Security Enthusiast Robert Abela In an Exclusive Interview with WPblog
We are back with our interview series and this time we have Robert Abela, the founder of WP White Security, a WordPress plugin development company that offers high-security plugins to different clients, with us to answer interesting questions about WordPress, his work, and his personal life.
Robert has done some amazing work in the WordPress community and to know more about it, we sat down with him for an exclusive interview with WPblog.
WPblog: Before we start with the interview, can you introduce yourself… on VIDEO!
WPblog: Hey, Robert, it’s an honor to have you on our Interview series. Hoe is het met je?
Robert: Goed, dank je wel! Exciting and very busy times at WP White Security. We are currently working on a lot of projects, including planning some new plugins. Being busy is definitely a good problem to have.
WPblog: So what’s your story? Can you give our readers a deeper look into your life (if they don’t already know) and how you ended up creating your own company?
Robert: I was always interested in computers. So when the opportunity to work as a software tester presented itself, I dropped out of school and took the job. My parents were not impressed!
When I started I didn’t even know what an IP address was, so I attended a few part-time courses. The courses were useful, however, I’ve learned most from the hands-on experience at work. At my first job, I worked my way up from software tester to Lead Systems Engineer in about 5 years.
I consider my first career stint as the most valuable. I’ve learned a lot about networks, the internet, and security. As a systems engineer, I’ve also dealt with every department, which gave me a good overview of how a software company functions.
After leaving my first job I worked for several other security software startups. I’ve worked in R&D, and as a project manager, product manager, sales engineer, and CMO. My last corporate job was as a product manager for Acunetix, a web security software vendor.
At Acunetix I’ve learned about WordPress. During the same time, I’ve also met Jean Galea, the owner of WPMayor. He encouraged me to go solo and do something with WordPress, and that was all the encouragement I needed.
I started WP White Security in 2013, as soon as I left Acunetix. Since my background is in security, I started WP White Security as a security blog and as a WordPress security services company. We used to clean hacked websites, harden the security of WordPress websites, do source code audits, etc.
However, providing services is not my forte, and not something I like either. I had more than a decade of experience in software companies. So naturally, I wanted to sell software.
I started learning how to write code and I had the perfect use case: a WordPress activity logs plugin. I’ve always wished that the website owners had such a plugin installed before their website was hacked. It would have made life much easier.
So I started developing the first version of the WP Security Audit Log. When the plugin started gaining popularity we stopped providing services and focused on developing WordPress plugins. The rest is history.
WPblog: Robert, you founded WP White Security in 2013. Can you describe in detail what your company does and any big-name clients you’ve served?
Robert: We develop high-quality niche WordPress security and admin plugins to help administrators better manage their websites and users, and keep them secure. At the moment we have four plugins:
WP Security Audit Log: this is our flagship plugin. It keeps a log of changes users do on your WordPress website and multisite networks. What really differentiates it from the other activity log plugins are the comprehensive logs and the broad coverage. For example, our plugin does not just keep a log of a post change. It keeps a log of what actually changed in the post, if it is the URL, content, author, categories, tags, status, etc. The plugin also keeps a log of changes done on third party popular plugins such as WooCommerce and Yoast SEO.
Password Policy Manager: with this plugin, you implement strong password policies on WordPress websites. We developed this plugin because there is no security software that can protect your website from users’ weak passwords. With this plugin, you can easily implement password expiration, history, length and complexity policies that your users have to adhere to.
Website File Changes Monitor: this plugin checks WordPress websites for file changes and alerts you if there are any. This plugin addresses a problem almost all other file integrity monitor plugins have: false positives. Many WordPress users are not tech-savvy, so if their file changes plugin alerts them that tens of files have changed (because of a plugin update), or that a log file was created, they panic. Our plugin hooks into WordPress and can identify site structure changes, including WordPress core updates, etc. So it adequately alerts the user of such changes, rather than raising false alarms.
Activity Log for MainWP: this is a MainWP extension that works with WP Security Audit Log. It allows users who manage multiple websites via MainWP to view the activity logs of all child sites from one central place; the MainWP dashboard. It also keeps a log of changes that happen in the MainWP network and dashboard.
From the plugins’ description above one can’t help but notice that we do not use the words high-quality plugins just as a marketing slogan. We actually mean it; we take pride in our work and develop solutions that address real user issues. We do not cut corners. In fact, we are proud to see our plugins used by many world-renowned businesses and organizations such as Amazon, Nasa, NATO, Disney, and Bosch!
