SlideShare a Scribd company logo

ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)

Download as pptx, pdf
N
Nexcess.net LLC

This document discusses steps website administrators can take to improve the performance and security of websites built with ExpressionEngine. It begins by demonstrating through benchmarks how upgrading to newer versions of PHP can significantly improve performance. It then provides recommendations for optimizing ExpressionEngine settings and plugins, and using caching, CDNs and hardware. For security, it advises keeping software updated, restricting access, using firewalls and HTTPS, and securely managing user accounts and publishing workflows. The overall message is that ongoing performance and security efforts can directly benefit websites and should be made part of the development process.

1 of 36
Downloaded 11 times
ExpressionEngine | EECI Simple Steps to Performance and Security CHRIS WELLS – CEO – NEXCESS.NET LLC
Detroit, MI USA WEST SOUTH NORTH MID-WEST??? NORTH-EAST NORTH? NORTH-CENTRAL? MIDDLE?
Quick Facts About Michigan • Michigan has the longest fresh water shoreline in the U.S. (world?) at 3,126 miles. • Four flags have flown over Michigan: • French • English • Spanish • USA • Michigan is split into an “upper” and “lower” peninsula • The upper is dubbed the “U.P.” • Detroit had the 1st mile of concrete road laid in 1909 • Detroit is the potato chip capital of the world • Based on consumption 
Today’s Topics • Why performance / security? • A few simple performance steps • A few simple security steps
Why Care About Performance / Security?
They Affect Your Bottom Line DIRECTLY (even if you think you don’t have one)
Example Performance Wins • Firefox browser website noted: • Slow page loaders downloaded the browser less often • 1 second of increased page load performance increased downloads by 2.7%. • Shopzilla.com • Had page load times of ~7 second • Optimized to yield a 5 second decrease in page load time (7 -> 2 sec) • 25% increase in page views • 7 – 12% increase in revenue • 50% decrease in hardware costs! • Google tested a page 1 with 30 entries instead of 10 and got: • 20% less clicks 
Performance Step #1 – Tune the Environment
Tune the Environment •What • About • PHP???
PHP Choices • ExpressionEngine supports a variety of PHP versions (5.3.10+) • So… Isn’t PHP just PHP? • NO! • PHP 5.4 is a good deal faster than 5.3 • Empty hash table optimizations • Literal tables • Interned strings • Zend Engine VM tuning • But what does this mean for ExpressionEngine?
Benchmarking PHP
PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 ~550 t/sec
PHP 5.3.24 vs. PHP 5.4.28 PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.28 ~615 t/sec (~12% increase!!)
PHP 5.3.24 vs. PHP 5.4.28/.14 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.14 PHP 5.4.28 Even upgrading from 5.4.14 shows gains of ~4%
Let’s Push Things a Little Further...
PHP 5.4.28 vs. PHP 5.5.12 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.4.28 PHP 5.5.12 ~781 t/sec ~25% better than 5.4 ~41% better than 5.3 WOW 
Notes On PHP 5.5.x+ • APC goes out • OPcache is introduced • OPcache is the name of the bundled ZendOptimizer+ opcode caching system • Seems to work out of the box without too much fuss • More research is needed here – was very surprised with the performance results • For developers PHP 5.5+ adds: • “finally” • Finally!! New password hashing API • The empty() built-in now supports arbitrary expressions
Let’s Push Things a Little Further…
PHP 5.5.12 vs. PHP 5.6.0-BETA 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.5.12 PHP 5.6.0 (BETA 2)  Essentially equal within margin of error
Let’s…
PHP 5.5.12 vs. PHP-NG • We couldn’t get it running in a stable manner 
Notes on PHP-NG • Removes numerous heap allocations (and de-allocations) • Stores more native data directly on the stack • Removes the need to garbage collect basic primitives (bool, long, etc) • PHP’s reported Wordpress benchmarks show very good results • 26.75 sec -> 14.10 sec (~48% improvement) • 9.5M instructions -> 3.4M internal instructions executed (HUGE reduction) • Take some comfort in knowing that more gains are on the way from PHP folks directly
Short story: use PHP 5.4+, 5.5 if you’re able
Performance Step #2 – Tune ExpressionEngine
Basic ExpressionEngine Tuning • Out of the box ExpressionEngine performs! • Cache Cache Cache! Ensure you use all available caching • Tag caching • Template caching • Dynamic channel query caching • Query disabling • Use in-memory caching if at all possible (CE Cache, memcache) • See our whitepaper for an in-depth look at caching options • Use a CDN
We’re Performing! Now What? • Performance is not a one-time activity (monitor often) • The 80/20 rule is a good guide (Pareto’s Principle) • “…roughly 80% of the effects come from 20% of the causes…” • Make performance part of your design/development process • Choose add-ons based on a performance SLA • Make sure your developers understand how to design/code for performance • All 3rd party add-ons are not created equal! • Software/code optimization can only go so far – hardware can help • Dedicated database and web servers may be needed
Side Effects of Good Performance • Faster sites are stickier – Wikia.com’s re-architecting found: • ~15% exit rate for a 2 second page load • ~10% exit rate for a 1 second page load • Faster sites yield higher search engine placement • Google / Bing / Yahoo! use speed as a metric in their algorithms • You’re more ready for that OMG day • Check out EE’s “Handling Extreme Traffic” page regardless • Faster doesn’t have to mean more expensive • Costs can often be lowered as a result of caching & optimization • Remember shopzilla.com?
On to Security! (Make hackers sad)
Security Step #1 – Secure the Environment
Environment Security • Practice least-privilege in all aspects of the environment • Use a firewall (and actually configure it) • Use an intrusion prevention system (and actually configure it) • Mod_security works well! • Applies matching vs. URL requests to thwart many attacks • Choose correct file permissions • 600 for PHP/configuration files(if able) • 700 for directories (yep, if able) • Use HTTPS • Lean on your hosting provider for help (it’s their job!!!)
Security Step #2 – Secure ExpressionEngine
Basic ExpressionEngine Security • Follow the EE best practices • Keep ExpressionEngine up to date • I know, I know – easier said then done … but do it • ExpressionEngine is very secure by default (but really, keep it updated) • Keep PHP up to date (or patched) • Keep add-ons up to date • Add-ons are often forgotten as a source of vulnerability • Restrict admin access • Limit by IP and/or by renaming admin.php • Rename the system directory • Create unique user accounts (i.e. don’t share!)
Security Step #3 – Secure Your Workflow
Basic Security • Password security • Passwords do not necessarily need to be complex • PillowCarpetTelevision32  24 characters!! • Don’t reuse passwords on other sites • I hate this slogan but… • The most secure password is the one you don’t remember • Use Lastpass or something like it. • Use 2-factor authentication if available • Use a secure means to publish • Avoid FTP! • Ensure backups exist (and are recent) • Trust but verify your hosting arrangements
Performance and Security are NOT Spectator Sports! (do your best!)
Questions?

