WordPress search is notoriously lacking. Using Elasticsearch and the 10up WordPress plugin ElasticPress, we can do amazing things with search very performantly.
Charla impartida por el Doctor Antonio Guzmán,miembro del Grupo de Arquitecturas de Altas Prestaciones de la Universidad Rey Juan Carlos de Madrid, en el Curso de Verano 2009 de Seguridad Informática en la Universidad de Salamanca.
Are you considering Microservice architecture for your next project?
Are you planning to migrate an existing legacy / monolithic application to Microservices?
Are you curious about Microservice architecture?
If the answer to one of the above questions is YES, then this session is for you.
Join me to know all about Microservice architecture:
- When to adopt it?
- When not to adopt it?
- How to assess your team’s readiness to adopt Microservice architecture?
- Starting a new project with Microservice architecture.
- Migrate an existing project to Microservice architecture.
- Microservice architecture main anti-patterns and how to fix them.
- Are monoliths really that bad?
Digital forensics has been utilized in computer crime investigation for the last thirty years. It has evolved around and progressed through the technical revolutions, and is now facing yet another new era due to the emergence of cloud computing.
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
Presentacion utilizada durante Segurinfo 2014 - Rosario, Santa Fe, Argentina.
El objetivo es discutir sobre las amenazas que enfrentan las organizaciones y los sistemas que soportan el negocio, de forma de considerarlas dentro del plan de protección y mitigación de riesgos
Charla impartida por el Doctor Antonio Guzmán,miembro del Grupo de Arquitecturas de Altas Prestaciones de la Universidad Rey Juan Carlos de Madrid, en el Curso de Verano 2009 de Seguridad Informática en la Universidad de Salamanca.
Are you considering Microservice architecture for your next project?
Are you planning to migrate an existing legacy / monolithic application to Microservices?
Are you curious about Microservice architecture?
If the answer to one of the above questions is YES, then this session is for you.
Join me to know all about Microservice architecture:
- When to adopt it?
- When not to adopt it?
- How to assess your team’s readiness to adopt Microservice architecture?
- Starting a new project with Microservice architecture.
- Migrate an existing project to Microservice architecture.
- Microservice architecture main anti-patterns and how to fix them.
- Are monoliths really that bad?
Digital forensics has been utilized in computer crime investigation for the last thirty years. It has evolved around and progressed through the technical revolutions, and is now facing yet another new era due to the emergence of cloud computing.
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
Presentacion utilizada durante Segurinfo 2014 - Rosario, Santa Fe, Argentina.
El objetivo es discutir sobre las amenazas que enfrentan las organizaciones y los sistemas que soportan el negocio, de forma de considerarlas dentro del plan de protección y mitigación de riesgos
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
This presentation outlined how performing memory forensics on a single memory image broke open an extremely large intrusion in the non-profit space. Tools, techniques and procedures (TTP’s) of an advanced actor intrusion will be highlighted during a technical deep-dive of memory analysis and related workflow.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
Conoce cuáles son los factores del ciclo que se deben cumplir para contar con un Sistemas de Gestión de Seguridad de la Información (SGSI) eficiente en la empresa.
Open Web Application Security Project Top 10: OWASP con el fin de canalizar los esfuerzos en la seguridad de aplicaciones y APIs, llevó adelante un relevamiento global y colaborativo con los 10 riesgos de seguridad más críticos de la web, conocido como OWASP TOP 10.
DevSecOps nada mais é a união dos benefícios da cultura DevOps com práticas e processos da segurança da informação, um dos grandes desafios desta nova onda é como de fato implementar e automatizar ferramentas de segurança dentro do ciclo de desenvolvimento de software até o momento do deploy. A palestra tem uma abordagem prática e teórica de soluções automatizadas com Docker e Jenkins para incrementar segurança desde a integração contínua (CI) até a entrega contínua (CD), soluções que também permitem o monitoramento automatizado de vulnerabilidades em redes e sites.