WPblog: So WP White Security has 4 plugins that it offers to its clients. Which one was the most difficult to develop? Which one is your favorite?
Robert: WP Security Audit Log is by far the most difficult plugin to develop and test. The plugin has hundreds of different activity log event IDs. So one small change in a sensor file can easily break the functionality of some specific logging capabilities.
Therefore before every release, we do rigorous testing to ensure all activity log sensors are still working. In other words, we check that the plugin detects every change it is supposed to detect and report. Most of these tests are automated. We use an even more complex testing framework that we have built over the years. The framework also checks the results and reports any bugs it identifies.
Even though WP Security Audit Log is the most difficult plugin to develop, it is also my favorite. It is the first plugin that we developed, the plugin that has put WP White Security on the WordPress map.
WPblog: Tell me, Robert, if you were a WordPress plugin, which one would you be and why?
Robert: WPForms. I like how the developers created their own UI, totally different than the WordPress look & feel yet it is damn easy to use.
What are some resources or books that you read and communities that you engage in to learn more about WordPress?
I follow WP Security Bloggers, a curated aggregate of WordPress security news. It is one of my side projects. The idea is to follow one curated source of security news rather than having to follow several individual websites.
I also like to attend WordCamps when time permits. The WordPress community is very open and friendly, so for me, two days at WordCamp are like one intensive session of updates on WordPress, and of course, a lot of fun!
WPblog: There are so many great CMSs out there. Why did you choose WordPress?
Robert: I did not choose WordPress. I got to know about it at work and gradually started working on it out of own interest.
WPblog: Could you give our readers one great WordPress tip? (Okay fine, it’s for us, but our audience is going to benefit from it as well so it’s a win-win.)
Robert: It is not complicated to keep a WordPress website secure. Yes, there is a lot that you can do in terms of security, especially on big websites. However, for those who are just getting started and maybe do not have enough resources, starting with the basics should have you covered:
- Choose a reliable web host (ideally managed WordPress web host),
- Only install reputable software,
- Keep your computer software, WordPress theme, plugins and core up to date,
- Use strong passwords (save them in a Password Manager).
WPblog: Do you think there is a threat to WordPress from “competitors”?
Robert: If there is another solution that is in close competition with WordPress it is good. I think competition is needed for a project to keep on innovating.
Gutenberg is becoming an old story now, but it’s still important to know: what do you think about it?
We developed a sensor for Gutenberg in our activity log plugin before it was included in the core. We use it and I think it is great!
WPblog: There’s a lot of talk about cloud hosting in the WordPress industry. What do you think is the future of hosting websites? And what’s your favorite hosting solution?
Robert: Many web hosts started utilizing the cloud before the term cloud was popularized. Managed WordPress hosting is a type of private cloud hosting. Also, many web hosts are already utilizing the cloud to provide more out of the box services, so you do not have to install additional plugins. Services such as server-level caching and redirects, online backups, staging websites and more. I guess we are already in the future!
I’ve used a lot of web hosts and I’ve written on most of them on our website. In general, I like what I see. However, our websites are hosting on Kinsta and WP Engine.
WPblog: What’s your secret to a successful WordPress career?
Robert: Learn, create the opportunity, work hard and contribute back. As Arnold Schwarzenegger says, there is no magic pill, just work your a** off.
Marvel or DC? Believe it or not, if it wasn’t for my brother-in-law I wouldn’t even know what these are. I do not watch a lot of movies.
Dog or Cat? Dog, but I have a cat (family feuds…)
Game of Thrones or Breaking Bad? The big bang theory
Twitter or Facebook? Twitter
WPblog: We’re fascinated with how the workspaces of people powering the internet look like. Please show us your work desk. No changes, no cleanups. 😉
Robert: It’s quite messy!
WPblog: Lastly, who would you nominate for our next interview?
Robert: Ryan Dewhurts from WPScan. I’ve known him for years. He is relatively new to the WordPress scene, but well known in the web application security industry. He’s done some great work!
So that concludes an amazing interview with Robert Abela. We would like to thank Robert for taking so much time out of his busy schedule and answer our questions.
We’ll be back next week with another amazing interview but we won’t disclose the guest, it’s a surprise 🙂
Create Faster WordPress Websites!
Free eBook on WordPress Performance right in your inbox.
Create Faster WordPress Websites!
Free eBook on WordPress Performance right in your inbox.