Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can connect with Carrie on LinkedIn or at liquidweb.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can connect with Carrie on LinkedIn or at liquidweb.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan and Mark talk about these services, how they work, how they’re used and how you can use them to hack your own site to test your own site’s security.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find Ryan and Dewhurst Security on Twitter @ethicalhack3r and @dewhurstsec or at wpscan.org. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan and Mark talk about these services, how they work, how they’re used and how you can use them to hack your own site to test your own site’s security.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find Ryan and Dewhurst Security on Twitter @ethicalhack3r and @dewhurstsec or at wpscan.org. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon DHS affecting over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group, and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp breach.

Here are approximate timestamps in case you want to jump around:
00:37 WordCamp EU recap
06:32 Free proxy service running on 2600 hacked WordPress sites
09:28 US launches cyber attack targeting Iranian military
15:58 NASA mission network compromised by rogue Raspberry Pi
19:43 WeTransfer security incident
21:38 Oregon Department of Human Services suffers phishing attack
23:36 Desjardins Group leak exposes data 2.9 million members
25:48 Company behind data breach impacting 20 million Americans files for bankruptcy

Find us on your favorite app or platform including Apple Podcasts, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

• A free and commercial proxy service is using hacked WordPress sites for their service.
• US officials state that they’ve initiated a cyberattack on Iran though details are scant.
• A ten-month long intrusion at JPL threatened NASA mission control data.
• A security incident at WeTransfer sent files to the wrong people.
• A phishing attack at theOregon DHS impacted 645,000 Oregonians.
• A leak at Desjardins Group affects 2.9 million members.
• The collection firm behind the LabCorp, Quest breach files for bankruptcy.

Thanks to “Saburnsjax” for the review on Apple Podcasts!

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon DHS affecting over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group, and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp breach.

Here are approximate timestamps in case you want to jump around:
00:37 WordCamp EU recap
06:32 Free proxy service running on 2600 hacked WordPress sites
09:28 US launches cyber attack targeting Iranian military
15:58 NASA mission network compromised by rogue Raspberry Pi
19:43 WeTransfer security incident
21:38 Oregon Department of Human Services suffers phishing attack
23:36 Desjardins Group leak exposes data 2.9 million members
25:48 Company behind data breach impacting 20 million Americans files for bankruptcy

Find us on your favorite app or platform including Apple Podcasts, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

• A free and commercial proxy service is using hacked WordPress sites for their service.
• US officials state that they’ve initiated a cyberattack on Iran though details are scant.
• A ten-month long intrusion at JPL threatened NASA mission control data.
• A security incident at WeTransfer sent files to the wrong people.
• A phishing attack at theOregon DHS impacted 645,000 Oregonians.
• A leak at Desjardins Group affects 2.9 million members.
• The collection firm behind the LabCorp, Quest breach files for bankruptcy.

Thanks to “Saburnsjax” for the review on Apple Podcasts!

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

Mark sat down with Frank Robinson at WordCamp Atlanta a few weeks ago. Frank started Studio Media 22 in 2008, an agency focused on building sites and digital media in the beauty industry. Frank is a software designer and entrepreneur growing his business. We talk about why he focused on the beauty industry and how that gives him a competitive advantage, the opportunities for business, film and technology in Atlanta as well as why security and Wordfence is such a critical part of his business.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find Frank and Salon Media 22 on Twitter @SalonMedia22 or at SalonMedia22.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

This week, we’re at WordCamp Europe in Berlin, Germany and there is a lot of WordPress and security news to cover. We talk about the recent outage with WordPress VIP Go, what’s new in WordPress version 5.2.2, vulnerabilities in two of Facebook’s WordPress plugins, a Google Chrome extension for reporting bad URLs and a Chrome extension found to hijack search results. We talk about the importance and future of Troy Hunt’s “Have I Been Pwned” project as he preps it for sale, a Firefox 0Day exploited in the wild, and two more American municipalities affected by malware. Evite disclosed a recent breach, Telegram gets DDoSed, a vulnerability found in Evernote’s Web Clipper and Netflix’s discovery of multiple Linux and FreeBSD vulnerabilities.

Here are approximate timestamps in case you want to jump around:
1:42 WordPress VIP Go outage
3:29 WordPress 5.2.2 Update
4:28 Security implications of WordPress multisite
8:34 Self-promoting security troll strikes again
12:06 Chrome Suspicious URL Extension
13:36 Should Google be monetizing GSB data?
18:31 Malicious “YouTube Queue” chrome extension
21:25 Have I Been Pwned for sale
28:46 Firefox 0-day
30:00 Ransomware hits Philly
34:00 House lawmakers demand end to warrantless surveillance
37:20 Evite data breach
39:32 Telegram servers DDoSed
43:19 Evernote XSS flaw
46:22 Linux and FreeBSD vulns

