SlideShare a Scribd company logo

Ignite - selfhosting WordPress - tips and tricks

E
evilzenscientist

This document discusses the author's experience self-hosting multiple WordPress blogs over 16 years. The author details how their setup has evolved from static HTML to using WordPress with a SLES Linux backend. Key challenges discussed include keeping over a dozen blogs securely updated and patched. The author advocates for disciplined change control, testing, backups, and security practices to maintain control and flexibility while self-hosting numerous WordPress sites.

TechnologyBusiness
Related topics:
Tips and Tricks
1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Self-hosting multiple WordPress blogsMy experience, tips and tricksMartin Buckleyezs@evilzenscientist.comtwitter: @ezs
Some history and contextFirst on-line presence way back in 1993Evolution over 16 years:Static HTML  something a little more automated  bloggingAlso my extended family are in the UK/NZ – keeping the Grandparents up to date is important.
Technology evolutionWay back - ftp upload of html/content to some Unix hostSince 2000 – static IP and self hosting2000 – NetWare (!) + static content2003 – SLES 8 + Apache + static content2005 – SLES 9 + Apache + mysql + WordPress 1.52009 – virtualised web + mysql on SLES
Why self-hostingI’m a technology geek. Self hosting means live servers, a great sandbox and a real learning environment.(I also run the home infrastructure..)I get ultimate flexibility and control.Hosting elsewhere is cheaper – with the usual issues around security, platform, updates etc
Hosting for friends and familyThe ultimate scope creep.Started with the ‘family blog’ – added my ‘personal blog’ …… then added various additional blogs for family members; three blogs for friends and my sisters Cub Scout pack.Now over a dozen in total.
Understanding the ‘stack’.. And it all needs testing and patchingGallery2ThemesPlugins – ‘Core’ and ‘Per site’WordPress CoreDatabase + dataGraphics helpers for Gallery2Apache/PHP/mysql/libsSLESHardware
Old school patchingCheck on a semi-regular basis for updates to WordPress (e.g. 1.5  1.6)Download; unpack; test.Check for Linux updates on a regular basisDownload; update; test.
Patching todayPlugins seem to be updated on an almost daily basis.WordPress at last has a more regular cadence for updates; expect the flurry of point releases after a major rev.
The challengeEach blog is built of a ‘core’ set of plugins – with some specific functionality added on top. There are a couple of hand-coded modifications in place (theme and php-exec plugin)How to keep ‘secure’ and functional – without spending 20 hours a week patching..
Change control is keyDiscipline keeps things sane.Consistent core blog structureDocument changes; test the changes; deploy the changesHave a rollback/backup planPlan for major, grouped updatesMy last one was to 2.8.3Expect the short notice security fixes2.8.4!
Typical change control matrix
Test, test – test again.Something unexpected will always happen.e.g. libxml2/PHP bug – trac 7771http://core.trac.wordpress.org/ticket/7771http://www.evilzenscientist.com/blog/2009/08/05/php-xml-parsing-bug-and-a-workaround/
Backup and recoveryBackup is really important.Understand everything that needs to be archived for recovery.Mysql dump; filesystem dumpConfiguration files from serverDocumentation
BackupWeekly dump of mysql and configto offline disk.Monthly dump of photos to offline disks.Full archive every quarter.Stored in a fire safe.Looking at going back to tape to make this easier and faster.
RestoreFire/theft/hackers/malware/bad hardware.Something will eat the data.Since 2000 I have rebuilt the web servers over a dozen times – upgrade OS, moving OS, moving hardware, replacing failed hardware, upgrading hardware – all the usual reasons.Practice your data rebuild before the emergency!
SecurityHaving anything internet facing invites intruders. Everything from casual inquiries to more serious hacking and DOS attempts.At some point someone will try and hack/attack you.Be prepared.
SecurityThe basicsKeep things up to date!
Have an edge firewall and intrusion detection.
Understand your normal traffic patterns in and out
NAT helps a little

More Related Content

PDF
Security 101
Michele Butcher-Jones
 
PPTX
Word press security basics
East Bay WordPress Meetup
 
PDF
WordPress security & performance a beginners guide
Mickey Mellen
 
PPTX
Managing WordPress
Steven Watts
 
PDF
8 Ways to Hack a WordPress website
SiteGround.com
 
PPTX
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
Dan Vasile
 
PPTX
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile
 
PPTX
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Vasile
 
Security 101
Michele Butcher-Jones
 
Word press security basics
East Bay WordPress Meetup
 
WordPress security & performance a beginners guide
Mickey Mellen
 
Managing WordPress
Steven Watts
 
8 Ways to Hack a WordPress website
SiteGround.com
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
Dan Vasile
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Vasile
 

