During the past year, I gave a few talks about my story – side project to WordPress plugin business. The question that I always get is – “How do I start? I don’t have an idea for a plugin?”. My answer is simple: you don’t need to be a rocket scientist to start a plugin, and you don’t have to reinvent the wheel.

This post is the first out of many interviews with WordPress plugin business owners. Our goal is to inspire and encourage WordPress enthusiasts to get into the plugins world by sharing authentic stories from people, like you and I, who are solving a problem they feel passionate about, and organically turned that into a plugin business. If you are in that category, we would love to get in touch and set up an interview. Please contact us via interview@freemius.com

Let’s get started…

Today I’m excited to interview Robert Abela, a WordPress security expert, and the developer of WP Security Audit Log. Robert is a consultant by day and a plugin developer by night.

Thanks Robert for answering these questions that I’m sure will inspire our plugin developers and plugin business owners. I want to start off by asking you about Malta, one of the most beautiful Mediterranean Islands.

How was growing up in a tiny and magical heaven?

Hello Vova, thank you for having me on this interview. Malta is indeed a magical heaven. Growing up it was everything I could ask for; picturesque villages, great weather, beautiful beaches, laid back lifestyle, great food and everything is just a few minutes away. It is also a very safe country so you can go everywhere anytime. Living in one of the smallest independent countries in the world also has its downs. Everyone knows everyone and outdoors & work opportunities are relatively limited. In fact, I moved to Scotland, to be able to enjoy the outdoors but I still go back few times a year to enjoy some BBQs and share a few beers with my old buddies under the Mediterranean sun.

What is your background? Did you study computer science or engineering?

Originally I wanted to become an auto mechanic, cars and engineering always fascinated me. Though my father pushed me into studying electronics, since back then it was the trend.

While studying electronics, I got sponsored by a computer shop and as a part time, I started fixing hardware such as dot matrix printers and computer motherboards. Yes, back then we used to repair motherboards. Though I was always more interested in the software side of things so when there was a software-related problem I made sure I worked on it. At the same time, a friend of mine started working for a software company that imported two Pentium-1 servers with an SCSI RAID controllers. Since I had knowledge on hardware, they asked me if I could configure the RAID controller and install Windows NT 3.5 on them. Somehow I managed to get them up and running, and their CEO offered me a job on the spot. I dropped out of school, quit my part time job, and the rest is history.

Why did you start to focus on the security niche?

I started working as a software tester, and back then I didn’t even knew what an IP address was. But I was determined to learn, and I spent a lot of late nights at the office, studying and experimenting. Sometimes I even slept at the office. I was lucky because I had a whole lab to myself during the evenings. Once I had enough knowledge, I started applying for different jobs within the same company and managed to work my way up to lead systems engineer. My office mate was the security professional of the company and since we had to work together on several projects we taught each other a lot of things. We used to hang out together after work as well and do crazy early twenty-year-old staff, such as experimenting with pay phones, sim cards, war driving, etc. I must admit that I’ve learnt much more from him than he did from me.

Do you recall when you first started to interact with WordPress? Tell us the story.

I was a product manager for a web security software company called Acunetix. We needed to set up a blog to start documenting our research back in 2008 and found out about WordPress. For the first few months I was just another WordPress user, but then we noticed that WordPress is a real growing market. I remember finding out about Sucuri when it was a two or three man band, so we decided to build our WordPress security service. We developed a service called WebsiteDefender. The product itself was very good and had some real cutting-edge technology, some of which I haven’t seen till this day. Though the strategy was wrong. So after a few months; we had to pull the plug. Though we have all learnt a lot from that product and even though Acunetix stopped thinking about WordPress, I didn’t.

What was the first trigger to build your WordPress plugin?

Throughout my career I always worked for software startups, so when I went solo I wanted to have my own thing. Considering I had some time on my hands and development was never my thing, I decided to learn PHP so I can write my own WordPress plugin. I chose to write a WordPress plugin because I had a genuine interest in WordPress and it does not require as many resources as developing other solutions. At this stage I never thought or looked at the project as a means of generating income, that is just a result of what I was experimenting with.

I chose to develop WP Security Audit Log because there was no proper audit log plugin and I needed it for a various WordPress jobs. Also, the idea of it sounded very easy; use hooks to monitor what is happening and report what you’ve found. Damn, I was so wrong! I did write some code myself and developed the early versions of the plugin but considering my forte is not development, I chose to team up with a friend of mine. Nowadays I take care of everything except the actual code writing.

Why did you choose to monetize with add-ons over other models?

After a few releases we already had a strong user base. This was an indication that there was a gap in the market that we could fulfill. To keep up the momentum of users’ growth, we simply had to put in more hours. Though “free” does not pay the rent and pizza, so if we wanted to put in more hours and build a more robust product, and provide the professional support we needed to generate some income from the plugin.

Before monetizing the project, I looked at several different models. One thing I did not want to do is take out any of the functionality that renders the plugin useless, for example, limit the number of alerts in the audit log. In fact, the audit log functionality was and will always be free. I also realised that not everyone would want every paid feature, so rather than simply going to a free vs. paid model I opted to use the add-ons model. Though such approach also makes it a bit more expensive if you need to buy all the add-ons. So lately, I launched an add-ons bundle because some people do require all functionality.

How is your daily schedule looks? Are you working from a home office? How many hours a week do you spend on the plugin?

I am typically quite busy, and I work from home most of the time. I start working at 6 am and stop at 8 am for breakfast with the family. Then it depends! I usually stop for a quick jog, lunch and dinner, but I am always at my desk, sometimes even till midnight. Occasionally I do try to go out and work from a different place, but I tend to find it difficult to concentrate. When I am at home, I’m in my zone, so I prefer to work from here. On average, we spend around 5 hours a day on the plugin, and it is never enough. So far support was very quiet, so we mostly concentrate on including new functionality in the plugin and add-ons, testing (very important) and, of course, all the other staff such as marketing, PR, etc.

If you had to use another CMS besides WordPress, which one would you choose?

I do not have enough experience on other CMSs to tell you which one would I choose. Offhand I would say Joomla! Simply because some friends of mine had used it before and they liked it.

What are your goals for 2016?

If I continue to see the same growth regarding install base and add-on sales I would be more than happy. I also have a couple of ideas for new plugins (who doesn’t?) and would like to have some free time to develop them. Though I think I have to shelf these ideas for now since our main focus is to continue improving and growing WP Security Audit Log. The To Do and New Features lists are too long. Hence, they will keep us busy for quite a while.

What is the most important business advice you can give to plugin developers?

I started my own business late because I was not confident in my abilities. I always thought that I do not know enough hence my corporate career was quite long. Though I was wrong, very wrong. Today I am sorry I did not leave at least five years earlier. If you have an idea, and you can afford to work on it, go for it. Even though it is important to have some working experience before giving it a shot on your own, you will never know enough. And unless you try you won’t know if you’re good at it or not.

If you have an idea, and you can afford to work on it, go for it! ~ Robert AbelaTweet

Also, you’ll always have to put in the hard work and long hours. It’s a marathon, not a sprint. Very few companies really made a quick huge success, so even though many might make it sound like an easy task, selling a WordPress plugin is not. Any business venture is not an easy journey. But once you break through, even when you earn the first $59 sale you’ll be on cloud nine.

If you think a corporate career is rewarding, try this. Yes from time to time stress kicks in, the to-do list is longer that the supermarket shopping list of a family of six, but I am happy to have chosen this path and never looked back or thought about going back.

Thank you so much Robert for your time!

Please use the comments to ask Robert any questions, provide your feedback on how can we improve the interviews or suggest yourself (or others) for an interview on our blog. Thanks!