Your SlideShare is downloading. ×
Speed & Uptime with Wordpress
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Speed & Uptime with Wordpress

407

Published on

My presentation from WordCamp Hamilton 2013.

My presentation from WordCamp Hamilton 2013.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
407
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WORDPRESSby Todd Dow
  • 2. Who is Todd Dow? Senior Digital Specialist at Postmedia Digital CISA & PMP certified 15 years industry experience: Postmedia, AOLCanada, numerous small business websites.
  • 3. Etiquette Don’t be shy! Ask questions right away. If you disagree, say so. A discussion is more interesting than a lecture.
  • 4. Overview Why do we use WordPress? What if my WordPress site fails? Causes of failure Mitigation Strategies: Hosting Backups Monitoring Security
  • 5. Why do we use WordPress? Communication Education Productivity Entertainment To make money
  • 6. Customers Expect Fast Pages< 1 sec3%1 - 5 sec16%6 - 10 sec30%11 - 15 sec16%16 - 20 sec15%20+ sec20%Abandonment Rate based on page speedSource: Kissmetrics.com
  • 7. Time = Money-11%-7%-16%-18%-16%-14%-12%-10%-8%-6%-4%-2%0%Page Views Conversions Customer SatisfactionAverage Impact of One Second Delay inResponse TimeSource: gomez.com
  • 8. What if my WordPress site is slow ornon-responsive? Communication Education Productivity Entertainment To make money No communication No education Lost productivity No entertainment Loss of revenue
  • 9. Costs of speed & uptime issues “For a $100,000/dayecommerce site, aone-second delaymeans $2.5 millionin lost revenues in ayear” (Gomez.com) Loss of reputation Loss of revenue dueto customer refunds Additional damages(SLA penalties) Loss of futurebusinessLarge Enterprises Small/Medium Business
  • 10. Sources of speed & uptimeissuesPowerNetworksDNSServersOSSoftware3rd partiesTrafficUnoptimized contentHumanerrorHackers
  • 11. How do we minimize risk?Minimize our footprint:SiteContentApplicationPlatformInfrastructureOutsourceCustomizeFull ControlPlatforms:PHP, Python,ApacheOSServersDNSNetworksPowerWordpress, 3rdpartiesUser accountsContent
  • 12. How do we minimize risk?Hosting BackupsMonitoring SecurityOperational best practices, focusing on:
  • 13. Hosting needs: Keep it simple – minimize your footprint: Host with experts Avoid hosting your own hardware Get your vendor to manage OS & applicationpatching and maintenance Expect the following from your vendor: 99.999% uptime 24x7 support System health dashboard Off-peak-hours maintenance windowsHosting
  • 14. Hosting Options – free or lowcostWordPress.com: Free For $43 a year: custom domain Fonts Colours CSSHosting
  • 15. Low Cost Hosting Numerous hostingoptions Start at $5/month Full blogcustomizationRisks: Sharedinfrastructure ScalabilityHosting
  • 16. Dedicated Hosting $50 to $100/month Full blogcustomizationRisks: ScalabilityHosting
  • 17. Volume Based Hosting Focus is on traffic Don’t worry aboutservers, network, etc. Start at $100/month Full or partial blogcustomizationHosting
  • 18. Tier 1 Hosting Enterprise-levelhosting Start at$3,750/month Full blogcustomization High volume, highavailabilityHosting
  • 19. Other Hosting OptionsScalable hosting: Amazon WebServices Microsoft AzurePros: Scalable, full controlCons: ManagementoverheadHosting
  • 20. Other Hosting ConsiderationsStatic content hosting: Amazon S3Use a CDN: Amazon CloudFront Akamai Brightcove Cachefly LimelightHosting
  • 21. Backup needs:Why do backups? Protect against site corruption Protect against hosting failure Ensure business continuityHow often should you do backups? As frequently as you post new content.Backups
  • 22. Backup options: Roll your own scriptto copy files & DB VaultPress Service& Plug-in Backup BuddyPlug-In Numerous othersolutions.Backups
