Episode 65: WordCamp Asia Cancellation Prompts Community Support
WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that had planned to travel to this inaugural regional WordCamp.
We also cover a number of WordPress plugin vulnerabilities disclosed this week affecting hundreds of thousands of sites, and over 500 malicious Chrome extensions removed from the Chrome Web Store affecting millions of browsers worldwide.
Here are timestamps and links in case you’d like to jump around:
2:13 Event Manager plugin vulnerability disclosed affecting over 100,000 sites
2:44 GDPR Cookie Consent plugin improper access controls affecting over 700,000 sites
3:44 Profile Builder plugin vulnerability allowed site takeover affecting 65,000 sites
4:49 Google Chrome web store removes 500 malicious extensions affecting millions of browsers.
7:14 Interview with Mark Maunder about WordCamp Asia cancellation, the COVID-19 virus concerns, and the WordCamp Asia Cancellation Fee Assistance Package from Wordfence, GoDaddy, and Yoast.
Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.
Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.
You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.
Have a story you’d like us to cover? Contact us at press AT wordfence [dot] com.
Episode 65 Transcript
Mark:
On the other side, you’ve got public health and it’s global public health. And you sort of put those up against each other, I mean that’s one of the toughest choices I’ve seen for a while.
Kathy:
Hello, my WordPress friends. Welcome to Think Like a Hacker, the podcast about WordPress, security, and innovation. I am your host Kathy Zant, coming to you from Phoenix, Arizona, where we just had WordCamp Phoenix. It was a great time here in the desert. The weather was absolutely perfect. It was a sold out event. We had the event at a new facility, escaping the confines of the Phoenix Convention Center. We had it at a place called Events on Jackson. We scaled back the WordCamp a little bit. My fellow organizers worked very hard over the last few months to bring this event together, and it was a wonderful kickoff for the WordCamp season.
Now the next camp coming up, WordCamp Asia, we just found out that that was canceled. On the evening of February 11, Matt Mullenweg decided to make that very, very difficult call to cancel the event due to the recent Coronavirus, or now called COVID-19 concerns in Asia. I cannot imagine how difficult that call was to make. So many volunteers, organizers, speakers, individuals throughout the WordPress community in Asia had given so much of their time and energy for this inaugural event. And it has to sting for it to be pulled at this date, but I think it was the right decision. Later in the podcast we will talk to Mark Maunder, CEO of Wordfence, who upon learning of this news, decided to help out the community. We’ll talk about how and why he did that.
But first, the news. There are some security patches that have come out for some WordPress plugins. Event Manager, the first notable one, was released about a week ago. Events Manager has an install base of 100,000 WordPress sites. Version 5.9.7.2 contains a fix that fixed a CSV injection vulnerability, which allowed malicious text to be exported to CSV files, and parsed by spreadsheet. So if you are using Events Manager on your site, make sure you update.
Next up, the GDPR Cookie Consent plugin with over 700,000 installations on WordPress sites around the world, found some improper access controls within that plugin. We noticed that this plugin was removed from the WordPress repository, and on further investigation, we found this vulnerability. Details are on the blog. With this, we did push out a firewall rule to protect against any exploitation as we typically do. If you are using Wordfence premium, you have received that rule as of February 10th. If you are using Wordfence free, update your sites, or get Wordfence premium, because you will not receive firewall rules until March 11, so your site is currently vulnerable. Make sure that you are updating.
If you are using the Profile Builder plugin, installed on over 50,000 WordPress sites. There is also a Pro and a Hobbyist version that are affected. We estimate total number of installs affected are 65,000 WordPress sites. This is a very critical vulnerability. We gave it a CVSS score of 10.0, which is critical, basically allowing site takeover. Now this was found by another researcher, the proof-of-concept, which basically shows other security researchers how this can be exploited is being withheld until February 24th, giving users time to update. We do have a firewall rule in place as of February 12th, to protect Wordfence premium users. Wordfence free users will not receive that rule until March 13th, so definitely update if you are using that. These details are all on our blog, so if you want to look deeper at how this vulnerability can be exploited, it is on the blog.
