WordPress Co-Founder: Biggest Acquisition Ever And Security Boost Incoming

Thomas Brewster,
Matt Mullenweg

Matt Mullenweg tells TechWeekEurope WordPress is planning to splash the cash on its largest ever acquisition and bolster its small security team

WordPress.com owner Automattic will make its most expensive acquisition ever next week, founder of the cloud company Matt Mullenweg told TechWeekEurope this morning.

Mullenweg wouldn’t reveal anything else about the purchase, other than to say it was “a service that I really like”, speaking at the GigaOM Structure:Europe conference.

The company behind WordPress.com, Automattic, has made numerous acquisitions in the past, but they have tended to be small, like the recent purchases of WordPress blog editor Poster and note-making app Simplenote. Expect something bigger in the coming days.

Automattic is in rude health too. It just announced another $75 million (£47.1m) of secondary capital investment, thanks to a purchase of Automattic stock from Tiger Global.

WordPress security boost

Police cyber security - Shutterstock - © Amy Walters

At the same time, the company is planning to invest more into security. Given many of WordPress.com’s customers are major media organisations, like the New York Post and CNN, which have faced serious attacks from groups like the Syrian Electronic Army, it sees a lot of unusual, targeted attacks. Security is therefore paramount.

WordPress users are regularly threatened by hackers, from distributed denial of service (DDoS) attacks to brute force attempts on logins, but the service only has a smallish security team of ten in an engineering workforce of 145, Mullenweg said. He is hoping to address that as quickly as possible.

“We are hiring security people as fast as we can,” Mullenweg told TechWeekEurope, admitting the right people were not easy to find. “It’s like iOS developers four years ago.”

There will be a greater focus on security education too, ensuring people are using sensible logins and keeping everything on WordPress, including the many plug-ins, up to date. Security researchers recently claimed they had found 18 vulnerable plugins, which were downloaded 18.5 million times, putting users at risk. Mullenweg said bugs would always be written into code, but WordPress could help iron them out before attackers take notice.

Mullenweg also promised to deliver in certain key areas in which WordPress.com will invest time and money. At the backend, extra scanning, using its own scanning code, will be introduced on top of the software that already comes with the VaultPress technology. Auto-updates will also be added across the base platform and for plug-ins.

The WordPress co-founder admitted the company wasn’t perfect on security, saying a big enough DDoS, like the 312Gbps hit aimed at Spamhaus earlier this year, would cause the platform serious problems. “It’s asymmetric warfare. You can only have so much capacity,” he added. “A big enough attack could take us down.”

Users will see improvements and benefit from extra capability at the backend when the next two major releases of WordPress, 3.7 and 3.8, arrive in October and December respectively. Mullenweg is leading the 3.8 version, returning to head up a major release for the first time in two years.

What do you know about Internet security? Find out with our quiz!