Think Like a Hacker with Wordfence

We cover WeWork's failed IPO & financial woes and how this likely led to Meetup's introduction of an RSVP fee. We discuss why this doesn't bode well for WeWork's future. We also look at the WordPress 5.2.4 security release & what fixes are included. We discuss the release of PHP 7.4 & how WordPress core is preparing. We also get a little excited about our plans for WordCamp US & our party to celebrate the worldwide premiere of the open-source film about the WordPress community: Open, The Community Code.

Jennifer Bourn has been a leader in the WordPress community for years, helping WordPress users of all experience levels get the most out of WordPress. She has created websites for recognizable brands through her design company, Bourn Creative. At WordCamp Sacramento, we talked about how the community has opened experiences for her entire family, her new ventures in training including Content Camp and the Profitable Project Plan, the Bourn family goal of visiting all national parks & the future of WordPress.

At WordCamp Minneapolis, our Lead Customer Service Engineer Tim Cantrell chats with Lindsey Miller about her work as Partner Marketing Manager at LiquidWeb. Tim and Lindsey also talk about the challenges of being a remote worker, and how the connections in the WordPress community can help individuals make connections that grow a business. Lindsey also turns the tables and interviews Tim, asking how he got involved in WordPress and came to be the lead customer service engineer at Wordfence.

Salesforce Ventures invested $300 million into Automattic at a $3 billion valuation. We discuss what this might mean for Automattic, the WordPress community, and the WordPress ecosystem by analyzing the roots of Salesforce and the opportunities it brings to WordPress. We also talk about features and fixes coming in November to WordPress 5.3 especially within the block editor and site health check. We also look at the DoorDash breach affecting nearly 5 million users.

At WordCamp Sacramento, Matt Cromwell from GiveWP talked with us about how Give began, democratizing generosity, & how they handled the vulnerability disclosure from our team. When our security researchers reached out, Give & Wordfence worked together to ensure that the vulnerability was patched in the safest way possible. Matt also tells us how he got involved with WordPress & how he gives back to the community through the Advanced WordPress Facebook group with over 30K members.

We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team's work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.

This week, our lead customer service engineer Tim Cantrell interviews Zach Stepek, CEO of MindSize, a digital agency focused on helping customers scale and succeed with eCommerce. Zach talks about how he got started with WordPress and WooCommerce, new features in JetPack that add functionality to WooCommerce, and how critical security is to site owners no matter what platform they use to sell goods and services online.

WordPress core version 5.2.3 was released on Sept. 4. This was a security release patching eight vulnerabilities in WordPress core, most of which were cross site scripting. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey's Twitter account, and the lessons for all of us in using our cellphones and mobile devices for securing our online accounts.

This week, we chat about WordPress 5.3 and some of the new features we will see added to WordPress in November, including improvements to the editor and a switch to meta tags for better control over search engine indexing. We also cover the latest developments with our threat intelligence team's research into an ongoing malvertising campaign targeting WordPress plugin vulnerabilities. This story received news coverage, and that coverage caused Wix to Tweet a cheeky dig at WordPress that fell flat.

Bill Rice is the CEO of Kaleidico. We chatted at WordCamp Minneapolis about WordPress and the community, and his work creating websites that convert. Bill spoke at WordCamp Minneapolis about trends in WordPress website design that allow businesses to deeply engage with site visitors. Mobile browsing has changed the way users interact with the web on all devices, including desktop. In this episode, Bill tells us how this shift creates new opportunities to design compelling digital experiences.

As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at WordCamp Orlando as well as a homeschooling mom, and runs a digital agency helping small businesses benefit from data-driven marketing.

WordPress core developers recently discussed removing support for code signing in WordPress core, included with the WordPress 5.2 release. The discussion suggested implementing SSL verification & hashes to verify code integrity instead. We chat about the history behind the vulnerability found by Wordfence's Matt Barry, which motivated the addition of code signing. We review several supply chain attacks, discussing how SSL & hashes wouldn't protect against a sophisticated attack on WordPress core servers.

Topher DeRosia is the Developer Evangelist for BigCommerce & a frequent WordCamp speaker. He's worked with WordPress for a long time & is the man behind HeroPress, telling the stories of transformed lives because of WordPress. HeroPress is now syndicated on WordPress.org/news. At WordCamp Boston, Topher and Kathy talked about everything WordPress from security to eCommerce, HeroPress, headless WordPress, headless eCommerce & how these new methods of distributing content & commerce will change publishing.

The Wall Street Journal reported on August 12 that Verizon is selling social media & blogging platform Tumblr to Automattic. Automattic CEO Matt Mullenweg answered questions on PostStatus, outlining plans to migrate off of Verizon, move Tumblr's backend to WordPress, and support the same APIs on both WordPress.com & Tumblr. Mullenweg noted that this is "by far the largest investment or acquisition Automattic has ever made." In this episode, we discuss the implications for Tumblr, WordPress, and Automattic.

In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability. He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design.