Think Like a Hacker Episode 44


Episode 44: Unpacking the WordPress 5.2.3 Security Release

WordPress core version 5.2.3 was released on September 4. This was a security release patching eight key vulnerabilities in WordPress core, most of which were cross site scripting vulnerabilities. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey’s Twitter account, and the lessons for all of us in using our cellphones and mobile devices for securing our online accounts.

Think Like a Hacker Episode 43


Episode 43: Wordfence Research on Malvertising Campaign Makes the News

This week, we chat about the plan for WordPress 5.3 and some of the new features we will see added to WordPress in November, including many improvements to the editor. We will also see a switch from robots.txt files to meta tags for better control over search engine indexing. We also cover the latest developments with our threat intelligence team’s research into an ongoing malvertising campaign targeting WordPress plugin vulnerabilities. This story received quite a bit of news coverage, and that coverage caused closed-source content management platform Wix to Tweet a cheeky dig at WordPress that fell flat.

Bill Rice on Think Like a Hacker


Episode 42: Building WordPress Websites that Convert with Bill Rice

Bill Rice is the CEO of Kaleidico, a digital agency in Michigan. We chatted at WordCamp Minneapolis about WordPress and the community, and his work creating websites that convert. Bill spoke at WordCamp Minneapolis about trends in WordPress website design that allow businesses to deeply engage with site visitors. Mobile browsing has changed the way users interact with the web on all devices, including desktop. In this episode, Bill tells us how this shift creates new opportunities to design compelling digital experiences.

Think Like a Hacker Episode 41


Episode 41: KidsCamp and the Next Generation of WordPress Users with Sandy Edwards

As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at WordCamp Orlando as well as a homeschooling mom, and she runs a digital agency helping small businesses benefit from data-driven marketing.

Think Like a Hacker Ep 40


Episode 40: WordPress Considers Ditching Signed Core Updates

A recent discussion among WordPress core developers about removing support for code signing in core caught our attention. Code signing support was included with the WordPress 5.2 release. The discussion centers around removing code signing and implementing SSL verification and hashes to verify code integrity. In this week’s episode we chat about the history behind the vulnerability found by Wordfence’s Matt Barry, which is what motivated the addition of code signing to WordPress core. We review several high profile supply chain attacks and discuss how SSL and hashes would not protect against a sophisticated attack on WordPress core servers.

Think Like a Hacker Episode 39


Episode 39: Headless eCommerce, Scaling for eCommerce Growth with Topher DeRosia

Topher DeRosia is the Developer Evangelist for BigCommerce and a frequent WordCamp speaker. He’s worked with WordPress for a long time and is the man behind HeroPress, telling the stories of people whose lives have been transformed by WordPress. HeroPress is now syndicated on, bringing these inspirational stories to an even wider audience. At WordCamp Boston, Topher and Kathy talked about everything WordPress, from security to eCommerce, HeroPress, headless WordPress, headless eCommerce as well as how these new methods of distributing content and commerce will change publishing.

Think Like a Hacker Episode 38


Episode 38: Automattic Buys Tumblr from Verizon

The Wall Street Journal reported on Monday, August 12, 2019 that Verizon is selling social media and blogging platform Tumblr to Automattic for an undisclosed sum, though rumors state that it may be as low as $3 million dollars. After the announcement, Automattic CEO Matt Mullenweg discussed the news on PostStatus, stating that they plan to migrate infrastructure off of Verizon, move Tumblr’s backend to WordPress, and support the same APIs on both and Tumblr. Mullenweg noted on PostStatus that this acquisition is “by far the largest investment or acquisition Automattic has ever made.” In this episode, we discuss the implications for Tumblr, WordPress, and Automattic.

Think Like a Hacker Episode 37


Episode 37: Vito Peleg Talks Breaking the Agency Glass Ceiling and Building a Product with Customers

In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability. He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design.

