 That sounds great. And with that, I'm going to pop off camera, and it's over to you, Cindy. All right, thank you, Eli. Thank you for all your help with giving us going with this group as well. Welcome, everybody, to the first WordPress for Nonprofits Group meeting. My name's Cindy Leonard. I am the founder of Cindy Leonard Consulting, and I'm one of a group of volunteer organizers who have been working to get these meetings together and get some training topics on the calendar for all of you. I've been a WordPress developer myself since 2008, mostly for nonprofits, so I'm very excited about this group. Our organizers are from all over. I, myself, am based outside of Pittsburgh, Pennsylvania in the United States. And our topic for today is a good one. It's WordPress security. And I know there's a lot of misinformation that runs around out there that, oh, WordPress isn't secure. I would vote that it is. And I think that we're going to, our presenters today are going to clear up some myths and some misinformation that's been floating around out there. Before I turn it over to Daniel and George, I want to let you know that our next WordPress meeting is going to be Wednesday, December 8, 2021, also at 1 PM Eastern Standard Time. And the topic will be setting up a WordPress website. So that being said, we hope you'll continue to join us for the upcoming meetings. And I'm going to fade into the background and turn it over to George Woodard and Daniel Sikarno, our presenters today. So George, Daniel, thank you for presenting and take it away. Thank you, Cindy. Thank you, Cindy. All right, good afternoon, morning, evening, wherever you are in the world. As Cindy stated, my name is George Woodard. Just a little about myself. I am a full-time WordPress developer going on about 10 years now. I've worked in pretty much a lot of different environments dealing with WordPress. And currently as a senior software engineer, I work in a enterprise environment building a lot of custom functionality at WordPress. I reside, if you're familiar with Texas, I reside in the Greater Houston area. And I've been here for three years. I'm originally from Alabama, Roll Tide, if you're a football fan. And I enjoy doing what I do every day. It's very fun. I've learned a lot and grown over the years. So I'm thoroughly excited to give today's presentation and I'll pass the mic over to Daniel to give himself an introduction. Hi, everyone, I'm Daniel from Romania. I run a small web development agency, but I'm highly interested in marketing technologies as a whole. I'm speaking from the non-developer side of WordPress, that of the, let's say, customer or the non-technical user. And I think that there are really highly valuable inputs that both sides can put into the discussion about WordPress. And I work with quite a lot of nonprofits. And I've been using WordPress for more than probably 10 years. Now I've been actually building websites 20 years ago on Joomla when WordPress wasn't yet alive, so to speak. Happy to have you all here and I hope you will enjoy our session tonight. All right, so I just want to start off by saying today's purpose is to kind of clarify or demystify a lot of misstated truths around the security of not only open source software, but specifically WordPress. WordPress being one of the most popular content management systems globally, it has its share of detractives as anything that has some type of popularity. But one of the major detractors is how secure the platform actually is. So today's goal is to give you proper education so you can be thoroughly informed on how to secure WordPress. Some best practices on maintaining security on a WordPress website and some tools and other things that you can use to do so. So I want to start off first with a little bit of statistics to kind of level set here. These stats show you a comparison of the number of people who use Microsoft and also who use WordPress globally. WordPress powers over 42% of the web and that equates to about over 600 million websites as of last month I did some of this research. And as of May 2021, Microsoft has a 70% market share in desktop operating system usage. So that's about 1.7 million PC users, a lot of people. And then Windows operating system itself accounts for over 80% of malware attacks and it's the most attack operating system. So as well as you all know or have experienced, Microsoft has seen its fair share of malware attacks over the years. Recently, their cloud service Office 365 has experienced malware attack and it affected millions of its users. Yet, many people still use their product not because of their ongoing support and consistent effort towards security and safety. But no one is immune to this. So this moves me over to my initial point. No website is 100% immune to hackers. This is a circulated myth and can be seen as a scare tactic to buy a piece of proprietary software. And it has been used quite a bit by a lot of developers in some agencies to make people aware, I mean, not make people aware, but to make people not use WordPress, which that is something that they shouldn't do. If it's used in that case, services and products like McAfee wouldn't exist if website and software was 100% immune. And the question is not if you will get hacked, but what is your recovery plan for when something like that happens? Hacking occurs