diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index f7438b87..00000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,13 +0,0 @@ -# Code of Conduct - -This project falls under the WordPress open source project, and follows [WordPress Etiquette](https://wordpress.org/about/etiquette/): - -In the WordPress open source project, we realize that our biggest asset is the community that we foster. The project, as a whole, follows these basic philosophical principles from [The Cathedral and The Bazaar](http://www.catb.org/esr/writings/cathedral-bazaar/cathedral-bazaar/). - -- Contributions to the WordPress open source project are for the benefit of the WordPress community as a whole, not specific businesses or individuals. All actions taken as a contributor should be made with the best interests of the community in mind. -- Participation in the WordPress open source project is open to all who wish to join, regardless of ability, skill, financial status, or any other criteria. -- The WordPress open source project is a volunteer-run community. Even in cases where contributors are sponsored by companies, that time is donated for the benefit of the entire open source community. -- Any member of the community can donate their time and contribute to the project in any form including design, code, documentation, community building, etc. For more information, go to [make.wordpress.org](https://make.wordpress.org/). -- The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included by keeping communication free of discrimination, incitement to violence, promotion of hate, and unwelcoming behavior. - -The team involved will be proactive in mitigating any breach of this. diff --git a/README.md b/README.md index b690e9bc..6e8e806d 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # WordPress Advanced Administration Handbook + This is the repository for the **WordPress Advanced Administration Handbook** a collaboration between the Hosting Team and the Documentation Team. The **WordPress Advanced Administration Handbook** will be a new section in the "Hub" [developer.wordpress.org](https://developer.wordpress.org/) where all the most technical documentation for users and developers will be moved, so the documentation will be simple, and this one will have code and be more complex. @@ -11,86 +12,7 @@ The **WordPress Advanced Administration Handbook** will be a new section in the - [Handbook](https://github.com/WordPress/Advanced-administration-handbook) - [Meta ticket](https://meta.trac.wordpress.org/ticket/6411) -The future URL for this handbook will be at [https://developer.wordpress.org/advanced-administration/](https://developer.wordpress.org/advanced-administration/) (by [Meta ticket](https://meta.trac.wordpress.org/ticket/6411)). - -## Roadmap - -- [x] Phase 0: Create an initial structure to understand the categorization. -- [x] Phase 1: Create the empty-files with a link inside, so there is all the structure. -- [x] Phase 2: Add the content (only copying from the original page and create the content structure). -- [x] Phase 3: Publish a first version of the Advanced Admin Documentation. -- [ ] Phase 4: Check and improve the content. - -## File Structure - -Based on [WordPress Advanced Administration Handbook](https://docs.google.com/document/d/1fVIw3DztzyVY18RDPCGk-kDYTO6gzHtx81o7aitGijo/) - -- [README](README.md) -- [LICENSE](LICENSE) -- [CODE_OF_CONDUCT](CODE_OF_CONDUCT.md) -- [WordPress Advanced Administration Handbook](index.md) ([🔗](https://developer.wordpress.org/advanced-administration/)) - - [Before You Install](before-install/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/before-install/)) - - [Creating Database for WordPress](before-install/creating-database.md) ([🔗](https://developer.wordpress.org/advanced-administration/before-install/creating-database/)) - - [How to install WordPress](before-install/howto-install.md) ([🔗](https://developer.wordpress.org/advanced-administration/before-install/howto-install/)) - - [Running a Development Copy of WordPress](before-install/development.md) ([🔗](https://developer.wordpress.org/advanced-administration/before-install/development/)) - - [Installing WordPress in your language](before-install/in-your-language.md) ([🔗](https://developer.wordpress.org/advanced-administration/before-install/in-your-language/)) - - [Installing Multiple WordPress Instances](before-install/multiple-instances.md) ([🔗](https://developer.wordpress.org/advanced-administration/before-install/multiple-instances/)) - - [Install WordPress at popular providers](before-install/popular-providers.md) ([🔗](https://developer.wordpress.org/advanced-administration/before-install/popular-providers/)) - - [Server configuration](server/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/)) - - [Changing File Permissions](server/file-permissions.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/file-permissions/)) - - [Finding Server Info](server/server-info.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/server-info/)) - - [Giving WordPress Its Own Directory](server/wordpress-in-directory.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/wordpress-in-directory/)) - - [Configuring Wildcard Subdomains](server/subdomains-wildcard.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/subdomains-wildcard/)) - - [Emptying a Database Table](server/empty-database.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/empty-database/)) - - [Web servers](server/web-server.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/web-server/)) - - [nginx](server/nginx.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/web-server/nginx/)) - - [Control Panels](server/control-panel.md) ([🔗](https://developer.wordpress.org/advanced-administration/server/control-panel/)) - - [WordPress configuration](wordpress/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/)) - - [wp-config.php](wordpress/wp-config.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/)) - - [Site Architecture](wordpress/site-architecture.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/site-architecture/)) - - [Cookies](wordpress/cookies.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/cookies/)) - - [Update Services](wordpress/update-services.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/update-services/)) - - [Editing Files](wordpress/edit-files.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/edit-files/)) - - [CSS](wordpress/css.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/css/)) - - [Feeds](wordpress/feeds.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/feeds/)) - - [Multilingual WordPress](wordpress/multilingual.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/multilingual/)) - - [oEmbed](wordpress/oembed.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/oembed/)) - - [Loopbacks](wordpress/loopback.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/loopback/)) - - [Common errors](wordpress/common-errors.md) ([🔗](https://developer.wordpress.org/advanced-administration/wordpress/common-errors/)) - - [Upgrading / Migration](upgrade/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/upgrade/)) - - [FTP Clients](upgrade/ftp.md) ([🔗](https://developer.wordpress.org/advanced-administration/upgrade/ftp/)) - - [Using FileZilla](upgrade/filezilla.md) ([🔗](https://developer.wordpress.org/advanced-administration/upgrade/ftp/filezilla/)) - - [phpMyAdmin](upgrade/phpmyadmin.md) ([🔗](https://developer.wordpress.org/advanced-administration/upgrade/phpmyadmin/)) - - [Upgrading](upgrade/upgrading.md) ([🔗](https://developer.wordpress.org/advanced-administration/upgrade/upgrading/)) - - [Migration](upgrade/migrating.md) ([🔗](https://developer.wordpress.org/advanced-administration/upgrade/migrating/)) - - [WordPress Multisite / Network](multisite/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/multisite/)) - - [Before You Create A Network](multisite/prepare-network.md) ([🔗](https://developer.wordpress.org/advanced-administration/multisite/prepare-network/)) - - [Create A Network](multisite/create-network.md) ([🔗](https://developer.wordpress.org/advanced-administration/multisite/create-network/)) - - [WordPress Multisite Domain Mapping](multisite/domain-mapping.md) ([🔗](https://developer.wordpress.org/advanced-administration/multisite/domain-mapping/)) - - [Multisite Network Administration](multisite/administration.md) ([🔗](https://developer.wordpress.org/advanced-administration/multisite/administration/)) - - [Network Admin](multisite/admin.md) ([🔗](https://developer.wordpress.org/advanced-administration/multisite/admin/)) - - [Migrate WordPress sites into WordPress Multisite](multisite/sites-multisite.md) ([🔗](https://developer.wordpress.org/advanced-administration/multisite/sites-multisite/)) - - [Plugins](plugins/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/plugins/)) - - [Must Use Plugins](plugins/mu-plugins.md) ([🔗](https://developer.wordpress.org/advanced-administration/plugins/mu-plugins/)) - - [Themes](themes/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/themes/)) - - [Security](security/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/)) - - [Your password](security/logging-in.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/logging-in/)) - - [Multi-Factor Authentication](security/mfa.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/mfa/)) - - [Backups](security/backup.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/backup/)) - - [Database Backup](security/backup.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/backup/database/)) - - [Files Backup](security/backup.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/backup/files/)) - - [HTTPS](security/https.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/https/)) - - [Brute Force Attacks](security/brute-force.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/brute-force/)) - - [Hardening WordPress](security/hardening.md) ([🔗](https://developer.wordpress.org/advanced-administration/security/hardening/)) - - [Performance / Optimization](performance/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/performance/)) - - [Cache](performance/cache.md) ([🔗](https://developer.wordpress.org/advanced-administration/performance/cache/)) - - [Optimization](performance/optimization.md) ([🔗](https://developer.wordpress.org/advanced-administration/performance/optimization/)) - - [Debugging WordPress](debug/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/debug/)) - - [Debugging in WordPress](debug/debug-wordpress.md) ([🔗](https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/)) - - [Debugging a WordPress Network](debug/debug-network.md) ([🔗](https://developer.wordpress.org/advanced-administration/debug/debug-network/)) - - [Using Your Browser to Diagnose JavaScript Errors](debug/debug-javascript.md) ([🔗](https://developer.wordpress.org/advanced-administration/debug/debug-javascript/)) - - [Test Driving WordPress](debug/test-driving.md) ([🔗](https://developer.wordpress.org/advanced-administration/debug/test-driving/)) - - [Resources](resources/index.md) ([🔗](https://developer.wordpress.org/advanced-administration/resources/)) +The URL for this handbook is at [https://developer.wordpress.org/advanced-administration/](https://developer.wordpress.org/advanced-administration/). ## Recommendations @@ -106,7 +28,7 @@ Based on [WordPress Advanced Administration Handbook](https://docs.google.com/do ### External linking -- [External Linking Policy – "Commercial blogs"](https://make.wordpress.org/docs/2020/07/06/external-linking-policy-commercial-blogs/) +- [External Linking Policy (Summary)](https://make.wordpress.org/docs/handbook/documentation-team-handbook/external-linking-policy/) ### Example domains diff --git a/before-install/creating-database.md b/before-install/creating-database.md index 3f513fdc..86cedd8f 100644 --- a/before-install/creating-database.md +++ b/before-install/creating-database.md @@ -1,6 +1,6 @@ # Creating Database for WordPress -If you are installing WordPress on your own web server, follow the one of below instructions to create your WordPress database and user account. +If you are installing WordPress on your own web server, follow one of the below instructions to create your WordPress database and user account. ## Using phpMyAdmin @@ -24,7 +24,7 @@ phpMyAdmin Users Tab 1. Click **Add user**. 2. Choose a username for WordPress ('wordpress' is good) and enter it in the **User name** field. (Be sure **Use text field:** is selected from the dropdown.) -3. Choose a secure password (ideally containing a combination of upper- and lower-case letters, numbers, and symbols), and enter it in the **Password** field. (Be sure **Use text field:** is selected from the dropdown.) Re-enter the password in the **Re-type**field. +3. Choose a secure password (ideally containing a combination of upper- and lower-case letters, numbers, and symbols), and enter it in the **Password** field. (Be sure **Use text field:** is selected from the dropdown.) Re-enter the password in the **Re-type** field. 4. Write down the username and password you chose. 5. Leave all options under **Global privileges** at their defaults. 6. Click **Go**. @@ -48,12 +48,12 @@ Your MySQL connection id is 5340 to server version: 3.23.54 Type 'help;' or '\\h' for help. Type '\\c' to clear the buffer. mysql> CREATE DATABASE databasename; -Query OK, 1 row affected (0.00 sec) - -mysql> GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername"@"hostname" -\-> IDENTIFIED BY "password"; -Query OK, 0 rows affected (0.00 sec) - +Query OK, 1 row affected (0.00 sec) + +mysql> CREATE USER "wordpressusername"@"hostname" IDENTIFIED BY "password"; +mysql> GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername"@"hostname"; +Query OK, 0 rows affected (0.00 sec) + mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.01 sec) @@ -73,7 +73,7 @@ If you need to write these values somewhere, avoid writing them in the system th ## Using Plesk -If your hosting provider supplies the [Plesk](http://www.plesk.com/) hosting control panel and you want to install WordPress manually, follow the instructions below to create a database: +If your hosting provider supplies the [Plesk](https://www.plesk.com/) hosting control panel and you want to install WordPress manually, follow the instructions below to create a database: 1. Log in to Plesk. 2. Click **Databases** in the Custom Website area of your website on the Websites & Domains page: @@ -102,7 +102,3 @@ If you're a regular User of a single-site webhosting account, you can log in nor Reseller accounts Admin accounts may need to click **User Level**. They must first log in as Reseller if the relevant domain is a Reseller's primary domain… or log in as a User if the domain is not a Reseller's primary domain. If it's the Reseller's primary domain, then when logged in as Reseller, simply click **User Level**. However if the relevant domain is not the Reseller's primary domain, then you must log in as a User. Then click **MySQL Management**. (If not readily visible, perhaps you need to return to the Reseller or Admin level, and modify the “Manage user package” or “Manage Reseller package” to enable MySQL.) In MySQL Management, click on the small words: **Create new database**. Here you are asked to submit two suffixes for the database and its username. For maximum security, use two different sets of 4-6 random characters. Then the password field has a Random button that generates an 8-character password. You may also add more characters to the password for maximum security. Click **Create**. The next screen will summarize the database, username, password and hostname. Be sure to copy and paste these into a text file for future reference. - -## Changelog - -- 2022-09-11: Original content from [Creating Database for WordPress](https://wordpress.org/documentation/article/creating-database-for-wordpress/). diff --git a/before-install/development.md b/before-install/development.md index 54ade3f3..f57b3338 100644 --- a/before-install/development.md +++ b/before-install/development.md @@ -1,52 +1,56 @@ # Running a Development Copy of WordPress -Having a development instance of WordPress is a good way to update, develop and make modifications to a website while not interrupting the live version of WordPress. There are many ways to setup a development copy of WordPress but this article will cover the **basics, best practices, tips** and some **tools** to make running a development copy of WordPress a lot easier. +Having a development instance of WordPress is a good way to update, develop, and modify a website without interrupting the live version of WordPress. There are many ways to set up a development copy of WordPress, but this article will cover the basics, best practices, tips, and some tools to make running a development copy of WordPress much easier. -## Installing WordPress on your own computer +## Installing WordPress on your computer -Use these instructions for setting up a local server environment for testing and development. +Use these instructions to set up a local server environment for testing and development. -Installing WordPress locally is usually meant for the purpose of development. Those interested in development should follow the instructions below and download WordPress locally. -- [Local](https://localwp.com/) – Free, one-click WordPress installer. -- [Lando](https://docs.lando.dev/wordpress/) – Free plugin to install WordPress locally. -- [AMPPS](http://ampps.com/download) – Free