We Discuss All Things Security & Backup Connected to WordPress 2020!
Akshat Choudhar: is the founder of BlogVault & MalCare, a popular WordPress backup & security services. Over the past 3 years, we have built a premium WordPress backup & security solution with over 3300+ customers across the globe.
Special Offer Links for BlogVaul, MalCare and WP Remote
Discount Link for BlogVault: http://blogvault.net/pricing/?loc=COVIDWPT
Discount Link for MalCare: https://www.malcare.com/pricing/?loc=COVID19WPT
Discount Link for WP Remote: https://wpremote.com/pricing/?loc=COVID19WPT
Jonathon: Welcome back folks to the WP Tonic Show. This is episode 488. Yes, we’re getting close to the big 500. And I’ll really be looking forward to this discussion. We’ve got the founder of Blog Vaults and Malcare two products which I highly use myself and I highly recommend. And we’ve got Akshat Choudhary. I have totally destroyed his name, but I’m going to let him introduce himself. Off you go.
Akshat: Alright, thanks Jonathan. Thanks everyone for having me. I’m glad to be a part of this. So I’m Akshat Choudhary. I think Jonathan almost got it right. And I’m the founder of Blog Vaults and Malcare. Those are the two main products of ours. There’s a ton of product called WP remote that’s up and coming.
Jonathon: I’ve got my great co-host Adrian who’s been having some minor technical troubles, but hopefully we have solved those. Adrian would you like to introduce yourself to the new listeners and viewers?
Adrian: Hi everybody. My name is Adrian. I’m the CEO and founder of a Groundhogg, a marketing automation and CRM business for WordPress.
Jonathon: That`s great. And before we go into the main part of the interview, I would like to just mention about our main sponsor, which is Kinsta hosting. Kinsta has been my main sponsor for the past almost three years. We’ve been using their hosting for the WP Tonic website. It’s been fantastic. You know, when I go to some other clients’ websites and they’re not using Kinsta. I think to myself, I really couldn’t go and use their hosting. I just got used to using Kinsta. It uses the power of Google and they’ve got their own interface, which is really very easy to use. And also they’ve got a superb technical support team. And if you’re looking for a quality hosting provider for yourself or for your clients that has WooCommerce, you got a e-learning website, go to Kinsta to have a look at their packages. And I suggest that you should sign up with them. You’re going to be delighted. And the main thing is tell them that you heard about them on the WP Tonic show. So Akshat how long have you been running Blog Vault? Because I think you started Blog Vault before Malcare. And why have the two separate companies in a way?
Akshat: So Blog Vault was started almost eight years ago. A little over eight years. I’ve been doing it full time.
Adrian: What is Blog Vault? Just for anybody who doesn’t know.
Akshat: Blog Vault is a WordPress backup service. It’s grown beyond that, but primarily it’s a WordPress backup service. And I call it a service and not a login because also it’s a complete service. It’s a SAS solution. It ensures that you backup your data and keep it safely so you don’t have to connect your own. Amazon is three or Dropbox account. And because it’s a complete service, you’re able to do incremental backups, which ensure that there’s no load on your site. We are able to back up like sites which are extremely large. I think the biggest we have done is over 300 GB in size. So that’s a quick intro about Blog Vaults. So yeah, I’ve been doing this for over eight years now.
Jonathon: I think it’s the best service of its kind. But what about Malcare, why did you start that and how long have you been running that?
Adrian: And what is it?
Jonathon: And what is it?
Akshat: Alright, so Malcare is the second product from Blog Vault. And I’ll go into the history of it. It’s actually quite because the other exact eight of it because really that date maybe we can put it as the data and monitor the domain. The product had been in the works for a long time. Now, as I mentioned, we’ve been running Blog World for quite some time. And one of the biggest reasons we saw people doing a restore from a backup, it was when the sites would get hacked. When we went in to help these customers out with the backup and with the hack. We realized that the sites would be hacked for months at the end. And because we store it, keep a history of the site. We would know that the site has been hacked for months. And they would use every single security products out there and those products would not find the malware.
And we thought, okay, maybe these guys totally unlucky and these guys are using some really complex malware. But then it kept happening. So we realized that if your site is hacked for months, that’s not a good thing. So maybe there’s a need for a better solution. And that’s how we started the chasing of finding a better way of removing malware and identifying malware. Forget removing, removing was further away and it took us, it took us over two years actually being a small team, investing such a large amount of energy.
In hindsight in hindsight is okay fine, but going in like the people who would advise me, they will be like, Oh, you’re stupid to be investing such a large amount of R and D and energy into choosing this thing, which you can’t even, we don’t even know if you can solve it. But looking back, we are glad that we spend our energy and time because we consistently now find malware despite every other product out there. And I think this is one of the best engineering work that, me and my team have done.
Adrian: I’m sure there’s a large group of potential entrepreneurs out there who’ve thrown in the towel early as a result of their perceived investment in both time and money for whatever their end result would have been. And it appears that you on the other hand did make the massive amount of investment in both time and money in order to produce this Malcare solution. Can you give us an idea of exactly what that investment was? How much time did it take, what did it cost until you actually had something usable?
Akshat: So again, there are two parts to it and something usable is a very important aspect. Something which I would advise like fellow entrepreneurs to where you draw the line of usability. But it did take us more than three years.
Adrian: Three years. That’s a long project ramp up time.
Akshat: And we put in some of our best engineers, so multiple engineers on the project to make it work.
Jonathon: Wow, that’s difficult to solve.
Akshat: It is a very tough problem and we are really happy with the solution that we have come up with. I have not seen anyone else approach it in the manner that we have. And we have certain advantages also because we’ve talked with so many customers from across the spectrum. The amount of data that we have access to, the amount of statistics that we have access to, allows us to solve the problem better than I think most people can.
Adrian: You were about to touch on usability. And it sounded like you had a couple of thoughts on what entrepreneurs should classify as usable. And I have mentioned several times on the show that an entrepreneur, if you’re creating a new product should launch as soon as you have something that might work. So I’m curious to hear what your thoughts are on where you draw the line on shipping a product and actually starting to sell it. Versus continuing to go through the R and D process.
Akshat: So Blog Vault and Malcare actually the exact end of us of the spectrum. When I started Blog Vault I built it like in two to three weeks. I thought it’s only a two to three week long project. Now looking back, that was stupid because it was that even today we are improving the product. I would be ashamed of the first version that I launched of Blog Vault. Whereas Malcare had we launched it maybe two years in instead of three or maybe one and a half years in, we started seeing the light in one and a half years in the approach we had to take. I think we still would have been the best product in the market one and a half years in.
Adrian: Instead of if you had gone in earlier, it still would have been great.
Akshat: Yeah. But once you have little success, that’s just to your own mistake as an entrepreneur is that was my mistake as an entrepreneur. You set yourself at a higher standard, which is detrimental to you as well as your company. So I would strongly recommend getting out there, getting it out there with a shittier product. If you think it’s going to add value and a lot of learning comes after the product line. Actually most of the learning comes after the product launches because what we assumed Malcare would it be in the sense how it would get used is very different from how it gets used today. We thought Malcare is a really amazing and secure scanner. It is sufficient to sell to the market because people would be amazed by it and it was not sufficient. We have to build more and more and more to build a complete solution around it. And even today there is more.
Adrian: Yeah, it’s super easy as a developer and as a product creator to get inside your own head and what you think people actually want and need. Versus what people actually want and need. And there’s usually a very large disparity between those two goalposts. And sometimes you can’t get that feedback that actually will make your product, 10 times better than somebody else’s. You need customers to give you that feedback, but you can’t get customers and you can’t get that feedback unless you actually put something out there. So if you end up spending however many months or however many years building a product and then you launch it. And then you realize that the solution that you solved is not the solution that the people needed, then that’s not a happy day.
Akshat: Absolutely. I think too, our words have not been spoken about launching products, so yes it’s something I totally believe in. I still think we can make an occasional mistake around it, so, so yeah. Have somebody to keep that sanity check to make sure that you’ve got things out. But looking back now and then you look at the longer, bigger picture. Yeah. It’s not going to make too much difference as long as you’re committed to making a great product.
Adrian: Well it looks like the three year ramp up time paid off for you at least.
Akshat: We got lucky. So how did not, you can imagine the company would have been really. That’s money that we would have lost. And being a small company, one of these things, we did like we are bootstrapped completely.
Adrian: It’s crazy too because three years is an eternity for technology. When you are a tech company 3 years is like is an eternity that like hundreds of thousands of companies rise and fall in that time span. And technology changes and like, bots change and they get more advanced and all of these things. So a problem that you started solving like three years in the past, you can end up three years later solving exactly different problem with the same name on the company. How did you manage that? Was there, is it just still the same problem?
Akshat: It’s still the same problem. Fortunately for us because we approached it again, the way we approached it was that’s from first principles. So that made a big difference. So the approach is right from principles of how hackers go about hacking sites.
Adrian: Explain that to people that don’t know.
Akshat: Alright, so first principles are doing just grow. okay, let me try and phrase it. But first principles is when you ask the most fundamental questions around any topic and especially if you want to learn something, you should always approach it like you should ask as the fundamental. So why is two plus two equal to four? Can you do that question first and then your specific domain. Once you start looking at it from the first principles, then that’s when you have a much clearer understanding of what the problem you are trying to solve and a better solution. If you take shortcuts around it and if you’re like, okay fine.
Because maybe I think there’s a lot of snake in the security market. People ask you to do 50 things without thinking of how it is going to really help your website. So what a lot of products make you do 50 things and then you get this false sense of security. It’s not that people have approached it or people building it are nefarious. It’s just that they’re not part of the problem from the ground up. And because of which you see that the solutions are either not long lasting, not as helpful to the customers.
Adrian: Wonderful. Jonathan.
Jonathon: So these three stocks for you are the perfect person to have on the show to discuss security. And why having backup, third party backup is also really important as well. Because I hear a lot of people when I use my company services as well. Let`s start off with backup. And then in the second half of the show we can talk about security. Now I hear a lot of clients saying to me well my site is backed up by my hosting provider so I don’t need a third party. And then I point out to them, well you need at least free types of backup really to have backup because you got to have redundancy. If you don’t have redundancy, you don’t have backup. I would imagine you’ve witness some terrible stories of people just relying on their hosting provider.
Is there any one that comes to mind that might point out why more than one backup?
Akshat: Yeah, so many of these stories, and again, when I started, I didn’t realize that these are the mistakes people make when, and this is why they need backups. So, you’re the hosting company and, I think this is, this is a fun example, which I’ve used quite often where one fine day our customers got into it, email from the hosting company, saying that they’re just shutting shop and everything. I think it’s lost. So basically the hosting company got compromised and there were the hackers asking for ransomware. So they were attacked with ransomware and they could not pay the transom. The, and they lost all the data and all the backup, then that would just, it’s at the yard right overnight. So at that time it definitely helped our customers out, but that’s like that that thing has happened and we have seen this happen.
It’s almost seems, like that’s the worst case situation and it would rarely, rarely happen. But we have seen that happen at another time. We had seen the most, most common actually, and this is something which happens a lot more often. So I think a lot of your audience will be able to relate to it if they just forget to renew their hosting their credit card on the file expires. And as a small business owner, once you sign up for hosting and your website is running, you don’t go back to your hosting panel and mess around with it and check, make sure that your card is on file. And some emails will come and hosting companies you 50 emails every now and then and you just done blind to it and then one fine day you realize that you’re hosting his account has been shut down.
Jonathon: I think the other one is on the cheaper side of the hosting. People don’t realize that most of these cheaper hosting providers, they will only provide like one months of continuous backups and you might not be aware that your site has been hacked for couple of months. And then when, when you go back to restore from your hosting provider, all the backups basically a compromised, I regularly see that. Is that something you regularly see?
Akshat: Yes, we see it quite often. And again, which is the main intention, the main reason why we got a rebuilt Mulcaire this happens very, very often and which is why we’re digressing, but which is like we always say that you cannot restore from a backup is not Oh the solution to getting hacked. Number one, you don’t know when you got hack number two. The backups might have malware on it. Number three, so you don’t know which the clean backup is. Number three, even if you restore from a backup, they might leave back. Those hackers might leave backdoors behind in others folder someplace. So until then, unless you completely wipe everything out and then restore from a backup, you will, there’s a high chance that you’ll still be hacked. So given all of this, yeah, backups, you need to be very careful of how you use your backups and obviously you will, yeah, it is, it is still very, very important to have as much backups as you can. So 30 days, 90 days for example.
