NOTE: Video of presentation is available after slide 43.
Managed WordPress is a vibrant category of web hosting that specializes in doing 1 thing only: ensuring your WordPress websites are reliable, secure and well-maintained.
In this presentation, Alex Sirota (@alexsirota), Director of NewPath Consulting (@newpathtech) will describe the different types of hosting available for WordPress with a focus on the ever evolving managed WordPress hosting space.
This will be a non-vendor biased presentation but will help web developers, designers and their customers understand the value proposition that a Managed WordPress hosting company can offer.
Objectives:
Describe the difference between shared hosting & Managed WordPress.
Demonstrate some of the very cool features in several Managed WordPress systems including GoDaddy’s Managed WordPress Solution (part of GoDaddy Pro), DreamPress from DreamHost, FlyWheel, Pantheon and WP engine.
Present a new survey of more than 20 Managed WordPress hosts across the world.
What you need to know to upgrade to a self-hosted WP website. An overview of WordPress website hosting options and their impact on your WordPress website. A visual map of the site setup path through Dashboard menus and settings.
Introduction to Optimizing WordPress for Website SpeedNile Flores
Google loves a speedy website, and well… your visitors like a speedy website too. This is not the dial-up days. Your content, plugins you run, and your host can be factors in slowing down your website.
I’m going to show you how to speed up your WordPress website using WordPress plugins, some services, and a little code. I’m also going to share what tools I like used in order to optimize website speed so that you can also use them too.
(Updated version)
WordPress is the world’s favorite way to build your website; it currently powers 40% of the Internet. So who's doing WordPress well? During this session, Troy McHenry, Sr. Manager, Technical Support and Madison Haugland, Manager, Technical Support at WP Engine, will help you take your WordPress sites to the next level with our top insights drawn from the millions of sites powered by WP Engine. Join us!
NOTE: Video of presentation is available after slide 43.
Managed WordPress is a vibrant category of web hosting that specializes in doing 1 thing only: ensuring your WordPress websites are reliable, secure and well-maintained.
In this presentation, Alex Sirota (@alexsirota), Director of NewPath Consulting (@newpathtech) will describe the different types of hosting available for WordPress with a focus on the ever evolving managed WordPress hosting space.
This will be a non-vendor biased presentation but will help web developers, designers and their customers understand the value proposition that a Managed WordPress hosting company can offer.
Objectives:
Describe the difference between shared hosting & Managed WordPress.
Demonstrate some of the very cool features in several Managed WordPress systems including GoDaddy’s Managed WordPress Solution (part of GoDaddy Pro), DreamPress from DreamHost, FlyWheel, Pantheon and WP engine.
Present a new survey of more than 20 Managed WordPress hosts across the world.
What you need to know to upgrade to a self-hosted WP website. An overview of WordPress website hosting options and their impact on your WordPress website. A visual map of the site setup path through Dashboard menus and settings.
Introduction to Optimizing WordPress for Website SpeedNile Flores
Google loves a speedy website, and well… your visitors like a speedy website too. This is not the dial-up days. Your content, plugins you run, and your host can be factors in slowing down your website.
I’m going to show you how to speed up your WordPress website using WordPress plugins, some services, and a little code. I’m also going to share what tools I like used in order to optimize website speed so that you can also use them too.
(Updated version)
WordPress is the world’s favorite way to build your website; it currently powers 40% of the Internet. So who's doing WordPress well? During this session, Troy McHenry, Sr. Manager, Technical Support and Madison Haugland, Manager, Technical Support at WP Engine, will help you take your WordPress sites to the next level with our top insights drawn from the millions of sites powered by WP Engine. Join us!
Your website load speed matters a great deal to ensure good search engine ranking and a great user experience. It is a known fact that Google’s search algorithm includes your page load times as one of the many parameters while calculating page rank.
WordPress Affiliate Toolkit - Affiliate Summit East 2014David Vogelpohl
Learn how to optimize your WordPress site for affiliate marketing. We cover everything from hosting to the plugins you *have* to install on your site right now!
The control panel is a vital part of any web hosting account. Without some sort of control panel, you would not be able to do very much. The control panel is where you perform actions on your website, such as creating email accounts, creating databases, setting up security, and many other things
How to Boost the performance of your Wordpress powered websitesPratik Jagdishwala
Pratik has 12 years of experience in the Hosting industry and knows what are the kind of limitations hosting providers implement on their servers. He has insight on what works on these servers and what does not. He is looking to share this experience with the all of us and share the tricks that work with most of the hosting providers. These tweaks should help you to get maximum performance from your current package without spending anything on resources or additional upgrades or services.
What To Do Post-Launch: How To Care For Your Brand New WordPress SiteMichele Butcher-Jones
What happens the morning after your website goes live? We will talk about everything you need to know to grow your website. Topics include backups, SEO, security, content creation, blogging, tips to get people to your site, and more.
iBELONGmember and iACCOMPLISHpartner 2014TonyaDavidson
Create engaging membership programs right on your Wordpress website by utilizing the power of Infusionsoft's automated marketing system. Grant permissions with Infusionsoft's contact records and the recorded tags, creating very adaptable and versatile programs. Don't let technology prevent you from creating a powerful membership website that has your branding and that creates a brand experience that you want.
Doing design right means figuring out what your client needs and involving them in the process. There are strategic planning tools that we can leverage and mashup with traditional user experience design methodologies to make the design process more participatory. More participatory design will confer benefits on the project for both the client and the finished product.
Your website load speed matters a great deal to ensure good search engine ranking and a great user experience. It is a known fact that Google’s search algorithm includes your page load times as one of the many parameters while calculating page rank.
WordPress Affiliate Toolkit - Affiliate Summit East 2014David Vogelpohl
Learn how to optimize your WordPress site for affiliate marketing. We cover everything from hosting to the plugins you *have* to install on your site right now!
The control panel is a vital part of any web hosting account. Without some sort of control panel, you would not be able to do very much. The control panel is where you perform actions on your website, such as creating email accounts, creating databases, setting up security, and many other things
How to Boost the performance of your Wordpress powered websitesPratik Jagdishwala
Pratik has 12 years of experience in the Hosting industry and knows what are the kind of limitations hosting providers implement on their servers. He has insight on what works on these servers and what does not. He is looking to share this experience with the all of us and share the tricks that work with most of the hosting providers. These tweaks should help you to get maximum performance from your current package without spending anything on resources or additional upgrades or services.
What To Do Post-Launch: How To Care For Your Brand New WordPress SiteMichele Butcher-Jones
What happens the morning after your website goes live? We will talk about everything you need to know to grow your website. Topics include backups, SEO, security, content creation, blogging, tips to get people to your site, and more.
iBELONGmember and iACCOMPLISHpartner 2014TonyaDavidson
Create engaging membership programs right on your Wordpress website by utilizing the power of Infusionsoft's automated marketing system. Grant permissions with Infusionsoft's contact records and the recorded tags, creating very adaptable and versatile programs. Don't let technology prevent you from creating a powerful membership website that has your branding and that creates a brand experience that you want.
Doing design right means figuring out what your client needs and involving them in the process. There are strategic planning tools that we can leverage and mashup with traditional user experience design methodologies to make the design process more participatory. More participatory design will confer benefits on the project for both the client and the finished product.
Have you ever cried yourself to sleep unable to find the cause of a horrendous bug in your WordPress site? Cry no more, your tears will be reshaped as blinding swords as we explore uncharted territories laced with mystical creatures.
Debugging is an often avoided topic due to the uncertainty of how best to accomplish it and the lack of powerful introspective tools. This talk will explore new territory and showcase tools that help you debug complex and difficult issues in your WordPress site.
Want a better-looking site, stronger writing skills and better visibility? You have a powerful resource at your fingertips: the WordPress community. Whether you're a novice or seasoned professional, learn ways to tap into the community to make your site stand out. Community feedback gives your site more visibility and lets you know what people are looking for -- from stunning images to catchy content. Discover tips, tricks and resources that will make your site stronger and get your voice heard.
Building and Maintaining A Remote Workforce - A Startup StorySucuri
A remote workplace offers a multitude of benefits and challenges. In this presentation, we'll touch on some foundational elements that contribute to a strong team, streamlined processes, and organic growth opportunities for distributed organizations.
Unit testing is an important part of verifying that code works as expected. However, how many tests do you need to write before you can be confident that you’ve done a good job? Where should you be spending your time writing tests, and how do you know when you’re done?
In this talk, we discuss a systematic approach to unit testing WordPress plugins using phpunit. We show how to set up a simple test suite, to examine the code coverage options, and to identify the most risky areas of our code that are in need of tests.
