Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
101
Introduction to
WordPress
Footer
Footer
Footer
Requirements and
Installation
To run WordPress we recommend your host supports:
PHP Version 5.6 or greater
MySQL version 5.6 or greater
Host can be LAMP, WAMP or MAMP
Following 5 steps to install wordpress.
Download wordpress from wordpress.org
Upload the wordpress file to webserver.
Create a MYSQL database and user.
Configure Wordpress to connect to database.
Run the wordpress installation script.
Footer
Installation
Process
10
11
12
13
14
15
WordPress Themes
16
17
18
19
20
Is WordPress MVC?
21
WordPress as MVC
Module
Custom post types (beyond the pages and posts, you can create your own types of
objects)
View
Wordpress Themes
HTML5
iOS app
Android app
Controllers (are made of)
Functions.php
Hooks
22
Views talk to the Controllers via AJAX/ WP Rest APIs
GenerateWP (to create custom post types, helps you extend wordpress
functionalities)
Post Type Generator (a Tool, just write name of post type with all properties it
should have)
https://wordpress.org/plugins/wp-mvc/
Theme Development
23
Theme Development
What makes a WordPress theme?
HTML,CSS, PHP, JS, Assets
Geneis framework
Stragzer
Clean box pro
How does WP theme work?
At least index.php and style.css
header.php, sidebar.php, functions.php, footer.php
Approaches
Starting from scratch
Editing an existing themes like twenty eleven to catch box
Parent and child
Theme framework
Starter theme
24
Theme Development
Starting from scratch:
Time consuming and difficult approach
Preferred by freelancers and web agencies
Not recommended for theme shops
why reinvent wheel?
e.g. simple catch pro, bossip (transient APIs, 109 million page views/ month)
Editing an existing themes like twenty eleven to catch box
Preferred by Freelancers and newbies
Fast turnaround and Fast editing
Learn standard codes
Only need time to search for the best theme
Update available: only edits are gone?
Be careful while editing an existing theme
Change text domain style.css
folder name/ theme slug to match the text domain
25
Theme Development
Parent and Child
Similar to editing existing theme but safer
Take any child theme ready theme
Child functions and files will overwrite parent
EDIN, Goran
Your design/functions are similar to the parent there
Secured and fast development
Always select the best parent
Theme framework
Similar to parent and child theme
Its more advanced and difficult to learn
Its code library and Can-do attitude theme
e.g. Genesis framework, Hybrid theme
Preferred by experienced and dev and a few theme shops
Might have issues, if framework theme releases major changes
26
Theme Development
Starter theme
Independent theme and not a parent theme
Toolbox for theme development
Savetime "A 1000 hour head start"
For Everyone
Used and recommended by lot of theme shops
Starter themes are evolving and its difficult to track
(Bones, Underscores)
Components
Its a booster starter theme
Forked form Underscores (developed by underscores)
27
Risks? Security!
28
OWASP TOP 10
Protection
A1 Injection
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is
sent to an interpreter as part of a command or query. The attackers hostile data
can trick the interpreter into executing unintended commands or accessing data
without proper authorization.
A2 Broken Authentication & Session Management
Application functions for authentication and session management not implemented
correctly
Allowing attackers to compromise passwords, keys, or session tokens, or to exploit
other implementation flaws to assume other users identities.
A3 Cross Site Scripting (XSS)
29
Application takes untrusted data and sends it to a browser without proper
validation or escaping.
Allows attackers to execute scripts in the browser which can hijack user sessions,
deface web sites, or redirect the user to malicious sites.
A4 Insecure Direct Object References
When a developer exposes a reference to an internal implementation object. file,
directory, or DB key.
OWASP TOP 10
Protection
A5 Security Misconfiguration
Requires having a secure configuration defined and deployed for the application,
frameworks, application server, web server, database server, and platform.
Secure settings should be defined, implemented, and maintained, as defaults are
often insecure.
Software should be kept up to date.
A6 Sensitive Data Exposure
Do not properly protect sensitive data, such as credit cards, tax IDs, and
authentication credentials.
Attackers may steal or modify such weakly protected data to conduct credit card
fraud, identity theft, or other crimes. Sensitive data deserves extra protection such
30
as encryption at rest or in transit, as well as special precautions when exchanged
with the browser.
A7 Missing Function Level Access Control
Most web applications verify function level access rights before making that
functionality visible in UI.
However, applications need to perform the same access control checks on the
server when each function is accessed.
OWASP TOP 10
Protection
A8 Cross Site Request Forgery (CSRF)
Forces a logged-on victims browser to send a forged HTTP request, including the
victims session cookie and any other automatically included authentication
information, to a vulnerable web application.
Attacker forces browser to generate requests the vulnerable application thinks are
legitimate requests from the victim.
A9 Using Known Vulnerable Components
Components, such as libraries, frameworks, and other software modules, almost
always run with full privileges. If a vulnerable component is exploited, such an
attack can facilitate serious data loss or server takeover. Applications using
components with known vulnerabilities may undermine application defenses and
31
enable a range of possible attacks and impacts.
A10 Unvalidated Redirects and Forwards
Web applications frequently redirect and forward users to other pages and
websites, and use untrusted data to determine the destination pages. Without
proper validation, attackers can redirect victims to phishing or malware sites, or
use forwards to access unauthorized pages.
CERT: Computer Emergency Response Team with the Concern of the Mass
About Codal
Codal is a UX design and development agency with a focus on
blending an Agile process with the latest emerging technologies.
Based in the heart of Chicago, we have a knack for bringing out the
best in every brand that we work with, worldwide. Our clientele has
ranged from small business to enterprise, but our philosophy has
always remained the same: to empower brand visibility and deliver
the most elegant web and mobile solutions possible.
32
Thank You!