Hello I’m Tim Nash, A
WordPress Security Consultant
How can Tim help you today?
WordPress Security Consulting
There is a reasonable chance you are here because something has gone wrong, I really hope that’s not the case and if it’s not then let us talk about how to prevent things going wrong.
However for many you are on this page looking for help, so let’s start with the simple things
What best describes you?
Panicking or just looking for advice?
So many of my conversations begin that way, it’s almost never as bad as it seems and we can put it right, be it a very slow loading site that keeps falling over or a site hack.
Together we can get it fixed.
All you have to do is fill in the form, and pick a time/date. On the form I ask some details about what you are hoping to get out of our meeting this will allow me to prepare a little bit and also to be honest if you are after things outside of my expertise.
You’ll leave the call with actionable takeaways and resources that you can apply immediately to your organisation.
A summary, call notes, and recommendations will be sent 24-48 hours after the call.
Consulting & Training
I am a WordPress Security Consultant, and I can help improve your security and bring you peace of mind. Every relationship is different but areas I think I might be particularly suited in working with you are:
Providing a security audit of your site, to help identify issues that might cause you problems.
Providing security training yourself, your colleagues and potentially your customers
Helping with specific security issues, for example hacked sites
Help building out strategic overview of security within your organisation
This can be one off short “power hour” consultancy through to longer engagements such as single day workshops (online only at the moment) to taking a more direct hands on approach.
I have worked both at a web hosting company and managed a WordPress development agency which gives me the ability to understand a lot of the parts of your business needed to help you tackle problems not just from a technical perspective but through business processes as well.
I’m here to help and to bring you peace of mind. Let me help you sleep soundly at night and not be worrying if you will have an online business tomorrow.
Security Site Audit
A website security audit gives you a snapshot of how well your site is doing, an audit looks at a range of aspects of your site and gives you a concise list of actions to take to improve your site in the short, medium and long term.
My website security audits, try to be jargon free, and contain actionable information that your organisation can use straight away.
While each audit is bespoke to the client and scope of the project (what is being tested) they normally include:
Code review of custom code on the site
Use of automated tools to simulate a bad actor attack vectors
Manual investigation of the site
Evaluation of Plugin and themes on the site.
Validation of security practices
Audits are designed to identify issues before they become problems, and are ideal during site builds but equally audits can be performed on live sites and as part of a regular review process.
“
“I hired Tim to do an audit on one of our most popular plugins, not only was this one of the best business decisions I have made. It was an invaluable experience and one I would highly recommend to any other plugin/theme developers. The takeaways from this have been super beneficial to my business (both in coding and business) and I now have the confidence to grow and take it to the next level!”
Aaron Bowie
WeAreAG
Plugin/Theme Audits
I am a Dev/Sec/Ops person. I wrote one of the very first commercial plugins available for WordPress, it was a membership plugin that frankly sucked after many years and iterations without a refactor. Combine this with having worked with companies like PayPal and building donation platforms for the World Food Programme and I have a good inkling of what you might be going through. I’ve also more recently worked at a Manage WordPress host where I have had to audit my fair share of truly rubbish plugins, causing slow downs and more importantly vulnerabilities.
We can catch those vulnerabilities early with a Plugin/Theme audit. What’s in a Plugin/Theme audit:
Automated code review, using a combination of static analysis and code sniffing
A manually code review going line by line
Automated testing of all plugin endpoints looking for all those sneaky SQL injections and XSS attacks.
A report that provides actionable insights for you to improve your plugin and theme, in addition I will show you how you can do much of this testing yourself so you can have your own mini audits built into your pipeline.
Consulting & Training
I am a Dev/Sec/Ops person who can probably help you in many parts of your agency. Every relationship is different but areas I think I might be particularly suited in working with you are:
Security audits of sites, plugins, themes and implementing audits into your workflows
Providing security training for staff and clients
Helping with specific security issues, for example hacked sites
Help building out strategic overview of security within your organisation
Helping your development team level up in terms of system administration, server admin and things like continuous integration.
This can be one off short “power hour” consultancy through to longer engagements such as single day workshops (online only at the moment) to taking a more direct hands on approach.
Having previously run a development agency I’m uniquely suited to working alongside yours, I understand the pressures and issues you are under, I know that feeling when the client really needs this solved.
I’m here to help and to build on our successes together, working behind the scenes and keeping your data and issue confidential.
Retainers
Most of my engagements are for a single or couple of days of my time, to help solve a specific problem. However, retainer based engagements allow me to work deeply with your agency.
Retainer based engagements are really suited to longer security, maintenance and performance projects or mini projects to assist your team over a period of time. What might that look like? Well, for example, a 3 day a month retainer over a couple of months might look like this.
In month 1 the first 3 days are spent looking at longer term strategies and performing security and performance audits. Before identifying a specific first project, for example helping to scope and showing the benefits for continual integration tooling processes and mapping how that should look. In month 2 helping directly with the build phase provides plenty of opportunities to advise on problems and bottlenecks. At the same time we can start
About Tim Nash
My name is Tim Nash I am a WordPress security expert with a background in development and system administration. In addition to building one of the very first commercial WordPress plugins, I have ran a development agency specialising in payments and security, worked with big named organisations like PayPal and the World Food Programme and spent 5 years as the WordPress Platform Lead at 34SP.com building a Managed WordPress Platform used by thousands of site.
My ethos and approach
Over the years, I have mellowed and aged, definitely aged, like a fine wine, I hope. And that’s better than the alternative, which is to become sour and vinegary. I don’t believe I have lost any passion but it has been tempered with realism.
Past Tim was dogmatic – “this is the correct approach and there should be no compromise” – and there are times where I will be honest and tell you this is not an area to compromise. However, I also understand that your organisation has to flex and bend and no solution meets deployment and is not slightly changed. I will always encourage best practices but I won’t chastise you for not following them.
I have a beautiful daughter and we need to leave the world in a better state than how we inherited it, as such I believe strongly in sustainability, not only does this site use a green hosting provider but my business is carbon negative, combining making choices based, in part, on green credentials but offsetting the entirety of our energy consumption, green energy and all.
Above all, I want to make sure any marks I leave are positive and that I leave things safer and better. I want to work with nice people who share my values and beliefs that we should be mindful and make sure everything we do is an improvement that we are helping.
Ready to get started
So let’s talk, if you want a quick one hour chat then you can do so via Calendly link, select a time that’s right for you and fill in your details.
For all other enquiries please use the contact form and I will be in touch.