in many different ways and it just really depends on how the attacker gains access and what we'll cover in today's presentation as well as ways to mitigate these attacks. And one of the ways they also discredit WordPress's security is because it's open source software. If you're familiar. Here I have a quick trivia that I think is highly interesting. Actually, when George was mentioning earlier that Microsoft is one of the most attacked operating system, that doesn't mean that Microsoft is actually the most vulnerable operating system. Actually, quite a few Linux distributions are more vulnerable than Microsoft Windows when you look at the number of actual security vulnerabilities they have, but Microsoft Windows, like with WordPress, due to their popularity, they get the highest attack rates. That is absolutely true. And that was the point of that is that because there's more people using it hints to reason why they get attacked most. That is absolutely correct. I appreciate that Daniel. All right. So jumping into open source software just to kind of give you a little background if you're not familiar, open source is basically software built where the core platform's core is freely available online. The goal of open source software is to foster ingenuity and technology is always looking for creative ways to solve problems. So open source software is created just for that specific reason. Many people have sold organizations or convinced a lot of organizations on using proprietary software, and which is not a bad idea, but it's under the disguise of it being more secure than open source software, which is not valid. They say that open source software isn't safe because others can see it to your system and that's kind of a misstated truth. And as Daniel mentioned earlier, Microsoft has had its fair share malware attacks over the years and it's a proprietary platform, but it's only because the amount of people who use up Microsoft attributes for a lot of the attacks that occur. I mean, if you wanna look in comparison of operating systems, think of Microsoft versus Apple. Apple has its fair share of malware attacks, but it's not nearly as attacked as much as Microsoft because more people use Microsoft. But even then, proprietary open source, this tells you that software still has its same level of securities. And that's why a lot of the sites may get hacked. Daniel, you have anything you wanna put in there? Not so much. The idea about the open and proprietary software has almost everything in life to sites of the coin. With proprietary software, people complain about the fact that they cannot scrutinize how that software has been written. So they do not know if that software can contain some, I don't know, vulnerabilities. While on the other side, open source software is usually audited by large communities of people and it's much faster that they discover vulnerabilities and also open source communities and projects are much faster in solving these kind of vulnerabilities. But it's, as in consulting, it highly depends because there's no 100% rule. That's true. All right, so with all of that said, it's one of those things that how and why do WordPress sites get hacked? And I'm glad you asked that question. So another statistic, 83% of WordPress websites get hacked due to poor maintenance. And there are three main points of entry that I'll cover later on that hackers use to gain access to WordPress sites. And those three are core software, the actual WordPress platform, plugins, which are extensions used on WordPress sites and the hosting. And I'm gonna cover these three points in detail and then my colleague Daniel, he's gonna cover some more insight and tools into how you can maintain your site if you choose to do so on your own. First, the core software. WordPress's core software is built on four software languages, but the major one is PHP. The other three are JavaScript, CSS and HTML. Using these languages, the founders, Mike Little and Matt Mullenweg created a publishing platform that has grown to a globally used CMS. I mean, WordPress is used pretty much everywhere you can imagine. My day-to-day, I worked for AccuWeather as a senior software engineer. We use it a part of the editorial process. And I also do consulting for nonprofits and government agencies that also use it. I mean, even the White House, they use WordPress as a part of it. So it's an extremely popular platform, but like with anything that has moving parts, ongoing maintenance is a requirement of its core. So new features are added, changes in technology that occur and mitigating any security flaws are necessary, it's a necessary evil when you're using a mature platform such as WordPress, but that grows so rapidly. The key takeaway here is just make sure that you're doing your upgrades on your website. As you see in the screenshot I have here, it's a very common space on the admin dashboard. Once you log in, if you go to dashboard updates, you'll be able to see any new version updates that come about. A lot of these updates include performance enhancements and security enhancements with each release. So make sure you keep everything up to date. That is one way to block a lot of attackers or any bots from gaining unnecessary access to your website. And as a customer, you should be highly wary about websites or providers that do not prioritize WordPress updates for you, because that usually, let's say, shows us that or shows you that agencies or developers might not want to change the ecosystem that they've built because they are unsure about how, let's say, reliable that is. A safe policy should be to make sure that your website works by being up to date with every part of its components. Absolutely. All right, moving on to the next is plugins. Now, whenever I work with people, Chris, our name building a website using WordPress, I like to use the analogy of a house. So if you're building a house, the WordPress core is the frame and foundation and plugins are kind of like your electricity to the home. You wanna make sure your electricity is working correctly and you would hate to have an electrical fire due to faulty wiring. The same holds true with plugins. Making sure you are keeping your plugins updated can be time consuming, but it is a necessary evil. Now, if you use WordPress in any way, you're aware there are thousands and thousands of free and paid plugins available. And last I checked, I think it was over 55,000 just free plugins available and that doesn't account for how many paid ones out there. But the biggest takeaway here is to make sure you're using quality plugins that are regularly maintained. If you're looking at the screenshot I have here, this is a screenshot from a plugin that's in the WordPress or one of the free plugins in the WordPress repository. And that second line is the biggest thing you wanna pay attention to last updated. There might be millions, maybe just thousands or maybe just a few active installations, but if it's not regularly maintained within a month's time, a week's time, then I would steer clear of a plugin that has not been maintained in a long amount of time because that can expose your website to some type of security vulnerability. Even if it's free, I would read the reviews, see how often it's maintained. And if you choose a paid plugin, most paid plugins, if not all of them come with a dedicated support from the development team that's created it. So I would see how long their support is offered for the duration of your subscription. And I'll also do research about the plugin and see how well the community or people globally are adapting or accepting the plugin. Now, let's see, while looking at useful plugins for your website, you wanna make sure you install security-focused plugins too. These will help you protect you from malware, brute force attacks on your admin access, and it also monitors activity on your website there are many of those available. And like I said, Daniel later on will cover a few of those. But the next biggest point and one of the most crucial points I would have to say is talking about the hosting that goes along with having a WordPress site. Now, I'm sure you've seen and heard pretty much every possible web hosting ad that's out there, commercials, emails, offering you a whole bunch of bells and whistles. Sticking with the home building theme or analogy, hosting is your neighborhood. So where you choose to live or host your website says a lot about you. Okay, maybe not you, but you get my point. Making sure you choose a reliable and quality host is the crucial point here. And cheap is not always the best way. Now, understand budgets, that is a big factor and it helps make or break a lot of decisions that are made. But if anything, you want to choose a reliable host. If you need a simple hosting environment, my suggestion is to choose a budget host that has maybe an affordable or cloud or it's sometime called VPS hosting plan. Now, most hosts have a cheaper option that's called shared hosting. And I want you to think of this as living in an apartment complex. Each website that uses shared hosting is all stored on one server and you share resources like bandwidth of memory, which is the equivalent of your utilities like plumbing, water, electrical, and et cetera. It's why it's called shared hosting. And the problem is with shared hosting, if anything breaks on one website, there's a strong chance impossibility that every site on the server will be affected, especially if a website ends up getting hacked. The beauty of having a cloud or VPS hosting is that you own the environment in more of a town-home environment. While you all are in the same neighborhood or hosting company, each unit has separate resources, utilities, plumbing, water to manage. So if another unit's resources go down for any reason, you're still up and running. And another significant advantage of cloud hosting is data redundancy and auto healing. Now, in simple terms, all this means is that your website is hosted on multiple servers. So suppose a server crashes that your website is stored on and then your website may be about to or has gone down. What data redundancy and auto healing does, it kind of steps in as a fail-safe switch. So another server steps in and runs the stable version so technically you are never down. So the big takeaway here is to make sure you do your homework on the host that you choose to use for your website. And the host that you choose, I suggest that you make sure they have security features involved, regular backups of your website and what's called an SLA or service level agreement, which basically says that we guarantee your site will be up. And my suggestion is to check and make sure it's 99 cents or greater, 99%, excuse me, 99% or greater. And we'll move over to some other considerations and I'll let Daniel take it over from here. Thank you, George. I wanna quickly touch upon what George has asked earlier in the chat that the transparency of the PHP system or programming language is offering to hosting providers a lot of tools to mitigate, let's say security weaknesses or risks, but this also highly depends on how often those hosting providers or website server owners update their software. I see that at least in the shared hosting environment, most providers do not really care about the versions that their clients run. So most of the times the upgrade it's requested from the client rather than coming proactively from the hosting provider. And but of course there are also the good parts of it where hosting providers are pushing automated updates to their customers in order to make sure that they run their applications on the latest versions, but this can create quite a lot of issues because a poor maintained website, for example, that hasn't been updated in a very long time. And I still manage like websites built 10 years ago that nonprofit organizations built in different projects and now they do not have the budgets or the funding to update them or bring up to date. And those websites in themselves represent a major security risk because even though you update the server software, that website is still vulnerable. And another mention here is related to plugins. I mean, no matter how many security plugins you have on your website, if one of your, any other plugins has a vulnerability, then your website can be hacked into regardless of what other types of protections you've tried to implement. So clearly aside from the three main topics that we already discussed in terms of updating the core application, WordPress, making sure that you choose proper plugins and update them constantly and making sure that your server or hosting environment is up to date and secure, you also need to make sure that you have a strong password, passwords for your admin users and for your backend users or admin interface users. You need to make sure that you have the correct level of access to your website because that everything, every little thing that you deploy actually reduces the potential attack surface for malicious actors. And I often see a lot of these elements being disregarded by web development agencies, companies, but not because of, let's say malicious intent, but simply because of lack of information. And I work with websites that have often 10 admin users, even though they probably don't require but one with max two or websites that simply are just kept on not updated, simply because the way that they were developed introduces risks, more risks, but updating its components rather than in general security, other security areas. Another often forgotten element that highly improves the security of a website is having the website traffic encrypted with the help of SSL certificates. Basically the difference between an HTTPS website and an HTTP website address. In most countries, this is actually a legal requirement especially for e-commerce sites or sites that manage personal information. And while a lot of people think that, well, I don't need to have my website secure with SSL certificates because I don't manage personal information, actually that login interface in the admin of your website is managing data that if it's not encrypted can be sniffed by a potential malicious attacker. Also, while it helps to have all your software up to date and try to make sure that you secure your website, make sure that you do not forget about full and frequent website backups, ideally both local and remote and to make sure also that these backups can be restored. Make sure that you test this periodically because a non-restorable backup is just a useless archival files and folders. As George also mentioned, there are a lot of tools that you can deploy to protect your website in terms of security within the website like plugins. But there are also external tools that you could use to put an additional layer of security in front of your website. One such tool, for example, is the Cloudflare platform which gives you in its free plans actually quite a lot of security functionalities. It hides your actual server IP address from your website visitors and this makes automated scripting fail. But of course, it won't deter a smarter hacker that tries to find your server's IP address. But Cloudflare also gives you a web application firewall. That means that you can actually filter traffic to your website based on geographies or IP reputation or other filtering criteria. And probably one of the most, let's say important functionality that Cloudflare offers, it's their distributed denial of service protection. Basically, if somebody is trying to just kill your website by sending a lot of traffic to it, you can actually mitigate such an attack with the help of Cloudflare. And it pays to remember that maintaining and securing a website is basically a continuous job. This doesn't mean that once you install a security plugin or once you deploy the SSL certificate, your job is done. You need to constantly run security audits onto your website to make sure that your website is secure. And by doing so, I'm sure that you will find elements of your website that are insecure, but you maybe haven't thought about it. Some such security audit tools are WP-Scan, WP-SEC, or Sucuri Sight Check. Sucuri also offers a security plugin for the WordPress sites. Hey, Georgine Daniel. I'd like to jump in and open the question up if you would want to address it. Eli put in the chat that TechSoup offers a Cloudflare package for nonprofits. Cloudflare is a slightly different way to implement SSL. Can you talk about the differences for a minute of like doing straight out the SSL versus using a sort of like Cloudflare? Sure. Basically, there's let's say three core ways in which you can secure your website with a security or SSL certificate. One of them is to buy one for your company or for your domain, but that is usually done by e-commerce companies or let's say bigger companies that need to make sure that the security certificate is issued in their name and is a commercial security certificate. You can also most probably more than 95% of web hosting providers are offering the free version of SSL certificates that is delivered through a non-profit which is called Let's Encrypt, which is a global initiative that is trying to make the web more secure. So you can get a free certificate from your web hosting management panel, but you can also use Cloudflare to secure your website. Because Cloudflare offers a kind of group if you want or books, SSL certificates that you can issue, generate in the Cloudflare platform, you can download those certificates and install them on your server. So there's quite a lot of ways to do this and there's not really that complicated. Basically, it's just clicking a few buttons or links and then doing a copy paste of a certificate, but actually web hosting level, this is an automated process that you can just trigger in your web hosting management interface. So jump in to say, and I'll put this link in the chat, a lot of times you might install a security certificate on your website, whether it's you do it manually yourself, you have a developer do it, or if you're hosting does it. And after it's installed, you still might see that it shows unsecure or insecure, I should say. And that can kind of drive you a little crazy, like why is it not showing secure? There is actually a tool that's called Why No Patlock. If you type in the URL of your website, it will actually give you a report to show you where there may be some additional points of security that you need to check your website for. One of the biggest ones that is, it sounds very simple, but it can be a pain sometimes, is the resources that you add onto your site, like files or images, that's commonly called a mixed content area error. And the file may have been uploaded with the HTTP, but if you switched over your site to the HTTPS and it did update the file, then that can still remain and can render your site insecure. So that's one other way that I would suggest or another tool that you could suggest to actually use. So I'll get back to you, Danny. So coming close to our, let's say, presentation, it's highly important to remember that WordPress, like any other properly developed web application, is secure by default. So if you install a WordPress website on a secure hosting provider and you keep it up to date, you shouldn't have the need to install any security plugins or to do anything in particular to keep it secure. Of course, you need to have a strong password. You need to have a series of best security practices, but WordPress by itself is a secure web application and do not let anyone tell you any differently. Of course, having a fully fledged website secure or not, this highly depends on the person or the agency managing it because they are the ones that are deciding how to improve or actually destroy the innate if you want the security of the WordPress web application. And I think it's highly important to remember that basically security is not just a fire and forget the process if you want. And it's not something that you, let's say, solve once and then you are free of worries, but the actual way that you should think about security is to ask yourself, not if or when your website will be hacked, but when will it happen? How are you prepared to manage that situation? Do you have proper website backups to restore in case of a website being hacked or defaced or malware? Is your backup secure location? Do you have maybe, I don't know, your content or your core assets stored in a different location than on your server? There is a lot of, let's take questions and answers that you could put down on paper to make sure that when a security incident happens, you are properly prepared to actually respond to it correctly and efficiently. All right, well, I greatly, we do greatly appreciate your time and we actually, I know a lot of people have been putting questions in the chat, but we wanna open the floor up for any Q&A if there are any additional questions that you may have and we will gladly help out with the answer. I think there's a good point that there's a remate and I think it's important to remember it. It's, of course, it's highly important to keep your WordPress up to date, your plugins up to date and so on, but also it's highly important to have an ecosystem of web development and updates that allows you to