Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wordpress: A Gentle Introduction


Published on

Published in: Technology, Business
  • Be the first to comment

Wordpress: A Gentle Introduction

  1. 1. WordPressA Rather Gentle Introduction<br />by John Feminella<br />w:<br />e:<br />t: superninjarobot<br />
  2. 2. Introduction<br />Slide 2<br />
  3. 3. What are these cards for?Questions and feedback<br />Slide 3<br />
  4. 4. Filling out cards<br />Slide 4<br />your evaluation and criticism is welcomed!<br />presentation:<br />Was the material presented in a way that you found engaging and could appreciate?<br />utility:<br />Did you get value out of the presentation?<br />technical depth:<br />Did you find that the technical aspects of the presentation were appropriate and useful?<br />any other comments:<br />I love feedback!<br />
  5. 5. Analog hyperlinks{{abcd}} ==<br />Slide 5<br />
  6. 6. Tools of the talk<br />Slide 6<br />WordPress 2.8<br />the eponymous blogging/publishing app<br />{{14RRW}}<br />FTP client<br />transfer files to and from remote locations<br />{{15eCh}}<br />ssh client / PuTTY<br />connect to remote shells<br />{{15eEA}}<br />shell access helpful but not strictly necessary<br />
  7. 7. What’s this talk about?<br />Slide 7<br />start-to-finish installation of WordPress 2.8<br />an introduction to WordPress 2.8<br />basics of the Unix environment, permissions<br />open questions<br />security power tips, common errors<br />
  8. 8. WordPress 2.8<br />Slide 8<br />better IIS support for Windows hosts<br />better security<br />better administrative usability<br />widgets API<br />{{15h2u}}<br />minor cosmetic improvements with comments, posts<br />better automation<br />smarter interoperability between plugins, less conflicts<br />
  9. 9. Basic installation steps<br />Slide 9<br />DOWNLOAD<br />go to<br />DATABASES<br />configure with your host<br />UNZIP<br />go to<br />CONFIGURE WORDPRESS<br />edit wp-config.php<br />LOG IN<br />all done!<br />
  10. 10. Power demoInstalling WordPress 2.8 and supporting tools<br />Slide 10<br />
  11. 11. PermissionsThe Unix permissions model<br />Slide 11<br />
  12. 12. Security basics: file permissions<br />Slide 12<br />read<br />determine which actions can be taken on files or directories<br />permissions<br />write<br />execute<br />
  13. 13. Security basics: file permissions<br />Slide 13<br />read<br />missing permission denies request<br />write<br />permissions<br />execute<br />result<br />sum the value of active permissions to produce a summary result<br />
  14. 14. Security basics: file permissions<br />Slide 14<br />read<br />write<br />permissions<br />execute<br />result<br />
  15. 15. Security basics: user categories<br />Slide 15<br />owner<br />files belong to both a specific user called the owner and a group<br />categories<br />group<br />world is the set of all users that is not the owner or the group<br />world<br />
  16. 16. Putting permissions together<br />Slide 16<br />categories<br />index.html<br />owner<br />world<br />group<br />read<br />write<br />permissions<br />execute<br />result<br />
  17. 17. Files differ from directories<br />Slide 17<br />categories<br />wordpress/<br />owner<br />world<br />group<br />list<br />write<br />permissions<br />go to<br />result<br />
  18. 18. Common permissions<br />Slide 18<br />EXECUTABLE BINARIES<br />755<br />STATIC CONTENT<br />644<br />*.sh<br />*.bin<br />*.php<br />*.html<br />STANDARD DIRECTORY<br />755<br />*.css<br />*.jpg<br />*.txt<br />*.png<br />SECURED DIRECTORY<br />700<br />
  19. 19. Power demoExamining effects of permissions<br />Slide 19<br />
  20. 20. Security power tipsSimple ways to harden your site and avoid complications<br />Slide 20<br />
  21. 21. Security power tips<br />Slide 21<br />wrong / unreadable permissions<br />drw-r--r-- 7 bob bob 4096 Jun 10 20:32 wp-admin/<br />-rw-r--r-- 1 bob bob 2341 May 20 11:32 wp-load.php<br />-rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php<br />insecure permissions<br />drwxrwxrwx 7 bob bob 4096 Jun 10 20:32 wp-admin/<br />-rw-r--r-- 1 bob bob 2341 May 20 11:32 wp-load.php<br />-rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php<br />find . –type d –perm 0777 –print0 | xargs -0 chmod 755<br />
  22. 22. Security power tips<br />Slide 22<br />avoid meta-generator strings<br />...<br /> &lt;head&gt; &lt;!-- header.php --&gt;<br /> &lt;meta content=“WordPress &lt;?phpbloginfo(‘version’); ?&gt;” name=“generator”/&gt;<br /> &lt;/head&gt;<br />...<br />defend your wp-admin folder and site configuration<br />limit access by IP address using .htaccess<br />AskApache Password Protect<br />Login Lockdown plugin<br />{{15ff3}}<br />{{15fc2}}<br />{{15fg6}}<br />
  23. 23. Security power tips<br />Slide 23<br />if possible, use SFTP or SSH instead of FTP<br />transmitting over FTP is not at all secure<br />your host may not support SFTP, but all should allow shell access to savvy users<br />update early and often<br />Wordpress Automatic Upgrade Plugin<br />Instant Upgrade plugin<br />{{15foD}}<br />{{15foO}}<br />
  24. 24. Security power tips<br />Slide 24<br />perform regular and frequent backups<br />separate your WP database from other information and data<br />avoids DoS issues<br />trivial for determined attackers to overwhelm most entry-level databases<br />
  25. 25. Security power tips<br />Slide 25<br />prevent search robots from crawling<br />// In robots.txt:<br />Disallow: /path/to/wordpress/wp-*<br />{{15fDZ}}<br />prevent casual browsing of directories<br />// In .htaccess<br />Options All -Indexes<br />{{15fBq}}<br />
  26. 26. Questions?<br />Slide 26<br />
  27. 27. that’s all, folks!<br />Slide 27<br />