WordPress Plugins Archives

YoastCon: The State Of WordPress Security

Published in Security on June 9, 2015

Almost five years ago, Joost started the company Yoast, offering website reviews and free plugins. Yoast’s core business was, and is, sharing knowledge and making it easier to create usable websites. Five years later Yoast has turned into one of the biggest WordPress plugin providers with 21 employees (and counting)!

To celebrate reaching five years, awesome growth, and much success, Yoast celebrated with a conference: YoastCon!

The conference was held in de Lindenberg in Nijmegen, with myself, Chris Lema, Marcus Tandler, Karl Gilis, and Joost de Valk speaking, and Marieke van de Rakt, Thijs de Valk, and Taco Verdonschot giving workshops.

The State of WordPress Security

My talk was on the current state of WordPress security. There is no denying that WordPress, powering over 23.5% of the top websites in the world, has become the platform of choice for bloggers and businesses alike.

With this fame however, WordPress has become a target, making it the top targeted platform on the web by malicious actors with ill intent.

Website Access Control and Security

Published in Security on January 23, 2015

Website security has become a hot bed over the past few years. More and more companies are joining the game in hopes of capitalizing on what they perceive to be huge opportunities. The one vector that seems to be all the rave is Access Control.

When I talk to access control, I specifically talk to mechanisms in place to restrict access to a resource. Think how you connect to your website. Are you using WordPress, Joomla, Magento or some vBulletin? Maybe it’s a custom PHP, HTML, ASP website?

Regardless of the platform, you have some form of access vector you employ daily.

If you’re a WordPress user, you’re likely leveraging /wp-admin. If you’re on Joomla, you’re using /administrator, and so on and so on — each platform providing its own means for connection. Access vectors don’t stop there. They extend well beyond the application itself. Think about things like File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP) and Secure Shell (SSH). These are transfer protocols that are still part of your website access vectors.

This can be extended further when you think about things like your hosting panels and database log in panels, additional forms of access vectors. But now we start diving into a very deep rabbit hole.

A Day with the Woo: WooConf 2014

Published in Business on November 4, 2014

To think I was not going to attend the event.

It was already later in the year, November, and besides, as my beloved friend Chris Lema pointed out, I had been rejected to speak.

Forgive @perezbox and his tweets. He got a rejection letter from #wooconf without even applying to speak.

— Chris Lema (@chrislema) November 3, 2014

I didn’t even get my name in the hello.

Favorite Link Saver: @Pocket App

Published in Business on November 3, 2014

If you’re anything like me you’re constantly on the go, well at least in my mind I am. At least virtually you’re constantly moving, jumping between social streams, reading posts, updating posts, pushing posts, it’s our own little chaos of a world.

For a while now though I’ve been really struggling with a clean way to save interesting links. That’s compounded by the fact that I am constantly on multiple devices (i.e., desktop, notebook, iPad, mobile, etc…). For a while I was still using Delicious, seriously, I was. But that’s just not very useful, at least it wasn’t to me.

I was talking to a friend of mine, Cory Miller (at least I think it was him, if not, oh well he gets the credit), and he introduced me to this app called Pocket. At first glance it looked cool, but as if often the case I kind of shrugged it off, I get a lot of recommendations for apps.

Finally settling in at home though I started playing with it and quickly realize how cool of an app it was – more importantly how awesome the user experience is.

MailChimp Subscribe Form Plugin via @CrowdFavorite

Published in Business on October 31, 2014

Decided to update my email subscription feature and in the process set out to find a more effective solution.

I had been rocking the Jetpack plugin and using their subscription module, but it left a lot to be desired. Mainly the lack of control, or appeared lack of control over my own data (my emails). For the average site though it might be perfect, and right what the doctor ordered.

For me however I was looking for something specifically to integrate with MailChimp. I actually didn’t even know that there was a MailChimp plugin, I thought I would have to do a form myself (as I had done before), but oh how the things have changed.

Turns out that in my absence, a few months – maybe years, things continue to evolve. How awesome is that!

Turns out our friends at Crowd Favorite built a free MailChimp plugin. #hattip

WordCamp Minneapolis 2014: Commercial WordPress Products

Published in Business on May 1, 2014

Recently I spoke at WordCamp Minneapolis 2014 on The Basics Of WordPress Security.

At the event, I pulled double duty and also participated in a panel discussion on Commercial WordPress Products moderated by Kiko Doran with:

Reid Peifer of Modern Tribe and Events Calendar Pro
Marc Benzakein of ServerPress and Desktop Server
Carl Hancock of RocketGenius and Gravity Forms
Ben Fox of FlowPress and SidekickPro

In this panel discussion we all answer some pointed questions by Kiko about our opinions and experiences selling commercial WordPress products.

Check out the video of the panel discussion and thanks for Paul Lampland for snapping this great photo!

Watch The Video

WordPress Plugin Commercialization

Published in Business on November 11, 2012

I was recently privileged to be sitting with friends and peers at the first private event designed and tailored for the WordPress business eco-system, Pressnomics. Of the various presentations given there was one that was of particular interest, the interview with Matt Mulleneweg. There was one topic in particular that appeared to catch most people’s attention – commercialization of plugins.

Before I start understand that this is all my own interpretation of what was said and in some instances things might have been taken out of context. I also had a follow-up conversation that helped me better understand, I think, the responses given.

Review of the WordPress AntiVirus Plugin – Effective or Not?

Published in Security on June 21, 2012

After my most recent Review of the WordPress WordFence Plugin post I felt it was only fair that I take time to review the effectiveness of other similar security focused plugins in the WordPress.org repository.

It’s important to understand that while I work for an InfoSec company my focus is not on whether its a competitive product, but rather how useful it is to end-users and how effective it is at detecting malware. The goal is to establish an unbiased review, leveraging the large repository of web-based malware variants I have at my disposal.

I stumbled on the AntiVirus plugin while crawling the repository and was naturally curious. The plugin repository description is not very exhaustive, but appears to succinctly articulate what it was designed to do.