SlideShare uma empresa Scribd logo

Why it's dangerous to turn off automatic updates and here's how to do it

O
Onni Hakala

This was my presentation for WordCamp Helsinki 2017. It's about the default automatic updater in WordPress and how that can be enhanced using CI instead.

Internet
1 de 27
Baixar para ler offline
Why it’s dangerous to turn o automatic updates and here’s how to do it Presented by Onni Hakala 1 / 27
Automatic Updates in WordPress WordPress includes a feature for automatic updates. This is built-in feature and it's enabled by default. This delivers crucial security updates, bug fixes and new features for everyone. WordPress core developers test all changes carefully before they are released. 2 / 27
Sounds great, huh? 3 / 27
I'm asking you to disable it In order to safely implement automatic updates you need to disable automatic updates. 4 / 27
You just said that it's a great feature 5 / 27
Why would anyone ever do this? 6 / 27
Have you ever heard of a WordPress site broken by automatic updates? 7 / 27
Now it's easier to understand 8 / 27
Why We Should Update Some statistics from 2016 Out of the 11k+ infected websites we analyzed, 56% of the total WP infected websites, were still out of date. This is good, when compared to the percentage of infected sites with out of date software found in the Joomla! (84%), Magento (96%), and Drupal (81%) platforms.[1] [1] sucuri.net/website-security/website-hacked-report 9 / 27
But nobody wants to put out res all day People are still afraid that the updates will break things 10 / 27
So how should this be implemented? Warning: next slides are focused for the technical audience. 11 / 27
Create a testing pipeline This is a process which takes care of deployments 12 / 27
Steps to create pipeline 1: Store your source code in Git Create a new Git repository for your project and put all of the source code including plugins and themes there. Github, Gitlab and Bitbucket are easy to setup. 13 / 27
Steps to create pipeline 2: Disable built-in updates I admit this is scary. You can do it by adding this line into wp-config.php: <?php // Disable all automatic updates define( 'AUTOMATIC_UPDATER_DISABLED', true ); 14 / 27
Steps to create pipeline 3: Manage versions with Composer This is a package management tool for php 15 / 27
Steps to create pipeline Composer allows you to track versions of plugins, themes and core Here's an example composer.json with WordPress and Jetpack: { "require": { "php": ">=7.0", "johnpbloch/wordpress": ">=4.5.0", "wpackagist-plugin/jetpack": ">=4.7.3" } } 16 / 27
Steps to create pipeline Now you can update all the things with a single command After this you will have latest versions ready for deployment to the production $ composer update 17 / 27
Steps to create pipeline 4: Stop manually testing your updates This one is quite hard and you need to build tools which can detect if the site is not working correctly. For me this was the hardest step to take and it took long time to gain enough trust in the systems. 18 / 27
Steps to create pipeline 5: Implement tests for your site Pick any tool that feels good for you. You can start small and build more tests later. Here are some tools I have found useful: 19 / 27
Steps to create pipeline 6: Automate testing using CI Continuous Integration Service (CI) can install and test the updates 24/7. Travis CI and Drone CI are my favorites: 20 / 27
Steps to create pipeline 7: Use Your CI to deploy new code to production This depends on your setup. You could just transfer files with rsync from CI to your production server and reload the web server. I prefer using docker containers but that's a whole different topic and let's not go there today. 21 / 27
Steps to create pipeline 8: Automatically commit new versions to the source code You want to know when updates happened and you want to store all changes in the Git repository. The changes in source code will trigger new test builds and deployments in CI. You just need to make them happen somehow. 22 / 27
Steps to create pipeline This can be achieved using a simple cronjob This script can be used to download and updates your source code back to Git. #!/bin/bash # Download latest changes from central Git $ git fetch origin # Reset all changes to the master $ git reset origin/master # Update all components $ composer update # Commit changes $ git commit -am "Updated all dependencies" # Push them back to git $ git push github master 23 / 27
Steps to create pipeline 9: Keep enhancing your tests Your goal is to have good test coverage. Your site will still be broken in ways you can't imagine. Trial & Error is good approach for this. At the bare minimum you should add tests for all features which have been broken by updates so that they won't be failing again. 24 / 27
Summary of the new update ow 25 / 27
So what did we do? We replaced the default update process with a better one. 26 / 27
Thanks for listening! Come talk to me: Twitter: @koodimonni Github: @onnimonni 27 / 27