What's hot (20)

PPTX
Locking down word press
Zachary Russell
 
PPTX
WordPress security for everyone
Vladimír Smitka
 
PPTX
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
PDF
Securing your WordPress site in 5 easy pieces
Kevin Koehler
 
PPTX
WordPress Plugins and Security
Think Media Inc.
 
PDF
WordPress security 101 - WP Turku Meetup 2.2.2017
Otto Kekäläinen
 
PDF
Technical SEO for WordPress - 2017 edition
Otto Kekäläinen
 
PDF
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
PDF
Testing and updating WordPress - Advanced techniques for avoiding regressions
Otto Kekäläinen
 
PDF
The moment my site got hacked - WordCamp Sofia
Marko Heijnen
 
DOCX
Wordpress best practices
Allanki Srinivas
 
PPTX
Sharedhosting and WordPress
Al Davis
 
PPTX
Open source technologies in Microsoft cloud
Alexey Bokov
 
PPTX
B wapp – bee bug – installation
Ronan Dunne, CEH, SSCP
 
PDF
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
ODP
WordPress Security - Kulpreet Singh
guest4fe370
 
PDF
Keep Your SIte Secure
Michele Butcher-Jones
 
PDF
Vagrant + Veewee : Barcampboston April 10-2011
Draco2002
 
PDF
Automate IBM Connections Installations and more
panagenda
 
PDF
Find WordPress performance bottlenecks with XDebug PHP profiling
Otto Kekäläinen
 
Locking down word press
Zachary Russell
 
WordPress security for everyone
Vladimír Smitka
 
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
Securing your WordPress site in 5 easy pieces
Kevin Koehler
 
WordPress Plugins and Security
Think Media Inc.
 
WordPress security 101 - WP Turku Meetup 2.2.2017
Otto Kekäläinen
 
Technical SEO for WordPress - 2017 edition
Otto Kekäläinen
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
Testing and updating WordPress - Advanced techniques for avoiding regressions
Otto Kekäläinen
 
The moment my site got hacked - WordCamp Sofia
Marko Heijnen
 
Wordpress best practices
Allanki Srinivas
 
Sharedhosting and WordPress
Al Davis
 
Open source technologies in Microsoft cloud
Alexey Bokov
 
B wapp – bee bug – installation
Ronan Dunne, CEH, SSCP
 
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
WordPress Security - Kulpreet Singh
guest4fe370
 
Keep Your SIte Secure
Michele Butcher-Jones
 
Vagrant + Veewee : Barcampboston April 10-2011
Draco2002
 
Automate IBM Connections Installations and more
panagenda
 
Find WordPress performance bottlenecks with XDebug PHP profiling
Otto Kekäläinen
 
Ad

Viewers also liked (20)

PPT
Stretching Your Food Dollars
American Debt Counseling Inc
 
PPTX
Blogspot
guest79964e
 
PDF
Email and Social Media 2010
Steve Kemish
 
PPT
Bio Powerpoint
guestcaffea8
 
PPTX
Victorian Era
Narvik High School College
 
PPT
Caribbean higher education seen with European eyes
Fabio Nascimbeni
 
PDF
Presentazione Touchword
alexrogora
 
PPS
Reactions And Mixtures
amr hassaan
 
PPT
Olaf Janssen on benefits of collaboration between Europeana and archives duri...
Olaf Janssen
 
