Post Status Happiness Hour Session Six

Transcript ↓

In this episode of the Post Status Happiness Hour, Michelle Frechette talks with Nathan Ingram and Kathy Zant. They delve into the critical topic of online security, emphasizing the necessity of user education, particularly for WordPress users. Nathan from Solid WP and the Academy introduces Monster Secure, a new course designed to help agencies educate their clients on security best practices. Kathy, an online security expert, shares her experiences and stresses the importance of security education for overall business protection. The discussion highlights the challenges of online security, the evolving nature of cyber threats, and the need for proactive measures to safeguard digital assets.

Top Takeaways:

• Security Awareness is Critical & Need for Vigilance: Effective security involves more than just technical measures; it requires continuous vigilance and education about potential threats. Kathy Zant and Nathan Ingram emphasize the importance of understanding and responding to security risks proactively.
• Education and Empowering Users: Both Kathy and Nathan stress the significance of educating users and clients about security. They argue that security knowledge should be accessible to everyone, not just experts.
• Security is for Everyone, Not Just Big Targets: Nathan explains that hackers don’t only target large, high-profile websites; they also exploit smaller, less-secure sites for resources. This underscores that security is a concern for everyone, regardless of the size or perceived importance of their website.

Mentioned In The Show:

• Thomas Raef
• WeWatchYourWebsite
• Solid WP
• Solid Academy
• Monster Secure
• Go Safely Online
• LearnDash
• Jack Kitterhing
• YouTube

🐦 You can follow Post Status and our guests on Twitter:

• Nathan Ingram  (Founder, MonsterSecure)
• Kathy Zant (Founder, MonsterSecure)
• Michelle Frechette (Director of Community Relations, Post Status)
• Olivia Bisset (Intern, Post Status)

The Post Status podcast is geared toward WordPress professionals, with interviews, news, and deep analysis. 📝

Browse our archives, and don’t forget to subscribe via iTunes, Google Podcasts, YouTube, Stitcher, Simplecast, or RSS. 🎧

Transcript

Michelle Frechette 00:00:01  Welcome to the post Happiness Hour. Kathy and Nathan, how are you today?

Nathan Ingram 00:00:08  Great.

Kathy Zant 00:00:09  Doing great. Is this my second? Am I, like your first guest that’s been here twice? 

Michelle Frechette: You are my first two time guest. That’s right. 

Kathy Zant: Damn I’m looking. I’m looking for those badges. 

Nathan Ingram: Haha. 

Michelle Frechette: Oh, and I had it playing for some reason. It, like, started running over on another browser, and I was like, hearing you double going. That is not good. So it’s been a day, folks. It’s been a day. But I am happy to be here with you in the Happiness Hour. So so welcome. It’s good to have you here. and I know I already asked you how you were doing, and then I couldn’t hear you because I just was hearing duplicate everything. So, Nathan, how are you today?

Nathan Ingram 00:00:49  I’m doing well, it’s been a day of odd issues, but I think everything is resolved, so, you know. All right.

Michelle Frechette 00:00:55  Even better. And, Kathy, you. How are you?

Kathy Zant 00:00:56  Yeah, I don’t know what it is this week, you know. Was it the full moon earlier this week? Because everyone I know is kind of going through a little bit of something and, you know, like, yeah, all of my like I had to buy new cables for things like cables. They don’t fail. Like how how is this a cable issue? But I had to buy a new cable to connect my computer to my monitor so that, and it, I tried this, like, weird thing, and it just didn’t work. Bubble gum and toothpicks don’t work anymore for cable replacement. 

Michelle Frechette: Who knew? Who knew? I see all those, like five minute, those five minute crafts or five minute videos, whatever they call, like how to fix a broken cable. I’m like the Dollar Tree. A trip to the Dollar Tree is how I fix a broken cable. Now, granted that every cable is a dollar, however.

Nathan Ingram 00:01:45  But yeah. So I have on the other side of this wall a cable collection.

Nathan Ingram 00:01:50  It’s a cork board, and there’s every cable known to man there that I’ve collected over the years. I thought I had lost it in my move. Few years ago and I was devastated. But then I found it. It was in a box. It was buried. It was wonderful.

Michelle Frechette 00:02:04  Is it like a museum to cables or are they actually useful cables?

Nathan Ingram 00:02:07  Oh no. No, there’s well, I mean there’s some that I will probably never use, but I just can’t bring myself to part with, you know, like there’s a, there’s a like older geeks will appreciate that I have this old BNC cable from like, an ancient, high res monitor. Nobody’s use that connector in 20 years. Probably.

Michelle Frechette 00:02:29  I mean yea BNC, you just lost me with the terminology altogether, and I think I’m older than you, so.

Nathan Ingram 00:02:35  You look to Google it. It’s old.

Michelle Frechette 00:02:36  I know I will, I will, I promise. 

Kathy Zant: So if there’s ever a cable apocalypse.

Nathan Ingram:  I got is the one I got right here.

Michelle Frechette 00:02:44  I have a box of what I call spaghetti. I’m like, I wonder what that went to. But just in case, I better keep it in the box because it’s a security blanket. It’s like having your umbrella in a sunny day. It’s not going to rain as long as I’m carrying my umbrella. Right. So.

Kathy Zant: There you go. 

Michelle Frechette: Speaking of security blankets, did you like that segway? 

Kathy Zant: Nice. 

Michelle Frechette: Not bad. Right? 

Kathy Zant: Yeah. 

Michelle Frechette: You both are much greater experts than I am on security. Nathan, you work with Solid WP and the Academy over there teaching people what to do that way. Kathy, you are like the the OG guru on security. Online security. I try not to. I stick my head in the sand and Kathy’s like, get your head out of the sand, Michelle. It’s time to pay attention. You have to pay your Social Security. Could be number, could be at risk. Over the last week, those kinds of things. 