Recomendados

Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Andrea Cardinali
 
Getting Started With WordPress Plugin Development
Getting Started With WordPress Plugin DevelopmentGetting Started With WordPress Plugin Development
Getting Started With WordPress Plugin DevelopmentThomas Vitale
 
WordPress Performance optimization
WordPress Performance optimizationWordPress Performance optimization
WordPress Performance optimizationBrecht Ryckaert
 
Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temyJuraj Kiss
 
Get Started in Professional WordPress Design & Development
Get Started in Professional WordPress Design & DevelopmentGet Started in Professional WordPress Design & Development
Get Started in Professional WordPress Design & DevelopmentCliff Seal
 
WP-CLI: WordCamp Nashville 2016
WP-CLI: WordCamp Nashville 2016WP-CLI: WordCamp Nashville 2016
WP-CLI: WordCamp Nashville 2016Terell Moore
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress developmentSteve Mortiboy
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 

Recomendados

Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Andrea Cardinali
 
Getting Started With WordPress Plugin Development
Getting Started With WordPress Plugin DevelopmentGetting Started With WordPress Plugin Development
Getting Started With WordPress Plugin DevelopmentThomas Vitale
 
WordPress Performance optimization
WordPress Performance optimizationWordPress Performance optimization
WordPress Performance optimizationBrecht Ryckaert
 
Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temyJuraj Kiss
 
Get Started in Professional WordPress Design & Development
Get Started in Professional WordPress Design & DevelopmentGet Started in Professional WordPress Design & Development
Get Started in Professional WordPress Design & DevelopmentCliff Seal
 
WP-CLI: WordCamp Nashville 2016
WP-CLI: WordCamp Nashville 2016WP-CLI: WordCamp Nashville 2016
WP-CLI: WordCamp Nashville 2016Terell Moore
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress developmentSteve Mortiboy
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!Dougal Campbell
 
How I Learned to Stop Worrying and Backup WordPress
How I Learned to Stop Worrying and Backup WordPressHow I Learned to Stop Worrying and Backup WordPress
How I Learned to Stop Worrying and Backup WordPressChris Jean
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 
Using composer with WordPress
Using composer with WordPressUsing composer with WordPress
Using composer with WordPressMicah Wood
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentBrad Williams
 
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...Andrea Cardinali
 
WordPress plugin development
WordPress plugin developmentWordPress plugin development
WordPress plugin developmentLuc De Brouwer
 
CSI: WordPress -- Getting Into the Guts
CSI: WordPress -- Getting Into the GutsCSI: WordPress -- Getting Into the Guts
CSI: WordPress -- Getting Into the GutsDougal Campbell
 
Coding with jetpack
Coding with jetpackCoding with jetpack
Coding with jetpackRich Collier
 
WordPress Development with VVV, VV, and Vagrant
WordPress Development with VVV, VV, and VagrantWordPress Development with VVV, VV, and Vagrant
WordPress Development with VVV, VV, and VagrantMitch Canter
 
Write your first WordPress plugin
Write your first WordPress pluginWrite your first WordPress plugin
Write your first WordPress pluginAnthony Montalbano
 
5 Things You Shouldn't Do With A WordPress Plugin
5 Things You Shouldn't Do With A WordPress Plugin5 Things You Shouldn't Do With A WordPress Plugin
5 Things You Shouldn't Do With A WordPress PluginKelly Phillips
 
The Future Of WordPress Presentation
The Future Of WordPress PresentationThe Future Of WordPress Presentation
The Future Of WordPress PresentationDougal Campbell
 
Nürnberg WooCommerce Talk - 11/24/16
Nürnberg WooCommerce Talk - 11/24/16Nürnberg WooCommerce Talk - 11/24/16
Nürnberg WooCommerce Talk - 11/24/16tshellberg
 
Ryan Duff 2015 WordCamp US HTTP API
Ryan Duff 2015 WordCamp US HTTP APIRyan Duff 2015 WordCamp US HTTP API
Ryan Duff 2015 WordCamp US HTTP APIryanduff
 
wp-cli
wp-cliwp-cli
wp-cliMarcos Schratzenstaller
 
Making Magic with WP-CLI
Making Magic with WP-CLIMaking Magic with WP-CLI
Making Magic with WP-CLIryanduff
 
