Think Like a Hacker Podcast Episode 1: An Interview with Josepha Haden

Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users’ security and more.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

Note that we are in the process of syndicating video and audio versions of this podcast to your favorite player, and we needed to publish our first episode to enable syndication. So check back in a few days and you should find us just about everywhere. Thanks for your patience.

This week in the news we cover:

  • WordPress as of version 5.1 now alerts site owners on the dashboard if they’re using an out of date version of PHP.
  • The 2018 hacked site report from GoDaddy Security/Sucuri indicates increased prevalence of WordPress sites in their site cleaning business. In better news, they’re seeing more WordPress sites updated than in years past, and the WordPress sites are being updated much more frequently than eCommerce platforms.
  • Freemius, a library used by a number of plugins with large installation bases, recently experienced a vulnerability disclosure and a challenging experience with a security researcher. Their blog post is a heartening read about how we all can handle security vulnerability disclosures that serve customers and the community as a whole.
  • The widely used Chrome browser requires an update to patch a very serious vulnerability.
  • WordPress core team is hoping to tighten major release cycles that hopes to streamline development for contributors as well as encourage more site owners to enable autoupdating.
  • A distributed cryptocurrency mining platform called CoinHive is ceasing operations. CoinHive was popular amongst hackers as a new way to mine cryptocurrency on hacked websites, but the crash in cryptocurrency value made it less profitable.

You can find me on Twitter as @mmaunder and Kathy as @kathyzant. Please don’t hesitate to post your feedback in the comments below.

Did you enjoy this post? Share it!


  • Any plans to add the podcast to Apple Podcasts?

    • Yes sir. There's kind of a weird workflow when doing podcast syndication. You need to publish your first episode, then go and set up a variety of channels now that you actually have the episode in a syndicated RSS feed, then publish a few more episodes which allow you to qualify for additional distribution on certain platforms that require a podcast to be around for several months or have X episodes published.

      So we had to get the first episode out, now we're scrambling and I believe the team has already set up Apple/iTunes distribution and they're working on a range of others. Before anyone reading this makes the suggestion: Yes we're using the best syndication service out there. :-) And yes we've automated about as much as we can. But certain aspects of this you just gotta either wait, or do the manual work.

      Thanks for the feedback.


  • Great Podcast! Looking forward to the next.

    • Thanks!

  • Proper first episode! :-)
    I can't seem to find the Feed-URL to add you to my Podcast app. Nor does it show up in my Podcast app when searching for "Wordfence". Am using Pocketcast.

    • Thanks! We needed to get the first episode out before we could set up iTunes, Spotify, Google etc syndication. So you should have that for the next episode. It should be available on all major podcast apps. Honestly, my goal in life right now is to say "Alexa, play Think Like a Hacker podcast" and she'll do it.

  • mmm this is not really a podcast (to me) it is not MP3 audio but video, and I can´t readily download it. Neither is it on, so... maybe later

    • Hi Francisco. There is an audio player in the blog post. We have added an MP3 download link. I've also added a clarifying note explaining that it will take a few days for us to appear on various platforms. Will include soundcloud and many others.

  • Awesome! Thanks for creating this... have shared it with a lot of friends and colleagues.

    • Thanks Lucas!!

  • Hi Mark and Kathy,

    Great first show - thank you!

    The split between pure security-related items and the wider WordPress world, with the interview with Josepha, gave it a nice balance. I particularly liked the way both you and Kathy communicated security issues in a way that a non-infosec person (like me!) could easily understand.

    Josepha has a big job ahead of her - the WP community was badly fractured by Gutenberg and all that surrounded it (I'm talking here more about the user community than the developer community), but I wish her the best of luck.

    Looking forward to the next episode!



    • Thanks Martin!! Glad to have you as a listener.

  • This is great news, folks! I actually came here to see if you had a link to your podcast feed (I already searched in my podcast app for both "WordFence" and your podcast title, but couldn't find it). I was then going to ask/recommend that you do that. Looks like a couple of crazy podcast junkies already beat me to it :-)

    Even if you have a raw RSS feed url available now, you should publish it above, so that folks like me can directly (manually) add the feed to our podcast apps, without having to wait for it to show up in a directory (like iTunes or in the podcast app's own directory) before being able to listen to it.

    Let me know if you need any help with any of this. My team and I can help. This would also be a great topic to create an Alexa Flash Briefing (we can help with that too, without you having to do any additional work, with your existing show).


    - Ravi Jayagopal
    Podcast host,

    • Thanks Ravi. Here's the direct link to the RSS feed on our syndication service:

      • Thanks! You should definitely add the RSS feed link below the video, so that you're not missing out on potential podcast subscribers.


  • Thank you for this podcast.

    Because we are many "not really fluent" in English, if you can add a text of your content, we will be able to
    translate it or to read it at our "speed". Listen English speaking with many accents is always a challenge for me.
    So, if you can write the content, it will be very welcome.

    Thank you


    • Thank you Sylvia. I'll share this with the team and we'll see what we can do. I'll look into transcription services.

  • Awesome first episode.

    • Thanks Simon!

  • This is great news, folks!

  • Many thanks for producing this. Interesting and entertaining. But you didn't address the name of the podcast at all.

    • Hi Nils! We're excited to do so in an upcoming episode. Thanks for watching, and stay tuned!

  • Thanks for all the useful information.
    One point, I can't find the diagnostics page under Tools that Kathy Zant mentioned.

    • Hi Lawrence! On your wp-admin, look for "Tools" under the Wordfence plugin. It shows up on the left sidebar when you're in Wordfence dashboard. Once you're under tools, there are tabs across the top showing the Wordfence tools available to you. The diagnostics tab is the furthest on the right.

  • Enjoyed the first episode. Particularly noticed how you structured the Josepha interview to only include the answers. Nice. So are you sitting in an RV or something?

    • Thanks, Thor! Yes, Mark has an airstream and is fairly mobile. It's always fun to see where Mark is working/podcasting from.

  • For those wanting to add the podcast to the Podcast player manually, this URL for the podcast feed works for me:

  • If you use the app like me, I added the feed

  • Excellent podcast, Mark and Kathy.

    During it, I went out and updated my Wordpress site plugins and sent an email to my website host asking them when they will upgrade to PHP 7.3 (7.2 presently available).

    So, you see, your podcast had an immediate positive effect on me!

  • This is a great podcast that fills a specific niche that isn't covered so well on many others general security podcasts. The content is up-to-date and accurate. The only thing I suggest is to check the audio quality. The audio levels between hosts isn't consistent and there is some background hiss and digital compression artifacts.

    Great show, keep it up!