Miriam Schwab: Redefining the WordPress Website Security Arena

interview Miriam Schwab

I’m super stoked to finally be interviewing Miriam Schwab, who is the CEO & Founder of Strattic, a serverless security solution for WordPress & Open Source CMSs. She’s also(!) the CEO of illuminea, a top WordPress development agency, and an inspiring woman in general.

Miriam, thanks for agreeing to answer my questions! I know you’re a very busy woman, so let’s get started right away by getting to know you a bit – where are you based and how did you get acquainted with WordPress in the first place?

Hi! I’m based out of Jerusalem, Israel. I first encountered WordPress when I decided to leave my job in the field of intellectual property and go freelance. I started out providing copywriting and translation services, but my love for technology got me interested in the field of website building. In those days, the websites were generally either plain old HTML and CSS, or built on very expensive proprietary CMSs that only enterprise companies could afford. I started building websites for clients since there was a need, but I quickly realized my clients needed their own CMS so I didn’t have to be on call for content editing (please just add a comma, no not there, there….aaaarrgggh!). Plus, as I learned more about web marketing I realized that my clients needed to be able to update their sites regularly and in a frictionless manner in order to achieve their online goals.

So I started exploring the various CMS options and discovered the three “big” Open Source CMSs – WordPress, Joomla, and Drupal. After testing them all I fell in love with WordPress. The templating system was so logical, the plugin ecosystem meant that my websites could do anything, and the community was so supportive!! I could find answers to so many issues online thanks to blog posts people spent time writing to help others. By the way, that’s why I started writing WPGarage – to share what I, and eventually my team, learned on our WordPress journey.

Do you try to be active in your local WordPress community in Israel? What is that community like?

I love being active in communities in general, so I eventually took on the organization of the local WordCamp conferences…and ended up being the lead organizer for five consecutive WordCamps! After the fifth, WordCamp Central created a new regulation that someone can only be the lead for two WordCamps in a row, and I had way surpassed that. So I happily handed over the torch to someone else (I also really needed a break). Unfortunately, the new person never managed to get the conference off the ground.

There has been another WordPress conference taking place for the last two years called Press4Word. It’s a more commercial conference, but it gets the community together once a year which is amazing. I generally speak there.

I did recently get an itch to start organizing community events again, and at WordCamp Europe, I ran into Andrea Middleton who is one of the top people at WordCamp Central. She suggested that Israel could use some regular meetups. That sounded good to me and my business partner, Josh Lawrence, so I applied to become a WordPress meetup organizer, and as of this interview, we have organized four meetups in Jerusalem. It’s been so nice! We hold them once a month, and we also hope to organize another WordCamp in 2019 and get that happening again. I miss it.

As mentioned in the intro, you run a WordPress agency called illuminea. Could you give us an idea of how illuminea got started and what types of WordPress projects you have worked on in the agency?

As I mentioned above, I discovered WordPress when getting into the world of website building and looking for a solution for my clients. At that time, larger companies and businesses didn’t take WordPress seriously because it was perceived as just for “blogs”. But when version 3.0 was released, and as companies became increasingly tired of the costs and vendor lock-in of the proprietary CMSs, they started looking towards the Open Source CMSs. At first many turned to Drupal because it was considered more serious, but they soon realized that WordPress had many advantages related to price, ease of deployment, community size, plugin and theme options and more. Because I had gotten into WordPress at an early stage I was well positioned to start winning projects from these companies. At a certain stage, we used commercial themes as the basis for our projects, but we realized that approach was problematic for larger companies that need fully customized, well-performing, stable solutions. So we built our own lean framework for our projects.

Grab a free copy of our Cheat Sheet for
Selling Plugins and Themes

A growth roadmap with concise, actionable tips for every milestone of WordPress product development.

blue book with the title “Cheat Sheet for Selling Themes and Plugins by Freemius” written on it
Name
email

Over the last eight years we have been working with mid-to-large sized Israeli tech companies developing incredibly cool and impactful solutions, and many world-changing non-profits, providing them with custom solutions. Our clients are awesome and it’s so amazing to be able to help them in their missions to change the world.

When were you “illuminated” with the thought of creating a WordPress product and selling it, in addition to, or instead of working on client projects?

