almost daniel

Access Denied: Keeping yourself off an attacker’s radar

Paul Gilzow (wpDirAuth, Presentation)

Locking down recon to reduce ability to detect (fingerprint) what’s running.

https://builtwith.com/ualr.edu
https://wpscan.org/

Counter measures

Use apache mod_authz

File protection

protect wp-content (no reason for php files to be able to be directly executed in wp-content, implicitly deny everything and whitelist things that are allowed—things that need to be downloaded as web assets for the browser)
protect wp-includes (deny everything except wp-tinymce
protect wp-admin (lock to ip ranges? except for admin-ajax.php?)
protect the root directory (lock wp-login.php to ip ranges, block xmlrpc, readme, license)

User protection

disable the redirect from ?author=# to pretty permalinks
remove permalink from author profile page output
remove user-specific class
modify WordPress’s overly informative error messages to force a default error message
USE SSO for your auth instead of local accounts!

[IDEA] use git to roll through a history of commits to incrementally show changes for a presentation

Protect yo self or wreck yo self!

Avoid security risks when using the WordPress REST API plugin (soon to be in core).

Continue reading “Protect yo self or wreck yo self!”

Speed

User expectations for page load are around 2 seconds or faster. The slower a site is, the fewer conversions and return visitors your site will have. Learn how to test, track, and increase the speed of your website.

Continue reading “Speed”

Advanced Responsive Plugins

Taking responsive design beyond CSS gives you control over your display in a content-specific way.

Continue reading “Advanced Responsive Plugins”

Baking in the SEO

Slow pages have poor SEO ratings. There are plugins that can improve site performance, and your choice of hosting provider can have the greatest impact on the speed of your site.

Continue reading “Baking in the SEO”

Customizer? I barely know ‘er!

Customizer is WordPress’s Theme Customization API and is becoming part of core soon. Very helpful to allow the global theme style to be more customizable.

Continue reading “Customizer? I barely know ‘er!”

Google[x]: Building a Moonshot Factory

Moonshots are seemingly impossible and yet impossibly-important ideas that through science and technology can be brought to reality. Google[x] is a moonshot factory full of optimists who are focused on changing the world by seeking out massive unsolved problems that — when solved — will profoundly and positively alter the way we live. You may have heard of self-driving cars and Google Glass, but here we’ll give a glimpse of the ethos, style, and people behind Google[x].

Then, from 4-6pm, come to our “Solve for X” exploration session at Bat Bar to engage in pushing forward moonshots — radical technology-based proposals for solving global problems (register at goo.gl/m0R4n and join the community at SolveforX.com).

Continue reading “Google[x]: Building a Moonshot Factory”

Why Designers Should Care About Measuring Success

“How do you know this design is better?”
This question stumbles even the most seasoned designers. Businesses are recognizing the importance of design and the competitive advantage that taking a design-led approach offers. Designers are moving up the corporate ranks and we’re now beginning to see titles like “Design Strategist,” “Design Director” and “Chief Design Officer” take hold within organizations. As designers, the decisions that we are now making carry much more weight and inherently, more risk, to the companies we serve.
This presentation proposes 3 questions that designers can ask to tease out measurement of success early in our creative processes. It will explore methods to develop concrete measurements that will enable designers to make faster decisions, create better alignment with traditional business metrics (e.g. Online conversion rate, sales per square inch), and have more courage to push creative boundaries in our work.

Continue reading “Why Designers Should Care About Measuring Success”

Building a better UX resume

The dreaded résumé. How can one love something meant to condense and cram a person’s life and career into a handful of pages? We as job hunters hate them because they never seem to sufficiently convey what we do or how we do it, and it’s usually the first impression any potential employer gets of us. Employers have a love/hate relationship with them because they do, at first, provide an apparently good abstraction of a potential hire, but it’s a thin veneer that quickly rubs away when they come face to face with an individual that barely seems to match up with that first impression.

A couple of years ago I experimented with treating my résumé as a UX project, applying user-centric principles and methodologies on myself in the hopes of landing a better job. In this session I’ll go over the process that led me to my design, discuss ‘user’ reaction to the design, and outline some ideas that can help everybody build a better résumé, UX or otherwise.

Continue reading “Building a better UX resume”

OAuth 2.0: Identity and data access

OAuth 2 is the latest version of the OAuth standard– unlocking authorized access to user data from dozens of different APIs like YouTube, Google Apps and Facebook in a way that’s easier than ever for developers. OAuth 2 can now be used via OpenID Connect to allow users to easily login and sign up with apps faster, with less developer effort.

This session will cover how web and mobile applications can take advantage of this technology to improve the experience and security of user accounts.

Continue reading “OAuth 2.0: Identity and data access”