Google Cloud Platform monitoring with ZabbixMax Kuzkin
This presentation describes how to configure Zabbix (https://zabbix.com/) to configure Google Cloud Platform events through its Monitoring API, using gcpmetrics (https://github.com/odin-public/gcpmetrics/) command line tool.
El modelo C4 se creó como una forma de ayudar a los equipos de desarrollo de software a describir y comunicar la arquitectura de software, tanto durante las sesiones de diseño iniciales como cuando se documenta retrospectivamente una base de código existente. Es una forma de crear mapas de su código, en varios niveles de detalle, de la misma manera que usaría algo como Google Maps para acercar y alejar un área que le interesa.
This presentation showcased live during the DNIF KONNECT meetup on 19th December 2019. We have our presenter: Ruchir Shah- Account Manager at DNIF, walk us through the importance of SOAR
Some key points discussed during the meetup:
-Understand, what is SOAR.
-The problems a SOAR solution solves.
-Real-time demo by DNIF expert on SOAR.
Watch the full presentation here: https://www.youtube.com/watch?v=bCp-WAs6w5I
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
This presentation outlined how performing memory forensics on a single memory image broke open an extremely large intrusion in the non-profit space. Tools, techniques and procedures (TTP’s) of an advanced actor intrusion will be highlighted during a technical deep-dive of memory analysis and related workflow.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
Conoce cuáles son los factores del ciclo que se deben cumplir para contar con un Sistemas de Gestión de Seguridad de la Información (SGSI) eficiente en la empresa.
Open Web Application Security Project Top 10: OWASP con el fin de canalizar los esfuerzos en la seguridad de aplicaciones y APIs, llevó adelante un relevamiento global y colaborativo con los 10 riesgos de seguridad más críticos de la web, conocido como OWASP TOP 10.
DevSecOps nada mais é a união dos benefícios da cultura DevOps com práticas e processos da segurança da informação, um dos grandes desafios desta nova onda é como de fato implementar e automatizar ferramentas de segurança dentro do ciclo de desenvolvimento de software até o momento do deploy. A palestra tem uma abordagem prática e teórica de soluções automatizadas com Docker e Jenkins para incrementar segurança desde a integração contínua (CI) até a entrega contínua (CD), soluções que também permitem o monitoramento automatizado de vulnerabilidades em redes e sites.
Google Cloud Platform monitoring with ZabbixMax Kuzkin
This presentation describes how to configure Zabbix (https://zabbix.com/) to configure Google Cloud Platform events through its Monitoring API, using gcpmetrics (https://github.com/odin-public/gcpmetrics/) command line tool.
El modelo C4 se creó como una forma de ayudar a los equipos de desarrollo de software a describir y comunicar la arquitectura de software, tanto durante las sesiones de diseño iniciales como cuando se documenta retrospectivamente una base de código existente. Es una forma de crear mapas de su código, en varios niveles de detalle, de la misma manera que usaría algo como Google Maps para acercar y alejar un área que le interesa.
This presentation showcased live during the DNIF KONNECT meetup on 19th December 2019. We have our presenter: Ruchir Shah- Account Manager at DNIF, walk us through the importance of SOAR
Some key points discussed during the meetup:
-Understand, what is SOAR.
-The problems a SOAR solution solves.
-Real-time demo by DNIF expert on SOAR.
Watch the full presentation here: https://www.youtube.com/watch?v=bCp-WAs6w5I
Best Practices for WordPress in EnterpriseTaylor Lovett
10up open sourced their WordPress Best Practices (PHP, JavaScript, tools, and workflows) in late 2014. As the Director of Web Engineering at 10up, I drove this project and am the lead contributor to the docs. These Best Practices allow developers to build sites that scale, perform, and are secure one sites receiving millions of page views per day. They also standardize development practices in such a way that facilitates team collaboration. This talk will highlight some important parts of the Best Practices and reveal some valuable tips about how we (10up) engineer some of the most complex and most viewed WordPress sites in the world.