WAMP/MAMP/LAMP stack, with inbuilt Softaculous Installer. Can 1 click install and upgrade WordPress and others as well. -- [Installing WordPress Locally on Your Mac With MAMP](https://codex.wordpress.org/Installing_WordPress_Locally_on_Your_Mac_With_MAMP) -- [User:Beltranrubo/BitNami](https://codex.wordpress.org/User:Beltranrubo/BitNami) Free all-in-one installers for OS X, Windows and Linux. There are also available installers for WordPress Multisite [User:Beltranrubo/BitNami_Multisite](https://codex.wordpress.org/User:Beltranrubo/BitNami_Multisite) using different domains or subdomains. -- [Instant WordPress](http://www.instantwp.com/) is a free, standalone, portable WordPress development environment for Windows that will run from a USB key. +Installing WordPress locally is usually meant for development. Those interested in development can follow the instructions below to download and install WordPress locally. +- [wp-env](https://developer.wordpress.org/block-editor/reference-guides/packages/packages-env/) - a free, open-source development environment maintained by the WordPress core developer community. +- [VVV or Varying Vagrant Vagrants](https://varyingvagrantvagrants.org/) - free, open-source local development environment maintained by members of the WordPress community. +- [XAMPP](https://www.apachefriends.org/) - free and open-source local development environment maintained by Apache Friends +- [MAMP](https://www.mamp.info/en/mac/) - free local development environment that everything you need to install WordPress locally. +- [DDEV](https://ddev.readthedocs.io/en/stable/users/quickstart/#wordpress) - free, open-source, development environment. Seamlessly share local sites over public domains, includes a database editor, Xdebug, and other performance profiling tools. +- [Lando](https://lando.dev/) – free, open-source development environment that offers a [plugin to install WordPress locally](https://docs.lando.dev/plugins/wordpress/). +- [AMPPS](https://ampps.com/downloads/) – free WAMP/MAMP/LAMP stack with Softaculous Installer built in. It can 1-click install and upgrade WordPress and others as well. +- [Bitnami package for WordPress](https://bitnami.com/stack/wordpress) and [Bitnami package for WordPress Multisite](https://bitnami.com/stack/wordpress-multisite) - Bitnami packages for WordPress that provide a one-click install solution for WordPress or WordPress Multisite on your local computer or in the cloud. +- [Instant WordPress](https://instantwp.com/) - free, standalone, portable WordPress development environment for Windows that will run from a USB key. +- [WordPress Studio](https://developer.wordpress.com/studio/) - free, open-source app to install and manage multiple WordPress sites locally. ### Software Appliance - Ready-to-use -You may find that using a pre-integrated [software appliance](http://en.wikipedia.org/wiki/Software_appliance) is a great way to get up and running with WordPress, especially in combination with virtual machine software (e.g., VMWare, VirtualBox, Xen HVM, KVM). +You may find that using a pre-integrated [software appliance](https://en.wikipedia.org/wiki/Software_appliance) is a great way to get up and running with WordPress, especially in combination with virtual machine software (e.g., VMWare, VirtualBox, Xen HVM, KVM). -Another software that can be used is Parallels, which you would have to pay for unlike virtual machine software. It allows you to run both Mac and Windows on your machine. +Parallels is another software that can be used. Unlike virtual machine software, it requires payment. It allows you to run both Mac and Windows on your machine. -A software appliance allows users to altogether skip manual installation of WordPress and its dependencies, and instead deploy a self-contained system that requires little to no setup, in just a couple of minutes. +A software appliance allows users to skip the manual installation of WordPress and its dependencies and instead deploy a self-contained system that requires little to no setup in just a couple of minutes. -- [TurnKey WordPress Appliance](http://www.turnkeylinux.org/wordpress): a free Debian-based appliance that just works. It bundles a collection of popular WordPress plugins and features a small footprint, automatic security updates, SSL support and a Web administration interface. Available as ISO, various virtual machine images, or launch in the cloud. +- [TurnKey WordPress Appliance](https://www.turnkeylinux.org/wordpress): a free Debian-based appliance that just works. It bundles a collection of popular WordPress plugins and features a small footprint, automatic security updates, SSL support, and a Web administration interface. Available as ISO, virtual machine images, or launch in the cloud. ### Unattended/automated installation of WordPress on Ubuntu Server 16.04 LTS -## Two WordPresses, One Database +## Two WordPress Installations with One Database -**Note:** If you are planing on doing database development, this method is NOT recommended. +**Note:** This method is NOT recommended if you plan on doing database development. -A popular approach to running a local copy of your live site is to use the same database for both local and live. Using the same database will allow you to work on you local copy and simply push changes from local to your production with no break in uptime. +A popular approach to running a local copy of your live site is using the same local and live database. Using the same database will allow you to work on your local copy and push changes from local to your production with no break in uptime. **Setup of the local copy** -Once you have your local files setup, you will need to modify wp-config.php in the root of your local install. +Once you have your local files set up, you must modify wp-config.php in the root of your local install. ``` -define('WP_HOME', "http://{$_SERVER['HTTP_HOST']}"); -define('WP_SITEURL', "http://{$_SERVER['HTTP_HOST']}"); +define('WP_HOME', "https://{$_SERVER['HTTP_HOST']}"); +define('WP_SITEURL', "https://{$_SERVER['HTTP_HOST']}"); ob_start( 'ob_replace_home_url' ); function ob_replace_home_url( $content ) { $home_urls = array( - 'http://site.testing.foo.com', - 'http://site.foo.com', - 'http://site.authoring.testing.foo.com', - 'http://site.authoring.foo.com', + 'https://site.testing.example.com', + 'https://site.example.com', + 'https://site.authoring.testing.example.com', + 'https://site.authoring.example.com', ); $content = str_replace( $home_urls, WP_HOME, $content ); @@ -57,13 +61,13 @@ function ob_replace_home_url( $content ) { ### Using a Drop-In -What if we don’t want to hack core code? (Which is a good practice for easy upgrading and sharing code.) There is even a filter for this (pre_option_siteurl and pre_option_home) but there’s a problem: within **wp-settings.php**, +What if we don’t want to hack core code? Avoiding changes to core code is a good practice for easy upgrading and code-sharing. There is even a filter for this (`pre_option_siteurl` and `pre_option_home`) but there’s a problem: within **wp-settings.php**, - the filter can’t be defined until after line 65 when `functions.php` is included - WordPress makes calls to `get_option` on line 155 of (via `wp_plugin_directory_constants()`) - plugins aren’t defined until later down around line 194. -However, in between lines 65 and 155, there is something we can use, namely the loading of the drop-in `db.php`; the filter can be safely defined there. (However, this is perhaps only halfway towards “not core” code.) Check if you already have an existing wp-content/db.php before trying this technique. It is used by packages like W3 Total Cache for similar reasons. +However, between lines 65 and 155, there is something we can use, namely the loading of the drop-in `db.php`; the filter can be safely defined there. (However, this is perhaps only halfway towards “not core” code.) Check if you already have an existing wp-content/db.php before trying this technique. Plugins like W3 Total Cache use it for similar reasons. ``` General > Site Language** and select from the list of available languages. For Multisite Super Admins, you can set the default language using the Network Administration **Settings** panel. +For WordPress 4.1 or later, you can [install language packs directly from the Admin back-end](https://wplang.org/wordpress-4-1-install-language-packs-dashboard/) at any time. WordPress will download them and switch the admin back-end to that language. Navigate to **Settings > General > Site Language** and select from the list of available languages. For Multisite Super Admins, you can set the default language using the Network Administration **Settings** panel. ## Manually installing language files @@ -16,7 +16,7 @@ Here are the steps you will need to follow to install an international version o **Note:** If you make an error in the steps or you do not specify the correct language, WordPress will default back to English. For more help Installing WordPress, see [Installing WordPress](https://developer.wordpress.org/advanced-administration/before-install/howto-install/) and [FAQ Installation](https://wordpress.org/documentation/article/faq-installation/). -* Download the `.mo` language file for your language. The naming convention of the `.mo` files is based on the ISO-639 language code (e.g. _pt_ for Portuguese) followed by the ISO-3166 country code (e.g. _PT_ for Portugal or _BR_ for Brazil). So, the Brazilian Portuguese file would be called `pt_BR.mo`, and a non-specific Portuges file would be called `pt.mo`. Complete lists of codes can be found at [(country codes)](http://www.gnu.org/software/gettext/manual/html_chapter/gettext_16.html#Country-Codes) and [(language codes)](http://www.gnu.org/software/gettext/manual/html_chapter/gettext_16.html#Language-Codes). +* Download the `.mo` language file for your language. The naming convention of the `.mo` files is based on the ISO-639 language code (e.g. _pt_ for Portuguese) followed by the ISO-3166 country code (e.g. _PT_ for Portugal or _BR_ for Brazil). So, the Brazilian Portuguese file would be called `pt_BR.mo`, and a non-specific Portuges file would be called `pt.mo`. Complete lists of codes can be found at [(country codes)](https://www.gnu.org/savannah-checkouts/gnu/gettext/manual/gettext.html#Country-Codes) and [(language codes)](https://www.gnu.org/savannah-checkouts/gnu/gettext/manual/gettext.html#Language-Codes). ## Setting the language for your site @@ -58,6 +58,3 @@ You can set the default language for the entire network under the `Network Admin If you want to add translations for terms that are still displaying in English after installation, visit [translate.wordpress.org](https://translate.wordpress.org) and select your language. To get started, refer [this page](https://make.wordpress.org/polyglots/handbook/tools/glotpress-translate-wordpress-org/) in the [Translator’s Handbook](https://make.wordpress.org/polyglots/handbook/). -## Changelog - -- 2022-09-11: Original content from [Installing WordPress in your language](https://wordpress.org/documentation/article/installing-wordpress-in-your-language/). diff --git a/before-install/index.md b/before-install/index.md index 7f971715..272e77a4 100644 --- a/before-install/index.md +++ b/before-install/index.md @@ -2,7 +2,7 @@ Before installing WordPress, you need to check that your web hosting provider fulfills the necessary software and conditions. Also, you must have access to the server and some tools. -# Requirements on the server side +## Requirements on the server side * PHP 7.4 or greater * MySQL 5.7 or MariaDB 10.3 or greater @@ -10,7 +10,7 @@ Before installing WordPress, you need to check that your web hosting provider fu For a list of detail requirements on your web host, refer the [official requirement page](https://wordpress.org/about/requirements/) and the [Server Environment page](https://make.wordpress.org/hosting/handbook/server-environment/). -# Requirements on local +## Requirements on local * Login Account (user id and password) to the server via FTP or shell * Text Editor @@ -23,7 +23,3 @@ You will need to be able to use an FTP program to [upload](https://developer.wor Now you are all set to go on to [Installation](https://developer.wordpress.org/advanced-administration/before-install/howto-install/). -## Changelog - -- 2023-01-20: Changed MySQL and MariaDB versions. Fixed some links. -- 2022-09-11: Original content from [Before You Install](https://wordpress.org/documentation/article/before-you-install/). diff --git a/before-install/multiple-instances.md b/before-install/multiple-instances.md index 0b619f61..5b03ca2a 100644 --- a/before-install/multiple-instances.md +++ b/before-install/multiple-instances.md @@ -74,9 +74,3 @@ For enhanced security you can also add multiple users to the same database and g You can use the same userbase for all your blogs on the same domain by defining the `CUSTOM_USER_TABLE` and optionally the `CUSTOM_USER_META_TABLE` constants to point to the same `wp_your_blog_users` and `wp_your_blog_usermeta` tables. See [Editing wp-config.php/Custom User and Usermeta Tables](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#custom-user-and-usermeta-tables). -## Changelog - - -- 2023-02-17: WCAsia Contributor Day - Review and rework -- 2022-10-21: Original content from [Installing Multiple WordPress Instances](https://wordpress.org/support/article/installing-multiple-blogs/). - diff --git a/before-install/popular-providers.md b/before-install/popular-providers.md index 447de576..b4901092 100644 --- a/before-install/popular-providers.md +++ b/before-install/popular-providers.md @@ -41,6 +41,3 @@ You can also install WordPress on Ubuntu with one click [WordPress Hosting](http * Running into some issues and need to troubleshoot your WordPress site on Azure? Follow this handy [Troubleshooting guide for WordPress on Azure](https://learn.microsoft.com/troubleshoot/azure/app-service/web-apps-open-source-technologies-faqs). * For other WordPress related content or specific WordPress related questions, you may perform a [search with WordPress related terms on Microsoft Learn](https://learn.microsoft.com/en-us/search/?terms=wordpress). -## Changelog - -- 2023-01-20: Migrated content from [Installing WordPress at popular Hosting Companies](https://wordpress.org/documentation/article/installing-wordpress-at-popular-hosting-companies/). \ No newline at end of file diff --git a/bin/handbook-manifest.json b/bin/handbook-manifest.json index 0ca1eefe..d3a56b48 100644 --- a/bin/handbook-manifest.json +++ b/bin/handbook-manifest.json @@ -125,6 +125,13 @@ "parent": "server", "order": 7 }, + "server\/mail": { + "title": "Mail", + "slug": "mail", + "markdown_source": "https:\/\/github.com\/WordPress\/Advanced-administration-handbook\/blob\/main\/server\/mail.md", + "parent": "server", + "order": 8 + }, "wordpress": { "title": "WordPress configuration", "slug": "wordpress", @@ -412,6 +419,13 @@ "parent": "security", "order": 6 }, + "security\/hardening\/display-errors": { + "title": "Display Errors", + "slug": "display-errors", + "markdown_source": "https:\/\/github.com\/WordPress\/Advanced-administration-handbook\/blob\/main\/security\/display-errors.md", + "parent": "hardening", + "order": 1 + }, "security\/monitoring": { "title": "Monitoring", "slug": "monitoring", @@ -440,6 +454,13 @@ "parent": "performance", "order": 2 }, + "performance\/php": { + "title": "PHP Optimization", + "slug": "php", + "markdown_source": "https:\/\/github.com\/WordPress\/Advanced-administration-handbook\/blob\/main\/performance\/php.md", + "parent": "performance", + "order": 3 + }, "debug": { "title": "Debugging WordPress", "slug": "debug", diff --git a/debug/debug-javascript.md b/debug/debug-javascript.md index 4b5f5b09..c82d45e4 100644 --- a/debug/debug-javascript.md +++ b/debug/debug-javascript.md @@ -15,7 +15,7 @@ Make note of any browsers you are experiencing the error in. You can use this in ## Step 2: Enable SCRIPT_DEBUG -You need to turn on [script debugging](https://wordpress.org/documentation/article/debugging-in-wordpress#SCRIPT_DEBUG). Open `wp-config.php` and add the following line before "That's all, stop editing! Happy blogging". +You need to turn on [script debugging](https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/#script_debug). Open `wp-config.php` and add the following line before "That's all, stop editing! Happy blogging". ``` define('SCRIPT_DEBUG', true); @@ -30,8 +30,8 @@ Check to see if you are still having an issue. ### Open the Developer Tools -* **Chrome**: Type `Cmd-Option-J` (Mac) or `Ctrl-Shift-J` (Windows, Linux, Chrome OS), or nagivate to `View -> Developer -> Developer Tools` in the menu. -* **Firefox**: Type `Cmd-Option-K` (Mad) or `Ctrl-Shift-K` (Windows, Linux, Chrome OS), or navigate to `Web Development -> Web Console` in the menu. +* **Chrome**: Type `Cmd-Option-J` (Mac) or `Ctrl-Shift-J` (Windows, Linux, Chrome OS), or navigate to `View -> Developer -> Developer Tools` in the menu. +* **Firefox**: Type `Cmd-Option-K` (Mac) or `Ctrl-Shift-K` (Windows, Linux, Chrome OS), or navigate to `Web Development -> Web Console` in the menu. * **Edge**: Follow the instructions for Chrome. * **Safari**: First, navigate to `Safari -> Preferences`. Click on the `Advanced` tab, then check `Show Develop Menu in menu bar`. Then, in the new `Develop` menu, navigate to `Show JavaScript Console`. * **Opera**: Navigate to `Tools -> Advanced -> Error