Think Like a Hacker with Wordfence

By Wordfence

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 28
Reviews: 0


Mark Maunder co-founded Wordfence in 2011 after his WordPress site was hacked and he learned how hard it was to clean and secure. Today the team has grown to over 35 members world-wide and Wordfence protects over 3 million WordPress sites. Join Mark as he and his colleague Kathy Zant cover interesting topics related to WordPress, security and innovation. Episodes alternate between security news and interviews with innovators from WordPress and information security communities.

Episode Date
Episode 16: Cami Kaos Talks WordCamps, Meetups and Community

If you've ever attended a WordCamp or a WordPress meetup in the last 6 years, that community experience was based on the guidance and support from WordCamp Central and Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps and over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers contributing to community events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups and WordCamps, challenges facing the growing community, and how to get involved.

May 24, 2019
Episode 15: So. Much. News!!

In this week's news we have a lot to cover. We talk about an intrusion at StackOverflow, a proposal to modify the WordPress plugin guidelines, how Chinese hackers are getting better at stealing US cyber secrets, ethical issues of firms promising ransomware solutions that only include paying the ransomware, a breach on the Joomla extension directory server, Google's aggregation of your purchase receipts and suspension of Android support for Huawei amongst many other stories.

0:46 Code signing in WordPress 5.2
4:07 Stack Overflow intrusion
8:00 WordPress plugin guideline proposal
12:00 US cyber secrets being stolen by China
16:00 Ransomware solution
21:11 Joomla extension directory intrusion
24:40 Google aggregating purchase data
27:58 Google suspends Android support for Huawei
33:00 How effective is basic account hygiene at preventing hijacking
35:00 735K fraudulently obtained IP addresses revoked
38:29 Baltimore ransomware nightmare continues
43:01 460,000 user accounts breached on Uniqlo online
43:59 OGusers forum hacked

May 21, 2019
Episode 14: Interview with Trauma Surgeon and Plugin Dev Andy Fragen

Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had the pleasure of talking with Andy at WordCamp Orange County. He's a fascinating person and I really think you'll enjoy our conversation.

May 16, 2019
Episode 12: Major WhatsApp Vulnerability and Other News

This week in our news-focused episode we cover the WhatsApp zero-day vulnerability that allegedly was used to infect phones with malware by simply calling a phone with the app. We announced a new update to the Wordfence plugin, making an updated two-factor authentication feature available to all Wordfence users. We cover a story about SIM hijacking and discuss why we need to move away from SMS 2-factor authentication. We also cover an ongoing supply-chain attack affecting thousands of sites, three antivirus companies that have been compromised, a malvertiser indictment, and other stories.

Here are approximate timestamps in case you want to jump around:
0:30 WhatsApp voice calls used to inject malware
7:07 New Wordfence login security features
12:30 Ongoing supply-chain attack
18:58 SIM card hijacking campaign
22:05 Three US Antivirus companies compromised
23:55 Malvertiser compromised
30:12 Opting out of facial recognition at airports
32:48 Microsoft Word gets politically correct
37:38 Binance intrusion
41:25 Federal agencies spending millions to hack into phones

May 14, 2019
Episode 11: The Dave Ryan Interview

Dave Ryan is an Interdisciplinary WordPress Developer at Bluehost, where he focuses on helping build WordPress and supporting the WordPress community. He is an organizer for Phoenix area WordPress meetups and WordCamp Phoenix. He also speaks at numerous WordCamps around the country.

In the past Dave has worked for large publishers and universities and scaling high-traffic WordPress sites by blending his skills in information design, journalism and web development.

Dave lives in Phoenix, loves a good taco and will like every photo of your dog on Instagram.

May 11, 2019
Episode 10: WordPress 5.2 Security Enhancements and Other News

Today we are pleased to bring you the tenth episode of Think Like a Hacker. We're doing things a little different this week, separating the news and our interview into two episodes. In today's we cover the news and we will share another compelling interview later in the week.

In the news we discuss new cryptographic protection against supply chain attacks in WordPress 5.2 which was released today. We talk about Israel's missile attack against Hamas hackers, a data breach affecting 80 million households, the Gutenberg accessibility audit, DuckDuckGo's "do not track" bill, a hacker selling Windows ZeroDay vulnerabilities and a sophisticated supply chain attack originating in China amongst other stories.

May 08, 2019
Episode 9: The Jon Brown Interview and Vulnerabilities, The Dark Web, Scams, Oh My!

We cover quite a few news stories this week, including two plugins requiring immediate updating due to disclosed vulnerabilities, what we can expect from WordPress version 5.2 and a dark web marketplace that appears to have exit scammed users. We follow up on Google Sensorvault, a great interview with Richard Stallman about Facebook and JetBlue's use of facial recognition technology. We take a look at GoDaddy's removal of 15,000 spam subdomains, the Docker breach and Slack's upcoming IPO and their dire warning to investors.

This week I chat with Jon Brown, CEO of 9seeds, a digital agency in Idyllwild, CA. Jon and I talk about running an agency, remote work, being a digital nomad and of course, WordPress. We had a great conversation, and I think you’ll enjoy it.

May 01, 2019
Episode 8: We Go Deep on Coffee, Hackable Child Trackers and More

This week we look at Troy Hunt's pen testing results with the TicTocTrack watch and the privacy issues of tracking our kids. We examine the changes coming in the AMP project as well as implications of the UK's new porn age restriction law coming into effect in July. We review a story uncovered by Cisco's Talos security team about a group called SeaTurtle who carried out an espionage campaign via DNS hijacking. We take a new look at why the Nigerian prince scam is still netting over $700,000 per year, and how the City of Chicago lost more than $1 million in a phishing scam. We also take a look at the nascent influencer economy and some of the effects on both service companies and influencers themselves.

For our interview this week, I have something a little different. I was recently in Idyllwild, California for a few days and made friends with an amazing couple who run a coffee roastery and tasting room. Chris and Katie Bayer are the owners of Black Mountain Coffee Roasting. If you love coffee and WordPress you're going to love this interview.

Here are approximate timestamps in case you want to jump around:
0:45 TicTocTrack, the Hackable Kids’ Watch
14:24 Changes to AMP
21:14 UK Pornography restriction law
29:25 Sea Turtle group and DNS hijacking
38:19 Nigerian Prince scams and why they’re still around
50:42 City of Chicago and a phishing scam
58:13 The influencer economy
1:07:26 Interview with Chris and Katie Bayer

~Mark Maunder

Apr 23, 2019
Episode 7: The Tyler Lau Interview, Assange, Thought Experiments, AirBnB Scams and More

This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google's Sensorvault and how it's being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a new AirBnB scam. I also talked to Tyler Lau at WordCamp Phoenix last month, and we share that interview with you today. Tyler is the Social Community Manager at Sandhills Development. Sandhills makes some very popular plugins including Easy Digital Downloads and  AffiliateWP. We talked about the WordPress community, WordPress in general and some of the cool things that Sandhills is involved in.

Here are the timestamps in case you want to jump around:
0:51 Assange taken into custody
20:27 Irresponsible security researcher
30:50 Google Sensorvault
35:14 Bayrob malware gang
43:07 Land Lordz service powering AirBnB scams
49:57 Tyler Lau interview

~Mark Maunder

Apr 17, 2019
Episode 6: The Brandy Lawson Interview, The News and Facebook Rants

This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. Brandy is passionate about helping coaches, speakers, and authors who are making an impact on the world. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you'll really enjoy.

Apr 10, 2019
Episode 5: The Raquel Landefeld Interview & The Pipdig Story

This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress, co-founder of agency Mode Effect and a well known and loved personality in the WordPress community. Raquel and I chat about her adventures as a mom in tech, Gutenberg, her approach to networking, what it is like being a WordCamp Phoenix organizer and what she is up to for the rest of this year. Enjoy!!

~Mark Maunder

Apr 03, 2019
Episode 4: The Aaron Campbell Interview and the Social Warfare Saga

This week we have an update on the Social Warfare plugin vulnerability, how it was more serious than originally thought, and a feud that has broken out between a security researcher and forum moderators. We also have some interesting data on how WordPress will become more secure soon with code signing. And along with several other news items, we have a spectacular interview with Aaron Campbell, the former head of WordPress security. Enjoy!!

Mar 26, 2019
Episode 3: The Cory Miller Interview and Vulnerability In Easy WP SMTP Plugin

This week we have breaking news with a serious vulnerability in the Easy WP SMTP WordPress plugin. We are seeing exploits actively target this vulnerability. We also cover the week's news with Kathy Zant and have a spectacular interview with Cory Miller where he chats about how he started iThemes, why he sold to Liquid Web, some of the challenges of being a founder and what is next for him. Enjoy!!

Mar 21, 2019
Episode 2: Mikey Veenstra Talks XSS Vulnerability + The Adam Warner Interview

Welcome to Think Like a Hacker, Episode 2. In this episode Mikey Veenstra, a threat analyst at Wordfence discusses a serious XSS vulnerability in an abandoned cart plugin. We also chat with Adam Warner, a well known figure in the WordPress community. In our interview we chat about Adam's personal WordPress journey, community engagement success and the future of WordPress. And as always we cover the news with Kathy Zant.

Mar 12, 2019
Episode 1: The Josepha Haden Interview

Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users' security and more.

Mar 07, 2019