SlideShare una empresa de Scribd logo

Wordpress: A Gentle Introduction

J
John Feminella
TecnologíaEmpresariales
1 de 27
WordPressA Rather Gentle Introduction
Introduction Slide 2 w: http://distilledb.com e: johnf.public@distilledb.com t: superninjarobot
What are these cards for?Questions and feedback Slide 3
Filling out cards Slide 4 your evaluation and criticism is welcomed! presentation: Was the material presented in a way that you found engaging and could appreciate? utility: Did you get value out of the presentation? technical depth: Did you find that the technical aspects of the presentation were appropriate and useful? any other comments: I love feedback!
Analog hyperlinks{{abcd}} == http://is.gd/abcd Slide 5
Tools of the talk Slide 6 WordPress 2.8 the eponymous blogging/publishing app {{14RRW}} FTP client transfer files to and from remote locations {{15eCh}} ssh client / PuTTY connect to remote shells {{15eEA}} shell access helpful but not strictly necessary
What’s this talk about? Slide 7 start-to-finish installation of WordPress 2.8 an introduction to WordPress 2.8 basics of the Unix environment, permissions open questions security power tips, common errors
WordPress 2.8 Slide 8 better IIS support for Windows hosts better security better administrative usability widgets API {{15h2u}} minor cosmetic improvements with comments, posts better automation smarter interoperability between plugins, less conflicts
Basic installation steps Slide 9 DOWNLOAD go to wordpress.org DATABASES configure with your host UNZIP go to wordpress.org CONFIGURE WORDPRESS edit wp-config.php LOG IN all done!
Power demoInstalling WordPress 2.8 and supporting tools Slide 10
PermissionsThe Unix permissions model Slide 11
Security basics: file permissions Slide 12 read determine which actions can be taken on files or directories permissions write execute
Security basics: file permissions Slide 13 read missing permission denies request write permissions execute result sum the value of active permissions to produce a summary result
Security basics: file permissions Slide 14 read write permissions execute result
Security basics: user categories Slide 15 owner files belong to both a specific user called the owner and a group categories group world is the set of all users that is not the owner or the group world
Putting permissions together Slide 16 categories index.html owner world group read write permissions execute result
Files differ from directories Slide 17 categories wordpress/ owner world group list write permissions go to result
Common permissions Slide 18 EXECUTABLE BINARIES 755 STATIC CONTENT 644 *.sh *.bin *.php *.html STANDARD DIRECTORY 755 *.css *.jpg *.txt *.png SECURED DIRECTORY 700
Power demoExamining effects of permissions Slide 19
Security power tipsSimple ways to harden your site and avoid complications Slide 20
Security power tips Slide 21 wrong / unreadable permissions drw-r--r-- 7 bob bob 4096 Jun 10 20:32 wp-admin/ -rw-r--r-- 1 bob bob2341 May 20 11:32 wp-load.php -rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php insecure permissions drwxrwxrwx7 bob bob 4096 Jun 10 20:32 wp-admin/ -rw-r--r-- 1 bob bob2341 May 20 11:32 wp-load.php -rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php find . –type d –perm 0777 –print0 | xargs -0 chmod 755
Security power tips Slide 22 avoid meta-generator strings ... <head> <!-- header.php --> <meta content=“WordPress <?phpbloginfo(‘version’); ?>” name=“generator”/> </head> ... defend your wp-admin folder and site configuration limit access by IP address using .htaccess AskApache Password Protect Login Lockdown plugin {{15ff3}} {{15fc2}} {{15fg6}}
Security power tips Slide 23 if possible, use SFTP or SSH instead of FTP transmitting over FTP is not at all secure your host may not support SFTP, but all should allow shell access to savvy users update early and often Wordpress Automatic Upgrade Plugin Instant Upgrade plugin {{15foD}} {{15foO}}
Security power tips Slide 24 perform regular and frequent backups separate your WP database from other information and data avoids DoS issues trivial for determined attackers to overwhelm most entry-level databases
Security power tips Slide 25 prevent search robots from crawling // In robots.txt: Disallow: /path/to/wordpress/wp-* {{15fDZ}} prevent casual browsing of directories // In .htaccess Options All -Indexes {{15fBq}}
Questions? Slide 26
that’s all, folks! Slide 27

Recomendados

Citrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingCitrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingDenis Gundarev
 
Smiley033
Smiley033Smiley033
Smiley033subhajitmondalglb
 
IBM DB2 Content Manager V8.3 Performance Tuning Guide
IBM DB2 Content Manager V8.3 Performance Tuning GuideIBM DB2 Content Manager V8.3 Performance Tuning Guide
IBM DB2 Content Manager V8.3 Performance Tuning Guideguest7017989
 