Console` in the menu. @@ -61,6 +61,3 @@ Please include the below information: * the context of the error – including the whole error stack will help developers * If possible, a link to the web page showing the error -## Changelog - -- 2022-09-11: Original content from [Using Your Browser to Diagnose JavaScript Errors](https://wordpress.org/documentation/article/using-your-browser-to-diagnose-javascript-errors/). Consolidated Developer Tools instuctions, removed IE documentation. diff --git a/debug/debug-network.md b/debug/debug-network.md index 4ea2a7c2..8bba501e 100644 --- a/debug/debug-network.md +++ b/debug/debug-network.md @@ -114,7 +114,3 @@ One or more database tables are unavailable. The database may need to be repaire * [WordPress → Support → Multisite](https://wordpress.org/support/forum/multisite/) -## Changelog - -- 2023-02-17: Updated original content -- 2022-10-21: Original content from [Debugging a WordPress Network](https://wordpress.org/documentation/article/debugging-a-wordpress-network/). \ No newline at end of file diff --git a/debug/debug-wordpress.md b/debug/debug-wordpress.md index 0823a120..32d1de5b 100644 --- a/debug/debug-wordpress.md +++ b/debug/debug-wordpress.md @@ -1,6 +1,6 @@ # Debugging in WordPress -Debugging PHP code is part of any project, but WordPress comes with specific debug systems designed to simplify the process as well as standardize code across the core, plugins, and themes. This page describes the various debugging tools on WordPress and how to be more productive in your coding, as well as increasing the overall quality and interoperability of your code. +Debugging PHP code is part of any project, but WordPress comes with specific debugging systems designed to simplify the process as well as standardize code across the core, plugins, and themes. This page describes the various debugging tools available in WordPress and how to be more productive in your coding, as well as increasing the overall quality and interoperability of your code. For non-programmers or general users, these options can be used to show detailed information about errors. @@ -130,7 +130,7 @@ define( 'SCRIPT_DEBUG', true ); ## SAVEQUERIES -The `SAVEQUERIES` definition saves the database queries to an array, and that array can be displayed to help analyze those queries. The constant defined as true causes each query to be saved, how long that query took to execute, and what function called it. +The `SAVEQUERIES` definition saves database queries to an array, which can then be displayed to help analyze those queries. When the constant is set to true, it causes each query to be saved along with the time it took to execute and the function that called it. ``` define( 'SAVEQUERIES', true ); @@ -146,7 +146,3 @@ There are many [debugging plugins](https://wordpress.org/plugins/search/debug/) For example, [Debug Bar](https://wordpress.org/plugins/debug-bar/) adds a debug menu to the admin bar that shows query, cache, and other helpful debugging information. When WP_DEBUG is enabled, it also tracks PHP Warnings and Notices to make them easier to find. -## Changelog - -- 2023-02-01: Updated original content. -- 2022-09-11: Original content from [Debugging in WordPress](https://wordpress.org/documentation/article/debugging-in-wordpress/); ticket from [Github](https://github.com/WordPress/Documentation-Issue-Tracker/issues/349). \ No newline at end of file diff --git a/debug/index.md b/debug/index.md index 62ed369c..62bd3d36 100644 --- a/debug/index.md +++ b/debug/index.md @@ -20,6 +20,3 @@ When it comes to [debugging a WordPress site](https://developer.wordpress.org/ad [Test-driving](https://developer.wordpress.org/advanced-administration/debug/test-driving/) refers to the process of testing a website before making it live. This process allows developers to identify and resolve any issues or bugs before the site is made available to the public. Test-driving is typically performed in a sandbox environment. Creating a sandbox environment is covered in this section. -## Changelog - -- 2023-02-17: Added original content. diff --git a/debug/test-driving.md b/debug/test-driving.md index 2eb4ad5b..e6cd799c 100644 --- a/debug/test-driving.md +++ b/debug/test-driving.md @@ -111,13 +111,13 @@ This method is useful toward the end of testing as you can ask for people to tes To hide your WordPress test folder from others, you can use the `.htaccess` file on an Apache web server. The `.htaccess` file is a file that stores server directives, instructions which tell the server what to do in specific situations. You could also use the Apache config file (httpd.conf) or other methods, but the `.htaccess` file can apply only to the folder in which the .htaccess file resides, and all the folders under that one, allowing you to restrict access to a specific folder. -Remember, this will only work on servers that support `.htaccess`. If you are unsure that your server supports `.htaccess`, contact your hosting provider. You may or may not be able to do this depending upon the access permissions you have with your host server. You may need their assistance. If you are running your own server, or if your hosting provider is clue-free, consult the [AllowOverride documentation](http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride). +Remember, this will only work on servers that support `.htaccess`. If you are unsure that your server supports `.htaccess`, contact your hosting provider. You may or may not be able to do this depending upon the access permissions you have with your host server. You may need their assistance. If you are running your own server, or if your hosting provider is clue-free, consult the [AllowOverride documentation](https://httpd.apache.org/docs/2.0/mod/core.html#allowoverride). Using the `.htaccess` file, you need to provide instructions to tell the server to restrict or deny access to your WordPress test site. In the folder or directory in which WordPress is installed, do the following: 1. Using a text editor create a blank text file called `.htaccess`. 2. You need the following information: -3. - The full path of a directory on your site server that is not accessible to the public (like http://example.com/public_html/ is accessible but http://example.com/private/ is not. Use the latter. +3. - The full path of a directory on your site server that is not accessible to the public (like https://example.com/public_html/ is accessible but https://example.com/private/ is not. Use the latter. 4. - The name of the secured area such as “Enter Password” or “Secure Area” (this is not important, just simple). 5. In the file type the following, replacing /full/path/of/directory/ and Security Area with the above information: `AuthUserFile /full/path/of/directory/.htpasswd AuthName "Security Area" AuthType Basic require valid-user` 6. Save this .htaccess file and upload it to the directory on your server you want hidden and secured. This would be the installation directory for WordPress such as `/wordpress/` or `blog`. @@ -128,12 +128,12 @@ Using the `.htaccess` file, you need to provide instructions to tell the server When you are ready to open your site to the public and remove the protection, delete the password and `.htaccess` files from their locations. -It is highly recommended that you remove the default ping URL to [Ping-o-Matic!](http://www.pingomatic.com/), otherwise your test posts will ping and your test blog will be made public though not accessible. +It is highly recommended that you remove the default ping URL to [Ping-o-Matic!](https://pingomatic.com/), otherwise your test posts will ping and your test blog will be made public though not accessible. ### Htaccess Resources -- [.htaccess files howto](http://httpd.apache.org/docs-2.0/howto/htaccess.html) -- [Authentication, Authorization and Access Control](http://httpd.apache.org/docs-2.0/howto/auth.html) +- [.htaccess files howto](https://httpd.apache.org/docs/2.0/howto/htaccess.html) +- [Authentication, Authorization and Access Control](https://httpd.apache.org/docs/2.0/howto/auth.html) ## Installing WordPress on a Mac @@ -143,9 +143,9 @@ Use these instruction for setting up a local server environment for testing and ## Installing WordPress on Your Windows Desktop -In order for WordPress to work, it must have access to an Apache server, MySQL/MariaDB, and phpMyAdmin. Installing these separately can be painful. Luckily for us, [XAMPP](http://www.apachefriends.org/en/xampp-windows.html) installs all of these with one program, allowing you to run WordPress on your computer. There are two versions of the program, Basic and Lite. The Lite version is usually adequate. +In order for WordPress to work, it must have access to an Apache server, MySQL/MariaDB, and phpMyAdmin. Installing these separately can be painful. Luckily for us, [XAMPP](https://www.apachefriends.org/download.html) installs all of these with one program, allowing you to run WordPress on your computer. There are two versions of the program, Basic and Lite. The Lite version is usually adequate. -1. Download and install [XAMPP](http://www.apachefriends.org/en/xampp-windows.html). +1. Download and install [XAMPP](https://www.apachefriends.org/download.html). 2. This installs by default into `C:/xampplite` or `C:\xampp`. 3. Start XAMPP from `c:\xampplite` or `c:\xampp`. 4. You may need to restart your computer to allow apache services to start. @@ -178,7 +178,7 @@ With the help of XAMPP, you can install WordPress directly on your computer and 1. Access to your server database. 2. Ability to download your entire WordPress installation to your computer. -3. [Basic XAMPP for Windows](http://www.apachefriends.org/en/xampp-windows.html) +3. [Basic XAMPP for Windows](https://www.apachefriends.org/download.html) 4. Enough room on your hard drive to accommodate your database, WordPress installation, and XAMPP. ### Backup WordPress @@ -246,7 +246,7 @@ define('DB_HOST', 'localhost'); // 99% chance you won't need to change this Before you begin to import your SQL backup file, you need to change some information inside your `.SQL` file. 1. Using your text editor, open the `.sql` backup database file you downloaded. -2. Find and replace all the instances of your old URL with your new URL. For instance if your blog address is at http://example.com/wordpress/, and your files on your computer are at `/htdocs/wordpress/`, replace it with http://127.0.0.1/wordpress/. +2. Find and replace all the instances of your old URL with your new URL. For instance if your blog address is at https://example.com/wordpress/, and your files on your computer are at `/htdocs/wordpress/`, replace it with http://127.0.0.1/wordpress/. 3. Click **Save – Do not use Save as**. ![phpMyAdmin SQL tab](https://user-images.githubusercontent.com/6118303/189546617-26a843c4-e793-4c44-b2a6-13a32b366a8e.png) @@ -268,9 +268,5 @@ WordPress should now function just as it did on the web. You do not need to use Coming soon – how to move your test site from your computer back live onto your host server site. ### Resources -- [Test themes on a live blog with Theme Test Drive](http://www.prelovac.com/vladimir/wordpress-plugins/theme-test-drive) -- [qSandbox.com – Create a free WordPress test site to try (new) plugins and themes](http://qsandbox.com/) +- [qSandbox.com – Create a free WordPress test site to try (new) plugins and themes](https://qsandbox.com/app/) -## Changelog - -- 2022-09-11: Original content from [Test driving WordPress](https://wordpress.org/documentation/article/test-driving-wordpress/). diff --git a/debug/version-control.md b/debug/version-control.md index b980bfb6..6c8b48c8 100644 --- a/debug/version-control.md +++ b/debug/version-control.md @@ -4,7 +4,3 @@ Version control is a way of tracking the changes made to files over time by diff A lot of WordPress hosts offer version control but there are third-party services and self hosted options as well. -## Changelog - -- 2023-05-29: Synced with [Hostinh Handbook](https://make.wordpress.org/hosting/handbook/reliability/#version-control) -- 2023-03-03: Created a new page for *Version control* \ No newline at end of file diff --git a/index.md b/index.md index d36d35d3..d1b2be23 100644 --- a/index.md +++ b/index.md @@ -1,4 +1,4 @@ -# WordPress Advanced Administration Handbook +# Advanced Administration Handbook Welcome to the **WordPress Advanced Administration Handbook**! Here you will find WordPress advanced documentation. Use the "Contents" menu on the left to navigate topics. @@ -17,8 +17,3 @@ The Documentation Team meets in the WordPress Slack, in the [#docs](https://word This documentation is managed by [@javiercasares](https://profiles.wordpress.org/javiercasares/), [@lucp](https://profiles.wordpress.org/lucp/), and [@milana_cap](https://profiles.wordpress.org/milana_cap/). Also, the [Documentation Team](https://make.wordpress.org/docs/) and [Hosting Team](https://make.wordpress.org/hosting/) are involved in this. [info]If you're interested in improving this handbook, check the [Github Handbook repo](https://github.com/WordPress/WordPress-Advanced-administration-handbook), the [Documentation Issue tracked](https://github.com/WordPress/Documentation-Issue-Tracker/labels/advanced%20administration), or leave a message in the [#hosting-community channel](https://wordpress.slack.com/archives/hosting-community/) at [WordPress Slack](https://make.wordpress.org/chat/).[/info] - -## Changelog - -- 2023-01-15: Minor fixes, and reviewed. -- 2022-08-16: First version. diff --git a/multisite/admin.md b/multisite/admin.md index 3cf8b846..80ae2cb9 100644 --- a/multisite/admin.md +++ b/multisite/admin.md @@ -16,7 +16,7 @@ The Dashboard is information central and tells you about your network sites, pro ### Sites {#sites} -Use the [Network Admin Sites Screen](https://wordpress.org/documentation/articles/network-admin-sites/screen) to review and manage the various sites that are part of your network. These sites will be either subdirectory or subdomain sites as determined by how the network was configured. From this screen you can access Info, Users, Themes, and Settings for each site in your Network. +Use the [Network Admin Sites Screen](https://developer.wordpress.org/advanced-administration/multisite/admin/#network-admin-sites-screen) to review and manage the various sites that are part of your network. These sites will be either subdirectory or subdomain sites as determined by how the network was configured. From this screen you can access Info, Users, Themes, and Settings for each site in your Network. Use the [Add New Sites Screen](https://developer.wordpress.org/advanced-administration/multisite/admin/#add-site) to add new sites to your network. @@ -61,7 +61,7 @@ _Super Admin Sites_ Lists all sites on this network. - **Edit**: Click this link to go to Edit Site Screen to view/edit Settings of the site and add users. -- **Backend**: Switch Administration Screens to the site's one. +- **Dashboard**: Switch Administration Screens to the site's one. - **Deactivate / Activate**: Deactivate / Activate the site. - **Archive**: Archive the site (same as Deactivate, effectively) - **Spam**: Mark the site as spam. Makes it unavailable to use for anyone. @@ -124,6 +124,3 @@ If for any reason a site does not get upgraded, each site should be upgraded whe If a version update to core has not happened, clicking this button won't affect anything. -## Changelog - -- 2022-10-21: Original content from [Network Admin](https://wordpress.org/documentation/article/network-admin/), [Network Admin Sites Screen](https://wordpress.org/documentation/article/network-admin-sites-screen/), and [Network Admin Updates Screen](https://wordpress.org/documentation/article/network-admin-updates-screen/). diff --git a/multisite/administration.md b/multisite/administration.md index 7f39106b..ec0adaed 100644 --- a/multisite/administration.md +++ b/multisite/administration.md @@ -1,10 +1,10 @@ # Multisite Network Administration -Once you've [created a Multisite Network](https://developer.wordpress.org/advanced-administration/multisite/create-network/), there are some additional things you might need to know about advanced administration, due to the additional complexity of a Multisite. Even if you're familiar with WordPress, the location and behavior of Multisite Network Administration can be confusing. +Once you've [created a Multisite Network](https://developer.wordpress.org/advanced-administration/multisite/create-network/), there are some additional things you might need to know about advanced administration, due to the additional complexity of a Multisite. Even if you’re familiar with WordPress, the structure and behavior of Multisite Network Administration might seem confusing at first. ## User Access & Capabilities {#user-access-capabilities} -By design, all users who are added to your network will have _subscriber_ access to **all sites** on your network. To allocate a different default role for users on individual sites, you must use a plugin. +By default, all users added to your network will have _subscriber_ access to **all sites** of your network. To assign a different default role for users on individual sites, you need to use a plugin. The capabilities of the site administrator role are also reduced in a WordPress Network. Site admins cannot install new themes or plugins and cannot edit the profiles of users on their site. Only the Network Admin (aka Super Admin) has the ability to perform these tasks in a WordPress network. @@ -20,7 +20,7 @@ Also note that the `blog` prefix is not used for static pages which will be acce Your first site on a fresh install will put uploaded files in the traditional location of `/wp-content/uploads/`, however all _subsequent_ sites on your network will be in the `/wp-content/uploads/sites/` folder, in their own subfolder based on the site number, designated by the database. These files will be accessible via that URL. -This is a change from Multisite 3.0-3.4.2, where images of subsites were stored in `/wp-content/blogs.dir/` and were shown in http://example.com/files/ and http://example.com/sitename/files and so on. If you started with a Multisite install older than 3.5, it is _not_ an error if your images show with the URL of `/files/`. +This is a change from Multisite 3.0-3.4.2, where images of subsites were stored in `/wp-content/blogs.dir/` and were shown in https://example.com/files/ and https://example.com/sitename/files and so on. If you started with a Multisite install older than 3.5, it is _not_ an error if your images show with the URL of `/files/`. Regardless of WP version, these locations cannot be changed by site admins. Only the network admin can make changes on the site settings page. It is not recommended that you change these without understanding how both the `ms-files.php` works in conjunction with your `.htaccess`, as it can easily become non-functional. If the `/files/` urls aren't working, it's indicative of a misconfigured .htaccess or httpd.conf file on your server. @@ -213,6 +213,3 @@ Moving Multisite is more complicated than moving a single install. Please read [ When you've created your WordPress Network for importing other sites, you need to look at the [Migrating Multiple Blogs into WordPress Multisite](https://wordpress.org/documentation/article/migrating-multiple-blogs-into-wordpress-multisite/) article. -## Changelog - -- 2022-10-25: Original content from [Multisite Network Administration](https://wordpress.org/documentation/article/multisite-network-administration/). diff --git a/multisite/create-network.md b/multisite/create-network.md index 04fc0ee2..98eecf6d 100644 --- a/multisite/create-network.md +++ b/multisite/create-network.md @@ -61,7 +61,7 @@ Once more: See [Before You Create A Network](https://developer.wordpress.org/adv **Network Details** -These are filled in automatically, but you can make changes. Server Address The domain of the URL you are using to access your WordPress installation. Network Title The title of your network as a whole. Admin E-mail Address Your email address as super admin of the network as a whole. +These are filled in automatically, but you can make changes. `Server Address`: the domain of the URL you are using to access your WordPress installation. `Network Title`: the title of your network as a whole. `Network Admin E-mail`: your email address as super admin of the network as a whole. Double-check the details and press the **Install** button. @@ -109,8 +109,5 @@ For help troubleshooting: * [Hosting WordPress](https://wordpress.org/documentation/article/hosting-wordpress/) * [Installing Multiple Blogs](https://developer.wordpress.org/advanced-administration/before-install/multiple-instances/) -* [How to adapt my plugin to Multisite?](http://stackoverflow.com/questions/13960514/how-to-adapt-my-plugin-to-multisite/) +* [How to adapt my plugin to Multisite?](https://stackoverflow.com/questions/13960514/how-to-adapt-my-plugin-to-multisite/) -## Changelog - -- 2022-10-21: Original content from [Create A Network](https://wordpress.org/documentation/article/create-a-network/). diff --git a/multisite/domain-mapping.md b/multisite/domain-mapping.md index 7e202d9c..1acb00cf 100644 --- a/multisite/domain-mapping.md +++ b/multisite/domain-mapping.md @@ -34,6 +34,3 @@ define( 'COOKIE_DOMAIN', $_SERVER['HTTP_HOST'] ); 2. [MultiSite Network Administration](https://developer.wordpress.org/advanced-administration/multisite/administration/) 3. [Installing Multiple Blogs](https://developer.wordpress.org/advanced-administration/before-install/multiple-instances/) -## Changelog - -- 2022-10-25: Original content from [WordPress Multisite Domain Mapping](https://wordpress.org/documentation/article/wordpress-multisite-domain-mapping/). diff --git a/multisite/index.md b/multisite/index.md index ab59c453..9a623635 100644 --- a/multisite/index.md +++ b/multisite/index.md @@ -8,6 +8,3 @@ The content in a Multisite has its own unique tables in the database, only the u You can create a multisite that works with subdirectories ("path-based") or use domains or subdomains ("domain-based"). For how to map the domains, see [WordPress Multisite Domain Mapping](https://developer.wordpress.org/advanced-administration/multisite/domain-mapping/) -## Changelog - -- 2023-05-19: First content. \ No newline at end of file diff --git a/multisite/prepare-network.md b/multisite/prepare-network.md index 3d3f04a6..69a0c8bf 100644 --- a/multisite/prepare-network.md +++ b/multisite/prepare-network.md @@ -49,13 +49,13 @@ When you are planning a network, it can sometimes be helpful to use a developmen In all cases, you will need to make sure your server can use the more complex .htaccess (or nginx.conf or web.config) rules that Multisite requires. -Multisite requires [mod_rewrite](https://wordpress.org/documentation/article/glossary#mod_rewrite) to be loaded on the Apache server, support for it in [.htaccess](https://wordpress.org/documentation/article/glossary#htaccess) files, and Options FollowSymLinks either already enabled or at least not permanently disabled. If you have access to the server configuration, then you could use a Directory section instead of a .htaccess file. Also make sure that your httpd.conf file is set for "AllowOverride" to be "All" or "Options All" for the vhost of the domain. You can ask your webhost for more information on any of this. +Multisite requires [mod_rewrite](https://wordpress.org/documentation/article/glossary#mod-rewrite) to be loaded on the Apache server, support for it in [.htaccess](https://wordpress.org/documentation/article/glossary#htaccess) files, and Options FollowSymLinks either already enabled or at least not permanently disabled. If you have access to the server configuration, then you could use a Directory section instead of a .htaccess file. Also make sure that your httpd.conf file is set for "AllowOverride" to be "All" or "Options All" for the vhost of the domain. You can ask your webhost for more information on any of this. Some server requirements depend on the type of multisite network you want to create, as follows. ### Domain-based {#domain-based} -Also known as 'Subdomain' installs, a Domain-based network uses URLs like http://subsite.example.com +Also known as 'Subdomain' installs, a Domain-based network uses URLs like https://subsite.example.com A domain-based network maps different domain names to the same directory in the server's file system where WordPress is installed. You can do this in various ways, for example: @@ -71,17 +71,17 @@ WordPress _should_ be run from the root of your webfolder (i.e. `public_html`) External links: -* [Wildcard DNS record](http://en.wikipedia.org/wiki/Wildcard_DNS_record) (Wikipedia) -* [Apache Virtual Host](http://httpd.apache.org/docs/2.0/en/vhosts/) (Apache HTTP Server documentation) +* [Wildcard DNS record](https://en.wikipedia.org/wiki/Wildcard_DNS_record) (Wikipedia) +* [Apache Virtual Host](https://httpd.apache.org/docs/2.0/en/vhosts/) (Apache HTTP Server documentation) * [cPanel Domains](https://documentation.cpanel.net/display/74Docs/cPanel+Features+List#DomainsTab) (cPanel documentation) For some examples of how to configure wildcard subdomains on various systems, see: [Configuring Wildcard Subdomains](https://wordpress.org/documentation/article/configuring-wildcard-subdomains/) ### Path-based {#path-based} -Also known as 'Subfolder' or 'Subdirectory' installs, a path-based network uses URLs like http://example.com/subsite +Also known as 'Subfolder' or 'Subdirectory' installs, a path-based network uses URLs like https://example.com/subsite -If you are using pretty permalinks in your site already, then a path-based network will work as well, and you do not need any of the other information in this section. That said, be aware that your main site will use the following URL pattern for posts: http://example.com/blog/[postformat]/ +If you are using pretty permalinks in your site already, then a path-based network will work as well, and you do not need any of the other information in this section. That said, be aware that your main site will use the following URL pattern for posts: https://example.com/blog/[postformat]/ At this time, you **cannot** remove the blog slug without manual configuration to the network options in a non-obvious place. It's not recommended. @@ -117,6 +117,3 @@ You _cannot choose **Sub-directory** Install_ (for a path-based network) if your _See `wp-admin/network.php` for more detail)_ -## Changelog - -- 2022-10-21: Original content from [Before You Create A Network](https://wordpress.org/documentation/article/before-you-create-a-network/). diff --git a/multisite/settings.md b/multisite/settings.md index e80de4dc..0870b5fc 100644 --- a/multisite/settings.md +++ b/multisite/settings.md @@ -141,6 +141,3 @@ Default is English. On WordPress Multisite the default setting for plugins is disabled. This means your users won't have access to the plugin admin panel inside their dashboard unless you first enable access to plugins network wide. -## Changelog - -- 2023-04-25: Original content from [Network Admin Settings Screen](https://wordpress.org/documentation/article/network-admin-settings-screen/). diff --git a/multisite/sites-multisite.md b/multisite/sites-multisite.md index 5aaf0a66..5f3e669b 100644 --- a/multisite/sites-multisite.md +++ b/multisite/sites-multisite.md @@ -78,6 +78,3 @@ If the old site is no longer available and you find you have forgotten to copy s Another option might be the [Internet Archive Wayback Machine](https://archive.org/web/). They may have a copy of the site (or some part of it) archived. -## Changelog - -- 2023-01-20: Original content from [Migrating multiple blogs into WordPress multisite](https://wordpress.org/documentation/article/migrating-multiple-blogs-into-wordpress-multisite/) diff --git a/performance/cache.md b/performance/cache.md index f11d3d82..185c6a8d 100644 --- a/performance/cache.md +++ b/performance/cache.md @@ -16,7 +16,7 @@ If your posts/pages have a lot of dynamic content configuring caching can be mor **Browser caching** can help to reduce server load by reducing the number of requests per page. For example, by setting the correct file headers on files that don't change (static files like images, CSS, JavaScript etc) browsers will then cache these files on your visitor's computer. This technique allows the browser to check to see if files have changed, instead of simply requesting them. The result is your web server can answer many more 304 responses, confirming that a file is unchanged, instead of 200 responses, which require the file to be sent. -Look into HTTP Cache-Control (specifically **max-age**) and Expires headers, as well as [Entity Tags](http://en.wikipedia.org/wiki/HTTP_ETag) for more information. +Look into HTTP Cache-Control (specifically **max-age**) and Expires headers, as well as [Entity Tags](https://en.wikipedia.org/wiki/HTTP_ETag) for more information. ## Object Caching {#object-caching} @@ -37,9 +37,6 @@ Adding an opcode cache like [Opcache](https://www.php.net/manual/en/book.opcache ## Further Reading {#further-reading} * [Core Caching Concepts in WordPress](https://www.tollmanz.com/core-caching-concepts-in-wordpress/) -* [Best Practices for Speeding Up Your Web Site](http://developer.yahoo.com/performance/rules.html) – Expires / Cache-Control Header and ETags (by Yahoo! Developer Network) -* [WebSiteOptimization.com: Use Server Cache Control to Improve Performance](http://www.websiteoptimization.com/speed/tweak/cache/) +* [Best Practices for Speeding Up Your Web Site](https://developer.yahoo.com/performance/rules.html) – Expires / Cache-Control Header and ETags (by Yahoo! Developer Network) +* [WebSiteOptimization.com: Use Server Cache Control to Improve Performance](https://www.websiteoptimization.com/speed/tweak/cache/) -## Changelog - -- 2022-09-04: Original content from [Optimization – Caching](https://wordpress.org/documentation/article/optimization-caching/). diff --git a/performance/index.md b/performance/index.md index 64625089..6d6ed3ee 100644 --- a/performance/index.md +++ b/performance/index.md @@ -4,6 +4,3 @@ -## Changelog - -- 2022-08-16: Nothing here, yet. diff --git a/performance/optimization.md b/performance/optimization.md index 9bc65049..b2abf2e7 100644 --- a/performance/optimization.md +++ b/performance/optimization.md @@ -235,7 +235,3 @@ If you use a Persistent Object Cache, options (whether autoloaded or not) load f - [Presentation on HyperDB and High Performance from WordCamp 2007 (San Francisco)](https://onemansblog.com/2007/08/16/wordcamp-2007-hyperdb-and-high-performance-wordpress/) - [50 tips su Web Performance Optimization per siti ad alto traffico WordCamp Bologna (Italy) 2013](https://www.slideshare.net/AndreaCardinali/50-tips-su-web-performance-optimization-per-siti-ad-alto-traffico-wpcamp-bologna-2013) -## Changelog - -- 2023-05-03: Revised content to comply with [External Linking Policy](https://make.wordpress.org/docs/handbook/documentation-team-handbook/external-linking-policy/). -- 2022-09-11: Original content from [Optimization](https://wordpress.org/documentation/article/optimization/). diff --git a/performance/php.md b/performance/php.md new file mode 100644 index 00000000..3f4f0a99 --- /dev/null +++ b/performance/php.md @@ -0,0 +1,78 @@ +## PHP + +PHP (PHP: Hypertext Preprocessor) is a popular programming language on the Internet. PHP turns dynamic content, like that in WordPress, into HTML, CSS, and JavaScript that web browsers can read. WordPress is written primarily in PHP, and a server must have PHP in order for WordPress to be able to run. + +As PHP is an interpreted language, its version and configuration has a large impact on how well and whether WordPress will run. + +### Version + +When possible, PHP 7.4 or greater should be used to run WordPress. As of the writing of this document, PHP 7.4 is the officially supported version for WordPress while PHP 8.0 and 8.1 are "compatible with exceptions", and PHP 8.2 is on "beta support". PHP 8 is the only major version of PHP still receiving active development and support. The PHP group regularly retires support for older versions of PHP, and older versions are not guaranteed to be updated for security concerns. + +At the same time, newer versions of PHP contain both security and performance improvements, while being accompanied by new features and bug fixes, which are not guaranteed to be backwards compatible. However, extreme care must be taken when upgrading the version of PHP. While WordPress is compatible with the latest releases of PHP, sites built to use older versions of PHP may not be compatible due to their included plugins and themes. + +If upgrading to PHP 8 is not immediately possible, upgrading to PHP 7.4 should be done as soon as possible. While WordPress _may_ work with older versions of PHP, these versions have reached official End Of Life, and running outdated PHP installations **may expose your site to security vulnerabilities**. + +You can find which PHP version is compatible with your WordPress version in the [PHP Compatibility and WordPress Versions](https://make.wordpress.org/core/handbook/references/php-compatibility-and-wordpress-versions/) page. + +More information about the support versions of PHP can always be found [on PHP's supported versions page](https://www.php.net/supported-versions.php). + +When upgrading PHP, it's a good practice to test sites for compatibility before upgrading. If you offer multiple environments, such as a staging and a production environment, PHP version should be configurable separately for each environments. This will allow users to test newer version of PHP in their non-production environment and resolve any issues before upgrading PHP version in the production environment. + +There's a useful [WP-CLI command](https://github.com/danielbachhuber/php-compat-command) for performing a general compatibility check, but be aware that it is not 100% accurate. + +### Configuration + +PHP is primarily configured using a configuration file, `php.ini`, from which PHP reads all of its settings and configuration at runtime. This usually happens through CGI/FastCGI, or a process manager like PHP-FPM. + +Some server environment may allow PHP configurations to be customized with other files like the `.htaccess` or `.user.ini` file. + +You can see detailed information about each of these directives [in the official PHP documentation](https://www.php.net/manual/en/ini.core.php). + +#### Timeouts + +There are several timeout settings on a system that limit different aspects of a request. When configuring your timeouts, it's important to select values that work well together. For example, it doesn't make sense to have a very high script execution timeout on your PHP service, if the web server (e.g. Apache) timeout is lower than that - in such case, if the request takes longer, it will be killed by the web server no matter your PHP timeout setting is. + +Note that processes take different amount of time, depending on the server load, and those limitations are placed to ensure that your server functions properly. If you have high server load, processes may take longer to complete thus causing a cascade effect leading to even more server load. That's why it's a matter of balance between giving enough time for your scripts to be compiled and ensuring that you're within normal server loads. + +The primary PHP timeout can be set with the [`max_execution_time`](https://www.php.net/manual/en/info.configuration.php#ini.max-execution-time) `php.ini` directive. This limits code execution, and not system library calls or MySQL queries, [except on Windows](https://www.php.net/manual/en/function.set-time-limit.php), where it does. + +The maximum time allowed for data transfer from the web server to PHP is specified with the [`max_input_time`](https://www.php.net/manual/en/info.configuration.php#ini.max-input-time) `php.ini` directive. It is usually used to limit the amount of time allowed to upload files. It's important to note that the amount of time is separate from `max_execution_time`, and defines the amount of time between when the web server calls PHP and execution starts. + +Note that these timeouts are often configured per server and you won't be able to modify them if you're on a shared hosting account. The best approach would be to contact your hosting company tech support and see if they can be modified to suit your needs. + +#### Memory Limits + +The maximum amount of memory that PHP is allowed to use per page render is specified with the [`memory limit`](https://www.php.net/manual/en/ini.core.php#ini.memory-limit) `php.ini` directive. + +In addition to setting memory limits within PHP, WordPress has two memory configuration constants that can be changed in the **wp-config.php** file. WordPress will raise the PHP `memory_limit` to these values if it has permission to do so, but if the `php.ini` specifies higher amounts, WordPress will not lower the amount allowed. + +The option `WP_MEMORY_LIMIT` declares the amount of memory WordPress should request for rendering the frontend of the website. WordPress default is 40 MB and WordPress MultiSite default is 64 MB. + +``` +define( 'WP_MEMORY_LIMIT', '128M' ); +``` + +The option `WP_MAX_MEMORY_LIMIT` declares the amount of memory WordPress should request for rendering the backend of the website. WordPress default is 256 MB. + +``` +define( 'WP_MAX_MEMORY_LIMIT', '256M' ); +``` + +Since the WordPress backend usually requires more memory, there's a separate setting for the amount, that can be set for logged in users. This is mainly required for media uploads. You can have it set higher than the front end limit to ensure your backend has all the resources it needs. Usually, `WP_MEMORY_LIMIT <= WP_MAX_MEMORY_LIMIT`. + +#### File Upload Sizes + +When uploading media files and other content to WordPress using the WordPress admin dashboard, WordPress uses PHP to process the uploads. PHP's configuration includes limits on the size of files that can be uploaded through PHP and on the size of requests that can be sent to the web server for processing. These will need to align with the server's timeouts, discussed above. + +The limit on the size of individual file uploads can be configured using the [`upload_max_filesize`](https://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize) `php.ini` directive. + +The limit on the entire size of a request that can be sent from the web server to PHP for processing can be configured using the [`post_max_size`](https://www.php.net/manual/en/ini.core.php#ini.post-max-size) `php.ini` directive. The value for `post_max_size` must be greater than or equal to the value for `upload_max_filesize`. PHP will not process requests larger in size than the value for `post_max_size`. + +Note that `post_max_size` applies to every PHP request and not only uploads, so it may become important to address separately if a site processes a large amount of other data included with the request. + +Bear in mind that on shared hosting accounts, those limits are usually set on a server level and you may not be able to modify them or increase them above a certain value. In addition to that, different setups have different ways to modify the above mentioned values. Contact your hosting company tech support for additional assistance on that matter. + +#### Replacing WordPress' Cron Triggers + +The `wp-cron.php` script is responsible for causing certain tasks to be scheduled and executed automatically. Every time someone visits your website, `wp-cron.php` checks whether it is time to execute a job or not. Even though these checks are small and fast they consume time and produce load. For this reason, it's worth considering setting the [`DISABLE_WP_CRON` constant](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#disable-cron-and-cron-timeout) and using an alternative method to trigger WordPress' cron system. Note, however, that the WordPress cron system is designed with performance in mind and requires minimal resources to operate so it's not mandatory to replace it unless you really need to do so. + diff --git a/plugins/editor-screen.md b/plugins/editor-screen.md index 1d159498..946306f8 100644 --- a/plugins/editor-screen.md +++ b/plugins/editor-screen.md @@ -35,6 +35,3 @@ Under the editor, there is a dropdown menu listing function names found in the P Remember to click this button to save the changes you have made to the Plugin file. After clicking this button you should see a splash message at the top of the screen saying "File edited successfully". If you don't see that message, then your changes are not saved! Note that if a file is not writeable the Update File button will not be available. -## Changelog - -- 2023-04-10: Original content from [Plugin File Editor Screen](https://wordpress.org/documentation/article/plugins-editor-screen/). Minor additions and copy-editing. diff --git a/plugins/index.md b/plugins/index.md index 1e796714..c54a810b 100644 --- a/plugins/index.md +++ b/plugins/index.md @@ -4,6 +4,3 @@ -## Changelog - -- 2022-08-16: Nothing here, yet. diff --git a/plugins/mu-plugins.md b/plugins/mu-plugins.md index 1ec7d568..f6492195 100644 --- a/plugins/mu-plugins.md +++ b/plugins/mu-plugins.md @@ -29,12 +29,9 @@ The code handling /mu-plugins/ was merged into the main WordPress code on 03/07/ In this process the name “mu plugins” became a misnomer because it did not apply exclusively to multisite installs and because “MU” was not even being used anymore to refer to WP installations with multiple blogs. Despite this, the name was kept and **re-interpreted to mean “must-use plugins”**, i.e. these are plugins that must always be used, thus they are autoloaded on all sites regardless of the settings in the Plugins pane of wp-admin. -Thus “Must-Use” is effectively a [Backronym](http://en.wikipedia.org/wiki/Backronym), like [PHP](https://wordpress.org/documentation/article/wordpress-glossary/#PHP) (which originally meant “Personal Home Page” but was later re-interpreted as meaning “PHP Hypertext Preprocessor”, which is also a [Recursive Acronym](http://en.wikipedia.org/wiki/Recursive_acronym)). +Thus “Must-Use” is effectively a [Backronym](https://en.wikipedia.org/wiki/Backronym), like [PHP](https://wordpress.org/documentation/article/wordpress-glossary/#PHP) (which originally meant “Personal Home Page” but was later re-interpreted as meaning “PHP Hypertext Preprocessor”, which is also a [Recursive Acronym](https://en.wikipedia.org/wiki/Recursive_acronym)). ## Source Code * `get_mu_plugins()` is located in [wp-admin/includes/plugin.php](https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-admin/includes/plugin.php#L0). * `wp_get_mu_plugins()` is located in [wp-includes/load.php](https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-includes/load.php#L0). -## Changelog - -- 2022-09-11: Original content from [Must Use Plugins](https://wordpress.org/documentation/article/must-use-plugins/). Minor additions and copy-editing. diff --git a/resources/faq.md b/resources/faq.md index deeb0edd..64602ba2 100644 --- a/resources/faq.md +++ b/resources/faq.md @@ -188,7 +188,7 @@ For example, if you are adding the following in your post: ``` ...an article about "Happiness" is at -Happiness +Happiness if you would like to read it... ``` @@ -196,7 +196,7 @@ Is actually imported into the database looking like this: ``` ...an article about \"Happiness\" is at -Happiness +Happiness if you would like to read it... ``` @@ -315,7 +315,3 @@ See also: * [WordPress Backups](https://developer.wordpress.org/advanced-administration/security/backup/) -## Changelog - -- 2023-02-17: Links updated, and some fixes for deprecated content. -- 2023-01-31: Original content from [FAQ Troubleshooting](https://wordpress.org/documentation/article/faq-troubleshooting-2/). diff --git a/resources/index.md b/resources/index.md index 8a554cc2..1a0a51c9 100644 --- a/resources/index.md +++ b/resources/index.md @@ -40,8 +40,8 @@ Other than that, these are some solid resources for you to review: - [W3 Schools](https://www.w3schools.com/cssref/default.asp) - [MDN](https://developer.mozilla.org/en-US/docs/CSS) -- [CSS Tricks](http://css-tricks.com/) -- [CSS Zen Garden - the art of the possible in CSS](http://www.csszengarden.com/) +- [CSS Tricks](https://css-tricks.com/) +- [CSS Zen Garden - the art of the possible in CSS](https://www.csszengarden.com/) - [CSS on A List Apart](https://alistapart.com/blog/topic/css/) - [Flexbox Guide](https://duckduckgo.com/?q=css+tricks+flexbox&ia=web) - [CSS Grid Guide](https://duckduckgo.com/?q=css+tricks+grid&ia=web) @@ -56,10 +56,10 @@ Other than that, these are some solid resources for you to review: ## PHP -- [PHP Language Reference](http://php.net/manual/en/langref.php) -- [PHP Function Reference](http://php.net/manual/en/funcref.php) +- [PHP Language Reference](https://www.php.net/manual/en/langref.php) +- [PHP Function Reference](https://www.php.net/manual/en/funcref.php) - [W3Schools PHP](https://www.w3schools.com/php/default.asp) -- [PHP The Right Way](http://www.phptherightway.com/) is a high level review of modern PHP +- [PHP The Right Way](https://phptherightway.com/) is a high level review of modern PHP - [PHPDoc](https://www.phpdoc.org/docs/latest/index.html) for documenting your code - [SitePoint's PHP resources](https://www.sitepoint.com/php/) @@ -72,6 +72,3 @@ Other than that, these are some solid resources for you to review: - [PHP Cookbook](https://www.oreilly.com/library/view/php-cookbook/9781098121310/) - [Programming PHP](https://www.oreilly.com/library/view/programming-php-4th/9781492054122/) -## Changelog - -- 2022-09-04: Original content from [Know Your Sources](https://codex.wordpress.org/Know_Your_Sources), based on ticket [Github](https://github.com/WordPress/Documentation-Issue-Tracker/issues/328#issuecomment-1144870008). diff --git a/security/backup-database.md b/security/backup-database.md index 027e383c..dbbf3893 100644 --- a/security/backup-database.md +++ b/security/backup-database.md @@ -177,15 +177,15 @@ In addition to MySQL Workbench, there are many GUI tools that let you backup (ex | Name | OS (Paid edition) | OS (Free edition) | | |---|---|---| -| [MySQL Workbench](http://www.mysql.com/products/workbench/) | Windows/Mac/Linux | Windows/Mac/Linux | See [above](https://developer.wordpress.org/advanced-administration/security/backup/database/#Using_MySQL_Workbench) | -| [EMS SQL Management Studio for MySQL](http://sqlmanager.net/en/products/studio/mysql) | Windows | | | -| [Aqua Data Studio](http://www.aquafold.com/) | Windows/Mac/Linux | Windows/Mac/Linux (14 days trial) | Available in 9 languages | +| [MySQL Workbench](https://www.mysql.com/products/workbench/) | Windows/Mac/Linux | Windows/Mac/Linux | See [above](https://developer.wordpress.org/advanced-administration/security/backup/database/#Using_MySQL_Workbench) | +| [EMS SQL Management Studio for MySQL](https://www.sqlmanager.net/products/mysql/studio) | Windows | | | +| [Aqua Data Studio](https://www.aquafold.com/) | Windows/Mac/Linux | Windows/Mac/Linux (14 days trial) | Available in 9 languages | | [Navicat for MySQL](https://www.navicat.com/en/products/navicat-for-mysql) | Windows/Mac/Linux | Windows/Mac/Linux (14 days trial) | Available in 8 languages | -| [SQLyog](http://www.webyog.com/en/) | Windows | | | +| [SQLyog](https://webyog.com/en/) | Windows | | | | [Toad for MySQL](https://www.toadworld.com/) | | Windows | | -| [HeidiSQL](http://www.heidisql.com/) | | Windows | | -| [Sequel Pro](http://sequelpro.com/) | Mac | CocoaMySQL successor | | -| [Querious](http://www.araelium.com/querious/) | | Mac | | +| [HeidiSQL](https://www.heidisql.com/) | | Windows | | +| [Sequel Pro](https://sequelpro.com/) | Mac | CocoaMySQL successor | | +| [Querious](https://www.araelium.com/querious/) | | Mac | | ### Using WordPress Database Backup Plugin {#using-wordpress-database-backup-plugin} @@ -280,6 +280,3 @@ Enter password: (enter your mysql password) user@linux:~/files/blog> ``` -## Changelog - -- 2022-10-25: Original content from [Backing Up Your Database](https://developer.wordpress.org/advanced-administration/security/backup/database/). diff --git a/security/backup-files.md b/security/backup-files.md index 9d306b5b..4fcfded9 100644 --- a/security/backup-files.md +++ b/security/backup-files.md @@ -31,7 +31,7 @@ Most website hosts provide software to back up your site. Check with your host t **Create Synchs With Your Site** -[WinSCP](http://winscp.net/eng/index.php) and other programs allow you to synchronize with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places. +[WinSCP](https://winscp.net/eng/index.php) and other programs allow you to synchronize with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places. #### Synchronize your files in WinScp {#synchronize-your-files-in-winscp} @@ -46,6 +46,3 @@ Using [FTP Clients](https://developer.wordpress.org/advanced-administration/upgr Normally, there would be no need to copy the WordPress core files, as you can replace them from a fresh download of the WordPress zip file. The important files to back up would be your wp-config.php file, which contains your settings and your wp-content directory (plus its contents) which contains all your theme and plugin files. -## Changelog - -- 2022-10-25: Original content from [Backing Up Your WordPress Files](https://wordpress.org/documentation/article/backing-up-your-wordpress-files/). diff --git a/security/backup.md b/security/backup.md index 9d43b722..4087d696 100644 --- a/security/backup.md +++ b/security/backup.md @@ -64,7 +64,7 @@ Most website hosts provide software to back up your site. Check with your host t **Create Sync With Your Site** -[WinSCP](http://winscp.net/eng/index.php) and other programs allow you to sync with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places. +[WinSCP](https://winscp.net/eng/index.php) and other programs allow you to sync with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places. **Copy Your Files to Your Desktop** @@ -172,8 +172,8 @@ Various plugins exist to take automatic scheduled backups of your WordPress data ### Backup Resources -* [FTP Backups](http://www.guyrutenberg.com/2010/02/28/improved-ftp-backup-for-wordpress/) – How to automate backing up to an FTP server -* [Incremental Backups](http://www.guyrutenberg.com/2013/03/28/incremental-wordpress-backups-using-duply-duplicity/) – How to make encrypted incremental backups using duplicity +* [FTP Backups](https://www.guyrutenberg.com/2010/02/28/improved-ftp-backup-for-wordpress/) – How to automate backing up to an FTP server +* [Incremental Backups](https://www.guyrutenberg.com/2013/03/28/incremental-wordpress-backups-using-duply-duplicity/) – How to make encrypted incremental backups using duplicity * [Using phpMyAdmin with WordPress](https://developer.wordpress.org/advanced-administration/upgrade/phpmyadmin/) #### Backup Tools @@ -188,7 +188,3 @@ Various plugins exist to take automatic scheduled backups of your WordPress data * [WordPress Backups](https://developer.wordpress.org/advanced-administration/security/backup/) * [Upgrading WordPress Extended](https://developer.wordpress.org/advanced-administration/upgrade/upgrading/) -## Changelog - -- 2022-10-25: Original content from [Restoring Your Database From Backup](https://wordpress.org/documentation/article/restoring-your-database-from-backup/). -- 2022-09-11: Original content from [WordPress Backups](https://wordpress.org/documentation/article/wordpress-backups/). diff --git a/security/brute-force.md b/security/brute-force.md index e5d0f64e..de40a68a 100644 --- a/security/brute-force.md +++ b/security/brute-force.md @@ -8,7 +8,7 @@ Due to the nature of these attacks, you may find your server's memory goes throu This sort of attack is not endemic to WordPress, it happens with every webapp out there, but WordPress is popular and thus a frequent target. -### Throttling Multiple Login Attempts (#throttling-multiple-login-attempts) +### Throttling Multiple Login Attempts {#throttling-multiple-login-attempts} One of the most common kinds of attacks targeting internet services is brute force login attacks. With this form of attack, a malicious party tries to guess WordPress usernames and passwords. The attacker needs only the URL of a user site to perform an attack. Software is readily available to perform these attacks using botnets, making increasingly complex passwords easier to find. @@ -28,12 +28,10 @@ You can also use the plugin [Change Username](https://wordpress.org/plugins/chan #### Good Passwords {#good-passwords} -The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed. Many [automatic password generators](http://www.google.com/?q=password+generator) are available that can be used to create secure passwords. +The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed. Many automatic password generators are available that can be used to create secure passwords. WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this when changing your password to ensure its strength is adequate. -You can use the [Force Strong Password](https://wordpress.org/plugins/force-strong-passwords/) plugin to force users to set strong passwords. - Things to avoid when choosing a password: * Any permutation of your own real name, username, company name, or name of your website. @@ -62,7 +60,7 @@ You can have the 401 point to 401.html, but the point is to aim it at _not_ Word For Nginx you can use the `error_page` directive but must supply an absolute url. ``` -error_page 401 http://example.com/forbidden.html; +error_page 401 https://example.com/forbidden.html; ``` On IIS web servers you can use the `httpErrors` element in your web.config, set `errorMode="custom"`: @@ -81,7 +79,7 @@ On IIS web servers you can use the `httpErrors` element in your web.config, set Password protecting your wp-login.php file (and wp-admin folder) can add an extra layer to your server. Because password protecting wp-admin can break any plugin that uses ajax on the front end, it's usually sufficient to just protect wp-login.php. -To do this, you will need to create a .htpasswd file. Many hosts have tools to do this for you, but if you have to do it manually, you can use this [htpasswd generator](http://www.htaccesstools.com/htpasswd-generator/). Much like your .htaccess file (which is a file that is only an extension), .htpasswd will also have no prefix. +To do this, you will need to create a .htpasswd file. Many hosts have tools to do this for you, but if you have to do it manually, you can use this [htpasswd generator](https://hostingcanada.org/htpasswd-generator/). Much like your .htaccess file (which is a file that is only an extension), .htpasswd will also have no prefix. You can either put this file outside of your public web folder (i.e. not in /public_html/ or /domain.com/, depending on your host), or you _can_ put it in the same folder, but you'll want to do some extra security work in your .htaccess file if you do. @@ -105,7 +103,7 @@ Speaking of which, once you've uploaded the .htpasswd file, you need to tell .ht The actual location of AuthUserFile depends on your server, and the 'require user' will change based on what username you pick. -If you are using Nginx you can password protect your wp-login.php file using the [HttpAuthBasicModule](http://wiki.nginx.org/HttpAuthBasicModule). This block should be inside your server block. +If you are using Nginx you can password protect your wp-login.php file using the [HttpAuthBasicModule](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html). This block should be inside your server block. ``` location /wp-login.php { @@ -126,7 +124,7 @@ user3:pass3 Unfortunately there is no easy way of configuring a password protected wp-login.php on Windows Server IIS. If you use a .htaccess processor like Helicon Ape, you can use the .htaccess example mentioned above. Otherwise you'd have to ask your hosting provider to set up Basic Authentication. -All passwords must be encoded by function `crypt(3)`. You can use an online [htpasswd generator](http://www.htaccesstools.com/htpasswd-generator/) to encrypt your password. +All passwords must be encoded by function `crypt(3)`. You can use an online [htpasswd generator](https://hostingcanada.org/htpasswd-generator/) to encrypt your password. #### Throttle Multiple Login Attempts @@ -142,7 +140,7 @@ If you are the only person who needs to login to your Admin area and you have a **Note:** Beware your ISP or computer may be changing your IP address frequently, this is called dynamic IP addressing, rather than fixed IP addressing. This could be used for a variety of reasons, such as saving money. If you suspect this to be the case, find out out how change your computer's settings, or contact your ISP to obtain a fixed address, in order to use this procedure. -In all examples you have to replace 203.0.113.15 with your IP address. Your Internet Provider can help you to establish your IP address. Or you can use an online service such as [What Is My IP](http://www.whatismyip.com/). +In all examples you have to replace 203.0.113.15 with your IP address. Your Internet Provider can help you to establish your IP address. Or you can use an online service such as [What Is My IP](https://www.whatismyip.com/). Examples for multiple IP addresses are also provided. They're ideal if you use more than one internet provider, if you have a small pool of IP addresses or when you have a couple of people that are allowed access to your site's Dashboard. @@ -193,7 +191,7 @@ If you want to add more than one IP address, you can use: For Nginx you can add a location block inside your server block that works the same as the Apache example above. ``` -error_page 403 http://example.com/forbidden.html; +error_page 403 https://example.com/forbidden.html; location /wp-login.php { allow 203.0.113.15 # or for the entire network: @@ -233,7 +231,7 @@ Extended from [Combatting Comment Spam](https://codex.wordpress.org/Combating_Co RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php* RewriteCond %{HTTP_REFERER} !.*example.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ - RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L] + RewriteRule (.*) https://%{REMOTE_ADDR}/$1 [R=301,L] ``` @@ -241,7 +239,7 @@ Nginx – Deny Access to No Referrer Requests ``` location ~* (wp-comments-posts|wp-login)\\.php$ { - if ($http_referer !~ ^(http://example.com) ) { + if ($http_referer !~ ^(https://example.com) ) { return 405; } } @@ -265,7 +263,7 @@ Change example.com to your domain. If you're using Multisite with mapped domains #### ModSecurity {#modsecurity} -If you use ModSecurity, you can follow the advice from [Frameloss – Stopping brute force logins against WordPress](http://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/). This requires root level access to your server, and may need the assistance of your webhost. +If you use ModSecurity, you can follow the advice from [Frameloss – Stopping brute force logins against WordPress](https://web.archive.org/web/20230113232859/https://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/). This requires root level access to your server, and may need the assistance of your webhost. If you're using ModSecurity 2.7.3, you can add the rules into your .htaccess file instead. @@ -291,13 +289,8 @@ Services like CloudFlare and Sucuri CloudProxy can also help mitigate these atta ### See Also {#see-also} -* [Sucuri: Protecting Against WordPress Brute Force Attacks](http://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html) +* [Sucuri: Protecting Against WordPress Brute Force Attacks](https://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html) * [How to: Protect WordPress from brute-force XML-RPC attacks](https://www.saotn.org/how-to-wordpress-protection-from-brute-force-xml-rpc-attacks/) -* [Liquid Web: ModSecurity Rules To Alleviate Brute Force Attacks](http://kb.liquidweb.com/wordpress-modsecurity-rules/) -* [HostGator: Password Protecting wp-login](http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack) -* [Stopping Brute-force Logins](http://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/) +* [Liquid Web: ModSecurity Rules To Alleviate Brute Force Attacks](https://www.liquidweb.com/kb/wordpress-modsecurity-rules/) * [Swiss Army Knife for WordPress (SAK4WP)](https://github.com/orbisius/sak4wp/) – Free Open Source Tool that can help you protect your wp-login.php and /wp-admin/ but not /wp-admin/admin-ajax.php with one click and much more -## Changelog - -- 2022-10-25: Original content from [Brute Force Attacks](https://wordpress.org/documentation/article/brute-force-attacks/). diff --git a/security/display-errors.md b/security/display-errors.md new file mode 100644 index 00000000..a01c9fe0 --- /dev/null +++ b/security/display-errors.md @@ -0,0 +1,28 @@ +# Display Errors + +## What is display_errors? + +`display_errors` is a directive found in PHP, found in the php.ini file. With this option, PHP determines whether or not errors should be printed directly on the page. + +## Why does display_errors need to be disabled? + +According to [PHP documentation](https://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors), it should never be enabled on production environments or live sites. + +While `display_errors` may provide useful information in debugging scenarios, there are potential security issues that need to be taken into account if it is activated. [See OWASP article about improper error handling.](https://owasp.org/www-community/Improper_Error_Handling) + +However, some hosting companies have `display_errors` enabled by default. This may be due to a misconfiguration, such as trying to disable it by using a configuration that does not work in hosting environments where for example PHP is not running as a module, but with PHP FastCGI Process Manager (PHP-FPM). + +## How to disable display_errors + +Check your hosting control panel to disable `display_errors` or reach out to your hosting provider. + +If your PHP is running as Apache module, you may be able to disable display_errors with the following .htaccess configuration: + +` php_flag display_errors off ` + +If your server uses FastCGI/PHP-FPM, it may be possible disable the display_errors by ensuring that a .user.ini file with the following content: + +`display_errors = 0` + +If these examples do not work for you, or if you need more instructions, please reach out to your hosting provider. + diff --git a/security/hardening.md b/security/hardening.md index ad4a86d9..bbff76c0 100644 --- a/security/hardening.md +++ b/security/hardening.md @@ -10,7 +10,7 @@ Fundamentally, security _is not_ about perfectly secure systems. Such a thing mi **Website Hosts** -Often, a good place to start when it comes to website security is your hosting environment. Today, there are a number of options available to you, and while hosts offer security to a certain level, it's important to understand where their responsibility ends and yours begins. Here is a good article explaining the complicated dynamic between [web hosts and the security of your website](http://perezbox.com/2014/11/how-hosts-manage-your-website-security/). A secure server protects the privacy, integrity, and availability of the resources under the server administrator's control. +Often, a good place to start when it comes to website security is your hosting environment. Today, there are a number of options available to you, and while hosts offer security to a certain level, it's important to understand where their responsibility ends and yours begins. Here is a good article explaining the complicated dynamic between [web hosts and the security of your website](https://perezbox.com/2014/11/how-hosts-manage-your-website-security/). A secure server protects the privacy, integrity, and availability of the resources under the server administrator's control. Qualities of a trusted web host might include: @@ -44,7 +44,7 @@ Keeping backups and knowing the state of your WordPress installation at regular **Trusted Sources** -Do not get plugins/themes from untrusted sources. Restrict yourself to the WordPress.org repository or well known companies. Trying to get plugins/themes from the outside [may lead to issues](http://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html). +Do not get plugins/themes from untrusted sources. Restrict yourself to the WordPress.org repository or well known companies. Trying to get plugins/themes from the outside [may lead to issues](https://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html). ### Vulnerabilities on Your Computer {#vulnerabilities-on-your-computer} @@ -90,7 +90,7 @@ Your web host should be making sure that their network is not compromised by att Many potential vulnerabilities can be avoided with good security habits. A strong password is an important aspect of this. -The goal with your password is to make it hard for other people to guess and hard for a [brute force attack](https://developer.wordpress.org/advanced-administration/security/brute-force/) to succeed. Many [automatic password generators](http://www.google.com/?q=password+generator) are available that can be used to create secure passwords. +The goal with your password is to make it hard for other people to guess and hard for a [brute force attack](https://developer.wordpress.org/advanced-administration/security/brute-force/) to succeed. Many [automatic password generators](https://www.google.com/?q=password+generator) are available that can be used to create secure passwords. WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this when changing your password to ensure its strength is adequate. @@ -173,7 +173,7 @@ When you tell WordPress to perform an automatic update, all file operations are If you run multiple blogs on the same server, it is wise to consider keeping them in separate databases each managed by a different user. This is best accomplished when performing the initial [WordPress installation](https://developer.wordpress.org/advanced-administration/before-install/howto-install/). This is a containment strategy: if an intruder successfully cracks one WordPress installation, this makes it that much harder to alter your other blogs. -If you administer MySQL yourself, ensure that you understand your MySQL configuration and that unneeded features (such as accepting remote TCP connections) are disabled. See [Secure MySQL Database Design](http://www.securityfocus.com/infocus/1667) for a nice introduction. +If you administer MySQL yourself, ensure that you understand your MySQL configuration and that unneeded features (such as accepting remote TCP connections) are disabled. See [Secure MySQL Database Design](https://www.securityfocus.com/infocus/1667) for a nice introduction. #### Restricting Database User Privileges {#restricting-database-user-privileges} @@ -187,7 +187,7 @@ Therefore any other database structure and administration privileges, such as DR ### Securing wp-admin {#securing-wp-admin} -Adding server-side password protection (such as [BasicAuth](http://en.wikipedia.org/wiki/Basic_access_authentication)) to `/wp-admin/` adds a second layer of protection around your blog's admin area, the login screen, and your files. This forces an attacker or bot to attack this second layer of protection instead of your actual admin files. Many WordPress attacks are carried out autonomously by malicious software bots. +Adding server-side password protection (such as [BasicAuth](https://en.wikipedia.org/wiki/Basic_access_authentication)) to `/wp-admin/` adds a second layer of protection around your blog's admin area, the login screen, and your files. This forces an attacker or bot to attack this second layer of protection instead of your actual admin files. Many WordPress attacks are carried out autonomously by malicious software bots. Simply securing the `wp-admin/` directory might also break some WordPress functionality, such as the AJAX handler at `wp-admin/admin-ajax.php`. See the [Resources](https://developer.wordpress.org/advanced-administration/resources/) section for more documentation on how to password protect your `wp-admin/` directory properly. @@ -222,17 +222,16 @@ Note that this won't work well on Multisite, as `RewriteRule ^wp-includes/[^/]+\ You can move the `wp-config.php` file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store `wp-config.php` outside the web-root folder. -**Note:** Some people assert that [moving wp-config.php has minimal security benefits](http://wordpress.stackexchange.com/q/58391/3898) and, if not done carefully, may actually introduce serious vulnerabilities. [Others disagree](http://wordpress.stackexchange.com/a/74972/24425). +**Note:** Some people assert that [moving wp-config.php has minimal security benefits](https://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial) and, if not done carefully, may actually introduce serious vulnerabilities. [Others disagree](https://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial/74972#74972). Note that `wp-config.php` can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission). If you use a server with .htaccess, you can put this in that file (at the very top) to deny access to anyone surfing for it: ``` - -order allow,deny -deny from all - + +Require all denied + ``` ### Disable File Editing {#disable-file-editing} @@ -256,7 +255,7 @@ file and restricting some access at the Apache level, before it is processed by Besides plugins, you can also install a WAF (web firewall) at your web server to filter content before it is processed by WordPress. The most popular open source WAF is ModSecurity. -A website firewall can also be added as intermediary between the traffic from the internet and your hosting server. These services all function as reverse proxies, in which they accept the initial requests and reroute them to your server, stripping it of all malicious requests. They accomplish this by modifying your