Over the years I’ve toyed with the idea of developing products. But once you get into a cycle of client work – marketing/biz dev > leads > proposals > sign > project > launch > rinse and repeat – it’s hard to allocate the resources needed to develop a project. Plus, during those years I was a mom to babies (I have seven kids), so it just wasn’t realistic to take on what is essentially a second business.

When my youngest was 3 (i.e. no longer a baby) I felt that I was ready to embark on a new adventure. I wanted to develop something that would have a larger impact, and I also really wanted to learn about the startup business model. Around that time I also came up with the idea for Strattic. Strattic makes websites as secure and fast as possible, and protects them from server scaling issues and DDoS attacks, by converting the websites to static and serverless. In one click.

At first, I worked on illuminea and Strattic at the same time, but as Strattic progressed I started spending more time on that, and less time on illuminea. Now illuminea has partnered with a Canadian web dev agency and is being managed by one of their team members in Israel, so I can be full time on Strattic. I’m still at illuminea in an advisory role.

How many team members are there at Strattic at the moment? Are you all working from an office?

We are a team of nine now. Five of us work out of our “office” in Jerusalem, with the rest coming in once a week at least for a team day. Except for our WordPress Engineer, Ryan Hellyer, who lives in Berlin. Hard for him to get to our office once a week 🙂

The Strattic team, lead by Miriam Schwab

Our office is a table in a startup accelerator called MassChallenge. We’re really lucky to be able to work there since it’s an amazing space, we get to continue to collaborate, get advice and advise our fellow startup founders, and it’s located right next to Jerusalem’s Machaneh Yehuda shuk, which means lunch every day is a culinary adventure. At night the shuk comes to life with a very vibrant nightlife. It’s really great.

What made you understand there’s a real need for a product that solves the problem you’re solving for WordPress site owners?

At illuminea, we became increasingly aware that we couldn’t build websites for clients and then send them on their way. If we did that, they’d inevitably come back with a hacked website (and often blame us for that 🙂 ). So we started to offer a website maintenance retainer, which made good business sense for us and reduced a big headache for our clients. However, the amount of time needed on our part to keep these sites alive and well was increasing and it was clearly becoming a big pain point for the community. Sites were getting hacked way too regularly, and as speed became increasingly important for online marketing efforts, WordPress sites seemed to be getting slower! The pain points were clear for us and for the community at large. Hosting companies were going through the motions to try to solve these issues, and there are a lot of tools users can throw at their sites to improve the situation, but all of that was inadequate and/or complicated. At the same time, I became really interested in the concept of static site generators. Thus Strattic was born in my brain 🙂

What makes Strattic special when compared with other static site generators?

The logic behind static site generators is very appealing: sites without a database that are stable, fast, secure, and scalable. However, these static site generators lack some critical components that WordPress offers: an easy installation, editing and publication experience; one-click themes and plugins; and a huge global community of developers and professionals that keep WordPress going, and that site owners can turn to when needed. Strattic bridges the gap between these two worlds: our users can continue to use WordPress as usual and benefit from that ecosystem, and simultaneously benefit from the sleek output of a static site generator.

The Gutenberg project introduces many new dynamic capabilities for WordPress websites. How is this going to play out with static WordPress websites?

We’ve been testing Gutenberg with Strattic, and so far it all works perfectly on Strattic.

How do you see WordPress plugins & themes play in the “static” arena? Should devs be preparing their WordPress products for it?

There are two types of content that plugins and themes can generate:

  1. The type that creates content output (like a photo gallery or slider)
  2. The kind that creates content input (like a form, or certain Ajax)

Strattic works flawlessly with all content that is outputted, no matter how it happens behind the scenes. Inputted content demands more attention. We support some forms out of the box and are developing support for additional types of forms. We have an instant search solution that doesn’t need to query the database and is also incredibly fast. However, ajax get requests that query the database for content is a challenge for us, so theme developers can keep that in mind if they want to (anyway it’s probably a good idea to stop using Ajax 🙂 ).

How involved is the Strattic team with everything that revolves around security in WordPress?

At the moment, we are not involved in general WordPress security, although I have given two talks at WordCamp Europe on the subject to try to help WordPress users become more aware of security issues and how to secure their WP installations. I’ll also be giving a talk on security at WordCamp US in December.


As we progress our goal is to contribute resources to WordPress wherever helpful.

Indeed, you attend many WordPress events and often even give talks. What’s your secret to coming up with relevant topics and content for them?

