The Melapress Show

Building Modern WordPress Products in the AI Era | Vova Feldman (Freemius)

In this 50th episode of the Melapress Show, Vova Feldman, Founder & CEO of Freemius, joins Robert Abela to explore how AI is transforming the way WordPress products are built, maintained, and supported. While AI is making development faster than ever, many plugin vendors are discovering that speed alone doesn't solve the harder problems: technical debt, support at scale, product quality, and the growing complexity of modern SaaS-connected WordPress products. This conversation goes beyond the hype, offering a grounded look at where the ecosystem is heading and which skills and processes still matter in an AI-assisted world. Key topics include: - How AI is accelerating WordPress plugin and product development, and where the risks are emerging - Why technical debt is a growing problem as building speed outpaces engineering discipline - The evolution from standalone plugins to modern, SaaS-connected WordPress products - How to maintain product quality and reliability as operational complexity increases - Scaling support effectively without sacrificing the user experience - What engineering skills and development practices remain essential in the AI era 🎙️ Guest: Vova Feldman [https://www.linkedin.com/in/vovafeldman/], Founder & CEO at Freemius [https://freemius.com/] 🎙️ Host: Robert Abela [https://www.linkedin.com/in/robertabela/], Melapress [https://melapress.com/]

REGEXSS Demo: How Hackers Exploit Regular Expressions in WordPress | Matthew Rollings (Stealthcopter)

In Episode 49 of the Melapress Show, Matthew Rollings, application security professional and bug bounty hunter, joins Robert Abela to break down RegexXSS: a vulnerability class hiding in the regex code of WordPress plugins. Mat explains how post-sanitization regex manipulation can reintroduce cross-site scripting even after WordPress has done its job, and demonstrates how an attacker can leverage it to take over a full admin account. Many developers are unaware that using regex to parse or modify HTML, even after WordPress's built-in KSES sanitization, can introduce fresh XSS vectors. With over 70,000 WordPress plugins in existence, and regex used heavily throughout PHP development, this vulnerability class is both widespread and chronically under-reported. Mat has earned £20–30k in bug bounties from this single class alone. Key topics include: * The definition of RegexXSS and why it's distinct from conventional cross-site scripting * How WordPress sanitizes input by default and exactly where that protection ends * Why regex is fundamentally context-unaware and therefore unsafe for HTML manipulation * A step-by-step demo of abusing a regex deletion to smuggle a JavaScript payload * How XSS can be escalated to silent admin account creation in WordPress 🎙 Guest: Matthew Rollings [https://www.linkedin.com/in/mat-rollings], Application Security Professional 🎙️ Host: Robert Abela [https://www.linkedin.com/in/robertabela/], Melapress [https://melapress.com/]

Developer Advocacy, Enterprise WordPress & The WP Community Collective | Chris Reynolds (Pantheon)

WordPress powers nearly half the web, but the people doing the actual core work are often underfunded, under-supported, and contributing on their own time. Chris Reynolds has seen this firsthand as a long-time contributor, hosting team lead, and now as president of the WP Community Collective, an organization building a new model for independent, community-funded contributions to WordPress. In this conversation, Chris breaks down how the contribution pipeline actually works, why it's so hard to get started, and what WordPress could learn from Drupal's approach to community, governance, and funding. He also explains the three models the WP Community Collective uses: fellowships, projects, and individual sponsorships, and how businesses can support core work without taking on the overhead of hiring. Key topics include: * The WP Community Collective: what it is, how it works, and why it was founded * Why most WordPress core contributions come from a small number of companies * The real experience of trying to break into WordPress core development * How DrupalCon's governance model and mentored contributor days compare to WordPress * Commercial competition vs open source collaboration: where WordPress struggles * How businesses can sponsor contributors through the WP Community Collective 🎙 Guest: Chris Reynolds [https://www.linkedin.com/in/chrissreynolds/], Senior Developer Advocate at Pantheon [https://pantheon.io/] & President at WP Community Collective [https://www.thewpcommunitycollective.com/] 🎙️ Host: Robert Abela [https://www.linkedin.com/in/robertabela/], Melapress [https://melapress.com/]

How Enterprises & Businesses Approach WordPress Security | Dan Knauss

In Episode 47 of the Melapress Show, Dan Knauss, Solutions Architect (worked with Multidots and Solid Security), joins Robert Abela to break down the gap between how enterprises perceive WordPress security and what's actually driving risk in real production environments. Enterprise teams often enter WordPress security conversations shaped by headlines, vendor narratives, and secondhand assumptions rather than evidence, and the decisions that follow reflect that. Dan brings a practitioner's perspective on where this goes wrong, what it costs, and how to fix it. Key topics include: * How "WordPress is insecure" narratives form at the enterprise level, and who reinforces them * What actually happens inside an organization when a high-profile vulnerability report drops * The difference between the risks enterprises fixate on and the vulnerabilities that cause real incidents * Why security tooling often outpaces process, and why that makes environments harder to manage, not safer * How to evaluate WordPress security properly: plugins, vendors, hosting, and access control * Practical frameworks for communicating risk clearly to non-technical stakeholders and leadership 🎙 Guest: Dan Knauss [https://www.linkedin.com/in/danknauss], Solutions Architect and Technical Generalist 🎙️ Host: Robert Abela [https://www.linkedin.com/in/robertabela/], Melapress [https://melapress.com/]

WordPress Product Growth, Strategy, and What Actually Works | Matt Cromwell (Roots & Fruit)

In Episode 46 of the Melapress Show, Matt Cromwell, co-founder of GiveWP (acquired by StellarWP) and founder of Roots & Fruit, joins Bram Vergouwen to talk through what the GiveWP journey really looked like from the inside. A lot of WordPress product founders focus on building but underinvest in understanding their market, and that gap can make a big difference to how things turn out. Matt draws on his own experience to share what he's learned and what he focuses on when working with product companies today. Key topics include: * What the GiveWP growth story looked like and how the acquisition came together * Common strategic mistakes WordPress product founders make * How to use customer feedback and market signals to shape product decisions * Why chasing trends rarely works and what to pay attention to instead * How AI is changing the WordPress product landscape and what stays the same * What Roots & Fruit does and the kinds of WordPress companies Matt works with today 🎙 Guest: Matt Cromwell [https://linkedin.com/in/mattcromwell], founder of Roots & Fruit [https://www.linkedin.com/company/rootsandfruit/] 🎙️ Host: Bram Vergouwen [https://www.linkedin.com/in/bram-vergouwen/], Melapress [https://melapress.com/]