Speed & Uptime with Wordpress

  • 377 views
Uploaded on

My presentation from WordCamp Hamilton 2013.

My presentation from WordCamp Hamilton 2013.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
377
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. WORDPRESSby Todd Dow
  • 2. Who is Todd Dow? Senior Digital Specialist at Postmedia Digital CISA & PMP certified 15 years industry experience: Postmedia, AOLCanada, numerous small business websites.
  • 3. Etiquette Don’t be shy! Ask questions right away. If you disagree, say so. A discussion is more interesting than a lecture.
  • 4. Overview Why do we use WordPress? What if my WordPress site fails? Causes of failure Mitigation Strategies: Hosting Backups Monitoring Security
  • 5. Why do we use WordPress? Communication Education Productivity Entertainment To make money
  • 6. Customers Expect Fast Pages< 1 sec3%1 - 5 sec16%6 - 10 sec30%11 - 15 sec16%16 - 20 sec15%20+ sec20%Abandonment Rate based on page speedSource: Kissmetrics.com
  • 7. Time = Money-11%-7%-16%-18%-16%-14%-12%-10%-8%-6%-4%-2%0%Page Views Conversions Customer SatisfactionAverage Impact of One Second Delay inResponse TimeSource: gomez.com
  • 8. What if my WordPress site is slow ornon-responsive? Communication Education Productivity Entertainment To make money No communication No education Lost productivity No entertainment Loss of revenue
  • 9. Costs of speed & uptime issues “For a $100,000/dayecommerce site, aone-second delaymeans $2.5 millionin lost revenues in ayear” (Gomez.com) Loss of reputation Loss of revenue dueto customer refunds Additional damages(SLA penalties) Loss of futurebusinessLarge Enterprises Small/Medium Business
  • 10. Sources of speed & uptimeissuesPowerNetworksDNSServersOSSoftware3rd partiesTrafficUnoptimized contentHumanerrorHackers
  • 11. How do we minimize risk?Minimize our footprint:SiteContentApplicationPlatformInfrastructureOutsourceCustomizeFull ControlPlatforms:PHP, Python,ApacheOSServersDNSNetworksPowerWordpress, 3rdpartiesUser accountsContent
  • 12. How do we minimize risk?Hosting BackupsMonitoring SecurityOperational best practices, focusing on:
  • 13. Hosting needs: Keep it simple – minimize your footprint: Host with experts Avoid hosting your own hardware Get your vendor to manage OS & applicationpatching and maintenance Expect the following from your vendor: 99.999% uptime 24x7 support System health dashboard Off-peak-hours maintenance windowsHosting
  • 14. Hosting Options – free or lowcostWordPress.com: Free For $43 a year: custom domain Fonts Colours CSSHosting
  • 15. Low Cost Hosting Numerous hostingoptions Start at $5/month Full blogcustomizationRisks: Sharedinfrastructure ScalabilityHosting
  • 16. Dedicated Hosting $50 to $100/month Full blogcustomizationRisks: ScalabilityHosting
  • 17. Volume Based Hosting Focus is on traffic Don’t worry aboutservers, network, etc. Start at $100/month Full or partial blogcustomizationHosting
  • 18. Tier 1 Hosting Enterprise-levelhosting Start at$3,750/month Full blogcustomization High volume, highavailabilityHosting
  • 19. Other Hosting OptionsScalable hosting: Amazon WebServices Microsoft AzurePros: Scalable, full controlCons: ManagementoverheadHosting
  • 20. Other Hosting ConsiderationsStatic content hosting: Amazon S3Use a CDN: Amazon CloudFront Akamai Brightcove Cachefly LimelightHosting
  • 21. Backup needs:Why do backups? Protect against site corruption Protect against hosting failure Ensure business continuityHow often should you do backups? As frequently as you post new content.Backups
  • 22. Backup options: Roll your own scriptto copy files & DB VaultPress Service& Plug-in Backup BuddyPlug-In Numerous othersolutions.Backups
