Wordpress: A Gentle Introduction


Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • When
  • When
  • Wordpress: A Gentle Introduction

    1. 1. WordPressA Rather Gentle Introduction<br />by John Feminella<br />w: http://distilledb.com<br />e: johnf.public@distilledb.com<br />t: superninjarobot<br />
    2. 2. Introduction<br />Slide 2<br />
    3. 3. What are these cards for?Questions and feedback<br />Slide 3<br />
    4. 4. Filling out cards<br />Slide 4<br />your evaluation and criticism is welcomed!<br />presentation:<br />Was the material presented in a way that you found engaging and could appreciate?<br />utility:<br />Did you get value out of the presentation?<br />technical depth:<br />Did you find that the technical aspects of the presentation were appropriate and useful?<br />any other comments:<br />I love feedback!<br />
    5. 5. Analog hyperlinks{{abcd}} == http://is.gd/abcd<br />Slide 5<br />
    6. 6. Tools of the talk<br />Slide 6<br />WordPress 2.8<br />the eponymous blogging/publishing app<br />{{14RRW}}<br />FTP client<br />transfer files to and from remote locations<br />{{15eCh}}<br />ssh client / PuTTY<br />connect to remote shells<br />{{15eEA}}<br />shell access helpful but not strictly necessary<br />
    7. 7. What’s this talk about?<br />Slide 7<br />start-to-finish installation of WordPress 2.8<br />an introduction to WordPress 2.8<br />basics of the Unix environment, permissions<br />open questions<br />security power tips, common errors<br />
    8. 8. WordPress 2.8<br />Slide 8<br />better IIS support for Windows hosts<br />better security<br />better administrative usability<br />widgets API<br />{{15h2u}}<br />minor cosmetic improvements with comments, posts<br />better automation<br />smarter interoperability between plugins, less conflicts<br />
    9. 9. Basic installation steps<br />Slide 9<br />DOWNLOAD<br />go to wordpress.org<br />DATABASES<br />configure with your host<br />UNZIP<br />go to wordpress.org<br />CONFIGURE WORDPRESS<br />edit wp-config.php<br />LOG IN<br />all done!<br />
    10. 10. Power demoInstalling WordPress 2.8 and supporting tools<br />Slide 10<br />
    11. 11. PermissionsThe Unix permissions model<br />Slide 11<br />
    12. 12. Security basics: file permissions<br />Slide 12<br />read<br />determine which actions can be taken on files or directories<br />permissions<br />write<br />execute<br />
    13. 13. Security basics: file permissions<br />Slide 13<br />read<br />missing permission denies request<br />write<br />permissions<br />execute<br />result<br />sum the value of active permissions to produce a summary result<br />
    14. 14. Security basics: file permissions<br />Slide 14<br />read<br />write<br />permissions<br />execute<br />result<br />
    15. 15. Security basics: user categories<br />Slide 15<br />owner<br />files belong to both a specific user called the owner and a group<br />categories<br />group<br />world is the set of all users that is not the owner or the group<br />world<br />
    16. 16. Putting permissions together<br />Slide 16<br />categories<br />index.html<br />owner<br />world<br />group<br />read<br />write<br />permissions<br />execute<br />result<br />
    17. 17. Files differ from directories<br />Slide 17<br />categories<br />wordpress/<br />owner<br />world<br />group<br />list<br />write<br />permissions<br />go to<br />result<br />
    18. 18. Common permissions<br />Slide 18<br />EXECUTABLE BINARIES<br />755<br />STATIC CONTENT<br />644<br />*.sh<br />*.bin<br />*.php<br />*.html<br />STANDARD DIRECTORY<br />755<br />*.css<br />*.jpg<br />*.txt<br />*.png<br />SECURED DIRECTORY<br />700<br />
    19. 19. Power demoExamining effects of permissions<br />Slide 19<br />
    20. 20. Security power tipsSimple ways to harden your site and avoid complications<br />Slide 20<br />
    21. 21. Security power tips<br />Slide 21<br />wrong / unreadable permissions<br />drw-r--r-- 7 bob bob 4096 Jun 10 20:32 wp-admin/<br />-rw-r--r-- 1 bob bob 2341 May 20 11:32 wp-load.php<br />-rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php<br />insecure permissions<br />drwxrwxrwx 7 bob bob 4096 Jun 10 20:32 wp-admin/<br />-rw-r--r-- 1 bob bob 2341 May 20 11:32 wp-load.php<br />-rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php<br />find . –type d –perm 0777 –print0 | xargs -0 chmod 755<br />
    22. 22. Security power tips<br />Slide 22<br />avoid meta-generator strings<br />...<br /> &lt;head&gt; &lt;!-- header.php --&gt;<br /> &lt;meta content=“WordPress &lt;?phpbloginfo(‘version’); ?&gt;” name=“generator”/&gt;<br /> &lt;/head&gt;<br />...<br />defend your wp-admin folder and site configuration<br />limit access by IP address using .htaccess<br />AskApache Password Protect<br />Login Lockdown plugin<br />{{15ff3}}<br />{{15fc2}}<br />{{15fg6}}<br />
    23. 23. Security power tips<br />Slide 23<br />if possible, use SFTP or SSH instead of FTP<br />transmitting over FTP is not at all secure<br />your host may not support SFTP, but all should allow shell access to savvy users<br />update early and often<br />Wordpress Automatic Upgrade Plugin<br />Instant Upgrade plugin<br />{{15foD}}<br />{{15foO}}<br />
    24. 24. Security power tips<br />Slide 24<br />perform regular and frequent backups<br />separate your WP database from other information and data<br />avoids DoS issues<br />trivial for determined attackers to overwhelm most entry-level databases<br />
    25. 25. Security power tips<br />Slide 25<br />prevent search robots from crawling<br />// In robots.txt:<br />Disallow: /path/to/wordpress/wp-*<br />{{15fDZ}}<br />prevent casual browsing of directories<br />// In .htaccess<br />Options All -Indexes<br />{{15fBq}}<br />
    26. 26. Questions?<br />Slide 26<br />
    27. 27. that’s all, folks!<br />Slide 27<br />