Hacked by an 11-Year-Old

The Wordfence team recently sponsored and attended WordCamp Atlanta. Instead of doing the usual boring corporate thing with our booth, we decided to host a capture the flag, or CTF contest. A CTF is essentially a hacking contest. It is a series of puzzles that the contestant needs to solve. They might include decrypting an encrypted piece of text, performing a challenge involving a browser and website, or hacking into something we set up.

CTFs have been held at security conferences for decades. We decided to bring a CTF to WordCamp in order to help WordPress site owners learn to think like hackers. If you know how hackers think, you can do a better job of defending your site. We made this CTF very accessible, so that people with a wide range of abilities could participate.

The CTF started at 10am on Saturday morning and ran until noon Sunday. It was hosted online and anyone could participate, although we only promoted it to WordCamp attendees. You also had to be at WordCamp Atlanta to be eligible for a prize.

We had some amazing prizes including coffee mugs if you passed level 1, lock pick sets if you passed level 3, and then game consoles as the top prizes including a full Playstation VR setup and game for first prize.

It was a huge amount of fun because to promote the CTF, we gave lock picking lessons at our booth. It’s really cool to see someone pick a lock for the first time. They’re always so surprised when it pops open.

By the time Sunday morning rolled around, we looked at the leaderboard and realized we had a real contest on our hands. A young man by the name of Grayson came to our booth and said he was competing. We asked him what his username was and were surprised to learn he went by ‘Unstoppable’ and was in 6th place. That was really impressive because we had quite a few contestants.

I chatted with his Dad and suggested we might give him a prize for making it so far as an 11-year-old. Well… that wasn’t necessary.

At about 11:30am on Sunday, Matt Barry, our lead developer and the contest designer, started calculating who the winners were. We had to eliminate people who weren’t physically at the conference. Once we had the final list, Grayson our 11-year-old contestant, had arrived in third place and he remained there as the contest ended.

I got on stage to hand out the top three prizes to first, second and third. I told the room with about 400 people the story of how we assumed an 11-year-old would need a consolation prize and that, actually he just hacked his way into third place to take one of our top prizes. The crowd went kinda wild as Grayson stepped onto the stage to collect. Here he is (published with Dad’s permission):


I’m expecting this young man will soon start his career as a world-class security researcher. We had an opportunity to chat about security as a career and how researchers think – and I’m sure he has an amazing future ahead of him.

I’d like to thank our other contestants and congratulate Mike V who took our top prize and our second prize winner Adam S. Thanks very much to all of our other participants, you guys made it an amazing game.

This is a photo of Tim Cantrell from the Wordfence team teaching a group of kids about cyber security at WC Atlanta. On his right is Matt Barry, our CTF designer.


This is Tim Cantrell and his son Evan manning the Wordfence booth:


Late on Saturday night we threw an impromptu lock picking party with some of our fellow sponsors who are also security researchers along with a few attendees. I won’t post any photos from that to protect the not-so-innocent, but here is a photo of one of our newly minted lock-pickers in action.


Attending and sponsoring WordCamp Atlanta was a huge success for us for many reasons. What we learned from our customers and from the WordCamp community alone made the event an incredible success for us.

From myself and our team, I’d like to extend our heartfelt thanks to the organizers and volunteers who made WordCamp Atlanta possible. It’s an incredible amount of work and without you the event would not be possible.

My team and I are looking forward to attending more WordCamps this year and, who knows, we might even bring our lock-picking gear and a few other fun hacker toys with us.


Previous articleNet neutrality will end on June 11
Next articleCall For Researchers: Blockchain Technology Impact on Records

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.