Jonathon: Yeah. Well great advice. We are going to go for a break folks. We’re coming back on. We will have some more great advice about security in general. We’ll be back in a few moments’ folks.
Announcer: Are you a WordPress consultant or designer or small digital agency owner? Then you need WP tonic as your trusted white label developer partner for your next big e-learning or WooCommerce project. WP Tonic has the knowledge to help you build out custom functionality that your clients need in Learn Dash, Lifter LMS and WooCommerce. WP Tonic is well known and trusted in the WordPress community. They stand behind their work with a full, no question asked, 30 day money back guarantee. So don’t delay. Find out how WP Tonics white label services can help your agency today. Go to wp-tonic.com homepage and book a free consultation with Jonathan. That’s WP dash tonic. Just like the podcast.
Jonathon: We are coming back. We’re talking to the man that’s built a great backup service. Plus the malware is though he knows what he’s talking about when it comes to backup and malware. Just to finish off, I just want an example like what my own company’s position is. See, we normally take a copy clients website and then when we actually burn it to CD ROM. And it goes into a safe, I have in my house that’s fire and water prove. And then we take your product and then we take it off a continuous copy using your product. And then we got the backups from the hosting provider. So if they are compromised and it goes up, like it depends on the service provider they’ve got. But if it goes over that one month periods and then we go to yours.
And then we also manually try if the scanner doesn’t work and we bring you in, sometimes manually we have to look at all the fouls. But last result we’ve got our final, final backup that’s in the safe. So we, you know, which isn’t a pleasant experience to have to tell a client. Cause it could be months out of date, but at least we got something that we know is totally clean. Or as clean as the day we were brought in. Put it that way. So when it comes to security, what are some of the tips and insights do you think that people need to do to try and keep this site secure then?
Akshat: All right, so there are actually quite a few things you can do. In my opinion, and I could date up to that, 99% of sites get hacked because, so they have a vulnerable login or theme. So that’s the most important factor. Once you understand that, what’s the other 1% or 2%, they get hacked because they have a weak password and people have crashed that password. Now what happens is using a weak password today is totally unacceptable. I think they’ve solved the one aspect of security. So don’t use weak password. Use a tool like last pass or if we will into Chrome builds, it has a built in password. So just use a strong password that really helps you out because almost every site is getting scanned and people are looking to crack passwords on it. Now that’s the number one advice. There are other couples of things you can do too. Improve the security around passwords. Besides having a strong password.
You can do them something like, having a limit login capability where you prevent people who are attacking or doing multiple attempts, to not be able to do, to not get a free pass free pass. So they should, they will get blocked if they have made too many false attempts on your, on your website to log in. And you can also use something like dual factor authentication. Each one of these measures obviously comes with their downside. Remembering a difficult password is not easy. For a normal person to deal with you. We’ll talk about indication where you are, you lose your mobile phone, I can put you in a big, a lot of times we take it for granted, but it’s, it’s not, it’s not that simple. And finally, a lot of what he calls capture based systems obviously come with their own usability or accessibility problems.
So these are the three big ways we think you should protect your log. Again, that’s the other big agenda, the real elephant in the room is making how you protect your cell from well plugins. So I think every one of your listeners must have already heard it enough number of times, but it’s again, worth repeating, update your plugins, update your teams, right? I think having a service like WP tonic or it is really, really valuable because you make that job easier for a normal business to sit and spend that time updating the plugin and make sure that everything is working fine. At the end of it is non nontrivial. So it’s easy for us to say, update your plugins, update your plugins, and update your plugins. But if there is a huge amount of investment that goes into it, in fact our own plugins on Blog Vaults.
And I think they run about four or five websites, WordPress sites, which one of these, our marketing team is very of updating it every, every time an update comes out they got there. The last thing they want to do is break anything. You know, if the vendor website goes down and buys, we have grade backups and all of it, nobody wants to well through that pain and when times you don’t even realize that an update has broken something. So, so update is updating sounds easier than it is a redo a bunch of things to make it easier, but that’s a separate matter. So updating plugins is important. Now even to keep things updated. There are windows where, there are sites. The hackers can still get in because many times hackers are the first people to discover vulnerability. There are so many plugins out there. Not everything gets reviewed by, by security teams and hacker sometimes discovered it before anyone else. And there’s a, I can say that you will have vulnerable plugin, which, has a vulnerability which is known by a hacker even before you’re, you updated. So in such a case you will, you can get hacked. All right. Because yeah, yeah. Even if you keep everything up to date. And in this case, my preferred way of protecting you yourself, it’s through a firewall.
Well the firewalls will block any dangerous looking requests automatically. And this again reduces the surface area of what can happen with your surface area of your website. No, again, firewalls. Do you want me to go into it like five other different types of firewalls? You have free firewalls, plugging this firewalls, cloud based firewall. Everything has advantages, disadvantages, nothing is perfect, but they still helping. You’re using its official. Yeah. And that’s what this thing really is about.
Jonathon: And Malcare you do have a firewall that is a part of the package.
Akshat: Oh yes. We do have a firewall and we are constantly improving it. Actually, something I’m working on right now. Again, it’s been a yearlong project already. I think we are going to make WordPress but actually a significant percent of WordPress, almost unhackable. We’d like to solve these problems. Unfortunately they take a long, long time to solve them well, and we like, so we keep experiment, we keep working on it. We have our best engineers working on these problems. And personally, it’s like if you’re an engineer, you like solving puzzles and these are puzzles to solve and you did get the pull you in different directions. And doing it in the context of WordPress it’s a lot of fun. So this is something we’re trying to solve and make it even better. But nonetheless, even in the current state, a lot of firewalls do a fantastic job. They’re using the surface area. Finally, nothing is perfect. I can still get hacked. So have a good security scanner, something new, which is scanning your website, regularly.
Every day is I think once a day is my go to. For most of them that’s say that’s efficient. So, annual websites can well yeah as soon as you get hacked if ever and to take an action. And if you delay taking an action the longer I’m always around, the more damage a hacker will cause. And we have seen that entire spectrum of damaging cause. Its better that you discovered it first before your web host does or before Google does. There was, once Google does it then the penalty, their cost is way, way too high. In fact, that cost itself is scary enough for you to invest in a good solution.
Adrian: Oh, I was just perusing through the care site. And I wanted to pivot to a sales conversation because there’s kind of like the three, we talked about product, we talked about building the product, and now let’s talk a little bit about.
Jonathon: Well can we leave that for our bonus content actually, because we need to wrap up the podcast part of the show.
Adrian: Alright, well then there you go. We’re going to talk about selling in the bonus content, which is a reason for everybody to stick around.
Jonathon: Are you alright staying on for another 10, 15 minutes?
Akshat: Yeah, absolutely.
Jonathon: So I’m going to wrap up the podcast part of the show. How do they find out more about you, Blog Vault and Malcare? What’s the best way?
Akshat: So I’m a fairly private person, so you will rarely see me being extremely active. I am your graveyard who’s locked up writing code most of the time. But I am there on Twitter. And blogvault.net and malcare.net.
Jonathon: That’s great. And Adrian, where can people find out more about you and what you’re up to?
Adrian: So if you need help with marketing automation and you want to start building your list and start getting some marketing funnels going, you can go to Groundhogg.io to learn about our free WordPress plugin. That can help you do exactly that.
Jonathon: That’s great. And if you want to support the show, the best way is to go over to WP Tonic and join our monthly newsletter. It is really easy to sign up. And you could also anybody, any new member that signs up to the newsletter, um, they can win a prize. We are announcing our first winner tomorrow. That’s the best way to support the show. We’ll be back next week with another great guest and another great interview. We’ll see you soon folks.
Every Friday at 8:30am PST we have a great and hard-hitting round-table show with a group of WordPress developers, online business owners and WordPress junkies where we discuss the latest and most interesting WordPress and online articles/stories of the week. You can also watch the show LIVE every Friday at 8:30am PST on our Facebook WP-Tonic Show page. https://www.facebook.com/wptonic/