Hi, I’m Tim Nash
I like to scare people at conferences
I talk (a lot) about WordPress and security as well as subjects like performance and system administration at events and even occasionally on my blog
I am a WordPress security consultant who helps agencies and business owners to secure and scale their websites and processes.

We took an enormous amount of value from the short session and can highly recommend Tim's expertise and approach.

Candle Digital
Let's chat about your security?
Book a FREE 20 minute call with me to see how you can improve your WordPress Security.
(No Strings Attached, honest!)

WordPress Security Consultant, System Administrator & Developer
How many hats does one person need? Tim has certainly tried his hand at most of them. Tim’s background is in both development and security, he has run a development agency as well as developing and managing one of the largest WordPress hosting platforms in the UK. Today Tim is a WordPress security consultant, helping organisations with support, consultancy, training in WordPress security and WordPress hardening.
Part of the WordPress community
Tim has been actively involved in the UK community since, well, there has been a UK community. He has helped organise WordPress Leeds, the oldest User Group in the country, for over 10 years. He is one of the admins for the WordPress Community UK Slack group as well as having spoken at nearly every UK WordPress User Group.


Tim Talks a lot at conferences and at smaller user groups
While normally focusing on WordPress and Security, his topics have been pretty varied, from testing methodologies through to robbing banks. His talks tend to be entertaining and informative. His goal is to make things accessible but also to make it easy for people to research.
Tim is nearly always happy to come and talk to your group or conference; for information, see his Speaking Page.
Helping you and your customers stay safe
WordPress Security Consulting Services
- Power Hour Consulting
-
Want to get expert advice on your site's security? Whether you're dealing with a hacked site or looking to future-proof your security, Tim will provide personalised guidance and answer any questions you may have. A power hour call is an ideal starting place for a project or a way to break deadlocks in complex problems.
- Site Reviews
-
Want to feel confident about your site's security and performance? A website review from Tim has got you covered. Using a powerful combination of automated and manual testing to analyse your site for any potential vulnerabilities or performance issues. With a comprehensive report and, importantly, recommendations for each action required.
- Code Reviews
-
Is your plugin or theme code secure and performing at its best? Tim provides a comprehensive code review, that combine the power of manual and automated testing, as well as a line-by-line analysis of your code base. With actionable insights, to help you optimise your code's security and performance.
Or let's chat about your security?
Book a FREE 20 minute call with me to see how you can improve your WordPress Security.
(No Strings Attached, honest!)
“I hired Tim to do an audit on one of our most popular plugins, not only was this one of the best business decisions I have made. It was an invaluable experience and one I would highly recommend to any other plugin/theme developers. The takeaways from this have been super beneficial to my business (both in coding and business) and I now have the confidence to grow and take it to the next level!”

“Our team have built countless WooCommerce sites but this was our first foray into releasing a product and we wanted to be sure on the code quality, scalability and security of our code. Tim was thorough, detailed and exceptional at walking us through the issues in our code. For me what was more important though, was that he did so in a very kind and insightful way that motivated the team, improved the plugin but also helped us implement tools and processes into our workflow that has benefitted us across the board in all work we do. I could not recommend this service more highly and I wish we'd done it sooner!”


The curious case of the funny admin
Uncover the Hidden Threat
Ever had that unsettling feeling that something's not right, but can't put your finger on it? Discover how Tim, worked through the case of a compromised site.

Tailscale & Caddy for better admin security
We did DNS and survived
Securing a web app admin area, by combining Tailscale with MagicDNS split DNS feature, Systemd-resolved and Caddy.

Is this thing on?
Quick update from Tim
It's been so long since I have updated people on what I am up to. So I thought it would be simpler to write a quick post. That was in March... Well maybe I should post it!

Humans Get Hit by Buses
Embrace Automatic Updates
Automatic updates don't need to be feared both in terms of their reliability and their jobs they are a tool and one you should embrace.