Recommended

WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020
stk_jj
 
Nexcess Magento Imagine 2014 Performance Breakout
Nexcess Magento Imagine 2014 Performance BreakoutNexcess Magento Imagine 2014 Performance Breakout
Nexcess Magento Imagine 2014 Performance Breakout
Nexcess.net LLC
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
William Earnhardt
 
Best practices-wordpress-enterprise
Best practices-wordpress-enterpriseBest practices-wordpress-enterprise
Best practices-wordpress-enterprise
Taylor Lovett
 
BTV PHP - Building Fast Websites
BTV PHP - Building Fast WebsitesBTV PHP - Building Fast Websites
BTV PHP - Building Fast Websites
Jonathan Klein
 
About Caching
About CachingAbout Caching
About Caching
Weng Wei
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPress
vnsavage
 
Keep Applications Online
Keep Applications OnlineKeep Applications Online
Keep Applications Online
ColdFusionConference
 
Magento security best practices 2015
Magento security best practices 2015Magento security best practices 2015
Magento security best practices 2015
Philippe Humeau
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
ColdFusionConference
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)
WordCamp Cape Town
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Adam Dunford
 
Scaling and Managing Selenium Grid
Scaling and Managing Selenium GridScaling and Managing Selenium Grid
Scaling and Managing Selenium Grid
dimakovalenko
 
Magento performance & optimisation best practices
Magento performance & optimisation best practicesMagento performance & optimisation best practices
Magento performance & optimisation best practices
Philippe Humeau
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla Website
SiteGround.com
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windows
ruslany
 
Joomla Extreme Performance
Joomla Extreme PerformanceJoomla Extreme Performance
Joomla Extreme Performance
Mitch Pirtle
 
2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress
shendison
 
CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011
Graham Weldon
 
High-Performance Magento in the Cloud
High-Performance Magento in the CloudHigh-Performance Magento in the Cloud
High-Performance Magento in the Cloud
AOE
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015
ColdFusionConference
 
WAG the Blog
WAG the BlogWAG the Blog
WAG the Blog
Evan Volgas
 
Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014)
Edem Kumodzi
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
Tobias Zander
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance Optimizations
Alessandro Pilotti
 
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
Nexcess.net LLC
 
Northeast PHP - High Performance PHP
Northeast PHP - High Performance PHPNortheast PHP - High Performance PHP
Northeast PHP - High Performance PHP
Jonathan Klein
 

More Related Content

What's hot (20)

High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPress
vnsavage
 
Keep Applications Online
Keep Applications OnlineKeep Applications Online
Keep Applications Online
ColdFusionConference
 
Magento security best practices 2015
Magento security best practices 2015Magento security best practices 2015
Magento security best practices 2015
Philippe Humeau
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
ColdFusionConference
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)
WordCamp Cape Town
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Adam Dunford
 
Scaling and Managing Selenium Grid
Scaling and Managing Selenium GridScaling and Managing Selenium Grid
Scaling and Managing Selenium Grid
dimakovalenko
 
Magento performance & optimisation best practices
Magento performance & optimisation best practicesMagento performance & optimisation best practices
Magento performance & optimisation best practices
Philippe Humeau
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla Website
SiteGround.com
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windows
ruslany
 
Joomla Extreme Performance
Joomla Extreme PerformanceJoomla Extreme Performance
Joomla Extreme Performance
Mitch Pirtle
 
2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress
shendison
 
CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011
Graham Weldon
 
High-Performance Magento in the Cloud
High-Performance Magento in the CloudHigh-Performance Magento in the Cloud
High-Performance Magento in the Cloud
AOE
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015
ColdFusionConference
 
WAG the Blog
WAG the BlogWAG the Blog
WAG the Blog
Evan Volgas
 
Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014)
Edem Kumodzi
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
Tobias Zander
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance Optimizations
Alessandro Pilotti
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPress
vnsavage
 
Keep Applications Online
Keep Applications OnlineKeep Applications Online
Keep Applications Online
ColdFusionConference
 
Magento security best practices 2015
Magento security best practices 2015Magento security best practices 2015
Magento security best practices 2015
Philippe Humeau
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
ColdFusionConference
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)
WordCamp Cape Town
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Adam Dunford
 
Scaling and Managing Selenium Grid
Scaling and Managing Selenium GridScaling and Managing Selenium Grid
Scaling and Managing Selenium Grid
dimakovalenko
 
Magento performance & optimisation best practices
Magento performance & optimisation best practicesMagento performance & optimisation best practices
Magento performance & optimisation best practices
Philippe Humeau
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla Website
SiteGround.com
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windows
ruslany
 
Joomla Extreme Performance
Joomla Extreme PerformanceJoomla Extreme Performance
Joomla Extreme Performance
Mitch Pirtle
 
2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress
shendison
 
CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011CakePHP 2.0 - PHP Matsuri 2011
CakePHP 2.0 - PHP Matsuri 2011
Graham Weldon
 
High-Performance Magento in the Cloud
High-Performance Magento in the CloudHigh-Performance Magento in the Cloud
High-Performance Magento in the Cloud
AOE
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015
ColdFusionConference
 
WAG the Blog
WAG the BlogWAG the Blog
WAG the Blog
Evan Volgas
 
Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014) Introduction to Django (GDays 2014)
Introduction to Django (GDays 2014)
Edem Kumodzi
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
Tobias Zander
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance Optimizations
Alessandro Pilotti
 

Similar to ExpressionEngine - Simple Steps to Performance and Security (EECI 2014) (20)

MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
Nexcess.net LLC
 
Northeast PHP - High Performance PHP
Northeast PHP - High Performance PHPNortheast PHP - High Performance PHP
Northeast PHP - High Performance PHP
Jonathan Klein
 
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
Nexcess.net LLC
 
Magento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security SessionMagento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security Session
Nexcess.net LLC
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress Applications
Taylor Lovett
 
Top ten-list
Top ten-listTop ten-list
Top ten-list
Brian DeShong
 
Best Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseBest Practices for WordPress in Enterprise
Best Practices for WordPress in Enterprise
Taylor Lovett
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on Steroids
SiteGround.com
 
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
Sencha
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
Achievers Tech
 
SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017
Speedment, Inc.
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
Malin Weiss
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
Speedment, Inc.
 
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to FerrariSite Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
Joseph Scott
 
20130714 php matsuri - highly available php
20130714 php matsuri - highly available php20130714 php matsuri - highly available php
20130714 php matsuri - highly available php
Graham Weldon
 
Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011
Brian Ritchie
 
Tuning Your SharePoint Environment
Tuning Your SharePoint EnvironmentTuning Your SharePoint Environment
Tuning Your SharePoint Environment
vmaximiuk
 
Securing applications
Securing applicationsSecuring applications
Securing applications
ColdFusionConference
 
They why behind php frameworks
They why behind php frameworksThey why behind php frameworks
They why behind php frameworks
Kirk Madera
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
Joram Salinas
 
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
Nexcess.net LLC
 
Northeast PHP - High Performance PHP
Northeast PHP - High Performance PHPNortheast PHP - High Performance PHP
Northeast PHP - High Performance PHP
Jonathan Klein
 
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
EECI 2013 - ExpressionEngine Performance & Optimization - Laying a Solid Foun...
Nexcess.net LLC
 
Magento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security SessionMagento Live UK Nexcess Performance & Security Session
Magento Live UK Nexcess Performance & Security Session
Nexcess.net LLC
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress Applications
Taylor Lovett
 
Top ten-list
Top ten-listTop ten-list
Top ten-list
Brian DeShong
 
Best Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseBest Practices for WordPress in Enterprise
Best Practices for WordPress in Enterprise
Taylor Lovett
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on Steroids
SiteGround.com
 
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
SenchaCon 2016: How to Auto Generate a Back-end in Minutes - Per Minborg, Emi...
Sencha
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
Achievers Tech
 
SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017SenchaCon Roadshow Irvine 2017
SenchaCon Roadshow Irvine 2017
Speedment, Inc.
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
Malin Weiss
 
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in MinutesSenchaCon 2016 - How to Auto Generate a Back-end in Minutes
SenchaCon 2016 - How to Auto Generate a Back-end in Minutes
Speedment, Inc.
 
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to FerrariSite Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
Joseph Scott
 
20130714 php matsuri - highly available php
20130714 php matsuri - highly available php20130714 php matsuri - highly available php
20130714 php matsuri - highly available php
Graham Weldon
 
Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011
Brian Ritchie
 
Tuning Your SharePoint Environment
Tuning Your SharePoint EnvironmentTuning Your SharePoint Environment
Tuning Your SharePoint Environment
vmaximiuk
 
Securing applications
Securing applicationsSecuring applications
Securing applications
ColdFusionConference
 
They why behind php frameworks
They why behind php frameworksThey why behind php frameworks
They why behind php frameworks
Kirk Madera
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
Joram Salinas
 

Recently uploaded (20)

Adobe Media Encoder Crack FREE Download 2025
Adobe Media Encoder Crack FREE Download 2025Adobe Media Encoder Crack FREE Download 2025
Adobe Media Encoder Crack FREE Download 2025
zafranwaqar90
 
