Ask the Expert: Q&A with Morten Rand-Hendriksen

February 26, 2018 in WordPress Security

Brought to you by SiteLock, Ask the Expert is our new Q&A series where we learn from industry innovators, thought leaders, and entrepreneurs about how they’re influencing their field. Throughout this series, you’ll find our interviewees share one commonality: they’re passionate about open-source content management systems (CMS), like WordPress, Joomla! and Drupal. Join us as we dive into a variety of subjects, including social media, blogging and website security.

We are excited to kick-off Ask the Expert with Morten Rand-Hendriksen, web developer, author, educator, and WordPress mover and shaker!

Morten (@mor10) is a senior staff instructor at LinkedIn Learning and with 60+ courses published on WordPress, web standards, design and UX, and future technologies. He also teaches Interaction Design at Emily Carr University of Art and Design, and contributes to WordPress core and community projects.

When he’s not working, you’ll find Morten playing with his son, reading philosophy and science fiction, talking to people about the internet and how it shapes our society, and wearing out his shoes on the ballroom dance floor.

Now let’s hear from Morten…

Q: As a web developer, what is your preferred open-source platform and why?

As a web developer, a core principle of my craft is to be as agnostic as possible and build solutions that work for everyone, everywhere. This is what drew me to open source in the first place. I used to work with more or less closed platforms like Flash, ASP.NET, and ColdFusion, but realized I was locking my clients into my preferred platform and limiting their ability to fire me and get someone else to take over the project. I’ve always believed in giving people freedom by granting them the capabilities necessary to control their own content and presence online. Open source software does exactly this in one way or another.

To be specific, my current development platform is a mishmash of different solutions. I do almost all my development on a Mac running BootCamp, and switch constantly between MacOS and Windows. That said, below is a list of some of my favorite platforms and why:

    • My current preferred code editor is Visual Studio Code. I’m not very faithful to my code editors and over the years I’ve used everything from Notepad++ and Emacs, to SublimeText, Atom, DreamWeaver, Expression Web, and NetBeans. To me, Visual Studio Code is the best current offering that combines my most used features from each of these platforms.
    • For Git I use SourceTree, partially because I am a visual thinker and appreciate the way this app shows me exactly what’s going on, but mainly because I hate the command line.
    • When I build projects, I am leaning more and more on task managers and automated processes. My current preferred option is Gulp, though that may change in the near future. The two packages in pretty much all my projects are Browsersync and PostCSS. I’m also in the process of adding Lighthouse to my standard setup, in part to automate accessibility testing.
    • When it comes to local hosting I am super old-school: On Mac I use MAMP Pro to run my local sites. On Windows I use WAMPServer. For the type of work I do, there is no need for spinning up giant virtual stacks and configuring servers. What I build must work everywhere, and MAMP/WAMP is a good facsimile for “everywhere”.
    • I recently switched my development browser from Chrome to Firefox, but I always do cross-browser testing in Chrome, Edge, Firefox, Opera, and Safari. Brave is next on my list for inclusion.
    • For documentation, my number one resource is MDN Web Docs.
  • Oh, and when I work with content management systems, my preference is WordPress, because WordPress makes sense to the people who end up using and managing the things I build.

Q: What advice do you have for web developers starting out?

My number one piece of advice is to learn the basics first: Build a solid foundation of HTML, CSS, and JavaScript, and familiarize yourself with principles like Inclusive Design (which encompasses accessibility), Resilient Web Design and Progressive Enhancement. At its core, the web is built on these technologies and principles, and knowing them well gives you the solid foundation needed to dive into more complex (and more attractive) things like JavaScript frameworks, Progressive Web Apps, Single Page Applications, and all the other new things that pop up on a weekly basis.

Working on the web means working in an industry where everything changes all the time. Having a solid footing in the things that make everything on the web work makes that possible.

Q: What security best practices should all web developers be following?

This isn’t a security practice, but it gives you the perspective necessary to take web security seriously: The internet is an information distribution network. It was built specifically to distribute information, and does this very well. Any attempt at securing information available on the internet is an attempt at counteracting what the internet was built to do. In other words, every blocker you put in place is only one bad password, missing patch, or clever hack away from being bypassed.