In non-WordPress security news, ZDNet reported this morning, February 13th, that Google has removed over 500 malicious Chrome extensions from the web store. They found that there was a network of malicious Chrome extensions injecting malicious ads in millions of Chrome installations. So let this be a reminder to you that if you are using Chrome, and you have ever installed an extension, or even if you never recall ever having installed an extension on your browser. That you go take a look at the extensions that you may or may not have installed, and make sure that you really need them. If you go into your Chrome Browser, and you type into the location bar, chrome://extensions. It will show you all of the extensions that you have installed, and whether or not they are activated.
Now if you think about how you’re interfacing with your computer these days, it’s almost like our browsers are becoming our operating systems. We are using Google Docs, and other services where we’re actually typing in content or managing our email, even from a browser. Going onto social media from a browser. So if you have a malicious extension, it may be serving you negative ads, malicious ads, or it may be actually checking to see what you’re posting on Facebook, or Instagram, or Twitter, or whatever you’re browsing to and using. So it’s really important to start looking at your browser, no matter which browser you use, as the operating system for how you’re interfacing with the internet. And as such, you have to look at it with sort of discerning eye, and look at the security of that browser. I’m happy to report that my Chrome extensions are all familiar to me, and none of them are malicious.
So let’s get right into the interview with Mark Maunder, CEO of Wordfence. And the reason for the WordCamp Asia Cancellation Fee Assistance Package, and how that all came together just a couple of days ago on February 11th. So without any further ado, this is my interview with Mark Maunder, CEO of Wordfence… and my boss. Enjoy!
Mark, thank you so much for joining me today. You are the one making news this week in WordPress, so I definitely wanted to ask you some questions about what’s going on with WordCamp Asia. You’ve been watching this whole Coronavirus epidemic, I guess I we can call it now-
Mark:
Yeah, yeah.
Kathy:
For a few weeks, haven’t you?
Mark:
Yeah, and it wasn’t my intention to make news, and I guess, maybe it’s best to start by saying that it is really unfortunate that WordCamp Asia was canceled. You and I are both friends with a lot of people in the community, on the U.S. side, and some in Europe, and around the world, really. And I know how excited everyone’s been, and I know how really, really disappointed many, maybe everyone is. Probably everyone.
Kathy:
Yeah.
Mark:
And I also know that some folks are actually in Bangkok right now, anticipating having this conference in a few days, and they were given, they got the notification while already there. And that has got to be heartbreaking, and I also know that it was a really, really hard choice for the organizers. I think perhaps it was most disappointing for the organizers. They put an incredible amount of work into this. I’ve seen people talking about the website, and some of the individual elements that went into this, and that how they took months, many months. And to not see that work come to fruition, has got to be, I know, because I’ve been there. It is incredibly frustrating.
So it’s a really tough choice, and then finally the folks that actually had to make the call, as you mentioned Kathy, I’ve been tracking this thing since it first came out. And the immediate thing I started thinking about is the people that had to make that decision for WordCamp Asia, and how brutally difficult that must have been, because you’ve got tremendous pressure on both sides. On the one side you have all the work the community’s put into it, and the excitement, the logistics, the expense, the time commitment. And on the other side, and you’re going to disrupt all of that if you cancel it. And then on the other side you’ve got public health, and it’s global public health. And you sort of put those up against each other, I mean that’s one of the toughest choices I’ve seen for a while. So I don’t envy the WordCamp Asia organizers for being in that position, but I think they made the right call, and we’ll chat a little bit about why.
But when I first heard about this, when the story first broke, I was in Hawaii, and I had taken the first bit of vacation I have taken for years. And I’d flown my parents from South Africa to Zurich, and then San Francisco, and then Hawaii. And we were traveling, and it was pretty close to the beginning of the travels where the story started emerging, and then around the middle, a piece of data emerged that, and my dad, and I am fortunate to have my dad, who’s still alive. And we’re still speaking to each other, what do you know? And I consider that a success by the way. So, but we got together, and we’re both analytical creatures, and we looked at this new piece of data that emerged, which was the fact that the virus is transmissible before symptoms showing up.
And immediately the arithmetic changes profoundly on this thing, and the strategy for containing it changes profoundly, because no longer can you scan at borders for symptoms the way they did with SARS. Looking for temperatures, or using infrared scanners, infrared cameras, having people walk through them, looking for temperature changes in the body. Now it’s invisible, and it’s crossing borders in an invisible way, which means that the only way to combat this, is through quarantine.