Think Like a Hacker Episode 36


Episode 36: Proposals to Improve WordPress Include WP Notify and Security Backporting Changes

This week, we talk about our corporate trip to DEF CON, the WordPress security team’s proposal to backport security fixes to fewer releases, a new feature proposal called WP Notify that has a number of very positive implications for WordPress users, Cloudflare’s decision to terminate service for 8Chan, and a European court’s ruling that companies using the Facebook “like” button are liable for data collection.

Think Like a Hacker Episode 35


Episode 35: Security Researcher Jem Turner Talks About Pipdig Scandal

Jem Turner was one of the security researchers that found malicious code in Pipdig’s P3 plugin. Both Jem and Wordfence’s Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features, including a remote “killswitch,” an obfuscated function used to change users’ passwords, and code which generated hourly requests to DDoS a competitor’s site. At WordCamp Europe, Mark sat down with Jem and asked about her process of finding this malicious code and the diligence in her research. Jem also talks about the unexpected reaction from the Pipdig developer and their users, and how the community of bloggers banded together to help each other.

Think Like a Hacker Episode 34


Episode 34: Capital One Data Breach Impacts over 100M Customers and Other News

This week we talk about the Capital One breach affecting over 100 million customers and some important takeaway lessons from that case. We also look at news with the the Equifax settlement, a spearphishing campaign targeting ProtonMail users, the conclusion to Marcus Hutchins’ legal woes, and Facebook’s $5 billion fine and new regulation from the FTC, amongst other stories.

David Jardin


Episode 33: Joomla Security Lead David Jardin Discusses Securing Over 2.5 Million Joomla Sites

David Jardin is the Security Strike Team Lead for Joomla, an open-source content management system powering more than 2.5 million websites. At WordCamp Europe, Mark and David sat down and talked about the workflow for Joomla security reports and why a proper proof of concept makes fixing vulnerabilities easier for security teams. They also discussed the improvements in cryptographic code signing expected in Joomla 4, its next major release.

Think Like a Hacker Episode 32


Episode 32: WordPress Vulnerabilities Targeted, iOS Security Update & the Equifax Settlement

This week, we cover WordPress vulnerabilities targeted by a malvertising campaign and an important iOS security update. We also look at the Equifax $700 million settlement and a recent uptick of new breaches added to Have I Been Pwned. Along with other news and a summary of WordCamp Boston, we talk about the film project we’ve worked on since late last year. Open | The Community Code will premiere November 2019. We talk about how and why we created this film about the open-source WordPress community.


Episode 31: Securing Sensitive Data in the Cloud with Chris Teitzel

At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the world.

Think Like a Hacker Episode 30


Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News

This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google’s decision to remove Chrome’s built-in XSS protection, a researcher’s discovery of vulnerability in Instagram’s 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.

Think Like a Hacker 29: Chris Wiegman


Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools

At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks about why he created Better WP Security, the process of selling the plugin to iThemes and the tools he’s created in his new role at WP Engine. He describes his move from iThemes to WP Engine as “the move I didn’t know I needed to make.”

Episode 28 Zoom Zero-Day


Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News

A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing with the process ID:

$> lsof -i :19421
$> kill -9 $> rm -rf ~/.zoomus
$> touch ~/.zoomus

Wordfence Threat Analyst Mikey Veenstra verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.

We also cover the WP Engine acquisition of Flywheel, cPanel’s new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.

Carrie Wheeler Liquid Web Episode 27


Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success.

Think Like a Hacker Ryan Dewhurst Interview


Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan and Mark talk about these services, how they work, how they’re used and how you can use them to hack your own site to test your own site’s security.


Episode 25: WordCamp EU Wraps Up and WordPress Security News

Our last podcast from WordCamp Europe in Berlin, we talk about our experience attending the largest WordCamp in the world as well as the news. We discuss the 2,600 hacked WordPress sites being used for a free proxy service, the Iranian cyber attacks, the attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon DHS affecting over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group, and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp breach.