8 Questions with Sucuri Co-founder Tony Perez

Welcome to the fifth edition of Pagely’s interview series with some of the best known names in the WordPress community.

Today, we are fortunate enough to have Sucuri co-founder, and all-round WordPress security expert, Tony Perez.

For those unfamiliar, Sucuri is a well-respected website security company, specializing in malware detection, prevention, and cleanup. Tony and the Sucuri team regularly post comprehensive security advice — a topic far too many of us take for granted — so be sure to check out their work over at the Sucuri blog. If you want to read more from Tony, be sure to check out his personal blog, www.perezbox.com, and even more of his security tips at www.tonyonsecurity.com. You get also get in touch with him via Twitter, @perezbox.

In today’s interview, Tony discusses how he found his place in the WordPress community, website security, and the future of the WordPress platform.

A big thanks to Tony for providing us with some comprehensive and insightful answers, let’s get on with the interview!


For readers less familiar with you, could you tell us a little about yourself and your WordPress background?

For those that don’t know, I work at Sucuri. Sucuri is a globally recognized website security firm, specializing in our ability to clean and protect websites. Many will say that Sucuri got its break in the WordPress environment, but the reality is that we’ve always been platform agnostic. We have, however, invested a great deal into understanding how the platform operates and how malicious actors aim to abuse it.

As an organization we’re recognized as one of the foremost thought leaders in WordPress / Website Security, and some will say I’m considered a subject matter expert in the field. However, I like to think of myself as someone that is just fascinated by the various threats website owners, especially WordPress website owners, face.

I personally operate and administrator a few different WordPress instances, and have frequented a number of WordCamps speaking on the subject of security. In 2011 I even assisted in the first WordCamp San Diego event — wow that feels like ages ago!

I should not be considered a developer or designer; I am somewhat technical, but more on the server administration and forensics side of the house. Albeit these days that’s probably a hard categorization as I focus more on business.


You’ve been in the WordPress community for several years now, but could you tell us how you first became involved with WordPress?

I was first introduced to the WordPress community by Dre Armeda in 2009. At the time I was operating as a defense contractor, traveling the world with my clients at Department of Defense. It was during a Christmas gathering that I found myself curious about what exactly Dre was doing. At the time I had a personal plan to run my own business in 5 years’ time, and found myself looking for new opportunities.

At the time Dre was doing a lot of freelance work, and so during Christmas dinner, I asked, why don’t we just start a company doing this WordPress stuff? That’s when CubicTwo was formed, a small boutique agency. This was before the power houses of today. We had grand plans for CubicTwo; we wanted to create an entity that consumed a number of other agencies and push the development up market into larger businesses. This was during a time when hourly rates were a measly $20 / hour and I was coming from an environment where the standard was $200 – $300 / hour. My background was in enterprise application design, development and deployment, specifically focused on Department of Defense. Needless to say, the budgets / projects I was coming from were very large.

Around this same time, Dre was dabbling in a little open-source project known as OSSEC Host Intrusion Detection System (HIDS), built and operated by a guy named Daniel Cid. Daniel Cid is the technical Founder of what you know of as Sucuri today.


During your time in the community, what different areas have you been involved with?

There was a very short stint where I was trying to volunteer with the Foundation on a couple of initiatives but that was long ago and don’t think can be considered very valuable or effective to the community. I’ve mostly been involved in security, research and education.


What has been the best thing about working with WordPress for you?

I always joke that WordPress makes up 30% of my business, and 90% of my headaches. I’m only partially joking with that statement, but I think it’s also because I choose to allow it to be that impactful. There is something special about the WordPress community.

The community I participate in, I realize is probably less than 1% of the actual community, and that’s ok. It’s still exciting to engage, although I think as the platform continues to mature, that small community I grew up in is growing and evolving. There are so many new faces, so many new influencers and contributors. At times it’s difficult to keep track of all the awesome growth.

It’s been awesome seeing the community grow and mature. I chuckle when I look around at events and see people wearing their blazers and talking fancy talk about business.


How has the WordPress community changed since you started?

I can’t ignore its adoption and impact on the web as a whole. It now powers over 23% or of the web — that’s an amazing number. A few years back you couldn’t utter WordPress in some circles, and organizations would just shrug it off. That’s no longer the case; these days WordPress has become common language at organizations of all sizes. It’s being discussed up and down the decision making chain and the discussion has changed from “What is this WordPress thing?” to “How do we deploy WordPress within our stack?”

The entire game is changing before our very eyes.

As for the community specifically, it’s hard to say. It definitely feels different, but I can’t put my finger on the why. I can’t figure out if it’s because there are so many new players, or if I’ve just been in my own world. The people that were starting off in the early days are now huge influencers.


What advice would you give to anyone getting started with WordPress? Which direction would you yourself go if you were starting over again?

There is this saying, “you always forget what it is not to know.” I think this applies here for me; where would I even start today? Gosh, I think I would start very slow. It’s like I tell a lot of folks that start working for Sucuri, sometimes it’s ok to have nothing of value to add when you first start. I think this is smart, even today.

It’s especially true in the WordPress community. Remember that this is a marathon, not a sprint; slow and steady will most definitely win the race. In this community especially, giving back without wanting anything in return often renders the most return. Look to see how you can get involved in your local communities, even foreign ones via social media (i.e., Twitter, Facebook, etc.). You gain a lot of accolades by selflessly giving; this community, more than others, believes heavily in the idea of reciprocity. Don’t fall into the trap of looking for the perceived influencers, instead sit back and form your own opinion. Almost everyone in the community is open and willing to engage; be mindful of their lives and time constraints, and the results will be positive. You can’t approach the community aggressively, and be sure you’ve done your homework. Also, remember this community has been around for many years now — one cannot just show up and demand change. Learn to work within the world that is the community, then look to leave your mark.


What do you think the biggest mistakes WordPress website owners are making?

Oh this one is simple: WordPress website owners are making the mistake of thinking that security is a Do It Yourself (DIY) project. Then again, this is not really their fault, rather ours in the community.

I look at the amount of misinformation around security and it’s easy to understand why there is so much confusion. I used to think that through awareness and education we could make a difference, but the reality is that the projects adoption is quickly outpacing our ability to reach and engage with the real users. In the “community” we like to believe we are the users, and we forget that we’re but 1% of the real community and in reality the community is really a subset of communities all meshed into what we see to be one.


What do you think the future of WordPress holds? What would you like to see?

I think the future of WordPress is going to be very interesting. I know everyone is excited about the 23% and greater market share, but I look at it with caution.

Here are my thoughts on its future:

  • I think that platforms like SquareSpace, Wix, Weebly are definitely growing in adoption rate and they target the exact audience WordPress was originally designed for — the product consumers, or prosumers as I like to think of them. I think everyone in the WordPress ecosystem realizes this; it’s why we continue to see these .com like experiences. I think more and more the community will be encouraging website owners to move beyond the self-hosted approach, at least in the micro business sector. It’ll suck for a number of businesses that market to that demographic, but will be inevitable; it’s the only way you can ensure the experience the website owner has with WordPress, especially with security. I think you’ll see these .com like experiences be facilitated through things like the mandatory deployment of JetPack. As WordPress gains ground, the hosts will have their hands forced into providing similar experiences as well — we already see this with solutions like the ones GoDaddy, Dreamhost and so many others are providing.
  • I hear things like, 2015 will be the year WordPress turns into a platform. Yet two years ago it was the year it turns into a CMS, and before that it was just a blogging platform. I commend the direction and vision, but worry as the platform continues to evolve. Consumers are a finicky breed, they just want something simple to use. I fear that as the platform continues to evolve, new opportunities for other platforms will be introduced. This makes me think that in the years to come, the demographic (audience) of the platform might start to change. The DIY market is actually a lot smaller than we all think it is, and will continue to shrink.
  • I think that security will continue to be an issue and at the top of every website owners mind, especially the larger enterprise. I think it’s fair to say it’s important enough to organizations like Automattic with their heavy investments in things like BruteProtect and new malware scanning features and new guidelines around auto-updates. Unfortunately, I speak with a lot of enterprise entities, and while we as a community see the platform as a mature solution, they don’t. Large enterprises still don’t see WordPress as a formidable application; I think this is something that many agencies are trying to change and focus on.
  • We already know that mobile is a big thing, not just for WordPress but for every other technology in the market. It’s only common sense to see the focus in this domain. I think that solutions like AppPresser, for instance, are ingenious and many might not realize these existing solutions are already building the gap that everyone is talking about. We just saw news from Google introducing new search ranking points for mobile ready websites, I think it’s only time before we see this start to become part of the core application.
  • Things are very different these days, it’s not 2 or 3 years ago when there was all this debate about the project leadership. I still hear it whispered in halls and after a few drinks, though. I think it’s inevitable that it’ll come up again. I personally worry about the blurred lines between the Foundation and Automattic, especially as the private company gets bigger — lines get more blurred. I do believe that sometime in the future this will become a bigger challenge and a point for intense discussion / debate. When that is, I have no idea. Then again, as I mentioned before, the actual users of the platform could honestly care less to the nonsense that consumes our days so who knows. I could be way off on this one.

In any event, a bit winded, but here are the 5 things I see in the future of WordPress. No matter how you cut it, it’ll be vastly different to the platform / community I was introduced to in 2009. We’ll likely look back and few will actually appreciate the changes or remember how it got to where it is. Such is life I suppose. I do think that its potential is great and we have yet to see what the little-engine-that-could really has to offer.

Final Thoughts

A huge thanks to Tony Perez for answering our questions, and raising some great points. As Tony points out, most WordPress webmasters seriously overlook the importance of security, and it’s well worth improving your knowledge in this area (or handing your site’s security over to someone who knows what they’re doing). Tony’s Sucuri is a really great security service, and the Sucuri blog and Tony on Security website are great resources for expanding your website security knowledge.

Another excellent point Tony raises; if you’re new to WordPress, take your time. You don’t have to know everything straight away, and it’s well worth taking the time to learn your skill, specialize, and find your place within the community. The WordPress community is a fantastic group of people, and if you reach out and try to offer value, you’ll fit in just fine.

I hope you enjoyed the interview, and I hope you stop by again next week when we’ll be interviewing another of the best-known WordPress names!

New Posts in your inbox