Access Denied: Keeping yourself off an attacker’s radar

Paul Gilzow (wpDirAuth, Presentation)

Locking down recon to reduce ability to detect (fingerprint) what’s running.

https://builtwith.com/ualr.edu
https://wpscan.org/

Counter measures

Use apache mod_authz

File protection

  • protect wp-content (no reason for php files to be able to be directly executed in wp-content, implicitly deny everything and whitelist things that are allowed—things that need to be downloaded as web assets for the browser)
  • protect wp-includes (deny everything except wp-tinymce
  • protect wp-admin (lock to ip ranges? except for admin-ajax.php?)
  • protect the root directory (lock wp-login.php to ip ranges, block xmlrpc, readme, license)

User protection

  • disable the redirect from ?author=# to pretty permalinks
  • remove permalink from author profile page output
  • remove user-specific class
  • modify WordPress’s overly informative error messages to force a default error message
  • USE SSO for your auth instead of local accounts!

[IDEA] use git to roll through a history of commits to incrementally show changes for a presentation

Baking in the SEO

Slow pages have poor SEO ratings. There are plugins that can improve site performance, and your choice of hosting provider can have the greatest impact on the speed of your site.

Slow pages have poor SEO ratings. There are plugins that can improve site performance, and your choice of hosting provider can have the greatest impact on the speed of your site.

Continue reading “Baking in the SEO”

The Real Responsive Process?

The web is not a fixed width. So if the medium is fluid, should the process be fixed? Fireworks and Photoshop are not flexible enough to demonstrate media queries, button and menu states, HTML5 and JavaScript behaviors, dynamic resizing of elements and navigation flow.

Diving into responsive design projects can be daunting. Old design practices are cumbersome when thinking in terms of web systems that will span a wide variety of devices and dimensions. Four industry leaders will delve into how they handle the responsive process or how they don’t. A fluid process to match the fluidity of responsive design. Bam! We’ll also explore some of recent successes and failures while establishing why a responsive process is a responsible process.

One web to rule them all?

Continue reading “The Real Responsive Process?”

Maintaining Responsive Integrity in WordPress

Mastering RWD is difficult enough, doing it with a WordPress theme and no knowledge its intended use or future content is even harder. In this talk you’ll learn how to create WordPress themes that will maintain their responsive integrity over time.

You’ll also learn how to build tools and strategies that you can implement in WordPress to give your customers and clients greater control of content. User Admins can either glorify your site or compromise it to the point it becomes unusable. Help them become masters of their own “domain”.

Jesse Friedman will utilize specific coded examples to help you understand the tools and advantages of building Responsive sites with WordPress. On top of all that Jesse will show you how he used these techniques to create dynamic web environments, while taking advantage of the user’s device and landscape.

Continue reading “Maintaining Responsive Integrity in WordPress”