Command Line WordPress with WP-CLI
Command Line WordPress with WP-CLICommand Line WordPress with WP-CLI
Command Line WordPress with WP-CLIJames Collins
 
Command Line WordPress with WP-CLI - WordPress Perth User Group
Command Line WordPress with WP-CLI - WordPress Perth User GroupCommand Line WordPress with WP-CLI - WordPress Perth User Group
Command Line WordPress with WP-CLI - WordPress Perth User GroupJames Collins
 
How to install a local instance of WordPress
How to install a local instance of WordPressHow to install a local instance of WordPress
How to install a local instance of WordPresssomisguided
 
Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...hernanibf
 
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...Richard Johansson
 

Mais conteúdo relacionado

Mais procurados

How I Learned to Stop Worrying and Backup WordPress
How I Learned to Stop Worrying and Backup WordPressHow I Learned to Stop Worrying and Backup WordPress
How I Learned to Stop Worrying and Backup WordPressChris Jean
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 
Using composer with WordPress
Using composer with WordPressUsing composer with WordPress
Using composer with WordPressMicah Wood
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentBrad Williams
 
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...Andrea Cardinali
 
WordPress plugin development
WordPress plugin developmentWordPress plugin development
WordPress plugin developmentLuc De Brouwer
 
CSI: WordPress -- Getting Into the Guts
CSI: WordPress -- Getting Into the GutsCSI: WordPress -- Getting Into the Guts
CSI: WordPress -- Getting Into the GutsDougal Campbell
 
Coding with jetpack
Coding with jetpackCoding with jetpack
Coding with jetpackRich Collier
 
WordPress Development with VVV, VV, and Vagrant
WordPress Development with VVV, VV, and VagrantWordPress Development with VVV, VV, and Vagrant
WordPress Development with VVV, VV, and VagrantMitch Canter
 
Write your first WordPress plugin
Write your first WordPress pluginWrite your first WordPress plugin
Write your first WordPress pluginAnthony Montalbano
 
5 Things You Shouldn't Do With A WordPress Plugin
5 Things You Shouldn't Do With A WordPress Plugin5 Things You Shouldn't Do With A WordPress Plugin
5 Things You Shouldn't Do With A WordPress PluginKelly Phillips
 
The Future Of WordPress Presentation
The Future Of WordPress PresentationThe Future Of WordPress Presentation
The Future Of WordPress PresentationDougal Campbell
 
Nürnberg WooCommerce Talk - 11/24/16
Nürnberg WooCommerce Talk - 11/24/16Nürnberg WooCommerce Talk - 11/24/16
Nürnberg WooCommerce Talk - 11/24/16tshellberg
 
Ryan Duff 2015 WordCamp US HTTP API
Ryan Duff 2015 WordCamp US HTTP APIRyan Duff 2015 WordCamp US HTTP API
Ryan Duff 2015 WordCamp US HTTP APIryanduff
 
Making Magic with WP-CLI
Making Magic with WP-CLIMaking Magic with WP-CLI
Making Magic with WP-CLIryanduff
 
Command Line WordPress with WP-CLI
Command Line WordPress with WP-CLICommand Line WordPress with WP-CLI
Command Line WordPress with WP-CLIJames Collins
 
Command Line WordPress with WP-CLI - WordPress Perth User Group
Command Line WordPress with WP-CLI - WordPress Perth User GroupCommand Line WordPress with WP-CLI - WordPress Perth User Group
Command Line WordPress with WP-CLI - WordPress Perth User GroupJames Collins
 
How to install a local instance of WordPress
How to install a local instance of WordPressHow to install a local instance of WordPress
How to install a local instance of WordPresssomisguided
 

Mais procurados (20)

Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!
 
How I Learned to Stop Worrying and Backup WordPress
How I Learned to Stop Worrying and Backup WordPressHow I Learned to Stop Worrying and Backup WordPress
How I Learned to Stop Worrying and Backup WordPress
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLI
 
Using composer with WordPress
Using composer with WordPressUsing composer with WordPress
Using composer with WordPress
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin Development
 
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...
Professional WordPress Development with Vagrant - Andrea Cardinali - WordCam...
 