Why Tapitag Ranks Among the Best Digital Business Card Providers
Why Tapitag Ranks Among the Best Digital Business Card ProvidersWhy Tapitag Ranks Among the Best Digital Business Card Providers
Why Tapitag Ranks Among the Best Digital Business Card Providers
Tapitag
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
!%& IDM Crack with Internet Download Manager 6.42 Build 32 >
!%& IDM Crack with Internet Download Manager 6.42 Build 32 >!%& IDM Crack with Internet Download Manager 6.42 Build 32 >
!%& IDM Crack with Internet Download Manager 6.42 Build 32 >
Ranking Google
 
Buy vs. Build: Unlocking the right path for your training tech
Buy vs. Build: Unlocking the right path for your training techBuy vs. Build: Unlocking the right path for your training tech
Buy vs. Build: Unlocking the right path for your training tech
Rustici Software
 
Sequence Diagrams With Pictures (1).pptx
Sequence Diagrams With Pictures (1).pptxSequence Diagrams With Pictures (1).pptx
Sequence Diagrams With Pictures (1).pptx
aashrithakondapalli8
 
Robotic Process Automation (RPA) Software Development Services.pptx
Robotic Process Automation (RPA) Software Development Services.pptxRobotic Process Automation (RPA) Software Development Services.pptx
Robotic Process Automation (RPA) Software Development Services.pptx
julia smits
 
Mobile Application Developer Dubai | Custom App Solutions by Ajath
Mobile Application Developer Dubai | Custom App Solutions by AjathMobile Application Developer Dubai | Custom App Solutions by Ajath
Mobile Application Developer Dubai | Custom App Solutions by Ajath
Ajath Infotech Technologies LLC
 
Beyond the code. Complexity - 2025.05 - SwiftCraft
Beyond the code. Complexity - 2025.05 - SwiftCraftBeyond the code. Complexity - 2025.05 - SwiftCraft
Beyond the code. Complexity - 2025.05 - SwiftCraft
Dmitrii Ivanov
 
Gojek Clone App for Multi-Service Business
Gojek Clone App for Multi-Service BusinessGojek Clone App for Multi-Service Business
Gojek Clone App for Multi-Service Business
XongoLab Technologies LLP
 
Programs as Values - Write code and don't get lost
Programs as Values - Write code and don't get lostPrograms as Values - Write code and don't get lost
Programs as Values - Write code and don't get lost
Pierangelo Cecchetto
 
How I solved production issues with OpenTelemetry
How I solved production issues with OpenTelemetryHow I solved production issues with OpenTelemetry
How I solved production issues with OpenTelemetry
Cees Bos
 
Best HR and Payroll Software in Bangladesh - accordHRM
Best HR and Payroll Software in Bangladesh - accordHRMBest HR and Payroll Software in Bangladesh - accordHRM
Best HR and Payroll Software in Bangladesh - accordHRM
accordHRM
 
Adobe InDesign Crack FREE Download 2025 link
Adobe InDesign Crack FREE Download 2025 linkAdobe InDesign Crack FREE Download 2025 link
Adobe InDesign Crack FREE Download 2025 link
mahmadzubair09
 
Artificial hand using embedded system.pptx
Artificial hand using embedded system.pptxArtificial hand using embedded system.pptx
Artificial hand using embedded system.pptx
bhoomigowda12345
 
Troubleshooting JVM Outages – 3 Fortune 500 case studies
Troubleshooting JVM Outages – 3 Fortune 500 case studiesTroubleshooting JVM Outages – 3 Fortune 500 case studies
Troubleshooting JVM Outages – 3 Fortune 500 case studies
Tier1 app
 
sequencediagrams.pptx software Engineering
sequencediagrams.pptx software Engineeringsequencediagrams.pptx software Engineering
sequencediagrams.pptx software Engineering
aashrithakondapalli8
 
Serato DJ Pro Crack Latest Version 2025??
Serato DJ Pro Crack Latest Version 2025??Serato DJ Pro Crack Latest Version 2025??
Serato DJ Pro Crack Latest Version 2025??
Web Designer
 
Autodesk Inventor Crack (2025) Latest
Autodesk Inventor Crack (2025) LatestAutodesk Inventor Crack (2025) Latest
Autodesk Inventor Crack (2025) Latest
Google
 
