Think Like a Hacker with Wordfence-logo

Think Like a Hacker with Wordfence

Technology Podcasts >

Mark Maunder co-founded Wordfence in 2011 after his WordPress site was hacked and he learned how hard it was to clean and secure. Today the team has grown to over 35 members world-wide and Wordfence protects over 2 million WordPress sites. Join Mark as he and his colleague Kathy Zant cover interesting topics related to WordPress, security and innovation. Most episodes include interviews with luminaries from the WordPress or security communities.

Mark Maunder co-founded Wordfence in 2011 after his WordPress site was hacked and he learned how hard it was to clean and secure. Today the team has grown to over 35 members world-wide and Wordfence protects over 2 million WordPress sites. Join Mark as he and his colleague Kathy Zant cover interesting topics related to WordPress, security and innovation. Most episodes include interviews with luminaries from the WordPress or security communities.
More Information

Location:

United States

Description:

Mark Maunder co-founded Wordfence in 2011 after his WordPress site was hacked and he learned how hard it was to clean and secure. Today the team has grown to over 35 members world-wide and Wordfence protects over 2 million WordPress sites. Join Mark as he and his colleague Kathy Zant cover interesting topics related to WordPress, security and innovation. Most episodes include interviews with luminaries from the WordPress or security communities.

Language:

English


Episodes

Episode 45: Securing and Scaling eCommerce with Zach Stepek

9/20/2019
More
This week, our lead customer service engineer Tim Cantrell interviews Zach Stepek, CEO of MindSize, a digital agency focused on helping customers scale and succeed with eCommerce. Zach talks about how he got started with WordPress and WooCommerce, new features in JetPack that add functionality to WooCommerce, and how critical security is to site owners no matter what platform they use to sell goods and services online.

Duration:00:22:48

Episode 44: Unpacking the WordPress 5.2.3 Security Release

9/10/2019
More
WordPress core version 5.2.3 was released on September 4. This was a security release patching eight key vulnerabilities in WordPress core, most of which were cross site scripting vulnerabilities. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey's Twitter account, and the lessons for all of us in using our cellphones and mobile...

Duration:00:41:50

Episode 43: Wordfence Research on Malvertising Campaign Makes the News

9/5/2019
More
This week, we chat about the plan for WordPress 5.3 and some of the new features we will see added to WordPress in November, including many improvements to the editor. We will also see a switch from robots.txt files to meta tags for better control over search engine indexing. We also cover the latest developments with our threat intelligence team's research into an ongoing malvertising campaign targeting WordPress plugin vulnerabilities. This story received quite a bit of news coverage, and...

Duration:00:30:49

Episode 42: Building WordPress Websites that Convert with Bill Rice

8/29/2019
More
Bill Rice is the CEO of Kaleidico, a digital agency in Michigan. We chatted at WordCamp Minneapolis about WordPress and the community, and his work creating websites that convert. Bill spoke at WordCamp Minneapolis about trends in WordPress website design that allow businesses to deeply engage with site visitors. Mobile browsing has changed the way users interact with the web on all devices, including desktop. In this episode, Bill tells us how this shift creates new opportunities to design...

Duration:00:18:10

Episode 41: KidsCamp and the Next Generation of WordPress Users with Sandy Edwards

8/22/2019
More
As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at WordCamp Orlando as well as a homeschooling mom, and runs a digital agency helping small businesses benefit from data-driven marketing.

Duration:00:22:54

Episode 40: WordPress Considers Ditching Signed Core Updates

8/20/2019
More
A recent discussion among WordPress core developers about removing support for code signing in core caught our attention. Code signing support was included with the WordPress 5.2 release. The discussion centers around removing code signing and implementing SSL verification and hashes to verify code integrity. In this week's episode we chat about the history behind the vulnerability found by Wordfence's Matt Barry, which is what motivated the addition of code signing to WordPress core. We...

Duration:00:24:04

Episode 39: Headless eCommerce, Scaling for eCommerce Growth with Topher DeRosia

8/15/2019
More
Topher DeRosia is the developer evangelist for BigCommerce and a frequent WordCamp speaker. He's worked with WordPress for a long time and is the man behind HeroPress, telling the stories of people whose lives have been transformed by WordPress. HeroPress is now syndicated on WordPress.org/news, bringing these inspirational stories to an even wider audience. At WordCamp Boston, Topher and Kathy talked about everything WordPress, from security to eCommerce, HeroPress, headless WordPress,...

Duration:00:32:54

Episode 38: Automattic Buys Tumblr from Verizon

8/13/2019
More
The Wall Street Journal reported on Monday, August 12, 2019 that Verizon is selling social media and blogging platform Tumblr to Automattic for an undisclosed sum, though rumors state that it may be as low as $3 million dollars. After the announcement, Automattic CEO Matt Mullenweg discussed the news on PostStatus, stating that they plan to migrate infrastructure off of Verizon, move Tumblr's backend to WordPress, and support the same APIs on both WP.com and Tumblr. Mullenweg noted on...

Duration:00:30:52

Episode 37: Vito Peleg Talks Breaking the Agency Glass Ceiling and Building a Product with Your Customers

8/8/2019
More
In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability.He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design.

Duration:00:34:02

Episode 36: Proposals to Improve WordPress Include WP Notify and Security Backporting Changes

8/6/2019
More
This week, we talk about our corporate trip to DEF CON, the WordPress security team's proposal to backport security fixes to fewer releases, a new feature proposal called WP Notify that has a number of very positive implications for WordPress users, Cloudflare's decision to terminate service for 8Chan, and a European court's ruling that companies using the Facebook "like" button are liable for data collection. Here are timestamps in case you would like to jump around: 1:18 The Defiant...

Duration:00:23:44

Episode 35: Security Researcher Jem Turner Talks About Pipdig Scandal

8/1/2019
More
Jem Turner was one of the security researchers that found malicious code in Pipdig's P3 plugin. Both Jem and Wordfence's Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features, including a remote "killswitch," an obfuscated function used to change users' passwords, and code which generated hourly requests to DDoS a competitor's site. At WordCamp Europe, Mark sat down with Jem and asked about her process of finding this malicious code and the diligence in...

Duration:00:20:09

Episode 34: Capital One Data Breach Impacts over 100M Customers and Other News

7/31/2019
More
This week we talk about the Capital One breach affecting over 100 million customers and some important takeaway lessons from that case. We also look at news with the the Equifax settlement, a spearphishing campaign targeting ProtonMail users, the conclusion to Marcus Hutchins' legal woes, and Facebook's $5 billion fine and new regulation from the FTC, amongst other stories. Here are timestamps in case you would like to jump around: 1:20 WordCamp Asia & WordCamp US 3:36 Capital One...

Duration:00:47:28

Episode 33: Joomla Security Lead David Jardin Discusses Securing Over 2.5 Million Joomla Sites

7/25/2019
More
David Jardin is the Security Strike Team Lead for Joomla, an open-source content management system powering more than 2.5 million websites. At WordCamp Europe, Mark and David sat down and talked about the workflow for Joomla security reports and why a proper proof of concept makes fixing vulnerabilities easier for security teams. They also discussed the improvements in cryptographic code signing expected in Joomla 4, its next major release.

Duration:00:18:49

Episode 32: WordPress Vulnerabilities Targeted, iOS Security Update & the Equifax Settlement

7/23/2019
More
This week, we cover WordPress vulnerabilities targeted by a malvertising campaign and an important iOS security update. We also look at Equifax's $700 million settlement and a recent uptick of new breaches added to Have I Been Pwned. Along with other news and a summary of WordCamp Boston, we talk about the film project we've worked on since late last year. Open | The Community Code will premiere November 2019. We talk about how and why we created this film about the open-source WordPress...

Duration:00:45:15

Episode 31: Securing Sensitive Data in the Cloud with Chris Teitzel

7/19/2019
More
At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the world. You can find Chris on Twitter @technerdteitzel and learn more about his company at www.lockr.io.

Duration:00:29:16

Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News

7/17/2019
More
This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google's decision to remove Chrome's built-in XSS protection, a researcher's discovery of vulnerability in Instagram's 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst...

Duration:00:28:56

Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools

7/12/2019
More
At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks about why he created Better WP Security, the process of selling the plugin to iThemes and the tools he's created in his new role at WP Engine. He describes...

Duration:00:24:19

Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News

7/9/2019
More
A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid] with the process ID: $> lsof -i :19421 $> kill -9 [pid] $> rm -rf ~/.zoomus $> touch ~/.zoomus Wordfence Threat Analyst Mikey Veenstra also verified that the Linux client for Zoom also will turn video on automatically,...

Duration:00:50:22

Episode 27: Liquid Web COO Carrie Wheeler talks Leadership & Transitioning from Tech

7/5/2019
More
Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization's mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success. You can connect with Carrie on LinkedIn or at liquidweb.com.

Duration:00:34:50

Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst

6/27/2019
More
Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert...

Duration:00:27:40