do this without risking your website or creating issues of performance or online presence of your website. I see, yeah, it's the greatest name, George. You ask about users and privileges. So within WordPress, there are user roles. You have your subscriber, your administrator, you have your editor and I know I'm missing one and I just can't think about it, but each of the user roles have different privileges, whether it's editing other users, editing post or content, deleting posts and things like that. So it does have built-in user roles where you are able to assign those to people that have administrative access to the website and based on their level access will also determine what level of changes they are able to make on the site. Outside of that, there are not only plugins, but there is within the WordPress documentation, there are ways you can manually go in and edit the user roles. You can create custom roles to be able to kind of merge a few of the different roles together, but there are ways you can update or change, add and remove any of the privileges that a user may have, whether it's an existing role or creating a brand new role within or use a role within WordPress and I hope that helps you out. And it's also highly important to look at the way that WordPress is meant to be used. It's not a perfect software, so to speak, but like quite a lot of applications out there, everything is highly opinionated. For example, I'm of the approach that there should be one at maximum two, what means at website level, only those that really need to manage the entire ecosystem and then everyone else should be an editor or an author or some of the type of role with restricted access. But by the same token, being a non-developer myself, I want to empower actual standard users to be able to manage their website and their content as much as possible. And in the current or in the default user system, there are a few areas of the website that an editor cannot change. For example, the navigational menus or some other little things that they could be valuable for them because it means that it's about content management. But you can solve this with the dedicated user roles, plugins that allow you to assign this kind of roles so let's say a lower tier user as needed. Theo was asking if security plugins can detect and report unusual or suspicious activities. Depends on the security plugin, there are let's say monitoring security plugins that actually do that. Some security plugins also scan the website and report on let's say unusual activity or not necessarily just activity or user activity, but unusual things. For example, WordFence is scanning the website and it's telling you if some themes or plugins are not updated or if a plugin for example has been removed from the WordPress repository which is a highly important sign that you should probably find a replacement for that plugin because it's not maintained anymore. Or if a plugin has been abandoned in the WordPress repositories there are user activity monitoring tools that let you know what every user on the website is doing if they're modifying a page, if they're installing a plugin and so on and you can use that to get information about how your users are using your website. So yes, there are various tools to do that. And Gordon, actually that's not a bad question to ask. As of right now, I'll take down that suggestion you have about the block editing method. I know Gutenberg has changed the editing experience within WordPress quite a bit and there are still people, including myself in some time that are still becoming accustomed to the block editor and prefer the classic editor method. So we'll take that down as a suggestion for a topic. But I will say, I understand your frustration. I work with, currently I'll say this, I work currently with an organization that uses the Gutenberg editor and we've had to kind of tweak it a little bit to be a part of the editorial process. But we'll take that in consideration as an idea. And I agree, I like the older version. There's actually a way that you can turn off Gutenberg without even using a plugin. So if I'll squeeze that in there for you as an added bonus. But yeah, we'll take that down as a suggestion for a topic for later on. I'd actually like to jump in and speak to one of the comments in the chat. Maggie is doubting that this topic is not specific to nonprofits and especially not to a small low budget nonprofits. That is probably 95% of my WordPress clientele. And I can tell you that security is especially critical. I feel like for especially low budget nonprofits without a lot of money and a lot of resources. Simply because if you have a WordPress site you don't wanna pay a couple thousand bucks if it gets hacked to have a developer fix it. It is much less expensive to implement the security. You know, what's the saying? An ounce of prevention is worth a pound of pure. So especially for a nonprofit that doesn't have a lot of money to spend. It's so much better to take the steps to secure your site in advance. And then make sure you have backups which can be done easily and not with plugin. You can get SSL usually let's encrypt from your host. It's so much better to do these steps in advance than to spend a lot of money possibly more than you spent to have your website developed to have it fixed. So yeah, just