GDS SYSTEM | GLOBAL DISTRIBUTION SYSTEM
GDS SYSTEM | GLOBAL DISTRIBUTION SYSTEMGDS SYSTEM | GLOBAL DISTRIBUTION SYSTEM
GDS SYSTEM | GLOBAL DISTRIBUTION SYSTEM
philipnathen82
 
Adobe Media Encoder Crack FREE Download 2025
Adobe Media Encoder Crack FREE Download 2025Adobe Media Encoder Crack FREE Download 2025
Adobe Media Encoder Crack FREE Download 2025
zafranwaqar90
 
Why Tapitag Ranks Among the Best Digital Business Card Providers
Why Tapitag Ranks Among the Best Digital Business Card ProvidersWhy Tapitag Ranks Among the Best Digital Business Card Providers
Why Tapitag Ranks Among the Best Digital Business Card Providers
Tapitag
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
!%& IDM Crack with Internet Download Manager 6.42 Build 32 >
!%& IDM Crack with Internet Download Manager 6.42 Build 32 >!%& IDM Crack with Internet Download Manager 6.42 Build 32 >
!%& IDM Crack with Internet Download Manager 6.42 Build 32 >
Ranking Google
 
Buy vs. Build: Unlocking the right path for your training tech
Buy vs. Build: Unlocking the right path for your training techBuy vs. Build: Unlocking the right path for your training tech
Buy vs. Build: Unlocking the right path for your training tech
Rustici Software
 
Sequence Diagrams With Pictures (1).pptx
Sequence Diagrams With Pictures (1).pptxSequence Diagrams With Pictures (1).pptx
Sequence Diagrams With Pictures (1).pptx
aashrithakondapalli8
 
Robotic Process Automation (RPA) Software Development Services.pptx
Robotic Process Automation (RPA) Software Development Services.pptxRobotic Process Automation (RPA) Software Development Services.pptx
Robotic Process Automation (RPA) Software Development Services.pptx
julia smits
 
Mobile Application Developer Dubai | Custom App Solutions by Ajath
Mobile Application Developer Dubai | Custom App Solutions by AjathMobile Application Developer Dubai | Custom App Solutions by Ajath
Mobile Application Developer Dubai | Custom App Solutions by Ajath
Ajath Infotech Technologies LLC
 
Beyond the code. Complexity - 2025.05 - SwiftCraft
Beyond the code. Complexity - 2025.05 - SwiftCraftBeyond the code. Complexity - 2025.05 - SwiftCraft
Beyond the code. Complexity - 2025.05 - SwiftCraft
Dmitrii Ivanov
 
Gojek Clone App for Multi-Service Business
Gojek Clone App for Multi-Service BusinessGojek Clone App for Multi-Service Business
Gojek Clone App for Multi-Service Business
XongoLab Technologies LLP
 
Programs as Values - Write code and don't get lost
Programs as Values - Write code and don't get lostPrograms as Values - Write code and don't get lost
Programs as Values - Write code and don't get lost
Pierangelo Cecchetto
 
How I solved production issues with OpenTelemetry
How I solved production issues with OpenTelemetryHow I solved production issues with OpenTelemetry
How I solved production issues with OpenTelemetry
Cees Bos
 
Best HR and Payroll Software in Bangladesh - accordHRM
Best HR and Payroll Software in Bangladesh - accordHRMBest HR and Payroll Software in Bangladesh - accordHRM
Best HR and Payroll Software in Bangladesh - accordHRM
accordHRM
 
Adobe InDesign Crack FREE Download 2025 link
Adobe InDesign Crack FREE Download 2025 linkAdobe InDesign Crack FREE Download 2025 link
Adobe InDesign Crack FREE Download 2025 link
mahmadzubair09
 
Artificial hand using embedded system.pptx
Artificial hand using embedded system.pptxArtificial hand using embedded system.pptx
Artificial hand using embedded system.pptx
bhoomigowda12345
 
