50 shades of wordpress

Report

Tags:

Post on 13-May-2015

929 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

My presentation at WordCamp Raleigh 2012 entitled "50 Shades of WordPress," a conversational piece on the commercial community (products and services) and the shady happenings of which users, designers and developers should be aware.

TRANSCRIPT

50 Shadesof

WordPressWordCamp Raleigh 2012

#wcraleigh #50shadesofwp@theandystratton

The Stories.

The NaiveDesigner/Developer

Tim Was Never Safe(His PHP Vulnerability)

The Stranger

Real Problems.

Shops UsingFound Code.

Breaking Shortcodes.

Authors admitted to using code they never

reviewed.

“And to be honest we did not know that we

have a function like this in our code[...]”

“Neither do we understand what it does

right now [...]”

“We got the backbone of our WP themes [...] from some other [...] author”

“[...] and just [built] a theme on it.”

Unsecured Third-Party Code Libraries.

(Without Protection)TimThumb without proper config

Server permissions, setup, etc.

Missing Key Security Practices.

Escaping input and outputsAttributes, URLs, html

Nonces and form security

GPL Non-Adherence.Encrypted code: base64, ioncube

Requiring footer links (site shutdowns, database injections)

Use of malware tactics to advertise!

Poor Support.Freelancers

Commercial Products

(Some) Freelancers.Taking money without providing value.

Extremely late or never finish.Can’t do what they say they can.

(Some) Commercial Products.

1000 downloads, 4000 support requests.Users publicly dissatisfied on boards.

Minimal enforcement by marketplaces.

Code Compatibility.Not using Core API’s.

Turning off core actions/filters.Breaking shortcodes/plugins.

Show Me Yours.Have you experienced any shadiness?

How Do We Balance This Stuff?

Report Bugs.To WordPress Core (Trac).To products and themes.

To be fair:

If they don’t know, they can’t fix it.

Demand Support.Based on what you paid/what’s offered.

Follow their normal channels.No response? Escalate.

No Support? Be Loud.Call out on Twitter/Blog

Recommend others not to useTell your friends/clients

Referrals.For Products.

For Freelancers.Look at real world examples.Ask People. Don’t feel weird.

Referrals.For products and freelancers.Look at real world examples.Ask People. Don’t feel weird.

Do You Build Products?

Are You a Freelancer?

Do Awesome Work.

Provide Awesome Support.

Be anAwesome Experience.

You’re a User/Client/Customer?

Support Quality Products.

Support GPL Adherent Products.

Support Quality,GPL Adherent Products.

:*

top related

50 shades sponsorship deck 12 2
Marketing
50 shades of notes webinar
Real Estate
50 shades of wine
Entertainment & Humor
50 shades of black final
Documents
50 shades discussion and task kopia
Documents
youngbloods - 50 shades of data
Documents
50 shades of blue
Lifestyle
50 shades of customer engagement
Technology
50 shades of
Documents
50 shades of white
Documents
50 shades of devops
Technology
50 shades of a healthier life
Documents
50 shades of greywater booklet pdf
Documents
50 shades of smm
Social Media
more than 50 shades
Entertainment & Humor
50 shades of social media
Marketing
pcmg annual conference 2018 50 shades of outsourcing ›...
Documents
50 shades of pink
Documents
50 shades of green
Environment
50 shades of startup pr
Marketing