Security and Performance - Italian WordPress Conference
-
Upload
maurizio-pelizzone -
Category
Technology
-
view
1.022 -
download
1
description
Transcript of Security and Performance - Italian WordPress Conference
![Page 1: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/1.jpg)
ITALIAN WORDPRESS CONFERENCE 2012
16th June 2012Turin - Italy
![Page 2: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/2.jpg)
WORDPRESS
SECURITY AND PERFORMANCE
ITALIAN WORDPRESS CONFERENCE 2012
![Page 3: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/3.jpg)
Happy Birthday!!! #WPCON2012
About me
37 years oldBorn in Turin (Italy)Co-Founder mavida.comWordPress Lover
http://maurizio.mavida.comhttp://www.linkedin.com/in/mauriziopelizzone
![Page 4: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/4.jpg)
#WPCON2012
SECURITY
![Page 5: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/5.jpg)
#WPCON2012
Protect wp-login.php
HTACCESS
![Page 6: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/6.jpg)
HTACCESS #WPCON2012
<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^my-login wp-login.php?loginkey=HR5SKG&redirect_to=
http://%{SERVER_NAME}/wp-admin/index.php [L]
RewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-adminRewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-login\.phpRewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/my-loginRewriteCond %{QUERY_STRING} !^loginkey=HR5SKGRewriteCond %{QUERY_STRING} !^action=logoutRewriteCond %{REQUEST_METHOD} !POSTRewriteRule ^wp-login\.php http://%{SERVER_NAME}/? [R,L]
RewriteCond %{QUERY_STRING} ^loggedout=true RewriteRule . http://%{SERVER_NAME}/? [L]
</IfModule>
![Page 7: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/7.jpg)
#WPCON2012
Deny .php execution
HTACCESS
![Page 8: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/8.jpg)
HTACCESS #WPCON2012
Order Allow,DenyDeny from all<Files ~ "\.(xls|doc|rtf|pdf|zip|rar|mp3|flv|swf|png|gif|jpg|js|css)$">
Allow from all</Files>
## manage exception#<Files filename.php># Allow from all#</Files>
![Page 9: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/9.jpg)
#WPCON2012
CHANGE DIRECTORY STRUCTURE
![Page 10: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/10.jpg)
#WPCON2012WP-CONFIG.PHP
Rename wp-content
define( 'WP_CONTENT_DIR', dirname( __FILE__ ) . '/asset' );define( 'WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/asset' );
![Page 11: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/11.jpg)
#WPCON2012WP-ADMIN –> MEDIA
Change Upload Directory
![Page 12: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/12.jpg)
#WPCON2012WP-CONFIG.PHP + INDEX.PHP
Move WordPress Core
/* * add to wp-config.php * /define( 'WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME'] . '/wordpress-core/');define( 'WP_HOME', 'http://' . $_SERVER['SERVER_NAME']);
/* * change in index.php */define('WP_USE_THEMES', true);require('./wordpress-core/wp-blog-header.php');
![Page 13: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/13.jpg)
#WPCON2012MY CUSTOM STRUCTURE
![Page 14: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/14.jpg)
#WPCON2012
BLACKHOLE
![Page 15: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/15.jpg)
BLACKHOLE #WPCON2012
http://perishablepress.com/blackhole-bad-bots/
![Page 16: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/16.jpg)
#WPCON2012HTACCESS
RULES FOR BLACKHOLE
RewriteEngine On RewriteBase / RewriteRule ^(admin|wp-admin|wp-content)$ blackhole/ [L] RewriteRule ^(phpinfo|phpmyadmin)$ blackhole/ [L]
![Page 17: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/17.jpg)
#WPCON2012PLUGIN
BLACKHOLE PLUGIN<?php/*Plugin Name: blackholePlugin URI: http://maurizio.mavida.com/Description: blackholeLicense: GPLVersion: 0.1Author: Maurizio PelizzoneAuthor URI: http://maurizio.mavida.com
*/
if (!is_admin()){include($_SERVER['DOCUMENT_ROOT'] . "/blackhole/blackhole.php"); }
![Page 18: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/18.jpg)
#WPCON2012
FILE MONITOR
![Page 19: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/19.jpg)
#WPCON2012FILEMONITOR PLUGIN
![Page 20: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/20.jpg)
#WPCON2012
AVOID FTP
![Page 21: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/21.jpg)
#WPCON2012
PERFORMACE
![Page 22: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/22.jpg)
TITLE #WPCON2012
CACHE(storing cached data in the database)
![Page 23: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/23.jpg)
#WPCON2012CACHE
TRANSIENT APIhttp://codex.wordpress.org/Transients_API
$posts = get_transient( $transient_name );
if (!$posts) {wp_reset_query();$the_query = new WP_Query(); $the_query->query( $args );
$posts = $the_query->posts;set_transient( $transient_name , $posts , $transient_expiration );
}
![Page 24: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/24.jpg)
#WPCON2012CACHE
![Page 25: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/25.jpg)
PLUGINS #WPCON2012
PLUGINS(less is better)
![Page 26: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/26.jpg)
#WPCON2012PLUGINS
![Page 27: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/27.jpg)
MINIFICATION #WPCON2012
js/css MINIFICATION
![Page 28: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/28.jpg)
MINIFICATION #WPCON2012
![Page 29: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/29.jpg)
CDN #WPCON2012
CLOUDFLARE CDN(as Reverse Proxy)
![Page 30: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/30.jpg)
CDN #WPCON2012
![Page 31: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/31.jpg)
TITLE #WPCON2012
SERVER TUNINGVARNISH
NGINXAPC
memcached
expire
deflate
MySqlTuner
![Page 32: Security and Performance - Italian WordPress Conference](https://reader035.fdocuments.in/reader035/viewer/2022081602/554bd9d2b4c905ac708b5259/html5/thumbnails/32.jpg)
#WPCON2012
?