Nathan Ingram: Yeah. 

Michelle Frechette: Could be right? So I gave a talk at a WordCamp Hamilton pre-pandemic.

Michelle Frechette 00:03:48  I love that that’s a phrase in our vernacular now, pre-pandemic. Right. On how to how to client proof your website. But also give them access to your website. Right. Like how you can do that. And it didn’t include like a lot of security security features that basically was like teach them this, that and the other. But then also remember that every time they make a mistake, you’re making money because you can charge them for that. I think, Nathan, I shared with you my little, meme that I had that was Bob Ross saying there are no accidents, just happy little opportunities to make money from your clients, that kind of thing.

Nathan Ingram 00:04:22  Love it, love it.

Michelle Frechette 00:04:25  But I think that what you all have here is much better than than what I could teach my my former customers, which was don’t touch anything, basically. Right. So we want to actually empower people to use their websites. They’ve paid for these websites. And a lot of people, especially the ones that don’t want to pay for ongoing maintenance and things like that, they need to be taught what what you can and cannot do safely within your own website.

Michelle Frechette 00:04:52  And so y’all have created a new course and things that do that. So I’m not going to try to put the words in your mouth. I did read the website, but I’m going to let you talk about I’ll let you tag team each other and decide who talks first. But tell us a little bit about what Monster Secure is and what it leads to. Because my first question was, I don’t want my customers to see that I think that they’re going to mess everything up. And you’re all like, we have an answer for that. So. So tell us a little bit about what Monster Secure is. 

Kathy Zant: You want you want to go Nathan?

Nathan Ingram 00:05:27  Rock paper scissors. Yeah, yeah. well okay. So I’ll start just the the a quick history. So the beginnings of this for me started, several months ago when on a Solid Academy live stream, we had Thomas Raef from WeWatchYourWebsite. if you don’t know, Thomas, Thomas is a delightful human being who is brilliant. And his service monitors over 18 million WordPress sites and he is a data guy.

Nathan Ingram 00:05:56  So he’s aggregating all this data of how vulnerabilities are actually occurring. And he came out with a report earlier this year that we link to in a tiny little reference link on MonsterSecure.com. That said, it’s essentially two thirds of all WordPress vulnerabilities come from user related issues like stolen session cookies and compromised login credentials. And only a third come from theme and plugin vulnerabilities. And so as a person who’s been in an agency since 1995 working with clients, this was terrifying because, you know, we’ve spent hours and hours, you know, developing protocols and spent money on security plugins and all these things. And then one untrained user could blow up the whole thing because they click the phishing link in an email and now their credentials are, stolen and so forth. So what I came to realize after that live stream was WordPress security has to involve user education. We have to teach people how to stay safe. And that’s when Kathy and I. Kathy was also doing a live stream on Solid Academy. I’m like, hey, what do you think about this? And she’s like, I’m thinking about this already, so why don’t you take it from there?

Kathy Zant 00:07:10  And one of the things that I think is so important, you know, security impacts everyone. I mean, you’ve talked to family members who are just like, oh, well, this is my password for everything. I was sitting at a WordCamp once. I sat down next to someone and they were having some problem with the customizer, and I was trying to help them, and they gave me their password and said, oh, this is my password for everything. I’m like, don’t, don’t tell me that and don’t do that. And I was just like, oh my gosh, how do I even start helping this person? 

Michelle Frechette: And let me guess, it was stuck on the password. One, two three. 

Kathy Zant: No, it was like, you know, this same type of thing. It’s like the dog and a number, you know, that type of thing. It’s probably like their zip code and their dog. 

Michelle Frechette: Gosh, nobody can crack that. Yeah. 

Kathy Zant: Yeah. That’ll you know, that’s not in a database anywhere, right? But I just got stuck on that and I’m like, I want to help people so bad. But I’ve just seen so many things, you know, having dealt with so many security issues and cleaned so many hacked sites and then done the actual investigation on how those sites got hacked, and then, you know, all of the different conversations I’d have with people, I’m just like, I kind of my one of my missions is, is security through education, you know, because it’s not just about WordPress, it’s about the bank accounts. It’s about your home network. It’s about protecting all of your assets, not just WordPress. But I feel like WordPress is kind of this gateway because so many people do want to own their own property online, and so many agencies are helping people do that. So I wanted to make security, not this thing that, you know, the hackers are doing in Vegas, though they do. But I want to make it very accessible because it is now a requirement for all of us to really be aware that any kind of these cyber security events can affect each and every one of us.

Kathy Zant 00:08:55  And so I wanted to make it extremely accessible to anyone. So I was I’ve been working I’ve got one course that’s kind of like a WordPress security mini course that I had done. And Nathan’s idea of like going just like even a step easier than that. I’m like, sign me up, let’s do it. And and so working together with Nathan, he really helped me kind of get into the mindset of one of these users. Also, the mindset of the agency that’s dealing with these users and helping them to uplevel their security awareness so that they can have this understanding that the decisions that they make can have an impact on everyone. You know, they they might make one decision of like, oh, well, Jen’s just going to be posting this great blog post. He can choose to use my login and whatever, you know, and they don’t think about the ramifications of that seemingly innocuous decision that could really affect a website that an agency has has spent a lot of time and a lot of energy to make perfect for this client.