Haha, I was just asked this on a podcast too. It’s not easy, but basically, I make a mental record of questions people ask me when seeking advice. That’s a good way to get ideas for talks. Another way is to read a lot to keep on top of industry conversations. Sometimes reading something triggers an idea. Also, if I identify a conference I want to speak at, I look at past schedules to see what people spoke about which can sometimes provide inspiration. And sometimes no matter how hard I try, I just can’t come up with a topic. For example, I really wanted to talk at an upcoming search marketing conference, and for the life of me I couldn’t come up with even one topic to submit! Can’t win ‘em all 🙂

Is there a measurable ROI from attending all of these conferences and giving all those talks?

The ROI is not measurable, but there’s definitely long-term benefits. Speaking is more like a long-term drip campaign. Or a snowball effect. I HIGHLY recommend speaking at conferences for the following reasons:

  1. It helps position you as a thought leader;
  2. It helps a couple of hundred people get to know you in one go;
  3. If you’re running a business of some kind, you will feel an impact but definitely not instantaneously. At first, I thought if I spoke on a Wednesday, then on Thursday the leads would start rolling in. Nope. But what does happen is six months later someone who heard you speak is asked by someone else for a referral, and you come to mind. That kind of thing.
  4. Public speaking is a very important skill to master in general and the only way to do that is to get up on stage. When I gave my first talk, I literally held a piece of paper and read from it, and my voice shook so much I’m not sure they could hear what I was saying! Even as I became better, my voice would still shake though not so much that people could hear it. That went on for years!! Only recently did I get to the point where I get some butterflies in my stomach before getting on stage, but once I’m on it’s like I’m having a conversation with friends. By the way, the nicest thing all of us can do for new speakers is to tell them they did great. Because they did, and next time they’ll be even better.

Okay, if my next question feels a little too personal, feel free not to answer: how does the fact that most of the WordPress conferences take place during the weekend coexist with your religious choice to keep the Sabbath? For example, most of the WordCamp after-parties are organized on Friday evenings, not to mention the actual talks.

It’s ok, thanks for asking! So far the only international WordCamps I’ve attended are WordCamp Europe, and here’s how I manage it: if I’m speaking, I tell them I can only speak on Friday and no later than 2 hours before sundown which is when Shabbat starts. I stay within walking distance so I can walk over to the venue on Saturday (no driving on Shabbat) and I just hang out there and schmooze with people. We aren’t supposed to discuss business on Shabbat, and I don’t carry a cell phone on Shabbat, so it’s pure talking with friends, which is really fun for me. One year I sat on a couch with a guy and discussed religion and philosophy for two hours – like a typical Shabbat table, so that was great. The after parties at WordCamp Europe are Saturday night, so I wait in my hotel room till Shabbat ends and then head over. I have missed some good sponsored parties that took place on Friday night but that’s ok. I’m not a big party-goer in general (to say the least) so one party a weekend is plenty for me.

I just saw that WordCamp US moved the after party from Saturday night to Friday night. That made me sad because it means I can’t go at all, and I love the after party. Oh well. I know most people attending don’t keep Shabbat so I don’t expect them to take my religious needs into account. Maybe in general WordCamp organizers can keep in mind that some of us keep Shabbat, and where possible work around that.

By the way, over the last few years, WordCamp Europe added Kosher and Halal as dietary options for the lunches, and I could have kissed the website when I first saw that! So considerate and welcoming, and it means I starve just a little bit less when I’m there 🙂

Let’s talk a little about funding: it is still relatively uncommon for WordPress product businesses to raise external (angel) funding, but I know that Strattic did manage to do that. What are the benefits you see in doing that, compared with going at it with no external “big money”?

Raising investment certainly isn’t for everybody and isn’t always necessary. It’s also a soul-sucking experience. I know a lot of people manage to build side projects while working in the main job that pays the bills, but I have found that to do something really well, I need to be able to focus completely on it. Initially, when I started exploring the potential of Strattic in the first startup accelerator I got accepted to (Siftech – hosted on Strattic btw 🙂 ), I still worked mostly on illuminea (also hosted on Strattic), my web development agency, and was able to pull a salary from there. But as time went on I reduced my time on illuminea and increased it on Strattic because there was no way I was going to get anywhere with Strattic if it didn’t become my only focus. I needed to live and breathe it day and night (except for Shabbat 🙂 ). Now someone else manages illuminea and is doing an awesome job deploying high-level projects. In any case, we did bootstrap for over a year to get us to the point where we had an MVP that proved that the concept works and that people actually want it, but then in order to take it to the next level and scale big and fast, it was clear that we needed to raise funding to fuel the process.

