Security is one of the most discussed topics in the WordPress industry. Today, we got the opportunity to speak with Robert Abela. He is the founder of WP White Security, developers of WP Security Audit Log and several other WordPress admin and security plugins.
Cloudways: Thank you, Robert, for joining us. Please share your story from before you stepped into the world of WordPress development with our readers.
Robert: I was always fascinated by computers. The first computer I saw and used was my cousins’. I was around 10 years old. They had an Atari. We had to wait around twenty minutes for a game to load from a cassette. Try to explain that to today’s children!
My first computer was an Amiga 500+. I got it as a present when I was 12 or 13 years old. On it, I learned how to write a few simple BASIC programs and learned about the concept of databases, arrays, data, etc. Fast forward a few years, when I was 20 I was given the opportunity to join an international software company in Malta as a software tester.
At that time I was studying industrial electronics. However, such an opportunity was very rare back then. So to my parents’ disappointment, I dropped out of school and started my career in IT.
Throughout my corporate career, I have held quite a few different roles. I have worked as a software tester, systems engineer, researcher, sales engineer, project manager, product manager, and also as a VP of marketing.
Cloudways: How did your journey start with WordPress?
Robert: I found out about WordPress in 2012. I was working for a web security software company and we needed a blog. After a bit of research, it was obvious that WordPress was the most popular and supported blogging platform.
Cloudways: What inspired you to build the activity logs plugin? What challenges did you encounter in the early stages of development?
Robert: Back when we started using WordPress there was very little awareness about security. There were only a handful of security plugins and most website owners were not aware that they should do something to protect their website.
I felt there was an opportunity and I was happy because finally, I could use my 14 years experience of working in security software companies to my benefit. After all, at that time I was already contemplating leaving the corporate world. So I decided to freelance; clean hacked websites, and do consultancy on the side.
When I left my job reality hit me; things were very quiet! I kept myself busy with setting up the WP White Security website, as a security blog, and also reading.
I also decided to develop an activity logs plugin – WP Security Audit Log. Every multi-user platform should have some sort of logs.
It took me quite some time to develop the first version of the plugin. I can read and write code, however, I am not a developer. So the first challenge I had was to find a developer who could commit and keep developing the plugin while the demand grew. It was difficult because the budget I had for this hobby idea was very little, so no one wanted to commit.
Meet 25+ WordPress Stars and Read Their Success Stories.
Cloudways interviewed these people to help you succeed in the WordPress world too.
Thank You
Your Magazine is on its Way to Your Inbox.
Cloudways: Besides development, what were the other challenges you faced while building your business?
Robert: The biggest challenge I’ve dealt with was for me to join the business full time. Most developers start the plugin as a hobby, and when there is enough revenue, they switch full time. Though, I am not a developer. So when the plugin was generating enough revenue, I hired a full-time developer.
During the first five years, I was also doing consultancy, on a freelance basis. This phase was very hard because I had two full-time jobs; I was clocking eight to ten hours a day for my freelance customers, and another five to six hours for the plugins business, which back then generated more debt than revenue.
Only in 2016, the plugin business generated enough revenue to pay for a full-time developer and did not suffer any losses. I joined as a full-timer in March 2018, six years after I started this adventure. It was a long and difficult road, but if I had to, I’d do it again!
Cloudways: Being a security professional, in your opinion, what are the most common security mistakes people make on their WordPress sites?
Robert: I think the statistics say it all. The biggest mistakes people do when running a WordPress website are:
Not keeping their software up to date (this applies to all the software and not just WordPress core, plugins and themes)
Using weak credentials / easy to guess passwords
Not following basic security practices, such as; only install plugins that you need, change the defaults, always encrypt communication (SSH / HTTPS / SFTP, etc)…
Cloudways: Our readers would love to get some security tips from the professional himself. Please share a few.
Robert: There is a lot that you can do to keep a WordPress website secure, especially as it grows and multiple users maintain it, and it has subscribers, members, and customers. However, the basic security best practices always to everyone, regardless of the size of the website.
- Keep all software up to date.
- Use strong passwords and implement two-factor authentication.
- Use secure and encrypted channels (SSH, SFTP, etc).