Troubleshooting JVM Outages – 3 Fortune 500 case studies
Troubleshooting JVM Outages – 3 Fortune 500 case studiesTroubleshooting JVM Outages – 3 Fortune 500 case studies
Troubleshooting JVM Outages – 3 Fortune 500 case studies
Tier1 app
 
sequencediagrams.pptx software Engineering
sequencediagrams.pptx software Engineeringsequencediagrams.pptx software Engineering
sequencediagrams.pptx software Engineering
aashrithakondapalli8
 
Serato DJ Pro Crack Latest Version 2025??
Serato DJ Pro Crack Latest Version 2025??Serato DJ Pro Crack Latest Version 2025??
Serato DJ Pro Crack Latest Version 2025??
Web Designer
 
Autodesk Inventor Crack (2025) Latest
Autodesk Inventor Crack (2025) LatestAutodesk Inventor Crack (2025) Latest
Autodesk Inventor Crack (2025) Latest
Google
 
GDS SYSTEM | GLOBAL DISTRIBUTION SYSTEM
GDS SYSTEM | GLOBAL DISTRIBUTION SYSTEMGDS SYSTEM | GLOBAL DISTRIBUTION SYSTEM
GDS SYSTEM | GLOBAL DISTRIBUTION SYSTEM
philipnathen82
 

ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)