  • 23. Backup options – source code:Use a source coderepository to storeyour code (plug-ins, themes, etc.)Options: Github Assembla BitbucketBackups
  • 24. Types of monitoring Heartbeat = uptime monitoring Log = diary of all activities Performance = page speed, weight, etc. Security = vulnerability scanning Traffic = site visitsMonitoring
  • 25. Heartbeat MonitoringHeartbeat = uptimemonitoring Verelo.com Pingdom.com Etc.Monitoring
  • 26. Log MonitoringLog = diary of allactivities Splunk.com LogRhythm.com Etc.Monitoring
  • 27. Performance MonitoringPerformance = pagespeed, weight, etc. Browser Tools Google PageSpeed Webpagetest.org Gomez KeynoteMonitoring
  • 28. Security MonitoringSecurity = vulnerabilityscanning Nessus Qualys VaultPressMonitoring
  • 29. Traffic MonitoringTraffic = site visits WordPress stats Google AnalyticsMonitoring
  • 30. Security ConsiderationsWe can all be hacked.We are all vulnerable.Accept it.Security
  • 31. SecuritySecurity Considerations:Our goal: minimize our surface area:SiteContentApplicationPlatformInfrastructureOutsourceCustomizeFull ControlPlatforms:PHP, Python,ApacheOSServersDNSNetworksPowerWordpress, 3rdpartiesUser accountsContent
  • 32. Security ConsiderationsSome current trends: DDOS attacks are becoming more and morecommon Password theft and human engineering Top 5 OWASP Vulnerabilities in 2013: SQL injection Broken authentication and session mgmt Cross-site scripting Insecure direct object references Security misconfigurationSecurity
  • 33. What can we do?DDOS attacks: Work with your hosting provider Use a Content Delivery Network (CDN) Architect for scaleSecurity
  • 34. What can we do?Password theft and human engineering Create and maintain secure passwords: More than 8 chars, alpha-numeric & symbols, etc. Change your password regularly (every 90 days, atmost) Two factor authentication Education & Awareness: Don’t click on links or visit sites that you don’t trust. Don’t share your password with others Beware of phishing attacksSecurity
  • 35. What can we do?Secure coding to mitigate issues like these: SQL injection Broken authentication and session mgmt Cross-site scripting Insecure direct object references Security misconfigurationGoogle this term: “secure coding”Security
  • 36. WordPress VIP GuidelinesWordpress.com VIP checklists for security & bestpractices: http://vip.wordpress.com/documentation/security/ http://vip.wordpress.com/documentation/best-practices-introduction/Security
  • 37. WordPress VIP GuidelinesWordPress.com security guidelines in a nutshell: Use strong passwords Connect to your site using SFTP/SSH, SSL or some other securechannel Restrict admin access Disable plug-in/theme editing Move wp-config.php file Use salts on passwords Properly administer permissions on directories Change the DB prefix Avoid direct php script & DB queries Don’t leave comments in your code Don’t write to the file systemSecurity
  • 38. What can we do?Ongoing bestpractices: Scan forvulnerabilities: Nessus Qualys VaultPress Patch Password changes EducationSecurity
  • 39. I’ve been hacked! What now?http://codex.wordpress.org/FAQ_My_site_was_hackedIn a nutshell: Stay calm. Contact your hosting provider In cases of significant damage, contact a securityconsulting firm and/or police Scan your local machine for malware Change your passwords Identify and fix the issue(s) Restore from last good known backupSecurity
  • 40. ReviewHosting: Build astable, scalableinfrastructureBackups: Make surebackups happen and testthem often.Monitoring: Measure yourcritical performance data.Security: Monitor andrespond to threats.
  • 41. Thanks for listening! Questions?@toddhdowhttp://toddhdow.com/toddhdow@gmail.comWhen in doubt, look for “toddhdow” at <insertsocial media site here>