LoopConf: Notes from Day 1

Put an “S” on it

by Zack Tollman, https://speakerdeck.com/tollmanz

IMG_3155

Issues & Challenges

MIXED Content Issues

  • Passive
  • Active
    • insecure requests loaded on the page that can be hi-jacked
  • States (lock color in Chrome, e.g.)
    • green = OK
    • yellow = passive mixed content
    • red = not secure, active mixed content

Strategies For Migration

  1. HTTPS everywhere
    1. hi risk / hi security
  2. HTTPS somewhere
    1. low risk / low security
  3. HTTPS with HTTP (can access either)
    1. medium risk / medium security

Application Preparation

  • Basically look for ALL THE THINGS that reference http -> https
  • Keep old http sitemap for short period, update new https sitemap (SEO recovered in about 4-6 weeks)

Content Security Policy

  • Response header telling the browser what can/can’t be loaded
default-src: https:;
upgrade-insecure-requests
report-uri https://report-domain.com/receive

report-uri allows you to notify when violation occurs (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri)

Web Performance: Measure Like You Mean It

by Joseph Scott

Treat performance complaints like bug reports

Process

  • Set a goal (SMART)
  • Always measure before & after
  • Make one change at a time
  • Test in a controlled and consistent environment
  • Be consistent

What can I do today?

  • WebPageTest
    • Block requests
    • Single point of failure (SPOF)
    • Scripting
    • Network packet capture
  • SpeedCurve

What to measure?

Example

Goal: TTFB in < 100ms

  1. Start with ideal conditions (no throttling, etc) – this is to determine if your goal is even realistic
    1. If you can’t re-assess
  2. Keep the raw data
  3. Beware of averages, which can hide extremes/data – favor consistency

A Conscious Uncoupling: WordPress as a Headless CMS

by Krissie VandeNoord

Why Go Headless?

  • Freedom, no rules to follow (on front-end)

Going Headless with WordPress

  • WordPress installed in sub-directory
  • React in root
  • Headless theme installed

Problem: Routing

Default WP routing does not work with React

  • Configure .htaccess in root
  • React Router – dynamic routing with:
    <Route path=":page" component="{Page} />

Maintaining a usable dashboard experience

  • Disable features not being used
  • Plugins
    • ACF to REST API
    • WP REST API force SSL
    • WP Rest Api Menus

Taking the leap

  • Going headless is not the right choice for all sites
  • Still new technology, will require more hands-on maintenance

Code Review: Why It Matters

by Brad Campeau-Laurion

Why?

  • Maintain code quality
  • Boost collaboration
  • Knowledge-sharing

Tools

  • Peer Review
    • Slack integrations (review assigned, approved)
    • Github
  • Automated Testing
    • CI
    • PHPCS
  • Peer Review
    • Performance
    • Security
    • Optimization

Next Generation WordPress

by Ryan McCue

 

Resources and Reading

 

Leave a Comment

Your email address will not be published. Required fields are marked *

%d bloggers like this: