All right. And what are your future plans look like with really simple plug-ins?

Well, we, this year we decided to build out really simple SSL to more security, to to really simple security because the past few years we’ve seen that users are really expecting really simple SSL to be a full-fledged security plug-in. So that’s when we thought we have to maintain our, position in WordPress and just being about SSL won’t be enough in the long term. And last year we added, let’s encrypt SSL generation, but this year we will start focusing on extending the security parts of the plug-in.

No, that’s, that’s really good idea. I mean, right now we’re using one security plug-in. I, I don’t want to name it. I mean, that plug-in is pretty bloated. It’s so huge that whenever you migrate it, it, the website end up breaking it unless you know, OK, there’s this particular file which stores the exact path.

I like this tagline for WordPress.

Yeah, it’s a good idea.

Yeah. so, OK, we would like to know when was it that you entered to the world of WordPress and what motivated you?

Well, I had a, a webshop in, baking goods, at one point, and, I built it with, yeah, something like a page builder tool and not WordPress. And then someone asked me to build a site for them and I did it in WordPress and that’s how I got to know WordPress. And I really liked it and building that website, I learned more and more and in 2 years, I got to understand it and So that’s when in 2015 that customer asked me to switch a side to SSL and that’s when I made the switch to plug-ins.

And it seems that you then never looked back from them.

No, because, custom development for websites, it’s, it’s great to do, but it’s always you’re short in hours, the customer asks for more features within the same price. so it’s far more difficult to make a living from, building websites, and when you’re, selling plug-ins, you can build on the revenue, recurring revenue. And each year you have the recurring revenue from last year, so you have a solid base on which you can build a company and you can sell with the same ease, you can sell 5 plug-ins or 10 or 100, so it’s much more scalable.

Mhm. Yeah, that totally makes sense in my opinion as well. All right, so what is the one thing that you love about WordPress?

And when was the first word camp you attended, if you can recall?

The first wordcamp? Umm, this one.

Oh my God, and how did you find it so far?

It’s really cool. I, I love it. And I had the luck; I could talk about our own subject yesterday, so that makes it more fun to be here, ofcourse.

And how was the response of the audience?

It was great. It was, it was very, very full, the room, which is also great, of course, and I think the subject, the security headers, is a bit abstract, I think, so I was afraid that users would find it a bit difficult, but everybody was really interested and enthusiastic.

I mean, if the room is full, consider you have done a very good job.

Yeah, that’s what I thought.

Yeah. And how many people were there? Any estimate, like 1000?

Oh no, it wasn’t like the the main room; it was a workshop.

So, workshop is different, yeah.

Yeah, yeah. So it’s just, just a small room, but it was a pity not more people could come in because we could host only 40 people, but we had to send a lot of people away because there weren’t any more places.

You request for your team to add more places for the workshop from next year.Yeah, because also personally, there were a lot of workshops I wanted to visit, but they were all full already. So, because I was doing my own session, I couldn’t register yesterday for the other and when I could register, everything was booked. So there was a bit. So for me, I think it would be great if there were more places in the workshop rooms.

I hope the WordCamp organizing community is listening to this. Hello, Costas. He’s agreeing that they will take care of it. Anyways. So let’s talk about your workshop. Could you tell us a bit about that? What was it about, and how did it go?

Well, the subject was HTTP headers. And because a really simple SSL we started adding the HSTS security header in the premium plug-in, and there was a very logical step because H is a header which enforces SSL on the domain. And then I thought, well, why don’t add more security adders, so we started adding more and we came across issues and people gave feedback and so we learned a lot about how to handle this on engineingpache and with caching, which also has its challenges. So that’s why I thought, well, it’s very interesting to, to tell people about it because when security headers are configured correctly, it really protects your website visitors on the client sites, protecting from excessS attacks and click jacking and drive-by downloads, stuff like that. so I think it’s really important that people start using security headers and when you look at websites, it’s something I did yesterday as well, ask people to enter their own domain on security headers.com. And what you you see most people don’t score over an F and also major WordPress websites. score a D. often they have the HSTS HSTS header, but with a very short, lifetime of 5 minutes, which makes it pretty much useless. So, yeah, I think it’s very important to communicate that to the WordPress community.

Yeah, absolutely. I mean, I love that website Security Handers.com. I’ve used that in the past. but they, they have this option. If you do not select it, your results are published publicly. That’s the bad part. The rest is OK, my dear.

Yeah, yeah, it’s you can also check it with Cola, of course, but for a low, low entry, it’s very easy to use the website if you want to quickly let users check how the website scores.

Yeah, and in my understanding or in my personal experience, CSP header was always complicated. How do you suggest people to handle that or is really simple plug-in, is planning to handle that in their, in the, in your premium plug-in?Well, how we do it is, we add an API and we enable the reporting mode in the CSP and, all. A requests that would be blocked with the enforced mode are passed through the API and then at this moment in the back end you see a list what what is blocked and then you can allow it or deny it. And we’re currently working on the version that automatically allows it, so you, it’s more of a learning mode. You enable the learning mode, you let it run for a few days and then you can check all these scripts, OK, and then you sign off on it and then it’s all good. And then, but there is an additional issue with CSP and WordPress as that you should not allow the unsafe inline attribute. And if you allow it, part of the, the, the, the point of CSP is gone. So, you actually need to use nonsense or hashes, but that’s, that’s pretty complicated. So that’s what we’re currently working on in a really simple SL to automate generating hashes for inline scripts. So you can really lock down everything in the website.

All right, yeah, then that makes sense. So, since your talk was about security, so we would like to know what message you would like to give to the website owners or developers, how they can secure their websites.

Yeah, I think for most users, some really simple steps are really important and very simple in most cases, unable to factor authentication, never use an admin, username, and keep your plug-ins updated. I think those are very basic steps that cover a lot of issues on the website.

And, and people normally blame that WordPress is insecure. What, what, what do you think about that?

Well, I don’t agree. I think there are a lot of issues I see are plug-ins that aren’t updated. And if you have a website and don’t update your plug-ins for 4 years, and then your site is hacked. I think nobody should be surprised then. So you always have to keep your software updated and it’s not only WordPress, it’s also any computer, Microsoft, Mac, so, I think it’s not that WordPress is insecure. I think WordPress is really big and there are a lot of users with not so much technical skills who are aren’t updating or maintaining their website very well.

So, if I understand it correctly, the analogy would be if a driver makes an accident, it’s not the fault of the car, it’s the fault of the driver.Yeah, I think so, and I think a really simple security can help there to make security easier and simpler.

Awesome. All right. So the next question is about, what is the message you would like to give to the people who are just starting in the world of WordPress?

As a developer or as a user?

as a user or a developer, doesn’t matter.

Yeah, well, I think, my point of view is as a developer, I think, and I think, I always encourage people to just get started, just start developing, start coding. it’s so much fun to create a plug-in, If you Google it, there’s so many, many tutorials about how to get started and just think of something very simple and get started and It will pay out in the end.

That is correct, just started it. All right. So, this segment is over. Let’s move on to our next segment which is life outside WordPress. So, what do you do other things that are not WordPress? I mean, what do you like to do in your free time?

I almost said WordPress, but, I just like my job. That’s, that’s all. But, I, of course, there are some other things. I have a small place at the lake and I love to sail and do some windsurfing there and, I’ll spend some time, I go to with my son to the soccer games each each time they have a home home game in the in the city. So that’s that’s how I like to spend my time.

That’s really nice. And which city you are from? Sorry, I forgot to ask earlier.from Groningen, the Netherlands Groningen.

Is it, is it somewhere north, south? or it’s in the northeastern part of the Netherlands?

It’s a bit, isolated in the sense that Netherlands is very densely populated in the western part of the country, and then if you go to the east, it’s, not so densely pop and then in the, in the northeastern parts you suddenly get a very nice city which is Groningen.

I would love to see it one day, yeah. All right. So, running a company can be stressful sometimes. So we would like to know, how do you de-stress yourself?

I like to run, I run with my daughter 3 times a week. We’re training for, running a marathon. So that’s, really helping me, empty my mind. We ran the half marathon last year in Lusenbaum, so we are already halfway, but I think the other half is the hard part of the marathon.

Absolutely finishing that is the hard part. Alright. So we are at the end of the interview. The last question we have is the Easter egg, as we call it. What is your favorite song?

My favorite song. Oh, it’s a very hard one, I can’t think of anything right now. I’m sorry. No.

is there any specific kind of genre that you will listen while working or that allows you to focus more?

Oh, yes, when, I, I really want to focus on the, on the development, I, I always put on some, classical piano music, which, really makes me focus.

huh. All right. Thank you so much for being part of the show. It’s lovely hosting you today.

Thanks, lots. It’s been great to be here. Thanks.

All right, until next time, guys, bye.