  • 1. ExpressionEngine | EECI Simple Steps to Performance and Security CHRIS WELLS – CEO – NEXCESS.NET LLC
  • 2. Detroit, MI USA WEST SOUTH NORTH MID-WEST??? NORTH-EAST NORTH? NORTH-CENTRAL? MIDDLE?
  • 3. Quick Facts About Michigan • Michigan has the longest fresh water shoreline in the U.S. (world?) at 3,126 miles. • Four flags have flown over Michigan: • French • English • Spanish • USA • Michigan is split into an “upper” and “lower” peninsula • The upper is dubbed the “U.P.” • Detroit had the 1st mile of concrete road laid in 1909 • Detroit is the potato chip capital of the world • Based on consumption 
  • 4. Today’s Topics • Why performance / security? • A few simple performance steps • A few simple security steps
  • 5. Why Care About Performance / Security?
  • 6. They Affect Your Bottom Line DIRECTLY (even if you think you don’t have one)
  • 7. Example Performance Wins • Firefox browser website noted: • Slow page loaders downloaded the browser less often • 1 second of increased page load performance increased downloads by 2.7%. • Shopzilla.com • Had page load times of ~7 second • Optimized to yield a 5 second decrease in page load time (7 -> 2 sec) • 25% increase in page views • 7 – 12% increase in revenue • 50% decrease in hardware costs! • Google tested a page 1 with 30 entries instead of 10 and got: • 20% less clicks 
  • 8. Performance Step #1 – Tune the Environment
  • 9. Tune the Environment •What • About • PHP???
  • 10. PHP Choices • ExpressionEngine supports a variety of PHP versions (5.3.10+) • So… Isn’t PHP just PHP? • NO! • PHP 5.4 is a good deal faster than 5.3 • Empty hash table optimizations • Literal tables • Interned strings • Zend Engine VM tuning • But what does this mean for ExpressionEngine?
  • 12. PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 ~550 t/sec
  • 13. PHP 5.3.24 vs. PHP 5.4.28 PHP 5.3.24 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.28 ~615 t/sec (~12% increase!!)
  • 14. PHP 5.3.24 vs. PHP 5.4.28/.14 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.3.24 PHP 5.4.14 PHP 5.4.28 Even upgrading from 5.4.14 shows gains of ~4%
  • 15. Let’s Push Things a Little Further...
  • 16. PHP 5.4.28 vs. PHP 5.5.12 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.4.28 PHP 5.5.12 ~781 t/sec ~25% better than 5.4 ~41% better than 5.3 WOW 
  • 17. Notes On PHP 5.5.x+ • APC goes out • OPcache is introduced • OPcache is the name of the bundled ZendOptimizer+ opcode caching system • Seems to work out of the box without too much fuss • More research is needed here – was very surprised with the performance results • For developers PHP 5.5+ adds: • “finally” • Finally!! New password hashing API • The empty() built-in now supports arbitrary expressions
  • 18. Let’s Push Things a Little Further…
  • 19. PHP 5.5.12 vs. PHP 5.6.0-BETA 800 700 600 500 400 300 200 100 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siege transac ons / second Dura on (in minutes) PHP 5.5.12 PHP 5.6.0 (BETA 2)  Essentially equal within margin of error
  • 21. PHP 5.5.12 vs. PHP-NG • We couldn’t get it running in a stable manner 
  • 22. Notes on PHP-NG • Removes numerous heap allocations (and de-allocations) • Stores more native data directly on the stack • Removes the need to garbage collect basic primitives (bool, long, etc) • PHP’s reported Wordpress benchmarks show very good results • 26.75 sec -> 14.10 sec (~48% improvement) • 9.5M instructions -> 3.4M internal instructions executed (HUGE reduction) • Take some comfort in knowing that more gains are on the way from PHP folks directly