WordPress plugin development
WordPress plugin developmentWordPress plugin development
WordPress plugin development
 
CSI: WordPress -- Getting Into the Guts
CSI: WordPress -- Getting Into the GutsCSI: WordPress -- Getting Into the Guts
CSI: WordPress -- Getting Into the Guts
 
Coding with jetpack
Coding with jetpackCoding with jetpack
Coding with jetpack
 
WordPress Development with VVV, VV, and Vagrant
WordPress Development with VVV, VV, and VagrantWordPress Development with VVV, VV, and Vagrant
WordPress Development with VVV, VV, and Vagrant
 
Write your first WordPress plugin
Write your first WordPress pluginWrite your first WordPress plugin
Write your first WordPress plugin
 
5 Things You Shouldn't Do With A WordPress Plugin
5 Things You Shouldn't Do With A WordPress Plugin5 Things You Shouldn't Do With A WordPress Plugin
5 Things You Shouldn't Do With A WordPress Plugin
 
The Future Of WordPress Presentation
The Future Of WordPress PresentationThe Future Of WordPress Presentation
The Future Of WordPress Presentation
 
Nürnberg WooCommerce Talk - 11/24/16
Nürnberg WooCommerce Talk - 11/24/16Nürnberg WooCommerce Talk - 11/24/16
Nürnberg WooCommerce Talk - 11/24/16
 
Ryan Duff 2015 WordCamp US HTTP API
Ryan Duff 2015 WordCamp US HTTP APIRyan Duff 2015 WordCamp US HTTP API
Ryan Duff 2015 WordCamp US HTTP API
 
wp-cli
wp-cliwp-cli
wp-cli
 
Making Magic with WP-CLI
Making Magic with WP-CLIMaking Magic with WP-CLI
Making Magic with WP-CLI
 
Command Line WordPress with WP-CLI
Command Line WordPress with WP-CLICommand Line WordPress with WP-CLI
Command Line WordPress with WP-CLI
 
Command Line WordPress with WP-CLI - WordPress Perth User Group
Command Line WordPress with WP-CLI - WordPress Perth User GroupCommand Line WordPress with WP-CLI - WordPress Perth User Group
Command Line WordPress with WP-CLI - WordPress Perth User Group
 
How to install a local instance of WordPress
How to install a local instance of WordPressHow to install a local instance of WordPress
How to install a local instance of WordPress
 

Semelhante a Why it's dangerous to turn off automatic updates and here's how to do it

Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...hernanibf
 
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...Richard Johansson
 
Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!HireWPGeeks Ltd
 
Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!HireWPGeeks Ltd
 
Continuous Integration using Jenkins with Python
Continuous Integration using Jenkins with PythonContinuous Integration using Jenkins with Python
Continuous Integration using Jenkins with PythonInexture Solutions
 
Azure slots for app deployment the continuous delivery way
Azure slots for app deployment the continuous delivery wayAzure slots for app deployment the continuous delivery way
Azure slots for app deployment the continuous delivery waywale ayandiran
 
WordCamp Belfast DevOps for Beginners
WordCamp Belfast DevOps for BeginnersWordCamp Belfast DevOps for Beginners
WordCamp Belfast DevOps for BeginnersStewart Ritchie
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueRapidValue
 
Continuous Deployment of your Application @SpringOne
Continuous Deployment of your Application @SpringOneContinuous Deployment of your Application @SpringOne
Continuous Deployment of your Application @SpringOneciberkleid
 
Continuous Deployment of your Application @jSession#5
Continuous Deployment of your Application @jSession#5Continuous Deployment of your Application @jSession#5
Continuous Deployment of your Application @jSession#5Marcin Grzejszczak
 
Continous integration and delivery for single page applications
Continous integration and delivery for single page applicationsContinous integration and delivery for single page applications
Continous integration and delivery for single page applicationsSunil Dalal
 
WordPress London Developer Operations For Beginners
WordPress London Developer Operations For BeginnersWordPress London Developer Operations For Beginners
WordPress London Developer Operations For BeginnersStewart Ritchie
 
Care and feeding notes
Care and feeding notesCare and feeding notes
Care and feeding notesPerrin Harkins
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous EverythingAndrea Tino
 
Alexey Kupriyanenko "Release Early, Often, Stable"
Alexey Kupriyanenko "Release Early, Often, Stable"Alexey Kupriyanenko "Release Early, Often, Stable"
Alexey Kupriyanenko "Release Early, Often, Stable"Fwdays
 
