I have a rather complex question involving development, deployment and security.
I have several decades of software development, alas none of it involving PHP. The most relevant language I have used is Perl, and that for over a decade. Thus, I intend to persue a number of little projects to leverage my Perl experience into mastering PHP (the first three being a plugin that supports creation of online courses comprised of a suite of lesson plugins, each of which has a pre-test, instruction delivery and post-test – this can get complex as the author will have to edit the automated questions/answers on the tests as well as the instruction delivered, including embedded controls that would display IO to/from something like R, for math instruction – at the same time, in ‘instruction delivery mode’, the students are not to have editing control but only the ability to read/view the content, interact with ancillary web apps based on R, and select answers to the questions – the second is a plugin to support creation of cartoons to illustrate a short narrative, and the third is to support participation in and viewing of cartooning contests). I say this only so you know where I am heading, but if you know of a small number of plugins you can recommend I study in order to learn how the things I would usually do are done in the PHP world, I’d appreciate hearing about them. As PHP is new to me, I have no idea what PHP developers with expertise in cyber security would do to do the same sorts of things I’d do when writing secure Perl or Java or C++ code. For this part of my question, I seek only a suggestion or two as to what would accelerate my learning of WP plugin development in PHP.
I have to set up a multisite WordPress installation in my home office. As you would expect, I will also have to set up both a staging platform and a backup system (obviously with the ability to restore from a backup, with the caveat that one should have the ability to determine the most recent backup that has not been comprised by an attacker). I have found multiple plugins that support different aspects of this, but I have not seen anything that provides insight or guidance on how to pull it all together.
My last question for this involves a request for feedback on relating the most effective means of relating WordPress security to that form of security with which I am most familiar. You see, I spent a decade working with a secure ecommerce platform that I designed and implemented myself (using mostly Perl), based on the classic site architecture involving an inner and outer firewall, used to make a DMZ and a vault. I had ONLY proxy servers in the DMZ, and these were used to scrub incoming requests (I supported ONLY https), to ensure the user is authorized that there was nothing ‘bad’ in the request package, before submitting requests into my main web application that lived only in the vault. I was able to make this so secure that only a hacker with extensive experience and a very big budget could crack it. My question to you is whether such tight security is possible with WordPress, and if so, how? In a sense, this is the most important of my questions as I am looking to relate security already available with WP to security concepts with which I am already familiar.