SlideShare una empresa de Scribd logo

ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)

Descargar como PPTX, PDF
N
Nexcess.net LLC
Software
1 de 36
ExpressionEngine | EECI Simple Steps to Performance and Security CHRIS WELLS – CEO – NEXCESS.NET LLC
Detroit, MI USA WEST SOUTH NORTH MID-WEST??? NORTH-EAST NORTH? NORTH-CENTRAL? MIDDLE?
Quick Facts About Michigan • Michigan has the longest fresh water shoreline in the U.S. (world?) at 3,126 miles. • Four flags have flown over Michigan: • French • English • Spanish • USA • Michigan is split into an “upper” and “lower” peninsula • The upper is dubbed the “U.P.” • Detroit had the 1st mile of concrete road laid in 1909 • Detroit is the potato chip capital of the world • Based on consumption 
Today’s Topics • Why performance / security? • A few simple performance steps • A few simple security steps
Why Care About Performance / Security?
They Affect Your Bottom Line DIRECTLY (even if you think you don’t have one)
Example Performance Wins • Firefox browser website noted: • Slow page loaders downloaded the browser less often • 1 second of increased page load performance increased downloads by 2.7%. • Shopzilla.com • Had page load times of ~7 second • Optimized to yield a 5 second decrease in page load time (7 -> 2 sec) • 25% increase in page views • 7 – 12% increase in revenue • 50% decrease in hardware costs! • Google tested a page 1 with 30 entries instead of 10 and got: • 20% less clicks 
Performance Step #1 – Tune the Environment
Tune the Environment •What • About • PHP???
PHP Choices • ExpressionEngine supports a variety of PHP versions (5.3.10+) • So… Isn’t PHP just PHP? • NO! • PHP 5.4 is a good deal faster than 5.3 • Empty hash table optimizations • Literal tables • Interned strings • Zend Engine VM tuning • But what does this mean for ExpressionEngine?
Benchmarking PHP
PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 ~550 t/sec
PHP 5.3.24 vs. PHP 5.4.28 PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.28 ~615 t/sec (~12% increase!!)
PHP 5.3.24 vs. PHP 5.4.28/.14 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.14 PHP 5.4.28 Even upgrading from 5.4.14 shows gains of ~4%
Let’s Push Things a Little Further...
PHP 5.4.28 vs. PHP 5.5.12 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.4.28 PHP 5.5.12 ~781 t/sec ~25% better than 5.4 ~41% better than 5.3 WOW 
Notes On PHP 5.5.x+ • APC goes out • OPcache is introduced • OPcache is the name of the bundled ZendOptimizer+ opcode caching system • Seems to work out of the box without too much fuss • More research is needed here – was very surprised with the performance results • For developers PHP 5.5+ adds: • “finally” • Finally!! New password hashing API • The empty() built-in now supports arbitrary expressions
Let’s Push Things a Little Further…
PHP 5.5.12 vs. PHP 5.6.0-BETA 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.5.12 PHP 5.6.0 (BETA 2)  Essentially equal within margin of error
Let’s…
PHP 5.5.12 vs. PHP-NG • We couldn’t get it running in a stable manner 
Notes on PHP-NG • Removes numerous heap allocations (and de-allocations) • Stores more native data directly on the stack • Removes the need to garbage collect basic primitives (bool, long, etc) • PHP’s reported Wordpress benchmarks show very good results • 26.75 sec -> 14.10 sec (~48% improvement) • 9.5M instructions -> 3.4M internal instructions executed (HUGE reduction) • Take some comfort in knowing that more gains are on the way from PHP folks directly
Short story: use PHP 5.4+, 5.5 if you’re able
Performance Step #2 – Tune ExpressionEngine
Basic ExpressionEngine Tuning • Out of the box ExpressionEngine performs! • Cache Cache Cache! Ensure you use all available caching • Tag caching • Template caching • Dynamic channel query caching • Query disabling • Use in-memory caching if at all possible (CE Cache, memcache) • See our whitepaper for an in-depth look at caching options • Use a CDN
We’re Performing! Now What? • Performance is not a one-time activity (monitor often) • The 80/20 rule is a good guide (Pareto’s Principle) • “…roughly 80% of the effects come from 20% of the causes…” • Make performance part of your design/development process • Choose add-ons based on a performance SLA • Make sure your developers understand how to design/code for performance • All 3rd party add-ons are not created equal! • Software/code optimization can only go so far – hardware can help • Dedicated database and web servers may be needed
Side Effects of Good Performance • Faster sites are stickier – Wikia.com’s re-architecting found: • ~15% exit rate for a 2 second page load • ~10% exit rate for a 1 second page load • Faster sites yield higher search engine placement • Google / Bing / Yahoo! use speed as a metric in their algorithms • You’re more ready for that OMG day • Check out EE’s “Handling Extreme Traffic” page regardless • Faster doesn’t have to mean more expensive • Costs can often be lowered as a result of caching & optimization • Remember shopzilla.com?
On to Security! (Make hackers sad)
Security Step #1 – Secure the Environment
Environment Security • Practice least-privilege in all aspects of the environment • Use a firewall (and actually configure it) • Use an intrusion prevention system (and actually configure it) • Mod_security works well! • Applies matching vs. URL requests to thwart many attacks • Choose correct file permissions • 600 for PHP/configuration files(if able) • 700 for directories (yep, if able) • Use HTTPS • Lean on your hosting provider for help (it’s their job!!!)
Security Step #2 – Secure ExpressionEngine
Basic ExpressionEngine Security • Follow the EE best practices • Keep ExpressionEngine up to date • I know, I know – easier said then done … but do it • ExpressionEngine is very secure by default (but really, keep it updated) • Keep PHP up to date (or patched) • Keep add-ons up to date • Add-ons are often forgotten as a source of vulnerability • Restrict admin access • Limit by IP and/or by renaming admin.php • Rename the system directory • Create unique user accounts (i.e. don’t share!)
Security Step #3 – Secure Your Workflow
Basic Security • Password security • Passwords do not necessarily need to be complex • PillowCarpetTelevision32  24 characters!! • Don’t reuse passwords on other sites • I hate this slogan but… • The most secure password is the one you don’t remember • Use Lastpass or something like it. • Use 2-factor authentication if available • Use a secure means to publish • Avoid FTP! • Ensure backups exist (and are recent) • Trust but verify your hosting arrangements
Performance and Security are NOT Spectator Sports! (do your best!)
Questions?