And if you’re going to combat it through quarantine, what that means is global travel restrictions. And if you’re going to do it effectively, it means very strict and disciplined quarantine procedures, including travel restrictions. And so we took a look at this, and we decided to make the call that it wasn’t going to spread fast enough to hamper our travels, and we would be finished with our trip before it had gotten to a stage where global quarantine and global travel restrictions would kick in. And there were no cases in Hawaii that were reported at all, so we weren’t concerned. They were going back to South Africa and we would go via LAX to Denver.
And, but what I did, and you can call me a, I don’t know, conspiracy theorist, or a prepper, or whatever you want. But I’m just looking at this in a rational way, and I care for my family. So I immediately went out and tried to find surgical masks, and already had trouble finding them. And so what I did is I went to Home Depot, and I got N95 masks. And I got 30 of them, two packs of 15. And I traveled with them, and I also got hand sanitizer, and we chatted about procedures to getting on and off aircraft, and sanitizing seats, and that kind of thing. Surfaces not touching one’s face, the usual thing. And we felt that we were in a pretty good place, but from that moment on where it became very real, and where I had taken a good look at the data with someone else who’s very analytical and strategic.
I started tracking the news, and this isn’t my field. I’m a security analyst, I’m a CEO of a cyber security company. I’m not an epidemiologist, but it was also very interesting to me. I’m very interested in global news, and global events. And as someone I respect very much likes to say, “I’m interested in how things came to be the way they are.” And so looking at this, and having that context years from now when one looks back is super helpful. So I’ve been very interested in the news, and my news sources are the Financial Times, which is horribly expensive, unfortunately, the BBC, which is brilliant, and I used to work for them. They’re of quite a good objective view of what’s happening globally, and they’re free. And let’s see, some U.S. sources, I mainly go to Google News and kind of parse the U.S. headlines. But they’re so partisan and agenda driven these days that I find international sources are quite a good distillation of what’s really on the ground. So, Al Jazeera is actually one of my favorites as well.
Kathy:
Yeah.
Mark:
And then obviously New York Times, Washington Post, Wall Street Journal, the NPR, that kind of thing. Anyway, so once the arithmetic became clear, I was really concerned about WordCamp Asia, and this was very early on. This was weeks ago, and I looked at the map, and I realized there was a land border. They don’t, Thailand doesn’t share a land border with China, it’s separated from China by two other countries, and about 150 mile strip of land. What’s interesting is that most of this is going down in sort of, I’d say Central, Southern China., southern-ish China, and so it’s not too far from Thailand. And then you started seeing the news about Hong Kong, and the hospital workers striking, because they weren’t going to quarantine the border, something along those lines. I might be misquoting that story, but it was, Hong Kong sort of lit up.
Kathy:
Sure.
Mark:
And that’s sort of in proximity to mainland China, and you started seeing cases emerging in other countries. There was a case of a super-spreader that was in Europe. There was a case of a conference in Europe that had someone spread the virus. And then there was talk of canceling this telecoms conference more recently, and so with all of this, I really had the organizers in mind. And my heart was just breaking for them, because I knew how tough the call would be. And so what I did, is I went onto Twitter, and I posted data. I didn’t want to express an opinion, and so I posted a data thread of what I was seeing. And I tagged WordCamp Asia, and what I hoped it would do, is it would sort of seed the ground for others to look at the data, and if the organizers decided to make the decision to cancel, it was my hope that the attendees would look at it in a rational way. Because some of them would have seen that data, or at least be able to point to it and say, “That is kind of bad.”
Mark:
And so that’s kind of where I ended up, but Kathy I’ve been talking for a while. So-
Kathy:
Well you’re telling the story pretty clearly, and in a compelling way that you really did see the potential for what this could turn into early on. And you had made some calls to me about, “What does this mean for us? What does it mean for WordCamps around the world, specifically Asia.” And so this-
Mark:
Right.
Kathy:
A place where it’s landed, and you even, you were really data driven with it, and I have utmost respect and all that. Now, when they made the call the other day to cancel WordCamp Asia, you, I mean I woke up to news of what Wordfence is doing to support the organizers, the attendees, the speakers, the volunteers, everybody who’s basically committed to this event. How did that decision come about?
Mark:
The decision to provide a fund, is that what you’re asking?
Kathy:
Yes, yes. To provide the fund to basically-
Mark:
Yeah, yeah.
Kathy:
Offset some of these costs.
Mark:
So if I could back up just smidge, as we were running up to this thing, you saw there was internal communication from me on our internal Slack for Wordfence. And I kept that data driven, and the, I was just sharing much similar data to what I had shared on Twitter. And we had a speaker going, as you know. Stephen-
Kathy:
Right.
Mark:
Was going to attend. And he was going to attend with his family, his wife and his two kids. And they were agonizing over it, and as more and more data emerged, Gen, Stephen’s wife. She was, I think she discussed it on Twitter a little bit, and I could tell that it was top of mind for her. And we had shipped them some masks, including kid’s masks for the family. But I was getting really close to actually making a decision and saying, “I’m…”, I don’t want to use the word ban, but, I wanted to, it was hurting me that they had agonize over this.
Kathy:
Right.
Mark:
And I was considering having a conversation with them, and I had chatted with the family before, but I was considering saying, “Hey guys, would you mind if I make the call to just, you don’t go?” And then when the decision was made on WordCamp Asia, Gen actually, I think Stephen reached out to me and he said, “Gen was going to go ask you to actually just go ahead and make that call, so…”
Kathy:
Really? Wow.
Mark:
So I might be misquoting Stephen, but it was something along those lines. So it emerged that, “Oh, the pressure was there.” You know? And so anyway, to answer your question, so the news came out that they had canceled. And I immediately, I had been feeling the pain of the organizers and the attendees for a long time, for the reasons I’ve explained. It’s just a very, very tough call on both sides. They’re all very excited. You and I have friends in Phoenix, for example, that were like, “Oh, I’m so excited. I’m going Phoenix, and it’s my first time I’m going to Asia. And I’ve gotten a ticket, and it’s non-refundable, and it’s costing me a lot of money, and all this stuff.”
Mark:
And I was just like, “Oh, man.” Of course, then it sinks in, and I start processing, I start doing the math on how much this is going to cost everyone. And I, we are not sponsoring, we were not an Asia sponsor, a WordCamp Asia sponsor. As I said, we just had one speaker going. But I felt like we had to do something. I wasn’t going to sit by and do nothing.
Kathy:
Right.
Mark:
And I knew that we had some resources to help. And so, I was sitting at the dining room table upstairs, Kerry was there as well, my wife, and co-founder. I looked up from my keyboard, and I said to her, “Kerry, I have an idea I want to run by you. I think we should do this.” And Kerry is amazing to collaborate with, because the initial idea was, “I have a pool of money, and I want to help, and here’s some awkward or clumsy ways to do that.” And together we sort of honed it into, she actually went in and read the blog post of WordCamp Asia, because I had sort of read the first half, and then my brain exploded.
Kathy:
Yeah.
Mark:
And she read the whole thing, and she has amazing attention to detail. And she said, “You know, it’s interesting, because in their blog post, they said if you want to recoup your cancellation fees, you can use this letter.” And I think it was 3/4 of the way down, and she said, “Well, why don’t we look at helping with cancellation fees, because that’s very definable, and it’s also achievable for us. It’s not going to be $5,000 per person, or something. Because we only have a pool of $10,000.”
Kathy:
Right.
Mark:
And so she looked up what the average cancellation fee is for traveling, and she found that it was between $75, and $700, or $750, something like that, and the average was $200. And so we agreed that we would cover cancellation fees for up to $200 per person, and that allowed us with $10,000 to serve 50 people. And that felt like a contribution, that’s a decent number. And if we ask the community to only apply if you actually really have a need, and so on then, that makes a dent. At 1,600 attendees, so-
Kathy:
Right.
Mark:
It’s a lot. But it’s something, you know?
Kathy:
Yeah, so another very data-driven decision to support the community in a way that just makes sense.
Mark:
Yeah, yeah. And so we put together the logistics of it, how we’re going to do it. Kerry, again, pointed out that we don’t have to figure everything out. We can just set up an email address where they can email us, and then we will respond with all the information we need. And so Kerry set up that email address because I don’t think I’ve got access to administer our emails anymore, I think Scott was sensible enough to take that away from me. So she’s still got access, and she set up the email, and then she sort of nervously let Scott and Colette, our head of security know that she had added another email. Because we as executives aren’t really allowed to play in that area generally, but it was 11:00 at night or something. And so she set up the email, and I think it was wcasia-assistance@wordfence.com.
Mark:
And I was saying that she pointed out that we didn’t have to figure everything out, we just had to let them know to contact us at that email, and then the next day we could respond with the full procedure, and that allowed us to set this up within less than 60 minutes after the announcement. And so what we did is, we set up the basic procedure that it’s first come, first serve. Total budget’s $10K, maximum of $200 per person. They need to email this address, and we will process them in the order that the initial email was received. And I drafted a tweet, we looked it over, and adjusted it slightly, and then put it out there.
Mark:
And as I said that tweet went out within 60 minutes after the announcement, which I’m quite proud of. And I’m quite, if you don’t mind, I’d like to talk about that for just a moment. I think that’s one of the things that I love about the size of our business, and the fact that it’s founder controlled, and so on, is that it makes us extremely nimble. The two of us are sitting at a table at 11:00 at night, and we’re able to execute on this in minutes. I think, I know that bigger companies who I’ve worked for are much more slower moving, because, and this isn’t an accusation, or an indictment, or anything like that. It’s just a reality. When you have a staff-
Kathy:
Sure.
Mark:
of 4,000 people, you have a lot of, I guess scope for error, and so on. And other issues, and so one has to have more tracking, and audit trails, and processes, and that kind of thing. And you don’t have this tightly, this fast moving, small team that’s highly capable, and communicates very quickly between them, collaborates very quickly, and is able to put the staff together very quickly. And I love that, I love that about Wordfence. I love that about our team. And-
Kathy:
Yes.
Mark:
Our structure, and so on, and I really think, I know, I mean it’s a huge competitive advantage. So I just wanted to mention that. I think it’s really cool.
Kathy:
I think it’s really cool too, because as the person who, well first of all, I’ve been exhausted this week, because of WordCamp Phoenix. But as the person who kind of is supposed to be in charge of marketing, it was my birthday present. This is the easiest job ever, because you just acted with-
Mark:
What, yeah.
Kathy:
Such integrity. I wake up on my birthday to this announcement of what you and Kerry had decided to do. And it’s just like, “Oh, I guess I just sit and watch this. Happy birthday.” So it was-
Mark:
Well, it was funny, because-
Kathy:
It was great.
Mark:
So just to get some context here, you work very hard. I know that for a fact. You had worked through the weekend, that’s pretty common for you. And you and I had chatted, and I think you took PTO on Monday, but it turned into not being PTO, because as usual-
Kathy:
Right.
Mark:
You’re very passionate about what you do. And you were on Slack interacting with people, and getting wrapped into things, and so on. And so I had said to you, “Damn it. Take some PTO.” And it was, what was it? Wednesday? Was it yesterday you were on PTO, or-
Kathy:
Yeah, yeah. Tuesday-
Mark:
Yeah.
Kathy:
Tuesday night we chatted-
Mark:
Tuesday night.
Kathy:
And I was like, “You know what? I think, yeah. That sounds good.” And so-
Mark:
Yeah, yeah.
Kathy:
I took PTO, and it was just, yeah. And it was just dynamically just a huge gift. I didn’t have to worry about anything, you guys-
Mark:
Well-
Kathy:
Were just on it.
Mark:
What happened was, I mean so in the spirit of actually taking PTO, you checked out of Slack, which you never do. It was one of those times when you never actually check out, and you had. And 11:00 at night, if we did this, you would have been all over it. But-
Kathy:
Yeah.
Mark:
You weren’t, because you had done exactly what you were supposed to do. And the next day, this was all unfolding. And I was like, I was just giggling to myself, because I knew when you eventually got online, you’d be like, “What? What just happened?”
Kathy:
Yeah, I mean I checked out of life, basically. I went to sleep at 9:00 on Tuesday night, because I was so tired.
Mark:
That’s awesome.
Kathy:
And I woke up super early and saw it, and it was just, it was a huge gift. And not only, yeah I mean, it’s selfishly my birthday. Yay, gift for me. But it was, what a gift to the community, and the response. I mean, what did you see in terms of the response from the community?