  • 23. Backup options – source code:Use a source coderepository to storeyour code (plug-ins, themes, etc.)Options: Github Assembla BitbucketBackups
  • 24. Types of monitoring Heartbeat = uptime monitoring Log = diary of all activities Performance = page speed, weight, etc. Security = vulnerability scanning Traffic = site visitsMonitoring
  • 25. Heartbeat MonitoringHeartbeat = uptimemonitoring Verelo.com Pingdom.com Etc.Monitoring
  • 26. Log MonitoringLog = diary of allactivities Splunk.com LogRhythm.com Etc.Monitoring
  • 27. Performance MonitoringPerformance = pagespeed, weight, etc. Browser Tools Google PageSpeed Webpagetest.org Gomez KeynoteMonitoring
  • 28. Security MonitoringSecurity = vulnerabilityscanning Nessus Qualys VaultPressMonitoring
  • 29. Traffic MonitoringTraffic = site visits WordPress stats Google AnalyticsMonitoring
  • 30. Security ConsiderationsWe can all be hacked.We are all vulnerable.Accept it.Security
  • 31. SecuritySecurity Considerations:Our goal: minimize our surface area:SiteContentApplicationPlatformInfrastructureOutsourceCustomizeFull ControlPlatforms:PHP, Python,ApacheOSServersDNSNetworksPowerWordpress, 3rdpartiesUser accountsContent
  • 32. Security ConsiderationsSome current trends: DDOS attacks are becoming more and morecommon Password theft and human engineering Top 5 OWASP Vulnerabilities in 2013: SQL injection Broken authentication and session mgmt Cross-site scripting Insecure direct object references Security misconfigurationSecurity
  • 33. What can we do?DDOS attacks: Work with your hosting provider Use a Content Delivery Network (CDN) Architect for scaleSecurity
  • 34. What can we do?Password theft and human engineering Create and maintain secure passwords: More than 8 chars, alpha-numeric & symbols, etc. Change your password regularly (every 90 days, atmost) Two factor authentication Education & Awareness: Don’t click on links or visit sites that you don’t trust. Don’t share your password with others Beware of phishing attacksSecurity
  • 35. What can we do?Secure coding to mitigate issues like these: SQL injection Broken authentication and session mgmt Cross-site scripting Insecure direct object references Security misconfigurationGoogle this term: “secure coding”Security
  • 36. WordPress VIP GuidelinesWordpress.com VIP checklists for security & bestpractices: http://vip.wordpress.com/documentation/security/ http://vip.wordpress.com/documentation/best-practices-introduction/Security
  • 37. WordPress VIP GuidelinesWordPress.com security guidelines in a nutshell: Use strong passwords Connect to your site using SFTP/SSH, SSL or some other securechannel Restrict admin access Disable plug-in/theme editing Move wp-config.php file Use salts on passwords Properly administer permissions on directories Change the DB prefix Avoid direct php script & DB queries Don’t leave comments in your code Don’t write to the file systemSecurity
  • 38. What can we do?Ongoing bestpractices: Scan forvulnerabilities: Nessus Qualys VaultPress Patch Password changes EducationSecurity
  • 39. I’ve been hacked! What now?http://codex.wordpress.org/FAQ_My_site_was_hackedIn a nutshell: Stay calm. Contact your hosting provider In cases of significant damage, contact a securityconsulting firm and/or police Scan your local machine for malware Change your passwords Identify and fix the issue(s) Restore from last good known backupSecurity
  • 40. ReviewHosting: Build astable, scalableinfrastructureBackups: Make surebackups happen and testthem often.Monitoring: Measure yourcritical performance data.Security: Monitor andrespond to threats.
  • 41. Thanks for listening! Questions?@toddhdowhttp://toddhdow.com/toddhdow@gmail.comWhen in doubt, look for “toddhdow” at <insertsocial media site here>

×