Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
WordCamp for Publishers 2017
Search
emaildano
August 18, 2017
Technology
2
580
WordCamp for Publishers 2017
emaildano
August 18, 2017
Tweet
Share
More Decks by emaildano
See All by emaildano
Shifter オンラインミートアップ ザ・ホワイトベルト!
emaildano
0
750
Lift and Shift WordPress to the Jamstack
emaildano
1
130
Crash Course on Static WordPress in ~5 minutes (or less)
emaildano
0
66
Developing with WordPress, the JAMstack way
emaildano
2
1.6k
3 things I believe in and why I joined DigitalCube
emaildano
0
3.5k
The Future is SaaS
emaildano
0
82
Let's Build a Better WordPress @ WordCamp NYC 2018
emaildano
0
110
On Demand Dev with Docker + WordPress @ WordCamp Europe 2018
emaildano
0
620
Serverless PHL - March 2018
emaildano
0
380
Other Decks in Technology
See All in Technology
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310
AWS CDKでデータリストアの運用、どのように設計する?~Aurora・EFSの実践事例を紹介~/aws-cdk-data-restore-aurora-efs
mhrtech
4
650
プロダクトエンジニアが活躍する環境を作りたくて 事業責任者になった話 ~プロダクトエンジニアの行き着く先~
gimupop
1
480
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.6k
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
3
330
顧客が本当に必要だったもの - パフォーマンス改善編 / Make what is needed
soudai
24
6.8k
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1.1k
来年もre:Invent2024 に行きたいあなたへ - “集中”と“つながり”で楽しむ -
ny7760
0
470
ネット広告に未来はあるか?「3rd Party Cookie廃止とPrivacy Sandboxの効果検証の裏側」 / third-party-cookie-privacy
cyberagentdevelopers
PRO
1
130
話題のGraphRAG、その可能性と課題を理解する
hide212131
4
1.5k
Product Engineer Night #6プロダクトエンジニアを育む仕組み・施策
hacomono
PRO
1
470
Featured
See All Featured
Bash Introduction
62gerente
608
210k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
Code Reviewing Like a Champion
maltzj
519
39k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
14
1.9k
Making the Leap to Tech Lead
cromwellryan
132
8.9k
Art, The Web, and Tiny UX
lynnandtonic
296
20k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
The Language of Interfaces
destraynor
154
24k
Fontdeck: Realign not Redesign
paulrobertlloyd
81
5.2k
Transcript
Daniel Olson @emaildano
Daniel Olson @emaildano Daniel Olson COO, DigitalCube @emaildano
Daniel Olson @emaildano Daniel Olson I develop WordPress SaaS products
on AWS
Daniel Olson @emaildano Alternative Hacks WordPress Security from the Outside
Looking In
Daniel Olson @emaildano Why Care? About WordPress Security
Daniel Olson @emaildano Client Responsibility Why Care?
Daniel Olson @emaildano User Responsibility Why Care?
Daniel Olson @emaildano Personal Responsibility Why Care?
Daniel Olson @emaildano Sh*t Happens Learn from your mistakes
Daniel Olson @emaildano Old Habits Die Hard
Daniel Olson @emaildano Secure Secure
Daniel Olson @emaildano Approach security as a design problem and
less of a technical problem
Daniel Olson @emaildano sourcemaking.com @sourcemaking
Daniel Olson @emaildano Workflow
Daniel Olson @emaildano Workflow Find that weak link and fix
it
Daniel Olson @emaildano Workflow Lobby for the right fix Not
the quick fix
Daniel Olson @emaildano Workflow Lobby for the right fix Not
the quick fix (But compromise)
Daniel Olson @emaildano AntiPattern - SourceMaking - “commonly occurring solution
to a problem that generates decidedly negative consequences”
Daniel Olson @emaildano Design Pattern - SourceMaking - “An approach
to a solution to a commonly occurring problem that’s repeatable and is not a finished design”
Daniel Olson @emaildano Workflow ⇣ AntiPattern ⇣ Design Pattern
Daniel Olson @emaildano Workflow Versioning Release Candidates for Personal Micro
Improvements
None
Daniel Olson @emaildano A Few Ideas
Daniel Olson @emaildano Disaster Plans Workflow – AntiPattern – Design
Pattern
Daniel Olson @emaildano Disaster Plans Discuss them, early and often
Daniel Olson @emaildano Disaster Plans Total Data Loss Client or
Customer Data Hack Unexpected downtime
Daniel Olson @emaildano Disaster Plans Workflow – AntiPattern – Design
Pattern
Daniel Olson @emaildano Disaster Plans No Plan Partial Backup File
only no config No SLA
Daniel Olson @emaildano No Plan?
Daniel Olson @emaildano No Plan? Get one
Daniel Olson @emaildano Partial Backups
Daniel Olson @emaildano Partial Backups Backup efficiently, not aggressively
Daniel Olson @emaildano – Someone “If your data is in
one place, it’s no place.”
Daniel Olson @emaildano Files only no config
Daniel Olson @emaildano Files only no config 12 factor app
principles
Daniel Olson @emaildano The Twelve Factor App 12factor.net
Daniel Olson @emaildano – III. Config — The 12 Factor
App “Apps sometimes store config as constants in the code. This is a violation of twelve-factor, which requires strict separation of config from code. Config varies substantially across deploys, code does not.”
Daniel Olson @emaildano No SLA
Daniel Olson @emaildano No SLA Define who’s responsable for what
Broad and Narrow
Daniel Olson @emaildano Hosting Workflow – AntiPattern – Design Pattern
Daniel Olson @emaildano Web Hosting Find the right fit
Daniel Olson @emaildano Web Hosting Hammered with bot traffic Secure
Connections Recovery, Scaling, Automation
Daniel Olson @emaildano Bot Traffic Put your server to work
and serve static 404s with NGINX, Apache, or .htaccess
Daniel Olson @emaildano Secure Connections
Daniel Olson @emaildano Secure Connections Limit IPs and ports Force
SFTP or SSH over FTP HTTPs Always
Daniel Olson @emaildano Recovery, Scaling, Automation Does your host provide
this? Again, config as code Go JAMStack or Serverless
Daniel Olson @emaildano –JAMStack jamstack.org “Modern web development architecture based
on client-side JavaScript, reusable APIs, and prebuilt Markup.”
Daniel Olson @emaildano Go Serverless WordPress to Static
Daniel Olson @emaildano Go Serverless WordPress to Static Scale Verically
and Horizontally
None
Daniel Olson @emaildano WordPress Plugins
Daniel Olson @emaildano WordPress Plugins They are not a cure-all
Definitely still need them More != Better
Daniel Olson @emaildano WordPress Plugins Learn what they actually do
Can that apply to config as code?
Daniel Olson @emaildano Tinfoil File Permissions
Daniel Olson @emaildano Tinfoil File Permissions When in doubt, follow
the docs 777 Stackoverflow guy is not your friend
Daniel Olson @emaildano Hashing and MD5
Daniel Olson @emaildano – WordPress.org “MD5 is used by default
because it’s supported on all platforms”
Daniel Olson @emaildano Hashing and MD5 Try bcrypt, scrypt, SHA256
Daniel Olson @emaildano Thank you!
Daniel Olson @emaildano Daniel Olson COO, DigitalCube @emaildano
Daniel Olson @emaildano Alternative Hacks WordPress Security from the Outside
Looking In https://speakerdeck.com/emaildano