Pressing Forward – Random Mutterings

DevOps | General | Security | WordPress

Did you know I have a totally awesome newsletter?
No. Oh well I do and some folks are not subscribed! I know I was shocked to discover this. When I asked why, a few suggested it might be because they didn’t know what they might be getting in there inbox. This is a totally sensible reason so I present for you, the March 2020 issue of Random Mutterings. So how do you get Aprils and beyond? Well I suggest subscribing.

Fancy reading email from Tim?

Usual Disclaimer bits, putting in your email means I will spam you forever MUHHHHHAAAAAA!!!
Alternatively, subscribing means I will send you occasional emails about what I’m up to and cool stuff I want to share with you. I won’t sell your information, and the emails will be sent via the MailChimp platform.

Welcome back to another Random Mutterings newsletter.
You are awesome, in part because you subscribed this clearly shows awesome character.
If you don’t want to receive these newsletters, you can totally unsubscribe at any time. I only want you to have these in your inbox if you want them.
Now on with the newsletter.

Highs and lows but pressing forward.

After the terrible start to the year, February seems to have been quite quiet and instead I have been focusing on writing and a bunch of small projects.

Early Feb saw myself and my colleague, Kayleigh, both take to the stage for WordCamp Glasgow and you can read Claire Brotherton’s write up including her saying nice things about both my and Kay’s talk.    

This month I took a break from my Back to Basics security series and instead focused a little bit on how I have been building my site and, the biggest bit, the philosophical shift in my mentality towards it. You can follow along with:

I also wrote a post on a simple thing but a weird “bug” that meant my Mac was constantly trying to apparently reboot while it was locked. 

Finally, I wrote an appeal for WP&UP and I just want to take this opportunity to say thank you to everyone who read it, the post helped drive donations and I would like to think also opened some conversations and doors, though it was not without controversy.  

? What have I been reading?

Hopefully a bit of light reading and some not so light reading for all:

System Administration and System Productivity

WordPress & Web Development

Writing and content production

Human Productivity and Workflows

Security & Privacy

I want to highlight an awesome read for RPG fans and very much “how did I not know this”. It’s the tale of when the FBI mistook Gurps RPG Cyberpunk for a hacker’s manual

? Actual Books

February I continued the trend of trying to read/listen to a couple of books specifically:

2000 to 10000 – Because words are hard for me. This book is all about productivity as a writer and maximising your writing time. While billed as suitable for any niche, the author is very much a novelist and all the examples come from a single genre. The book was recommended by Rachel McColin, who is both a WordPresser and Novelist herself. I didn’t get what I was looking for out of it but I can see it’s still a useful resource.

If you have a passing interest in security I recommend you check out this Humble Bundleof Infosec books by Wiley.   

For £1 you get one of the best books on threat modelling I have read (though it’s a mammoth slog) I grabbed all of them and will be making my way through the ones I haven’t read before. Maybe it’s time for Tims security Book Club?

?️ Great Podcasts

Switching it around a little bit this time, so no amazing tool, instead I wanted to give you 3 podcasts you might not have listened to but I think you might like.

Smashing Security – nothing to do with Smashing Magazine. This security podcast with Carole Theriault and Graham Cluley, normally along with a guest. It is both interesting and funny. The takeaways might be repetitive but it’s a nice, light listen.
Details –

Art of Product – Again, another duo, but this time Ben Orenstein (co-founder of Tuple) and Derrick Reimer (co-founder of Drip now working on static kit) talk about their projects each week.
Details –

Darknet Diaries – You like scary tales from around the internet? Jack Rhysider narrates each episode which focuses on a single tale. Unlike the others, I’m going to recommend you start with Episode 36 Jeremy From Marketing to get you used to the style.

Details –

 ? News and Opinions

WordPress 5.4 is coming!
With a host of Gutenberg updates and the new Lazy Loading (nope apparently that got scrapped), it’s going to feel a little light for me as I have been running the latest Gutenberg and the Lazy Loading feature plugin on my site. Though a feature I can see myself finding a use for, WordPress menus finally has some useful hooks in it! For those looking to test the latest Beta/RC the beta tester plugin has also had a little update.

1 Billion SSL certificates issued by Let’s Encrypt!

That’s quite a lot of SSL certificates; chances are your site is one of them. It’s a huge milestone, though worth remembering unlike many traditional issuers Let’s Encrypt reissue every 90 days, so most of that billion will be reissuing. But still it’s amazing. Check out the complete story

Hacked plugin after plugin after plugin

It seems that we have had a deluge of hacked plugins including a couple of real zero days. With hack after hack this month I can’t tell if researchers have woken from their slumber or devs have had some post-Christmas oopsies. As always the advice is to keep things up to date. But some of the hacks recently include:
Critical Issue in ThemeGrill Demo Importer, I was staggered to hear this was installed on 200k sites, audit those plugins folks!
Multiple Vulnerabilities in Supsystic pricing tables plugin
WPcentral Privilege Escalation

One of the big differences is this month there seems to be a lot more actively abusing the vulnerabilities straight off the bat so delaying updating by even a day or so has been leading to compromises.

? Where can you find me?

I’m still sorting out events and where I’m going over the next few months so have nothing in my agenda however if you would like me to come chat at your user group or conference then why not request a talk.  

I have recently redone my public Facebook page, my goal is to put out a few more general personal online safety tips on there as well as curated content from the blog. If you use Facebook I would totally appreciate it if you would like the page as it gives Facebook a hint to show the content to people. 

I’m going to leave you with a huge favour, if you like this newsletter and content I create can you help me to share it. Encourage a friend to subscribe to the newsletter at if an article has resonated with you please share it on your social media platforms. 

I would love to reach more people in 2020 and to do that I need your help.

One final thought we spend a lot of time hearing about Deep Fakes and the damaging aspects of technology being used to manipulate footage so I wanted to leave you with something positive.

Thank you and you are awesome


Want to see the next Random Mutterings, then please do subscribe.

Helping you and your customers stay safe

WordPress Security Consulting Services

Power Hour Consulting

Want to get expert advice on your site's security? Whether you're dealing with a hacked site or looking to future-proof your security, Tim will provide personalised guidance and answer any questions you may have. A power hour call is an ideal starting place for a project or a way to break deadlocks in complex problems.

Learn more

Site Reviews

Want to feel confident about your site's security and performance? A website review from Tim has got you covered. Using a powerful combination of automated and manual testing to analyse your site for any potential vulnerabilities or performance issues. With a comprehensive report and, importantly, recommendations for each action required.

Learn more

Code Reviews

Is your plugin or theme code secure and performing at its best? Tim provides a comprehensive code review, that combine the power of manual and automated testing, as well as a line-by-line analysis of your code base. With actionable insights, to help you optimise your code's security and performance.

Learn more

Or let's chat about your security?

Book a FREE 20 minute call with me to see how you can improve your WordPress Security.

(No Strings Attached, honest!)