Download pdf - 50 Shades of WordPress

Transcript
Page 1: 50 Shades of WordPress

50 Shadesof

WordPressWordCamp Raleigh 2012

#wcraleigh #50shadesofwp@theandystratton

Page 2: 50 Shades of WordPress

The Stories.

Page 3: 50 Shades of WordPress

The NaiveDesigner/Developer

Page 4: 50 Shades of WordPress

Tim Was Never Safe(His PHP Vulnerability)

Page 5: 50 Shades of WordPress

The Stranger

Page 6: 50 Shades of WordPress

Real Problems.

Page 7: 50 Shades of WordPress

Shops UsingFound Code.

Page 8: 50 Shades of WordPress

Breaking Shortcodes.

Page 9: 50 Shades of WordPress

Authors admitted to using code they never

reviewed.

Page 10: 50 Shades of WordPress

“And to be honest we did not know that we

have a function like this in our code[...]”

Page 11: 50 Shades of WordPress

“Neither do we understand what it does

right now [...]”

Page 12: 50 Shades of WordPress

“We got the backbone of our WP themes [...] from some other [...] author”

Page 13: 50 Shades of WordPress

“[...] and just [built] a theme on it.”

Page 14: 50 Shades of WordPress

Unsecured Third-Party Code Libraries.

(Without Protection)TimThumb without proper config

Server permissions, setup, etc.

Page 15: 50 Shades of WordPress

Missing Key Security Practices.

Escaping input and outputsAttributes, URLs, html

Nonces and form security

Page 16: 50 Shades of WordPress

GPL Non-Adherence.Encrypted code: base64, ioncube

Requiring footer links (site shutdowns, database injections)

Use of malware tactics to advertise!

Page 17: 50 Shades of WordPress

Poor Support.Freelancers

Commercial Products

Page 18: 50 Shades of WordPress

(Some) Freelancers.Taking money without providing value.

Extremely late or never finish.Can’t do what they say they can.

Page 19: 50 Shades of WordPress

(Some) Commercial Products.

1000 downloads, 4000 support requests.Users publicly dissatisfied on boards.

Minimal enforcement by marketplaces.

Page 20: 50 Shades of WordPress

Code Compatibility.Not using Core API’s.

Turning off core actions/filters.Breaking shortcodes/plugins.

Page 21: 50 Shades of WordPress

Show Me Yours.Have you experienced any shadiness?

Page 22: 50 Shades of WordPress

How Do We Balance This Stuff?

Page 23: 50 Shades of WordPress

Report Bugs.To WordPress Core (Trac).To products and themes.

Page 24: 50 Shades of WordPress

To be fair:

If they don’t know, they can’t fix it.

Page 25: 50 Shades of WordPress

Demand Support.Based on what you paid/what’s offered.

Follow their normal channels.No response? Escalate.

Page 26: 50 Shades of WordPress

No Support? Be Loud.Call out on Twitter/Blog

Recommend others not to useTell your friends/clients

Page 27: 50 Shades of WordPress

Referrals.For Products.

For Freelancers.Look at real world examples.Ask People. Don’t feel weird.

Page 28: 50 Shades of WordPress

Referrals.For products and freelancers.Look at real world examples.Ask People. Don’t feel weird.

Page 29: 50 Shades of WordPress

Do You Build Products?

Are You a Freelancer?

Page 30: 50 Shades of WordPress

Do Awesome Work.

Page 31: 50 Shades of WordPress

Provide Awesome Support.

Page 32: 50 Shades of WordPress

Be anAwesome Experience.

Page 33: 50 Shades of WordPress

You’re a User/Client/Customer?

Page 34: 50 Shades of WordPress

Support Quality Products.

Page 35: 50 Shades of WordPress

Support GPL Adherent Products.

Page 36: 50 Shades of WordPress

Support Quality,GPL Adherent Products.

Page 37: 50 Shades of WordPress

:*