Kathy Zant 00:09:56  And then one small decision that seems so innocuous can take everything down and create headaches for the client, headaches for the agency, and no one really wants that. But until you have that education upfront that you know, the decisions you make like that do have an impact. They don’t know. They don’t know until it happens to them. I was working with one agency. They had all of the, you know, it’s the everybody puts the sites in the cPanel until they have all of the sites in the cPanel get hacked, and then they’re like, oh, maybe I should do that, right? But they don’t know until it happens or until they hear a story about a security event that affected someone else and then like, oh, okay, well, maybe I better do this. So, you know, if there’s a break in in your neighborhood and somebody loses everything or something gets important, gets stolen from your neighbor, then it’s like, well, maybe I should put a security camera up and have the alarm system activated instead of just sign in the front yard.

Kathy Zant 00:10:51  You know, they start making better decisions because they’re aware of what is happening. So we wanted to just bring that home and make it so simple and easy for agencies to help their customers understand the ramifications of their decisions, so that all they have to do is just make this part of their onboarding, make this part of their like annual education for their customers. So it was it was fun to put this together. And I’m excited what it’s going to be able to do.

Michelle Frechette:  So that they should be proactive, not close the barn door after the horses got out kind of thing. Right?

Nathan Ingram 00:11:23  Yeah, exactly. And so the question is for agency owners. Okay. Yes, I understand I need to educate my users on security, but who has time for that? Like, right. There’s so much other stuff that we have to focus our attention on. And so what we decided to create was a course that in about 30 minutes, the average user could walk through, get the essentials of security.

Nathan Ingram 00:11:47  We’ll have some continuing education stuff added later, but the essentials to stay safe online. And through Monster Secure, an agency can go in and create a free agency account to view the course. And if they decide it’s something they want to integrate with their clients, they can upgrade into a plan, and then they can add all their clients into the course. They’ll be able to track their clients progress through the course and, you know, see who’s completed it and who hasn’t. People get a nice little certificate when they complete it. And our recommendation is, you know, you don’t let a client access the site until they’ve completed the security training. And this gives it kind of closes the loop on a really, you know, all the stuff that we do as an agency to have really good security practices. This closes the loop and helps us to educate users and keep them safe. To close that last little bit.

Michelle Frechette 00:12:41  That makes sense. So some of the things that you’re teaching there, are you teaching things like, security levels, like who should be an admin versus who should be an editor? Is that a part of it, or what are some of the topics that you cover?

Nathan Ingram 00:12:54  Yeah.

Nathan Ingram 00:12:55  Kathy, you want to talk about that?

Kathy Zant 00:12:56  Yeah, it’s been a while since I recorded it, I don’t remember. I do talk a little bit about, you know, what those types of roles are. But then also it’s really important if you are a client of an agency and you’re going to have like somebody, you just hired somebody new and you’re going to add them to the site, it’s really important that they communicate to the agency of like, okay, we have a new employee, they’re going to be doing this, or we have a contractor and they’re going to be doing this because you, you know, if an agency is in charge of security and they’re doing maintenance and things like that, and they come in and it’s like, you know, who the heck is this user? What’s this all about? And they’re not informed. So just understanding sort of that workflow, talk a lot about, you know, the security the security principle of least privilege, which is only give people access to the site for or anything for that matter, in order to do the job you’ve tasked them to do, you don’t give them access to everything, not sharing logins, those types of things.

Kathy Zant 00:13:52  But we also like how to set up twoFA, two factor authentication. There’s a lot of people out there. I think the last statistics I saw were about 30% of people are using two FA. It’s probably more now just because breaches and we used passwords and things are so much more. But the last time I saw was around 30% of people actually use two factor authentication. But I run into people all the time. They’re just like, they don’t understand what that acronym is. They, you know, well, my bank sends me a code via SMS, like, can’t you just do that? And they don’t understand the ramifications of how that is a problem. So understanding, you know, where we are right now with security is important. And then also, you know, really important to for agencies as new sort of exploits and new, hacker techniques of social engineering kind of come on. Like with the social care social security dump that happened or that happened like in April, but we heard about it for the first time last week.

Kathy Zant 00:14:49  Right now, we’re going to start seeing more sophisticated attacks where they’ve got more information about you when they’re socially engineering you. So it makes it sound even more realistic. And so people need to be aware that that is another tactic just because they know, you know, that you lived at 410 Franklin Street, you know, 30 years ago that. That just because they know that doesn’t mean that that that is a valid, legitimate person that is using that information. That information is now out in the open. So understanding sort of the security landscape and that education and that continuing education being available to clients, it it just makes the agencies job so much easier. And it’s such a critical part of WordPress security. And what a great way for an agency to differentiate themselves when they’re in the pitch process.

Michelle Frechette: Absolutely. 

Kathy Zant: When you’re like, hey, this is a part of what we do because we think it’s really important. And this doesn’t just affect your WordPress site, this affects your entire business. So we’re here to help you.

Kathy Zant 00:15:54  You’re not just not to just think about WordPress security, but to think about the security of the entire asset of the business that you’re that we’re representing on the web. It’s such a differentiator for an agency to be able to provide that kind of expertise.

Nathan Ingram: Absolutely.

Michelle Frechette:  Like you would have had you wouldn’t hand somebody the keys to your brick and mortar shop and not teach them how to use the locks. Right? 

Nathan Ingram: Right. 

Michelle Frechette: So why are you handing them the keys to the website without teaching them how to stay secure there? I’m going to, I’m going to bring it up on my screen and, we’ll talk a little bit about the site itself. So bear with me while I’m like multiple screens. I know, I love this guy. Hey, so the first thing I did. So, Nathan, you sent this to me a couple of weeks ago, and you’re like, hey, we can use this extra set of eyes like somebody that’s not in the weeds with it all the time. And I was like, so I reacted as though I was reading it for the first time because I was. And my first question to you was, I’m going to send this to my clients, and they’re going to see that I think they’re the weakest link. Wait, what? Exactly.