wanted to throw that in there. I work with a lot of nonprofits and I see a lot of simple mistakes about security that could be easily remedied before they get hacked. And security is pretty generic. It's not really specific to nonprofits. I mean, if you think about having a strong password that applies to your WordPress website that you run for your nonprofit organization, but it also applies for your email account. It applies for your phone. It applies for basically anything that requires a password. The same with, I mean, the security concepts that we talked about today in terms of keeping your software up to date. They also apply to a WordPress website as well as to a Windows workstation or a macOS workstation or any kind of, let's say device that runs an operating system. And the tools that we illustrated in our discussion tonight more than 90% of them are free to use. So basically they don't cost anything just a bit of time and a bit of a learning curve to understand how they work, what they do and how can they help you prevent security risks or unfortunate events happening for your organization's website. And it's true. I know we also mentioned earlier in the chat about staging. That's one thing in the hosting part that a lot of hosts provide staging as a way to be able to test any updates. So if you do update any plugin, software core, whatever, it won't break your actual site. Another is, and Virgil just actually put that in there, is automatic updates. From a developer's suggestion, you could turn that on, it can help, but sometimes a lot of updates have breaking changes in there. So that is one of those devil's advocate type settings you could play with. For example, I will say advanced custom fields will allow you to build custom fields and I'm going kind of off topic with that. But it has an automatic update feature that you can enable from the plugins menu. And that's one of those that doesn't have too many front end impacts when it comes to updating it. And you can turn on automatic updates from it. So it's kind of a set it or forget it on that part. But staging is one big one I will consider to suggest to you that if you're choosing a host, look for one that has staging so you can be able to, if it's not just for your organization that you're doing an in-house, if you have an agency or someone who's managing the site for you, they can be able to test any changes to the site without affecting the live version of the site. And actually, again, it's highly opinionated how things are handled in this web application space. But for example, if you ask me, having a staging and development environment is highly important for, let's say, small to medium sized and bigger organizations, but it's also not really an option for small nonprofits because they either don't have the resources to do that or they don't have the in-house knowledge or they do not have, let's say, big enough provider that can have them with that. And it highly depends how you manage to set up your website hosting environment. But I can tell you that from my experience running 50 plus websites in the past five plus years, all of them with automatic updates enabled since this option was available, I only had maybe one incident a year and most of the times those incidents that actually broke a website caused by an update was a bug at a plugin level. Of course, you could have avoided that but I consider that the, let's say, trouble of doing a plugin rollback, which can be done in a second with a rollback plugin. It's much lesser of a nuisance than having to spend half a day or even a day trying to restore a hacked website and clean up a hacked web hosting account or things like that. You're not that fine. And then you get to ask yourself, I mean, if automatic updates weren't important, why would automatic have this name and why would they bother to implement them for WordPress plugins, core and themes? I mean, it's a core functionality and I mean WordPress automatic updates. All right, any other questions? These are all good questions, by the way. Any other questions anyone else may have? I think that is it. I greatly appreciate your time. I enjoyed this entire talk and presentation that we have and I will pass it over to Cindy. Thank you, and thank you, Georgia Daniel. I know we can't really applaud but it applies and thank you all. Thank you both for the information. Thank you to everybody who attended and for your good questions. Obviously, WordPress has a lot of complexity. There's so many different things we could talk about. We do have a, I put this in the chat once. I'm gonna throw it in the chat again. This is a link to a survey that you can take if you'd like to suggest additional topics for future coverage. If you are somebody who could present one of those topics, there's a slot in the survey to let us know that. And otherwise, thank you all for being here. We're really excited. And our next session, as I said in the introduction, our next meetup is going to be on Wednesday, December 8th. And that's gonna be also at 1 p.m. Eastern Standard Time. And the topic will be setting up a WordPress website. So once again, thank you to everybody. Thank you, Daniel. Thank you, George, for your time, you know, volunteering to present on this topic. And we will see you all in December. Have a great fall. Thank you, everyone.