Mark:
Well, I mean that’s pretty well documented on Twitter. It was a very positive response. I think we’ve gotten a lot of support it. I’ve gotten a lot of private messages from people via WordPress Slack that have said, “Hey, that was really classy from someone fairly high up.” And someone-
Kathy:
Yeah.
Mark:
Else saying, “Hey, thanks for the public support for canceling WordCamp Asia from someone extremely high up.” And, yeah. And then a lot of public sort of, “Hey, well done guys.” And so on, so that was really cool. But I just want to move that, let’s talk a little bit less about us, and I want to just chat about Marieke and GoDaddy for a second. They have been amazing. So what I really loved was the next morning at 7:00 a.m., it was just past 7:00 a.m. my time on Mountain time. Adam Warner and Marieke, who is the CEO of Yoast, had both messaged me around the same time and said, “Hey, we want to help, too. How can we do that?” And Marieke was immediately like, “Hey, we’ll kick in $10,000 too, let’s do this.”
Kathy:
Awesome.
Mark:
And Adam was like, “We want to help, too.” And GoDaddy’s a much bigger organization, and so it took us a couple of hours to put it together with GoDaddy. Marieke unfortunately, so I was, my DM’s, my direct messages on my private messages on Twitter had gotten nuked after we announced this, and so I had to stop checking them. I was just like, “Okay, you know what? I’m going to check them later. I have to get through a bunch of stuff.” We had to set up logistics with Hilary and Kerry to process the request, and so on. And so by the time I got back to them, it was about 11:30 a.m., maybe something like that. And I saw the message from Adam, and from Marieke, and I was like, “Oh, man.” And I realized that I had missed her. So, because she’s in the Netherlands, in Holland.
Kathy:
Mm-hmm (affirmative).
Mark:
And so I replied to her, and she actually got back to me much later, and I think it was very late at night for her, and she’s about to go to bed. And she said, “This sounds great, and I’ll get right on it the next morning.” And then Adam, we were able to chat, because he’s I think on West Coast time, or something. I’m not sure where. Oh, I think it might be on East Coast time, actually.
Kathy:
Yeah, he’s in Florida.
Mark:
Just looking at his profile here. Yeah, but we started chatting, and we’ve, GoDaddy had a process, and we couldn’t use that process because it was, we’d have to sort of run stuff by legal and so on. And what was amazing is that one of the exec’s at GoDaddy worked with Adam to just go around the process and say, “No, we’re just going to make this happen.” And they did, and it was great. And for a big, big company, to do that, I know what it’s like.
Mark:
As I said I’ve work for the BBC, I’ve worked for Coca-Cola, I’ve worked for a big Swiss bank in Europe, and so on, and so forth. And they can be very, very slow moving, and it’s impossible to move quickly, and they did. And they committed $10K, and we immediately announced that. And then I had been chatting with, I guess I had been chatting with Marieke, and it was getting late here last night. This has all happened so quickly, the timelines are blurry, but-
Kathy:
Yeah.
Mark:
It was, I actually got up at 4:00 a.m., and Marieke got back to me and said, “It’s a go. 100%.” And I immediately announced it at about 4:00 a.m., or 5:00 a.m. Mountain time. And so that’s when you saw that announcement, but they both stepped up immediately. There was no one following the other or anything, which is really, really cool. And I got to tell you, I have, I just have so much love for Adam, you know?
Kathy:
Yeah.
Mark:
And everything that he does in the community. And by the way, it was GoDaddy Pro specifically that sponsored it. And that’s Adam’s division within GoDaddy, or who he works for.
Kathy:
Mm-hmm (affirmative).
Mark:
And then Marieke, and Joost, and Michiel, their exec team, we’ve hung out with them at U.S., and they’re just wonderful people. I haven’t seen Joost for quite a while, but I hung out with Marieke and Michiel, who kind of, I think they sort of co-run the company at this point.
Kathy:
Yeah.
Mark:
And she’s CEO, and I forget what his title is.
Kathy:
He’s COO.
Mark:
But, okay. Yeah, yeah. And they are just such, such great people. And Marieke, if you’re listening to this, know that I say good things about you behind your back all the time because, and you too, Adam. I just have so much love for these folks.
Kathy:
Yeah.
Mark:
And yeah, so Kathy, I’m sorry I’m just rambling here. But I actually want to just chat about something else real quick. We’ve had offers of about, from smaller organizations that are offering around $2,500. That seems to be, I don’t know why the number keeps coming up. But I’ve had I think, two or three offers now. So right now the fund is at $30,000, as of recording this, which is at around 1:00 p.m. Mountain time on a Thursday. We’ve had, I think we’re up, we’ve probably allocated about $20,000 to $25,000 of it. Based on the number of requests, and I’m assuming that the average ask is going to be a little bit below $200 on average. Because people are being really good about not saying, “I want my $200.” You know?
Mark:
It’s, “This is what happened, these are my fees. And here’s, it’s $150, or $170, something like that.” And so they’ve been really great about that. So the fund is $30K, we’ve had offers from about two or three other organizations to add another $2,500 each. I am not sure we’re going to use up the whole $30K, the applications have slowed down. We might. I tweeted about this, I think yesterday or this morning, maybe it was early this morning. That I wanted to just address the question, and no one’s asked me this, but I think people might be wondering, “Well, hey, why don’t you take as much money as you can get and give as much of that as you can back to the community?”
When we created the fund, we established it at $200 per person, and it was specifically for cancellation fees. It would create a little bit of disruption, and a logistical challenge, and a communication challenge, and so on, to change the spirit of the fund. So I want to stick to our original mission, which is the cancellation fees, a cap of $200, and we’ll process as many applications as we get. Obviously anyone else out there is welcome to do something similar. You can certainly reach out on Twitter, and see if you can round up some contributors and create a fund with its own mission. I don’t want to change this fund’s mission at this point.
There’s another thing, and this isn’t a huge deal, but Kerry and Hilary are handling this. Hilary’s our Office Manager, and she is absolutely slammed with processing these requests. She’s going to have to go through about 150, I think. And it’s hand communicating with each person-
Kathy:
Right.
Mark:
And getting the documents from them, and so on. Kerry is in a coordinating role, but she’s also very hands-on, and is very busy around this. And I don’t want to volunteer them indefinitely.
Kathy:
Sure.
Mark:
I think there needs to be a finite sort of timeline, and a way to establish that is to finite fund. It’s $30K, and we’ll leave it there. And it also seems like that’s a good, that’s kind of a sweet spot, because applications are slowing down. I think this has gotten, the message has gotten out. And if you haven’t applied by now, it’s likely that you’re probably not going to apply. And so that feels like a good place to be, I think. And so, I just wanted to address that question of, “Well why don’t you just go out and get even more money? And…” Because there’s other stuff behind this.
Mark:
There’s also, WordCamp Asia organizers are helping us with this. They are validating the requests that we’re getting, and I’m not going to go into that for security reasons, but there’s a process there. And Naoko, and I apologize if I’m mispronouncing your name, and one or two other folks from the team over there are working with us on this, and I don’t want to use their time indefinitely. I’ve given them an estimate of how much effort it’ll take on their part, and also a time frame, and we have a process in place which helps them define how much work it’s going to be for them. And so, that’s kind of why I’m putting a cap on it, and saying, “Let’s probably stop at $30K.” And I am-
Kathy:
Yeah.
Mark:
Yeah, and if we just, if there’s some other opportunity that comes up, we can start something else. So, yeah.
Kathy:
Yeah, it’s good to have that scope limit. I mean, everybody who’s volunteered, and okay. So WordCamp Asia, their very first year, this happens. They are all volunteers. I don’t know of their experience organizing other WordCamps. Maybe city-wide or other region-wide, but they’ve been slammed enough. It’s been an inaugural camp, and that’s a lot of work. And so to put any additional stress on volunteers who have already been stressed enough, it’s good to find that scope and keep it there. I agree.
Mark:
Yeah. Yeah, for sure. And I did butcher Naoko’s name. It’s Naoko Takano, and I apologize Naoko. I’m an idiot. Anyway, what else do you want to chat about?
Kathy:
I, well I could chat about lots of different things, but I definitely wanted to talk about this. It’s, I just love the gesture to the community. I mean, it’s interesting, because charity can be marketing. But charity can also really come from the heart, and I know where you and Kerry are coming from with this. And that it really is coming from the heart that, I mean Wordfence is taking quite a leadership in terms of securing WordPress, and is a very well known name. And for you guys to use the gifts that you have, and the reach that you have in order to really take care of people who are using WordPress is so commendable. And so I’m glad you were able to talk with me today bout this.
