Before I get into the meat of this post I want to point out that I’ve written and re-written this post a few times over the last eight months in order to better reflect on the whole thing myself.
The Beginnings of Better WP Security
Back in 2010 (which might as well be the stone ages in WordPress time) I was working for the Aviation programs at Southern Illinois University in a position that was primarily responsible for digital marketing but also included tech support, server administration, fixing flight simulators and basically being responsible for anything that ran on electricity. With hundreds of folks in the departments including students, faculty and staff keeping up on any one area with only a student worker was a difficult task at best.
One of our biggest issues was, as in any large bureaucracy, politics. Even with the minimal amount of time I had I still managed to build one of the largest web presences on campus eclipsing that of other departments, colleges and even that of the central university website itself. That didn’t win us any love and threats that would’ve otherwise received a slap on the wrist, such as a hacked website, could have been disastrous for what we were trying to accomplish.
You see, hacks were happening all over campus and with such a large presence and a director of communications who had been threatening to kill our websites for years I simply couldn’t afford to be another victim. At the time I felt fairly secure with our main website, a self-built CMS that I was converting to Drupal, but it was our WordPress MU network that I didn’t know the technical details of very well and, as at the time I wasn’t all that crazy about WordPress, I didn’t really want to have to worry about it.
Well, like any good webadmin I started installing a lot of plugins by other people which actually wasn’t a bad solution but after a while, with almost 20 security plugins alone, keeping up with them when I didn’t really care for all of their features just wasn’t feasible anymore. I needed to learn the platform anyway so it was time to try to put together the security stuff myself using techniques I had mostly learned as a Drupal developer.
Here’s where Better WP Security was born. I started mashing together features of some of the plugins I liked while adding in some of the functionality we wanted as a department (like “Away mode”) to produce something that I could manage myself and would make sure I kept off of anyone’s radar by not being hacked.
Fortunately it worked. We never were hacked (although just before I left there campus’ main websites were and they asked to “borrow” me “for a few months” to clean it up), I was able to learn something about WordPress and keep track of the solution myself and everyone was happy. By October of that year I decided maybe someone else could use it all too so I posted it to WordPress.org and named it “Better WP Security” as, at least for me, it was better than anything else I had tried to that point.
Three Years Later
Well, the solution I built for myself also translated well to the needs of other people and by March of 2012 the project hit 50,000 downloads and folks started to donate to my time spent developing the plugin (it made around $4,000 that year).
2013 was even better. It hit 1,000,000 and donations (even before support charges) jumped almost 5-fold. It was so big I was no longer able to keep up and had to implement premium only support for folks who needed. This was a new revenue stream and the first official revenue stream for the plugin. Even though donations were good (and those were just from a single banner in the plugin that asked folks to donate to me to continue development), now I had something that seemed even better, a real revenue stream. Things were looking up.
This might seem like a great problem to have but it sure had some drawbacks, particularly as I was also teaching classes, reviewing books for APress and working a full-time job at the same time. In the Fall of 2013 I hit my limit. By October I couldn’t even keep up with the paid support model and wound up contracting someone else to do all of it.
So now people were getting support but there was still another big problem. In a niche that changes faster than the weather I simply had no time left over for any further development on the plugin. Others were getting new features I was getting older bug reports. That can’t last long.
So here I am paying someone else to do support of a stagnant plugin in a situation that basically equated to putting the project on life support. I either had to find a cure or put it out of its misery.
Cory Miller of iThemes first started talking to me about the plugin in early October of last year. It seems he locked himself out and in the process he saw the possibility of what a good security plugin could be.
What started out as a rather simple conversation quickly lead to something more as I realized that the medicine the project needed to get off life support wasn’t necessarily something I needed to provide myself but could in fact come in the form of selling the plugin to a group who had the resources to make more of it.
In the talks with Cory I did also talk to a few other groups but iThemes had a few things no one else did. First, they had Cory Miller and a proven history of building great stuff. Second, they have BackupBuddy and Exchange, two projects which make a rather perfect compliment to a security plugin. Finally, they had the right atmosphere combined a set of goals that lined up almost perfectly with where I knew the plugin would go.
It was, for all parties, the perfect match. It gave me the opportunity to take the plugin to the next level while allowing iThemes to pursue their own goal of a premium plugin suite that no one else could compare to.
So on Dec 1st, 2013 Better WP Security and I officially joined iThemes to move forward on the iThemes Security project and, as they say, the rest is history.