Recomendados

WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 stk_jj
 
Nexcess Magento Imagine 2014 Performance Breakout
Nexcess Magento Imagine 2014 Performance BreakoutNexcess Magento Imagine 2014 Performance Breakout
Nexcess Magento Imagine 2014 Performance BreakoutNexcess.net LLC
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!WordCamp Cape Town
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
Best practices-wordpress-enterprise
Best practices-wordpress-enterpriseBest practices-wordpress-enterprise
Best practices-wordpress-enterpriseTaylor Lovett
 
BTV PHP - Building Fast Websites
BTV PHP - Building Fast WebsitesBTV PHP - Building Fast Websites
BTV PHP - Building Fast WebsitesJonathan Klein
 
About Caching
About CachingAbout Caching
About CachingWeng Wei
 

Recomendados

WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 stk_jj
 
Nexcess Magento Imagine 2014 Performance Breakout
Nexcess Magento Imagine 2014 Performance BreakoutNexcess Magento Imagine 2014 Performance Breakout
Nexcess Magento Imagine 2014 Performance BreakoutNexcess.net LLC
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!WordCamp Cape Town
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
Best practices-wordpress-enterprise
Best practices-wordpress-enterpriseBest practices-wordpress-enterprise
Best practices-wordpress-enterpriseTaylor Lovett
 
BTV PHP - Building Fast Websites
BTV PHP - Building Fast WebsitesBTV PHP - Building Fast Websites
BTV PHP - Building Fast WebsitesJonathan Klein
 
About Caching
About CachingAbout Caching
About CachingWeng Wei
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPressvnsavage
 
Keep Applications Online
Keep Applications OnlineKeep Applications Online
Keep Applications OnlineColdFusionConference
 
Magento security best practices 2015
Magento security best practices 2015Magento security best practices 2015
Magento security best practices 2015Philippe Humeau
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...ColdFusionConference
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)WordCamp Cape Town
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Adam Dunford
 
