About Andrew

Hello there! I’m Andrew Villeneuve. Thank you for visiting my website.

What I do

I am an Automattician (that means I work for the world’s coolest distributed company, founded by Matt Mullenweg!) and a cybersecurity strategist, with a passion for keeping people safe online.

At Automattic, I work on the Newspack team.

Newspack is an advanced open-source publishing and revenue-generating platform for small and medium-sized news organizations.

Prior to joining Automattic, I was self-employed as a security consultant. I closed my security consulting practice when I became an Automattician. However, I still provide security assistance to small nonprofits and socially/environmentally oriented small businesses on a pro bono basis, and I still offer cybersecurity advice and guidance through this website.

I have almost a decade of experience helping individuals and organizations secure their computers and their online presence. As an independent security consultant, I had to manage many difficult cases. Here are just a few examples of situations I handled for clients as a security consultant:

  • Cleaning a WordPress website that had become a den of spammers, configured by hackers to serve thousands of malicious files;
  • Eliminating malicious and unwanted programs from an iMac workstation that had become extremely slow and unusable;
  • Migrating a website from an outdated, insecure hosting environment to a modern hosting environment with support for HTTPS and SNI;
  • Helping a company responsible for managing many WordPress websites in-house develop a strategy for minimizing attack vectors;
  • Deploying a Pi-hole (an example of low cost, yet highly robust network infrastructure) to secure an unprotected home network;
  • Rebuilding a WordPress website without the aid of any backups after hackers got in and deleted the site’s MySQL database.

I have audited or un-hacked hundreds of WordPress websites.

I’ve also offered over a dozen security talks, presentations, and trainings, at venues like WordCamp, Netroots Nation, and WordPress community meetups.

A few my talks are available on WordPress.TV if you’d like to watch — like my 2016 talk Change Your Defaults, Strengthen Your Security.

Change Your Defaults, Strengthen Your Security was one of the best-received presentations at WordCamp 2016.

Andrew Villeneuve covers almost everything you want to consider about security other than WordPress stuff. Partly what I loved was the novelty of a not-WordPress talk among all the WordPress-specific ones I watched. But I also just really appreciated that he did a great job of covering a wide variety of topics related to personal information security in a concise way.

Dave Hayes

As a systems administrator (sysadmin) myself, I know how difficult building and maintaining a website can be. Most entrepreneurs and activists who publish online want to be able to focus on creating content that will draw in visitors. Content management systems like WordPress make doing this much easier, but content management systems don’t secure themselves.

If you run a CMS like WordPress yourself, then you need to be concerned about how well protected your installation is. Your web host may be responsible for the security of their systems, but you are responsible for the software you run on them. That includes WordPress (or Drupal, or whatever platform you’re using). If your content is important to you, you owe it to yourself to make the security of your site a priority.

Fortunately, there are tools that can help you do this.

If you run self-hosted WordPress, I encourage you to download my presentation on hardening WordPress to learn how you can take steps to protect yourself and your firm from harm. As the old adage goes, an ounce of prevention is worth a pound of cure.

In addition, I am…

In years past, I have been…

  • a co-lead for the Seattle WordPress community,
  • a co-organizer of WordCamp Seattle;
  • a delegate to the Democratic National Convention for Barack Obama (2012) and Bernie Sanders (2016);
  • an organizing fellow for the Progressive Change Campaign Committee.

Please contact me if you have a comment or question you’d like to ask me.