Mark:
Yeah, I know. For sure. It’s really, I think a lot of kudos needs to go to the community. I think to a certain extent, we stand upon the shoulders of giants. And some of the ways that we do is, we go to WordCamps ourselves every year. We sponsor, but we’re standing on the shoulders of the volunteers that run those WordCamps.
Kathy:
Yes.
Mark:
And they make it happen, and I know, and you know, because you’re one of the volunteers, how much energy that takes, and how much passion, and how time consuming it is. And I think that the give that comes from the volunteers is far greater in my humble opinion, than the give from the sponsors. Because with a sponsor like us, there’s a clear return on investment.
Kathy:
Sure.
Mark:
Our target market lives at WordCamps, so we go there with the intent of showing our brand to everyone else. The volunteers, what’s their ROI? It’s really love of the community, I mean it’s pretty much that simple. And again, attending WordCamp Phoenix over the weekend, and chatting with the volunteers there, it’s just, that just comes home to me once again-
Kathy:
Yeah.
Mark:
You know?
Kathy:
Hey, we should make a movie about that.
Mark:
I think we did.
Kathy:
We did, we did. It’s-
Mark:
I think we did.
Kathy:
It’s a pretty incredible community, and if you haven’t seen it yet, open.film, 13 minutes of your time that will really touch your heart. Got to mention that, got to plug-
Mark:
Yeah.
Kathy:
Plug the film, forever.
Mark:
Yeah, no. And Open is, yeah so as Kathy said, you can find it at open.film. And that was a love letter from us to the volunteers behind WordPress and WordCamp, specifically.
Kathy:
Yes.
Mark:
And I, the film is actually open source, so you can go to open.film and download the assets, and play with it, and remix it, and so on. And yeah, and I think it gives you a, it doesn’t give you the whole picture, but I don’t think any film or documentary can give you the whole picture of a thing. It really gives you the spirit of the thing. Of the love, and the work that goes into WordCamps and why they do it, specifically.
Kathy:
Yeah, and the love letters from us just keep coming. Thank you for… Is there anything I didn’t ask you about that you want to talk about?
Mark:
Yeah, I think that’s about it. Like I said, I think we’re approaching probably $30K. If you were going to travel to WordCamp Asia, and you have cancellation fees, visit our blog wordfence.com/blog. And I think it’ll be sort of at the top, or top-ish of the blog, where there’s instructions on what we need from you to get you up to $200 back for your cancellation fees, to cover your cancellation fees. And it’s really a case of just emailing us, and we’ll kind of walk you through a process, and it’s pretty simple. And I think that’s about it, Kathy. Thank you so much for chatting with me today.
Kathy:
Yeah, thank you for coming on and chatting with me. I’ve missed you, so thank you so much.
Mark:
I know, likewise. This was fun, thank you. All right.
Kathy:
This was a lot of fun, thank you so much. We’ll talk to you to soon.
Kathy:
I hope you enjoyed that interview with Mark Maunder, CEO of Wordfence. If you’d like to follow him on Twitter you can find him @mmaunder. He has a fairly active presence on Twitter, and has some interesting thoughts about a lot of things. I will also link that thread that he had on Twitter a few days ago. Basically just outlining the stats as they existed about the Coronavirus, and what it means to, basically global health. I think it’s interesting, and I think it’s important that we all kind of look at what’s happening with the Coronavirus from a data driven perspective, and not a fear driven perspective. Even though the media probably wants us to think otherwise.
Kathy:
Thanks again for listening, if you have comments, I would love to hear from you. You can follow me on Twitter, @kathyzant. Or you can just write me, kathy@wordfence.com. I’d love to hear from you. If you’re listening on Apple Podcasts, please leave a review. Leave a rating, just let us know how we’re doing. And also, please do keep in touch. Let me know what types of stories you’d like to hear. We’re trying to stay very focused on WordPress, and security, and innovation, and the stories that are going to make your life easier working in WordPress. I hope to see you guys at WordCamp Miami, coming up in a couple of weeks, and I will see you on the internet until then. Thanks for listening.
Comments