Access Denied: Keeping yourself off an attacker’s radar

Paul Gilzow (wpDirAuth, Presentation)

Locking down recon to reduce ability to detect (fingerprint) what’s running.

https://builtwith.com/ualr.edu
https://wpscan.org/

Counter measures

Use apache mod_authz

File protection

  • protect wp-content (no reason for php files to be able to be directly executed in wp-content, implicitly deny everything and whitelist things that are allowed—things that need to be downloaded as web assets for the browser)
  • protect wp-includes (deny everything except wp-tinymce
  • protect wp-admin (lock to ip ranges? except for admin-ajax.php?)
  • protect the root directory (lock wp-login.php to ip ranges, block xmlrpc, readme, license)

User protection

  • disable the redirect from ?author=# to pretty permalinks
  • remove permalink from author profile page output
  • remove user-specific class
  • modify WordPress’s overly informative error messages to force a default error message
  • USE SSO for your auth instead of local accounts!

[IDEA] use git to roll through a history of commits to incrementally show changes for a presentation

Baking in the SEO

Slow pages have poor SEO ratings. There are plugins that can improve site performance, and your choice of hosting provider can have the greatest impact on the speed of your site.

Slow pages have poor SEO ratings. There are plugins that can improve site performance, and your choice of hosting provider can have the greatest impact on the speed of your site.

Continue reading “Baking in the SEO”

The Real Responsive Process?

The web is not a fixed width. So if the medium is fluid, should the process be fixed? Fireworks and Photoshop are not flexible enough to demonstrate media queries, button and menu states, HTML5 and JavaScript behaviors, dynamic resizing of elements and navigation flow.

Diving into responsive design projects can be daunting. Old design practices are cumbersome when thinking in terms of web systems that will span a wide variety of devices and dimensions. Four industry leaders will delve into how they handle the responsive process or how they don’t. A fluid process to match the fluidity of responsive design. Bam! We’ll also explore some of recent successes and failures while establishing why a responsive process is a responsible process.

One web to rule them all?

Continue reading “The Real Responsive Process?”