How I Made a Career Using WordPress Without Knowing a Line of CodeAndrea Zoellner
*** These slides accompany a talk given at WordCamp Toronto on October 4, 2015. ***
Think only coders can make a living using WordPress? Think again! There are a surprising number of ways to make a career using WordPress without knowing a single line of code. This presentation will tackle some of the barriers that discourage beginners from using WordPress professionally, like a lack of technical skill and feeling like an impostor.
Shed the fear and discover different career options and simple WordPress tips while learning to leverage your unique skill set for the tech industry.
Using Actions and Filters in WordPress to Make a Plugin Your OwnBrian Hogg
Good plugins provide actions and filters to allow others (like you!) to modify some of their functionality without having to either create a whole new plugin from scratch or hack away at the original plugin, losing your changes when that plugin gets updated down the road. Learn how to find these actions and filters in other plugins, and use them to bend the plugin to your will.
Speeding up your WordPress Site - WordCamp Toronto 2015Alan Lok
This is a revised talk from the May 2015 presentation I gave to WordCamp Hamilton. At the end of this presentation you should have some ideas on how to speed up your WordPress site from within (plugins, code / theme optimizations) to environmental changes.
Best Friend || Worst Enemy: WordPress MultisiteTaylor McCaslin
“We’ve all built a ton of WordPress sites. We’ve also managed them all too. You’ve probably heard about WordPress Multisite Networks, and all the awesome things it can (and can’t) allow you to do.
With great power, comes great responsibility. During this talk, Taylor will step through the do’s and don’ts of Multisite Networks. He will share how WordPress Multisite can be your best friend or worst enemy… but usually both… at the same time.”
Learning Outcomes:
Expect pro-tips, eureka moments, and hard lessons learned from his experience setting up and running multisite networks for small private company intranets, all the way to global enterprise brands.
By the end of this talk you will know the pros and cons of WordPress Multisite Networks, best practices for setting up and running a multisite, and know about alternatives if multisite isn’t a fit for your next project.
Presented by Taylor McCaslin at WordCamp Toronto on October 3, 2015.
What makes digital products go from 'good', to 'great', and then 'really, really great'? Check out the Kano Model, a framework that identifies the three things to watch for every time we build something for our users. How do we turn our digital products into unique offerings in the marketplace? The Kano Model has an answer for that!
Presented at WordCamp Toronto (October 3-4, 2015).
Securing and Safeguarding Your Library SetupBrian Pichman
We will explore various tools, techniques, & procedures to ensure our environment's safety & security. Leave with a list of ideas you can use today within your library.
Email often seems more of a trick than a treat. Mysterious bounces, pixels that suddenly appear and change your formatting, graphics that don't render right are just a few issues that can make your hair stand on end. Join email expert, HighRoad Jenny, as she faces the top email fears head on and teaches you that there's nothing scary about email marketing.
hello ,i am himanshu saini (biotech + MBA mkting),i have share my thought through the ppt (How to start e-Commerce Business ). and You are see me in Youtube also.
CyberSecurity - Computers In Libraries 2024Brian Pichman
Protecting privacy and security while leveraging technology to accomplish positive change is becoming a serious challenge for individuals, communities, and businesses. This workshop, led by expert leaders and practitioners, covers personal and organizational privacy as well as top security issues for libraries and their communities, especially the implications of AI. If you don’t have a security plan in place, are unsure of where to even start to make sure your library is secure, or have an existing plan in place but want to cross your T’s and dot your I’s, come to this interactive workshop.
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
What is valuable about a single identity, why is that something people want and how achievable is it? As people work across multiple systems they encounter an equal number of barriers where they must authenticate or otherwise prove their identity in order to gain access. Ideally we always want to be showing the same information about ourselves regardless of where someone searches or how we are found. In this session we’ll discuss the issues behind both creating a single identity and simplifying authentication. We’ll also review the risks you need to be aware of, the technologies available to you and the importance of good and current personal information.
This is an updated presentation that includes some speaker notes for clarity
Evil User Stories - Improve Your Application SecurityAnne Oikarinen
Evil user stories are a way of addressing security threats in the planning and implementation phase. The idea of evil user stories is simple: First, identify important data and assets in the application you are protecting. Then, identify threat scenarios by completing the sentence “An attacker should not be able to…”.
You can use evil user stories in development by putting them in the backlog and adding mitigations as acceptance criteria. This helps in implementing security together with functionality. In addition, they are a good starting point for test planning and getting testers involved in design.
