Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WordCamp DC 2017

WordCamp DC 2017

77ea5053277016d84181992646105c5b?s=128

Daniel Olson

July 14, 2017
Tweet

More Decks by Daniel Olson

Other Decks in Technology

Transcript

  1. None
  2. None
  3. 7.74 Billion USD FY17 Operating Budget

  4. 7.74 Billion USD FY17 Operating Budget 24,000+ Employees

  5. 7.74 Billion USD FY17 Operating Budget 24,000+ Employees IT Department

    Managed Web Hosting
  6. U Penn

  7. None
  8. Dan Olson COO, DigitalCube @emaildano

  9. Dan Olson COO, DigitalCube @emaildano I develop WordPress SaaS
 Products

    on AWS
  10. Dan Olson COO, DigitalCube @emaildano I develop WordPress SaaS
 Products

    on AWS I work 100% remotely
  11. Dan Olson COO, DigitalCube @emaildano I develop WordPress SaaS
 Products

    on AWS I work 100% remotely Lifelong Air-guitar Player
  12. Alternative Hacks: WordPress Security from
 the Outside Looking In

  13. Why Care?

  14. Why Care? Client Responsibility

  15. Client Responsibility Personal Responsibility Why Care?

  16. Workflow

  17. Old Habits Die Hard Workflow

  18. Sh*t happens
 learn from your mistakes Workflow

  19. Discuss a disaster plan
 ..with your clients Workflow

  20. Lobby for the right fix
 not the quick fix Workflow

  21. Compromise
 (but document) Workflow

  22. Get a Password Manager Workflow

  23. Your clients depend on you Workflow

  24. Localhost 3000

  25. If your data is in one place
 it’s in no

    place Localhost 3000
  26. Backup efficiently
 not aggressively Localhost 3000

  27. Git yourself a VCS Localhost 3000

  28. The Wild West aka The Internet

  29. VPN Always
 Not just for WordCamp :) The Wild West

    aka The Internet
  30. VPN Always
 Not just for WordCamp :) The Wild West

    aka The Internet
  31. SFTP over FTP The Wild West aka The Internet

  32. Protect your data in transport The Wild West aka The

    Internet
  33. SSH, SFTP, HTTPS The Wild West aka The Internet

  34. Deploy

  35. Again SSH or SFTP, Always Deploy

  36. Automated deploys with
 Continuous Integration Tools Deploy

  37. Web Hosting

  38. Find the right fit Web Hosting

  39. Use a Firewall to
 Limit IPs and Ports Web Hosting

  40. SLAs for Clients and Providers Web Hosting

  41. When in doubt follow the docs Web Hosting

  42. Tinfoil Hat File Permissions Web Hosting

  43. That Stack Overflow 777 person
 is not your friend Web

    Hosting
  44. Put your server to work Web Hosting

  45. Serve static 404s or 403s
 to keep the resources where

    they matter Web Hosting
  46. Block Brute Force Attempts at
 the Server level not WordPress

    level Web Hosting
  47. Go Serverless
 WordPress to Static Web Hosting

  48. None
  49. Web Hosting

  50. WordPress Security & Plugins
 IMHO

  51. Do you really need one? Yes. WordPress Security & Plugins

  52. Plugins are not a cure-all WordPress Security & Plugins

  53. More != Better WordPress Security & Plugins

  54. Learn what they actually do
 Learn how they differ WordPress

    Security & Plugins
  55. Security through obscurity
 is not security WordPress Security & Plugins

  56. Hashing and MD5 Try bcrypt, scrypt, etc. WordPress Security &

    Plugins From WordPress.org “MD5 is used by default
 because it's supported on all platforms.”
  57. Alternative Hacks: WordPress Security from
 the Outside Looking In