WEBVTT 1 00:00:00.880 --> 00:00:02.879 start it up We have a little bit of pre 2 00:00:02.879 --> 00:00:05.359 preamble stuff and then I'll hit the uh 3 00:00:05.359 --> 00:00:08.360 intros and then we will roll right 4 00:00:08.360 --> 00:00:12.280 along Sounds great All 5 00:00:12.280 --> 00:00:15.880 right let's get this 6 00:00:15.880 --> 00:00:18.480 going Ladies and gentlemen it is time 7 00:00:18.480 --> 00:00:26.279 for WordPress plugins A to Zed not Z 8 00:00:26.800 --> 00:00:29.119 Well good morning And it is the 9 00:00:29.119 --> 00:00:33.360 interview show today for WP plugins A to 10 00:00:33.360 --> 00:00:36.079 Zed And we'll be discussing the advanced 11 00:00:36.079 --> 00:00:40.320 access manager plugin with Vassel Martin 12 00:00:40.320 --> 00:00:42.800 All coming up next on WordPress plugins 13 00:00:42.800 --> 00:00:45.760 from A to 14 00:00:45.960 --> 00:00:49.600 Zed WordPress It's the most popular 15 00:00:49.600 --> 00:00:51.840 content management and website solution 16 00:00:51.840 --> 00:00:56.000 on the internet That was the wrong one 17 00:00:56.000 --> 00:00:57.680 Actually we're going to roll this right 18 00:00:57.680 --> 00:00:59.199 back and do the jingle all over again 19 00:00:59.199 --> 00:01:03.159 because I got a messed up 20 00:01:03.159 --> 00:01:05.439 opening This is what happens sometimes 21 00:01:05.439 --> 00:01:08.479 Well what happens is I I the live stream 22 00:01:08.479 --> 00:01:11.200 is live That's period But the part that 23 00:01:11.200 --> 00:01:13.840 goes out to the podcast is is recorded 24 00:01:13.840 --> 00:01:16.080 and I try to keep the opening clean for 25 00:01:16.080 --> 00:01:17.920 that one 26 00:01:17.920 --> 00:01:20.000 All right let's roll this back again One 27 00:01:20.000 --> 00:01:23.759 more time Take two Take two 28 00:01:23.759 --> 00:01:25.680 Ladies and gentlemen it is time for 29 00:01:25.680 --> 00:01:32.159 WordPress plugins A to Zed not 30 00:01:32.439 --> 00:01:36.880 Z It is interview number 66 with Vasel 31 00:01:36.880 --> 00:01:39.680 Martin Martin Oh jeez Did I get your 32 00:01:39.680 --> 00:01:41.759 name okay Yeah Yeah it's actually 33 00:01:41.759 --> 00:01:44.079 perfect Oh Martin Okay then I'm gonna 34 00:01:44.079 --> 00:01:46.079 roll that back one more time since I 35 00:01:46.079 --> 00:01:49.360 throw it all off Let's get this right 36 00:01:49.360 --> 00:01:52.079 Okay one more time for all the listener 37 00:01:52.079 --> 00:01:55.200 that's out there Ladies and gentlemen it 38 00:01:55.200 --> 00:01:58.960 is time for WordPress plugins A One more 39 00:01:58.960 --> 00:02:01.680 time Ladies and gentlemen it is time for 40 00:02:01.680 --> 00:02:08.080 WordPress plugins A to Zed not Z It is 41 00:02:08.080 --> 00:02:11.039 interview 66 with Vasil Martin from 42 00:02:11.039 --> 00:02:12.879 Advanced Access Manager We'll be 43 00:02:12.879 --> 00:02:15.680 discussing this plugin and more All 44 00:02:15.680 --> 00:02:17.840 coming up next on WordPress plugins from 45 00:02:17.840 --> 00:02:20.400 A to 46 00:02:20.680 --> 00:02:24.000 Zed WordPress the king of content 47 00:02:24.000 --> 00:02:26.319 management systems powering the web with 48 00:02:26.319 --> 00:02:29.200 over 80,000 plugins to choose from How 49 00:02:29.200 --> 00:02:32.239 do you sort the junk from the gems 50 00:02:32.239 --> 00:02:34.879 welcome to WP Plugins A to Zed where 51 00:02:34.879 --> 00:02:36.319 we've been keeping the pulse of 52 00:02:36.319 --> 00:02:39.200 WordPress alive for over 16 incredible 53 00:02:39.200 --> 00:02:41.680 years Join us every week for an 54 00:02:41.680 --> 00:02:44.319 unrehearsed real talk breakdowns of the 55 00:02:44.319 --> 00:02:46.560 latest and greatest plugins developer 56 00:02:46.560 --> 00:02:48.959 and community member interviews Some 57 00:02:48.959 --> 00:02:51.120 weeks Amber and I team up to dig in 58 00:02:51.120 --> 00:02:53.680 Others I'm flying solo unpacking 59 00:02:53.680 --> 00:02:56.879 WordPress news demoing a standout plugin 60 00:02:56.879 --> 00:03:00.000 or sharing tips to power up your site No 61 00:03:00.000 --> 00:03:02.640 scripts no fluff just the good stuff 62 00:03:02.640 --> 00:03:05.840 from A to Z So plug in and let's get 63 00:03:05.840 --> 00:03:08.319 rolling 64 00:03:08.319 --> 00:03:09.920 Good morning good afternoon or good 65 00:03:09.920 --> 00:03:11.120 evening wherever you happen to be hiding 66 00:03:11.120 --> 00:03:12.400 out there on the globe today Coming to 67 00:03:12.400 --> 00:03:15.040 you direct from the brewery overlook in 68 00:03:15.040 --> 00:03:17.680 beautiful southern Vancouver Island I'm 69 00:03:17.680 --> 00:03:21.680 John Overall and joining me today is 70 00:03:21.680 --> 00:03:24.239 Vassel Martin from Advanced Access 71 00:03:24.239 --> 00:03:26.239 Manager where we'll be discussing this 72 00:03:26.239 --> 00:03:29.040 plugin that's installed on over 150,000 73 00:03:29.040 --> 00:03:31.440 websites A very fantastic plugin I don't 74 00:03:31.440 --> 00:03:32.959 know why I didn't discover it sooner 75 00:03:32.959 --> 00:03:35.280 myself I started playing with it uh 76 00:03:35.280 --> 00:03:37.440 after he reached out to me and I'm 77 00:03:37.440 --> 00:03:39.680 really enjoying the free version of the 78 00:03:39.680 --> 00:03:41.680 plugin So welcome to the show Basil 79 00:03:41.680 --> 00:03:44.560 Greatly to have you here Thank you I'm 80 00:03:44.560 --> 00:03:47.519 I'm happy to be here Well we've got a 81 00:03:47.519 --> 00:03:49.760 lot to uh cover and go over here on the 82 00:03:49.760 --> 00:03:52.000 plugin You were giving me some nice 83 00:03:52.000 --> 00:03:53.840 feedback information that was going to 84 00:03:53.840 --> 00:03:56.560 be useful for me to wander through and 85 00:03:56.560 --> 00:03:58.799 talk about on all the different stuff 86 00:03:58.799 --> 00:04:02.640 we've got going here And um first off 87 00:04:02.640 --> 00:04:04.799 for start off tell us a little bit I 88 00:04:04.799 --> 00:04:06.480 know your story's been told many times 89 00:04:06.480 --> 00:04:08.239 but tell us a little bit about yourself 90 00:04:08.239 --> 00:04:12.480 and how you got started in in this I see 91 00:04:12.480 --> 00:04:15.120 Well um I'm originally from Ukraine and 92 00:04:15.120 --> 00:04:18.639 I came to United States back in 2011 Uh 93 00:04:18.639 --> 00:04:20.479 I won green card in a lottery so it was 94 00:04:20.479 --> 00:04:23.759 a free pass for me and uh my first job 95 00:04:23.759 --> 00:04:26.800 was in a marketing agency um it happened 96 00:04:26.800 --> 00:04:29.919 to be the their their WordPress shop 97 00:04:29.919 --> 00:04:32.560 primarily So that's how I started to to 98 00:04:32.560 --> 00:04:34.720 to learn WordPress and just out of 99 00:04:34.720 --> 00:04:37.759 curiosity uh created a plug-in over the 100 00:04:37.759 --> 00:04:40.000 weekend called advanced access manager I 101 00:04:40.000 --> 00:04:42.320 even didn't think much how to name it 102 00:04:42.320 --> 00:04:45.440 just first thing that came into my mind 103 00:04:45.440 --> 00:04:49.280 I name it and um and then just uh submit 104 00:04:49.280 --> 00:04:51.600 it for review to the WordPress.org 105 00:04:51.600 --> 00:04:54.320 repository and that's how the journey 106 00:04:54.320 --> 00:04:56.639 started uh one way or another this 107 00:04:56.639 --> 00:04:59.680 plug-in was keeping was keeping me 108 00:04:59.680 --> 00:05:02.240 connected to WordPress uh community to 109 00:05:02.240 --> 00:05:05.120 to WordPress in general and it's been 110 00:05:05.120 --> 00:05:08.639 already 14 years journey 111 00:05:08.639 --> 00:05:11.520 Well it's an excellent plugin Now tell 112 00:05:11.520 --> 00:05:13.320 me a little bit 113 00:05:13.320 --> 00:05:17.840 about what drew you to create a plugin 114 00:05:17.840 --> 00:05:20.880 that protects the integrity of WordPress 115 00:05:20.880 --> 00:05:23.600 So well I mean it goes into places I 116 00:05:23.600 --> 00:05:26.880 wasn't even fully aware existed 117 00:05:26.880 --> 00:05:29.440 Yeah Uh it's a it's a very good question 118 00:05:29.440 --> 00:05:31.759 and the answer can be very long so I'll 119 00:05:31.759 --> 00:05:34.639 try to be That's okay We've got lots of 120 00:05:34.639 --> 00:05:38.000 time All right All right So again it 121 00:05:38.000 --> 00:05:40.280 just started out of curiosity you know 122 00:05:40.280 --> 00:05:43.360 Um at the time when I worked in uh in 123 00:05:43.360 --> 00:05:46.560 the marketing agency back in 2011 124 00:05:46.560 --> 00:05:50.080 um there was a particular need for a um 125 00:05:50.080 --> 00:05:52.639 granular access controls to admin menu 126 00:05:52.639 --> 00:05:55.000 as well as ability to manage roles and 127 00:05:55.000 --> 00:05:57.919 capabilities So there were solutions 128 00:05:57.919 --> 00:06:00.639 available in a wordpress.org repository 129 00:06:00.639 --> 00:06:03.199 that I could just download and install 130 00:06:03.199 --> 00:06:06.080 Uh however uh a client at the time was 131 00:06:06.080 --> 00:06:09.039 very particular about number of plugins 132 00:06:09.039 --> 00:06:11.039 So I was like "All right you know what 133 00:06:11.039 --> 00:06:14.160 let's just create over the weekend." And 134 00:06:14.160 --> 00:06:16.880 um and I just combined these two ideas 135 00:06:16.880 --> 00:06:19.600 ability to manage admin menu and manage 136 00:06:19.600 --> 00:06:21.680 roles and capabilities into one plug-in 137 00:06:21.680 --> 00:06:26.400 very lightweight nothing crazy And um 138 00:06:26.400 --> 00:06:29.280 and when I launched it in a 139 00:06:29.280 --> 00:06:31.199 WordPress.org repository immediately 140 00:06:31.199 --> 00:06:33.919 start getting feedback from users They 141 00:06:33.919 --> 00:06:35.919 wanted additional features They wanted 142 00:06:35.919 --> 00:06:36.840 additional 143 00:06:36.840 --> 00:06:39.280 flexibility And you know from that point 144 00:06:39.280 --> 00:06:42.400 on it just became a community plug-in So 145 00:06:42.400 --> 00:06:45.039 all the ideas that 100% of the ideas 146 00:06:45.039 --> 00:06:47.199 that uh that are implemented in the 147 00:06:47.199 --> 00:06:53.120 plug-in coming from end users and um um 148 00:06:53.120 --> 00:06:55.680 naturally I started to work with with a 149 00:06:55.680 --> 00:06:57.680 lot of developers 150 00:06:57.680 --> 00:07:01.520 um agencies enterprises and learning 151 00:07:01.520 --> 00:07:04.960 their hurdles learn learning their needs 152 00:07:04.960 --> 00:07:07.840 and all that was distilled into the set 153 00:07:07.840 --> 00:07:10.000 of features and functionality that is 154 00:07:10.000 --> 00:07:13.400 available and and uh and advanced access 155 00:07:13.400 --> 00:07:17.759 manager Um so all after all it's a 14 156 00:07:17.759 --> 00:07:20.080 years of all experience around access 157 00:07:20.080 --> 00:07:21.720 controls 158 00:07:21.720 --> 00:07:25.840 um are compiled into this one simple 159 00:07:25.840 --> 00:07:29.240 cohesive plugin 160 00:07:29.240 --> 00:07:33.599 Yeah Okay then Well my brain has just 161 00:07:33.599 --> 00:07:36.720 gone sideways on 162 00:07:36.840 --> 00:07:40.240 me I know what it was You were you had 163 00:07:40.240 --> 00:07:44.479 made mention in your email about talking 164 00:07:44.479 --> 00:07:48.400 about some of the difficulties or horror 165 00:07:48.400 --> 00:07:51.919 stories that emphasize the importance of 166 00:07:51.919 --> 00:07:55.080 the this uh plugin and 167 00:07:55.080 --> 00:07:58.879 how it can help save people well from 168 00:07:58.879 --> 00:08:02.000 what you mentioned a whole lot of money 169 00:08:02.000 --> 00:08:06.160 That's right you know John to answer to 170 00:08:06.160 --> 00:08:08.479 answer that or elaborate more on that um 171 00:08:08.479 --> 00:08:10.039 I'll give a bit of 172 00:08:10.039 --> 00:08:13.360 a background so when we talk about 173 00:08:13.360 --> 00:08:16.319 security I think there is a there is a 174 00:08:16.319 --> 00:08:20.160 very narrow um story about what is what 175 00:08:20.160 --> 00:08:21.919 means security for WordPress when we 176 00:08:21.919 --> 00:08:23.840 hear about security we hear about things 177 00:08:23.840 --> 00:08:27.199 like you know brute force attacks or 178 00:08:27.199 --> 00:08:30.080 vulnerable plugins outdated plugins u 179 00:08:30.080 --> 00:08:33.320 talking about a ws two factor 180 00:08:33.320 --> 00:08:36.240 authentications These are just a part of 181 00:08:36.240 --> 00:08:38.479 the security The whole security starts 182 00:08:38.479 --> 00:08:41.760 from the building where the uh hosting 183 00:08:41.760 --> 00:08:45.279 hardware is and it ends with the very 184 00:08:45.279 --> 00:08:48.000 last user that visited website and 185 00:08:48.000 --> 00:08:49.160 everything in 186 00:08:49.160 --> 00:08:52.320 between So when we hear stories about 187 00:08:52.320 --> 00:08:54.399 WordPress security we hear only about 188 00:08:54.399 --> 00:08:57.200 part of it right 189 00:08:57.200 --> 00:09:00.959 um and you know for years I couldn't 190 00:09:00.959 --> 00:09:04.240 really um clearly articulate what 191 00:09:04.240 --> 00:09:06.959 advanced access manager is what is what 192 00:09:06.959 --> 00:09:10.640 is this for I was telling one some 193 00:09:10.640 --> 00:09:12.399 people that it's membership plugin and 194 00:09:12.399 --> 00:09:14.480 other people that it's a developer SDK 195 00:09:14.480 --> 00:09:16.240 some other people that is somewhat 196 00:09:16.240 --> 00:09:19.600 security plugin but visiting uh uh word 197 00:09:19.600 --> 00:09:23.360 camp last year I clearly realized that 198 00:09:23.360 --> 00:09:26.640 there is a huge gap in the security 199 00:09:26.640 --> 00:09:29.360 awareness that nobody really talks about 200 00:09:29.360 --> 00:09:33.279 and this is a gap in access controls Mhm 201 00:09:33.279 --> 00:09:36.000 If you look at the OASP top 10 OASP top 202 00:09:36.000 --> 00:09:39.200 10 it's a it's a list that a lot of 203 00:09:39.200 --> 00:09:41.680 security organizations are paying 204 00:09:41.680 --> 00:09:46.720 attention uh closely that shows top 10 205 00:09:46.720 --> 00:09:50.640 um top 10 things that create incidents 206 00:09:50.640 --> 00:09:53.200 security incidents and broken access 207 00:09:53.200 --> 00:09:56.360 controls is actually number one issue 208 00:09:56.360 --> 00:09:59.920 apparently Yes apparently Um and how do 209 00:09:59.920 --> 00:10:02.480 they distill that list it's they it's a 210 00:10:02.480 --> 00:10:05.200 nonprofit organization that analyzes 211 00:10:05.200 --> 00:10:06.800 hundreds of thousands of security 212 00:10:06.800 --> 00:10:11.360 breaches um every year and they distill 213 00:10:11.360 --> 00:10:13.160 this top 10 214 00:10:13.160 --> 00:10:18.120 list Uh so uh based on what they 215 00:10:18.120 --> 00:10:20.480 discovering uh through all this analysis 216 00:10:20.480 --> 00:10:24.959 that 94% of all web applications are uh 217 00:10:24.959 --> 00:10:27.240 have some level of broken access 218 00:10:27.240 --> 00:10:29.000 controls which 219 00:10:29.000 --> 00:10:30.839 means which 220 00:10:30.839 --> 00:10:34.000 means something is misconfigured Some 221 00:10:34.000 --> 00:10:36.000 people have high privilege and then they 222 00:10:36.000 --> 00:10:38.079 should some information is disclosed 223 00:10:38.079 --> 00:10:40.240 that should not be disclosed You know I 224 00:10:40.240 --> 00:10:42.720 can even uh mention some things that 225 00:10:42.720 --> 00:10:45.000 even on a on a a 226 00:10:45.000 --> 00:10:48.640 to website on your website or I'm 227 00:10:48.640 --> 00:10:51.360 certain there is already uh I haven't 228 00:10:51.360 --> 00:10:53.200 applied your plugin to that site yet 229 00:10:53.200 --> 00:10:55.839 that site's going undergoing an overhaul 230 00:10:55.839 --> 00:10:58.959 You know uh taking that a little further 231 00:10:58.959 --> 00:11:00.720 is like one of the things you gave me in 232 00:11:00.720 --> 00:11:02.640 your in the information you sent me in 233 00:11:02.640 --> 00:11:04.399 the email you sent me to a couple of 234 00:11:04.399 --> 00:11:07.959 videos to go watch and one of them you 235 00:11:07.959 --> 00:11:12.720 showcase how an editor privilege user 236 00:11:12.720 --> 00:11:15.600 could use that to get someone else to 237 00:11:15.600 --> 00:11:17.640 look at their post and upgrade 238 00:11:17.640 --> 00:11:20.959 themselves And I thought that was very 239 00:11:20.959 --> 00:11:22.640 fascinating I didn't even know that was 240 00:11:22.640 --> 00:11:24.640 a possibility 241 00:11:24.640 --> 00:11:27.360 Yes Yeah And all that it's not really 242 00:11:27.360 --> 00:11:29.839 even an editor but rather the capability 243 00:11:29.839 --> 00:11:32.560 that editor has and that is unfiltered 244 00:11:32.560 --> 00:11:34.640 HTML You know if you look at a WordPress 245 00:11:34.640 --> 00:11:38.800 core um there are two very very unique 246 00:11:38.800 --> 00:11:40.959 capabilities It's unfiltered HTML and 247 00:11:40.959 --> 00:11:44.320 unfiltered uploads they they these two 248 00:11:44.320 --> 00:11:47.600 capability allow to inject pretty much 249 00:11:47.600 --> 00:11:50.640 anything in the in WordPress website 250 00:11:50.640 --> 00:11:53.600 Somehow unfiltered uploads by default is 251 00:11:53.600 --> 00:11:56.240 disabled but unfiltered HTML is enabled 252 00:11:56.240 --> 00:12:00.160 which means allows users like editors or 253 00:12:00.160 --> 00:12:02.079 you can assign that capability to 254 00:12:02.079 --> 00:12:05.920 subscriber right yeah it's with amount 255 00:12:05.920 --> 00:12:08.160 of plugins today available to manipulate 256 00:12:08.160 --> 00:12:10.079 with roles and capabilities it can be 257 00:12:10.079 --> 00:12:11.680 assigned and I've seen and I've seen 258 00:12:11.680 --> 00:12:13.440 websites where this capability was 259 00:12:13.440 --> 00:12:15.440 assigned to editors editors to 260 00:12:15.440 --> 00:12:19.360 subscribers to authors to custom roles 261 00:12:19.360 --> 00:12:22.639 um I even done an analysis 262 00:12:22.639 --> 00:12:25.920 um on the top thousand most popular 263 00:12:25.920 --> 00:12:28.399 plugins in repository in WordPress.org 264 00:12:28.399 --> 00:12:33.040 repository Uh over 10% of the plugins 265 00:12:33.040 --> 00:12:35.600 are relying on unfiltered HTML 266 00:12:35.600 --> 00:12:37.480 capability to grant additional 267 00:12:37.480 --> 00:12:40.399 functionality which means this is rel 268 00:12:40.399 --> 00:12:42.880 this is a relatively popular um 269 00:12:42.880 --> 00:12:44.639 capability that is also extremely 270 00:12:44.639 --> 00:12:47.279 dangerous because anyone who has it can 271 00:12:47.279 --> 00:12:50.639 inject malicious code in the post page 272 00:12:50.639 --> 00:12:53.279 and trick You don't have to even trick 273 00:12:53.279 --> 00:12:57.200 administrator You just sit and wait Yeah 274 00:12:57.200 --> 00:12:59.600 You put it on a homepage Yeah And wait 275 00:12:59.600 --> 00:13:02.800 till the administrator comes in and just 276 00:13:02.800 --> 00:13:05.600 accesses it That's it That's enough 277 00:13:05.600 --> 00:13:07.760 That's enough Yeah Well that was what I 278 00:13:07.760 --> 00:13:09.760 I found quite interesting And as I was 279 00:13:09.760 --> 00:13:11.519 digging down I didn't have a lot of time 280 00:13:11.519 --> 00:13:13.240 to dig into it I had other things 281 00:13:13.240 --> 00:13:16.079 happening but I intend to dig down 282 00:13:16.079 --> 00:13:18.720 further into it And I also noticed when 283 00:13:18.720 --> 00:13:20.320 I was looking up all the info about your 284 00:13:20.320 --> 00:13:22.880 plug-in you have your premium versions 285 00:13:22.880 --> 00:13:26.320 which offer up the ability to lock the 286 00:13:26.320 --> 00:13:30.040 website down even further into a private 287 00:13:30.040 --> 00:13:36.240 website andor by IP address or geoloc So 288 00:13:36.240 --> 00:13:37.920 can you tell us a little more about how 289 00:13:37.920 --> 00:13:41.120 that works and what that does for us yep 290 00:13:41.120 --> 00:13:44.320 Um so when people ask me what is a 291 00:13:44.320 --> 00:13:46.800 premium premium add-on is for I 292 00:13:46.800 --> 00:13:49.920 typically say it is ability to manage 293 00:13:49.920 --> 00:13:52.959 access to your website at scale Uh the 294 00:13:52.959 --> 00:13:54.399 free version includes pretty much 295 00:13:54.399 --> 00:13:55.920 everything which you need If you're a 296 00:13:55.920 --> 00:13:57.839 small site you have small amount of 297 00:13:57.839 --> 00:14:00.079 people you don't even need to go in and 298 00:14:00.079 --> 00:14:02.240 uh and bother buying a premium But if 299 00:14:02.240 --> 00:14:05.040 you have a larger number of content 300 00:14:05.040 --> 00:14:07.040 larger number of users that are visiting 301 00:14:07.040 --> 00:14:09.519 your website it is much easier and much 302 00:14:09.519 --> 00:14:12.160 more efficient to to to buy a premium 303 00:14:12.160 --> 00:14:14.079 because you can manage access at scale 304 00:14:14.079 --> 00:14:15.959 You can basically 305 00:14:15.959 --> 00:14:19.600 um do a reverse access control saying I 306 00:14:19.600 --> 00:14:21.760 want to deny everything but allow only 307 00:14:21.760 --> 00:14:25.839 explicit explicit few pages or I want to 308 00:14:25.839 --> 00:14:29.120 hide all the content for the countries 309 00:14:29.120 --> 00:14:30.839 like 310 00:14:30.839 --> 00:14:34.720 um like US but only show that content to 311 00:14:34.720 --> 00:14:36.480 to people that coming from a country 312 00:14:36.480 --> 00:14:41.040 like France So um this is the premium is 313 00:14:41.040 --> 00:14:43.279 essentially again just designed to to 314 00:14:43.279 --> 00:14:45.199 manage access to your website to website 315 00:14:45.199 --> 00:14:46.519 resources at 316 00:14:46.519 --> 00:14:50.320 scale and it's relatively uh inexpensive 317 00:14:50.320 --> 00:14:52.560 for the amount Yeah you got it priced 318 00:14:52.560 --> 00:14:54.320 reasonably for for those that would need 319 00:14:54.320 --> 00:14:56.320 it It's priced in a reasonable level 320 00:14:56.320 --> 00:14:57.959 I've always judged 321 00:14:57.959 --> 00:15:01.040 plugins based upon whether the price was 322 00:15:01.040 --> 00:15:03.519 reasonable over a period of time for 323 00:15:03.519 --> 00:15:05.199 what it's going to provide for the site 324 00:15:05.199 --> 00:15:07.600 And I've seen a lot of them be 325 00:15:07.600 --> 00:15:10.079 overpriced over the years Seen them come 326 00:15:10.079 --> 00:15:12.800 and go And the overpriced ones often 327 00:15:12.800 --> 00:15:15.360 either don't move very fast or hardly 328 00:15:15.360 --> 00:15:16.880 get enough clients or they have to come 329 00:15:16.880 --> 00:15:19.839 down in price So another question on 330 00:15:19.839 --> 00:15:23.000 this is like how would 331 00:15:23.000 --> 00:15:27.480 this access management control plugin 332 00:15:27.480 --> 00:15:30.160 um work to help you out if you're 333 00:15:30.160 --> 00:15:32.000 running an e-commerce site where you 334 00:15:32.000 --> 00:15:33.600 have lots of people's you know signing 335 00:15:33.600 --> 00:15:34.880 up so they can see their different 336 00:15:34.880 --> 00:15:37.040 accounts or 337 00:15:37.040 --> 00:15:39.760 um just even a basic membership site And 338 00:15:39.760 --> 00:15:41.360 of course we have there's dozens of 339 00:15:41.360 --> 00:15:43.040 membership plugins out there And there's 340 00:15:43.040 --> 00:15:44.800 even ways like I even noticed on mine 341 00:15:44.800 --> 00:15:47.040 today like I didn't even I I even forgot 342 00:15:47.040 --> 00:15:49.360 like when people book on my site it 343 00:15:49.360 --> 00:15:53.279 creates them a a booking level user on 344 00:15:53.279 --> 00:15:55.920 my site and I have no idea I have no 345 00:15:55.920 --> 00:15:57.440 idea what permissions are even applied 346 00:15:57.440 --> 00:15:59.360 to that yet I have to now dig down deep 347 00:15:59.360 --> 00:16:00.959 into it and I didn't even realize it So 348 00:16:00.959 --> 00:16:03.360 there's lots of ways you add things to 349 00:16:03.360 --> 00:16:06.880 your site and you create a new type of 350 00:16:06.880 --> 00:16:10.480 user and unless you look to see what the 351 00:16:10.480 --> 00:16:13.120 plug-in author chose for those you don't 352 00:16:13.120 --> 00:16:15.360 know what they get Is is that what I'm 353 00:16:15.360 --> 00:16:16.639 I'm understanding It's like as the 354 00:16:16.639 --> 00:16:18.399 plug-in author creates and sets this up 355 00:16:18.399 --> 00:16:21.680 he chooses what levels you of 356 00:16:21.680 --> 00:16:24.240 permissions they give that user That's 357 00:16:24.240 --> 00:16:28.320 right And you know just um continuing on 358 00:16:28.320 --> 00:16:30.959 on that like even even your website uh 359 00:16:30.959 --> 00:16:33.759 if I log in as a the booking user or 360 00:16:33.759 --> 00:16:36.240 wherever I subscriber uh I can see the 361 00:16:36.240 --> 00:16:38.240 broken links not notifier on my 362 00:16:38.240 --> 00:16:41.360 dashboard A broken link notifier Yeah 363 00:16:41.360 --> 00:16:44.079 it's a menu in admin that is added and I 364 00:16:44.079 --> 00:16:46.320 know that you have 220 broken links 365 00:16:46.320 --> 00:16:48.720 which actually grew by 50 the last time 366 00:16:48.720 --> 00:16:51.839 I logged in 367 00:16:51.839 --> 00:16:53.519 Sounds like my site right now You know 368 00:16:53.519 --> 00:16:55.360 as they say the plumber's pipes always 369 00:16:55.360 --> 00:16:58.560 leak The uh mechanic's car needs brakes 370 00:16:58.560 --> 00:17:03.279 Yeah But that's that is um so this this 371 00:17:03.279 --> 00:17:05.400 is a segue to 372 00:17:05.400 --> 00:17:08.720 um uh to the topic of the recycled 373 00:17:08.720 --> 00:17:11.039 capabilities I find it one of the 374 00:17:11.039 --> 00:17:12.720 biggest problems in a WordPress 375 00:17:12.720 --> 00:17:15.280 