- Enable any type of possible logging and activity logs.
- Implement a file integrity monitoring solution.
Cloudways: I personally read and enjoy content from the WP WhiteSecurity blog. Tell us a bit about it and is there any other project you’re working on?
Robert: WP White Security started as a side project. My aim was to help people secure WordPress websites, clean hacked websites, and run a WordPress security blog. However, it was put on the back burner to develop the WP Security Audit Log plugin, for which we had a very positive response.
In the last two years, WP White Security has been revived as a WordPress security and admin-plugins development company. Last year we released 3 new plugins and right now we are working on another two plugins.
Our aim is to develop high-quality single scope WordPress security and admin plugins. For example, instead of developing an all-rounder security plugin, we developed a specialized activity logs plugin, a specialized file integrity monitoring plugin, etc.
Cloudways: With over 100K active installations, WP Security Audit Log is a popular plugin among WordPress users. What future plans do you have for this project?
Robert: The roadmap is very long! This year we are focusing on:
Enhancing the current features and making them more robust: rather than introducing new features, we are revisiting all the existing features and improving them, so they can work on much bigger websites and run more efficiently.
Partnering with other plugin developers to improve the activity log coverage: we are often asked if our plugin keeps a log of changes that users do in plugin X or Y. So we are working closely with other plugin developers to develop the activity log sensor for their plugins. For example, we already have activity logs for WPForms, Yoast SEO, MainWP and WooCommerce. Many more will follow soon.
Cloudways: There are many options to choose from when it comes to picking an activity log plugin. Can you help our readers in choosing your plugin by sharing the distinct features WP Security Audit Log plugin offers?
Robert: When it comes to logs or activity logs, there is never enough information. So the more information the plugin can record the better. Therefore the most important features in an activity logs plugin are the detail of the logs, and coverage (what changes can the plugin keep a log of).
And our plugin is mostly known for these two qualities. It has:
a) Comprehensive activity logs; the plugin does not just keep a log about a post or user profile change, but it actually keeps a log of what has changed in the object. For example, it will keep a log if a user changes the URL, content, date, author of a post, or the display name, role, password and email address of a user profile.
b) Coverage; WP Security Audit Log keeps a log of more than 400 changes that users can do on a website, and this list is ever-growing. Check out the complete list of activity log event IDs! Isn’t that impressive?
The plugin also has a suite of key tools that help site owners build a complete logging / IDS / IPS solution. You need these tools because keeping a record of changes is just getting started.
You also need the right tools so, for example, you are notified when there is something suspicious in the logs. So our plugin has features like instant SMS & email notifications, with which you can be instantly notified of critical changes on your website. It also has a suite of tools to help you manage the activity log databases, create any type of report, search and filters and much more. The list of activity log plugin features is a highlight of all the other features our plugin has.
Cloudways: WordPress is a community-driven platform. What do you think about attending WordCamps and local meetups?
Robert: I love both WordCamps and meetups. I’ve been to almost all WordCamp Europe events and volunteered in some of them. I have also helped organize WordCamp Edinburgh and was an active member of the Edinburgh meetup until I moved to the Netherlands. We are now kind of settled in the Netherlands, so it is time to hit the local meetups.
I’ve made a lot of contacts and friends through WordCamps and meetups and can’t recommend them enough. They are good for business, but even better for self-development, learning, and making new friends!
Cloudways: What do you enjoy doing when you’re not working?
Robert: I love mountain biking, jogging, hiking, camping, and any other type of outdoor activities. I also love spending time with my children, so when I’m not busy at work, I am either doing something outdoors or trying to convince my children to do more outdoor activities.
Cloudways: Finally, who would you like to recommend for our next interview?
Robert: I’d recommend Jared Atchison, the co-founder, and CTO of WPForms. I’ve worked with Jared on the integration between our plugins. He was very easy to work with and has a very successful business. I also think that we share very similar values of how a business should run.
Ibad Ur Rehman
Ibad Ur Rehman is a WordPress Community Manager at Cloudways. He likes to explore the latest open-source technologies and to interact with different communities. In his free time, he likes to read, watch a series or fly his favorite Cessna 172SP in X Plane 11 flight simulator.
