Find the Think Like a Hacker podcast on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast. Subscribe to our RSS feed.

2019.07.19

Episode 31: Securing Sensitive Data in the Cloud with Chris Teitzel

At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the world.

Think Like a Hacker Episode 30

2019.07.17

Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News

This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google’s decision to remove Chrome’s built-in XSS protection, a researcher’s discovery of vulnerability in Instagram’s 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.

Think Like a Hacker 29: Chris Wiegman

2019.07.12

Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools

At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks about why he created Better WP Security, the process of selling the plugin to iThemes and the tools he’s created in his new role at WP Engine. He describes his move from iThemes to WP Engine as “the move I didn’t know I needed to make.”

Episode 28 Zoom Zero-Day

2019.07.09

Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News

A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing with the process ID:

$> lsof -i :19421
$> kill -9 $> rm -rf ~/.zoomus
$> touch ~/.zoomus

Wordfence Threat Analyst Mikey Veenstra verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.

We also cover the WP Engine acquisition of Flywheel, cPanel’s new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.

Carrie Wheeler Liquid Web Episode 27

2019.07.05

Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success.

Think Like a Hacker Ryan Dewhurst Interview

2019.06.27

Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan and Mark talk about these services, how they work, how they’re used and how you can use them to hack your own site to test your own site’s security.

2019.06.24

Episode 25: WordCamp EU Wraps Up and WordPress Security News

Our last podcast from WordCamp Europe in Berlin, we talk about our experience attending the largest WordCamp in the world as well as the news. We discuss the 2,600 hacked WordPress sites being used for a free proxy service, the Iranian cyber attacks, the attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon DHS affecting over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group, and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp breach.

Think Like a Hacker Episode 24

2019.06.21

Episode 24: How Focusing on a Single Vertical Helps an Agency Succeed with Frank Robinson

Mark sat down with Frank Robinson at WordCamp Atlanta a few weeks ago. Frank started Salon Media 22 in 2008, an agency focused on building sites and digital media in the beauty industry. Frank is a software designer and entrepreneur growing his business. We talk about why he focused on the beauty industry and how that gives him a competitive advantage, the opportunities for business, film and technology in Atlanta as well as why security and Wordfence is such a critical part of his business.

Think Like a Hacker Episode 23

2019.06.20

Episode 23: Security News from WCEU in Berlin

This week, we’re at WordCamp Europe in Berlin, Germany and there is a lot of WordPress and security news to cover. We talk about the recent outage with WordPress VIP Go, what’s new in WordPress version 5.2.2, vulnerabilities in two of Facebook’s WordPress plugins, a Google Chrome extension for reporting bad URLs and a Chrome extension found to hijack search results. We talk about the importance and future of Troy Hunt’s “Have I Been Pwned” project as he preps it for sale, a Firefox 0Day exploited in the wild, and two more American municipalities affected by malware. Evite disclosed a recent breach, Telegram gets DDoSed, a vulnerability found in Evernote’s Web Clipper and Netflix’s discovery of multiple Linux and FreeBSD vulnerabilities.

James Laws

2019.06.13

Episode 22: Ninja Forms Developer James Laws on Building & Expanding a WordPress Business

Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this robust and powerful form builder. James and Mark talk about revenue models that work, how to find new opportunities through market research, experimentation with new products and services as well as learning from your customers. They also discuss how to choose your next project when you have too many ideas, and the new businesses James and WP Ninjas are exploring in eCommerce. It’s a fascinating discussion that will help you think about your own businesses and career in new ways. Enjoy!

Episode 21 Think Like a Hacker

2019.06.11

Episode 21: New Plugin Vulns Exploited in the Wild, an Extortion Scam and the CBP Data Breach

This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port attack.

Think Like a Hacker Episode 20: Nathan Ingram

2019.06.07

Episode 20: Making Big Changes by Adopting Micro-Habits with Nathan Ingram

At WordCamp Orange County, Nathan Ingram participated in a unique business track discussion about failure, something with which most entrepreneurs are intimately familiar. Immediately after his talk, Nathan sat down with Mark for this interview. The conversation goes deep fast, as both Mark and Nathan share their thoughts about being an entrepreneur and how “the best lessons in life are learned from failure.” Nathan recently lost 50 pounds in two months and he talks about the micro-habits that he leveraged to make big successful changes with his health. This unique, honest and heartfelt interview has a number of lessons for those of us looking to optimize our business processes and find better balance in life.

Brad Haas Think Like a Hacker Episode 19

2019.06.06

Episode 19: Service Vulnerabilities in Four Hosting Companies

In episode 19 we talk to Brad Haas about recently patched service vulnerabilities that impacted four popular hosting companies. We also talk about a new login security plugin for WordPress that we’ve launched. In the news we cover a wave of SIM swapping attacks hitting cryptocurrency users, NGINX vulnerabilities and recent data breaches affecting the personal information of millions of people.

Verious Smith Think Like a Hacker

2019.05.31

Episode 18: Scaling a WordPress Agency with Entrepreneur Verious Smith

At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to an agency, and trust and interdependence in remote work. Verious is always striving to learn new things to optimize performance and improve workflow. We hope you enjoy the interview and get as much inspiration from Verious as we did.

Think Like a Hacker Episode 17

2019.05.29

Episode 17: 3 Severe WordPress Plugin Vulnerabilities

Mikey Veenstra joins us to talk about three WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress installations. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks some security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, zero-day Windows exploits released by a disgruntled security researcher, two large scale data leaks affecting millions of people, and revisit the Baltimore ransomware problem and how the NSA’s Eternal Blue tool was used in the attack.

Episode 16 Cami Kaos

2019.05.24

Episode 16: Cami Kaos talks WordCamps, Meetups and Community

If you’ve ever attended a WordCamp or a WordPress meetup in the last 6 years, that community experience was based on the guidance and support from WordCamp Central and Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps and over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers contributing to community events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups and WordCamps, challenges facing the growing community, and how to get involved.

Episode 15: So. Much. News!!

2019.05.21

Episode 15: So. Much. News!!

In this week’s news we have a lot to cover. We talk about an intrusion at StackOverflow, a proposal to modify the WordPress plugin guidelines, how Chinese hackers are getting better at stealing US cyber secrets, ethical issues of firms promising ransomware solutions that only include paying the ransomware, a breach on the Joomla extension directory server, Google’s aggregation of your purchase receipts and suspension of Android support for Huawei amongst many other stories.

Dr. Andy Fragen

2019.05.16

Episode 14: Interview with Trauma Surgeon and Plugin Dev Andy Fragen

Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of WordPress.org. Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had the pleasure of talking with Andy at WordCamp Orange County. He’s a fascinating person and I really think you’ll enjoy our conversation.

Think Like a Hacker Episode 12

2019.05.14

Episode 12: Major WhatsApp Vulnerability and Other News

This week in our news-focused episode we cover the WhatsApp zero-day vulnerability that allegedly was used to infect phones with malware by simply calling a phone with the app. We also announced a new update to the Wordfence plugin, making an updated two-factor authentication feature available to all Wordfence users. We cover a story about SIM hijacking and discuss why we need to move away from SMS 2-factor authentication. We also cover an ongoing supply-chain attack affecting thousands of sites, three antivirus companies that have been compromised, a malvertiser indictment, and other stories.

2019.05.10

Episode 11: The Dave Ryan Interview

Today we’ve published episode 11 of Think Like a Hacker. As we mentioned earlier in the week, we’ve switched to a new format beginning this week, separating the news and our interview into two episodes. In today’s interview-focused episode we talk to Dave Ryan at WordCamp Orange County.

Dave Ryan is an Interdisciplinary WordPress Developer at Bluehost, where he focuses on helping build WordPress and supporting the WordPress community. He is an organizer for Phoenix area WordPress meetups and WordCamp Phoenix. He also speaks at numerous WordCamps around the country.

In the past Dave has worked for large publishers and universities and scaling high-traffic WordPress sites by blending his skills in information design, journalism and web development.

Dave lives in Phoenix, loves a good taco and will like every photo of your dog on Instagram.

Think Like a Hacker Episode 10

2019.05.08

Episode 10: WordPress 5.2 Security Enhancements and Other News

Today we are pleased to bring you the tenth episode of Think Like a Hacker. We’re doing things a little different this week, separating the news and our interview into two episodes. In today’s we cover the news and we will share another compelling interview later in the week.

In the news we discuss new cryptographic protection against supply chain attacks in WordPress 5.2 which was released today. We talk about Israel’s missile attack against Hamas hackers, a data breach affecting 80 million households, the Gutenberg accessibility audit, DuckDuckGo’s “do not track” bill, a hacker selling Windows ZeroDay vulnerabilities and a sophisticated supply chain attack originating in China amongst other stories.

Jon Brown 9seeds

2019.05.01

Episode 9: The Jon Brown Interview and Vulnerabilities, The Dark Web, Scams, Oh My!

