WP White Security is a company behind some WordPress security and admin plugins already present on over 450,000 websites, and trusted by top firms like Amazon, NASA, Disney, Sony, and more.
Website Planet, sat down with Muhammad Nadeem, the marketing manager of WP White Security , where they discussed how the company has reached where it is today, and what’s in the pipeline for the future.
UPDATE July 2023: WP White Security is now Melapress
This is only a rebranding – nothing changed about the plugins, support, and billing.
Same company, same great service. Just a better looking website and a name that reflects the company’s mission: creating top-class security plugins for WordPress
Please present WP White Security to our audience
WP White Security is a WordPress plugin development company. We are a startup at heart and embrace an agile and responsive mentality. We released our first plugin ten years ago and, since then, have grown to seven team members and seven plugins that focus on WordPress security and management for the website itself and its users.
Four of the plugins we develop follow a Freemium model with both free and premium versions available. These are WP Activity Log, MelaPress Login Security, WP 2FA, and CAPTCHA 4WP. The remaining three -Website File Changes Monitor, Admin Notices Manager, and Activity logs for MainWP – we offer for free.
WP Activity Log is our flagship product and the first product we ever offered. Initially, it was called WP Security Audit Log since it was more security-focused. Since then, we have expanded the scope of the plugin to include administrative logging as well, logging user and system activities, including third-party plugin support such as WooCommerce, Yoast, MemberPress, and many others.
MelaPress Login Security,
WP 2FA, and
CAPTCHA 4WP, on the other hand, are seeing increasing popularity, and we are confident that they will very soon become flagship products in their own right.
How does your mission differ from the other dev companies in your niche?
Our mission is to develop enterprise-grade WordPress plugins that are easy to use, accessible, and, more importantly, perhaps, customer-focused. All of our plugins are single-scope, meaning they focus on one thing and being the best at it. This has allowed us to develop plugins that are not only outstanding at what they do but also able to cater to various environments and use cases.
We also make it a point to offer all of our customers support, and take an interest in helping them achieve what they need to grow their businesses.
Who are your typical customers and what problems do they have when they come to you?
Due to our varied plugin portfolio, we tend to service all kinds of customers – from upcoming bloggers to large corporations, universities, and government agencies. Having said that, SMEs and large corporations do make up a large chunk of our customer base.
WordPress management is one of the biggest problems our customers face. This is where WP Activity Log comes in. Aside from the extensive logging capabilities, this plugin also allows our customers to manage user sessions, something that those with an e-commerce store or a membership-based website definitely appreciate. Speaking of e-stores and membership websites, spam tends to be another concern that our plugins address. The feedback we have received from customers in this regard shows that CAPTCHA 4WP has been instrumental in ensuring that spam is reduced to negligible levels while ensuring sales opportunities do not get buried in spam.
Security is another major concern that our plugins address. MelaPress Login Security, our recently-rebranded WordPress login security plugin, is making waves, thanks to its no-nonsense approach to securing login processes. Equally important is WP 2FA, which offers different 2FA methods and strong white labeling options.
And What makes them eventually choose you over your competitors?
Customer feedback tells us that ease of use and support are two of the biggest reasons why they choose us over our competitors. The entire team driving WP White Security forward is totally committed to what we do, and I believe that this shows in our plugins. Furthermore, as our plugins are single-scope, they truly deliver on what they promise rather than promising the world and delivering a mediocre product.
We also put serious emphasis on research and development, and try to cater to as many use cases as possible – even certain edge cases. We are always ready to listen to our customers, which has helped us develop products that customers can truly derive value from.
What are the best methods and tools to improve WordPress security apart from your plugins?
Keeping everything up to date is one of the best things anyone can do to secure their websites. It takes little to no time at all and is completely free. Enforcing the principle of least privilege, where users are given the permissions required to do their job and no more, is another low-hanging fruit.
Strong passwords and 2FA are a must, regardless of how these are implemented. Tech giants such as Google and Microsoft have rallied behind 2FA in particular, as have numerous agencies promoting cybersecurity. Plugins and themes should be researched before purchase and installation. Look for frequent updates and timely responses from the developers to any questions you may have. This will help you ensure you’ll get support should you need it.
WordPress hardening may require more technical expertise to implement than say installing a plugin, but it is not out of anyone’s reach.
How to know if a WordPress site has malware?
Malware comes in all shapes and sizes and, as such, can manifest differently. Running a scan using a malware scanner is an obvious thing to do, but there are other ways you can find out if your WordPress website has malware.
Regardless of the type of malware, however, it has to inject itself into your site, so a file changes monitor can be of great help. This plugin essentially takes a hash of your WordPress folders and compares it to a previous hash – alerting you of any changes it finds.
The next thing that should be monitored is website traffic. Look for any anomalies, including sharp increases or decreases. If you have Google Search Console configured, log in and check for any malware notifications.
If you have WP Activity Log installed, check for unusual activities such as the creation of new user accounts, changes in user roles, password resets, etc.
Is it safe to use cracked plugins for WordPress?
Cracked plugins, also known as nulled plugins suffer from one major drawback that should be a deal-breaker to anyone – they do not receive timely updates. This can put a website at serious risk should there be a security issue. Furthermore, there is no guarantee that the software does what it says on the box. Indeed, a high percentage of cracked plugins include malware such as backdoors – it’s much easier for a bad actor to embed malware in a premium plugin and distribute it freely than in any other way.
Cracked plugins do not include any support, which can leave you facing downtime with no one to help with issue resolution. They also harm the plugin developers, who have budgets dedicated to developing and improving the very plugins you need.
What do you see in the future of your industry, and how do you plan to cope?
While changes are inevitable, WordPress is still going strong, and we believe that it will continue to do so. Web3 and dApps will present some challenges down the road; however, we believe that we are nowhere near mass adoption yet. These technologies have many benefits, but they’re still in the infancy stages when everything is considered. We are confident that WordPress and the plugin market will evolve with it.
WordPress security will remain a hot topic, especially when you consider the geopolitical situations we find ourselves in these days. While we’re positive that things will calm down, it does move security concerns further up the priority list – something we are seeing across the board.
