Your SlideShare is downloading. ×
Speed & Uptime with Wordpress
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Speed & Uptime with Wordpress


Published on

My presentation from WordCamp Hamilton 2013.

My presentation from WordCamp Hamilton 2013.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. WORDPRESSby Todd Dow
  • 2. Who is Todd Dow? Senior Digital Specialist at Postmedia Digital CISA & PMP certified 15 years industry experience: Postmedia, AOLCanada, numerous small business websites.
  • 3. Etiquette Don’t be shy! Ask questions right away. If you disagree, say so. A discussion is more interesting than a lecture.
  • 4. Overview Why do we use WordPress? What if my WordPress site fails? Causes of failure Mitigation Strategies: Hosting Backups Monitoring Security
  • 5. Why do we use WordPress? Communication Education Productivity Entertainment To make money
  • 6. Customers Expect Fast Pages< 1 sec3%1 - 5 sec16%6 - 10 sec30%11 - 15 sec16%16 - 20 sec15%20+ sec20%Abandonment Rate based on page speedSource:
  • 7. Time = Money-11%-7%-16%-18%-16%-14%-12%-10%-8%-6%-4%-2%0%Page Views Conversions Customer SatisfactionAverage Impact of One Second Delay inResponse TimeSource:
  • 8. What if my WordPress site is slow ornon-responsive? Communication Education Productivity Entertainment To make money No communication No education Lost productivity No entertainment Loss of revenue
  • 9. Costs of speed & uptime issues “For a $100,000/dayecommerce site, aone-second delaymeans $2.5 millionin lost revenues in ayear” ( Loss of reputation Loss of revenue dueto customer refunds Additional damages(SLA penalties) Loss of futurebusinessLarge Enterprises Small/Medium Business
  • 10. Sources of speed & uptimeissuesPowerNetworksDNSServersOSSoftware3rd partiesTrafficUnoptimized contentHumanerrorHackers
  • 11. How do we minimize risk?Minimize our footprint:SiteContentApplicationPlatformInfrastructureOutsourceCustomizeFull ControlPlatforms:PHP, Python,ApacheOSServersDNSNetworksPowerWordpress, 3rdpartiesUser accountsContent
  • 12. How do we minimize risk?Hosting BackupsMonitoring SecurityOperational best practices, focusing on:
  • 13. Hosting needs: Keep it simple – minimize your footprint: Host with experts Avoid hosting your own hardware Get your vendor to manage OS & applicationpatching and maintenance Expect the following from your vendor: 99.999% uptime 24x7 support System health dashboard Off-peak-hours maintenance windowsHosting
  • 14. Hosting Options – free or Free For $43 a year: custom domain Fonts Colours CSSHosting
  • 15. Low Cost Hosting Numerous hostingoptions Start at $5/month Full blogcustomizationRisks: Sharedinfrastructure ScalabilityHosting
  • 16. Dedicated Hosting $50 to $100/month Full blogcustomizationRisks: ScalabilityHosting
  • 17. Volume Based Hosting Focus is on traffic Don’t worry aboutservers, network, etc. Start at $100/month Full or partial blogcustomizationHosting
  • 18. Tier 1 Hosting Enterprise-levelhosting Start at$3,750/month Full blogcustomization High volume, highavailabilityHosting
  • 19. Other Hosting OptionsScalable hosting: Amazon WebServices Microsoft AzurePros: Scalable, full controlCons: ManagementoverheadHosting
  • 20. Other Hosting ConsiderationsStatic content hosting: Amazon S3Use a CDN: Amazon CloudFront Akamai Brightcove Cachefly LimelightHosting
  • 21. Backup needs:Why do backups? Protect against site corruption Protect against hosting failure Ensure business continuityHow often should you do backups? As frequently as you post new content.Backups
  • 22. Backup options: Roll your own scriptto copy files & DB VaultPress Service& Plug-in Backup BuddyPlug-In Numerous othersolutions.Backups
  • 23. Backup options – source code:Use a source coderepository to storeyour code (plug-ins, themes, etc.)Options: Github Assembla BitbucketBackups
  • 24. Types of monitoring Heartbeat = uptime monitoring Log = diary of all activities Performance = page speed, weight, etc. Security = vulnerability scanning Traffic = site visitsMonitoring
  • 25. Heartbeat MonitoringHeartbeat = uptimemonitoring Etc.Monitoring
  • 26. Log MonitoringLog = diary of allactivities Etc.Monitoring
  • 27. Performance MonitoringPerformance = pagespeed, weight, etc. Browser Tools Google PageSpeed Gomez KeynoteMonitoring
  • 28. Security MonitoringSecurity = vulnerabilityscanning Nessus Qualys VaultPressMonitoring
  • 29. Traffic MonitoringTraffic = site visits WordPress stats Google AnalyticsMonitoring
  • 30. Security ConsiderationsWe can all be hacked.We are all vulnerable.Accept it.Security
  • 31. SecuritySecurity Considerations:Our goal: minimize our surface area:SiteContentApplicationPlatformInfrastructureOutsourceCustomizeFull ControlPlatforms:PHP, Python,ApacheOSServersDNSNetworksPowerWordpress, 3rdpartiesUser accountsContent
  • 32. Security ConsiderationsSome current trends: DDOS attacks are becoming more and morecommon Password theft and human engineering Top 5 OWASP Vulnerabilities in 2013: SQL injection Broken authentication and session mgmt Cross-site scripting Insecure direct object references Security misconfigurationSecurity
  • 33. What can we do?DDOS attacks: Work with your hosting provider Use a Content Delivery Network (CDN) Architect for scaleSecurity
  • 34. What can we do?Password theft and human engineering Create and maintain secure passwords: More than 8 chars, alpha-numeric & symbols, etc. Change your password regularly (every 90 days, atmost) Two factor authentication Education & Awareness: Don’t click on links or visit sites that you don’t trust. Don’t share your password with others Beware of phishing attacksSecurity
  • 35. What can we do?Secure coding to mitigate issues like these: SQL injection Broken authentication and session mgmt Cross-site scripting Insecure direct object references Security misconfigurationGoogle this term: “secure coding”Security
  • 36. WordPress VIP VIP checklists for security & bestpractices:
  • 37. WordPress VIP security guidelines in a nutshell: Use strong passwords Connect to your site using SFTP/SSH, SSL or some other securechannel Restrict admin access Disable plug-in/theme editing Move wp-config.php file Use salts on passwords Properly administer permissions on directories Change the DB prefix Avoid direct php script & DB queries Don’t leave comments in your code Don’t write to the file systemSecurity
  • 38. What can we do?Ongoing bestpractices: Scan forvulnerabilities: Nessus Qualys VaultPress Patch Password changes EducationSecurity
  • 39. I’ve been hacked! What now? a nutshell: Stay calm. Contact your hosting provider In cases of significant damage, contact a securityconsulting firm and/or police Scan your local machine for malware Change your passwords Identify and fix the issue(s) Restore from last good known backupSecurity
  • 40. ReviewHosting: Build astable, scalableinfrastructureBackups: Make surebackups happen and testthem often.Monitoring: Measure yourcritical performance data.Security: Monitor andrespond to threats.
  • 41. Thanks for listening! Questions?@toddhdow in doubt, look for “toddhdow” at <insertsocial media site here>