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
Step right into a realm where cyber security meets the enchanting world of Harry Potter! Join Brian Pichman, our fearless Defense Against the Dark Arts wizard, as he unveils the secrets to safeguarding our digital realms. Prepare to be captivated as Brian illuminates the spellbinding techniques of encryption, firewalls, and intrusion detection, equipping us to fortify our cherished data against the sinister forces of the digital realm.
But beware! Just like in the magical world, treacherous adversaries prowl the shadows. Brian will expose the dark arts of phishing, ransomware, and social engineering, empowering us to defend our digital castles. Engrossed in tales of peril and armed with ancient cyber security spells, this captivating presentation promises to leave you spellbound and ready to protect yourself in this ever-evolving landscape. So grab your wands and brace yourselves as Brian Pichman conjures a shield of protection, ensuring the safety of our digital realms against the forces of darkness. Together, we shall prevail in this journey of cyber security and magic.
Insider's Guide to Marketing & Selling with WordPress [#WCPHX]Joe Manna
From WordCamp Phoenix 2014, I shared a series of helpful tips for business-minded WordPress users so they can improve their marketing and sales performance with their WordPress sites.
Need a great website for your business or organization, but don't have a huge budget? Feel like you're getting the runaround when you talk to web developers about your project? Here's an overview of what you need to build your own company website without spending a fortune or losing your mind.
4 Major Reasons for Big Organizations to Have Wildcard SSL CertificatesCheapSSLsecurity
SSL Certificate became mandatory today for an E-commerce organizations to gain revenue & user trust. Learn why Wildcard SSL Certificates are important?
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
With all the things that go "bump" in the night, nothing worries administrators and even end users more than a security incident. This webinar will focus on building an understanding of IT Security and the tools that can help mitigate risk. Moreover, attendees will leave with a clear understanding of general informational security terms and processes that they can implement in their library same day to help safeguard and better protect their infrastructure and data. Brian Pichman of the Evolve Project will lead us through putting together components for a Security and Risk Plan and how to properly respond to threats and attacks.
Account Entrapment: Forcing a Victim into an Attacker's Account. This talk answers the questions: why would anyone do this, wouldn't the victim notice, how does it work, and how do we protect against it.
Account Entrapment - Forcing a Victim into an Attacker’s AccountDenim Group
Account Entrapment: Forcing a Victim into an Attacker's Account. This talk answers the questions: why would anyone do this, wouldn't the victim notice, how does it work, and how do we protect against it. Presented by Ben Broussard, CISSP of Denim Group
This presentation was done during the WordPress Meetup in Arnhem, the Netherlands on April 20th. It contains information on how to prepare WordPress websites for the GDPR / AVG laws.
(Dutch) Meer informatie op https://www.websitenazorg.nl/avg-technische-en-organisatorische-maatregelen/
Similar to Gaining (and Not Betraying) User Trust in WordPress eCommerce (20)
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
6. My Background
• I love WordPress
• I’ve been working with it since 2008
• I worked for a non-profit for 7 years before coming to
WooThemes, and then Automattic
• I work in Payment Gateways Support for
WooCommerce at Automattic
7. The #1 tip for people accepting payment online:
Respect your users’ data, and treat it as your own.
8. – Andrew Wikel
“It’s all about trust. Getting your users to trust you, and
not betraying that trust by securing their info.”
9. User Trust
• This is huge. If you don’t have
the users’ trust, they won’t give
you money.
• There are many factors, and
not all of them are technical
10. Cart Abandonment
• Approx. 42% of customer on average never get past
the 1st part of checkout
• There is a huge barrier in getting customers to
checkout
11. Optimize Checkout
Process
• Tear down the “sign-in” barrier - don’t disconnect your
customer from giving you money. Customers can resent
being forced to create an account.
• Provide a progress indicator - just let people know how long
the process is, and where they are in it.
• Match the checkout with your site’s look and feel
• Never send your customer outside the checkout process
once they are there.
• Visually reinforce all sensitive fields on the payment page
12. Smashing Magazine
Study
• There is a clear divergence between the
customer’s mental model of form-field security
and the actual security.
• Many test subjects didn’t think about security
until they had to enter their credit card details.
• As one test subject who had just abandoned
their purchase said, “It didn’t look safe
enough.” Her reaction wasn’t based on the
technical security of the website, but rather on
the perceived security of the fields.
