Hello Security Plugin Aims to Educate WordPress Users on Web Security Best Practices

Hello Security is a new plugin developed by Michele Butcher that displays security tips and reminders in the WordPress backend. It’s a fork of Hello Dolly and Butcher’s first plugin submitted to the plugin directory.

Hello Security Tips
Hello Security Tips

Security best practices include PASSWORD is never a good password, backup all the things, and only give users the access they need. A full list of the tips used is located within the hello-security.php file.

Inspiration, Motivation, and Determination

For years, Butcher has avoided learning how to code. Thanks to a WordCamp session and inspirational members of the WordPress community, she now has a plugin of her own. In this short interview, we find out what held her back from developing plugins sooner and who inspired her to go through the process.

What held you back from writing your first plugin?

For the longest time, I didn’t want to learn how to code. I was a firm believer in that there’s a plugin for everything. Once I was motivated enough to create one, I didn’t know what to create first.

I have ideas for the types of plugins I want to make but I always find three plugins with similar functionality. The first WordPress plugin I’ve ever looked at the code for is Better WP Security, developed by Chris Wiegman that eventually turned into iThemes Security.

I knew I would have to dig deep into learning code before I could write a plugin that large. I discovered the best way to learn code is to jump in and read actively developed code. Once I became comfortable reading code, I started to get ideas on plugins to create.

What motivated you enough to go through with creating and releasing your first plugin?

I subconsciously kept telling myself to just make something. I eventually decided to get into plugin development and taking the first step was the hardest. I bounced ideas off of friends for a long time before I jumped in and just made one.

At WordCamp North Canton, I attended Topher DeRosia’s session, Introduction to WordPress Plugin Development. After the session was over, I realized I didn’t have to make something that has thousands of lines of code. I brainstormed ideas, thinking how I could use Hello Dolly.

What inspired you to write Hello Security?

The first idea that came to mind in using Hello Dolly was not security related. I initially thought of doing something fun like Hello Jovi (Bon Jovi lyrics) or Hello Marvel where I use awesome one liners from the various Marvel movies. Iron Man quotes alone would have given me at least 30 lines to work with.

I decided against doing something fun and make something that could be useful. Many of the quotes in Hello Security are things I say at all of my talks, tell every client after I clean their site, and mention to everyone who is getting into WordPress.

Hello Security is there to help those who are either new to WordPress or might not know how or why they should keep their site secure. It is a way to be proactive before something bad happens. Wiegman and DeRosia inspired me the most and I’m glad they did.

Informing Without Overwhelming

Hello Security is a good plugin that educates users on best practices related to web security without overwhelming them with information. I tested Hello Security on WordPress 4.2.2 and didn’t experience any issues. It’s available for free on WordPress.org and GitHub. Butcher encourages those who want to see a security tip added to submit a pull request on GitHub.


9 responses to “Hello Security Plugin Aims to Educate WordPress Users on Web Security Best Practices”

  1. It’s a nobel effort and with good motivation behind it. But as with another recent plugin that was introduced to notify users of security related plugin updates the major problem with these types of plugins is that people don’t keep their plugins updated so how can we expect them to install a plugin like this and actually use it? The short answer is they won’t. It’s a major problem that the community needs to find a way to address. Users aren’t updating even when all they need to do is click a link to do so.

    • Agreed. However, that doesn’t mean there isn’t use case for this kind of plugin. A lot of WordPress users first contact with WP is through having a website built for them. In this kind of scenario the plugin could be pre-installed for them so that they would be exposed to security best practices early on.

  2. I think it can be good in some cases, and I really applaud Michele’s efforts. This is an ongoing issue.

    What I think it boils down to, and Carl touched slightly on it, is that a large group of these people already know this.

    From experience what I see is the need for education and the continued pounding of these messages into a large percentage of users. And that’s easier said than done. For individuals who have been told and told again about the importance of security, this plugin will give them some friendly reminders and hopefully push them to do what needs to be done.

    For the others, who have heard it’s important, but also have been taunted with horror stories of update failures, or have not been even educated on the importance, even reminders won’t help. They are literally scared to death of what may happen when they update.

    It’s an ongoing issue as I said before. I see more people who are really starting to grasp the importance, but at the same time we have a long way to go. Maybe we need to start instilling confidence instead of being hell bent on filling them with fear. Overall, personally, with my own site and clients sites, I am seeing less and less issues with updates.

    Anyway, that’s my .02 :)

  3. Good to see you’ve entered into WordPress plugin development. I’ve not dared try my hand at it yet, but it’s really excellent to see you’ve put yourself out there and got something that people can download and use. I wish you all the luck in the world – keep at it!


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: