You know when you have that nagging feeling you have forgotten to do something?
The oven is off, you haven’t left the door open,and you child is in front of you, so you haven’t left them at school…
And yet, something hasn’t been done.
I went to give someone my site URL to talk about some recommendations for WordPress updating practices, and it hit me. That nagging feeling.
I haven’t written anything here in a long, long time.
So this is a bit of an update about what I’ve been up to, what services I offer (there’s a small sales plug), and my future plans.
But if you don’t know me, my name is Tim. I’m a security consultant who specialises in WordPress, with a background in development and system administration. I provide training and services to make your organisation safer, and to help you prevent malicious actors from harming your livelihood.
Where have you been?
The last update post I gave was in November 2020. I had just left 34SP.com, and really, at that time, I wasn’t actually sure what I was going to do; we were mid-pandemic and there was lots going on with the world.
- I started writing a book, a copy of which has been in a draft state ever since. It’s still something I want to do and I still feel there is a niche for it but I have been pondering alternatives to a big heavy tome 500+ page book.
- I ran my Hacked Workshop for the first time in 2021 to the general public and it has been repeated for some agencies since then.
- I took on some contracting work.
- I started to refine my offerings and services, to find what I enjoy.
Unfortunately life in a global pandemic means curve balls and unfortunately I had to take time off to look after family and then myself.
It’s only been the last few months I have been able to truly regroup and start thinking about the future.
Where are you at?
Over the last couple of years, I have found that the core of what I want to do is teach and help individuals and organisations develop skills.
This is what I am passionate about, helping people build out their processes and discover the tooling and skills needed.
Today I have 3 main “products”
Power Hour
My Power Hour slots have been available since 2020; a cheesy name but I think it is a great, simple consultation offering. As the name suggests a Power Hour is an hour-long meeting where I answer questions for an hour or so on topics of your choice. At the end of it we come up with some notes and actions for you to take away. Topics are varied. People tend to come for a Power Hour either because something has gone wrong or they are in a good place and the basics are done so are looking for advice for next steps.
Some examples of topics I have covered with clients:
- Setting up monitoring for security breaches
- Automation testing
- Fixing hacked sites
- User management
- Multi Factor Authentication roll-outs
- Infrastructure
- Backups
Sometimes the questions are very specific; we have x and y and we want to get to z, what’s the path? Other times it’s a more free-flowing conversation.
For me the goal is to provide insight, reassurance and, above all, actionable points.
Power Hours are booked in advance (often can be the next day) through Calendly. If you really need help right now, I have a same day Emergency Power Hour, it is slightly more expensive but we can be on a call within the hour. I ask for some basic information on the topics and if you have specific questions, telling me ahead of time really helps.
The price for a power hour is fixed at £150 (Roughly 185 USD depending on conversion rate) or £250 for the Emergency Power Hour..
Site Reviews
My site review offering has changed over the last few years to a more rounded product. The focus is on security but it covers other aspects as well.
It starts with a discovery call, where we go through the site, the goals and reason for the review, areas of particular interest, and a general discussion about how the site operates and is used.
Next is a testing phase; this covers automated and manual testing, looking for potential vulnerabilities and other areas of concerns, including:
A general site health check which includes security, performance and a general “how healthy is the site”, for example is it generating lots of errors, is there a lot of complexity.
A custom code audit, with particular attention paid to custom code, be it plugin or a theme. While not as thorough as a Code Review (see below), custom code is manually reviewed and issues identified.
Once the review is completed, a document containing the findings, the health report and actionable steps is created. Every issue comes with a recommendation and remediation steps along with next steps.
The final aspect is a meeting to go through the report and for stakeholders to ask questions. This meeting can be a singular event or split between management and technical implementation.
I really like the fact that Site Reviews provide advice across the board and that any website will benefit from such a review. Agencies that have a “standard” template can use the information from the review across all their sites while individual sites gain insight that can often only come from an external source. It’s important to emphasise this is not a critique, you are not being graded, rather being provided with a working partnership to help get the best out of your site for your organisation and your visitors.
Site Reviews start at £1250 for sites without a payment or membership aspect and £1950 for ecommerce based sites. If you are interested do get in touch via the contact form.
Code Reviews
The third main product is my Code Review. These are aimed at theme and plugin developers and primarily, though not exclusively, are for companies who sell or distribute their products.
Like the Site Review, the Code Review starts with a discovery call to talk about the product, the goals and reasons for the review, and any specific areas to focus on.
The Code Review is a combination of automated testing (including load testing and static analysis), reviewing the workflows and data flows of the product, and a manual review which includes a line-by-line review of the code. It might be old fashioned but it works.
The result is a report that is split into a traffic light approach with high, medium and low items. For each issue raised, an explanation of why it is a problem and possible solutions which can range from using a specific function to suggestions on reworking a particular process or flow.
By its nature, a Code Review is technical in its nature, so where needed a summary of the report designed for non-technical users is also available which covers the general health of the product and details of the work-level required if remediation is recommended.
The review document is followed up with a meeting to go through the document findings and discuss the best way to implement any recommendations.
Code Reviews start at £1250 If you are interested do get in touch via the contact form.
Where are you going?
So what does the future look like?
Well, I miss writing content and presenting, and from the occasional very kind souls who get in touch so do at least one or two other people.
So I’m pleased to say I will be at WordCamp Europe in June giving a talk on the art of the code review. If you will be in Athens for the conference I would love to say hello to you.
I’m also looking for other events to speak at, so if you have an event you think would be a good fit then get in touch.
I’m intending to restart my newsletter “Random Mutterings” though maybe in a slightly different format and perhaps a better name (Babs: I like that name). If you are not already, you should subscribe, I really try to avoid it being a sales pitch and instead each issue, I think, brings value and interesting diversions to your day.
In addition, content on TimNash.co.uk will start to appear, I have a lot of things on my mind recently and getting them onto “paper” should hopefully provide some interest to you, dear reader.
Finally, while the original idea of publishing a book never fully materialised, a lot of content did, and a lot of ideas surrounding it. So instead of creating a singular book I have been looking at reworking and creating smaller packages of guides/videos. The first of these is “Confidently Cleaning a Hacked Site”, which builds on the Hacked workshops, the book and my own experience fixing hundreds of hacked sites. This will be released in the near future; I know I have already said it, but subscribe to the newsletter for details and some of the resources that won’t have made it into the guide..
All this is to say hopefully I’m back and you will see more content from me.
One thing that I haven’t covered is getting hold of me, you might have noticed I haven’t tweeted, tooted or used social media for the past couple of years, and at least in the short term that won’t change. I might push content out on these channels, but for now I’m just going to concentrate on sharing content via channels that I manage, so here & my newsletter. If you want to get hold of me you can find me:
- Via Contact Form
- Email hello at timnash.co.uk
- If you are part of the WP UK WordPress slack or the Big Orange Heart Slack you can find me on both.
Stay safe everyone and I look forward to the remaining part of 2023 and beyond.