ecosystem today So what is recycled 376 00:17:15.280 --> 00:17:17.120 capability as as you mentioned as 377 00:17:17.120 --> 00:17:18.640 developers they're choosing specific 378 00:17:18.640 --> 00:17:22.079 capability to um to code their 379 00:17:22.079 --> 00:17:24.000 functionality for the plug-in saying if 380 00:17:24.000 --> 00:17:26.160 if user had that capability then they 381 00:17:26.160 --> 00:17:28.799 can do this additional things right and 382 00:17:28.799 --> 00:17:30.280 um 383 00:17:30.280 --> 00:17:33.200 and I've seen it and I continuously see 384 00:17:33.200 --> 00:17:35.039 that developer no matter what level it 385 00:17:35.039 --> 00:17:37.840 is from the associate to the principal 386 00:17:37.840 --> 00:17:40.000 engineers they don't really put too much 387 00:17:40.000 --> 00:17:43.120 thinking into which capability to assign 388 00:17:43.120 --> 00:17:45.919 so a lot of times I've se even seen a 389 00:17:45.919 --> 00:17:49.520 e-commerce solutions with a admin 390 00:17:49.520 --> 00:17:52.880 privilege capabilities that is granted 391 00:17:52.880 --> 00:17:58.400 uh with edit posts Wow or yeah if if so 392 00:17:58.400 --> 00:18:00.400 from developer standpoint they think 393 00:18:00.400 --> 00:18:03.280 like okay if if uh if user has the 394 00:18:03.280 --> 00:18:05.360 ability to edit posts they should be 395 00:18:05.360 --> 00:18:07.840 able to manage all the products they 396 00:18:07.840 --> 00:18:10.760 should be able to see all the all the 397 00:18:10.760 --> 00:18:14.160 users in their mind it's all right but 398 00:18:14.160 --> 00:18:16.320 in a grand schema it's not because 399 00:18:16.320 --> 00:18:18.880 websites um you know there are different 400 00:18:18.880 --> 00:18:20.160 level of users there are different 401 00:18:20.160 --> 00:18:22.559 responsibilities that that users have so 402 00:18:22.559 --> 00:18:24.000 they don't really think through all 403 00:18:24.000 --> 00:18:25.280 these details 404 00:18:25.280 --> 00:18:27.360 And it happens over and over again 405 00:18:27.360 --> 00:18:30.120 Recycle capabilities it's a huge problem 406 00:18:30.120 --> 00:18:33.520 Um so how am 407 00:18:33.520 --> 00:18:35.600 uh to mitigate these problems again you 408 00:18:35.600 --> 00:18:37.919 can enable restricted modes Essentially 409 00:18:37.919 --> 00:18:39.919 what what you do is saying all right if 410 00:18:39.919 --> 00:18:42.000 it's a admin area I want to restrict 411 00:18:42.000 --> 00:18:45.440 everything but only explicitly allow 412 00:18:45.440 --> 00:18:48.720 specific admin pages And that can be 413 00:18:48.720 --> 00:18:51.039 easily toggled with just a just 414 00:18:51.039 --> 00:18:54.080 literally a button You click it Now no 415 00:18:54.080 --> 00:18:56.679 matter even if you even if you're 416 00:18:56.679 --> 00:18:59.039 administrator you will be able to see 417 00:18:59.039 --> 00:19:01.679 only pages that you explicitly allow to 418 00:19:01.679 --> 00:19:04.960 see for that user Um for e-commerce 419 00:19:04.960 --> 00:19:08.880 solution considering how large this uh 420 00:19:08.880 --> 00:19:12.799 this space is how many add-ons available 421 00:19:12.799 --> 00:19:16.760 uh restricted modes is must-h have uh 422 00:19:16.760 --> 00:19:19.120 solution because again it's it's just a 423 00:19:19.120 --> 00:19:20.720 piece of mind right you don't leak 424 00:19:20.720 --> 00:19:24.160 unnecessary information to to your users 425 00:19:24.160 --> 00:19:26.480 you don't give them ability to perform 426 00:19:26.480 --> 00:19:29.840 action that they should not right take 427 00:19:29.840 --> 00:19:31.760 just peace of mind as simple as that 428 00:19:31.760 --> 00:19:33.720 well yeah absolutely Absolutely 429 00:19:33.720 --> 00:19:36.480 And in today's world with all of the 430 00:19:36.480 --> 00:19:38.160 additional tax on the site you want to 431 00:19:38.160 --> 00:19:40.000 have as much peace of mind as you can 432 00:19:40.000 --> 00:19:41.520 Now I do have an interesting question 433 00:19:41.520 --> 00:19:45.120 that just popped in me with the advanced 434 00:19:45.120 --> 00:19:46.520 access manager 435 00:19:46.520 --> 00:19:50.320 plugin How is there is is there a 436 00:19:50.320 --> 00:19:51.840 prevention in place for the 437 00:19:51.840 --> 00:19:53.679 administrator setting this all up to 438 00:19:53.679 --> 00:19:55.760 prevent from locking themselves out of 439 00:19:55.760 --> 00:19:59.360 the system while they're setting it up 440 00:19:59.360 --> 00:20:01.919 happens all the time Oh okay And then 441 00:20:01.919 --> 00:20:03.840 what happens then do they have to reset 442 00:20:03.840 --> 00:20:06.080 the database or how do they how do they 443 00:20:06.080 --> 00:20:07.600 get back into it just turn the plugin 444 00:20:07.600 --> 00:20:12.240 off What what fixes it yeah Um so if 445 00:20:12.240 --> 00:20:13.520 they messing with the roles and 446 00:20:13.520 --> 00:20:15.919 capabilities which is there's a big 447 00:20:15.919 --> 00:20:18.960 banner says be careful right ros and 448 00:20:18.960 --> 00:20:20.720 capabilities If you're messing with that 449 00:20:20.720 --> 00:20:23.440 they are directly go into into the 450 00:20:23.440 --> 00:20:25.600 database and you directly modifying the 451 00:20:25.600 --> 00:20:28.640 database WordPress core right um uh 452 00:20:28.640 --> 00:20:32.080 property If but however if if they um 453 00:20:32.080 --> 00:20:33.760 messing up with other properties they 454 00:20:33.760 --> 00:20:36.400 can easily go to database and clear all 455 00:20:36.400 --> 00:20:39.840 the options that uh prefix with AM or 456 00:20:39.840 --> 00:20:43.039 they can just disable plugin and uh they 457 00:20:43.039 --> 00:20:46.240 going back So advanced access manager u 458 00:20:46.240 --> 00:20:49.840 does not modify uh database It does not 459 00:20:49.840 --> 00:20:53.360 modify any files on a on a website You 460 00:20:53.360 --> 00:20:55.600 can you can deactivate it and it will 461 00:20:55.600 --> 00:20:58.400 clear it by automatically Okay It will 462 00:20:58.400 --> 00:21:01.919 delete everything Yeah Okay So so then 463 00:21:01.919 --> 00:21:04.720 if you did lock yourself out you go into 464 00:21:04.720 --> 00:21:06.320 the back end change the name of the 465 00:21:06.320 --> 00:21:08.640 plugin it deactivates and then they then 466 00:21:08.640 --> 00:21:10.240 they've got access back in there again 467 00:21:10.240 --> 00:21:12.080 Okay Excellent And then if they 468 00:21:12.080 --> 00:21:13.919 reactivated it would they be locked out 469 00:21:13.919 --> 00:21:16.080 again just out of curiosity would it 470 00:21:16.080 --> 00:21:18.960 would it remember some of that stuff 471 00:21:18.960 --> 00:21:20.799 well yeah if they just rename the the 472 00:21:20.799 --> 00:21:24.480 the plugin um plugin folder then you 473 00:21:24.480 --> 00:21:26.400 know settings are persisted in that 474 00:21:26.400 --> 00:21:27.840 basis Okay So the settings are 475 00:21:27.840 --> 00:21:31.120 persistent and the only other way to 476 00:21:31.120 --> 00:21:33.520 clear it out would be if you if you use 477 00:21:33.520 --> 00:21:35.919 the uninstall function does it clean up 478 00:21:35.919 --> 00:21:39.120 after itself when it's done yes Yes As 479 00:21:39.120 --> 00:21:41.919 soon as you deactivate uninstall it it 480 00:21:41.919 --> 00:21:44.320 clears all the settings automatically 481 00:21:44.320 --> 00:21:46.320 Okay And that's always been a pet peeve 482 00:21:46.320 --> 00:21:49.120 of mine Sorry When plugins uh don't 483 00:21:49.120 --> 00:21:51.679 clean up after themselves And recently I 484 00:21:51.679 --> 00:21:53.600 started cleaning up databases that are 485 00:21:53.600 --> 00:21:56.720 very old This is where WP plug-in site 486 00:21:56.720 --> 00:22:00.080 is uh sitting right now is I spent a few 487 00:22:00.080 --> 00:22:02.320 hours several weeks ago going through it 488 00:22:02.320 --> 00:22:04.799 with the advanced uh database cleaning 489 00:22:04.799 --> 00:22:06.799 tools to clean up stuff and I'd 490 00:22:06.799 --> 00:22:08.880 forgotten I'd installed and it was you 491 00:22:08.880 --> 00:22:11.200 know causing the site to be at a crawl 492 00:22:11.200 --> 00:22:13.120 because it had left behind all this crap 493 00:22:13.120 --> 00:22:16.080 over the years That's right Yeah And I'm 494 00:22:16.080 --> 00:22:18.000 I'm very well aware of that and I hate 495 00:22:18.000 --> 00:22:20.640 this things too That's why I want to 496 00:22:20.640 --> 00:22:22.799 make sure it's not it's not part of AM 497 00:22:22.799 --> 00:22:24.400 problem especially when you know 498 00:22:24.400 --> 