DNS records, via an A record or full DNS swap, allowing all traffic to pass through the new network first. This causes all traffic to be filtered by the firewall before reaching your site. A few companies offer such service, like [CloudFlare](http://cloudflare.com), [Sucuri](https://sucuri.net/wordpress-security/) and [Incapsula](http://www.incapsula.com). +A website firewall can also be added as intermediary between the traffic from the internet and your hosting server. These services all function as reverse proxies, in which they accept the initial requests and reroute them to your server, stripping it of all malicious requests. They accomplish this by modifying your DNS records, via an A record or full DNS swap, allowing all traffic to pass through the new network first. This causes all traffic to be filtered by the firewall before reaching your site. A few companies offer such service, like [CloudFlare](https://www.cloudflare.com/), [Sucuri](https://sucuri.net/wordpress-security/) and [Incapsula](https://www.imperva.com/). Additionally, these third parties service providers function as Content Distribution Network (CDNs) by default, introducing performance optimization and global reach. @@ -272,7 +271,7 @@ A way to avoid using such a plugin is to use [custom page templates](https://wor ### Security through obscurity {#security-through-obscurity} -[Security through obscurity](http://en.wikipedia.org/wiki/Security_through_obscurity) is generally an unsound primary strategy. However, there are areas in WordPress where obscuring information _might_ help with security: +[Security through obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) is generally an unsound primary strategy. However, there are areas in WordPress where obscuring information _might_ help with security: 1. **Rename the administrative account:** When creating an administrative account, avoid easily guessed terms such as `admin` or `webmaster` as usernames because they are typically subject to attacks first. On an existing WordPress install you may rename the existing account in the MySQL command-line client with a command like: ``` @@ -305,11 +304,11 @@ Sometimes prevention is not enough and you may still be hacked. That's why intru #### Monitoring your logs {#monitoring-your-logs} -If you are on a dedicated or virtual private server, in which you have the luxury of root access, you have the ability easily configure things so that you can see what's going on. [OSSEC](http://www.ossec.net) easily facilitates this and here is a little write up that might help you out [OSSEC for Website Security – Part I](https://perezbox.com/2013/03/ossec-for-website-security-part-i/). +If you are on a dedicated or virtual private server, in which you have the luxury of root access, you have the ability easily configure things so that you can see what's going on. [OSSEC](https://www.ossec.net/) easily facilitates this and here is a little write up that might help you out [OSSEC for Website Security – Part I](https://perezbox.com/2013/03/ossec-for-website-security-part-i/). #### Monitoring your files for changes {#monitoring-your-files-for-changes} -When an attack happens, it always leave traces. Either on the logs or on the file system (new files, modified files, etc). If you are using [OSSEC](http://www.ossec.net) for example, it will monitor your files and alert you when they change. +When an attack happens, it always leave traces. Either on the logs or on the file system (new files, modified files, etc). If you are using [OSSEC](https://www.ossec.net/) for example, it will monitor your files and alert you when they change. ##### Goals {#goals} @@ -332,11 +331,11 @@ Administrators can monitor file system via general technologies such as: Options for file system monitoring include: -* [diff](http://en.wikipedia.org/wiki/Diff_utility) – build clean test copy of your site and compare against production -* [Git](http://git-scm.com/) – source code management -* [inotify](https://en.wikipedia.org/wiki/Inotify) and [incron](http://inotify.aiken.cz/?section=incron&page=doc&lang=en) – OS kernel level file monitoring service that can run commands on filesystem events +* [diff](https://en.wikipedia.org/wiki/Diff_utility) – build clean test copy of your site and compare against production +* [Git](https://git-scm.com/) – source code management +* [inotify](https://en.wikipedia.org/wiki/Inotify) and [incron](https://inotify.aiken.cz/?section=incron&page=doc&lang=en) – OS kernel level file monitoring service that can run commands on filesystem events * [Watcher](https://github.com/gregghz/Watcher/blob/master/jobs.yml) – Python inotify library -* [OSSEC](http://ossec.net) – Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. +* [OSSEC](https://www.ossec.net/) – Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. ##### Considerations {#considerations} @@ -362,26 +361,27 @@ Read about securing file permissions and ownership. In general, avoid allowing _ If the attacker tries to deface your site or add malware, you can also detect these changes by using a web-based integrity monitor solution. This comes in many forms today, use your favorite search engine and look for Web Malware Detection and Remediation and you'll likely get a long list of service providers. -### Resources {#resources} - -* [How to Improve WordPress Security (Infographic)](http://yourescapefrom9to5.com/wordpress-security-infographic) -* [Security Plugins](https://wordpress.org/plugins/tags/security) -* [WordPress Security Cutting Through the BS](http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html) -* [e-Book: Locking Down WordPress](http://build.codepoet.com/2012/07/10/locking-down-wordpress/) -* [wpsecure.net has a few guides on how to lock down WordPress.](http://wpsecure.net/basics/) -* [A Beginners Guide to Hardening WordPress](http://makeawebsitehub.com/wordpress-security/) -* [Brad Williams: Lock it Up (Video)](http://wordpress.tv/2010/01/23/brad-williams-security-boston10/) -* [21 Ways to Secure Your WordPress Site](https://hostingfacts.com/how-to-secure-wordpress/) -* [Official docs on how to password protect directories with an .htaccess file](http://httpd.apache.org/docs/2.2/howto/auth.html) -* [Simple tutorial on how to password protect the WordPress admin area and fix the 404 error](http://www.wpbeginner.com/wp-tutorials/how-to-password-protect-your-wordpress-admin-wp-admin-directory/) - -### See Also {#see-also} +### Official WordPress Resources {#resources} +* [WordPress Security Whitepaper](https://wordpress.org/about/security/) +* [Brute Force Attacks](https://developer.wordpress.org/advanced-administration/security/brute-force/) * [Security FAQ](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/) * [FAQ – My site was hacked](https://wordpress.org/documentation/article/faq-my-site-was-hacked/) -* [Brute Force Attacks](https://developer.wordpress.org/advanced-administration/security/brute-force/) -* [WordPress Security Whitepaper](https://wordpress.org/about/security/) -## Changelog +### See Also {#see-also} + +* [Open Source Security Explained](https://snyk.io/series/open-source-security/) (Snyk) +* [Is WordPress Safe?](https://patchstack.com/articles/is-wordpress-safe/) (Patchstack) +* [Authentication and Authorization — Official documentation for Apache HTTP server 2.2](https://httpd.apache.org/docs/current/howto/auth.html) +* [Security Controls](https://docs.nginx.com/nginx/admin-guide/security-controls/) and [Advanced Security documentation for NGINX](https://docs.nginx.com/nginx-management-suite/acm/how-to/policies/advanced-security/) +* Gridpane's [WordPress Security Knowledgebase](https://gridpane.com/knowledgebase/security/) and [WordPress Security Step-by-Step](https://gridpane.com/knowledgebase/security-strategies-and-tools/) +* [How WordPress Uses Authentication Cookies & Sessions: A Technical Deep-Dive](https://snicco.io/blog/how-wordpress-uses-authentication-cookies-and-sessions) (Snicco) +* [How WordPress Uses Salts and Why You Should Not Rotate Them: A Technical Deep-Dive](https://snicco.io/blog/wordpress-salts) (Snicco) +* [Session Management and Security](https://github.com/snicco/fortress/blob/beta/docs/modules/session/session-managment-and-security.md#session-management-and-security) (Snicco) +* [Securing WordPress Information Security Guideline](https://cio.ubc.ca/information-security/policy-standards-and-resources/securing-wordpress) (The University of British Columbia’s OCIO) +* [Security, From the Basics to Enterprise with Calvin Alkan, Kathy Zant, and Carl Alexander](https://dothewoo.io/security-from-the-basics-to-enterprise-with-calvin-alkan/) (Video) +* [WordPress Security Cutting Through the BS](https://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html) +* [e-Book: Locking Down WordPress](https://newcodepoet.files.wordpress.com/2012/07/lockingdownwordpress1-1.pdf) +* [Brad Williams: Lock it Up (Video)](https://wordpress.tv/2010/01/23/brad-williams-security-boston10/) +* [Security Plugins](https://wordpress.org/plugins/tags/security) -- 2022-10-25: Original content from [Hardening WordPress](https://wordpress.org/documentation/article/hardening-wordpress/). diff --git a/security/https.md b/security/https.md index b548da2f..7900599e 100644 --- a/security/https.md +++ b/security/https.md @@ -22,7 +22,7 @@ That happens when your web browser wants you to know a site is NOT using HTTPS. In turn, you don't want browsers suggesting you might be that kind of shady site owner yourself. -WordPress is fully [compatible with HTTPS when an TLS / SSL certificate](https://make.wordpress.org/support/user-manual/web-publishing/https-for-wordpress/) is installed and available for the web server to use. Support for HTTPS is strongly recommended to help maintain the security of both WordPress logins and site visitors. +WordPress is fully compatible with HTTPS when an TLS / SSL certificate is installed and available for the web server to use. Support for HTTPS is strongly recommended to help maintain the security of both WordPress logins and site visitors. ## Administration Over HTTPS @@ -55,6 +55,25 @@ if( strpos( $_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false ) $_SERVER['HTTPS'] = 'on'; ``` +#### Notice + +When you're using a proxy pass redirection, you transmit the request to an host of your networks but don't transmit the headers linked to it. However some headers are needed by wordpress to make it able to do some redirections. In order to transmit them you need to add some lines to your redirection. + +For instance, with Nginx you need to have these lines: +``` +location / { + proxy_pass http://your_host_name:your_port; + proxy_set_header Host $host:$server_port; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; +} +``` + +The variables like `$variabl`e are automatically managed by the reverse proxy. + ### Further Information {#further-information} The rest of this article serves as information in case you're using an older version of WordPress (which ideally you shouldn't!) or your SSL setup is somewhat different (ie. your SSL certificate is for a different domain). @@ -72,11 +91,11 @@ The following guide is for WordPress 1.5 and Apache running `mod_rewrite`, using You need a (virtual) host configured for the secure server in addition to the non-secure site. In this example, the secure virtual host uses the same `DocumentRoot` as the insecure host. Hypothetically, you could use a host with a different name, such as wpadmin.mysite.com and link the document root to the wpadmin directory. -Please ask your ISP to set up a secure virtual host for you, or if you have administrative access set up your own. Note that [you cannot use name based virtual hosting to identify different SSL servers](http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2). +Please ask your ISP to set up a secure virtual host for you, or if you have administrative access set up your own. Note that [you cannot use name based virtual hosting to identify different SSL servers](https://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2). **Rewrite Rules For The Insecure Host** -In the `.htaccess` or virtual host stanza in `httpd.conf` for your insecure host, add this rewrite rule to automatically go to the secure host when you browse to http://example.com/wp-admin/ or http://example.com/wp-login.php +In the `.htaccess` or virtual host stanza in `httpd.conf` for your insecure host, add this rewrite rule to automatically go to the secure host when you browse to https://example.com/wp-admin/ or https://example.com/wp-login.php This should go above the main wordpress rewrite block. @@ -98,7 +117,7 @@ The secure virtual host should have two rewrite rules in an .htaccess file or in ``` RewriteRule !^/wp-admin/(.*) - [C] -RewriteRule ^/(.*) http://www.example.com/$1 [QSA,L] +RewriteRule ^/(.*) https://www.example.com/$1 [QSA,L] ``` The first rule excludes the wp-admin directory from the next rule, which shuffles traffic to the secure site over to the insecure site, to keep things nice and seamless for your audience. @@ -125,7 +144,7 @@ NOTE: The below config is not 100% compatible with WordPress 2.8+, WordPress 2.8 RewriteEngine On RewriteRule !^/wp-(admin|includes)/(.*) - [C] - RewriteRule ^/(.*) http://www.example.com/$1 [QSA,L] + RewriteRule ^/(.*) https://www.example.com/$1 [QSA,L] @@ -182,7 +201,7 @@ RewriteBase / # For a site running on port 443 or else (http over ssl) RewriteCond %{SERVER_PORT} !^80$ RewriteRule !^wp-(admin|login|register)(.*) - [C] -RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [L] +RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L] # For a site running on port 80 (http) RewriteCond %{SERVER_PORT} ^80$ @@ -219,8 +238,5 @@ More testing, preferably with a packet sniffer and some hardcore network analysi #### Limitations {#limitations} -The author assumes (but hasn't checked) that if the user has stored cookies/told their browser to remember passwords (not based on form fields but if using certain external auth mechanism) and hits http://www.example.com/wp-admin/, those packets are sent in the clear and the cookie/auth headers could be intercepted. Therefore, to ensure maximum security, the user should explicitly use the https host or always log in at the beginning of new sessions. - -## Changelog +The author assumes (but hasn't checked) that if the user has stored cookies/told their browser to remember passwords (not based on form fields but if using certain external auth mechanism) and hits https://www.example.com/wp-admin/, those packets are sent in the clear and the cookie/auth headers could be intercepted. Therefore, to ensure maximum security, the user should explicitly use the https host or always log in at the beginning of new sessions. -- 2022-10-25: Original content from [Why should I use HTTPS](https://wordpress.org/documentation/article/why-should-i-use-https/), and [Administration Over SSL](https://wordpress.org/documentation/article/administration-over-ssl/). diff --git a/security/index.md b/security/index.md index e5e13598..29a294ee 100644 --- a/security/index.md +++ b/security/index.md @@ -13,7 +13,3 @@ Security largely consists of reducing risk and planning for recovery. Most secur Security is also about more than WordPress. It is also about making sure your hosting environment is secure and your personal online practices and behaviors keep you safe. Good security depends on the technology in use and the people using the technology. Obsolete or out-of-date technology can have bugs or vulnerabilities that can put your WordPress website at risk. People's bad online practices can also put your WordPress website as risk. It is important to make sure that not only do you keep the technology you use up-to-date and maintained but also that employees are using security best practices when using the Internet and when interacting with your hosting platform or customer WordPress sites. -## Changelog - -- 2022-08-16: Nothing here, yet. -- 2023-06-08: Moved from https://make.wordpress.org/hosting/handbook/security/ diff --git a/security/logging-in.md b/security/logging-in.md index 7d471919..cbd8f94b 100644 --- a/security/logging-in.md +++ b/security/logging-in.md @@ -5,6 +5,3 @@ Creating an extension [of this post about resetting your password](https://wordp [See this issue on github on sections to take over](https://github.com/WordPress/Documentation-Issue-Tracker/issues/79) with the following note: - promote WP CLI above the other options, for being the safest. -## Changelog - -- 2022-09-27: Adding the bare essentials. diff --git a/security/mfa.md b/security/mfa.md index dfd56725..78418663 100644 --- a/security/mfa.md +++ b/security/mfa.md @@ -30,7 +30,7 @@ Modern two-step authentication more frequently relies on a user's smartphone tha **Something You Know** -The most familiar form of authentication is the knowledge factor, or password. As old as [Open Sesame](http://en.wikipedia.org/wiki/Open_Sesame_(phrase)), passwords have long been a standard for anonymous authentication. In order for a knowledge factor to work, both parties need to know the password, but other parties must not be able to find or guess it. +The most familiar form of authentication is the knowledge factor, or password. As old as [Open Sesame](https://en.wikipedia.org/wiki/Open_sesame), passwords have long been a standard for anonymous authentication. In order for a knowledge factor to work, both parties need to know the password, but other parties must not be