Julio Potier is a prominent figure in the WordPress security scene. Based in France, he developed SecuPress, a plugin that makes securing WordPress websites easy. He also co-founded WP Media, the company behind popular Plugins such as WP Rocket and Imagify.
Julio, thank you for agreeing to do this interview. Let’s start by getting to know a little bit about you. Tell us about your educational and professional background?
Thank you, Kobe, for the invitation! Well, I have been involved in computer science since I was a kid. I did my first courses in computer network and hardware maintenance back in 1999. Then, I started developing my first HTML pages in 2000, got started with PHP in 2001, did my first web security oriented stuff in 2002 and finally Delphi programs, in 2004. In 2008, I was recruited by a company selling the worldwide number one retail store software, where I worked until 2011. In 2010 I started my own business as a freelancer, creating, selling and securing existing websites and plugins, only on WordPress of course.
How did you become interested in web security?
Back in 2001, when I got started building PHP pages at the age of 22, my first pages were not secure, at all. Those pages had major security vulnerabilities and a friend of mine told me that I should do “this and that” to secure my code, or else, he could hack my website. This was a huge “wow” moment for me. From that point, I started to secure my PHP code and paying more attention at web security.
When I started building PHP pages, a friend of mine showed me how easy it was to hack my websites. This was a “wow” moment for me!Tweet
Why did you decide to develop a security plugin for WordPress sites?
Because I can tell that every website will, at some point, be a target for attacks. As you may know, big companies have already encountered this issue. NASA, Sony, and recently Uber, had a problem with stolen credit card data. As I was trying several competing security plugins, I couldn’t be sure how exactly they were securing the data. Not being completely satisfied with the existing solutions, I decided to create my own plugin. And even though competitors existed, I couldn’t understand what I was securing by using their product, I was not always okay with some features, so, I decided to create my own plugin.
Apart from WordPress security, you are also keen on sharing your insights in management and leadership. How important is it for you to share your experiences?
I love to share, to give, to train people. I think the ego is also a part of that, knowing that I’m good enough to teach something, but hey, this is the good part of the ego, right? So, with this blog written entirely in English (remember, I’m French), I wanted to look back at all the experiences and challenges that I’ve encountered throughout the years and share what I had learned. The purpose is to give tips and insights on good practices, but also to warn about bad practices and raise awareness of what-not-to-do.
What’s the WordPress security business landscape like in France? How active is your local WordPress community?
We have a very active WordPress security community here in France. We have our own Slack community (of which I am an administrator) with 1500 members and over 300 active discussions per day. In France, we host about 4 WordCamps a year in cities such as Paris, Lyon, Nantes, Bordeaux, Marseille and soon, Lille. We were selected to host the European edition of WordCamp in 2017!
The WordPress security business landscape is pretty easy to explain: I’m known as “Mister Security” because, sadly, I don’t have any French competitor. I don’t know anyone doing the same job as me, so, people are always asking me about security topics and sending me their clients to help with their website, which is the good part of the “sadly”.
Do you regularly attend WordPress community events such as WordCamps and Meetups? What was your most remarkable WordCamp experience so far?
I’m a “serial speaker”. I did about 20 WordCamps (or WP events with more than 50 people) as a speaker, from Paris to Montreal or from Sofia to London.
I’m also the organizer of the next WordCamp Paris 2018 (9th March, add it to your calendar!) and I will be responsible for the speakers. I was an organizer back in 2015 in Paris too, in charge of the Happiness Bar. Remember, the love to share 😉
In addition to that, I’m the creator of nordpress.com, a meetup near Saint-Omer, my neighbor and native town.
SecuPress has sponsored some WordPress meetups, like Meetup de Lille and Meetup de Tours. How did this help to bring added value to your company?
I guess it did, but the goal was to help those people to offer drinks and food for their attendees. Of course, showing SecuPress, my logo and stickers added more visibility, but it’s like any sponsorship. Don’t strictly think about ROI!
