“People Are and Will Continue to Be the Biggest Security Issue With WordPress.”, Dre Armeda Discusses WordPress Security

by Mustaasam Saleem  September 8, 2017

WordPress Security expert Dre Armeda of Sucuri lives in Los Angeles. He was an Informational Technologist at US Navy for more than 11 years. He left the US Navy and co-founded Sucuri, a well-known WordPress security firm. Later on, joined WebDevStudios, where he played a role of CMO. After 2 years of working at WD3, he joined back Sucuri as the co-founder and director of business development.

His expertise includes entrepreneurship, marketing, branding, and everything that relates to WordPress and its security.

Dre Armeda of Sucuri

Without any further ado, let’s dive into his career transformation from a navy officer to the entrepreneurship.

Cloudways: Dre, would you start by letting us know a bit about yourself? Who were your mentors or inspirations during your early career stages?

Dre: Sure. I am a geek at heart. I have been since I can remember. It probably really started when I got my first computer when I was younger. It was a Tandy 1000 and I couldn’t get enough of it.

By the time I finished high school I knew I wanted to be in the technology space and I ended up spending 12 years in the U. S. Navy as an Information Technologist working on networks, satellite communications, encryption and even spent a good amount of time building my own personal computers.

As I grew away from the military I was really immersed in information security and the Internet work. I had great mentors in my military leaders and if I had to thank one person for really carving a great direction for me that would have to be Senior Chief Donald Henderson. That man helped me learn a lot about managing projects and people and was my foundational inspiration. He taught me how to lead.

Cloudways: You were the CEO and co-founder of Sucuri for more than 5 years, then joined WebDevStudios and again you decided to join Sucuri. How was the journey at WDS and what made you switch back to Sucuri?

Dre: The early days of Sucuri were fun in a weird kind of a way. The life of a start up is a grind. It’s painful and challenging, and not for the weak at heart. I enjoy the early stages of building a meaningful, problem-solving service.

Sucuri was in a great place when I stepped down as CEO and there was great leadership in place to continue scaling the company. I was good with a shift in my every day so I moved on.

Before Sucuri, Tony Perez and I had founded a small WordPress agency named CubicTwo. I was always interested in the ability to take an idea to architecture, then to market, then to scale. The agency space was interesting but as we saw Sucuri skyrocket because of the value it was providing, it made sense to focus our efforts and close shop on the agency. That interest never went away for me so when I had the opportunity to partner up with the great folks at WebDevStudios, I jumped at the idea.

I spent two years on the leadership team at WDS and it was a wonderful experience. I helped clean up the brand and marketing efforts over my time there and we had a lot of great things come from our work together. What I found though, was working in a bigger agency like WDS wasn’t really suited for my long-term objectives. Certainly, the scale of projects was great but it wasn’t providing a service like Sucuri, and I grew distant from the mission. My head was still in the software as a service space so I moved on.

It was easy to see that Sucuri was home and shortly after my departure from WDS, I rejoined Sucuri which brings us to today.

Cloudways: There are a lot of CMSs available in the market when did you first discover WordPress? What were the main reasons for pursuing the career as a WordPress developer?

Dre: There were a lot of options back in 2003-2004 which is when I first decided to start using WordPress. As a side gig, while I was in the Navy, I would create graphics, branding, print materials and more. At one point I was using static HTML and CSS to manage my portfolio and that became very challenging to scale, so I set out to find something that was database driven and easy to manage.

After testing various platforms, the choice was easy. WordPress was the way to go. It had the support on the forums to help a newbie like me start from scratch, install the software and supporting plugins, and also work on customizing my own theme. By the end of 2004, I launched my first database driven website running WordPress, and subsequently, I had launched my first WordPress theme.

Cloudways: WordPress core is not much known for its speed. What best practices you think could be used to improve the speed of WordPress?

Dre: Don’t hack core, naturally. Keep database queries to a minimum. Serve optimized files. Cache all the things. We have an idea of what we should be doing, but we’re geeks, you know? I think for the layman it’s harder to understand what may help them improve performance.

A shameless plug for our protection and performance platform is coming, so prepare. 🙂

I am a huge fan of caching and content distribution. I think it’s a no brainer, whether the site is small or large. If used correctly, it will likely help you. And if not today, it certainly will as your site scales. We have this dialed in. The Sucuri Firewall comes with a CDN and caching that rivals any other service or product on the market. Do you want performance? Start there. It won’t only serve to improve WordPress speed but will protect you from attacks along the way.

Cloudways: Since you are a security researcher, you must know that WordPress security is always an issue. What are the key points to secure a WordPress website? What are your favorite plugins for security?

Dre: People are and will continue to be the biggest security issue with WordPress. People get really caught up with the best plugin for security when that’s not really the way to look at it. The better way to look at it is by asking yourself if you’re doing all the things you’re supposed to be doing in a more secure way. Am I doing things to reduce the risk and reduce the risk for my visitors? Technology could be part of that, but so are people and the processes you implement. We have to start by thinking about security in terms of risk reduction. Once we understand our highest risks, we can then prioritize and reduce the risks that are the most severe.