  • 23. Short story: use PHP 5.4+, 5.5 if you’re able
  • 24. Performance Step #2 – Tune ExpressionEngine
  • 25. Basic ExpressionEngine Tuning • Out of the box ExpressionEngine performs! • Cache Cache Cache! Ensure you use all available caching • Tag caching • Template caching • Dynamic channel query caching • Query disabling • Use in-memory caching if at all possible (CE Cache, memcache) • See our whitepaper for an in-depth look at caching options • Use a CDN
  • 26. We’re Performing! Now What? • Performance is not a one-time activity (monitor often) • The 80/20 rule is a good guide (Pareto’s Principle) • “…roughly 80% of the effects come from 20% of the causes…” • Make performance part of your design/development process • Choose add-ons based on a performance SLA • Make sure your developers understand how to design/code for performance • All 3rd party add-ons are not created equal! • Software/code optimization can only go so far – hardware can help • Dedicated database and web servers may be needed
  • 27. Side Effects of Good Performance • Faster sites are stickier – Wikia.com’s re-architecting found: • ~15% exit rate for a 2 second page load • ~10% exit rate for a 1 second page load • Faster sites yield higher search engine placement • Google / Bing / Yahoo! use speed as a metric in their algorithms • You’re more ready for that OMG day • Check out EE’s “Handling Extreme Traffic” page regardless • Faster doesn’t have to mean more expensive • Costs can often be lowered as a result of caching & optimization • Remember shopzilla.com?
  • 28. On to Security! (Make hackers sad)
  • 29. Security Step #1 – Secure the Environment
  • 30. Environment Security • Practice least-privilege in all aspects of the environment • Use a firewall (and actually configure it) • Use an intrusion prevention system (and actually configure it) • Mod_security works well! • Applies matching vs. URL requests to thwart many attacks • Choose correct file permissions • 600 for PHP/configuration files(if able) • 700 for directories (yep, if able) • Use HTTPS • Lean on your hosting provider for help (it’s their job!!!)
  • 31. Security Step #2 – Secure ExpressionEngine
  • 32. Basic ExpressionEngine Security • Follow the EE best practices • Keep ExpressionEngine up to date • I know, I know – easier said then done … but do it • ExpressionEngine is very secure by default (but really, keep it updated) • Keep PHP up to date (or patched) • Keep add-ons up to date • Add-ons are often forgotten as a source of vulnerability • Restrict admin access • Limit by IP and/or by renaming admin.php • Rename the system directory • Create unique user accounts (i.e. don’t share!)
  • 33. Security Step #3 – Secure Your Workflow
  • 34. Basic Security • Password security • Passwords do not necessarily need to be complex • PillowCarpetTelevision32  24 characters!! • Don’t reuse passwords on other sites • I hate this slogan but… • The most secure password is the one you don’t remember • Use Lastpass or something like it. • Use 2-factor authentication if available • Use a secure means to publish • Avoid FTP! • Ensure backups exist (and are recent) • Trust but verify your hosting arrangements
  • 35. Performance and Security are NOT Spectator Sports! (do your best!)

Editor's Notes

  • #16: ----- Meeting Notes (5/13/14 09:46) ----- Mid-2013 5.5.x released
  • #18: ----- Meeting Notes (5/13/14 09:46) ----- Alternative PHP cache
  翻译: