Think Like a Hacker with Wordfence

By Wordfence

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 41
Reviews: 0


Mark Maunder co-founded Wordfence in 2011 after his WordPress site was hacked and he learned how hard it was to clean and secure. Today the team has grown to over 35 members world-wide and Wordfence protects over 3 million WordPress sites. Join Mark as he and his colleague Kathy Zant cover interesting topics related to WordPress, security and innovation. Episodes alternate between security news and interviews with innovators from WordPress and information security communities.

Episode Date
Episode 41: KidsCamp and the Next Generation of WordPress Users with Sandy Edwards

As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at WordCamp Orlando as well as a homeschooling mom, and runs a digital agency helping small businesses benefit from data-driven marketing.

Aug 22, 2019
Episode 40: WordPress Considers Ditching Signed Core Updates

A recent discussion among WordPress core developers about removing support for code signing in core caught our attention. Code signing support was included with the WordPress 5.2 release. The discussion centers around removing code signing and implementing SSL verification and hashes to verify code integrity. In this week's episode we chat about the history behind the vulnerability found by Wordfence's Matt Barry, which is what motivated the addition of code signing to WordPress core. We review several high profile supply chain attacks and discuss how SSL and hashes would not protect against a sophisticated attack on WordPress core servers.

Aug 20, 2019
Episode 39: Headless eCommerce, Scaling for eCommerce Growth with Topher DeRosia

Topher DeRosia is the developer evangelist for BigCommerce and a frequent WordCamp speaker. He's worked with WordPress for a long time and is the man behind HeroPress, telling the stories of people whose lives have been transformed by WordPress. HeroPress is now syndicated on, bringing these inspirational stories to an even wider audience. At WordCamp Boston, Topher and Kathy talked about everything WordPress, from security to eCommerce, HeroPress, headless WordPress, headless eCommerce as well as how these new methods of distributing content and commerce will change publishing.

Aug 16, 2019
Episode 38: Automattic Buys Tumblr from Verizon

The Wall Street Journal reported on Monday, August 12, 2019 that Verizon is selling social media and blogging platform Tumblr to Automattic for an undisclosed sum, though rumors state that it may be as low as $3 million dollars. After the announcement, Automattic CEO Matt Mullenweg discussed the news on PostStatus, stating that they plan to migrate infrastructure off of Verizon, move Tumblr's backend to WordPress, and support the same APIs on both and Tumblr. Mullenweg noted on PostStatus that this acquisition is "by far the largest investment or acquisition Automattic has ever made." In this episode, we discuss the implications for Tumblr, WordPress, and Automattic.

Aug 13, 2019
Episode 37: Vito Peleg Talks Breaking the Agency Glass Ceiling and Building a Product with Your Customers

In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability.He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design.

Aug 08, 2019
Episode 36: Proposals to Improve WordPress Include WP Notify and Security Backporting Changes

This week, we talk about our corporate trip to DEF CON, the WordPress security team's proposal to backport security fixes to fewer releases, a new feature proposal called WP Notify that has a number of very positive implications for WordPress users, Cloudflare's decision to terminate service for 8Chan, and a European court's ruling that companies using the Facebook "like" button are liable for data collection.


Here are timestamps in case you would like to jump around:
1:18 The Defiant trip to DEF CON
3:05 WordPress Security team proposes backporting fixes to fewer releases
6:58 Feature Proposal: WP Notify
11:52 Cloudflare terminates service for 8Chan
16:05 Sites using Facebook "like" button liable for data

Aug 07, 2019
Episode 35: Security Researcher Jem Turner Talks About Pipdig Scandal

Jem Turner was one of the security researchers that found malicious code in Pipdig's P3 plugin. Both Jem and Wordfence's Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features, including a remote "killswitch," an obfuscated function used to change users' passwords, and code which generated hourly requests to DDoS a competitor's site. At WordCamp Europe, Mark sat down with Jem and asked about her process of finding this malicious code and the diligence in her research. Jem also talks about the unexpected reaction from the Pipdig developer and their many users, and how the community of bloggers banded together to help others who found themselves unable to migrate to safer themes themselves.

Aug 02, 2019
Episode 34: Capital One Data Breach Impacts over 100M Customers and Other News

This week we talk about the Capital One breach affecting over 100 million customers and some important takeaway lessons from that case. We also look at news with the the Equifax settlement, a spearphishing campaign targeting ProtonMail users, the conclusion to Marcus Hutchins' legal woes, and Facebook's $5 billion fine and new regulation from the FTC, amongst other stories.