This presentation explains what Computer Science actually entails. It covers ways to describe code performance using Big-Oh notation comparing different post meta and taxonomy queries and it discusses concurrency as it applies to WordPress, specifically data races and how they can occur while counting post views.
Fluxible is a new framework by Yahoo that follows the Flux architecture by Facebook. The framework enables you to build powerful isomorphic JavaScript applications that are extremely maintainable, extensible, and scalable. The Flux architecture employs a “unidirectional dataflow” and has three major parts: “dispatcher”, “stores”, and “views”. Yahoo’s Fluxible library contains some very powerful tools for setting up your application. This session will run through some important pieces of Fluxible and some basics for setting up an application.
WP-CLI is an awesome WordPress plugin that can be used to automate a bunch of difficult WordPress tasks. This presentation walks you through basic WP-CLI commands and creating custom commands.
Presentation from the Elasticsearch Denver Meetup.
Discusses scaling of Elasticsearch for Related Posts across WordPress.com and some of the big changes that were needed in order to scale for 23 million queries a day across 800 million documents.
Wordcamp paris 2015 dev-pragmatique-bonnes-pratiquesSylvie Clément
Conférence que j'ai donnée au WordCamp Paris 2015 le 23 janvier 2015.
Sujet : le pragmatisme du développeur freelance Wordpress versus les bonnes pratiques des agences ou des développeurs de plugins et de thèmes
In this presentation I will show you how to setup Laravel and Elasticsearch to quickly build a search engine. This was given at a local meetup in Groningen (Netherlands).
(BDT209) Launch: Amazon Elasticsearch For Real-Time Data AnalyticsAmazon Web Services
Organizations are collecting an ever-increasing amount of data from numerous sources such as log systems, click streams, and connected devices. Launched in 2009, Elasticsearch —an open-source analytics and search engine— has emerged as a popular tool for real-time analytics and visualization of data. Some of the most common use cases include risk assessment, error detection, and sentiment analysis. However, as data volumes and applications grow, managing Elasticsearch clusters can consume significant IT resources while adding little or no differentiated value to the organization. Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS Cloud. Amazon ES offers the benefits of a managed service, including cluster provisioning, easy configuration, replication for high availability, scaling options, data durability, security, and node monitoring. This session presents a technical deep dive on Amazon ES. Attendees learn: Common challenges with real-time data analytics and visualization and how to address them; the benefits, reference architecture, and best practices for using Amazon ES; and data ingestion options with Amazon DynamoDB, AWS Lambda, and Amazon Kinesis.
The importance of search for modern applications is evident and nowadays it is higher than ever. A lot of projects use search forms as a primary interface for communication with a user. Though implementation of an intelligent search functionality is still a challenge and we need a good set of tools.
In this presentation, I will talk through the high-level architecture and benefits of Elasticsearch with some examples. Aside from that, we will also take a look at its existing competitors, their similarities, and differences.
Attack monitoring using ElasticSearch Logstash and KibanaPrajal Kulkarni
With growing trend of Big data, companies are tend to rely on high cost SIEM solutions. However, with introduction of open source and lightweight cluster management solution like ElasticSearch this has been the highlight of the year. Similarly, the log aggregation has been simplified by logstash and kibana providing a visual look to the complex data structure. This presentation will exactly cater to this need of having a appropriate log analysis+Detecting Intrusion+Visualizing data in a powerful interface.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
2. Who Am I?
• My name is Taylor Lovett!
• Director of Web Engineering at 10up
• Open source community member
• WordPress core contributor
• ElasticPress team member
@tlovett12
5. WordPress Search is Rudimentary
• Only searches post title, content, and excerpt.
• Relies on MySQL and thus is slow.
• Relevancy calculations are poor and overly
simplistic.
• Not able to handle any advanced filtering.
7. Elasticsearch
• Open-source search server written in Java
based on a technology called Lucene (open-
source search software by Apache).
• A standalone database server that provides a
RESTful interface to accept and store data in a
way that is optimized for search.
• Extremely scalable, performant, and reliable
9. Get an Elasticsearch Server
• Very flexible and customizable. There is not
really a “one size fits all” setup. Generally, you
have two options:
• Option 1: Pay someone else to manage/host
your Elasticsearch cluster (SaaS)
• Option 2: Host your own cluster
12. Elasticsearch Self-Hosted Cluster
• Make sure you have Java installed.
• Download Elasticsearch:
http://www.elasticsearch.org/downloads/1-4-2/
• Assuming you are installing on a Linux
distribution, you can easily install using DEB or
RPM packages.
14. Configuring Your Cluster (cont.)
• How much memory is available to the heap?
Configure your Elasticsearch heap size (~half of available RAM,
defaults to 256M min and 1G max):
ES_HEAP_SIZE=512m in /etc/default/elasticsearch
• Can the current process be swapped?
Disable process swapping for Elasticsearch:
bootstrap.mlockall: true in config/elasticsearch.yml
“Linux kernel tries to use as much memory as possible for file system caches and
swaps out unused application memory, possibly resulting in the Elasticsearch
process being swapped. Swapping is very bad for performance and for node
stability.” See: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/
setup-configuration.html.
15. Configuring Your Cluster (cont.)
• How much memory can the current system user acquire?
Raise resources that system user can acquire:
In /etc/security/limits.conf:
elasticsearch - memlock unlimited
In /etc/default/elasticsearch
MAX_LOCKED_MEMORY=unlimited
• How many files can the current system user have open?
Raise *nix file limit (65535 is ES default):
In /etc/security/limits.conf:
elasticsearch - nofile 65535
16. Configuring Your Cluster (cont.)
• Can Elasticsearch execute dynamic scripts in
queries?
Disable dynamic scripting (potentially
dangerous and usually unnecessary)
In /etc/elasticsearch/elasticsearch.yml
script.disable_dynamic: true
17. Start Your Server
• Assuming you installed Elasticsearch as a
service on a Linux/Unix distribution:
sudo service elasticsearch start
18. Hello World!
• You should be able to view http://
yourdomainorIP:9200 and see some JSON.
• If this doesn’t work, try SSH’ing into your ES
server and doing a cURL to localhost:
curl http://localhost:9200
19. Cluster Health
• View http://yourdomainorIP:9200/_cluster/health
You will see something like this:
{
"cluster_name":"elasticsearch",
"status":"yellow",
"timed_out":false,
“number_of_nodes":1,
"number_of_data_nodes":1,
“active_primary_shards":5,
"active_shards":5,
"relocating_shards":0,
"initializing_shards":0,
"unassigned_shards":5
}
20. Cluster Health (cont.)
• “active_primary_shards”: Number of primary
(non-replica) shards that are active and available.
• shard: Every document (post) lives on a shard.
Indexes are divided into shards (5 by default).
There are primary and replica shards. Replica
shards help with failover. Shards are distributed
across nodes evenly and help with parallel
processing. A shard replica must live on a
different node than the primary.
21. Cluster Health (cont.)
• “cluster_name”: Elasticsearch is meant to be a
distributed search database. A cluster is one or
more nodes.
• Node: A single server on your cluster. Nodes
can be set up to store data or as master nodes.
• “number_of_nodes”: This is the number of
nodes in your cluster.
22. Cluster Health (cont.)
• “status”: There are three statuses possible:
Red: Not all primary shards are available
Yellow: Primary shards are available but
replicas are not.
Green: Cluster is fully operational with primary
and replica shards
23. Cluster Health (cont.)
• Cluster status is yellow because there is only
one node. Replica shards need to be assigned
to a different node than their primary; this is not
possible in our current setup.
• It’s good practice to create at least 2 nodes in
our production clusters.
24. Security
• Elasticsearch has no concept of security,
authentication, or authorization built-in.
• By default, your instance is open to the world.
Good for development, but bad for production.
25. Private Instance
• We can easily lock down your ES instance
In /etc/elasticsearch/elasticsearch.yml
network.host: localhost!
• Note: this will make it difficult to navigate your ES
instance in your web browser which is useful for
debugging. We can also do something like
setup a reverse proxy (using Nginx) with a
password protected endpoint to get around this.
26. Now that we have gone through
Elasticsearch basics, let’s talk
about integrating Elasticsearch
with WordPress.
29. ElasticPress
• Build filterable performant queries (filter by taxonomy
term, post meta key, etc.)
• Fuzzy search post title, content, excerpt, taxonomy
terms, post meta, and authors
• Search across multiple blogs in a multi-site instance
• Results returned by relevancy. Relevancy calculations
are highly customizable.
• Very extensible and performant
30. ElasticPress Requirements
!
• WordPress 3.7+
• A host (not WordPress.com VIP) that either gives
SSH access or the ability to run WP-CLI
commands.
• An instance of Elasticsearch.
• WP-CLI
32. Point to Your ES Instance
• In your wp-config.php file, add the following
where the URL is the domain or IP of your
Elasticsearch instance:
define( 'EP_HOST', 'http://192.168.50.4:9200' );
33. Index Your Posts
• Just activating the plugin will do nothing. We need
to run a WP-CLI command:
wp elasticpress index --setup [--network-wide]!
• --network-wide will force indexing across all the
blogs on a network of sites in multisite. This is
required if you plan to do cross-site search. It’s
basically a shortcut so you don’t have to run the
command once with the --url parameter for each
of your blogs.
34. What Happens Next?
• Once ElasticPress is activated and posts are
indexed, it will integrate with WP_Query to run
queries against Elasticsearch instead of MySQL.
• WP_Query integration will only happen on
search queries (“s” parameter) or when the
ep_integrate parameter is passed.
36. Note on Search
• We can use ElasticPress to power queries
OTHER than search! This is powerful.
37. Advanced Queries
• ElasticPress uses Elasticsearch to do many cool types of queries in a
performant manner. By passing special params to a WP_Query object we can:
• Search taxonomy terms
• Filter by taxonomy terms (unlimited dimensions)
• Search post meta
• Filter by post meta (unlimited dimensions)
• Search authors
• Filter by authors
• Search across blogs in multisite
• more!
42. WP_Query Integration
• The goal for ElasticPress is to make WP_Query
work behind the scenes through Elasticsearch
and provide extra functionality.
• This means we have to support every query
parameter which isn’t the case yet. Github
contains a full list of parameters WP_Query
supports with ElasticPress and usage for each
parameter.
43. Elasticsearch in Your Language
• Elasticsearch is designed to be
internationalized.
• Out of the box, it will work fine with most
languages.
44. Analysis and Analyzers
• When a document is indexed in Elasticsearch,
text is analyzed, broken into terms (tokenized),
and normalized with token filters.
• In normalization, strings might be lowercased
and plurals stripped.
45. Custom Analyzers
• ElasticPress by default uses a pretty standard set of
analyzers intended for the English language.
• We can easily customize our analyzers for use with
other languages by filtering ep_config_mapping
(see EP source code).!
• You can read about language specific analyzers here:
http://www.elasticsearch.org/guide/en/elasticsearch/
reference/current/analysis-lang-analyzer.html
47. Feedback and Continuing Development
• If you are using ElasticPress on a project, please
let us know and give us feedback!
• Pull requests are welcome!
48. Questions?
We need to send a PUT request to this endpoint with
our post data. Of course we must authenticate before
doing this.
@tlovett12!
taylor.lovett@10up.com!
taylorlovett.com