Episode 71: Hackers Targeting COVID-19 Fears

2020.03.25

Episode 71: Hackers Targeting COVID-19 Fears

With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin vulnerabilities affecting tens of thousands of sites as well as a new product from Wordfence, Fast or Slow, a global website speed profiler.

Episode 70: Customer Education and Agency Resiliency with Jon Bius

2020.03.14

Episode 70: Customer Education and Agency Resiliency with Jon Bius

We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. Jon has been helping customers build websites for over two decades, and he talks about how WordPress helps him empower his customers.

In the news, we cover two plugins with vulnerabilities, more cancelled WordCamps, some hackers taking advantage of the fear surrounding COVID-19, the rise of remote work, and what’s coming with full screen editing on by default in WordPress 5.4.

Meteoric Growth of Elementor with Kfir Bitton

2020.03.06

Episode 69: The Meteoric Growth of Elementor with Kfir Bitton

On February 26, WordPress page building platform Elementor announced that they had received $15 million in venture funding. After topping 4 million installations of their plugin in January, it appears that Elementor is on a path to do some big things with WordPress. This week, we chat with Elementor CRO Kfir Bitton from his office in Tel Aviv, Israel about how Elementor grew so quickly, what’s next for this plugin-turned-platform, and how Elementor strives to give back to the WordPress community.

Of course, we also have a few news stories including how COVID-19 is affecting WordCamps, the Let’s Encrypt domain control validation bug, and the coupon creation vulnerability in WooCommerce Smart Coupons.

Get notified by email when there is a new episode of Think Like a Hacker.

Episode 68: More Plugin Vulnerabilities and Active Attack Campaigns

2020.02.29

Episode 68: More Plugin Vulnerabilities and Active Attack Campaigns

This week, we review numerous plugin vulnerabilities in popular WordPress plugins and the attacks that are targeting them. We also review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland’s discovery of multiple vulnerabilities in the Pricing Table by Supsystic plugin. Some WordPress-focused companies, Elementor and Strattic, receive venture funding.

We also ask lead customer support engineer Tim Cantrell about the different ways to use Wordfence settings for brute force protection, blocking IP addresses, and how to prevent alert fatigue.

Ram Gall speaking at WordCamp Phoenix 2020

2020.02.28

Episode 67: Avoiding Common Vulnerabilities When Developing WordPress Plugins

Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Surprisingly, almost all critical vulnerabilities boil down to a few common mistakes. In this talk from WordCamp Phoenix, Ramuel Gall reviews these common errors and provides advice on creating secure plugins.

Chloe Chamberland Remote Work WordCamp Phoenix

2020.02.21

Episode 66: New Plugin Vulnerabilities & Succeeding as a Digital Nomad with Chloe at WCPHX

It has been a busy week in WordPress security with active attacks on a number of plugins including ThemeRex Addons and Theme Grill Demo Importer plugins. In this week’s Think Like a Hacker, we look at what’s happening, review what a zero-day vulnerability is, and give you some advice on keeping WordPress installations clean and safe.

We also look at a vulnerability uncovered in the wpCentral plugin installed on over 60,000 sites, a WHO phishing attack, and Malwarebytes’ State of Malware report.At WordCamp Phoenix, Wordfence Threat Analyst Chloe Chamberland spoke to a packed room of attendees looking to learn more about how she succeeds working remotely as a digital nomad. Her talk starts at 19:13 if you’d like to skip ahead, though we recommend watching her talk on the YouTube video embedded below to see Chloe’s travel photos and audience interaction.

Think Like a Hacker Ep 65 WC Asia canceled

2020.02.14

Episode 65: WordCamp Asia Cancellation Prompts Community Support

WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that had planned to travel to this inaugural regional WordCamp.

We also cover a number of WordPress plugin vulnerabilities disclosed this week affecting hundreds of thousands of sites, and over 500 malicious Chrome extensions removed from the Chrome Web Store affecting millions of browsers worldwide.

Episode 64

2020.02.08

Podcast Episode 64: Backdoors, Webshells, and the Growing Risks of Leaks & Breaches

We take a look at the annual hacked site report from GoDaddy’s Sucuri Security and the types of malware they found in various CMS and shopping cart applications. Microsoft reports they’re finding 77k webshells daily, and WP Scan’s roundup lists a number of popular plugins and themes with recent vulnerabilities. A report from students at Harvard University exposes the growing risks of online leaks & breaches.

Think Like a Hacker Episode 63

2020.01.31

Episode 63: Succeeding as a Remote Working Nomad with Chloe Chamberland

Chloe Chamberland never wanted to get into security, and yet in the last three years, she has emerged as one of our most effective and prolific threat researchers. Not only does she find vulnerabilities in numerous popular plugins, she also travels the world while doing so. Chloe talked to me from a cabin in a remote area of Alaska, where she saw a moose for the first time. Chloe talks about how she got started in security and gives advice for young people who think they might enjoy security research. She also tells us why she loves speaking at WordCamps, the scariest vulnerability she’s discovered, and how she’s working with more developers to make their code secure.

In the news, I cover some recent WordPress plugin vulnerabilities, why cloud firewalls can be bypassed, and what site owners might need to watch for in Google Chrome’s upcoming SameSite cookie changes.

Think Like a Hacker Episode 61 Dave Ryan

2019.12.18

Episode 61: Improving Website Performance and User Experiences with Dave Ryan

With Google Chrome experimenting with a badge of shame for websites that load slowly in Chrome, there is a new urgency for high performance interfaces for web users. Gatsby, Gridsome and other static site interfaces are hot in the development community right now, especially when talking about headless WordPress.

At WordCamp US, Mark chats with Dave Ryan about these technologies, reminding us that no matter the technology we use to create a website, our decisions during development matter to the end users’ experience.

Think Like a Hacker Episode 60

2019.12.12

Episode 60: Top WordPress Influencer Lists & Chrome Password Security Improvements

A small furor erupted over a top influencers in WordPress list that neglected to show the diverse nature of the WordPress community. We talk about the impossibility of making an accurate list that reflects the true nature of WordPress influence or contribution, and the diversity we saw during our work on Open, our film project about the WordPress community. We also talk about Google plans to give slow websites a new badge of shame in Chrome, password security updates in Chrome 79, and the DHS reconsiders a plan to use facial-recognition technology on all U.S. citizens traveling internationally.

Kim Gjerstad Think Like a Hacker

2019.12.10

Episode 59: Mailpoet’s Kim Gjerstad on Beating Spammers and Improving Net Promoter Scores

Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email abuse, a constant battle that Mailpoet is winning.

They also talk about net promoter scores and what it means for the success of a SaaS business.

Think Like a Hacker Episode 58

2019.12.06

Episode 58: Leadership and the Business of WordPress Plugins: Lessons from the Yoast Black Friday Ad

Yoast, the SEO plugin installed on 9 million WordPress sites, ran a Black Friday sale, experimenting with an ad in the WordPress admin dashboard. The internet furor was dramatic, and Yoast’s CEO Marieke van de Rakt took ownership, showing exceptional leadership. We discuss the ad and the response from both users and competitors and the challenges of running a plugin business under a freemium model. We also cover stories about AVG and Avast browser extensions, the Magento Marketplace hack, the private equity purchase of .org and a data leak affecting 1.2 billion people.

Maddy Osman Think Like a Hacker

2019.11.22

Episode 57: SEO Content Strategy and Lock Picking with Maddy Osman at WordCamp US

Maddy Osman is a SEO content strategist that has worked with a number of familiar brands in both WordPress and SaaS spaces. She spoke at WordCamp US and took some time to chat with us at the Wordfence sponsor booth. Maddy talks about how she got started in SEO content strategy after doing web design and development, and also what the entrepreneurial journey has been like for her.

Maddy also shows off some of her lock picking skills she picked up while hanging out at the Wordfence booth.

Open Movie Premiere in St. Louis

2019.11.20

Episode 56: WordCamp US, WordPress 5.3 and Chrome Blocking Mixed Content

In Episode 56, we review the premiere of Open, The Community Code, a film about the WordPress community that world premiered at Matt Mullenweg’s State of the Word Keynote at WordCamp US. Mark and Kathy talk about what it was like watching friends in the community see the film for the first time.

We also discuss recent updates to WordPress in version 5.3, especially some of the improvements to the new Gutenberg editor, accessibility, and site health. We also review Google Chrome’s plans to warn and block mixed content and how site owners can prepare now for these upcoming changes.

Yoast Think Like a Hacker Episode 55

2019.11.14

Episode 55: Yoast’s Marieke van de Rakt & Michiel Heijmans at WordCamp US

At WordCamp US in Saint Louis, Mark sat down with Yoast CEO Marieke van de Rakt and COO Michiel Heijmans in the Wordfence booth to talk about not only how Yoast began, but also how they’ve grown to over 9 million active installations and the challenges of managing such a large user base. Marieke and Michiel also talk about the big changes coming in 2020 for the Yoast plugin as well as training and educational efforts via Yoast Academy.

Kathy Zant WordCamp US 2019

2019.11.08

Episode 54: The Hacker Mindset at WordCamp US

Kathy Zant gave a presentation about The Hacker Mindset at WordCamp US 2019 in St. Louis. Learning to think like a hacker in the security realm is a big part of keeping your assets safe, and there are additional benefits. Kathy illustrates how the hacker mindset is much more than protecting your site. Thinking like a hacker can also help you break through perceived limitations, overcome obstacles, and capitalize on opportunities to innovate.

WordCamp US 2019 Preview

2019.10.31

Episode 53: WordCamp US 2019 Preview from St. Louis

Mark and Kathy connect in person on Halloween in St. Louis to talk about what’s happening at WordCamp US. We review what’s new at WCUS, some of the more interesting sessions, and all of the fun activities Wordfence is bringing to North America’s largest WordCamp. Kathy and Mark also tear down the 4th wall to talk to award-winning Director Sean Korbitz, the creative force behind OPEN | The Community Code, the movie about the WordPress community that premieres Saturday, November 2.

Andrea Zoellner Think Like a Hacker Episode 52

2019.10.18

Episode 52: Innovating for Customer Success with Andrea Zoellner

Andrea Zoellner has been an active organizer of WordCamp Montreal and is the Chief Content Creator at hosting provider, SiteGround. Andrea focuses on supporting SiteGround customers in the North American and English-speaking market. With a background in journalism, Andrea found WordPress as the easiest way to get online and integrate with different services. She talked with us at WordCamp Sacramento about how she got involved with WordPress and the community and how her position at SiteGround puts her in a unique position to innovate through new tools and services for WordPress customers at SiteGround.

Think Like a Hacker Ep 51

2019.10.16

Episode 51: WeWork’s Financial Woes Spark Meetup RSVP Fees and the WordPress 5.2.4 Security Release

This week, we cover WeWork’s failed IPO and financial woes and how this likely led to Meetup’s introduction of an RSVP fee. We discuss why this decision doesn’t bode well for WeWork’s future. We also look at the WordPress 5.2.4 security release and what fixes are included. We discuss the planned release of PHP 7.4 on November 28 and how WordPress core is preparing for this update. We also get a little excited about our plans for WordCamp US November 1-2 and our party to celebrate the worldwide premiere of the open source film about the WordPress community: Open, The Community Code.