Nathan Ingram 00:16:59  No. So yeah. So this was something we thought about quite a bit because, you know, how in the world do you create a, a site that clients are going to see but still can speak to agencies. And so, you know, we’re talking about the problem that we’re facing. And so we actually have two sites. The site that speaks to agencies is what we’re looking at here, Monster Secure.com, which just explains this problem of, you know, the shared problem that we as agency owners have of how do we educate our clients. The course itself is on a separate website, which is Go Safely Online.com.

Michelle Frechette: All right. 

Nathan Ingram: So when the client goes to Go Safely Online, it looks like a consumer oriented security course, which it is. But you know, there’s nothing there’s no agency focus, you know, client problematic type language on this site. So and the reason we did that was twofold.

Nathan Ingram 00:17:54  First, so we could speak to agencies directly on Monster Secure. But also you can purchase a one off of this course like a one, you know, if you just want access, you can buy it for $99. We don’t expect to sell any of those. but what this allows the agency to do is say, look, we believe in security, just like you. somebody said a minute ago, we we we believe in security. It’s a differentiator for us. And as a matter of fact, we’re going to give you and all of your employees a free $99 security course. So it lets you, as the agency owner, be the hero, and still provide great education to the client.

Michelle Frechette 00:18:32  And, I mean, there’s no reason you can’t include that, include that in the cost of that. You’re you’re charging your client anyway, right? Like, build it in to the total cost of everything. So it’s included. It doesn’t. They’re not charging them anything extra, so to speak?

Nathan Ingram 00:18:46  No.  And the for the agency access pass. It’s a single it’s an annual cost that you can add as many clients as you want. So it’s something you could just roll into your standard onboarding and your standard website management package for all your clients. 

Michelle Frechette 00:19:02  Yep. And this is what this is about. Why two websites? I like this. Honestly, we didn’t want to offend anyone. We don’t want to tell them they’re the weakest link and that we think they’re going to muck up their own website.

Nathan Ingram 00:19:12  Even though they are and they probably might.

Michelle Frechette 00:19:14  And they will. That’s right. Yeah. I think this is beautiful. I told you that when you sent it to me, I didn’t even know that you were working on this. What? Why? Nathan, when I start talking to you, do I suddenly say, y’all? I don’t know.

Nathan Ingram 00:19:28  Because it’s the best word ever.

Kathy Zant 00:19:29  It is. 

Michelle Frechette: Seriously it just becomes part of my vernacular. .

Nathan Ingram 00:19:33  Got to get a little drawl in there. You got to give it a y’all.

Michelle Frechette 00:19:36  I’m. I’m a New Yorker. I mean, be happy. I’m just using the word at all. But this is awesome. you got your pricing on here. So you’ve got the unlimited access, the free agency access to give ideas to be able to give people a look through it and to see how it all works. I think this is wonderful.

Nathan Ingram 00:19:57  And I’m just realized I forgot to put our lifetime deal on this page, and I got to have to get that changed. We are offering a lifetime deal now with a discount. It’s a $397 lifetime deal until the end of September. Then it goes back up to $597. So there’s.

Michelle Frechette 00:20:14 You got to put it on there because.

Nathan Ingram 00:20:17  It’s on the other side. it’s in the upgrade path on on the Go Safely online site. Once you set up your free agency account. But I need to get it over here, too.

Michelle Frechette 00:20:25  Then people will know about it. Absolutely. I think that’s great. And I love the monster. We love the monster. Tell us about the monster.

Kathy Zant 00:20:32  Gotta love the monster. It kind of goes along with Monster Contracts? Right? Because you had Monster Contracts. And I’m. When we first started talking about this, I’m like this, you know if there’s just, like, something they could add into their contract that you have to take this course. So it just kind of felt like a natural fit with what Nathan was already doing. So.

Nathan Ingram 00:20:54  Yeah. And actually we just released the latest version of Monster Contracts yesterday, and it has, optional wording to have the Go Safely Online security course as a requirement. And by the way, that’s all all those resources are also there on the agency dashboard for Go Safely Online. There’s email templates to talk to your clients about this. There’s contract language. There’s a waiver. If a client decides they don’t want to do security training, they can sign a waiver acknowledging that they’re accepting risk and so forth. So all those agency tools are there as well. they’re on on ghost safely online once you upgrade, into the, the full membership.

Kathy Zant 00:21:34  So it’s not just a security course, it’s it’s really support for the entirety of dealing with customers. And security for an agency. And I love that part about it because there’s yeah, I mean, if you really wanted to go out and learn about WordPress security, there’s tons of resources available. Solid WP does tons of I mean, Nathan is a renowned expert in all that Solid offers, and there’s so much education over there. But this is really curated so that agencies can focus on what they do best. They don’t have to worry about all of this stuff. They can focus on building the best, highest conversion sites in the world for their clients and just slide this in there as another option. 

Michelle Frechette: Yeah, the statistics are kind of scary too, aren’t they? Like stolen session cookies, compromised login credentials, theme and plugin vulnerabilities. Yeah. There’s there’s, like, are you gonna follow this up with things like how to clean a hacked site when people don’t follow the, the rules that you created?

Nathan Ingram 00:22:38  I think on this product we’re going to stay in our lane. But I happen to know a great hack expert Kathy Zant..

Kathy Zant 00:22:45  Yeah, but even last a couple of weeks ago, I still was just like, you know, just get another server, get another DigitalOcean droplet, or go talk to Thomas like I’m not doing to do this one. You know, I still know where to send the ones that are going to be too much of a problem. So yeah, we just, you know, we can help. We can advise in many ways.

Michelle Frechette  00:23:06  Absolutely. 