00:22:28.559 creating dozens of uh tables in database 499 00:22:28.559 --> 00:22:31.400 Yeah And and then the oh 500 00:22:31.400 --> 00:22:35.440 man transients in options table is just 501 00:22:35.440 --> 00:22:37.840 killing it's killing website performance 502 00:22:37.840 --> 00:22:40.000 Well there's the other one that is now 503 00:22:40.000 --> 00:22:41.760 killing website performance that not 504 00:22:41.760 --> 00:22:43.840 everyone's aware of It's that I'm trying 505 00:22:43.840 --> 00:22:45.679 to remember the name of the setting the 506 00:22:45.679 --> 00:22:49.039 preload setting and the yes yes in 507 00:22:49.039 --> 00:22:52.440 options yes or no in options yes or no 508 00:22:52.440 --> 00:22:55.840 and even and it started I started 509 00:22:55.840 --> 00:23:00.240 noticing it last year when the um tool 510 00:23:00.240 --> 00:23:03.120 in WordPress um the health tool started 511 00:23:03.120 --> 00:23:04.960 popping up for some websites to saying 512 00:23:04.960 --> 00:23:07.760 your preload options exceeded one gig 513 00:23:07.760 --> 00:23:09.440 and it's like what is this and it's like 514 00:23:09.440 --> 00:23:11.280 okay and the more I dug down into it the 515 00:23:11.280 --> 00:23:12.799 more I realized okay and then You go 516 00:23:12.799 --> 00:23:14.640 through and you see all this stuff and a 517 00:23:14.640 --> 00:23:17.120 lot of it is from over time people 518 00:23:17.120 --> 00:23:19.919 installing uninstalling plugins and it 519 00:23:19.919 --> 00:23:21.760 leaves behind that stuff but that's 520 00:23:21.760 --> 00:23:24.799 still there still being preloaded every 521 00:23:24.799 --> 00:23:27.120 time the database and that causes a lot 522 00:23:27.120 --> 00:23:29.120 of draw down on your website or your 523 00:23:29.120 --> 00:23:32.159 performance That's right it it's just 524 00:23:32.159 --> 00:23:35.840 because autoload uh flag is out is on by 525 00:23:35.840 --> 00:23:37.520 default and a lot of developers just 526 00:23:37.520 --> 00:23:39.520 like hey I just gonna insert the option 527 00:23:39.520 --> 00:23:41.799 in options table 528 00:23:41.799 --> 00:23:44.559 and didn't think through like should it 529 00:23:44.559 --> 00:23:47.760 be false maybe no need to autoload maybe 530 00:23:47.760 --> 00:23:49.440 lazy load it 531 00:23:49.440 --> 00:23:54.320 um yeah u I spent I would say years um 532 00:23:54.320 --> 00:23:57.679 optimizing am so I can proudly say that 533 00:23:57.679 --> 00:24:01.039 it's um there is a wphive.com 534 00:24:01.039 --> 00:24:03.679 they what they do they analyze uh 535 00:24:03.679 --> 00:24:05.840 WordPress plug-in repositories uh 536 00:24:05.840 --> 00:24:08.080 plugins from the WordPress repository 537 00:24:08.080 --> 00:24:11.360 right for for speed for errors um so 538 00:24:11.360 --> 00:24:15.039 they claim that AM is faster than 99% of 539 00:24:15.039 --> 00:24:17.440 the plugins in the take the claim sounds 540 00:24:17.440 --> 00:24:20.000 like a valid one to me I'll take it 541 00:24:20.000 --> 00:24:21.760 always take the win no matter where it 542 00:24:21.760 --> 00:24:26.000 comes from that's right all right we've 543 00:24:26.000 --> 00:24:28.799 got um so we we started off going down 544 00:24:28.799 --> 00:24:30.799 the path of this horror 545 00:24:30.799 --> 00:24:35.440 and how someone paid a massive penalty 546 00:24:35.440 --> 00:24:37.679 for incorrectly updating a page and 547 00:24:37.679 --> 00:24:40.559 losing a homepage So do you want to 548 00:24:40.559 --> 00:24:42.080 elaborate on that one for us a little 549 00:24:42.080 --> 00:24:45.039 bit yeah Yeah Uh I can say I can tell 550 00:24:45.039 --> 00:24:47.360 several stories but that particular one 551 00:24:47.360 --> 00:24:49.919 uh which it happens with a with a 552 00:24:49.919 --> 00:24:52.080 company uh that was in a highly 553 00:24:52.080 --> 00:24:55.279 regulated space So essentially it was a 554 00:24:55.279 --> 00:24:57.840 financial sector Mhm And the the pages 555 00:24:57.840 --> 00:25:00.880 were uh just these pages were for the 556 00:25:00.880 --> 00:25:04.720 credit cards Oh credit cards and deals 557 00:25:04.720 --> 00:25:08.440 and apparently one of the uh one of the 558 00:25:08.440 --> 00:25:11.120 editors actually not authorized editor 559 00:25:11.120 --> 00:25:12.880 It's just just another person that 560 00:25:12.880 --> 00:25:15.120 worked in an organization that were able 561 00:25:15.120 --> 00:25:20.000 to go and update a published page which 562 00:25:20.000 --> 00:25:22.080 WordPress core has the ability to 563 00:25:22.080 --> 00:25:24.640 differentiate between ability to edit 564 00:25:24.640 --> 00:25:27.840 pages and edit published pages But that 565 00:25:27.840 --> 00:25:29.360 capability particular capability was 566 00:25:29.360 --> 00:25:33.840 enabled for for the user and um was it a 567 00:25:33.840 --> 00:25:36.559 mistake likely But essentially what they 568 00:25:36.559 --> 00:25:40.919 did they changed the percentage of the 569 00:25:40.919 --> 00:25:47.480 um it's um what is this um when you get 570 00:25:47.480 --> 00:25:50.159 um when you pay for card and you get 571 00:25:50.159 --> 00:25:53.720 like 5% 3% cash back Cash back Okay Yeah 572 00:25:53.720 --> 00:25:57.360 Yes So it was a card with a wrong cash 573 00:25:57.360 --> 00:26:00.480 back percentage So which means users 574 00:26:00.480 --> 00:26:03.440 that that saw like okay normal cash back 575 00:26:03.440 --> 00:26:05.600 is like 3% but it was like 8% or 576 00:26:05.600 --> 00:26:08.240 something Ah and user like all right 577 00:26:08.240 --> 00:26:10.960 it's a great deal let's sign up Yeah So 578 00:26:10.960 --> 00:26:14.640 there was a many people signed up and 579 00:26:14.640 --> 00:26:16.720 what happened the banknot had to go buy 580 00:26:16.720 --> 00:26:19.679 by by themselves out of that deal but 581 00:26:19.679 --> 00:26:22.159 also they launched a case against their 582 00:26:22.159 --> 00:26:24.080 organization because you know that's 583 00:26:24.080 --> 00:26:26.799 clearly organization mistake they are 584 00:26:26.799 --> 00:26:28.279 doing content for 585 00:26:28.279 --> 00:26:30.720 them in the end of the day insurance got 586 00:26:30.720 --> 00:26:32.720 involved and they paid it out but it was 587 00:26:32.720 --> 00:26:34.400 it was a big chunk of money that was 588 00:26:34.400 --> 00:26:38.080 paid and why because really didn't think 589 00:26:38.080 --> 00:26:41.440 through who can do what and when and how 590 00:26:41.440 --> 00:26:43.559 that capability should not been enabled 591 00:26:43.559 --> 00:26:48.120 for for the lower level lower tier 592 00:26:48.120 --> 00:26:51.120 editors Um so that's one of the stories 593 00:26:51.120 --> 00:26:53.120 Um another interesting story it's one of 594 00:26:53.120 --> 00:26:56.480 my favorite is anyone who is even 595 00:26:56.480 --> 00:26:58.640 watching it right now can go to your own 596 00:26:58.640 --> 00:27:02.240 site and settings general Mh And there 597 00:27:02.240 --> 00:27:05.200 was a there was a dropown default role 598 00:27:05.200 --> 00:27:08.039 that is assigned to newly created 599 00:27:08.039 --> 00:27:11.039 user and that dropdown contained list of 600 00:27:11.039 --> 00:27:13.200 all the roles including administrator 601 00:27:13.200 --> 00:27:16.159 role Right so now uh by default it's a 602 00:27:16.159 --> 00:27:18.559 subscriber role Anyone who is who is 603 00:27:18.559 --> 00:27:21.840 creating an account in a on a site is 604 00:27:21.840 --> 00:27:23.840 assigned to subscriber role But that 605 00:27:23.840 --> 00:27:26.960 dropdown for one for one website was 606 00:27:26.960 --> 00:27:31.520 changed to administrator Oh ouch Yes 607 00:27:31.520 --> 00:27:32.960 Means every new user was an 608 00:27:32.960 --> 00:27:35.400 administrator 609 00:27:35.400 --> 00:27:37.840 automatically It was a high it was a 610 00:27:37.840 --> 00:27:40.480 high uh it was a high traffic website 611 00:27:40.480 --> 00:27:42.720 too Uh so we're talking about hundreds 612 00:27:42.720 --> 00:27:44.799 hundreds of new users had administrator 613 00:27:44.799 --> 00:27:47.279 role and there is no way to find out 614 00:27:47.279 --> 00:27:50.159 because before that happened there was 615 00:27:50.159 --> 00:27:53.039 close to a hundred of administrators on 616 00:27:53.039 --> 00:27:54.559 the site that are like internal 617 00:27:54.559 --> 00:27:57.279 employees right there's no way to find 618 00:27:57.279 --> 00:28:00.320 out who made that change No you you 619 00:28:00.320 --> 00:28:02.000 would have had to have had some tracking 620 00:28:02.000 --> 00:28:04.399 in place long past but then depends on 621 00:28:04.399 --> 00:28:05.840 how long you keep the logs for the 622 00:28:05.840 --> 00:28:08.080 tracking It's like as one of the things 623 00:28:08.080 --> 00:28:10.320 I implemented on uh many of my client 624 00:28:10.320 --> 00:28:12.000 sites after I turned the site over to 625 00:28:12.000 --> 00:28:14.320 them was log tracking so that I know who 626 00:28:14.320 --> 00:28:16.480 does what and there's been a time or two 627 00:28:16.480 --> 00:28:18.080 where it saved my butt because they come 628 00:28:18.080 --> 00:28:19.520 complaining well something broke on the 629 00:28:19.520 --> 00:28:21.440 site and so I haven't touched it in like 630 00:28:21.440 --> 00:28:23.600 a week or two and I look at the log and 631 00:28:23.600 --> 00:28:27.039 say well you did this this and this I'm 632 00:28:27.039 --> 00:28:28.799 sorry I'll fix it but now it's going to 633 00:28:28.799 --> 00:28:32.880 cost you Yep Yep logs are great uh a 634 00:28:32.880 --> 00:28:37.000 great way to to monitor just 635 00:28:37.000 --> 00:28:39.600 retroactively Um one thing I always 636 00:28:39.600 --> 00:28:41.000 advise uh 637 00:28:41.000 --> 00:28:44.559 um my customers and and people that 638 00:28:44.559 --> 00:28:47.039 reach out to me is like if you have the 639 00:28:47.039 --> 00:28:49.440 thing enabled keep in mind that any 640 00:28:49.440 --> 00:28:53.039 administrator can can bypass 641 00:28:53.039 --> 00:28:54.799 If if I'm administrator I have the 642 00:28:54.799 --> 00:28:57.039 ability to install any plugin or modify 643 00:28:57.039 --> 00:28:58.880 any plugin on the site Yeah that's it 644 00:28:58.880 --> 00:29:01.520 It's game over I can bypass any 645 00:29:01.520 --> 00:29:03.840 monitoring any logging I can go 646 00:29:03.840 --> 00:29:06.080 retractively delete any activity that 647 00:29:06.080 --> 00:29:10.320 that was uh that I did because I have 648 00:29:10.320 --> 00:29:12.320 the ability to modify files mean I have 649 00:29:12.320 --> 00:29:14.320 the ability to modify database There is 650 00:29:14.320 --> 00:29:16.480 that But some of the logs one of the log 651 00:29:16.480 --> 00:29:18.159 plug uh I can't remember the name of the 652 00:29:18.159 --> 00:29:20.640 logging plugin I use Now it allows you 653 00:29:20.640 --> 00:29:24.200 to lock it down to one or two specific 654 00:29:24.200 --> 00:29:27.600 users that can even access or see the 655 00:29:27.600 --> 00:29:31.399 file or changes on it 656 00:29:31.399 --> 00:29:34.559 Uh yes Uh well I'm referring to to 657 00:29:34.559 --> 00:29:37.200 ability to modify any files on on a 658 00:29:37.200 --> 00:29:41.120 server Yeah Yeah Yeah 659 00:29:41.120 --> 00:29:43.880 There's all of that All right 660 00:29:43.880 --> 00:29:47.360 So see here We've got all kinds of 661 00:29:47.360 --> 00:29:48.960 interesting 662 00:29:48.960 --> 00:29:50.720 Oh yeah We can talk a lot about these 663 00:29:50.720 --> 00:29:53.520 things It's I haven't even started Well 664 00:29:53.520 --> 00:29:56.720 pick something and run All right Maybe 665 00:29:56.720 --> 00:30:00.000 tell um some other horror stories that 666 00:30:00.000 --> 00:30:01.919 happened um I don't know about six 667 00:30:01.919 --> 00:30:04.799 months ago I mentioned it a few times Um 668 00:30:04.799 --> 00:30:08.240 there was a client of mine who has a 669 00:30:08.240 --> 00:30:11.240 huge website 1.5 million 670 00:30:11.240 --> 00:30:15.039 users on the website very active site 671 00:30:15.039 --> 00:30:18.240 and their homepage got deleted 672 00:30:18.240 --> 00:30:20.799 So the can you imagine that that amount 673 00:30:20.799 --> 00:30:23.840 of users cannot really access the site 674 00:30:23.840 --> 00:30:26.640 because homepage is deleted 404 It shows 675 00:30:26.640 --> 00:30:32.159 404 Um and they like oh we get hacked 676 00:30:32.159 --> 00:30:33.679 uh we got hacked we don't know how it 677 00:30:33.679 --> 00:30:35.360 happened how this privileges were 678 00:30:35.360 --> 00:30:37.760 escalated So I asked okay can you just 679 00:30:37.760 --> 00:30:39.679 give me an export of all the roles and 680 00:30:39.679 --> 00:30:42.159 capabilities on the site and it happened 681 00:30:42.159 --> 00:30:44.960 to be that there are nine custom roles 682 00:30:44.960 --> 00:30:48.240 with ability to delete published pages 683 00:30:48.240 --> 00:30:51.279 Nine with hundreds of users assigned to 684 00:30:51.279 --> 00:30:53.919 those roles So now go find who actually 685 00:30:53.919 --> 00:30:56.320 did did the damage 686 00:30:56.320 --> 00:30:58.799 Could have just a pure mistake It could 687 00:30:58.799 --> 00:31:00.399 be just pure mistake or yeah you 688 00:31:00.399 --> 00:31:03.120 couldn't couldn't find it So yeah 689 00:31:03.120 --> 00:31:05.279 So it sounds like making sure your roles 690 00:31:05.279 --> 00:31:08.799 are set correctly is highly important 691 00:31:08.799 --> 00:31:10.720 Even that is not doesn't give you the 692 00:31:10.720 --> 00:31:12.960 full story because I can show you the 693 00:31:12.960 --> 00:31:15.360 subscriber user with more privileges 694 00:31:15.360 --> 00:31:17.200 than administrator 695 00:31:17.200 --> 00:31:18.960 Subscriber users with more privilege 696 00:31:18.960 --> 00:31:20.799 than administrators Now how does that 697 00:31:20.799 --> 00:31:22.320 happen 698 00:31:22.320 --> 00:31:24.159 because in WordPress you can assign 699 00:31:24.159 --> 00:31:25.480 capabilities to 700 00:31:25.480 --> 00:31:27.919 roles and you can assign capabilities 701 00:31:27.919 --> 00:31:31.200 directly to user account So in database 702 00:31:31.200 --> 00:31:33.760 it well in in a dashboard it shows that 703 00:31:33.760 --> 00:31:36.399 this user is subscriber 704 00:31:36.399 --> 00:31:38.559 However the subscriber can have directly 705 00:31:38.559 --> 00:31:40.960 assigned all the capabilities 706 00:31:40.960 --> 00:31:43.440 So now you wouldn't know it unless you 707 00:31:43.440 --> 00:31:46.240 look directly Yes Unless you look look 708 00:31:46.240 --> 00:31:48.799 directly Even so that doesn't solve 709 00:31:48.799 --> 00:31:50.159 anything because there is a concept of 710 00:31:50.159 --> 00:31:52.480 dynamic capabilities It's a capabilities 711 00:31:52.480 --> 00:31:54.960 that and a lot of plugins not a lot but 712 00:31:54.960 --> 00:31:56.960 I've seen several plugins that do that 713 00:31:56.960 --> 00:31:59.279 They dynamically assign capabilities to 714 00:31:59.279 --> 00:32:02.320 user account as a website loads but they 715 00:32:02.320 --> 00:32:05.080 never persist those capabilities in 716 00:32:05.080 --> 00:32:08.480 database So you cannot see that this 717 00:32:08.480 --> 00:32:11.600 user has these additional capabilities 718 00:32:11.600 --> 00:32:14.640 but they are loaded as a website loads 719 00:32:14.640 --> 00:32:17.600 Okay And so how do you stop people from 720 00:32:17.600 --> 00:32:19.919 getting these dynamically loaded 721 00:32:19.919 --> 00:32:22.799 privileges well that's a that's like a a 722 00:32:22.799 --> 00:32:25.039 needle needle in a stack of hay right 723 00:32:25.039 --> 00:32:27.200 there is some plugin or theme that has a 724 00:32:27.200 --> 00:32:28.799 code implemented that adds those 725 00:32:28.799 --> 00:32:31.120 capabilities So we have to do the full 726 00:32:31.120 --> 00:32:33.760 uh code analysis of your of your all 727 00:32:33.760 --> 00:32:37.279 your files to find that okay and even if 728 00:32:37.279 --> 00:32:39.600 so that doesn't stop anything right 729 00:32:39.600 --> 00:32:41.840 because WordPress core also has the 730 00:32:41.840 --> 00:32:46.960 ability to override or overrule the um 731 00:32:46.960 --> 00:32:50.559 the WP options users and capabilities 732 00:32:50.559 --> 00:32:52.880 option So you can actually load all the 733 00:32:52.880 --> 00:32:55.519 roles and capabilities from elsewhere 734 00:32:55.519 --> 00:32:58.000 not from the database and WordPress core 735 00:32:58.000 --> 00:33:00.799 has that ability you can override it So 736 00:33:00.799 --> 00:33:02.679 essentially you can install a small 737 00:33:02.679 --> 00:33:06.399 plugin few lines of code that overrides 738 00:33:06.399 --> 00:33:08.720 all the roles and capabilities 739 00:33:08.720 --> 00:33:11.039 uh and pretty much hijacks the roles and 740 00:33:11.039 --> 00:33:13.519 capability system So there's a lot of 741 00:33:13.519 --> 00:33:15.760 intricacies There sounded more 742 00:33:15.760 --> 00:33:17.600 intricacies in this than I even thought 743 00:33:17.600 --> 00:33:19.760 was possible I didn't even realize that 744 00:33:19.760 --> 00:33:22.000 all of this exists I knew some of it but 745 00:33:22.000 --> 00:33:25.679 not this much of it Yes there is a lot a 746 00:33:25.679 --> 00:33:28.240 lot that is going on in a WordPress uh 747 00:33:28.240 --> 00:33:31.519 WordPress core uh and even more in in 748 00:33:31.519 --> 00:33:34.320 all these plugins that are available 749 00:33:34.320 --> 00:33:35.760 Well yeah and of course you know the 750 00:33:35.760 --> 00:33:38.000 plugins are you can pretty much do 751 00:33:38.000 --> 00:33:39.919 anything you want with them I've I've 752 00:33:39.919 --> 00:33:42.399 recently started diving into plugins 753 00:33:42.399 --> 00:33:45.360 again myself recently with the advent of 754 00:33:45.360 --> 00:33:47.519 AI to do all my typing for me because my 755 00:33:47.519 --> 00:33:48.840 typing skills 756 00:33:48.840 --> 00:33:51.840 suck which is which has always been my 757 00:33:51.840 --> 00:33:53.519 drawback from creating plugins because 758 00:33:53.519 --> 00:33:54.960 it takes me forever to type something 759 00:33:54.960 --> 00:33:57.919 out and not have a typo in it But I've 760 00:33:57.919 --> 00:33:59.600 been able to in the last several weeks 761 00:33:59.600 --> 00:34:02.080 release four basic plugins that are 762 00:34:02.080 --> 00:34:04.559 there we go that are really quite nice 763 00:34:04.559 --> 00:34:06.720 and plugins that I've mostly been using 764 00:34:06.720 --> 00:34:09.760 them as I'd mostly been throwing in the 765 00:34:09.760 --> 00:34:11.919 the code that turned in the plugins into 766 00:34:11.919 --> 00:34:13.599 the functions file which were just code 767 00:34:13.599 --> 00:34:15.200 snippets to do certain things I you know 768 00:34:15.200 --> 00:34:17.679 what I'm tired of editing the the 769 00:34:17.679 --> 00:34:20.480 functions file or WP 770 00:34:20.480 --> 00:34:22.560 uh config file Let's see if we can throw 771 00:34:22.560 --> 00:34:25.200 a plugin together So me and AI managed 772 00:34:25.200 --> 00:34:26.960 to pull them together and they work 773 00:34:26.960 --> 00:34:28.639 quite quite nicely I've released four of 774 00:34:28.639 --> 00:34:29.919 them in the last several weeks with 775 00:34:29.919 --> 00:34:32.960 three others in the uh queue Yeah Very 776 00:34:32.960 --> 00:34:34.960 nice Very nice Yeah it's really AI is 777 00:34:34.960 --> 00:34:37.280 definitely helpful Yeah it's changing 778 00:34:37.280 --> 00:34:40.240 everything Yeah And how do you think AI 779 00:34:40.240 --> 00:34:43.200 is going to impact this sort of problem 780 00:34:43.200 --> 00:34:46.399 you're having with uh with the security 781 00:34:46.399 --> 00:34:49.359 i mean I saw something today Mullen was 782 00:34:49.359 --> 00:34:51.919 asking about using AI to go after some 783 00:34:51.919 --> 00:34:54.359 of this stuff 784 00:34:54.359 --> 00:34:58.400 Um so you know I think it's it will 785 00:34:58.400 --> 00:35:00.320 impact particularly the security space 786 00:35:00.320 --> 00:35:03.200 in in very positive way because think 787 00:35:03.200 --> 00:35:06.800 about this up to this point up to the um 788 00:35:06.800 --> 00:35:08.839 rollout of generative 789 00:35:08.839 --> 00:35:11.599 AI what we had we had the ability to 790 00:35:11.599 --> 00:35:13.359 analyze a code with a static code 791 00:35:13.359 --> 00:35:16.079 analysis right which essentially you 792 00:35:16.079 --> 00:35:18.800 would have to explicitly code all these 793 00:35:18.800 --> 00:35:21.119 exceptions and rules that look 794 00:35:21.119 --> 00:35:22.640 suspicious 795 00:35:22.640 --> 00:35:25.599 With AI you don't have to do that Um you 796 00:35:25.599 --> 00:35:28.640 can still apply static code analysis to 797 00:35:28.640 --> 00:35:31.359 analyze the code base Uh but you can use 798 00:35:31.359 --> 00:35:34.480 also AI as additional dimension to 799 00:35:34.480 --> 00:35:36.880 deeper deepen understand like what 800 00:35:36.880 --> 00:35:39.119 exactly is going on in a code There is 801 00:35:39.119 --> 00:35:42.640 something that suspicious So it will 802 00:35:42.640 --> 00:35:45.920 positively impact it will make plugins 803 00:35:45.920 --> 00:35:50.240 uh more resilient to all kind of errors 804 00:35:50.240 --> 00:35:52.960 Um it will make them more secure because 805 00:35:52.960 --> 00:35:55.359 the code will be 806 00:35:55.359 --> 00:35:59.680 uh more secure Um will it solve all the 807 00:35:59.680 --> 00:36:02.079 security problems absolutely not No it's 808 00:36:02.079 --> 00:36:04.480 never going to solve everything No 809 00:36:04.480 --> 00:36:07.280 there's security is not an end state 810 00:36:07.280 --> 00:36:09.760 Security is ongoing process It's it's 811 00:36:09.760 --> 00:36:13.599 never it's it's like you know 812 00:36:13.599 --> 00:36:16.079 I can relate to that I've been playing 813 00:36:16.079 --> 00:36:19.359 around on the internet since 96 and I 814 00:36:19.359 --> 00:36:21.599 got serious about it in 99 when I opened 815 00:36:21.599 --> 00:36:24.400 my business and I've watched it go from 816 00:36:24.400 --> 00:36:27.920 the massive open state that it was to a 817 00:36:27.920 --> 00:36:31.200 constant arms race between the people 818 00:36:31.200 --> 00:36:33.200 who are trying to be nefarious and the 819 00:36:33.200 --> 00:36:34.680 people who are trying to protect 820 00:36:34.680 --> 00:36:38.000 everything and you know one year the 821 00:36:38.000 --> 00:36:40.240 nefarious is winning next year the white 822 00:36:40.240 --> 00:36:42.720 hat is winning It's just it's it's a 823 00:36:42.720 --> 00:36:45.359 constant battle and to see what happens 824 00:36:45.359 --> 00:36:48.720 and we can see it in um patch stack in 825 00:36:48.720 --> 00:36:50.560 particular with the stuff that they've 826 00:36:50.560 --> 00:36:52.880 launched in the last year and a half 827 00:36:52.880 --> 00:36:54.880 with their code bounty programs and 828 00:36:54.880 --> 00:36:58.240 everything The number of security flaws 829 00:36:58.240 --> 00:36:59.760 everyone thinks they've gone up Now 830 00:36:59.760 --> 00:37:02.000 they've always been there It's just now 831 00:37:02.000 --> 00:37:04.320 we're finding them you know That's right 832 00:37:04.320 --> 00:37:07.119 I think wasn't too long ago I read about 833 00:37:07.119 --> 00:37:10.480 a a zero day flaw they found in 834 00:37:10.480 --> 00:37:12.880 Microsoft you know and it had been there 835 00:37:12.880 --> 00:37:15.920 for a decade or more Yep You know so 836 00:37:15.920 --> 00:37:18.240 it's like it it they still exist The 837 00:37:18.240 --> 00:37:20.800 security it's like when the code's 838 00:37:20.800 --> 00:37:22.720 originally written it's written to the 839 00:37:22.720 --> 00:37:24.880 best it can be done but somebody else 840 00:37:24.880 --> 00:37:26.720 comes down the pike later and has a 841 00:37:26.720 --> 00:37:28.160 whole new way of thinking and looking at 842 00:37:28.160 --> 00:37:30.560 it and go "Wait a minute I can do this 843 00:37:30.560 --> 00:37:33.599 and bypass that." That's right That's 844 00:37:33.599 --> 00:37:37.280 right And um I you know here's another 845 00:37:37.280 --> 00:37:39.280 interesting thing about particularly 846 00:37:39.280 --> 00:37:41.760 WordPress uh security when it's come to 847 00:37:41.760 --> 00:37:44.079 vulnerabilities in the plugins You know 848 00:37:44.079 --> 00:37:46.240 we all looking into vulnerabilities in 849 00:37:46.240 --> 00:37:48.800 plug-in at as as this is one plugin 850 00:37:48.800 --> 00:37:51.680 there is vulnerability in it right but 851 00:37:51.680 --> 00:37:53.760 there is there are circumstances where 852 00:37:53.760 --> 00:37:56.800 two or more plugins collectively create 853 00:37:56.800 --> 00:37:59.119 one vulnerability 854 00:37:59.119 --> 00:38:01.920 Yeah Um speaking about patch stack they 855 00:38:01.920 --> 00:38:03.839 reached out to me uh I think it was a 856 00:38:03.839 --> 00:38:05.599 couple years ago and they like "Hey we 857 00:38:05.599 --> 00:38:07.920 found a vulnerability in your plug-in uh 858 00:38:07.920 --> 00:38:11.680 it allows to uh read the file uh file 859 00:38:11.680 --> 00:38:13.920 content any file content." And I was 860 00:38:13.920 --> 00:38:16.079 like "Hey wait a minute AM does not read 861 00:38:16.079 --> 00:38:18.400 any file content." And they're like "No 862 00:38:18.400 --> 00:38:20.960 AM allows to create a short code that 863 00:38:20.960 --> 00:38:24.680 invokes a function that is in other 864 00:38:24.680 --> 00:38:27.440 plug-in." And that plugin which happened 865 00:38:27.440 --> 00:38:30.560 to be a word fence and that plugin uh 866 00:38:30.560 --> 00:38:33.359 allows to read any file in a file system 867 00:38:33.359 --> 00:38:36.960 Wow So yeah we