Scaling and Managing Selenium Grid
Scaling and Managing Selenium GridScaling and Managing Selenium Grid
Scaling and Managing Selenium Griddimakovalenko
 
Magento performance & optimisation best practices
Magento performance & optimisation best practicesMagento performance & optimisation best practices
Magento performance & optimisation best practicesPhilippe Humeau
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSiteGround.com
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windowsruslany
 
Joomla Extreme Performance
Joomla Extreme PerformanceJoomla Extreme Performance
Joomla Extreme PerformanceMitch Pirtle
 
2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpressshendison
 
CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011Graham Weldon
 
High-Performance Magento in the Cloud
High-Performance Magento in the CloudHigh-Performance Magento in the Cloud
High-Performance Magento in the CloudAOE
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015ColdFusionConference
 
WAG the Blog
WAG the BlogWAG the Blog
WAG the BlogEvan Volgas
 
Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Edem Kumodzi
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in BerlinTobias Zander
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsAlessandro Pilotti
 
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...Nexcess.net LLC
 
Northeast PHP - High Performance PHP
Northeast PHP - High Performance PHPNortheast PHP - High Performance PHP
Northeast PHP - High Performance PHPJonathan Klein
 

Más contenido relacionado

La actualidad más candente

High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPressvnsavage
 
Magento security best practices 2015
Magento security best practices 2015Magento security best practices 2015
Magento security best practices 2015Philippe Humeau
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...ColdFusionConference
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)WordCamp Cape Town
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Adam Dunford
 
Scaling and Managing Selenium Grid
Scaling and Managing Selenium GridScaling and Managing Selenium Grid
Scaling and Managing Selenium Griddimakovalenko
 
Magento performance & optimisation best practices
Magento performance & optimisation best practicesMagento performance & optimisation best practices
Magento performance & optimisation best practicesPhilippe Humeau
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSiteGround.com
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windowsruslany
 
Joomla Extreme Performance
Joomla Extreme PerformanceJoomla Extreme Performance
Joomla Extreme PerformanceMitch Pirtle
 
2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpressshendison
 
CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011Graham Weldon
 
High-Performance Magento in the Cloud
High-Performance Magento in the CloudHigh-Performance Magento in the Cloud
High-Performance Magento in the CloudAOE
 
Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Edem Kumodzi
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in BerlinTobias Zander
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsAlessandro Pilotti
 

La actualidad más candente (20)

High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPress
 
Keep Applications Online
Keep Applications OnlineKeep Applications Online
Keep Applications Online
 
Magento security best practices 2015
Magento security best practices 2015Magento security best practices 2015
Magento security best practices 2015
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
 
Scaling and Managing Selenium Grid
Scaling and Managing Selenium GridScaling and Managing Selenium Grid
Scaling and Managing Selenium Grid
 
Magento performance & optimisation best practices
Magento performance & optimisation best practicesMagento performance & optimisation best practices
Magento performance & optimisation best practices
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla Website
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windows
 
Joomla Extreme Performance
Joomla Extreme PerformanceJoomla Extreme Performance
Joomla Extreme Performance
 
2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress
 
CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011
 
High-Performance Magento in the Cloud
High-Performance Magento in the CloudHigh-Performance Magento in the Cloud
High-Performance Magento in the Cloud
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015
 
WAG the Blog
WAG the BlogWAG the Blog
WAG the Blog
 
Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014)
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance Optimizations
 

Similar a ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)

MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...Nexcess.net LLC
 
Northeast PHP - High Performance PHP
Northeast PHP - High Performance PHPNortheast PHP - High Performance PHP
Northeast PHP - High Performance PHPJonathan Klein
 
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...Nexcess.net LLC
 
Magento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security SessionMagento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security SessionNexcess.net LLC
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsTaylor Lovett
 
Best Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseBest Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseTaylor Lovett
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on SteroidsSiteGround.com
 
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...Sencha
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsAchievers Tech
 
SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017Speedment, Inc.
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesMalin Weiss
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSpeedment, Inc.
 
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to FerrariSite Performance - From Pinto to Ferrari
Site Performance - From Pinto to FerrariJoseph Scott
 
20130714 php matsuri - highly available php
20130714 php matsuri - highly available php20130714 php matsuri - highly available php
20130714 php matsuri - highly available phpGraham Weldon
 
Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Brian Ritchie
 
Tuning Your SharePoint Environment
Tuning Your SharePoint EnvironmentTuning Your SharePoint Environment
Tuning Your SharePoint Environmentvmaximiuk
 
They why behind php frameworks
They why behind php frameworksThey why behind php frameworks
They why behind php frameworksKirk Madera
 

Similar a ExpressionEngine - Simple Steps to Performance and Security (EECI 2014) (20)

MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
 
Northeast PHP - High Performance PHP
Northeast PHP - High Performance PHPNortheast PHP - High Performance PHP
Northeast PHP - High Performance PHP
 
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
 
Magento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security SessionMagento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security Session
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress Applications
 
Top ten-list
Top ten-listTop ten-list
Top ten-list
 
Best Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseBest Practices for WordPress in Enterprise
Best Practices for WordPress in Enterprise
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on Steroids
 
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
 
SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
 
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to FerrariSite Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
 
20130714 php matsuri - highly available php
20130714 php matsuri - highly available php20130714 php matsuri - highly available php
20130714 php matsuri - highly available php
 
Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011
 
Tuning Your SharePoint Environment
Tuning Your SharePoint EnvironmentTuning Your SharePoint Environment
Tuning Your SharePoint Environment
 
Securing applications
Securing applicationsSecuring applications
Securing applications
 
They why behind php frameworks
They why behind php frameworksThey why behind php frameworks
They why behind php frameworks
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
 

Último

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 

Último (20)

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 

ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)

  • 1. ExpressionEngine | EECI Simple Steps to Performance and Security CHRIS WELLS – CEO – NEXCESS.NET LLC
  • 2. Detroit, MI USA WEST SOUTH NORTH MID-WEST??? NORTH-EAST NORTH? NORTH-CENTRAL? MIDDLE?
  • 3. Quick Facts About Michigan • Michigan has the longest fresh water shoreline in the U.S. (world?) at 3,126 miles. • Four flags have flown over Michigan: • French • English • Spanish • USA • Michigan is split into an “upper” and “lower” peninsula • The upper is dubbed the “U.P.” • Detroit had the 1st mile of concrete road laid in 1909 • Detroit is the potato chip capital of the world • Based on consumption 
  • 4. Today’s Topics • Why performance / security? • A few simple performance steps • A few simple security steps
  • 5. Why Care About Performance / Security?
  • 6. They Affect Your Bottom Line DIRECTLY (even if you think you don’t have one)
  • 7. Example Performance Wins • Firefox browser website noted: • Slow page loaders downloaded the browser less often • 1 second of increased page load performance increased downloads by 2.7%. • Shopzilla.com • Had page load times of ~7 second • Optimized to yield a 5 second decrease in page load time (7 -> 2 sec) • 25% increase in page views • 7 – 12% increase in revenue • 50% decrease in hardware costs! • Google tested a page 1 with 30 entries instead of 10 and got: • 20% less clicks 
  • 8. Performance Step #1 – Tune the Environment
  • 9. Tune the Environment •What • About • PHP???
  • 10. PHP Choices • ExpressionEngine supports a variety of PHP versions (5.3.10+) • So… Isn’t PHP just PHP? • NO! • PHP 5.4 is a good deal faster than 5.3 • Empty hash table optimizations • Literal tables • Interned strings • Zend Engine VM tuning • But what does this mean for ExpressionEngine?
  • 12. PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 ~550 t/sec
  • 13. PHP 5.3.24 vs. PHP 5.4.28 PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.28 ~615 t/sec (~12% increase!!)
  • 14. PHP 5.3.24 vs. PHP 5.4.28/.14 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.14 PHP 5.4.28 Even upgrading from 5.4.14 shows gains of ~4%
  • 15. Let’s Push Things a Little Further...
  • 16. PHP 5.4.28 vs. PHP 5.5.12 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.4.28 PHP 5.5.12 ~781 t/sec ~25% better than 5.4 ~41% better than 5.3 WOW 
  • 17. Notes On PHP 5.5.x+ • APC goes out • OPcache is introduced • OPcache is the name of the bundled ZendOptimizer+ opcode caching system • Seems to work out of the box without too much fuss • More research is needed here – was very surprised with the performance results • For developers PHP 5.5+ adds: • “finally” • Finally!! New password hashing API • The empty() built-in now supports arbitrary expressions
  • 18. Let’s Push Things a Little Further…
  • 19. PHP 5.5.12 vs. PHP 5.6.0-BETA 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.5.12 PHP 5.6.0 (BETA 2)  Essentially equal within margin of error
  • 21. PHP 5.5.12 vs. PHP-NG • We couldn’t get it running in a stable manner 
  • 22. Notes on PHP-NG • Removes numerous heap allocations (and de-allocations) • Stores more native data directly on the stack • Removes the need to garbage collect basic primitives (bool, long, etc) • PHP’s reported Wordpress benchmarks show very good results • 26.75 sec -> 14.10 sec (~48% improvement) • 9.5M instructions -> 3.4M internal instructions executed (HUGE reduction) • Take some comfort in knowing that more gains are on the way from PHP folks directly
  • 23. Short story: use PHP 5.4+, 5.5 if you’re able
  • 24. Performance Step #2 – Tune ExpressionEngine
  • 25. Basic ExpressionEngine Tuning • Out of the box ExpressionEngine performs! • Cache Cache Cache! Ensure you use all available caching • Tag caching • Template caching • Dynamic channel query caching • Query disabling • Use in-memory caching if at all possible (CE Cache, memcache) • See our whitepaper for an in-depth look at caching options • Use a CDN
  • 26. We’re Performing! Now What? • Performance is not a one-time activity (monitor often) • The 80/20 rule is a good guide (Pareto’s Principle) • “…roughly 80% of the effects come from 20% of the causes…” • Make performance part of your design/development process • Choose add-ons based on a performance SLA • Make sure your developers understand how to design/code for performance • All 3rd party add-ons are not created equal! • Software/code optimization can only go so far – hardware can help • Dedicated database and web servers may be needed
  • 27. Side Effects of Good Performance • Faster sites are stickier – Wikia.com’s re-architecting found: • ~15% exit rate for a 2 second page load • ~10% exit rate for a 1 second page load • Faster sites yield higher search engine placement • Google / Bing / Yahoo! use speed as a metric in their algorithms • You’re more ready for that OMG day • Check out EE’s “Handling Extreme Traffic” page regardless • Faster doesn’t have to mean more expensive • Costs can often be lowered as a result of caching & optimization • Remember shopzilla.com?
  • 28. On to Security! (Make hackers sad)
  • 29. Security Step #1 – Secure the Environment
  • 30. Environment Security • Practice least-privilege in all aspects of the environment • Use a firewall (and actually configure it) • Use an intrusion prevention system (and actually configure it) • Mod_security works well! • Applies matching vs. URL requests to thwart many attacks • Choose correct file permissions • 600 for PHP/configuration files(if able) • 700 for directories (yep, if able) • Use HTTPS • Lean on your hosting provider for help (it’s their job!!!)
  • 31. Security Step #2 – Secure ExpressionEngine
  • 32. Basic ExpressionEngine Security • Follow the EE best practices • Keep ExpressionEngine up to date • I know, I know – easier said then done … but do it • ExpressionEngine is very secure by default (but really, keep it updated) • Keep PHP up to date (or patched) • Keep add-ons up to date • Add-ons are often forgotten as a source of vulnerability • Restrict admin access • Limit by IP and/or by renaming admin.php • Rename the system directory • Create unique user accounts (i.e. don’t share!)
  • 33. Security Step #3 – Secure Your Workflow
  • 34. Basic Security • Password security • Passwords do not necessarily need to be complex • PillowCarpetTelevision32  24 characters!! • Don’t reuse passwords on other sites • I hate this slogan but… • The most secure password is the one you don’t remember • Use Lastpass or something like it. • Use 2-factor authentication if available • Use a secure means to publish • Avoid FTP! • Ensure backups exist (and are recent) • Trust but verify your hosting arrangements
  • 35. Performance and Security are NOT Spectator Sports! (do your best!)

Notas del editor

  1. ----- Meeting Notes (5/13/14 09:46) ----- Mid-2013 5.5.x released
  2. ----- Meeting Notes (5/13/14 09:46) ----- Alternative PHP cache