Nathan Ingram: These really are scary statistics though I yeah, I remember when when I had Thomas on and we were talking through this issue, I really I jumped in and I said Thomas my words were this is terrifying. Like I as an agency owner, I don’t know how to deal with this yet. We have to educate our users.

Michelle Frechette 00:23:23  Yes. And big agencies deal with this for sure. I would argue that even freelancers, agencies of one, as I used to be, this would have been phenomenal, right? For me, because I was a one person show trying to juggle everything and train my customers and teach them this and try to make sure they weren’t messing things up.

Michelle Frechette 00:23:43  And I mean, this is of course, before we had some of the security measures we have now. But, because I haven’t been freelancing in quite a few years now, but it was a scary thing back then. And then somebody would message you and like, why is my site down? And then you realize that they shared their password with five people or whatever it was, and or somebody uploaded some plugin that should not have been uploaded and on the site went down. And all of those things that can cause, I don’t know, do we still see the white screen of death or is that a thing of the past?

Nathan Ingram 00:24:12  But thankfully a thing of the past, unless something really, really bad is going on.

Michelle Frechette 00:24:18  But even when you see, like the the code across the top, that’s telling you that your plugins aren’t working on line 25 of whatever, you know? Those are those are not fun to see. Right. And so, being able to have a customer like I would have spent that for sure to have a customer go through that and learn a little bit, especially if they wanted to log into their own site and make changes themselves for sure.

Michelle Frechette 00:24:42  Absolutely. If people are interested, I have I have a banner and I spelled things right. So if you’re if you’re interested, you can go to Monster Secure.com, to learn more and to really deep dive and do all the Q&A and everything there. so what are some of the goals that you have for this? How are you? I mean, obviously you’re here. I feel very honored. I think we’re the first podcast you’re doing about Monster Secure. I hope that you get to do many more. But how do you get the word out? How are people learning about it? how are you hoping that people will learn more about what you’re doing?

Nathan Ingram 00:25:17  Yeah. Well, Michelle, I thought you were going to just take care of that, right? Yeah. I mean, you’re talking. That’s all we need.

Michelle Frechette 00:25:26  I do what I can, I, but I don’t have that many followers.

Nathan Ingram 00:25:30  Oh, yeah. So, the podcasts are a great way. And then, we have, we’re going to be reaching out to our existing clients by email and, social media, the normal channels.

Nathan Ingram 00:25:41  The one thing I would recommend to folks, if you see this and you’re interested, go there to Monitor Secure. Sign up for a free agency account. Watch the course. It’ll take you about 30 minutes. See if it’s a good fit for your clients. you can read exactly how it works on Monster Secure. It explains the whole process. Once you once you’ve created your free agency account, there’s a video tour of the whole Go Safely online system that you can look at. It’s a good fit. Just jump in and try it.

Michelle Frechette 00:26:09  Yeah, absolutely. So we have a couple of comments. I’m not sure if they’re both still here, but this was when we were talking about passwords. I thought this was funny. So run Adam run says my password is good. Maybe not, maybe not. And then, this person says they use this widgets for Elfsite, and I have no idea what that means. I don’t know if that means anything to y’all, but. Okay, so I’m not sure if it has anything to do with with WordPress even, but.

Kathy Zant: I know Adam I don’t know widgets for off site, but something to look at.

Michelle Frechette 00:26:41  There you go. We’ll take a look at that another week for sure. Now I’m super excited for you, and I really do hope that people start to get the word. I’m going to go take the course. I’m going to find time in the next two weeks to take the course. And if you’ll let me, I’ll write a review for y’all.

Nathan Ingram: Please! 

Michelle Frechette: That you can use wherever you like. Yeah. so that I can at least give it some a time and attention and see what it looks like. And yeah, I, I would be happy. 

Kathy Zant: Don’t we have Affiliate Program, Nathan? We were going to.

Nathan Ingram 00:27:08  Do do have an Affiliate Program

Kathy Zant 00:27:09 Michelle, you could be.

Michelle Frechette:  I’ll be signing up. I will I be your first?

Nathan Ingram 00:27:18  No, actually.

Michelle Frechette 00:27:20  Man! Top five, first five? 

Nathan Ingram 00:27:25 Probably.

Michelle Frechette: Just say yes.

Nathan Ingram: If you do it immediately when we stop recording.

Michelle Frechette 00:27:26  Just say yes, make me feel like. No, it’s okay.

Nathan Ingram 00:27:31 Michelle you will always be the top affiliate. Always.

Michelle Frechette 00:27:35  Oh, yeah. But thank you, I will absolutely check that out and sign up to be an affiliate for you anytime.

Michelle Frechette 00:27:43  Nathan, would you like to tell a story about how you got your wits scared out of you in Canada by the man sitting behind me?

Nathan Ingram 00:27:54  Oh, my gosh.

Michelle Frechette 00:27:55  He can’t hear you right now, but.

Nathan Ingram 00:27:57  Oh  he can. Well, no, you have.

Michelle Frechette 00:27:58  You’re in my headphones. So that’s okay. He can watch the replay.

Nathan Ingram 00:27:59  I, I don’t know how this even started. We were having dinner, after, I think the second day of WordCamp Canada. And we were just the conversation went to practical jokes. And, your buddy there, over your shoulder has the best practical joke that I. And I’ve. I’ve since used it. My family hates him now. I’ve told the story. Every human in my family hates him now. But it’s this wonderful thing. Like when you’re backing up a car, you, if you have to time it just right, you, you bang your fist into your door and hit the brake at the same time, and it feels like you just hit somebody or backed it. And it is. It is brilliant and I love it.

Michelle Frechette 00:28:44  Are you and Cory Miller were sitting in the back seat? It was my car.

Nathan Ingram 00:28:50  Oh it was so great.

Michelle Frechette 00:28:51  Jeff was driving and we had told you all about it during dinner. We had already told you about it and we had literally half an hour earlier. We had been talking about it, but there was a lot of traffic in the parking lot. We were all kind of looking over our shoulders. See what he backs out. He does it and he got all three of us. All three of us thought he was the car next to us.

Nathan Ingram 00:29:13  It was so great.

Michelle Frechette 00:29:15  It was fun. It was fun. Don’t let that happen to your website. I just had to find a way to pull that back. Poor Kathy, almost spit out her water. But don’t let your website get into an accident for sure.

Nathan Ingram 00:29:31  Oh, it was, it was, and I’ve done it. I can’t tell you how many times I’ve pulled this since then.  It’s just that was my biggest takeaway from WordCamp Canada. I’m not sure what that says about me, but yeah.

Michelle Frechette 00:29:42  I don’t know. But it was a good camp. It was.

Nathan Ingram 00:29:44  It really was.

Michelle Frechette 00:29:48  Oh my goodness. So, Yeah. So what other things can we look forward to? Or what kinds of things would you like us to know? I don’t want to cut us off early if there’s more to talk about. But I’m super excited about what you guys are working on. Are there any other courses coming up that might even not be related to this? Things that you’d like people to know about?

Nathan Ingram 00:30:08  Kathy’s always working on stuff, right?

Michelle Frechette: She is. 

Kathy Zant  00:30:10 Oh, my gosh, the list is so long of things that I’m always working on. Well, I kind of made this commitment. Well, just there’s so much experience and I’m just going to put this out there for Jack Kitterhing from LearnDash actually encouraged me. You have so much knowledge and so much experience.

Kathy Zant 00:30:29  Start sharing it, get your YouTube, just put everything that even inspires you a little bit on YouTube and, and create courses. And I think all of us that have kind of been around the WordPress space, there’s new people coming into WordPress all the time. New agencies with new clients, and there’s so much, you know, helping them get to where we are with less time because we have gone through like sort of the wringer of experience and, and to basically shortcut their experience so that they are empowered, so important. So I’m really committed to helping people just kind of feel empowered with WordPress as much as possible and sort of demystify like the big scary security stuff, because when you really get down to it, security is not that hard. It’s just making good decisions. It’s being aware and, yeah, just trying to make it as easy as possible because I think we’re at the stage right now with our digital lives where we it’s not there’s no luxury in saying, oh, well, I just I don’t need to know that or that’s for security experts or whatever.

Michelle Frechette 00:31:40  Yeah. Oh for sure. next week I’m going to put this up here right now real quick. Find my banners. So next week I have,Danielle Zarcaro and Isla Waite. I misspelled her name. Sorry. Isla. There’s an E on there. I was doing everything so fast today. Isla from WP Accessibility Today. I’m also on the WP Accessibility Day organizing team. And we’re going to be talking about accessibility and why we have a 24 hour event coming up for accessibility. All the things. 

Kathy Zant: Wow. 

Michelle Frechette: But it’s there are certain steps, like there’s extra steps you take when you do things for accessibility. Like when I post an image anywhere, I now type out a description of what the image is. So anybody using a screen reader can know what that image looks like. It’s extra time, extra steps. And when you first start doing that, it feels so overwhelming to have to do that for everything, but it becomes second nature after you do it for a while.

Michelle Frechette 00:32:39  I think it’s parallel to security. I think that security feels like a lot of extra steps. It feels like a lot to learn when you’re first, like working on a website first doing those things. But it’s become second nature once you get in the habit of doing that. And I think that what you’ve got here for, agency clients helps them think about the fact that that it isn’t like you said, it doesn’t have to be hard. It is extra steps. But when you leave your house, you take the time to lock your door. When you’re in a parking lot, you take the time to lock your car. Make sure that your belongings aren’t seen through the windows. Put them in the trunk. There’s extra steps that we take to protect ourselves and our belongings in the physical, physical world. So when we can put things in perspective and help people think about taking those extra steps in the digital world as well, it just makes sense, right?

Nathan Ingram 00:33:32  Absolutely.

Michelle Frechette 00:33:33  And if you’ve ever had your identity or a credit card or a debit card or anything compromised, you will understand at that point in time how important it was for that. You had started taking those steps prior to that event. 

Kathy Zant: Yeah.

Nathan Zant: Absolutely. 

Michelle Frecette: I woke up, I woke up, oh gosh, several months ago, actually. It was like two weeks before I was supposed to go to Asia. I do not have credit cards. I have a debit card. That’s all I use, right? If I don’t have the cash, I don’t spend it. I woke up to a notification from my bank that somebody had tried to use my credit card to rent one of those razor scooters in another city. Now, first of all, I’m a disabled woman. I’m not standing on a scooter anywhere. So it wasn’t me. and they didn’t actually charge anything, but they attempted it. Well, they didn’t they just guessing numbers. At this point, it wasn’t even an actual like nobody that I knew, but I had to go through the process of getting in touch with my bank, having a new card issued, having it expedited so I’d have it for my trip. All of those things.

Michelle Frechette 00:34:32  But I had those in place, right? I have all those security measures put in through my bank. I had the notification set up to my text messaging. If I hadn’t had all that in place to begin with, it could have been truly disastrous and I could have had lost money and lost time, and then ended up traveling without the way to pay for myself as I went around. So putting those in place to begin with it really, I mean, to to use one of those lesser, lesser, you know, intelligent words. It sucks when that kind of stuff happens, right? But yeah, having the, the they’re going to come knocking at the door, they’re gonna try to get in your front door. They’re gonna check, you know, check if your car handles are open to the parking lot. They’re going to try to get in your website too. So making sure that you have those security measures in place just makes sense.

Nathan Ingram 00:35:22  Absolutely.

Michelle Frechette 00:35:25  And you are doing your part to help people understand that which I love.

Kathy Zant 00:35:29  Yeah. So Yep. Definitely. It’s, it’s one of those things where it’s just. And it’s kind of like, you know, I mean, some of the stories that I’ve seen of like, because I’ll go, you know, hacker story, I’ll sit and read the whole thing. There was one, story about SIM swapping back like long time ago that when it first started, like, really happening and mostly happening in the sort of crypto space. And this guy got targeted and his phone didn’t work, and he’s going to sleep and he’s like, hey, I’ll deal with it in the morning. And he’d walk through the whole time frame of like, what happened when. And he basically woke up the next morning, $100,000 poorer after his Coinbase account was drained. But it was there were so many like signs that had he just like said, okay, this I need to investigate this now. If he had just taken the time to investigate it as it was happening, it would have stopped. What all of the crazy things that had happened to him.

Kathy Zant 00:36:30  And so it just requires a little curiosity and diligence and not, like, brushing it off and saying, oh, well, I’ll just deal with that later. This is the most important thing. It’s like when you see certain signs like being able to like say, okay, this could be my phone. Not connecting to the cellular tower is not good. I need to investigate that now, that type of thing. So.

Michelle Frechette:  Yeah, absolutely. So for the people who say, let’s say the customer, not the agencies because they understand, but the customers who say, I’m just a little website, you know, they’re going to go after the Amazons and the Etsy’s and the eBay’s of the world. Why do I have to worry? What’s your response to that?

Nathan Ingram 00:37:13  Yeah, I mean, it’d be great if that was the case. Yeah. Is it is it easier to, you know, if you were let’s just say you were going to rob a store, right? Is it easier to rob a little place on the corner with without a security system? Or is it easier to rob. You know, a big, department store in the middle of the city with all sorts of, you know, various layers of security? But the bottom line is they’re not after you.

Nathan Ingram 00:37:41  They’re just after your server resources. Right? And they don’t care who you are. And it’s not like they’re individually looking at you. They’re they’re with automated bots. They’re scanning millions of websites. So it’s not about you. It’s about your server. Yeah.

Michelle Frechette 00:37:59  So yeah. So you don’t have to be an Amazon of the world to get. As a matter of fact what I’ve heard often is the low hanging fruit are the easier sites to target because the target and Amazon of the world, if we will, are the ones that have much higher security. So they don’t even attempt at a lot of the times, they’ll would much rather hit ten smaller sites than to try to keep breaking into something like Fort Knox.

Nathan Ingram 00:38:23  And more and more of what security experts are seeing is they’re not the hackers are not directly attacking. Well they are. They continue to directly attack the website, but now they attack the user talking about low hanging fruit. You know, folks with low technical knowledge or a lower understanding of security, they attack a user and they get some, malicious software installed on that, that person’s computer, and now they’re harvesting passwords to everywhere.

Nathan Ingram 00:38:47  And I think we talked about this earlier in brief, but, you know, the course we’ve created. Yes, it’s going to protect the WordPress site, but it’s also going to protect your bank login, your Amazon login, all the things. It’s about practicing good security so that you can stay safe online. That’s why we call that site Go Safely Online because it it really improves the average user’s security awareness, across the board. Now the real test. Kathy, I haven’t told you this. The real test is that later tonight, I’m going to give my mother the login to the course, and we’ll see what happens. Because I can tell you right now If I wanted any of her passwords, I would simply go into her bedroom and open. She has an old sewing table that she has her computer on, and if you open that middle area, all of her passwords are right there, which, I mean, they’re they’re just all right there. And I’m sure a lot of folks have that same approach. That is not the kind of password manager we’re talking about.

Michelle Frechette 00:39:51  Yeah, it’s it’s interesting you say that. So, it’s not out yet. It’ll be out on Friday, but, Underrepresented In Tech with Samah and I recorded yesterday, the, the fact that underrepresented communities often experience cybercrime at a higher rate than represented community. So Black, BIPOC, over 75, under 25, and Indigenous communities lose more money and oftentimes are more open to attack and criminal cybercrime then, then your typical white people. So and women especially also are our easy prey. And so and Kathy’s like, yep, that sounds right.

Kathy Zant: My, my mother in law who’s now passed, but we visited her right afterward WordCamp Miami. Was it 2019, like the very last WordCamp Miami.

Michelle Frechette: Pre-pandemic? 

Kathy Zant: Yeah. Pre-pandemic we went and visited her. She got and she we were in she was in like a little retirement community all kind of like little apartments, like condos. That. And we were talking to the woman who was sort of the manager of this little apartment complex, and she said, almost everyone in this complex has been scammed at one time or another.

Kathy Zant 00:41:10  It has happened to everyone. They’re just targeted. They’re less they’re more trusting of a phone call. They’re more trusting of, mail that comes to them just, you know, they. And the thing is, and what we noticed was once you got, once somebody gets scammed, it’s almost like there’s this list somewhere that they all just kind of share. 

Michelle Frechette: This one’s easy. 