are living in a very 868 00:38:36.960 --> 00:38:40.320 dynamic uh ecosystem where not only 869 00:38:40.320 --> 00:38:43.680 isolated plugin but combined multiple 870 00:38:43.680 --> 00:38:45.520 plugins can create a vulnerability Yeah 871 00:38:45.520 --> 00:38:47.200 By combining different things that 872 00:38:47.200 --> 00:38:50.800 people couldn't um or had wouldn't have 873 00:38:50.800 --> 00:38:52.240 thought of Yeah That's interesting 874 00:38:52.240 --> 00:38:54.960 Exactly Oh by the way uh since you you 875 00:38:54.960 --> 00:38:57.359 met Ryan from Influence WP he was here 876 00:38:57.359 --> 00:39:00.160 on the show watching So 877 00:39:00.160 --> 00:39:02.320 I I looked over at my comments and saw 878 00:39:02.320 --> 00:39:05.040 he gave us a clap 879 00:39:05.040 --> 00:39:08.400 We And we we actually living like five 880 00:39:08.400 --> 00:39:10.800 miles 10 miles away from each other Oh 881 00:39:10.800 --> 00:39:13.200 wow That's kind of cool Well Tell him hi 882 00:39:13.200 --> 00:39:16.400 for me He's a Go say hi to his boat He 883 00:39:16.400 --> 00:39:19.440 He He sent me an image about his boat 884 00:39:19.440 --> 00:39:21.680 Yes I will He's a great guy Yeah I'm 885 00:39:21.680 --> 00:39:22.880 definitely going to catch up with Well I 886 00:39:22.880 --> 00:39:24.720 interviewed him uh several weeks ago 887 00:39:24.720 --> 00:39:26.079 I've got an interview with him a few 888 00:39:26.079 --> 00:39:29.520 weeks ago So I thoroughly enjoyed that 889 00:39:29.520 --> 00:39:31.440 That's how I found him through through 890 00:39:31.440 --> 00:39:35.040 your um podcast Oh well that's good I'm 891 00:39:35.040 --> 00:39:37.359 glad to hear that the podcast is uh is 892 00:39:37.359 --> 00:39:40.640 is getting people on board Yes One of 893 00:39:40.640 --> 00:39:42.240 the things I'm trying to do is get more 894 00:39:42.240 --> 00:39:44.320 people on board with all the different 895 00:39:44.320 --> 00:39:46.160 opportunities in WordPress now because 896 00:39:46.160 --> 00:39:48.079 there are way more opportunities than 897 00:39:48.079 --> 00:39:50.880 there were Yeah and I appreciate it a 898 00:39:50.880 --> 00:39:54.320 lot All right Well looks like we're 899 00:39:54.320 --> 00:39:56.560 wrapping up here Got one one thing here 900 00:39:56.560 --> 00:39:59.200 for the end of it Um let's end with some 901 00:39:59.200 --> 00:40:02.480 fun If AM was a superhero what 902 00:40:02.480 --> 00:40:04.640 superpower would it be and how would it 903 00:40:04.640 --> 00:40:07.800 save the day for WordPress users 904 00:40:07.800 --> 00:40:10.960 jeez that is a trick That is a tricky 905 00:40:10.960 --> 00:40:12.599 question 906 00:40:12.599 --> 00:40:15.359 Um a superhero You know I'm not really 907 00:40:15.359 --> 00:40:18.359 into superhero on this 908 00:40:18.359 --> 00:40:22.359 comic button 909 00:40:25.000 --> 00:40:28.800 Um all right You You got me really real 910 00:40:28.800 --> 00:40:32.079 well on that It could be a superhero 911 00:40:32.079 --> 00:40:35.040 Okay Well I I still remember all the 912 00:40:35.040 --> 00:40:37.200 ones from when I was a kid I'm thinking 913 00:40:37.200 --> 00:40:39.359 Hulk myself you know You know what 914 00:40:39.359 --> 00:40:42.400 that's big strong Come on pound your way 915 00:40:42.400 --> 00:40:44.400 through here Let's uh let's block the 916 00:40:44.400 --> 00:40:48.560 path Hulk is a is a is a decent Yeah 917 00:40:48.560 --> 00:40:50.320 this is a decent analogy It's it's 918 00:40:50.320 --> 00:40:53.520 strong It's powerful It's agile Yeah And 919 00:40:53.520 --> 00:40:55.680 uh and it scales up and down It scales 920 00:40:55.680 --> 00:40:59.440 up and down Yeah Depend on what you need 921 00:40:59.440 --> 00:41:02.160 That's right That's right 922 00:41:02.160 --> 00:41:04.800 All right Well thanks Basil I greatly 923 00:41:04.800 --> 00:41:07.119 appreciate your time This has been lots 924 00:41:07.119 --> 00:41:10.319 of fun and I uh like I said this will be 925 00:41:10.319 --> 00:41:13.760 uh out on uh the live stream is already 926 00:41:13.760 --> 00:41:15.359 up and running for people to listen to 927 00:41:15.359 --> 00:41:18.079 and uh the live podcast the podcast 928 00:41:18.079 --> 00:41:20.160 itself will go out in the next 24 hours 929 00:41:20.160 --> 00:41:22.800 along with the show notes All right I'm 930 00:41:22.800 --> 00:41:25.440 going to play my uh outro Don't run away 931 00:41:25.440 --> 00:41:28.480 on me and I will be right back in a 932 00:41:28.480 --> 00:41:31.520 moment or two Thank you John Reminders 933 00:41:31.520 --> 00:41:34.240 for the show All show notes can be found 934 00:41:34.240 --> 00:41:36.119 at 935 00:41:36.119 --> 00:41:38.079 wppluginsz.com And while you're there 936 00:41:38.079 --> 00:41:39.680 subscribe to the newsletter for more 937 00:41:39.680 --> 00:41:41.760 useful information delivered directly to 938 00:41:41.760 --> 00:41:45.520 your inbox WP Plugins A to Zed is a show 939 00:41:45.520 --> 00:41:47.760 that offers honest and unbiased reviews 940 00:41:47.760 --> 00:41:50.319 of plugins created by developers because 941 00:41:50.319 --> 00:41:52.960 you support the show Help keep the show 942 00:41:52.960 --> 00:41:56.720 honest and unbiased by going to 943 00:41:56.839 --> 00:41:58.400 wpplugins.com/donate and set the 944 00:41:58.400 --> 00:42:01.599 donation level that fits your budget 945 00:42:01.599 --> 00:42:03.760 Help us make the show better for you by 946 00:42:03.760 --> 00:42:05.680 subscribing and reviewing the show at 947 00:42:05.680 --> 00:42:08.000 Stitcher Radio Google Play and in the 948 00:42:08.000 --> 00:42:10.560 iTunes store You can also leave us a 949 00:42:10.560 --> 00:42:15.359 review on our Facebook page using wp 950 00:42:15.640 --> 00:42:17.760 plugins.com/fas You can also watch the 951 00:42:17.760 --> 00:42:19.839 show live on YouTube Check out the 952 00:42:19.839 --> 00:42:22.000 screencasts and training videos and 953 00:42:22.000 --> 00:42:23.599 remember to subscribe and hit the bell 954 00:42:23.599 --> 00:42:26.720 to get notifications of all new videos 955 00:42:26.720 --> 00:42:30.000 Follow the show on Twitter at wpplugins 956 00:42:30.000 --> 00:42:33.040 a toz John can also be reached at his 957 00:42:33.040 --> 00:42:34.359 website 958 00:42:34.359 --> 00:42:36.880 johnoverall.com or email him directly 959 00:42:36.880 --> 00:42:39.160 john at 960 00:42:39.160 --> 00:42:41.839 wpro.ca Thanks for joining us and have a 961 00:42:41.839 --> 00:42:44.160 great 962 00:42:47.240 --> 00:42:49.839 day Thanks for listening to the show 963 00:42:49.839 --> 00:42:51.800 This show is copyright by 964 00:42:51.800 --> 00:42:54.480 johnoverall.com So until next time have 965 00:42:54.480 --> 00:42:56.160 yourselves a good morning good afternoon 966 00:42:56.160 --> 00:42:57.680 or good evening wherever you happen to 967 00:42:57.680 --> 00:43:10.610 be out there on the globe 968 00:43:16.200 --> 00:43:18.400 today Sorry about that We're still 969 00:43:18.400 --> 00:43:20.240 streaming by the way for the moment And 970 00:43:20.240 --> 00:43:22.800 we will exit that in a minute 971 00:43:22.800 --> 00:43:25.680 I forgot to share the uh audio with you 972 00:43:25.680 --> 00:43:28.079 so you could hear the jingles and such 973 00:43:28.079 --> 00:43:30.400 that we're playing 974 00:43:30.400 --> 00:43:32.880 I I completely I completely forgot that 975 00:43:32.880 --> 00:43:35.520 it's like I'm still adapting to this 976 00:43:35.520 --> 00:43:37.599 format is what's happening because this 977 00:43:37.599 --> 00:43:40.560 is a new format for me and my brain 978 00:43:40.560 --> 00:43:44.560 works in I need organization for 979 00:43:44.560 --> 00:43:45.920 everything to flow and when the 980 00:43:45.920 --> 00:43:48.319 organization's not there I get scattered 981 00:43:48.319 --> 00:43:50.079 I have found I've discovered coffee 982 00:43:50.079 --> 00:43:52.240 about a month ago and it is actually 983 00:43:52.240 --> 00:43:55.280 teaching me how to uh be more focused 984 00:43:55.280 --> 00:43:58.319 which is surprisingly you know mo all my 985 00:43:58.319 --> 00:43:59.760 life I couldn't stand coughing and all 986 00:43:59.760 --> 00:44:02.160 of a sudden it was good 987 00:44:02.160 --> 00:44:06.880 Yeah it's it's actually a good tool Yeah 988 00:44:06.880 --> 00:44:09.280 it's it's a ritual for me now at this 989 00:44:09.280 --> 00:44:11.520 point the coffee for me is a ritual when 990 00:44:11.520 --> 00:44:13.520 I need to be hyperfocused 991 00:44:13.520 --> 00:44:14.960 That's what it's becoming for me All 992 00:44:14.960 --> 00:44:18.480 right I'm gonna cut our streaming