338 – Calvin Alkan on the state of WordPress security plugins. Security mini series 1/4

his is first of four podcast episodes related to WordPress security. For the first time ever, I feel like I need to add some context to the show notes so that you understand the context of what I'm doing here. A little while ago there was some news in the WordPress space about the merits of using plugins for securing your WordPress website. Researchers (Calvin being one of them) had discovered ways in which the effectiveness of the plugins might be compromised. I'll leave the audio (and transcript) of the podcast to explain the technicalities here, but there were several posts on social media which amplified the issue, making it harder to gain an understanding of what happened, and when. I decided to reach out to a number of people to get 'their side of the story'. Also a first for this podcast, I set some ground rules for the interviews to take place: Each participant (there are four in total, one per episode) was told who the other guests were Each participant was told that their episode would not be published until all four recordings had taken place Each participant was told that their episode would be published in a random order What you're listening to today is the first of that random publishing schedule. The other three episodes will come out in the following weeks. This was done to ensure that the guests did not have. a chance to listen to the other participants episode, and therefore had. a chance to 'better prepare'. With hindsight, which was likely overkill as all the guests were very thoughtful and polite. They do in some cases mention rival products and describe areas where they think that errors were made in code and communication. That being said, there was no general sense of mud slinging that I detected. The guests are (in random order): Calvin Alkan - Snicco Akshat Choudhary - Malcare Dan Knauss - iThemes (now SolidWP) Thomas J Raef - We Watch Your Website I'm going to keep my commentary here to a minimum to avoid getting embroiled in the debate, but there's some additional information about what we cover in the show notes of the post.