Instead of simply setting up blockers, the best thing you can do to safeguard yourself, your clients, and their content is to keep everything up to date and follow best practices, like writing valid code and enabling security monitoring on every site and server. It’s also very important to work on the assumption that something somewhere will fail, leaving your data vulnerable. The one key component missing from most security practices is a plan for when things go wrong. It’s important to not only fix the breach, but to remediate the results as well. As web developers, we have a duty of care to uphold and meet our users’ reasonable expectations. If we tell them their data is secure, we need security measures and processes to fix any negative outcomes from an inevitable breach.

Q: What prompted you to start teaching on and what’s your favorite part of teaching online?

I fell into teaching by accident. A long time ago I attended an event where a Microsoft evangelist gave me early access to a new software suite called Expression Studio. I challenged myself to build my latest client project using this software and started a blog to talk about it. If you go to the very first post of my personal blog you can see it for yourself.

To make a long story short, my blog posts somehow led to a book deal about Expression Web. This resulted in four books and a video series on the topic, which caught the eye of a recruiter at who roped me into doing a WordPress course. From that point on I was hooked.

My favorite part about teaching, whether in person or online, is figuring out how to help other people understand things. If you boil it down, my job is to learn complicated things, then figure out ways to pass that learning on to others so they don’t have to go through the same difficult learning process. This means I get to learn new things all the time (which causes me to forget a lot of things as well). It also ensures my focus is always on the end-user: The learner who comes to me to figure out how to solve a problem, level up their career, or make the jump into web development as a career. It’s a huge responsibility that keeps me on my toes and always makes me want to produce better content.

Q: You’ve been leading many discussions about the WordPress Gutenberg project this past year, including asking for better definitions and transparency of the scope Gutenberg, as well as highlighting concerns from the community on how it affects end-users and developer. How do you feel about the outcome of those discussions? Would you feel more positive or concerned about Gutenberg at this point?

Throughout my time in the WordPress community, people have asked me why I have so many issues with the application. My answer is, I don’t really have issues with the application, I have a deep rooted wish for it to be the best it can be. I see my role in the community as someone who asks the hard questions people either hesitate to bring up, are unwilling to answer, or didn’t consider.

When Gutenberg was announced, I immediately saw this would fundamentally change WordPress itself, the community, and the sites built with the application. In other words, this wasn’t merely a UI tweak but a major evolution that would impact the millions of WordPress users around the world . I felt the best way I could contribute was to make sure people knew what was going on, had a chance to provide input, and that the contributors were made aware of key issues, like accessibility and transparency. I also saw Gutenberg as our first real opportunity to gather data about how WordPress is really used, and employ a true user-centered design model, which is why I proposed the still stalled telemetry project.

Because of all this, I think many people have perceived me as an interloper or busybody, and I’m okay with that. That’s what happens when you constantly ask questions and point out thorny issues. Fortunately the development team understood what I was doing and embraced it in a way I never expected. They put me on stage at WordCamp US 2017 to talk about Gutenberg and what it means for the future of WordPress. If you watch that talk, you’ll see the answer to the last part of the question. Not only am I not concerned about Gutenberg (or WordPress Blocks as we should be calling it as it nears inclusion in WordPress core), I see it as a necessary next step in the evolution of WordPress. We are entering a whole new age of digital technologies and consumption, and the futuristic idea of XR (VR/AR/MR/CR) is just around the corner. WordPress was built for an age that is almost over, and to survive the next 5, 10 or 15 years, it needs to evolve. The REST API and Gutenberg Blocks are key pieces to this puzzle, and in my mind, a huge step in the right direction.

Q: 2018 marks the 15th anniversary of the WordPress software release. Will WordPress still be around in another 15 years?