When sponsoring WP meetups do not think about the ROI – getting visibility for the company logo, stickers etc. is a nice bonus.Tweet
Apart from launching SecuPress, you also co-founded WP Media, the company behind the popular caching plugin ‘WP Rocket’ and the image optimization plugin ‘Imagify’. How did you get involved in the founding of WP Media?
Yes, I was a co-founder. Back in april 2013, Jonathan Buttigieg released a small script on his blog named “WP Cache Machine” (Fr) (pun intended). It was kind of a WP Rocket v0.1. I started to improve it since day 1, then, Jonathan asked me if I could share it, which I did. He later asked me if I would like to join him and his friend Jean-Baptiste Marchand-Arvier and help them to create a business around website performance, creating a better plugin and providing support. We did!
In May 2017 we split. I left WP Media to pursue SecuPress, I don’t have any stock action involved there. I’m currently running solo and free to do what I want, and I love that.
It’s been a year since you launched the official non-beta version of SecuPress Pro. Congratulations! What were the most significant challenges that you managed to overcome over the course of this first year?
Of course, the split from WP Media was the biggest challenge of the year. Going from “I can count on a CEO, COO, Designer, Developer, Marketer” to “You are alone now” in one day is a big challenge. You have to set new priorities, focus on multiple things at once. But hey, I’m fine, the business is fine, so can I say “Job’s done!”?
Recently, you have introduced multi-currency pricing. What’s been the reaction of your visitors so far? Have you noticed any increase in the conversions/renewals?
Well, I do not sell more, but I sell in euros more than in dollars! It was predictable of course. It took me a few days to set up and it was done. Like the post says, I did it for the people, to prevent them from absorbing bank fees. But as you ask, I was wondering if this could lead to a better conversion rate, and the answer, for now, is “No”.
Subscribe and grab a free copy of our
WordPress Plugin Business Book
Exactly how to create a prosperous WordPress plugin business in the subscription economy.
Share with a friend
Enter your friend's email address. We'll only email them this book, scout's honor.
Thank you for sharing
Awesome - a copy of 'The WordPress Plugin Business Book' was just sent to . Want to help us spread the word even more? Go on, share the book with your friends and colleagues.
Thanks for subscribing!
- we just sent your copy of 'The WordPress Plugin Business Book' to .
Have a typo in your email? click here to edit the email address and send again.
Earlier this year, one of your competitors – Sucuri security – was acquired by GoDaddy. How do you see this? What kind of impact do you think this might have on the WordPress security market?
I don’t really know GoDaddy well, I have to admit. The thing is that some Sucuri partners, such as hosts, have left because they don’t want to be partners with a competitor, which is nonsense. So, just because of this, I would say, it’s not a good idea. However, I don’t have enough information to judge.
If you got to go back in time to when you were just starting with SecuPress, would you do anything differently?
Yes, I would have had an M.V.P., as SecuPress should have been released earlier. We decided to wait for SecuPress to be as big, as powerful, as useful, as beautiful (even more) than competitors, so, it took time, too much time. Time costs a lot when there are many people working on a product. So, I would clearly say “release quickly!”.
I would clearly say “release quickly!”, because the longer you take, the more it costs you.Tweet
You publish a magazine with very valuable tips and advice on how to launch and run a successful WordPress business. Would you consider launching an English version for those of us who do not speak French?
Why not!? If there will be enough English speakers to read it, I could take the time to translate it. Let me know in the comments below if you’re interested 😉
Can you share with us some of your plans for the future? Where do you see yourself and your WordPress business in 5 years?
In the near future, I’ll partner with hosts to give them the possibility to offer SecuPress Pro for free for any of their users. Securing a website should be accessible to anyone!
In 5 years? Wow, on the Internet, even 1 year is a long time. I think I’ll still be selling SecuPress of course, still doing trainings, being a speaker, organizer, still auditing plugins and extensions.
Maybe my marketing division will grow more… I would like to use this skill to sell other services or trainings, why not?