WordPress Co-Founder: Biggest Acquisition Ever And Security Boost Incoming

WordPress.com owner Automattic will make its most expensive acquisition ever next week, founder of the cloud company Matt Mullenweg told TechWeekEurope this morning.

Mullenweg wouldn’t reveal anything else about the purchase, other than to say it was “a service that I really like”, speaking at the GigaOM Structure:Europe conference.

The company behind WordPress.com, Automattic, has made numerous acquisitions in the past, but they have tended to be small, like the recent purchases of WordPress blog editor Poster and note-making app Simplenote. Expect something bigger in the coming days.

Automattic is in rude health too. It just announced another $75 million (£47.1m) of secondary capital investment, thanks to a purchase of Automattic stock from Tiger Global.

WordPress security boost

At the same time, the company is planning to invest more into security. Given many of WordPress.com’s customers are major media organisations, like the New York Post and CNN, which have faced serious attacks from groups like the Syrian Electronic Army, it sees a lot of unusual, targeted attacks. Security is therefore paramount.

WordPress users are regularly threatened by hackers, from distributed denial of service (DDoS) attacks to brute force attempts on logins, but the service only has a smallish security team of ten in an engineering workforce of 145, Mullenweg said. He is hoping to address that as quickly as possible.

“We are hiring security people as fast as we can,” Mullenweg told TechWeekEurope, admitting the right people were not easy to find. “It’s like iOS developers four years ago.”

There will be a greater focus on security education too, ensuring people are using sensible logins and keeping everything on WordPress, including the many plug-ins, up to date. Security researchers recently claimed they had found 18 vulnerable plugins, which were downloaded 18.5 million times, putting users at risk. Mullenweg said bugs would always be written into code, but WordPress could help iron them out before attackers take notice.

Mullenweg also promised to deliver in certain key areas in which WordPress.com will invest time and money. At the backend, extra scanning, using its own scanning code, will be introduced on top of the software that already comes with the VaultPress technology. Auto-updates will also be added across the base platform and for plug-ins.

The WordPress co-founder admitted the company wasn’t perfect on security, saying a big enough DDoS, like the 312Gbps hit aimed at Spamhaus earlier this year, would cause the platform serious problems. “It’s asymmetric warfare. You can only have so much capacity,” he added. “A big enough attack could take us down.”

Users will see improvements and benefit from extra capability at the backend when the next two major releases of WordPress, 3.7 and 3.8, arrive in October and December respectively. Mullenweg is leading the 3.8 version, returning to head up a major release for the first time in two years.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

12 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

14 hours ago