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

• WordPress VIP Go experienced a 3-hour outage reverting a number of high profile websites to default themes.
• WordPress version 5.2.2 was released, squashing 13 bugs and improving WordPress site health features.
• A disgruntled security researcher publishes 0day proof of concepts affecting two Facebook plugins, one with 200,000 installations.
• Google launches a Chrome extension for flagging bad URLs to the safe browsing team.
• A Chrome extension was found hijacking users’ search engine results.
• Troy Hunt announces that he’s looking for someone to purchase Have I Been Pwned.
• A Firefox 0Day exploited in the wild.
• The Philadelphia court system found malware on a limited number of computers, but enough to force a shutdown to prevent further problems.
• A Florida city pays $600,000 ransomware to hackers who seized their computer system.
• House lawmakers propose amendment to defund NSA data collection program.
• Evite’s recent security breach attributed likely an old backup left unprotected.
• Telegram’s CEO says China is behind a recent DDOS attack.
• A cross-site scripting (XSS) vulnerability in Evernote Web Clipper was responsibly disclosed, and added to Evernote’s security hall of fame.
• Netflix found multiple Linux and FreeBSD vulnerabilities.

Thanks to Micah Dailey for the review on Apple Podcasts!

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

In February we launched Wordfence Central, an efficient way to manage the security of many WordPress sites in one place. If you have multiple sites and haven’t checked it out yet, you should. It includes a powerful dashboard, a single interface to view and manage security findings across all of your sites and robust new tools that make managing Wordfence configuration for your websites a breeze.

Wordfence Central has been incredibly popular. Tens of thousands of sites have been added so far and more are added every day.

Today we are announcing the first major feature release for Central since its launch in February. This represents a big step forward not only for Central, but for Wordfence as a whole. The first major improvement is the addition of a brand new Central alerts feature. You can now configure Central to take over security alerting for your sites, and leverage severity level configuration and a new daily digest feature. Alerts can be sent via any combination of Email, SMS and Slack. We’ve also added a new Security Events tab to Central along with the ability to alert you when the higher priority events occur.

Improving the Signal to Noise Ratio

Alerts sent from Wordfence in the default configuration do a great job of letting you know when you have issues and reminding you important updates are needed. But if you manage a lot of sites, the volume of alerts sent can be overwhelming. We hear from customers about this frequently. The new Central alerts feature gives you everything you need to solve that problem by alerting you to things that need immediate attention and letting you deal with the lower priority information when your schedule allows.

New Severity Classification

Alerts are now categorized by severity: Critical, High, Medium and Low. You are able to choose how you want to be notified about events based on what severity level they have been assigned. You can even choose to turn off alert notifications altogether.

SMS Alerts and Slack Integration

When an important security event occurs you want to know about it right away. Emails can get lost in your inbox, even when they’re important. With that in mind we added SMS as a delivery option. For most, text messages do a great job of getting your attention when it really matters.

We’ve spoken to many organizations who, like us, use Slack for team collaboration. Wordfence Central can now send highly detailed information to Slack for your team to act upon.

Here’s an example of a Security Event alert delivered via Slack:

Daily Digest

We’ve also added an optional daily digest, which provides a high level summary of the activity for all of the sites connected to your Central account for the previous day. This is a great way to stay on top of lower priority events and findings without receiving individual alerts for all of them.

Here’s an example of a Daily Digest message delivered via Slack:

We expect a common approach will be to enable the daily digest and disable alerts for low and potentially medium severity findings and events.

Security Events

We’ve enabled a number of new security events that are now viewable via a new “Events” tab in Central. They are:

• When Wordfence is automatically updated, you’ll get a notification when an update occurs. *
• If Wordfence is deactivated. *
• When the Wordfence firewall is deactivated.
• When an IP address is blocked
• When someone is locked out from login
• When someone with administrator access signs in. *
• When that administrator signs in from a new device or location. *
• When a non-admin signs in.
• When a non-admin signs in from a new device or location.
• When someone is blocked from logging in for using a password found in a breach. *
• When there’s a large increase in attacks on my site. *
• When a Wordfence scan stops without completing.

You can also configure alerts to be sent via email, SMS or Slack for events followed by a * in the list above.

Here is what the new events tab looks like:

Getting Started

All of these new features are currently available on Wordfence Central. In Central you will see a new gear icon in the upper right corner that will take you where you can configure Central alerts. Once you’ve enabled alerts from Central make sure to disable them for your individual sites. Simply select “No” for the “Send alerts from individual sites?” option.

You will need to upgrade to Wordfence 7.3.4 (or greater) for security alerts to begin flowing into the new events tab. There are no configuration changes necessary for events to start flowing to Central once you’ve upgraded to 7.3.4.

We’re very excited about these new features and would love to hear any feedback you have in the comments. As always our team is available to help out with support questions on the WordPress.org forums for free users and here on our website for Premium customers.

Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this robust and powerful form builder. James and Mark talk about revenue models that work, how to find new opportunities through market research, experimentation with new products and services as well as learning from your customers. They also discuss how to choose your next project when you have too many ideas, and the new businesses James and WP Ninjas are exploring in eCommerce. It’s a fascinating discussion that will help you think about your own businesses and career in new ways. Enjoy!

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find James on Twitter @jameslaws or at JamesLaws.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.