Two decades
inside the web
as it kept rewriting
itself.
I’m Jason, a hosting industry insider with experience across open-source CMS platforms, control panels, cloud infrastructure, and the events that bring the industry together. Today, I focus on building partnerships, programming industry summits, and documenting what is happening across the hosting ecosystem.

- Jul 11, 2026
Stop Taking the Express Lane Through Input Validation
Three major security flaws in one week prove that cutting corners on file validation logic is the fastest way to lose the keys to the castle.
Read more→ - Jul 11, 2026
The Price of Admission is No Longer Zero
Watching the silent death of the free hosting tier reveals a shift from developer goodwill to spreadsheet-driven reality.
Read more→ - Jul 11, 2026
More Than a Blog: Welcome to the New JasonNickerson.online
For years, JasonNickerson.online was primarily a place for me to publish the occasional blog post. It followed me through different jobs, projects, events, hosting companies, and several chapters of my career — but it never fully represented the scope of what I was doing across the web industry. That has now changed.
Read more→
A career told
through platforms.
The early 2000s were the good years for tinkerers. PHP-Nuke and osCommerce were how you learned to ship on the open web. I went deep on Joomla for the better part of a decade — contributing to the project, organizing its community, and eventually crossing over into the WordPress orbit that swallowed everything.
From there the story is a tour of the hosting stack: cPanel, the managed cloud era at Cloudways and DigitalOcean, the events circuit at Domain Days Dubai and Atlas Digital Summit, and the publishing side at webhosting.today. Today: backup and disaster recovery at JetBackup.
The through-line is community — the conferences, the summits, the group chats where the industry actually decides what happens next.
Twenty-something years,
in reverse.
- 2026 —FounderAtlas Digital Summit
Private gatherings for hosting leaders, AI infrastructure innovators, and the builders of the agentic web.
- 2026 —FounderConf64
The Conference Operating System for Business Development and Field Marketing Teams.
- 2026 —Co-FounderSuperDeploy
The advanced migration engine for AI applications. Seamlessly transition your codebase to independent, production-grade infrastructure in minutes.
- 2024 —Business Development & Partnerships ManagerJetBackup
Backup and disaster recovery for the hosting ecosystem.
- 2023 —Chief Marketing Officer, Founding TeamDomain Days Dubai
MENA’s domain and digital asset conference.
- 2025 – 2026Director of Business Developmentwebhosting.today
Contract · Business development and partnerships for the hosting publisher.
- 2021 – 2023Senior Manager, WordPress Business Unit → Lead Community Marketing Manager IICloudways / DigitalOcean
Full-time · WordPress community, field marketing, and sales enablement through the acquisition.
- 2019 – 2021Marketing ManagercPanel
Full-time · Event planner and marketing strategist for 500–3,000 attendee events and virtual series.
- 2017 – 2019FounderCMS Summit
The global CMS conference.
- 2007 – 2019CEO | FounderJoomlaxtc.com / Monev Software LLC
Premium Joomla templates and extensions. 101,000+ members, 10,000,000+ downloads.
- 2015 – 2019Board Member, Capital Team ChairJoomla! Project
Leadership, sponsorships, and partnerships for the open-source CMS.
- 2001 – 2005DeveloperPHP-Nuke · osCommerce era
First shipping code in the early open-source web.
WordPress Threat Brief: 246 New Vulnerabilities & High-Risk RCE Exploits
Critical CVEs and RCE Alerts
- WPFunnels RCE: CVE-2026-14345 identifies an Unauthenticated Remote Code Execution vulnerability in the WPFunnels plugin (versions up to 3.12.7) [7].
- Amelia Information Disclosure: CVE-2025-2578 impacts the Amelia plugin, allowing unauthorized access to sensitive information [6].
- GEO my WP: A new vulnerability (CVE-2026-15300) has been logged for this plugin [9].
- Run Log CSRF: CVE-2025-9627 affects the Run Log plugin, enabling Cross-Site Request Forgery [10].
Backdoors and Active Campaigns
- WP-SHELLSTORM: Data from an exposed hacker server has revealed a campaign known as "WP-SHELLSTORM" specifically designed for backdooring WordPress sites [1].
- Auth Bypass: Attackers are actively targeting flaws that allow authentication bypass without valid credentials; specific firewall rules have been deployed to mitigate this [8].
Ecosystem Vulnerability Volume
- Weekly Stats: A total of 246 vulnerabilities were disclosed between June 29 and July 5, 2026, affecting 179 plugins and 40 themes [2], [4].
- Volume Trends: The ecosystem continues to see approximately 250 new plugin vulnerabilities disclosed weekly [8].
Core and Infrastructure Updates
- WordPress 7.0.1: This maintenance release includes 31 bug fixes, notably improving PHP compatibility and addressing a security-related function [5].
- Attack Surface: Security plugins frequently report "blocked attacks" for plugins not installed on the server due to broad automated scanning by threat actors [3].
On the
road.
Conferences, summits, and WordCamps I’ll be at in the months ahead.
- Aug 16 – 19, 2026
- Sep 28 – 29, 2026
- Domain Days DubaiRescheduled
New dates to be announced.
Oct 15 – 16, 2026 - Nov 11 – 12, 2026
- State of the WordDec 2026
- Mar 15 – 18, 2027
When the servers
go quiet.
A small digital label putting out industrial house, progressive house, and dubstep. A different kind of open protocol.
Twenty years of showing up for the projects, communities, and voices that keep the open web open.
A news portal covering the hosting and domain industry — and a running excuse to keep talking to the people who build it.