WordCamp for Publishers 2017

Transcript

1. Daniel Olson @emaildano

2. Daniel Olson @emaildano Daniel Olson COO, DigitalCube @emaildano

3. Daniel Olson @emaildano Daniel Olson I develop WordPress SaaS
 products

   on AWS

4. Daniel Olson @emaildano Alternative Hacks WordPress Security from
 the Outside

   Looking In

5. Daniel Olson @emaildano Why Care? About WordPress Security

6. Daniel Olson @emaildano Client Responsibility Why Care?

7. Daniel Olson @emaildano User Responsibility Why Care?

8. Daniel Olson @emaildano Personal Responsibility Why Care?

9. Daniel Olson @emaildano Sh*t Happens Learn from your mistakes

10. Daniel Olson @emaildano Old Habits
 Die Hard

11. Daniel Olson @emaildano Secure Secure

12. Daniel Olson @emaildano Approach security as a design problem
 and

    less of a technical problem

13. Daniel Olson @emaildano sourcemaking.com @sourcemaking

14. Daniel Olson @emaildano Workflow

15. Daniel Olson @emaildano Workflow Find that weak link and fix

    it

16. Daniel Olson @emaildano Workflow Lobby for the right fix Not

    the quick fix

17. Daniel Olson @emaildano Workflow Lobby for the right fix Not

    the quick fix (But compromise)

18. Daniel Olson @emaildano AntiPattern
 - SourceMaking - “commonly occurring solution

    to a problem that generates decidedly negative consequences”

19. Daniel Olson @emaildano Design Pattern
 - SourceMaking - “An approach

    to a solution to a commonly occurring problem that’s repeatable and
 is not a finished design”

20. Daniel Olson @emaildano Workflow ⇣ AntiPattern ⇣ Design Pattern

21. Daniel Olson @emaildano Workflow Versioning Release Candidates for
 Personal Micro

    Improvements
22. None

23. Daniel Olson @emaildano A Few Ideas

24. Daniel Olson @emaildano Disaster Plans Workflow – AntiPattern – Design

    Pattern

25. Daniel Olson @emaildano Disaster Plans Discuss them, early and often

26. Daniel Olson @emaildano Disaster Plans Total Data Loss Client or

    Customer Data Hack Unexpected downtime

27. Daniel Olson @emaildano Disaster Plans Workflow – AntiPattern – Design

    Pattern

28. Daniel Olson @emaildano Disaster Plans No Plan Partial Backup File

    only no config No SLA

29. Daniel Olson @emaildano No Plan?

30. Daniel Olson @emaildano No Plan? Get one

31. Daniel Olson @emaildano Partial Backups

32. Daniel Olson @emaildano Partial Backups Backup efficiently, not aggressively

33. Daniel Olson @emaildano – Someone “If your data is in

    one place, it’s no place.”

34. Daniel Olson @emaildano Files only no config

35. Daniel Olson @emaildano Files only no config 12 factor app

    principles

36. Daniel Olson @emaildano The Twelve Factor App 12factor.net

37. Daniel Olson @emaildano – III. Config — The 12 Factor

    App “Apps sometimes store config as constants in the code. This is a violation of twelve-factor, which requires strict separation of config from code. Config varies substantially across deploys, code does not.”

38. Daniel Olson @emaildano No SLA

39. Daniel Olson @emaildano No SLA Define who’s responsable for what

    Broad and Narrow

40. Daniel Olson @emaildano Hosting Workflow – AntiPattern – Design Pattern

41. Daniel Olson @emaildano Web Hosting Find the right fit

42. Daniel Olson @emaildano Web Hosting Hammered with bot traffic Secure

    Connections Recovery, Scaling, Automation

43. Daniel Olson @emaildano Bot Traffic Put your server to work

    and serve static 404s
 with NGINX, Apache, or .htaccess

44. Daniel Olson @emaildano Secure Connections

45. Daniel Olson @emaildano Secure Connections Limit IPs and ports Force

    SFTP or SSH over FTP HTTPs Always

46. Daniel Olson @emaildano Recovery, Scaling, Automation Does your host provide

    this? Again, config as code Go JAMStack or Serverless

47. Daniel Olson @emaildano –JAMStack
 jamstack.org “Modern web development architecture based

    on client-side JavaScript, reusable APIs, and prebuilt Markup.”

48. Daniel Olson @emaildano Go Serverless WordPress to Static

49. Daniel Olson @emaildano Go Serverless WordPress to Static Scale Verically

    and Horizontally
50. None

51. Daniel Olson @emaildano WordPress Plugins

52. Daniel Olson @emaildano WordPress Plugins They are not a cure-all

    Definitely still need them More != Better

53. Daniel Olson @emaildano WordPress Plugins Learn what they actually do

    Can that apply to config as code?

54. Daniel Olson @emaildano Tinfoil File Permissions

55. Daniel Olson @emaildano Tinfoil File Permissions When in doubt, follow

    the docs 777 Stackoverflow guy is
 not your friend

56. Daniel Olson @emaildano Hashing and MD5

57. Daniel Olson @emaildano – WordPress.org “MD5 is used by default

    because
 it’s supported on all platforms”

58. Daniel Olson @emaildano Hashing and MD5 Try bcrypt, scrypt, SHA256

59. Daniel Olson @emaildano Thank you!

60. Daniel Olson @emaildano Daniel Olson COO, DigitalCube @emaildano

61. Daniel Olson @emaildano Alternative Hacks WordPress Security from
 the Outside

    Looking In https://speakerdeck.com/emaildano