I’ve been interested in computers since I was a child. When I was around 8 or 9 my uncle brought home an Atari, and we used to play games on it.
Since then, my interest grew, and I got my first computer (Amiga 500+) on which I used to write some basic programs.
Then the PC came (I had a 486 DX4), and then the internet. After breaking my computer too many times, I dropped out of electronics engineering school and landed my first IT job as a software tester at an international software company. 14 years after landing my first corporate job, I founded my own company, WP White Security.
I got to know about WordPress during my last full time corporate job as a product manager at Acunetix. We needed a blog in order to document our research findings and started using WordPress.
Once we got to use WordPress, we noticed that there were a lot of opportunities in the WordPress security industry. Since we were a web application security software company, we even built a WordPress security service called Website Defender. Sadly the product never took off, but I considered it as a good opportunity for me to learn even more about the WordPress ecosystem.
All this was enough to get me hooked and that’s how the idea for WP White Security was born. Since my previous experience was in security, I started WP White Security as a security blog. We also offered WordPress security services such as cleaning hacked websites, auditing source code, hardening the security of WordPress websites and other similar jobs.
Later on, I began learning how to write code and I had the perfect use case: a WordPress activity logs plugin. I’ve always wished that website owners had such a plugin installed before their website was hacked. It would have made life much easier back then!
That was all the motivation I needed to start developing the first version of WP Activity Log. When the plugin started picking up steam we stopped providing security services and fully focused on developing WordPress plugins. The rest is history.
It all happened naturally.
Since my background was in application security, previously I’ve always worked for security software companies. When I discovered WordPress at Acunetix, I saw a good opportunity to get involved and do something on WordPress.
I never really looked at other CMS projects (such as Joomla, Drupal etc.) mainly because it just felt good to do something on WordPress, be involved in the community, and potentially make some new friends, which is exactly what happened.
In my opinion, the strengths of WordPress are:
WordPress’s core is very secure. Most common security issues with WordPress websites are caused by the site owners / admins. For example;
Quite frankly, keeping a site secure is not rocket science. Mostly it is about following some basic security best practices.
I got the idea back in the days when I was cleaning hacked websites. I thought that logs are vital to manage a website, but are also useful during forensic work, where they can help you understand what happened and what was exploited.
Since WordPress does not have any logs, I started developing WP Activity Log. As of today we have six plugins, all of which focus on WordPress security and user management.
WP Activity Log:a comprehensive real time user monitoring and activity log plugin that helps thousands of WordPress administrators and security professionals keep an eye on what is happening on their websites.
Password Policy Manager: this plugin allows you to configure strong password policies for your WordPress website and multisite network.
WP 2FA: a dead easy to use two-factor authentication plugin with which you can harden the security of your WordPress user login within just seconds.
Website File Changes Monitor: a file integrity monitor plugin with an exclusive smart technology that recognizes WordPress core, plugins and themes changes, so it doesn’t raise false alarms of legit file changes.
Activity logs for MainWP: this is a MainWP extension which administrators & agencies use to keep an eye on what is happening on the child sites from one central portal – the MainWP dashboard.
Admin Notices Manager: this plugin manages the admin notices in your WordPress dashboard. The idea is simple, to have a distraction free dashboard and read the admin notices at your own convenience, and never miss an important WordPress core or developer message.
From time to time people ask us why we develop single purpose plugins instead of one “generic” security plugin. One of the reasons is for ease of use. Generic security plugins can be a bit overwhelming to users.
When you develop a single purpose plugin you can specialize in that area and focus on building more robust features, which of course is good for users with specific needs. This is the same with everything else. Let’s use the smartphone camera vs. DSLR analogy as an example; even though nowadays most phones have good cameras, you can’t compare such a camera to a DSLRs, because no matter how good your camera phone is, it will never have the versatility, features and options of a digital camera.
WordPress started as a humble blogging platform, and today it is used for blogs, websites, e-commerce solutions, and also as a backend solution for many web projects.
Its market share is also growing rapidly, so the future is definitely interesting.
The more widely adopted it gets, the more interest there is in it. This means more businesses will invest in the WordPress ecosystem, which typically leads to more innovation, new products and new ways of using it, more integrations and above all, a more secure WordPress.
This year we are focusing on refactoring the core of the plugin and its features. On top of that, being an activity log solution we are also focusing on integrations, something that larger businesses require.
For example writing logs to third party solutions, integrations with solutions such as Splunk, and central logging systems.
On top of that, we also have an interesting roadmap for all the other plugins, especially WP 2FA. This year we will be adding a lot of new features, so stay tuned!