Here are timestamps in case you would like to jump around:
1:20 WordCamp Asia & WordCamp US
3:36 Capital One Breach
14:19 Equifax settlement news
18:00 ProtonMail spearphishing
21:08 Marcus Hutchins case
25:01 Facebook fined by FTC
31:27 Ransomware affecting Georgia police car laptops
33:08 Los Angeles police data breach
36:48 Comodo exposed credentials
39:34 Siri recording sensitive moments
44:04 Anonymizing data doesn't protect privacy

Jul 31, 2019
Episode 33: Joomla Security Lead David Jardin Discusses Securing Over 2.5 Million Joomla Sites

David Jardin is the Security Strike Team Lead for Joomla, an open-source content management system powering more than 2.5 million websites. At WordCamp Europe, Mark and David sat down and talked about the workflow for Joomla security reports and why a proper proof of concept makes fixing vulnerabilities easier for security teams. They also discussed the improvements in cryptographic code signing expected in Joomla 4, its next major release.

Jul 26, 2019
Episode 32: WordPress Vulnerabilities Targeted, iOS Security Update & the Equifax Settlement

This week, we cover WordPress vulnerabilities targeted by a malvertising campaign and an important iOS security update. We also look at Equifax's $700 million settlement and a recent uptick of new breaches added to Have I Been Pwned. Along with other news and a summary of WordCamp Boston, we talk about the film project we've worked on since late last year. Open | The Community Code will premiere November 2019. We talk about how and why we created this film about the open-source WordPress community.

Jul 23, 2019
Episode 31: Securing Sensitive Data in the Cloud with Chris Teitzel

At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the world.

You can find Chris on Twitter @technerdteitzel and learn more about his company at

Jul 19, 2019
Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News

This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google's decision to remove Chrome's built-in XSS protection, a researcher's discovery of vulnerability in Instagram's 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.

Jul 17, 2019
Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools

At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks about why he created Better WP Security, the process of selling the plugin to iThemes and the tools he's created in his new role at WP Engine. He describes his move from iThemes to WP Engine as "the move I didn't know I needed to make."

Jul 12, 2019
Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News

A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid] with the process ID:

$> lsof -i :19421
$> kill -9 [pid]
$> rm -rf ~/.zoomus
$> touch ~/.zoomus

Wordfence Threat Analyst Mikey Veenstra also verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.

We also cover the WP Engine acquisition of Flywheel, cPanel's new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.

Here are approximate timestamps in case you want to jump around:

1:30 Zoom Zero Day Vulnerability
10:12 WP Engine Acquires Flywheel
19:45 cPanel pricing structure changes
23:02 .org pricing caps removed
28:30 Magento vulnerabilities
32:15 XSS Vulnerabilities in WP Statistics
35:30 Ad server hacked, serving ransomware
38:00 YouTube
40:18 British Airways GDPR Fine
42:00 Breaches of the week: MongoDB leak and leaky S3 buckets
44:50 Ruby Gem "strong_password" supply chain attack

Jul 09, 2019
Episode 27: Liquid Web COO Carrie Wheeler talks Leadership & Transitioning from Tech

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization's mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success. You can connect with Carrie on LinkedIn or at

Jul 05, 2019
Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan and Mark talk about these services, how they work, how they're used and how you can use them to hack your own site to test your own site's security.

Jun 27, 2019
Episode 25: WordCamp EU Wraps Up and WordPress Security News

From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon DHS affecting over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group, and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp breach.

Jun 24, 2019
Episode 24: How Focusing on a Single Vertical Helps an Agency Succeed with Frank Robinson

Mark sat down with Frank Robinson at WordCamp Atlanta a few weeks ago. Frank started Studio Media 22 in 2008, an agency focused on building sites and digital media in the beauty industry. Frank is a software designer and entrepreneur growing his business. We talk about why he focused on the beauty industry and how that gives him a competitive advantage, the opportunities for business, film and technology in Atlanta as well as why security and Wordfence is such a critical part of his business.

Jun 21, 2019
Episode 23: Security News from WCEU in Berlin

This week, we're at WordCamp Europe in Berlin, Germany and there is a lot of WordPress and security news to cover. We talk about the recent outage with WordPress VIP Go, what's new in WordPress version 5.2.2, vulnerabilities in two of Facebook's WordPress plugins, a Google Chrome extension for reporting bad URLs and a Chrome extension found to hijack search results. We talk about the importance and future of Troy Hunt's "Have I Been Pwned" project as he preps it for sale, a Firefox 0Day exploited in the wild, and two more American municipalities affected by malware. Evite disclosed a recent breach, Telegram gets DDoSed, a vulnerability found in Evernote's Web Clipper and Netflix's discovery of multiple Linux and FreeBSD vulnerabilities.

Approximate timestamps in case you want to jump around:

1:42 WordPress VIP Go outage
3:29 Wordpress 5.2.2 Update
4:28 Security implications of WordPress multisite
8:34 Self-promoting security troll strikes again
12:06 Chrome Suspicious URL Extension
13:36 Should Google be monetizing GSB data?
18:31 Malicious "YouTube Queue" chrome extension
21:25 Have I Been Pwned for sale
28:46 Firefox 0-day
30:00 Ransomware hits Philly
34:00 House lawmakers demand end to warrantless surveillance
37:20 Evite data breach
39:32 Telegram servers DDoSed
43:19 Evernote XSS flaw
46:22 Linux and FreeBSD vulns

Jun 20, 2019
Episode 22: Ninja Forms Developer James Laws on Building & Expanding a Wordpress Business

Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this robust and powerful form builder. James and Mark talk about revenue models that work, how to find new opportunities through market research, experimentation with new products and services as well as learning from your customers. They also discuss how to choose your next project when you have too many ideas, and the new businesses James and WP Ninjas are exploring in eCommerce. It's a fascinating discussion that will help you think about your own businesses and career in new ways. Enjoy!

Jun 13, 2019
Episode 21: New Plugin Vulns Exploited in the Wild, an Extortion Scam and the CBP Data Breach

This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port attack.

Here are approximate timestamps in case you want to jump around:

0:35 User Submitted Posts Plugin Vulnerability Seeing Attacks
4:20 An extortion scam is threatening website owners & how to protect your site
10:10 CBP breach of license plates and facial recognition data affecting US travelers
16:54 WordPress accessibility proposal
25:25 Google Cloud outage affects numerous services
26:59 State of Industrial Control Systems in Poland and Switzerland
36:00 Severe RCE in Exim mail transfer agent
37:09 What to do when SIM swapping happens to you

Jun 11, 2019
Episode 20: Making Big Changes by Adopting Micro-Habits with Nathan Ingram

At WordCamp Orange County, Nathan Ingram participated in a unique business track discussion about failure, something with which most entrepreneurs are intimately familiar. Immediately after his talk, Nathan sat down with Mark for this interview. The conversation goes deep fast, as both Mark and Nathan share their thoughts about being an entrepreneur and how "the best lessons in life are learned from failure." Nathan recently lost 50 pounds in two months and he talks about the micro-habits that he leveraged to make big successful changes with his health. This unique, honest and heartfelt interview has a number of lessons for those of us looking to optimize our business processes and find better balance in life.

Jun 07, 2019
Episode 19: Service Vulnerabilities in Four Hosting Companies

In episode 19 we talk to Brad Haas about recently patched service vulnerabilities that impacted four popular hosting companies. We also talk about a new login security plugin for WordPress that we've launched. In the news we cover a wave of SIM swapping attacks hitting cryptocurrency users, NGINX vulnerabilities and recent data breaches affecting the personal information of millions of people. 


Jun 06, 2019
Episode 18: Scaling a WordPress Agency with Entrepreneur Verious Smith

At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to an agency, and trust and interdependence in remote work. Verious is always striving to learn new things to optimize performance and improve workflow. We hope you enjoy the interview and get as much inspiration from Verious as we did.

May 31, 2019
Episode 17: 3 Severe WordPress Plugin Vulnerabilities

Mikey Veenstra joins us to talk about three WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress installations. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks some security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, zero-day Windows exploits released by a disgruntled security researcher, two large scale data leaks affecting millions of people, and revisit the Baltimore ransomware problem and how the NSA's Eternal Blue tool was used in the attack.

1:00 Interview with Mikey Veenstra on 3 severe WordPress plugin vulnerabilities
13:00 The news, and where's Mark?
13:30 Docker vulnerability not yet patched
16:24 Anatomy of a SIM port attack
20:17 Microsoft 0-day exploits on github
25:34 XSS vulnerability discovered in Slimstat plugin
26:26 Over 49 million Instagram users data exposed
29:28 First American Financial leaked hundreds of millions title insurance records
34:20 How an NSA malware tool was used in the Baltimore ransomware attack


May 29, 2019
Episode 16: Cami Kaos Talks WordCamps, Meetups and Community

If you've ever attended a WordCamp or a WordPress meetup in the last 6 years, that community experience was based on the guidance and support from WordCamp Central and Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps and over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers contributing to community events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups and WordCamps, challenges facing the growing community, and how to get involved.

May 24, 2019
Episode 15: So. Much. News!!

In this week's news we have a lot to cover. We talk about an intrusion at StackOverflow, a proposal to modify the WordPress plugin guidelines, how Chinese hackers are getting better at stealing US cyber secrets, ethical issues of firms promising ransomware solutions that only include paying the ransomware, a breach on the Joomla extension directory server, Google's aggregation of your purchase receipts and suspension of Android support for Huawei amongst many other stories.

0:46 Code signing in WordPress 5.2
4:07 Stack Overflow intrusion
8:00 WordPress plugin guideline proposal
12:00 US cyber secrets being stolen by China
16:00 Ransomware solution
21:11 Joomla extension directory intrusion
24:40 Google aggregating purchase data
27:58 Google suspends Android support for Huawei
33:00 How effective is basic account hygiene at preventing hijacking
35:00 735K fraudulently obtained IP addresses revoked
38:29 Baltimore ransomware nightmare continues
43:01 460,000 user accounts breached on Uniqlo online
43:59 OGusers forum hacked

May 21, 2019
Episode 14: Interview with Trauma Surgeon and Plugin Dev Andy Fragen

Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had the pleasure of talking with Andy at WordCamp Orange County. He's a fascinating person and I really think you'll enjoy our conversation.

May 16, 2019
Episode 12: Major WhatsApp Vulnerability and Other News

This week in our news-focused episode we cover the WhatsApp zero-day vulnerability that allegedly was used to infect phones with malware by simply calling a phone with the app. We announced a new update to the Wordfence plugin, making an updated two-factor authentication feature available to all Wordfence users. We cover a story about SIM hijacking and discuss why we need to move away from SMS 2-factor authentication. We also cover an ongoing supply-chain attack affecting thousands of sites, three antivirus companies that have been compromised, a malvertiser indictment, and other stories.

Here are approximate timestamps in case you want to jump around:
0:30 WhatsApp voice calls used to inject malware
7:07 New Wordfence login security features
12:30 Ongoing supply-chain attack
18:58 SIM card hijacking campaign
22:05 Three US Antivirus companies compromised
23:55 Malvertiser compromised
30:12 Opting out of facial recognition at airports
32:48 Microsoft Word gets politically correct
37:38 Binance intrusion
41:25 Federal agencies spending millions to hack into phones

May 14, 2019
Episode 11: The Dave Ryan Interview

Dave Ryan is an Interdisciplinary WordPress Developer at Bluehost, where he focuses on helping build WordPress and supporting the WordPress community. He is an organizer for Phoenix area WordPress meetups and WordCamp Phoenix. He also speaks at numerous WordCamps around the country.

In the past Dave has worked for large publishers and universities and scaling high-traffic WordPress sites by blending his skills in information design, journalism and web development.

Dave lives in Phoenix, loves a good taco and will like every photo of your dog on Instagram.

May 11, 2019
Episode 10: WordPress 5.2 Security Enhancements and Other News

Today we are pleased to bring you the tenth episode of Think Like a Hacker. We're doing things a little different this week, separating the news and our interview into two episodes. In today's we cover the news and we will share another compelling interview later in the week.

In the news we discuss new cryptographic protection against supply chain attacks in WordPress 5.2 which was released today. We talk about Israel's missile attack against Hamas hackers, a data breach affecting 80 million households, the Gutenberg accessibility audit, DuckDuckGo's "do not track" bill, a hacker selling Windows ZeroDay vulnerabilities and a sophisticated supply chain attack originating in China amongst other stories.

May 08, 2019
Episode 9: The Jon Brown Interview and Vulnerabilities, The Dark Web, Scams, Oh My!

We cover quite a few news stories this week, including two plugins requiring immediate updating due to disclosed vulnerabilities, what we can expect from WordPress version 5.2 and a dark web marketplace that appears to have exit scammed users. We follow up on Google Sensorvault, a great interview with Richard Stallman about Facebook and JetBlue's use of facial recognition technology. We take a look at GoDaddy's removal of 15,000 spam subdomains, the Docker breach and Slack's upcoming IPO and their dire warning to investors.