We cover quite a few news stories this week, including two plugins requiring immediate updating due to disclosed vulnerabilities, what we can expect from WordPress version 5.2 and a dark web marketplace that appears to have exit scammed users. We follow up on Google Sensorvault, a great interview with Richard Stallman about Facebook and JetBlue’s use of facial recognition technology. We take a look at GoDaddy’s removal of 15,000 spam subdomains, the Docker breach and Slack’s upcoming IPO and their dire warning to investors.

This week, I chat with Jon Brown, CEO of 9seeds, a digital agency. We chatted at Chris and Katie Bayer’s Black Mountain Coffee Roastery in Idyllwild, California. Jon and I talk about running an agency, remote work, being a digital nomad and of course, WordPress. We had a great conversation, and I think you’ll enjoy it.

2019.04.23

Episode 8: We Go Deep on Coffee, Hackable Child Trackers and More

This week we look at Troy Hunt’s pen testing results with the TicTocTrack watch and the privacy issues of tracking our kids. We examine the changes coming in the AMP project as well as implications of the UK’s new porn age restriction law coming into effect in July. We review a story uncovered by Cisco’s Talos security team about a group called SeaTurtle who carried out an espionage campaign via DNS hijacking. We take a new look at why the Nigerian prince scam is still netting over $700,000 per year, and how the City of Chicago lost more than $1 million in a phishing scam. We also take a look at the nascent influencer economy and some of the effects on both service companies and influencers themselves.

For our interview this week, I have something a little different. I was recently in Idyllwild, California for a few days and made friends with an amazing couple who run a coffee roastery and tasting room. Chris and Katie Bayer are the owners of Black Mountain Coffee Roasting. If you love coffee and WordPress you’re going to love this interview. Enjoy!

Think Like a Hacker Tyler Lau Interview

2019.04.17

Episode 7: The Tyler Lau Interview, Assange, Thought Experiments, AirBnB Scams and More

This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google’s Sensorvault and how it’s being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a new AirBnB scam. I also talked to Tyler Lau at WordCamp Phoenix last month, and we share that interview with you today. Tyler is the Social Community Manager at Sandhills Development. Sandhills makes some very popular plugins including Easy Digital Downloads and AffiliateWP. We talked about the WordPress community, WordPress in general and some of the cool things that Sandhills is involved in.

Brandy Lawson

2019.04.10

Episode 6: The Brandy Lawson Interview, The News and Facebook Rants

This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. Brandy is passionate about helping coaches, speakers, and authors who are making an impact on the world. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you’ll really enjoy.

2019.04.02

Episode 5: The Raquel Landefeld Interview & The Pipdig Story

This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress, co-founder of agency Mode Effect and a well known and loved personality in the WordPress community. Raquel and I chat about her adventures as a mom in tech, Gutenberg, her approach to networking, what it is like being a WordCamp Phoenix organizer and what she is up to for the rest of this year. Enjoy!!

2019.03.26

Episode 4: The Aaron Campbell Interview and the Social Warfare Saga

This week we have an update on the Social Warfare plugin vulnerability, how it was more serious than originally thought, and a feud that has broken out between a security researcher and forum moderators. We also have some interesting data on how WordPress will become more secure soon with code signing. And along with several other news items, we have a spectacular interview with Aaron Campbell, the former head of WordPress security. Enjoy!!

2019.03.21

Episode 3: The Cory Miller Interview and Active Exploits Target Easy WP SMTP Plugin

This week we have breaking news with a serious vulnerability in the Easy WP SMTP WordPress plugin. We are seeing exploits actively target this vulnerability. We also cover the week’s news with Kathy Zant and have a spectacular interview with Cory Miller where he chats about how he started iThemes, why he sold to Liquid Web, some of the challenges of being a founder and what is next for him. Enjoy!!

Adam Warner Think Like a Hacker Podcast

2019.03.12

Episode 2: Mikey Veenstra Talks XSS Vulnerability + The Adam Warner Interview

In this episode Mikey Veenstra, a threat analyst at Wordfence discusses a serious XSS vulnerability in an abandoned cart plugin. We also chat with Adam Warner, a well known figure in the WordPress community. In our interview we chat about Adam’s personal WordPress journey, community engagement success and the future of WordPress. And as always we cover the news with Kathy Zant.

2019.03.07

Episode 1: An Interview with Josepha Haden

Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at https://josepha.blog. In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users’ security and more