WordPress-Web-Setup-Boilerplate
所属分类:云数据库/云存储
开发工具:PHP
文件大小:0KB
下载次数:0
上传日期:2023-07-25 09:41:26
上 传 者:
sh-1993
说明: 用于任何WordPress Web的以安全为中心的结构样板。可能不适用于任何宿主的Opinionated功能。仅在以下情况下使用...,
(Security-focused structural boilerplate for any WordPress webs. Opinionated features that might not work with any hosting. Only use if you know what you are doing and are comfortable editing server files.)
文件列表:
.editorconfig (233, 2023-07-25)
.markdownlint.json (85, 2023-07-25)
.vscode/ (0, 2023-07-25)
.vscode/extensions.json (207, 2023-07-25)
.vscode/settings.json (925, 2023-07-25)
LICENSE.md (1077, 2023-07-25)
composer.json (234, 2023-07-25)
phpcs.xml (1088, 2023-07-25)
public_html/ (0, 2023-07-25)
public_html/config/ (0, 2023-07-25)
public_html/config/.htaccess (14, 2023-07-25)
public_html/config/domains/ (0, 2023-07-25)
public_html/config/domains/wordpress-example.php (1559, 2023-07-25)
public_html/config/global.php (2091, 2023-07-25)
public_html/wordpress-example/ (0, 2023-07-25)
public_html/wordpress-example/.htaccess (3143, 2023-07-25)
public_html/wordpress-example/.htpasswd (0, 2023-07-25)
public_html/wordpress-example/live/ (0, 2023-07-25)
public_html/wordpress-example/live/.htaccess (1258, 2023-07-25)
public_html/wordpress-example/live/robots.txt (74, 2023-07-25)
public_html/wordpress-example/live/wp-config.php (636, 2023-07-25)
public_html/wordpress-example/live/wp-content/ (0, 2023-07-25)
public_html/wordpress-example/live/wp-content/.htaccess (174, 2023-07-25)
public_html/wordpress-example/live/wp-content/uploads/ (0, 2023-07-25)
public_html/wordpress-example/live/wp-content/uploads/.htaccess (148, 2023-07-25)
public_html/wordpress-example/live/wp-includes/ (0, 2023-07-25)
public_html/wordpress-example/live/wp-includes/.htaccess (148, 2023-07-25)
teaser.png (10401, 2023-07-25)
![WordPress Web Setup Boilerplate](https://github.com/Codeconut-Ltd/WordPress-Web-Setup-Boilerplate/blob/master/teaser.png)
# WordPress Web Setup Boilerplate
Security-focused template
- [About](https://github.com/Codeconut-Ltd/WordPress-Web-Setup-Boilerplate/blob/master/#about)
- [Features](https://github.com/Codeconut-Ltd/WordPress-Web-Setup-Boilerplate/blob/master/#features)
- [How to use](https://github.com/Codeconut-Ltd/WordPress-Web-Setup-Boilerplate/blob/master/#how-to-use)
- [Todo](https://github.com/Codeconut-Ltd/WordPress-Web-Setup-Boilerplate/blob/master/#todo)
---
## About
Security-focused structural boilerplate for any WordPress webs. Opinionated features that might not work with any hosting. Only use if experienced with WordPress setup and feel comfortable editing server files.
**Intended for developers – Not end users**
### Current state
The suggested changes in this boilerplate are still up-to-date in 2020 and for current WordPress releases.
Despite some of these issues being known for several years, they have never been improved upon, and some of these are out of WordPress.
## Features
### General
- Generic config suited for multiple WordPress installations in one hosting environment.
- Subfolder setup allows deploying multiple versions and quickly switch between them to reduce outage or fallback in case of application errors.
- Here: The folder name '/live/' is an arbitrary decision for the most-recent version to reduce edit-needs within the file. One could also work with versions or dates.
- Default `robots.txt` blocks 'wp-' path indexing
- Also contains example sitemap file definition
### Performance
- Block image hotlinking (requires manual whitelisting of domains).
### Security
Secrets
- Optional: Secure `/wp-admin/` path with password from `.htpasswd`
- `wp-config` secrets moved out of web scope
- [StackExchange discussion](https://github.com/Codeconut-Ltd/WordPress-Web-Setup-Boilerplate/blob/master/https://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial)
.htaccess
- Block critical file access
- Block admin path and files access
- Block author scans from frontend
- DEV-environment specific changes, e.g. disable caching (Needs manual definition of environment)
- Secure default folders with additional files (some need manual adjustment)
## How to use
Copy the folder content in the WordPress installation.
## Breaking features
Features that potentially _might_ cause issues depending on your own needs. Feel free to disable these manually.
- `/public_html/wordpress-example/live/.htaccess`
- 'Prevent image hotlinking' - If you are using any of these platforms and _want_ to link images from your server, change or disable this. Examples: You're sharing content on Social media or within your own shop that includes images from your domain.
### Changes
Most files require manual adjustments to fit hosting and website needs. Manually check the suggested features and test with your hosting environment capabilities. Some features might not work everywhere!
#### Config
1. Check global defaults for all websites:
- `/public_html/config/global.php`
2. Check domain-specific defaults and replace 'XXX' placeholders:
- `/public_html/config/domains/*.php`
3. Adjust file + folder names - Suggestions
- Match `/config/domains/*` config file with web folder name.
- Add a random hash after it to prevent guessing other web config filenames.
### .htaccess files
1. Check the web root and `/live/` folder files:
- Replace any 'XXX' placeholders
- Update domains, paths and needed features
## Todo
- Add list of unneeded default files to be removed
- Simplify `.htaccess` redirections for WordPress
近期下载者:
相关文件:
收藏者: