WordCamp DC 2017

Transcript

1. None
2. None

3. 7.74 Billion USD FY17 Operating Budget

4. 7.74 Billion USD FY17 Operating Budget 24,000+ Employees

5. 7.74 Billion USD FY17 Operating Budget 24,000+ Employees IT Department

   Managed Web Hosting

6. U Penn

7. None

8. Dan Olson COO, DigitalCube @emaildano

9. Dan Olson COO, DigitalCube @emaildano I develop WordPress SaaS
 Products

   on AWS

10. Dan Olson COO, DigitalCube @emaildano I develop WordPress SaaS
 Products

    on AWS I work 100% remotely

11. Dan Olson COO, DigitalCube @emaildano I develop WordPress SaaS
 Products

    on AWS I work 100% remotely Lifelong Air-guitar Player

12. Alternative Hacks: WordPress Security from
 the Outside Looking In

13. Why Care?

14. Why Care? Client Responsibility

15. Client Responsibility Personal Responsibility Why Care?

16. Workflow

17. Old Habits Die Hard Workflow

18. Sh*t happens
 learn from your mistakes Workflow

19. Discuss a disaster plan
 ..with your clients Workflow

20. Lobby for the right fix
 not the quick fix Workflow

21. Compromise
 (but document) Workflow

22. Get a Password Manager Workflow

23. Your clients depend on you Workflow

24. Localhost 3000

25. If your data is in one place
 it’s in no

    place Localhost 3000

26. Backup efficiently
 not aggressively Localhost 3000

27. Git yourself a VCS Localhost 3000

28. The Wild West aka The Internet

29. VPN Always
 Not just for WordCamp :) The Wild West

    aka The Internet

30. VPN Always
 Not just for WordCamp :) The Wild West

    aka The Internet

31. SFTP over FTP The Wild West aka The Internet

32. Protect your data in transport The Wild West aka The

    Internet

33. SSH, SFTP, HTTPS The Wild West aka The Internet

34. Deploy

35. Again SSH or SFTP, Always Deploy

36. Automated deploys with
 Continuous Integration Tools Deploy

37. Web Hosting

38. Find the right fit Web Hosting

39. Use a Firewall to
 Limit IPs and Ports Web Hosting

40. SLAs for Clients and Providers Web Hosting

41. When in doubt follow the docs Web Hosting

42. Tinfoil Hat File Permissions Web Hosting

43. That Stack Overflow 777 person
 is not your friend Web

    Hosting

44. Put your server to work Web Hosting

45. Serve static 404s or 403s
 to keep the resources where

    they matter Web Hosting

46. Block Brute Force Attempts at
 the Server level not WordPress

    level Web Hosting

47. Go Serverless
 WordPress to Static Web Hosting

48. None

49. Web Hosting

50. WordPress Security & Plugins
 IMHO

51. Do you really need one? Yes. WordPress Security & Plugins

52. Plugins are not a cure-all WordPress Security & Plugins

53. More != Better WordPress Security & Plugins

54. Learn what they actually do
 Learn how they differ WordPress

    Security & Plugins

55. Security through obscurity
 is not security WordPress Security & Plugins

56. Hashing and MD5 Try bcrypt, scrypt, etc. WordPress Security &

    Plugins From WordPress.org “MD5 is used by default
 because it's supported on all platforms.”

57. Alternative Hacks: WordPress Security from
 the Outside Looking In