Kaedah membaca
Kaedah membacaKaedah membaca
Kaedah membacaijam
 
Bus 493 Business Students With A Conscience
Bus 493 Business Students With A ConscienceBus 493 Business Students With A Conscience
Bus 493 Business Students With A Conscienceryanchahl
 
Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...
Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...
Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...monicazedda
 
Le edizioni elettroniche dei periodici scientifici (2012)
Le edizioni elettroniche dei periodici scientifici (2012)Le edizioni elettroniche dei periodici scientifici (2012)
Le edizioni elettroniche dei periodici scientifici (2012)monicazedda
 
Periodici elettronici 2014
Periodici elettronici 2014Periodici elettronici 2014
Periodici elettronici 2014monicazedda
 

Recomendados

Citrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingCitrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingDenis Gundarev
 
Smiley033
Smiley033Smiley033
Smiley033subhajitmondalglb
 
IBM DB2 Content Manager V8.3 Performance Tuning Guide
IBM DB2 Content Manager V8.3 Performance Tuning GuideIBM DB2 Content Manager V8.3 Performance Tuning Guide
IBM DB2 Content Manager V8.3 Performance Tuning Guideguest7017989
 
Kaedah membaca
Kaedah membacaKaedah membaca
Kaedah membacaijam
 
Bus 493 Business Students With A Conscience
Bus 493 Business Students With A ConscienceBus 493 Business Students With A Conscience
Bus 493 Business Students With A Conscienceryanchahl
 
Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...
Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...
Chi cerca trova strategie di ricerca per il recupero dell'informazione scient...monicazedda
 
Le edizioni elettroniche dei periodici scientifici (2012)
Le edizioni elettroniche dei periodici scientifici (2012)Le edizioni elettroniche dei periodici scientifici (2012)
Le edizioni elettroniche dei periodici scientifici (2012)monicazedda
 
Periodici elettronici 2014
Periodici elettronici 2014Periodici elettronici 2014
Periodici elettronici 2014monicazedda
 
Securité des container
Securité des containerSecurité des container
Securité des containerRachid Zarouali
 
[Docker Tokyo - DockerCon Recap] Updates from Microsoft
[Docker Tokyo - DockerCon Recap] Updates from Microsoft[Docker Tokyo - DockerCon Recap] Updates from Microsoft
[Docker Tokyo - DockerCon Recap] Updates from MicrosoftNaoki (Neo) SATO
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
A Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux AdministratorA Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux AdministratorEdureka!
 
Intro to development sites and site migration
Intro to development sites and site migrationIntro to development sites and site migration
Intro to development sites and site migrationR-Cubed Design Forge
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prismtombeuckelaere
 
2018 Writing Offensive .Net Tools
2018 Writing Offensive .Net Tools2018 Writing Offensive .Net Tools
2018 Writing Offensive .Net ToolsAlexander Polce Leary
 
DockerCon17 - Building The Super-Dynamic Demo Center
DockerCon17 - Building The Super-Dynamic Demo CenterDockerCon17 - Building The Super-Dynamic Demo Center
DockerCon17 - Building The Super-Dynamic Demo CenterMichael Wilde
 
USB 4-8 Channel Relay Board
USB 4-8 Channel Relay BoardUSB 4-8 Channel Relay Board
USB 4-8 Channel Relay BoardRaghav Shetty
 
Z turn Board Tutorial Book
Z turn Board Tutorial BookZ turn Board Tutorial Book
Z turn Board Tutorial BookLinda Zhang
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentR-Cubed Design Forge
 
classdockerimages.pdf
classdockerimages.pdfclassdockerimages.pdf
classdockerimages.pdfWaiYipLiew
 
Docker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David LawrenceDocker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David LawrenceDocker, Inc.
 
How To Start Up With PHP In IBM i
How To Start Up With PHP In IBM iHow To Start Up With PHP In IBM i
How To Start Up With PHP In IBM iSam Pinkhasov
 
How To Start Up With Php In Ibm I
How To Start Up With Php In Ibm IHow To Start Up With Php In Ibm I
How To Start Up With Php In Ibm IAlex Frenkel
 
Develop Smart Solutions with Raspberry Pi and EnableX Live Video API
Develop Smart Solutions with Raspberry Pi and EnableX Live Video APIDevelop Smart Solutions with Raspberry Pi and EnableX Live Video API
Develop Smart Solutions with Raspberry Pi and EnableX Live Video APIEnablex io
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
Lessons Learned in Automating Compliance for Containers
Lessons Learned in Automating Compliance for ContainersLessons Learned in Automating Compliance for Containers
Lessons Learned in Automating Compliance for ContainersAll Things Open
 
Red5 Open Source Flash Server
Red5 Open Source Flash ServerRed5 Open Source Flash Server
Red5 Open Source Flash ServerSunil Swain
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJeff Prestes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Más contenido relacionado

Similar a Wordpress: A Gentle Introduction

[Docker Tokyo - DockerCon Recap] Updates from Microsoft
[Docker Tokyo - DockerCon Recap] Updates from Microsoft[Docker Tokyo - DockerCon Recap] Updates from Microsoft
[Docker Tokyo - DockerCon Recap] Updates from MicrosoftNaoki (Neo) SATO
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
A Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux AdministratorA Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux AdministratorEdureka!
 