PPT
Social media observations in Asia
Robin Low
 
PPTX
Id
deirdri1
 
PPT
Artistic Hub Overview
mbnxrb
 
PDF
高専カンファレンスというエコシステムの一歩先
Ryoichi SEKIGUCHI
 
PPT
Whistler Real Estate Company 2009 Sales Stats Comparison
dlinnell
 
PPTX
Id
deirdri1
 
PDF
TRG Capabilities Statement 2009
bpolzak
 
PPTX
Blogspot
guest79964e
 
PPT
Westernciv Danandtom
guest14803c
 
PDF
Sepsis Guidelines 2007
Dr. Shaheer Haider
 
PDF
Sesión 1
Saul Torres Solis
 
Stretching Your Food Dollars
American Debt Counseling Inc
 
Blogspot
guest79964e
 
Email and Social Media 2010
Steve Kemish
 
Bio Powerpoint
guestcaffea8
 
Victorian Era
Narvik High School College
 
Caribbean higher education seen with European eyes
Fabio Nascimbeni
 
Presentazione Touchword
alexrogora
 
Reactions And Mixtures
amr hassaan
 
Olaf Janssen on benefits of collaboration between Europeana and archives duri...
Olaf Janssen
 
Social media observations in Asia
Robin Low
 
Id
deirdri1
 
Artistic Hub Overview
mbnxrb
 
高専カンファレンスというエコシステムの一歩先
Ryoichi SEKIGUCHI
 
Whistler Real Estate Company 2009 Sales Stats Comparison
dlinnell
 
Id
deirdri1
 
TRG Capabilities Statement 2009
bpolzak
 
Blogspot
guest79964e
 
Westernciv Danandtom
guest14803c
 
Sepsis Guidelines 2007
Dr. Shaheer Haider
 
Sesión 1
Saul Torres Solis
 
Ad

Similar to Ignite - selfhosting WordPress - tips and tricks (20)

PDF
WordPress Setup and Security - WordCamp, Charleston 2014
Michael Carnell
 
PPTX
Speed & Uptime with Wordpress
toddhdow
 
PPT
Up and Running with WordPress - Site Shack Nashville Web Design
Judy Wilson
 
PPTX
Avoiding Errors: Troubleshoot Wordpress like a Pro!
J_Cortes
 
PPTX
Care and feeding of your website
Shawn DeWolfe
 
PPT
WordPress Security
Brad Williams
 
PPTX
WCBos13 intermediate workshop
Boston WordPress
 
PPT
WordPress Complete Tutorial
OpenSource Technologies Pvt. Ltd.
 
PPTX
Why it's not your host's fault
chadmow03
 
PDF
WordPress Intermediate Workshop
The Toolbox, Inc.
 
PDF
Word camp Raleigh 2017 - Wordpress for Beginners
Convinsys
 
PPT
Wordpress Basics
ALATechSource
 
PPT
Internet Librarian Slides
Polly Farrington
 
PPTX
WordPress Security Best Practices
Zero Point Development
 
PPTX
WordCamp RI 2015 - Beginner WordPress Workshop
Ella J Designs
 
PPT
WordPress 2.5 Overview - Rich Media Institute
Brendan Sera-Shriar
 
PPTX
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
KEY
Word Camp Ph 2009 Word Press In The Wild
rebelpixel
 
PDF
Wordpress Guide
Sunanda Bansal
 
PPTX
Your first word press site
Marc Gratch
 
WordPress Setup and Security - WordCamp, Charleston 2014
Michael Carnell
 
Speed & Uptime with Wordpress
toddhdow
 
Up and Running with WordPress - Site Shack Nashville Web Design
Judy Wilson
 
Avoiding Errors: Troubleshoot Wordpress like a Pro!
J_Cortes
 
Care and feeding of your website
Shawn DeWolfe
 
WordPress Security
Brad Williams
 
WCBos13 intermediate workshop
Boston WordPress
 
WordPress Complete Tutorial
OpenSource Technologies Pvt. Ltd.
 
Why it's not your host's fault
chadmow03
 
WordPress Intermediate Workshop
The Toolbox, Inc.
 
Word camp Raleigh 2017 - Wordpress for Beginners
Convinsys
 
Wordpress Basics
ALATechSource
 
Internet Librarian Slides
Polly Farrington
 
WordPress Security Best Practices
Zero Point Development
 
WordCamp RI 2015 - Beginner WordPress Workshop
Ella J Designs
 
WordPress 2.5 Overview - Rich Media Institute
Brendan Sera-Shriar
 
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
Word Camp Ph 2009 Word Press In The Wild
rebelpixel
 
Wordpress Guide
Sunanda Bansal
 
Your first word press site
Marc Gratch
 

Recently uploaded (20)

PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Encapsulation theory and applications.pdf
gurumoop
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Cloud computing and distributed systems.
kkkkkhan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 

Ignite - selfhosting WordPress - tips and tricks

  • 1. Self-hosting multiple WordPress blogsMy experience, tips and tricksMartin Buckleyezs@evilzenscientist.comtwitter: @ezs
  • 2. Some history and contextFirst on-line presence way back in 1993Evolution over 16 years:Static HTML  something a little more automated  bloggingAlso my extended family are in the UK/NZ – keeping the Grandparents up to date is important.
  • 3. Technology evolutionWay back - ftp upload of html/content to some Unix hostSince 2000 – static IP and self hosting2000 – NetWare (!) + static content2003 – SLES 8 + Apache + static content2005 – SLES 9 + Apache + mysql + WordPress 1.52009 – virtualised web + mysql on SLES
  • 4. Why self-hostingI’m a technology geek. Self hosting means live servers, a great sandbox and a real learning environment.(I also run the home infrastructure..)I get ultimate flexibility and control.Hosting elsewhere is cheaper – with the usual issues around security, platform, updates etc
  • 5. Hosting for friends and familyThe ultimate scope creep.Started with the ‘family blog’ – added my ‘personal blog’ …… then added various additional blogs for family members; three blogs for friends and my sisters Cub Scout pack.Now over a dozen in total.
  • 6. Understanding the ‘stack’.. And it all needs testing and patchingGallery2ThemesPlugins – ‘Core’ and ‘Per site’WordPress CoreDatabase + dataGraphics helpers for Gallery2Apache/PHP/mysql/libsSLESHardware
  • 7. Old school patchingCheck on a semi-regular basis for updates to WordPress (e.g. 1.5  1.6)Download; unpack; test.Check for Linux updates on a regular basisDownload; update; test.
  • 8. Patching todayPlugins seem to be updated on an almost daily basis.WordPress at last has a more regular cadence for updates; expect the flurry of point releases after a major rev.
  • 9. The challengeEach blog is built of a ‘core’ set of plugins – with some specific functionality added on top. There are a couple of hand-coded modifications in place (theme and php-exec plugin)How to keep ‘secure’ and functional – without spending 20 hours a week patching..
  • 10. Change control is keyDiscipline keeps things sane.Consistent core blog structureDocument changes; test the changes; deploy the changesHave a rollback/backup planPlan for major, grouped updatesMy last one was to 2.8.3Expect the short notice security fixes2.8.4!
  • 12. Test, test – test again.Something unexpected will always happen.e.g. libxml2/PHP bug – trac 7771http://core.trac.wordpress.org/ticket/7771http://www.evilzenscientist.com/blog/2009/08/05/php-xml-parsing-bug-and-a-workaround/
  • 13. Backup and recoveryBackup is really important.Understand everything that needs to be archived for recovery.Mysql dump; filesystem dumpConfiguration files from serverDocumentation
  • 14. BackupWeekly dump of mysql and configto offline disk.Monthly dump of photos to offline disks.Full archive every quarter.Stored in a fire safe.Looking at going back to tape to make this easier and faster.
  • 15. RestoreFire/theft/hackers/malware/bad hardware.Something will eat the data.Since 2000 I have rebuilt the web servers over a dozen times – upgrade OS, moving OS, moving hardware, replacing failed hardware, upgrading hardware – all the usual reasons.Practice your data rebuild before the emergency!
  • 16. SecurityHaving anything internet facing invites intruders. Everything from casual inquiries to more serious hacking and DOS attempts.At some point someone will try and hack/attack you.Be prepared.
  • 18. Have an edge firewall and intrusion detection.
  • 19. Understand your normal traffic patterns in and out
  • 20. NAT helps a little
  • 21. Don’t run your web site on your laptop/games machine/home serverSecurityThe basicsMinimise the attack profile – less is better. Turn off/don’t install unwanted modules and features.
  • 24. Have good quality passwords
  • 25. Don’t use root; have separation of priviledgesSummaryI love hosting my own WordPress – it’s been a great learning experience.Keep on top of patching and updates!Share your experiences – WordCamp and WordPress.org – the community needs us allEnjoy!
  • 26. ResourcesMicrosoft/Web – WordPresshttp://www.microsoft.com/web/gallery/WordPress.aspxMicrosoft WebsiteSparkhttp://www.microsoft.com/web/websitespark/OpenSUSEhttp://www.opensuse.org/en/OpenSUSE software search/multi distrohttp://software.opensuse.org/search