Think Like a Hacker with Wordfence

WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that had planned to travel to this inaugural regional WordCamp. We also cover a number of WordPress plugin vulnerabilities disclosed this week and over 500 malicious Chrome extensions affecting millions of browsers worldwide.

We take a look at the annual hacked site report from GoDaddy's Sucuri Security and the types of malware they found in various CMS and shopping cart applications. Microsoft reports they're finding 77k web shells daily, and WP Scan's roundup lists a number of popular plugins and themes with recent vulnerabilities. A report from students at Harvard University exposes the growing risks of online leaks & breaches.

Chloe Chamberland never wanted to get into security, yet in the last three years, she has emerged as one of our most prolific threat researchers. Not only does she find vulnerabilities in numerous popular plugins, she also travels the world while doing so. Chloe talked to me from a cabin in a remote area of Alaska, where she saw a moose for the first time. Chloe talks about how she got started in security & gives advice for young people who want to get into security.

Welcome to 2020! We're making some changes to Think Like a Hacker and wanted to let you know. We're moving to an audio-only version of the podcast, publishing twice per month. We also wanted to let you know about 3 major vulnerabilities in WordPress plugins potentially affecting over 400,000 WordPress installations. Details are on the Wordfence blog as well. 

We've had quite a year with Think Like a Hacker, the podcast about WordPress, security & innovation. For our end of year episode, we take a look back at a few of our favorite interviews & news stories. We review conversations with Josepha Haden, Brandy Lawson, Jennifer Bourn, Matt Cromwell, and we look back at the Pipdig story. Thank you to everyone who chatted with us over the first year, and thank you to our audience for listening. Happy holidays to everyone celebrating, and we'll see you in 2020.

With Google Chrome experimenting with a badge of shame for websites that load slowly, there is a new urgency for high performance interfaces for web users. Gatsby, Gridsome & other static site interfaces are hot in the development community right now, especially when talking about headless WordPress. At WordCamp US, Mark chats with Dave Ryan about these technologies, reminding us that no matter the technology we use to create a website, our decisions during development matter to the end users' experience.

A small furor erupted over a top influencers in WordPress list that neglected to show the diverse nature of the WordPress community. We talk about the impossibility of making an accurate list reflecting WordPress influence or contribution, & the diversity we saw during production on Open, our film project. We also talk about Google plans to give slow websites a new badge of shame in Chrome, password security updates in Chrome 79, & the DHS reconsiders a plan to use facial recognition on U.S. travelers.

Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email abuse, a constant battle that Mailpoet is winning. They also talk about net promoter scores and what it means for the success of a SaaS business.

Yoast, the SEO plugin installed on 9 million sites, ran a Black Friday sale, experimenting with an ad in the WordPress admin dashboard. The furor was dramatic, & Yoast's CEO Marieke van de Rakt took ownership, showing exceptional leadership. We discuss the ad & the response, & the challenges of running a plugin business under a freemium model. We also cover stories about AVG & Avast browser extensions, the Magento Marketplace hack, the private equity purchase of .org & a data leak affecting 1.2 billion.

Maddy Osman is a SEO content strategist that has worked with a number of familiar brands in both the WordPress and SaaS spaces. She spoke at WordCamp US and took some time to chat with us at the Wordfence sponsor booth. Maddy talks about how she got started in SEO content strategy after doing web design and development, and also what the entrepreneurial journey has been like for her. Maddy also shows off some of her lock picking skills she picked up while hanging out at the Wordfence booth.

We review the premiere of Open, The Community Code, a film about the WordPress community that world premiered at the State of the Word Keynote at WordCamp US. Mark & Kathy talk about what it was like watching friends in the community see the film for the first time. We also discuss recent updates in WordPress 5.3, especially improvements to the Gutenberg editor, accessibility, & site health. We also cover Google Chrome's plans to warn & block mixed content and how to prepare now for these upcoming changes.

At WordCamp US in Saint Louis, Mark sat down with Yoast CEO Marieke van de Rakt and COO Michiel Heijmans in the Wordfence booth to talk about not only how Yoast began, but also how they've grown to over 9 million active installations and the challenges of managing such a large user base. Marieke and Michiel also talk about the big changes coming in 2020 for the Yoast plugin as well as training and educational efforts via Yoast Academy.

Kathy Zant gave a presentation about The Hacker Mindset at WordCamp US 2019 in St. Louis. Learning to think like a hacker in the security realm is a big part of keeping your assets safe, and there are additional benefits. Kathy illustrates how the hacker mindset is much more than protecting your site. Thinking like a hacker can also help you break through perceived limitations, overcome obstacles, and capitalize on opportunities to innovate.

Mark and Kathy connect in person on Halloween in St. Louis to talk about what's happening at WordCamp US. We review what's new at WCUS, some of the more interesting sessions, and all of the fun activities Wordfence is bringing to North America's largest WordCamp. Kathy and Mark also tear down the 4th wall to talk to award-winning Director Sean Korbitz, the creative force behind OPEN | The Community Code, the movie about the WordPress community that premieres Saturday, November 2.

Andrea Zoellner has been an organizer of WordCamp Montreal and is the Chief Content Creator at SiteGround. Andrea focuses on supporting SiteGround customers in the North American & English-speaking market. With a background in journalism, Andrea found WordPress as the easiest way to get online. She talked with us at WordCamp Sacramento about her WordPress origin story and how her position at SiteGround puts her in a unique position to innovate through new tools & services for WordPress users at SiteGround.