Intro to development sites and site migration
Intro to development sites and site migrationIntro to development sites and site migration
Intro to development sites and site migrationR-Cubed Design Forge
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prismtombeuckelaere
 
DockerCon17 - Building The Super-Dynamic Demo Center
DockerCon17 - Building The Super-Dynamic Demo CenterDockerCon17 - Building The Super-Dynamic Demo Center
DockerCon17 - Building The Super-Dynamic Demo CenterMichael Wilde
 
USB 4-8 Channel Relay Board
USB 4-8 Channel Relay BoardUSB 4-8 Channel Relay Board
USB 4-8 Channel Relay BoardRaghav Shetty
 
Z turn Board Tutorial Book
Z turn Board Tutorial BookZ turn Board Tutorial Book
Z turn Board Tutorial BookLinda Zhang
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentR-Cubed Design Forge
 
classdockerimages.pdf
classdockerimages.pdfclassdockerimages.pdf
classdockerimages.pdfWaiYipLiew
 
Docker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David LawrenceDocker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David LawrenceDocker, Inc.
 
How To Start Up With PHP In IBM i
How To Start Up With PHP In IBM iHow To Start Up With PHP In IBM i
How To Start Up With PHP In IBM iSam Pinkhasov
 
How To Start Up With Php In Ibm I
How To Start Up With Php In Ibm IHow To Start Up With Php In Ibm I
How To Start Up With Php In Ibm IAlex Frenkel
 
Develop Smart Solutions with Raspberry Pi and EnableX Live Video API
Develop Smart Solutions with Raspberry Pi and EnableX Live Video APIDevelop Smart Solutions with Raspberry Pi and EnableX Live Video API
Develop Smart Solutions with Raspberry Pi and EnableX Live Video APIEnablex io
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
Lessons Learned in Automating Compliance for Containers
Lessons Learned in Automating Compliance for ContainersLessons Learned in Automating Compliance for Containers
Lessons Learned in Automating Compliance for ContainersAll Things Open
 
Red5 Open Source Flash Server
Red5 Open Source Flash ServerRed5 Open Source Flash Server
Red5 Open Source Flash ServerSunil Swain
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJeff Prestes
 

Similar a Wordpress: A Gentle Introduction (20)

Securité des container
Securité des containerSecurité des container
Securité des container
 
[Docker Tokyo - DockerCon Recap] Updates from Microsoft
[Docker Tokyo - DockerCon Recap] Updates from Microsoft[Docker Tokyo - DockerCon Recap] Updates from Microsoft
[Docker Tokyo - DockerCon Recap] Updates from Microsoft
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
A Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux AdministratorA Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux Administrator
 
Intro to development sites and site migration
Intro to development sites and site migrationIntro to development sites and site migration
Intro to development sites and site migration
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prism
 
2018 Writing Offensive .Net Tools
2018 Writing Offensive .Net Tools2018 Writing Offensive .Net Tools
2018 Writing Offensive .Net Tools
 
DockerCon17 - Building The Super-Dynamic Demo Center
DockerCon17 - Building The Super-Dynamic Demo CenterDockerCon17 - Building The Super-Dynamic Demo Center
DockerCon17 - Building The Super-Dynamic Demo Center
 
USB 4-8 Channel Relay Board
USB 4-8 Channel Relay BoardUSB 4-8 Channel Relay Board
USB 4-8 Channel Relay Board
 
Z turn Board Tutorial Book
Z turn Board Tutorial BookZ turn Board Tutorial Book
Z turn Board Tutorial Book
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin Development
 
classdockerimages.pdf
classdockerimages.pdfclassdockerimages.pdf
classdockerimages.pdf
 
Docker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David LawrenceDocker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David Lawrence
 
How To Start Up With PHP In IBM i
How To Start Up With PHP In IBM iHow To Start Up With PHP In IBM i
How To Start Up With PHP In IBM i
 
How To Start Up With Php In Ibm I
How To Start Up With Php In Ibm IHow To Start Up With Php In Ibm I
How To Start Up With Php In Ibm I
 
Develop Smart Solutions with Raspberry Pi and EnableX Live Video API
Develop Smart Solutions with Raspberry Pi and EnableX Live Video APIDevelop Smart Solutions with Raspberry Pi and EnableX Live Video API
Develop Smart Solutions with Raspberry Pi and EnableX Live Video API
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - Mediafly
 