• Source:
http://www.smashingmagazine.com/2011/04/0
6/fundamental-guidelines-of-e-commerce-
checkout-design/
13. Payment Options
• I recommend three
payment gateways:
A. Stripe
B. PayPal
C. Amazon
14. There are a Lot of Implications
• Your payment gateway is the place that your
customers are trusting to be safe with their info
• Not only do you have to be completely trusting that
they won’t betray *your* trust, but your user does.
• Different gateways have varying security methods
some better than others.
15. On-Site Processing
• One of the methods that I mentioned earlier was
Stripe.
• Stripe is what we call an On-Site gateway. That just
means that it stays on your site, rather than sending
your customers to another site to checkout.
• Amazon is also an on-site processor, but a bit
different than Stripe.
16. Off-Site Processing
• The other method that I recommended in the
beginning was PayPal - an Off-Site Processor
• That just means that your customers are sent to
another site to complete payment, and then that site
sends your store a notification that payment was
complete.
17. PCI Compliance
• Payment Card Industry Data Security Standard (PCI
DSS) is a set of rules that ALL companies that
process, store, or transmit credit card info have to
follow to maintain security.
• PCI-DSS SAQ A-EP is where you want to be.
19. Do
• Have a clear, user-friendly privacy policy
• Make your email lists strictly opt-in
• Use an SSL on EVERY SINGLE PAGE that has a
checkout form, log in form, etc. There are no
exceptions.
20. Don’t
• Some people obscure their return policy or privacy
policy
• It’s a bad idea to mail people without their
permission or sell or give their info to others.
• One of the worst things you can do is have a credit
card form on a plain HTTP page. Please just don’t.
21. Privacy Policy
• *Have* a privacy policy. It’s almost a majority of
small business owners that don’t have one.
• Use minimal “legalese” and with the user retaining
their rights to privacy.
• Ask for as little permissions and information as
possible. Not only does that improve your chances
of getting it, but it limits the info you have to care for.
22. Mailing Lists
• Mailing lists should be double opt-in, with few
exceptions.
• There are a lot of guidelines to email marketing that
you should look into (laws you have to comply with,
etc.
• Use a reputable email service to send out your
emails. You can get a service like MailChimp at a
low cost, and the tools that they have are worth it.
23. Why All This Work?
• Giving the power to your customer to make
decisions based on what information they do and
don’t want you to have is always good for business.
• You want your customers to feel empowered, able
to choose, and know what is happening with their
data.
• Knowledge and transparency = Trust
24. SSL: The tl;dr
• Purchase and install an SSL certificate
• Update your site URL in WordPress
• Force HTTPS throughout the site
• Resolve any insecure elements on your pages
• Update Google Webmaster Tools and Google
Analytics
25. Installing an SSL
Certificate
• Purchase from your host, and have them install it.
(hands down the easiest way)
• Use https://letsencrypt.org/ (FREE)
• Do it yourself (slightly masochistic, but ¯_(ツ)_/¯)
26. Forcing over HTTPS
• Your blog/site URL in WordPress general settings
• Use WordPress Force HTTPS
• .htaccess rewrite rules
27. Resolving Mixed
Content
• Use Better Search Replace (replace all http with
https in the posts and postmeta tables)
• Your theme and/or plugins could also be loading in
assets over a hardcoded http call, but you can fix
those sometimes with child themes, or you might be
better off switching themes/plugins.
29. Probably the Easiest One
• Keep *all the things* updated.
• Themes
• Plugins
• WordPress
30. General WordPress
Security
• Use strong passwords. Seriously, stop using your
cat’s name.
• Change the username from “admin” or easy to
guess ones
• Your database username and password are also at
risk.
• Disable file editing from the WordPress admin
define( ‘DISALLOW_FILE_EDIT’, true );
33. Hosting
• Your host plays a critical role in your security.
• Never pick a host that starts you out on a PHP
version that is lower than 5.4
• They should have firewalls in place, have correct file
permissions set up, not allow for connections via
plain FTP, etc.
• Shared hosting is cheap, but it’s probably not really
worth the risk.
34. Use Good Code
• Pick plugins/themes with good support behind them.
• Most times, this means premium code (you have to
pay for it)
35. Limit External
Connections
• Sometimes you use 3rd party solutions for parts of
your store (shipping, tax, inventory, accounting, etc.)
• Even things that don’t relate to your store can
potentially have access.
