I am currently working on a wordpress site, and the folders are just such a mess, that I want to clean them up and make it a bit more bearable to look at. The site uses multiple plugins, and the main site is in a folder inside the httpdocs folder, which makes me wonder if the plugins will cause any problems by moving the site to the root.
Anyone that knows the answer to this?
Wordpress uses a standard structure for plugins and themes. While these may be overwritten, it is not recommended to do so.
If you really wanna do so, you could take a look at this https://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content_folder for reference, and move it around. Remember that the plugin may use wordpress hooks and filters for adding their own CSS/JS, and thus moving the folder out of the web-directory will make these unavailable, and break the plugin functionality.
Related
I have a server with hundreds of websites they all have the WordPress files however we only need the important files for example, wp-config, theme, plugins.
I'm looking to run something to clear all WordPress files.
What's my best solution?
If you're looking to eliminate double files. Stick one wp setup in a folder somewhere and symlink the rest per site.
That way every site gets everything but the specific files such as wo-config.php and /wp-content/ and such from your one copy.
I'm working on developing my first Wordpress theme. As of now, I've just been coding the files, zipping my theme folder, and then uploading and activating the theme in my Wordpress Dashboard to test it.
However, this has become quite tedious, as I basically have to:
1) code a bit of my theme, zip into folder
2) deactivate/remove old version of theme in Wordpress dashboard
3) upload new version of theme, and activate
4) repeat...
I'd like to install Wordpress locally, but I don't quite understand how to do that yet, and I'm not familiar setting up a local webserver.
SO... rather than do it the tedious way that I have been, is it OK to just make sure my theme is activated, and then edit my files and overwrite/upload them to the wp themes folder over FTP using Filezilla?
I'm guessing it'd be considered bad practice, but for the time being would this work well enough until I learn a better way?
That's definitely okay.
You can modify the files locally and then upload the changes using FTP. Make sure you have backups so if you accidentally FTP the wrong changes you can easily revert them.
Yes you can absolutely download the uncompressed theme and modify and put it back using ftp.
Also, some themes support whats called a child theme. This allows you to override the theme with your changes, without changing the original source code. Which in turn gives you a better upgrade path from the original theme provider when they have updates.
I have actually had some weird formatting issues with WP after manually editing files, where they would no longer run, so I try to avoid it. But I have bad luck that time.
Just wondering about best practices around shared code between WordPress plugins.
I'm thinking of creating a core plugin that has all of the shared setup and
functions used in the other plugins.
I realize I could probably combine all of the plugins into one big one,
but prefer separate, smaller plugins for agility.
So, how do i include common code across several WordPress plugins?
Thanks
All active wordpress plugins run all of the time, so any defines or functions you declare in one plugin will be available in the next. (Edit: As long as they're declared publicly that is)
The problem with what you're suggesting is that you'll have plugins that're explicitly dependent on other plugins so what you're doing is effectively having one big plugin but split across three.
It would be better practice to have one plugin where you have several php files within it that're included in the main php file for that plugin. These can even be in different folders within the main plugin folder if it keeps it easier to organise for you. This way you can split your code out to relevant classes/files etc to keep it neat/maintainable but you're not making plugins that can't be used on their own.
How can you start making changes inside a WP theme and then keep track of them for future them updates ?
You can use some sort of version control software like subversion to track updates. Also in terms of just "hacking", it is all based in PHP so you can just drop into your theme and make changes as needed to any of the files as they pertain to what you want to do. For example in order to make any sort of changes to the header, typically you would edit the header.php file.
One way would be a version control system like Subversion.
My experience has shown that it is best to go with a very well developed and customizable theme (occasionally paid) that allows you to make the majority of changes within the theme's settings rather than hard coding them. When the theme is updated by the author, while not impossible, I find it is rare they've butchered something from a previous version. If they did, they'll often offer not only a reason but a possible work-around.
Another think would be to have a testing environment where you can try out new releases of a theme without risking harm to your live site. Just google 'wordpress testing environment' and that should point you in the right direction. For the record, I run XAMPP on a spare windows pc for this process.
Last bit of advice: if you do make any changes to your theme, back the theme files up regularly. In the event something does go haywire, you wont have to design the site from scratch.
I'm helping a client with their website (it's manually written using a Dreamweaver template and a ton of quadruple-nested table elements for design. Ouch), and I want to offer them a break from using Dreamweaver to write things.
I was thinking of using Wordpress or a similar CMS to do the job, as Wordpress is clean, fast, and really easy to design for. I've done it a few times, and it's almost as easy as just coding pure HTML.
My main concern is that the site has been hacked a few times before, even though it was pure HTML with no server-side code whatsoever. I can setup a manual Linux server for them, because the hosting company they use is one that I've never heard of.
The site owners are completely technologically impaired, so I don't want to scare them off by showing them a dynamic CMS with tons of features, as they think pure HTML is so much safer, they have to go out of their way to work with it.
I know this is a ton of writing, but what would be the most appropriate CMS for such a setup (hard-coding or dynamically generating content) for such a setup? I don't want to keep having the person manually write non-standards compliant quadruple-nested table layouts anymore, but I don't want to be responsible for having their site hacked...
Thanks!
A solution that allows for local editing, and the uploading of only static HTML files, would be the safest way to go. If it's a high-risk site, I would consider staying on that track.
If a site containing only static HTML was hacked, then most likely through some problem on web server or even operating system level - I am not aware of any exploits concerning static HTML resources. Problems usually come up when dynamic languages are involved.
Whatever you do, don't use Wordpress. It is bound to be subject of exploits and attacks simply due to its popularity.
If the site is pure HTML, then the insecurity is in the server, or the connection made between the server and the client.
I'd look into how to make the server more secure before making changes to the site, although doing both is a good idea. CMS's like WordPress use MySQL databases to store posts, etc, so that means client -> server connections. A way to make transfers of data more secure is to use https:// instead of vanilla http://. You can redirect using a .htaccess file if need be.
To summarise, I'd look at the server side of things for any vulnerabilities.
James
Wordpress has become a pretty wonderful CMS. If the site is high-risk, you might want to shy away from it, but I haven't had a site that I thought was too high-risk for WP myself. The site should keep up with regular updates and regular backups and there are some security tips that you can follow to help keep it more secure and less of a target.
First. Hide WP on the front end
Add this to your functions.php:
remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');
That will remove default header info that can be searched for by scripts.
Install wp in a directory that will help obscure its location and obscure the admin URL.
Change the name of wp-contents folder to something else and move it outside of the main wp directory. For instance, you could name it "includes" and put it into the root folder. and then links to template files will not have wp-contents in them.
On top of that, use a secure host, lock down your files (especially on shared hosting), and you can look at something like vaultpress, but it seems like if you use a solid backup plugin and a good host, that is unnecessary. You can also look at some of the security audit plugins, but don't keep them running after you get feedback.
This code in your wp-config.php file will help to install in a directory and move wp-contents outside of it into an "includes" folder:
define('WP_HOME', 'http://domain.com');
define('WP_SITEURL', WP_HOME .'/admin');
define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/includes');
define('WP_CONTENT_URL', WP_HOME .'/includes');
Wordpress is good for blogs
Typo3 is a good cms but hard to learn at start
Joomla and Drupal can be used as cms