Lessons Learned in Automating Compliance for Containers
Lessons Learned in Automating Compliance for ContainersLessons Learned in Automating Compliance for Containers
Lessons Learned in Automating Compliance for Containers
 
Red5 Open Source Flash Server
Red5 Open Source Flash ServerRed5 Open Source Flash Server
Red5 Open Source Flash Server
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
 

Último

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Wordpress: A Gentle Introduction

  • 2. Introduction Slide 2 w: http://distilledb.com e: johnf.public@distilledb.com t: superninjarobot
  • 3. What are these cards for?Questions and feedback Slide 3
  • 4. Filling out cards Slide 4 your evaluation and criticism is welcomed! presentation: Was the material presented in a way that you found engaging and could appreciate? utility: Did you get value out of the presentation? technical depth: Did you find that the technical aspects of the presentation were appropriate and useful? any other comments: I love feedback!
  • 5. Analog hyperlinks{{abcd}} == http://is.gd/abcd Slide 5
  • 6. Tools of the talk Slide 6 WordPress 2.8 the eponymous blogging/publishing app {{14RRW}} FTP client transfer files to and from remote locations {{15eCh}} ssh client / PuTTY connect to remote shells {{15eEA}} shell access helpful but not strictly necessary
  • 7. What’s this talk about? Slide 7 start-to-finish installation of WordPress 2.8 an introduction to WordPress 2.8 basics of the Unix environment, permissions open questions security power tips, common errors
  • 8. WordPress 2.8 Slide 8 better IIS support for Windows hosts better security better administrative usability widgets API {{15h2u}} minor cosmetic improvements with comments, posts better automation smarter interoperability between plugins, less conflicts
  • 9. Basic installation steps Slide 9 DOWNLOAD go to wordpress.org DATABASES configure with your host UNZIP go to wordpress.org CONFIGURE WORDPRESS edit wp-config.php LOG IN all done!
  • 10. Power demoInstalling WordPress 2.8 and supporting tools Slide 10
  • 12. Security basics: file permissions Slide 12 read determine which actions can be taken on files or directories permissions write execute
  • 13. Security basics: file permissions Slide 13 read missing permission denies request write permissions execute result sum the value of active permissions to produce a summary result
  • 14. Security basics: file permissions Slide 14 read write permissions execute result
  • 15. Security basics: user categories Slide 15 owner files belong to both a specific user called the owner and a group categories group world is the set of all users that is not the owner or the group world
  • 16. Putting permissions together Slide 16 categories index.html owner world group read write permissions execute result
  • 17. Files differ from directories Slide 17 categories wordpress/ owner world group list write permissions go to result
  • 18. Common permissions Slide 18 EXECUTABLE BINARIES 755 STATIC CONTENT 644 *.sh *.bin *.php *.html STANDARD DIRECTORY 755 *.css *.jpg *.txt *.png SECURED DIRECTORY 700
  • 19. Power demoExamining effects of permissions Slide 19
  • 20. Security power tipsSimple ways to harden your site and avoid complications Slide 20
  • 21. Security power tips Slide 21 wrong / unreadable permissions drw-r--r-- 7 bob bob 4096 Jun 10 20:32 wp-admin/ -rw-r--r-- 1 bob bob2341 May 20 11:32 wp-load.php -rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php insecure permissions drwxrwxrwx7 bob bob 4096 Jun 10 20:32 wp-admin/ -rw-r--r-- 1 bob bob2341 May 20 11:32 wp-load.php -rw-r--r-- 1 bob bob 21019 Jun 3 17:15 wp-login.php find . –type d –perm 0777 –print0 | xargs -0 chmod 755
  • 22. Security power tips Slide 22 avoid meta-generator strings ... <head> <!-- header.php --> <meta content=“WordPress <?phpbloginfo(‘version’); ?>” name=“generator”/> </head> ... defend your wp-admin folder and site configuration limit access by IP address using .htaccess AskApache Password Protect Login Lockdown plugin {{15ff3}} {{15fc2}} {{15fg6}}
  • 23. Security power tips Slide 23 if possible, use SFTP or SSH instead of FTP transmitting over FTP is not at all secure your host may not support SFTP, but all should allow shell access to savvy users update early and often Wordpress Automatic Upgrade Plugin Instant Upgrade plugin {{15foD}} {{15foO}}
  • 24. Security power tips Slide 24 perform regular and frequent backups separate your WP database from other information and data avoids DoS issues trivial for determined attackers to overwhelm most entry-level databases
  • 25. Security power tips Slide 25 prevent search robots from crawling // In robots.txt: Disallow: /path/to/wordpress/wp-* {{15fDZ}} prevent casual browsing of directories // In .htaccess Options All -Indexes {{15fBq}}

Notas del editor

  1. When
  2. When