• Make sure you investigate who has what of your
site’s data, what their security is like, and what their
privacy policy is like.
36. The #1 tip for people accepting payment online:
Respect your users’ data, and treat it as your own.
This is a team photo from our most recent WooTrip.
They told us to act like a ninja, but I was already being Batman, so… I just went with that.
It’s almost an unwritten rule that every tech session has to have at least one lego picture, so here is the required slide.
It’s also a requirement that you include cat pictures, but that’s not really my style, so here is a picture of my Airedale.
So, a lot of you are thinking that I am going to be speaking about building up an e-commerce section of your site, and then go from there, but I’m not. There’s more to this than that. I will be speaking on the specifics a bit more in-depth, but I want to make sure that we are doing this justice.
This chart is from a survey of people on their trust in online commerce. People trust the e-commerce platforms as a whole, but are becoming more tech-savvy and discerning when it comes to where they place their trust.
This number can tie a *lot* of the things that we just mentioned to do or don’t do.
People abandon carts based on payment processor, on the price of shipping, of having to pay sales tax, of a myriad of other issues. You can’t stop them all, but you can reduce them.
Have you ever left an item in your cart on like Amazon? Then you got an email, right?
There’s a really cool WooCommerce plugin called Follow Up Emails that will mail those people that leave their carts in your store.
There are a lot of ways to do this, but we are going to stick to some really generic tips.
Stripe will handle all your credit card processing, and then PayPal is that alternative payment method that I mentioned earlier.
A lot of people love using PayPal, since it’s accepted in a lot of places, they have their details already saved there, and they trust PayPal to keep their info safe.
Stripe is a great method for credit card processing, as it’s a really extendable processor, and integrates in most online solutions. It save their card to Stripe’s servers, enables them to charge the user card without the user having to input it again. This is great for recurring payments, such as subscriptions or monthly donations. Also, some customers already use Stripe to save their payment methods from other sites, and Stripe can remember them.
Tell the story of the WooCommerce offline payment gateway.
With any kind of on-site processor, you will NEED an SSL certificate. It’s not optional. If you have a WooThemes extension for an on-site processor, then you will actually be required to have that in place before the gateway will function.
Amazon just sends the order to and from Amazon, using the forms from Amazon’s site, and then sending your account info back in an iFrame, so the host store never actually gets to see any of the data except what it needs to fulfill the order (addresses, etc.)
Stripe is a bit different from a lot of the other payment processors that work on-site. The stripe extension from WooThemes uses the latest stripe.js solution that offers a bit more security in that your customer’s credit card details never touch your server, helping to eliminate your PCI-DSS compliance burden.
These are actually the most secure and easiest to implement in your store, typically. You are offloading all the responsibility for securing the payment process to the actual payment processor. The downside to this is the jump that customers have to make to go through the step of paying on another site, rather than yours.
Sometimes this can be an issue with cart abandonment. Sometimes the exact opposite is true, and your customer actually trusts the payment processor more than you. PayPal is a perfect example of this. Most people know of PayPal, and a good percentage of your customers likely have an account already. This can help lower the barrier of purchase for new customers, and also helps lend credibility to your store, borrowing off of PayPal’s credibility with the customer.
PCI DSS Self Assessment Questionnaire A-EP is much less strenuous to go through than other compliance. If you use either of the payment gateways that I mentioned earlier, you qualify for A-EP instead of the strenuous audits, etc. that can come with other gateways that don’t post directly to the processor servers.
If you have a credit card breach, you will be fined. That is guaranteed.
Now we are going to move into a bit more technical things. Things to actually do to increase user security and trust.
SSL stands for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by an EV Certificate
For the SSL, you can have it running on your entire site, and that is a good thing. Make sure that you don’t have any errors about mixed content when your customer goes to checkout.
Tell them the Cliff Original story about no SSL.
Don’t ask for random unnecessary info, like gender, income levels, etc.
Our privacy policy, like most everything else in our company, is open source for you to use.
The FTC has a lot of resources on Privacy policies and privacy in general.
Tell users why you are collecting this information and describe how your business will use the information collected.
Specify what information you collect about a user and state what portion, if any, is personally identifiable.
Explain your data collection process. For example, let people know if the website sets cookies or maintains weblogs. Also inform people how long you will store the information.
If you run third-party ads or services that may collect user data, be sure to mention it in your document and link to the third-party provider’s own privacy policy.