Fifteen years is a very long time. To put things into perspective, the iPhone – and the concept of a touchable interactive web browser in your pocket – is only 11 years old. And Responsive Web Design was introduced just eight years ago. With the rapid emergence of new technologies across the entire web stack, from the server to the browser to the devices we use, the only thing I know about the future, is I have no idea what comes next, but I am excited to find out.

Will WordPress be around in 15 years as we know it today? My foggy crystal ball says no. Will some version or offspring of the open source project called “WordPress” exist? I hope so. The core philosophy of WordPress, to democratize web publishing, is about as close to a virtue as you can get in web terms. I think WordPress will live on in some form if we continue to keep that ideal as our primary focus and build solutions that enable users to publish their thoughts, ideas, and creations on the web. More importantly, if we stay true to this ideal, we can help move the web and the world forward. From my experience, the WordPress community is unique in its diversity and inclusion, and these values are worth sharing with the world.

Q: You’re doing a 365 project this year. Can you explain to our readers what that is, why you’re doing it, and what you’ve chosen for your project?

A 365 project is where you make progress toward a goal or project every day of the year, such as writing or photography. I started doing 365 projects a few years ago and found them to be a great intellectual and creative challenge. This year I’ve committed to doing something that’s been on my mind for two decades: Every day I am publishing one fragment of what will eventually become a fiction novel. The idea of the novel has grown and evolved in my head for a very long time. Finally writing it feels like a tremendous release. Ask me again in 10 months and see if I still feel the same.

If you’re curious and want to read a completely unedited novel one day at a time, I’m publishing the whole thing at Each month is one chapter, and at the end of each month I compile the fragments into a downloadable PDF and ePub so people can catch up. When I have time, I’ll also do a full redesign and start experimenting with some different ideas on the site itself. Turns out WordPress is not the greatest tool for publishing a book in individual fragments, at least not out of the box.

Q: You’re a parent and work remotely. How do you manage finding the balance between work and family?

I’ve worked from home for the past 10 years, so that part works quite well. With the birth of our son in 2016, a lot of things had to change, but between my wife and myself, we’ve managed to create a good structure for our lives. The key component for us was to make a clear separation between work and family spaces. We are fortunate enough to live in a house across two floors, so downstairs is work and upstairs is family time. I try to avoid bringing my computer upstairs unless absolutely necessary, and keep work things, like answering emails or messages, to an absolute minimum outside of work hours.

The privilege of getting to work from home is on full display right now: From my office, where I’m writing this, I can hear my son Leo, now 18 months old, stomping around upstairs and yelling incomprehensible nonsense. When I’m done answering these questions, I’ll head upstairs for a late lunch and some playtime with my tiny best friend, and then I’ll come down here again and keep working while he takes a nap.

The major downside to working from home is I don’t get enough exercise, but I’m trying to change that in 2018 by getting up absurdly early and going to the gym 3 times a week. Check in again in 10 months to see how well that’s going.

Q: You have over 13k followers on Twitter. How do you keep your followers engaged?

To be honest, I have no idea. I am not an expert Twitter user. To me the platform is mostly a venue to dump all my crazy thoughts so they don’t keep circling endlessly in my head. I try to share interesting things I find on the web, ideas and questions, and generally engage with anyone who wants to engage with me. The only rules I try to follow on Twitter are to never treat anyone, or anyone’s opinion, as lesser than mine, and to always engage in a meaningful discourse. I often engage with people who disagree with me, specifically to broaden my understanding of the world and how others perceive it. I always try to keep my conversations civil because every action we perform online is used by algorithms to pen us into impenetrable echo chambers and filter bubbles. On any day you might see me discussing WordPress, modern web standards, politics, taxes, health care, ethics, science fiction, dancing or extreme jazz metal. It all depends on my mood and what’s happening around me at the moment. I try to be as open and honest as possible, and I love to engage with other people to understand them and myself better. Maybe people just really like my live tweets about Dancing with the Stars?

Q: If you could give only one piece of advice to our readers about website security, what would that be?

Invest in a password manager and start using it today.

Follow SiteLock on Twitter (@SiteLock) for updates on our next Ask the Expert Series!

Latest Articles
Follow SiteLock