I like to take the approach to block all, allow only the things and the people that really need access. We know people are our biggest weakness, so we need to reduce their ability to destroy things. This goes for password management and having strong password requirements, not just access control.

Another thing I like to do is use the Sucuri firewall to check all inbound traffic before it hits my environment. First, this provides me a mechanism to block attacks against known vulnerabilities so in the event a new WordPress version is released and I am not auto-updated, I can rest assured that I am protected. Second, it gives me the ability to block access to wp-admin and any other pages that someone outside of my team shouldn’t be accessing. This helps with brute force attacks and reduces server load because those requests never happen in my environment. The last point I’ll touch on, although not the only other value in using the firewall, is the strength it provides in blocking denial of service on my availability.

In a nutshell, reduce access, stay updated, use strong credentials, and monitor the site for issues. We need to think about actions in reducing risk rather than throwing yet another WordPress security plugin to “secure” sites. In fact, it may add more issues than you think.

Cloudways: Dre, you are one of the core contributors of WordPress. Since WordPress 4.8 is now available, what were your recent contributions in its core? What are the features of WordPress 4.8 that you are excited about most? If you get a chance to add a new feature to WordPress core, what that could be?

Dre: To be fair, I have not contributed to the core in a number of years. There may be a tiny bit of code I helped with in there somewhere but it’s hardly anything to speak of.

4.8 was exciting for me mostly because of the new widget capabilities. I think the widget area has needed love for a long time and images/videos specifically are very useful for me as I think they are to many others.

I would love to see continued efforts to allow site administrators the ability to build in password requirements for users. Being passwords are one of the biggest attack points across the Internet, it would be great to see WordPress enhance password management further.

Cloudways: You’ve attended many WordCamps. Would you like to explain your experience to our readers? In what ways WordCamps benefit the WordPress community? Who do you consider to be your best friends among them?

Dre: I love WordCamp, and the feeling of awesome you get from attending. The speakers, the interaction, it’s all great for the overall WordPress community and helping introduce new people to it. I think you stand to learn a lot more by being part of the community than going at it alone, WordCamps I think help bridge connections across the WordPress ecosystem that you don’t see in other communities. Everyone literally has direct access to everyone, and that can be very powerful.

I have probably attended well over 100 WordCamps at this point and have met thousands of people throughout the years. I have made a ton of friends at these events, or put the name to the face with people that I only knew online. It’s hard to give you a list of names honestly, I would feel bad leaving anyone out 🙂

Cloudways: BuddyPress community is not much active like other WordPress communities. What do you think are some of the major reasons behind this? What would you suggest to grow the BuddyPress community?

Dre: I think BuddyPress, even as powerful as it can be, is still very niche. How many people out there are really looking to build on a social platform? I think there are many uses for it, but the audience is very limited publically, especially when you consider the amount of popular social platforms in existence today that can be leveraged for their huge audiences.

The more practical use is for teams and internal communities I think. A strong play could be within large educational institutions and the enterprise. I would focus on enhancing features that appeal to these audiences and then look to expand reach.

Cloudways: Dre, you’ve worked very hard throughout your life. Would you like to tell about your interests other than professional work? What do you do in your free time?

Dre: I spend a lot of time with my girls, I am married with 5 daughters. They are pretty amazing and I cherish every moment we can spend together. They are my priority.

My two main hobbies of many are Jiu Jitsu and offroading. I spend quite a lot of time training Jiu Jitsu and competing for a few times a year. I also spend a great deal of time out on the trails with my Jeep and crawling really crazy big rocks.

Cloudways: You were an Informational Technologist at US Navy for more than 11 years. How much that experience helped you in your current career?

Dre: The military as explained in an earlier question is my foundation of experience. Not only did it provide a means for me learn discipline and how to honor my commitments, it gave me the ability to practically apply my technical skill sets. I wouldn’t be here today if it weren’t for my tenure in the U.S. Navy!

Cloudways: For achieving the optimal performance with a WordPress install, it is essential that users deploy their websites on the cloud as it offers reliability and security. What are your views on hosting WordPress on Cloud? Do you think the next generation in hosting is Managed Cloud Hosting as the one offered by Cloudways?

Dre: It really comes to quality of service in the end. Whether it’s cloud or the next best architecture.  I am looking for a few things when I go to build a new WordPress project. There needs to be the ability to scale with strong performance all wrapped with smart security. If the quality of service and those attributes are inconsistent, it won’t work.

“I think Cloudways is doing a wonderful job of marrying all of those attributes into a viable, long-term solution for customers.”

Follow Dre on Twitter.

Just to acknowledge our readers, can you please send us an image, What does your desk or workspace look like? 🙂

Sucuri - Dre Armeda

Start Creating Web Apps on Managed Cloud Servers Now!

Easy Web App Deployment for Agencies, Developers and E-Commerce Industry

About Mustaasam Saleem

Mustaasam is the WordPress Community Manager at Cloudways - A Managed WordPress Hosting Platform, where he actively works and loves sharing his knowledge with the WordPress Community. When he is not working, you can find him playing squash with his friends, or defending in Football, and listening to music. You can email him at mustaasam.saleem@cloudways.com

Stay Connected:

You Might Also Like...