Adrian marinica continuous integration in the visual studio world
Adrian marinica continuous integration in the visual studio worldAdrian marinica continuous integration in the visual studio world
Adrian marinica continuous integration in the visual studio worldCodecamp Romania
 
Guide to Vite JS – Modern Fron-End Development Tool
Guide to Vite JS – Modern Fron-End Development ToolGuide to Vite JS – Modern Fron-End Development Tool
Guide to Vite JS – Modern Fron-End Development ToolAlbiorix Technology
 
Agile Bodensee - Testautomation & Continuous Delivery Workshop
Agile Bodensee - Testautomation & Continuous Delivery WorkshopAgile Bodensee - Testautomation & Continuous Delivery Workshop
Agile Bodensee - Testautomation & Continuous Delivery WorkshopMichael Palotas
 
Jbossworld Presentation
Jbossworld PresentationJbossworld Presentation
Jbossworld PresentationDan Hinojosa
 
Architecture: Manual vs. Automation
Architecture: Manual vs. AutomationArchitecture: Manual vs. Automation
Architecture: Manual vs. AutomationAmazon Web Services
 

Semelhante a Why it's dangerous to turn off automatic updates and here's how to do it (20)

Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...
 
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...
How to set up an ASP.NET 5 Continuous Delivery Pipeline using IBM Bluemix Dev...
 
Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!
 
Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!Converted Website To WordPress Development Company!
Converted Website To WordPress Development Company!
 
Continuous Integration using Jenkins with Python
Continuous Integration using Jenkins with PythonContinuous Integration using Jenkins with Python
Continuous Integration using Jenkins with Python
 
Azure slots for app deployment the continuous delivery way
Azure slots for app deployment the continuous delivery wayAzure slots for app deployment the continuous delivery way
Azure slots for app deployment the continuous delivery way
 
WordCamp Belfast DevOps for Beginners
WordCamp Belfast DevOps for BeginnersWordCamp Belfast DevOps for Beginners
WordCamp Belfast DevOps for Beginners
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
 
Continuous Deployment of your Application @SpringOne
Continuous Deployment of your Application @SpringOneContinuous Deployment of your Application @SpringOne
Continuous Deployment of your Application @SpringOne
 
Continuous Deployment of your Application @jSession#5
Continuous Deployment of your Application @jSession#5Continuous Deployment of your Application @jSession#5
Continuous Deployment of your Application @jSession#5
 
Continous integration and delivery for single page applications
Continous integration and delivery for single page applicationsContinous integration and delivery for single page applications
Continous integration and delivery for single page applications
 
WordPress London Developer Operations For Beginners
WordPress London Developer Operations For BeginnersWordPress London Developer Operations For Beginners
WordPress London Developer Operations For Beginners
 
Care and feeding notes
Care and feeding notesCare and feeding notes
Care and feeding notes
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous Everything
 
Alexey Kupriyanenko "Release Early, Often, Stable"
Alexey Kupriyanenko "Release Early, Often, Stable"Alexey Kupriyanenko "Release Early, Often, Stable"
Alexey Kupriyanenko "Release Early, Often, Stable"
 
Adrian marinica continuous integration in the visual studio world
Adrian marinica continuous integration in the visual studio worldAdrian marinica continuous integration in the visual studio world
Adrian marinica continuous integration in the visual studio world
 
Guide to Vite JS – Modern Fron-End Development Tool
Guide to Vite JS – Modern Fron-End Development ToolGuide to Vite JS – Modern Fron-End Development Tool
Guide to Vite JS – Modern Fron-End Development Tool
 
Agile Bodensee - Testautomation & Continuous Delivery Workshop
Agile Bodensee - Testautomation & Continuous Delivery WorkshopAgile Bodensee - Testautomation & Continuous Delivery Workshop
Agile Bodensee - Testautomation & Continuous Delivery Workshop
 
Jbossworld Presentation
Jbossworld PresentationJbossworld Presentation
Jbossworld Presentation
 
Architecture: Manual vs. Automation
Architecture: Manual vs. AutomationArchitecture: Manual vs. Automation
Architecture: Manual vs. Automation
 

Último

20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...kumargunjan9515
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...meghakumariji156
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 

Último (20)

20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 

Why it's dangerous to turn off automatic updates and here's how to do it

  • 1. Why it’s dangerous to turn o automatic updates and here’s how to do it Presented by Onni Hakala 1 / 27
  • 2. Automatic Updates in WordPress WordPress includes a feature for automatic updates. This is built-in feature and it's enabled by default. This delivers crucial security updates, bug fixes and new features for everyone. WordPress core developers test all changes carefully before they are released. 2 / 27
  • 4. I'm asking you to disable it In order to safely implement automatic updates you need to disable automatic updates. 4 / 27
  • 5. You just said that it's a great feature 5 / 27
  • 6. Why would anyone ever do this? 6 / 27
  • 7. Have you ever heard of a WordPress site broken by automatic updates? 7 / 27
  • 8. Now it's easier to understand 8 / 27
  • 9. Why We Should Update Some statistics from 2016 Out of the 11k+ infected websites we analyzed, 56% of the total WP infected websites, were still out of date. This is good, when compared to the percentage of infected sites with out of date software found in the Joomla! (84%), Magento (96%), and Drupal (81%) platforms.[1] [1] sucuri.net/website-security/website-hacked-report 9 / 27
  • 10. But nobody wants to put out res all day People are still afraid that the updates will break things 10 / 27
  • 11. So how should this be implemented? Warning: next slides are focused for the technical audience. 11 / 27
  • 12. Create a testing pipeline This is a process which takes care of deployments 12 / 27
  • 13. Steps to create pipeline 1: Store your source code in Git Create a new Git repository for your project and put all of the source code including plugins and themes there. Github, Gitlab and Bitbucket are easy to setup. 13 / 27
  • 14. Steps to create pipeline 2: Disable built-in updates I admit this is scary. You can do it by adding this line into wp-config.php: <?php // Disable all automatic updates define( 'AUTOMATIC_UPDATER_DISABLED', true ); 14 / 27
  • 15. Steps to create pipeline 3: Manage versions with Composer This is a package management tool for php 15 / 27
  • 16. Steps to create pipeline Composer allows you to track versions of plugins, themes and core Here's an example composer.json with WordPress and Jetpack: { "require": { "php": ">=7.0", "johnpbloch/wordpress": ">=4.5.0", "wpackagist-plugin/jetpack": ">=4.7.3" } } 16 / 27
  • 17. Steps to create pipeline Now you can update all the things with a single command After this you will have latest versions ready for deployment to the production $ composer update 17 / 27
  • 18. Steps to create pipeline 4: Stop manually testing your updates This one is quite hard and you need to build tools which can detect if the site is not working correctly. For me this was the hardest step to take and it took long time to gain enough trust in the systems. 18 / 27
  • 19. Steps to create pipeline 5: Implement tests for your site Pick any tool that feels good for you. You can start small and build more tests later. Here are some tools I have found useful: 19 / 27
  • 20. Steps to create pipeline 6: Automate testing using CI Continuous Integration Service (CI) can install and test the updates 24/7. Travis CI and Drone CI are my favorites: 20 / 27
  • 21. Steps to create pipeline 7: Use Your CI to deploy new code to production This depends on your setup. You could just transfer files with rsync from CI to your production server and reload the web server. I prefer using docker containers but that's a whole different topic and let's not go there today. 21 / 27
  • 22. Steps to create pipeline 8: Automatically commit new versions to the source code You want to know when updates happened and you want to store all changes in the Git repository. The changes in source code will trigger new test builds and deployments in CI. You just need to make them happen somehow. 22 / 27
  • 23. Steps to create pipeline This can be achieved using a simple cronjob This script can be used to download and updates your source code back to Git. #!/bin/bash # Download latest changes from central Git $ git fetch origin # Reset all changes to the master $ git reset origin/master # Update all components $ composer update # Commit changes $ git commit -am "Updated all dependencies" # Push them back to git $ git push github master 23 / 27
  • 24. Steps to create pipeline 9: Keep enhancing your tests Your goal is to have good test coverage. Your site will still be broken in ways you can't imagine. Trial & Error is good approach for this. At the bare minimum you should add tests for all features which have been broken by updates so that they won't be failing again. 24 / 27
  • 25. Summary of the new update ow 25 / 27
  • 26. So what did we do? We replaced the default update process with a better one. 26 / 27
  • 27. Thanks for listening! Come talk to me: Twitter: @koodimonni Github: @onnimonni 27 / 27