This site uses cookies in accordance with our Privacy Policy.
Think Like a Hacker
Episode 34: Capital One Data Breach Impacts over 100M Customers and Other News
This week we talk about the Capital One breach affecting over 100 million customers and some important takeaway lessons from that case. We also look at news with the the Equifax settlement, a spearphishing campaign targeting ProtonMail users, the conclusion to Marcus Hutchins’ legal woes, and Facebook’s $5 billion fine and new regulation from the…
July 31, 2019
Episode 33: Joomla Security Lead David Jardin Discusses Securing Over 2.5 Million Joomla Sites
David Jardin is the Security Strike Team Lead for Joomla, an open-source content management system powering more than 2.5 million websites. At WordCamp Europe, Mark and David sat down and talked about the workflow for Joomla security reports and why a proper proof of concept makes fixing vulnerabilities easier for security teams. They also discussed…
July 26, 2019
Episode 32: WordPress Vulnerabilities Targeted, iOS Security Update & the Equifax Settlement
This week, we cover WordPress vulnerabilities targeted by a malvertising campaign and an important iOS security update. We also look at the Equifax $700 million settlement and a recent uptick of new breaches added to Have I Been Pwned. Along with other news and a summary of WordCamp Boston, we talk about the film project…
July 23, 2019
Episode 31: Securing Sensitive Data in the Cloud with Chris Teitzel
At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the…
July 19, 2019
Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News
This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google’s decision to remove Chrome’s built-in XSS protection, a researcher’s discovery of vulnerability in Instagram’s 2FA,…
July 17, 2019
Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools
At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks…
July 12, 2019
Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News
A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing with the process ID: $> lsof -i :19421 $> kill -9 $> rm -rf ~/.zoomus $> touch ~/.zoomus…
July 9, 2019
Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech
Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting…
July 5, 2019
Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst
Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that…
June 27, 2019
The Official Wordfence Mailing List
Receive WordPress security news before publication.
Episode 25: WordCamp EU Wraps Up and WordPress Security News
Our last podcast from WordCamp Europe in Berlin, we talk about our experience attending the largest WordCamp in the world as well as the news. We discuss the 2,600 hacked WordPress sites being used for a free proxy service, the Iranian cyber attacks, the attack at JPL affecting NASA and a WeTransfer security incident. We…
June 24, 2019
Episode 24: How Focusing on a Single Vertical Helps an Agency Succeed with Frank Robinson
Mark sat down with Frank Robinson at WordCamp Atlanta a few weeks ago. Frank started Salon Media 22 in 2008, an agency focused on building sites and digital media in the beauty industry. Frank is a software designer and entrepreneur growing his business. We talk about why he focused on the beauty industry and how…
June 21, 2019
Episode 23: Security News from WCEU in Berlin
This week, we’re at WordCamp Europe in Berlin, Germany and there is a lot of WordPress and security news to cover. We talk about the recent outage with WordPress VIP Go, what’s new in WordPress version 5.2.2, vulnerabilities in two of Facebook’s WordPress plugins, a Google Chrome extension for reporting bad URLs and a Chrome…
June 20, 2019
Episode 22: Ninja Forms Developer James Laws on Building & Expanding a WordPress Business
Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this robust and powerful form builder. James and Mark talk about revenue models that work, how to find new opportunities through market research, experimentation with new products and services as…
June 13, 2019
Episode 21: New Plugin Vulns Exploited in the Wild, an Extortion Scam and the CBP Data Breach
This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port…
June 11, 2019
Episode 20: Making Big Changes by Adopting Micro-Habits with Nathan Ingram
At WordCamp Orange County, Nathan Ingram participated in a unique business track discussion about failure, something with which most entrepreneurs are intimately familiar. Immediately after his talk, Nathan sat down with Mark for this interview. The conversation goes deep fast, as both Mark and Nathan share their thoughts about being an entrepreneur and how “the…
June 7, 2019
Episode 19: Service Vulnerabilities in Four Hosting Companies
In episode 19 we talk to Brad Haas about recently patched service vulnerabilities that impacted four popular hosting companies. We also talk about a new login security plugin for WordPress that we’ve launched. In the news we cover a wave of SIM swapping attacks hitting cryptocurrency users, NGINX vulnerabilities and recent data breaches affecting the…
June 6, 2019
Episode 18: Scaling a WordPress Agency with Entrepreneur Verious Smith
At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to an agency, and trust and…
May 31, 2019
Episode 17: 3 Severe WordPress Plugin Vulnerabilities
Mikey Veenstra joins us to talk about three WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress installations. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks some security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, zero-day…
May 29, 2019