This week I chat with Jon Brown, CEO of 9seeds, a digital agency in Idyllwild, CA. Jon and I talk about running an agency, remote work, being a digital nomad and of course, WordPress. We had a great conversation, and I think you’ll enjoy it.

May 01, 2019
Episode 8: We Go Deep on Coffee, Hackable Child Trackers and More

This week we look at Troy Hunt's pen testing results with the TicTocTrack watch and the privacy issues of tracking our kids. We examine the changes coming in the AMP project as well as implications of the UK's new porn age restriction law coming into effect in July. We review a story uncovered by Cisco's Talos security team about a group called SeaTurtle who carried out an espionage campaign via DNS hijacking. We take a new look at why the Nigerian prince scam is still netting over $700,000 per year, and how the City of Chicago lost more than $1 million in a phishing scam. We also take a look at the nascent influencer economy and some of the effects on both service companies and influencers themselves.

For our interview this week, I have something a little different. I was recently in Idyllwild, California for a few days and made friends with an amazing couple who run a coffee roastery and tasting room. Chris and Katie Bayer are the owners of Black Mountain Coffee Roasting. If you love coffee and WordPress you're going to love this interview.

Here are approximate timestamps in case you want to jump around:
0:45 TicTocTrack, the Hackable Kids’ Watch
14:24 Changes to AMP
21:14 UK Pornography restriction law
29:25 Sea Turtle group and DNS hijacking
38:19 Nigerian Prince scams and why they’re still around
50:42 City of Chicago and a phishing scam
58:13 The influencer economy
1:07:26 Interview with Chris and Katie Bayer

~Mark Maunder

Apr 23, 2019
Episode 7: The Tyler Lau Interview, Assange, Thought Experiments, AirBnB Scams and More

This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google's Sensorvault and how it's being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a new AirBnB scam. I also talked to Tyler Lau at WordCamp Phoenix last month, and we share that interview with you today. Tyler is the Social Community Manager at Sandhills Development. Sandhills makes some very popular plugins including Easy Digital Downloads and  AffiliateWP. We talked about the WordPress community, WordPress in general and some of the cool things that Sandhills is involved in.

Here are the timestamps in case you want to jump around:
0:51 Assange taken into custody
20:27 Irresponsible security researcher
30:50 Google Sensorvault
35:14 Bayrob malware gang
43:07 Land Lordz service powering AirBnB scams
49:57 Tyler Lau interview

~Mark Maunder

Apr 17, 2019
Episode 6: The Brandy Lawson Interview, The News and Facebook Rants

This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. Brandy is passionate about helping coaches, speakers, and authors who are making an impact on the world. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you'll really enjoy.

Apr 10, 2019
Episode 5: The Raquel Landefeld Interview & The Pipdig Story

This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress, co-founder of agency Mode Effect and a well known and loved personality in the WordPress community. Raquel and I chat about her adventures as a mom in tech, Gutenberg, her approach to networking, what it is like being a WordCamp Phoenix organizer and what she is up to for the rest of this year. Enjoy!!

~Mark Maunder

Apr 03, 2019
Episode 4: The Aaron Campbell Interview and the Social Warfare Saga

This week we have an update on the Social Warfare plugin vulnerability, how it was more serious than originally thought, and a feud that has broken out between a security researcher and forum moderators. We also have some interesting data on how WordPress will become more secure soon with code signing. And along with several other news items, we have a spectacular interview with Aaron Campbell, the former head of WordPress security. Enjoy!!

Mar 26, 2019
Episode 3: The Cory Miller Interview and Vulnerability In Easy WP SMTP Plugin

This week we have breaking news with a serious vulnerability in the Easy WP SMTP WordPress plugin. We are seeing exploits actively target this vulnerability. We also cover the week's news with Kathy Zant and have a spectacular interview with Cory Miller where he chats about how he started iThemes, why he sold to Liquid Web, some of the challenges of being a founder and what is next for him. Enjoy!!

Mar 21, 2019
Episode 2: Mikey Veenstra Talks XSS Vulnerability + The Adam Warner Interview

Welcome to Think Like a Hacker, Episode 2. In this episode Mikey Veenstra, a threat analyst at Wordfence discusses a serious XSS vulnerability in an abandoned cart plugin. We also chat with Adam Warner, a well known figure in the WordPress community. In our interview we chat about Adam's personal WordPress journey, community engagement success and the future of WordPress. And as always we cover the news with Kathy Zant.

Mar 12, 2019
Episode 1: The Josepha Haden Interview

Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users' security and more.

Mar 07, 2019