk about an intrusion at StackOverflow, a proposal to modify the WordPress plugin guidelines, how Chinese hackers are getting better at stealing US cyber secrets, ethical issues of firms promising ransomware solutions that only include paying the ransomware, a breach on the Joomla extension directory server, Google's aggregation of your purchase receipts and suspension of Android support for Huawei amongst many other stories.
Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of WordPress.org. Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had the pleasure of talking with Andy at WordCamp Orange County. He's a fascinating person and I really think you'll enjoy our conversation.
This week we cover the WhatsApp zero-day vulnerability that allegedly was used to infect phones with malware. We announce a new Wordfence update, making an updated two-factor authentication feature available to all Wordfence users. We cover a story about SIM hijacking and discuss why we need to move away from SMS authentication. We also cover an ongoing supply-chain attack affecting thousands of sites, three antivirus companies that have been compromised, a malvertiser indictment, and other stories.
Dave Ryan is an Interdisciplinary WordPress Developer at Bluehost, where he focuses on helping build WordPress and supporting the WordPress community. He is an organizer for Phoenix area WordPress meetups and WordCamp Phoenix. He also speaks at numerous WordCamps around the country.
In the past Dave has worked for large publishers and universities and scaling high-traffic WordPress sites by blending his skills in information design, journalism and web development.
Welcome to the 10th episode of Think Like a Hacker. We're doing things differently this week, separating news & our interview into 2 episodes. Today we cover the news & we will share our interview later this week.
We discuss new cryptographic protection against supply chain attacks in WordPress 5.2. We talk about Israel's missile attack against Hamas hackers, a data breach affecting 80M households, the Gutenberg accessibility audit, a "do not track" bill, a hacker selling Windows 0-Days & other stories.
We cover quite a few stories: 2 plugins with vulnerabilities, WordPress 5.2 & a now-defunct dark web marketplace. We follow up on Google's Sensorvault, Richard Stallman's comments on Facebook & JetBlue's use of facial recognition. We look at GoDaddy's removal of 15k spam subdomains, a Docker breach & Slack's upcoming IPO.
Listen to a great conversation with Jon Brown, CEO of 9seeds, a digital agency in Idyllwild, CA. Jon & I talk about running an agency, remote work, being a digital nomad & WordPress.
We look at Troy Hunt's pen testing of the TicTocTrack watch, changes coming in the AMP project & implications of the UK's new porn age restriction law. We review a story about "SeaTurtle" espionage campaign. We look at why the Nigerian prince scam is still netting over $700k / year, and how the City of Chicago lost over $1 million in a phishing scam.
I also speak with Chris & Katie Bayer, the owners of Black Mountain Coffee Roasting. If you love coffee and WordPress you're going to love this interview.
This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google's Sensorvault and how it's being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a new AirBnB scam. I also talked to Tyler Lau at WordCamp Phoenix last month, and we share that interview with you today. Tyler is the Social Community Manager at Sandhills Development.
This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you'll really enjoy.
This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress and the co-founder of agency Mode Effect. Raquel and I chat about her adventures as a mom in tech, Gutenberg, her approach to networking, what it is like being a WordCamp Phoenix organizer and what she is up to for the rest of this year. Enjoy!!
This week we have an update on the Social Warfare plugin vulnerability, how it was more serious than originally thought, and a feud that has broken out between a security researcher and forum moderators. We also have some interesting data on how WordPress will become more secure soon with code signing. And along with several other news items, we have a spectacular interview with Aaron Campbell, the former head of WordPress security. Enjoy!!
This week we have breaking news with a serious vulnerability in the Easy WP SMTP WordPress plugin. We are seeing exploits actively target this vulnerability. We also cover the week's news with Kathy Zant and have a spectacular interview with Cory Miller where he chats about how he started iThemes, why he sold to Liquid Web, some of the challenges of being a founder and what is next for him. Enjoy!!
Welcome to Think Like a Hacker, Episode 2. In this episode Mikey Veenstra, a threat analyst at Wordfence discusses a serious XSS vulnerability in an abandoned cart plugin. We also chat with Adam Warner, a well known figure in the WordPress community. In our interview we chat about Adam's personal WordPress journey, community engagement success and the future of WordPress. And as always we cover the news with Kathy Zant.
Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at https://josepha.blog. In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users' security and more.