Kathy Zant: Yes, exactly. I mean, it’s funny, but it’s kind of true. It’s like, oh, we got this one, you know, and these attacks on, there’s a video that I did recently about, this this company called Looked Lookout. Did they found one of these phishing kits that combined information from cellular phone calls, cellular SMS messages and phones, and email and all of this stuff, and then kind of profiled some of these people. And so they would send a text message to someone saying, you know, there’s this fraudulent attempt to buy something at Target, click here to decline. And they click there to decline. And it would start this entire process. It would send that would send a message to the hacker to call them. And then the hacker is speaking in perfect English and sound very professional, like they sound like they’re from the financial institution, and all of a sudden they’re handing over passwords over the phone and people are getting scammed that way. So it’s not just an email, it’s not just a text message. It’s now phone calls combined with emails. So it’s all together. And so you get one person who gets hit with all of these different things, and they’re corroborating the story of this initial text message. It doesn’t feel like a phishing attempt anymore. It feels like, oh my gosh, I am being defrauded. My bank accounts are at risk. I better work with this bank account representative and protect myself. But it’s so realistic of a scam. And it just happened to one of my college friends. I’m like, oh my gosh, it’s it’s happening to it’s happening a lot. So it’s really important for people to be vigilant and know what these sort of tactics are and being aware.

Kathy Zant 00:43:15  So this is where you go subscribe to my YouTube channel because as soon as I learn about them, I explain it to you. 

Michelle Frechette: Absolutely. And that’s just Kathy Znt everywhere all the places. On YouTube just Kathy Zant on you. 

Kathy Zant: Make it easy. I just feel sorry for the other Kathy Zant’s of the world. I know there are a couple.

Michelle Frechette: This is not incredibly related to your particular topic today, but as long as we’re on the topic of security, I follow a couple TikTok channels. You know, Kathy, it’s always going to come back to TikTok. If you and I are talking, I follow a couple TikTok channels that talk about their scamming the scammer channels. Right. 

Kathy Zant: Yeah those people are funny. 

Michelle Frechette: They have these banks of computers and they are pretending to be elderly. They are pretending and they’re on camera. You’re watching them as they are literally zeroing in on these call centers overseas. A lot of the times they’re in, you know, in, in a lot of them are in Asia, but they’re literally all over the world. And, they’ll pretend. And at the same time, they’re like, literally hacking back into their accounts like the other person and like taking, deleting all the records of all those people’s everything, and doing all that. So I made the mistake of just commenting on one of those videos, one of thousands of comments on a video. Since then, and this has been almost a year and I’m still at least once a week, I get messaged by accounts that look like that account that, that that put the video on, but I’m following that one. So if I’m getting messaged by something, I’m not following first clue. Right. But every single one of them says, oh, you experienced a hacker. We can help you clean that up. I’m like, first of all, that’s not what my comment was at all. My comment was like, way to go, go get them kind of thing. But I get at least one a week now. Saying contact us will help you get your money back.

Michelle Frechette 00:44:57  And I’m like, they are using scams to scam you now. Like they’re using the fixes to scam you. So you just the diligence has to be there to bring it back to WordPress. training your clients to use security the proper way and to make sure that they are logging out, that they have good passwords, like all of the things. Right? Is is just so important because you can’t be too vigilant when it comes to the security of your home or your digital home. 

Kathy Zant: Yeah, it’s crazy that you mentioned that because there’s so many I don’t expect to get like scammed by me saying, oh wow, great video and a video on social. But sure enough, you know, I told you about the weird thing that happened to me last week because I watched the video and it’s like, oh, this was fun. Oh, hello. And then I’m trying to get, really funny phishing messages. But, you know, I’m a I’m a student. I should just, like, do that for fun, right? 

Michelle Frechette: Well, and, you know, Keanu Reeves has followed me at least from seven different ones of his accounts.

Nathan Ingram00:45:59  Well. Why wouldn’t he?

Michelle Frechette 00:46:03  And the interesting thing to note is that man does not have social media. Like that is one of the biggest things we know about him is he just doesn’t do social right. Or if he does, it’s not a himself for sure. But yeah, seven different Keanu Reeves are calling me. 

Kathy Zant: Wow. 

Michelle Frechette: It’s always Keanu Reeves in a series of numbers afterwards, which is also, yeah, an indicator that it’s not real. But anyway. Yeah, I.

Kathy Zant 00:46:24  Just Keanu undercover.

Michelle Frechette: Ooo, maybe. You and I talked about scamming last week on WP Motivate. Where? I talked about the fact that Idris Elba. I must have put my finger up. My thumb up. I just Idris Elba wanted to marry me, but he wanted to make sure that I had enough money in my account to take care of myself so I wouldn’t have to rely on his millions of dollars. So I should give him access to my bank account so he could see that for himself.

Nathan Ingram: Clearly.

Michelle Frechette 00:46:53  Okay. I mean, what was I supposed to do? Of course I did it. No block, but yes, exactly. So for anybody watching go to Monster Secure.com to learn more about this product and to Go Safely Online that you can share with your customers. And just to bring it up one more time, next look, I, I actually corrected her spelling. Next week’s guests are Danielle Zarcaro and Isla Waite  from the Accessibility Day where we’re going to talk about the upcoming Accessibility Day, which is a 24 hour event beginning October 9th. And you can go to WP 2024 WP Accessibility day.com to learn about that. but I wanted to thank you both for taking some time to be here today. Any last words? Anything before we log off for the day?

Nathan Ingram 00:47:43  Thank you. Michelle, this is always fun. I always enjoy talking to you. And I appreciate you letting us talk about WordPress security.

Kathy Zant: Likewise.

Michelle Frechette 00:47:49  Yeah. My pleasure. Anything, Kathy. From you? I talk to you all the time

Kathy Zant 00:47:56  Great to be here. Yeah know.  Two of my favorite people in the whole wide world. And I hope we’re going to see each other in Portland at WordCamp Us. 

Nathan Ingram 00:48:05  Yay Portland. Yeah, just a few weeks coming up.

Michelle Frechette 00:48:08  I’m looking forward to it. Very good. Well, thank you both for being here. I appreciate you so much. and we’ll see everybody back here next week on the Post Status Happiness Hour Live. Thank you.