I think the WordPress industry needs to come to terms with its size and potential. WordPress is 30% of the Internet and growing! Our Total Accessible Market (TAM, an investor term) is YUGE. When you think about it that way, you can see that raising funding is the only way to reach our potential. There’s a reason huge WP companies like Automattic and WP Engine have raised funding: they plan on taking over the world. So do we 🙂

Practically, raising funding gives companies the ability to recruit talent. There’s only so far one or two people can get on a product. More people means greater speed, and when building out something for a competitive market, speed is key. Funding also means you can invest in important, but less critical efforts for an early stage startup, like marketing. And if you’re lucky, your investors can end up becoming important advisors and connectors for you. We’re lucky – every one of our investors is smart, nice and supportive. In fact, one of them is Zeev Suraski, the co-creator of PHP! Getting him on board was incredible validation for us.

At the moment, you guys are asking for feedback from early adopters who are willing to try out your beta version on their WordPress websites. Can you share some of your thoughts for a business/pricing model? How are you going to make sure Strattic is sustainable?

Strattic is looking for beta version testers

Our business model is a monthly or annual subscription. At the moment we are starting with pricing that is in line with the managed hosting industry (more or less), but this may change as we learn more about our users and target markets. In any case, according to our projections, we can get to break even relatively quickly. Of course, you might know the Yiddish saying: “Der mentsh trakht un got lakht” – Man plans and God laughs. So we’re always keeping our eye on the data and are ready to tweak our plans as we learn.

Final Thoughts

Where do you see Strattic in 5 years from today?

In five years Strattic will be a formidable player in the WordPress hosting space. We will also have launched some pretty cool and unheard of features and products related to optimizing websites and securing them.

What’s one good tip you can provide for developers who are looking to create a sustainable business around WordPress plugins or themes, or for WordPress agencies who run back-to-back client projects?

Developers: get user feedback early and often. Get beta users on board and don’t charge them. See if people will really spend the time getting to know your product, i.e. see if there’s enough of a pain point for them that they really need your product. Your product is only as good as users think it is. Also, get a great partner. Your mind only has so much knowledge and context. Another person’s perspective and brain make everything better. Also, you can cry together when things are painful.

WordPress agencies: word-of-mouth is the best possible way to get clients. See every project not only as a source of immediate revenue but as a stepping stone to your next clients. Every project makes you better, and every happy client means they’ll be happy to refer you to their network. Also, do something I never did – get someone on your team to just send out proposals. I should have done that because I too often dropped the ball on sending out proposals. I know that now because our new manager at illuminea, Aviva, is amazing at sending out the proposals which means more clients sign! Imagine that 🙂

Proposals are so annoying because they take a lot of time, and most leads will say no which is incredibly de-motivating. You need someone in the picture who isn’t emotional about it, and just sends them out, follows up, etc., because in many ways it’s also a numbers game.

Where do you see WordPress and the WordPress products ecosystem heading in 5 years from today?

As long as WordPress continues to innovate, particularly on the user experience side of things, it will continue to lead the website space. The community aspect of WordPress is critical to its continued success. There are all sorts of new website builders and approaches popping up all the time, but without the massive community of builders and developers, like WordPress has, they don’t really stand a chance of getting close to WP’s market share. At the same time, it’s on all of us to continue to evangelize WordPress to our local communities and continue helping others learn about WordPress and become users and/or builders/developers. That’s why I’m so glad we’ve restarted the Israeli community with monthly meetups, and hopefully a WordCamp in the next year.

We need to help people understand why WordPress, in many cases, is the best and only solution for their needs.

Miriam, thanks for taking the time to share your thoughts and ideas with our readers through this interview. I feel inspired by your passion for the WordPress business world and when I think of the fact that you’re actually doing all this while being a mom of seven kids… well, I just run out of excuses for myself. Thanks again and I wish you the best of luck in all your endeavors!

Kobe Ben Itamar

Published by

Bruno Carreço

“No more need for users to visit an external site to purchase the plugin, be redirected to PayPal, return back to site, then install premium plugin, then activate license! All the provided analytics are also very welcome.”

Bruno Carreço - Self employed plugin developer at Go Fetch Jobs Try Freemius Today

Hand-picked related articles