Ensure that people can consent to the information collection (e.g. note it on a sign-up form or other collection page) and also ensure they can opt-out without hindering their site experience.
Provide contact details right in the document for people who might have a question or concern about your privacy policy.
State any applicable laws used to govern your policy (e.g. the Privacy Act).
Double opt-in means that they sign up on your site, and then are emailed another “permission request” that they have to respond to. It’s a lot more arduous process to go through to get a subscriber, but your customers will appreciate it, and you will have the knowledge that these people really want to hear from you, and will reduce the rate your emails are not opened, or marked as spam, which hurts you in the long run.
Most reputable email services provide what you are going to need to comply with the laws governing mailing, as well as best practices (double opt-in, etc.)
This is by no means a comprehensive guide on SSL certificates or anything like that, but I do want you to understand a bit about them. This will tell you how to force the entire site over HTTPS
I got a lot of this info from the Give guide on this.
having your host do it for you is the best/easiest way.
Let’s Encrypt is a brand new venture that is free and open to use, and is basically a push from a group of companies, including the Linux Foundation, Mozilla, Cisco, and Automattic to get more people encrypting and securing their sites.
Doing it yourself: If you want to do this, have fun. Call me when you are done, and tell me how it went.
No talk on keeping your users’ trust would be complete without talking about security. Needless to say, a breach of your site that discloses user info is not good for business.
It’s a complicated topic, and there’s no magic silver bullet to take care of all your needs. I’m going to take the next few slides to talk about some easy ways to implement a higher security standard for your site.
There really isn’t a reason to not running the latest and greatest. A lot of hacks happen through old software with patches available that people just don’t update.
Passwords typically are the weakest link in the security chain, since most people use the same stupid ones. Brute forcing attacks can guess many passwords within a few hours of random guessing. Having a unique username and password greatly increases the time needed to crack your credentials via brute forcing. WordPress 4.3 comes with a tool to help with making better passwords, so it might be time to revisit those. Also, password managers can really help with generating secure passwords.
It sounds cliche and kind of stupid, but the best password is the password that you can’t remember. If you can remember it, it’s typically way too easy for someone to guess.
There are a few different categories for security add-ons for WordPress. A lot of plugins do some or all of these things.
Prevention is what it sounds like; they typically do things like block brute force attempts and lock out the IP addresses that a lot of login attempts come from, help you lock down your settings and things to make sure you are secure, etc.
Scans can look for file changes (from malicious bots/people) or actively scan for known malware, etc.
Backups are pretty straight forward - they backup your site, and store it either off-site or on your server. I greatly prefer an off-site service to an on-site one, as there is a chance that if you are compromised, your backups could be too.
Jetpack - Brute force protection, site monitoring for downtime, managing updates across multiple sites in one dashboard, and security scans and off-site backups (with a VaultPress subscription; you can try free)
Wordfence - Scans your site initially to check for infection, then provides prevention security, login security, firewall, and then scheduled scans, etc. with a premium license.
iThemes Security - Provides much of the same as above, with some nice features like Strong Password enforcement; offers paid version
Sucuri Scanner - Same types of things as the others, but one stand out feature from them is the CloudProxy Firewall (need a subscription) which offers some cool things like DDOS protection, access control, and then some speed features
If your host is terrible, then you can build a rock solid site on top of a pile of quicksand, and end up sunk.
Shared hosting is one of the unsung dangers in eCommerce, as your security is only as good as the worst secured site on that server.
This is fairly broad, and I’m really not going to get a whole lot into this, but use good code.
The most important part of this is making sure that the plugins are supported well, and especially have regular updates. If a plugin is not updated regularly, then you run risks with security, as well as compatibility.
Premium code means that the authors have a very good reason (money) to provide support/updates, and stay on top of security vulnerabilities, etc.
This is not disparaging the many awesome themes and plugins out there that are free, but just make sure that you vet the code.
Your weakest link is the weakest link that has access to the site data. It might be a site management system, or a dropshipper, but they have access to parts of your customer’s info, and as such, need to have their security and privacy policies reviewed.
Tell the T-Mobile story: 15 million T-mobile subscribers had their data breached when Experian was hacked over the last few weeks. They handled credit reviews and checks for T-Mobile
Moral of the story: Be careful who you trust with your user’s data, as ultimately, it comes back on you if anything happens.
Well this is about the end of the presentation. Thanks for joining me.