able to find or guess it. The first challenge is in exchanging the password with the trusted party safely. On the web, when you register for a new site, your password needs to be sent to that site's servers and might be intercepted in the process (which is why you should always check for SSL when registering or logging in — [HTTPS](https://developer.wordpress.org/advanced-administration/security/https/)). @@ -40,7 +40,7 @@ Finally, the password needs to be verified. When a user visits the site, they ne #### Benefits {#benefits} -There are a lot of different places to increase the security of a site, but the WordPress Security Team [has said](http://vip.wordpress.com/security/) that "The weakest link in the security of anything you do online is your password," so it makes sense to put energy into strengthening that aspect of your site. +There are a lot of different places to increase the security of a site, but the WordPress Security Team [has said](https://wpvip.com/security/) that "The weakest link in the security of anything you do online is your password," so it makes sense to put energy into strengthening that aspect of your site. #### Drawbacks {#drawbacks} @@ -62,6 +62,3 @@ You can [search for two-step authentication plugins](https://wordpress.org/plugi * [Brute Force Attacks](https://developer.wordpress.org/advanced-administration/security/brute-force/) -## Changelog - -- 2022-10-25: Original content from [Two Step Authentication](https://wordpress.org/documentation/article/two-step-authentication/). diff --git a/security/monitoring.md b/security/monitoring.md index cb86401a..463d25c1 100644 --- a/security/monitoring.md +++ b/security/monitoring.md @@ -14,7 +14,3 @@ While a site's services may be responding, to a user, a site being "up" means mo It is best practice to use performance profiling tools, such as New Relic, AppDynamics or Tideways, to diagnose the performance bottlenecks of your website and infrastructure. These tools will give you insight such as slow performing functions, external HTTP requests, slow database queries and more that are causing poor performance. -## Changelog - -- 2023-05-29: Updated from [Hosting Handbook](https://make.wordpress.org/hosting/handbook/reliability/#monitoring) -- 2023-03-04: Add new file. \ No newline at end of file diff --git a/security/users-and-roles.md b/security/users-and-roles.md index c4c37a8d..4aa45e86 100644 --- a/security/users-and-roles.md +++ b/security/users-and-roles.md @@ -1,17 +1,16 @@ # WordPress Users and Roles +WordPress has five default user role types — six if WordPress Multisite is enabled: -WordPress itself defines 5 default types of users (6 if WordPress Multisite is enabled). They are: +1. __Super Admins__ are superusers in WordPress multisite networks. They can create and delete sites on the network and manage the network, all its sites, users, plugins, themes, and options. Super Admins also have regular Administrator privileges within any site in the network. Only an existing Super Admin can grant or remove Super Admin privileges for another user. +2. __Administrators__ are superusers in single WordPress sites. They can update WordPress core, plugins, and themes. They can install, delete, and edit themes and plugins. Administrators can edit files and users, add users, and delete users. +3. __Editors__ can create, edit, publish, and delete pages and posts authored by them and other users, including private and published content. They can manage taxonomies, moderate comments, and upload files. +4. __Authors__ can create, edit, publish, and delete their own posts. They also can upload files. +5. __Contributors__ can create, edit, and delete their own posts but not publish them. +6. __Subscribers__ have no content privileges and can only read publicly accessible content, but unlike site visitors without an account, subscribers can access the WordPress back-end interface and edit their basic account settings like all other users. -* Super Administrator (If WordPress Multisite is enabled) - a superuser with access to the special WordPress Multisite administration features and all other normal administration features. -* Administrator (slug: 'administrator') - a superuser for the individual WordPress website with access to all of the administration features in the website. -* Editor (slug: 'editor') - a user who can publish posts and manage the posts of other users. -* Author (slug: 'author') - a user who can publish posts and manage the user's own posts. -* Contributor (slug: 'contributor') - a user who can write and manage the user's own posts but cannot publish them. -* Subscriber (slug: 'subscriber') - a user who can manage the user's own profile only. +When a WordPress Multisite network or individual site is first installed, Super Admin and Administrator accounts are automatically created. -Super Administrators, Administrators, and Editors are all considered "trusted" users, meaning they have capabilities that could be abused to damage or compromise a WordPress site. +Super Administrators, Administrators, and Editors are all considered "trusted" users, meaning they have capabilities that can be abused to damage or compromise a WordPress site. -When WordPress is first installed, an Administrator account is automatically set up. - -Plugins and themes can modify existing, as well as add additional types of, users and capabilities to WordPress beyond the defaults. These additional options are commonly used by plugins and themes to manage the functionality they add to WordPress. +Keep in mind that plugins and themes can modify the default user roles and capabilities. Misconfigured or vulnerable plugins and themes might allow any user to exercise arbitrary privileges or escalate a Subscriber, Contributor, Author, or Editor to Administrator privileges. diff --git a/server/control-panel.md b/server/control-panel.md index 7401a3a9..344bdb95 100644 --- a/server/control-panel.md +++ b/server/control-panel.md @@ -81,8 +81,3 @@ The controls below give you easy access to the following settings and tools: * "Maintenance mode" hides your website's content from visitors. * "Password Protection" specifies the password you will use to log in to WordPress from Plesk. -## Changelog - -- 2023-04-25: Removed outdated manual instructions from cPanel section and combined common WP Toolkit info for cPanel and Plesk. -- 2023-01-26: Original copied from [Using cPanel](https://wordpress.org/documentation/article/using-cpanel/). -- 2022-09-11: Original copied for Plesk. diff --git a/server/empty-database.md b/server/empty-database.md index 20b7d3c9..c6f80379 100644 --- a/server/empty-database.md +++ b/server/empty-database.md @@ -36,6 +36,3 @@ See [WordPress Backups](https://developer.wordpress.org/advanced-administration/ 8. Click “OK” and you will be returned to viewing all the tables in your database with the specified table’s contents emptied. -## Changelog - -- 2022-09-11: Original content from [Emptying a Database Table](https://wordpress.org/documentation/article/emptying-a-database-table/). diff --git a/server/file-permissions.md b/server/file-permissions.md index 660501e0..35c057f3 100644 --- a/server/file-permissions.md +++ b/server/file-permissions.md @@ -104,11 +104,11 @@ In this specific type setup, WordPress will detect that it can directly create f Popular methods used by sysadmins for this setup are: -* [suPHP](http://www.suphp.org/Home.html), runs through php-cgi, currently unmaintained since 2013. +* [suPHP](https://smarsching.github.io/suphp/Home.html), runs through php-cgi, currently unmaintained since 2013. * [mod_ruid2](https://github.com/mind04/mod-ruid2), apache module, currently unmaintained since 2013. * [mpm-itk](http://mpm-itk.sesse.net/), apache module. -* [mod_fcgid](http://httpd.apache.org/mod_fcgid/), an Apache module and FastCGI server with more extensive configuration. -* [PHP-FPM](http://php-fpm.org/), an alternative FastCGI server with shared OPCode, for use with Apache and Nginx. +* [mod_fcgid](https://httpd.apache.org/mod_fcgid/), an Apache module and FastCGI server with more extensive configuration. +* [PHP-FPM](https://php-fpm.org/), an alternative FastCGI server with shared OPCode, for use with Apache and Nginx. ## Using an FTP Client @@ -136,7 +136,7 @@ You can now see that the file permissions have been changed. ### Unhide the hidden files -By default, most [FTP Clients](https://developer.wordpress.org/advanced-administration/upgrade/ftp/), including [FileZilla](http://filezilla.sourceforge.net/), keep hidden files, those files beginning with a period (.), from being displayed. But, at some point, you may need to see your hidden files so that you can change the permissions on that file. For example, you may need to make your [.htaccess](https://wordpress.org/documentation/article/glossary#htaccess) file, the file that controls [permalinks](https://wordpress.org/documentation/article/using-permalinks/), writeable. +By default, most [FTP Clients](https://developer.wordpress.org/advanced-administration/upgrade/ftp/), including [FileZilla](https://sourceforge.net/projects/filezilla/), keep hidden files, those files beginning with a period (.), from being displayed. But, at some point, you may need to see your hidden files so that you can change the permissions on that file. For example, you may need to make your [.htaccess](https://wordpress.org/documentation/article/glossary#htaccess) file, the file that controls [permalinks](https://wordpress.org/documentation/article/using-permalinks/), writeable. To display hidden files in FileZilla, in it is necessary to select 'View' from the top menu, then select 'Show hidden files'. The screen display of files will refresh and any previously hidden file should come into view. @@ -308,6 +308,3 @@ $ setenforce usage: setenforce \[ Enforcing | Permissive | 1 | 0 \] ``` -## Changelog - -- 2022-09-11: Original content from [Changing File Permissions](https://wordpress.org/documentation/article/changing-file-permissions/). diff --git a/server/httpd.md b/server/httpd.md index d9a80f96..3f91628d 100644 --- a/server/httpd.md +++ b/server/httpd.md @@ -14,12 +14,12 @@ This page may be used to restore a corrupted `.htaccess` file (e.g. a misbehavin # BEGIN WordPress RewriteEngine On -RewriteRule .\* - \[E=HTTP\_AUTHORIZATION:%{HTTP:Authorization}\] +RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / -RewriteRule ^index\\.php$ - \[L\] -RewriteCond %{REQUEST\_FILENAME} !-f -RewriteCond %{REQUEST\_FILENAME} !-d -RewriteRule . /index.php \[L\] +RewriteRule ^index\.php$ - [L] +RewriteCond %{REQUEST_FILENAME} !-f +RewriteCond %{REQUEST_FILENAME} !-d +RewriteRule . /index.php [L] # END WordPress ``` @@ -37,19 +37,19 @@ If you activated Multisite on WordPress 3.5 or later, use one of these. # Using subfolder network type: https://wordpress.org/documentation/article/htaccess/#multisite RewriteEngine On -RewriteRule .\* - \[E=HTTP\_AUTHORIZATION:%{HTTP:Authorization}\] +RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / -RewriteRule ^index\\.php$ - \[L\] +RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin -RewriteRule ^(\[\_0-9a-zA-Z-\]+/)?wp-admin$ $1wp-admin/ \[R=301,L\] +RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] -RewriteCond %{REQUEST\_FILENAME} -f \[OR\] -RewriteCond %{REQUEST\_FILENAME} -d -RewriteRule ^ - \[L\] -RewriteRule ^(\[\_0-9a-zA-Z-\]+/)?(wp-(content|admin|includes).\*) $2 \[L\] -RewriteRule ^(\[\_0-9a-zA-Z-\]+/)?(.\*\\.php)$ $2 \[L\] -RewriteRule . index.php \[L\] +RewriteCond %{REQUEST_FILENAME} -f [OR] +RewriteCond %{REQUEST_FILENAME} -d +RewriteRule ^ - [L] +RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] +RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] +RewriteRule . index.php [L] # END WordPress Multisite ``` @@ -61,19 +61,19 @@ RewriteRule . index.php \[L\] # Using subdomain network type: https://wordpress.org/documentation/article/htaccess/#multisite RewriteEngine On -RewriteRule .\* - \[E=HTTP\_AUTHORIZATION:%{HTTP:Authorization}\] +RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / -RewriteRule ^index\\.php$ - \[L\] +RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin -RewriteRule ^wp-admin$ wp-admin/ \[R=301,L\] +RewriteRule ^wp-admin$ wp-admin/ [R=301,L] -RewriteCond %{REQUEST\_FILENAME} -f \[OR\] -RewriteCond %{REQUEST\_FILENAME} -d -RewriteRule ^ - \[L\] -RewriteRule ^(wp-(content|admin|includes).\*) $1 \[L\] -RewriteRule ^(.\*\\.php)$ $1 \[L\] -RewriteRule . index.php \[L\] +RewriteCond %{REQUEST_FILENAME} -f [OR] +RewriteCond %{REQUEST_FILENAME} -d +RewriteRule ^ - [L] +RewriteRule ^(wp-(content|admin|includes).*) $1 [L] +RewriteRule ^(.*\.php)$ $1 [L] +RewriteRule . index.php [L] # END WordPress Multisite ``` @@ -92,20 +92,20 @@ WordPress 3.0 through 3.4.2 RewriteEngine On RewriteBase / -RewriteRule ^index\\.php$ - \[L\] +RewriteRule ^index\.php$ - [L] # uploaded files -RewriteRule ^(\[\_0-9a-zA-Z-\]+/)?files/(.+) wp-includes/ms-files.php?file=$2 \[L\] +RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L] # add a trailing slash to /wp-admin -RewriteRule ^(\[\_0-9a-zA-Z-\]+/)?wp-admin$ $1wp-admin/ \[R=301,L\] +RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] -RewriteCond %{REQUEST\_FILENAME} -f \[OR\] -RewriteCond %{REQUEST\_FILENAME} -d -RewriteRule ^ - \[L\] -RewriteRule ^\[\_0-9a-zA-Z-\]+/(wp-(content|admin|includes).\*) $1 \[L\] -RewriteRule ^\[\_0-9a-zA-Z-\]+/(.\*\\.php)$ $1 \[L\] -RewriteRule . index.php \[L\] +RewriteCond %{REQUEST_FILENAME} -f [OR] +RewriteCond %{REQUEST_FILENAME} -d +RewriteRule ^ - [L] +RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L] +RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L] +RewriteRule . index.php [L] # END WordPress Multisite ``` @@ -118,15 +118,15 @@ RewriteRule . index.php \[L\] RewriteEngine On RewriteBase / -RewriteRule ^index\\.php$ - \[L\] +RewriteRule ^index\.php$ - [L] # uploaded files -RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 \[L\] +RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L] -RewriteCond %{REQUEST\_FILENAME} -f \[OR\] -RewriteCond %{REQUEST\_FILENAME} -d -RewriteRule ^ - \[L\] -RewriteRule . index.php \[L\] +RewriteCond %{REQUEST_FILENAME} -f [OR] +RewriteCond %{REQUEST_FILENAME} -d +RewriteRule ^ - [L] +RewriteRule . index.php [L] # END WordPress Multisite ``` @@ -149,7 +149,7 @@ All options except for MultiViews. This is the default setting. **ExecCGI** -Execution of CGI scripts using mod\_cgi is permitted. +Execution of CGI scripts using mod_cgi is permitted. **FollowSymLinks** @@ -157,7 +157,7 @@ The server will follow symbolic links in this directory. **Includes** -Server-side includes provided by mod\_include are permitted. +Server-side includes provided by mod_include are permitted. **IncludesNOEXEC** @@ -169,7 +169,7 @@ URL maps to a directory, and no DirectoryIndex, a formatted listing of the direc **MultiViews** -Content negotiated “MultiViews” are allowed using mod\_negotiation. +Content negotiated “MultiViews” are allowed using mod_negotiation. **SymLinksIfOwnerMatch** @@ -258,8 +258,8 @@ See also [Enable Compression](https://developers.google.com/speed/docs/insights/ ``` AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript BrowserMatch ^Mozilla/4 gzip-only-text/html -BrowserMatch ^Mozilla/4\\.0\[678\] no-gzip -BrowserMatch \\bMSIE !no-gzip !gzip-only-text/html +BrowserMatch ^Mozilla/4\.0[678] no-gzip +BrowserMatch \bMSIE !no-gzip !gzip-only-text/html ``` **Force Compression for certain files** @@ -296,7 +296,7 @@ This is very useful for protecting the `wp-login.php` file. You can use this [Ad ``` AuthType Basic AuthName "Password Protected" -AuthUserFile /full/path/to/.htpasswd +AuthUserFile /full/absolute/path/to/.htpasswd Require valid-user Satisfy All ``` @@ -307,31 +307,30 @@ Satisfy All AuthType Digest AuthName "Password Protected" AuthDigestDomain /wp-login.php https://example.com/wp-login.php -AuthUserFile /full/path/to/.htpasswd +AuthUserFile /full/absolute/path/to/.htpasswd Require valid-user Satisfy All ``` #### Require Specific IP -This is a way to only allow certain IP addresses to be allowed access. +This is a way to only allow access for IP addresses listed. Note usage of RequireAny instead of RequireAll. ``` -ErrorDocument 401 default -ErrorDocument 403 default - -Order deny,allow -Deny from all -Allow from 192.0.2.1 localhost + + Require ip 192.0.2.123 + Require ip 2001:0DB8:1111:2222:3333:4444:5555:6666 + ``` #### Protect Sensitive Files -This denies all web access to your wp-config file, error_logs, php.ini, and htaccess/htpasswds. +This denies all web access to your wp-config file, htaccess/htpasswd and Wordpress debug.log. On installed site, consider adding install.php as well. ``` -Order deny,allow -Deny from all + + Require all denied + ``` #### Require SSL @@ -349,7 +348,7 @@ ErrorDocument 403 https://www.example.com * [Official Apache HTTP Server Tutorial: .htaccess files](https://httpd.apache.org/docs/trunk/howto/htaccess.html) * [Official Htaccess Directive Quick Reference](https://httpd.apache.org/docs/trunk/mod/quickreference.html) -* [Htaccess Tutorial](https://www.askapache.com/htaccess/ +* [Htaccess Tutorial](https://www.askapache.com/htaccess/) * [Google PageSpeed for Developers](https://developers.google.com/speed/docs/insights/rules) * [Stupid Htaccess Tricks](https://perishablepress.com/stupid-htaccess-tricks/) * [Advanced Mod_Rewrite](https://www.askapache.com/htaccess/crazy-advanced-mod_rewrite-tutorial/) @@ -362,6 +361,3 @@ ErrorDocument 403 https://www.example.com * [UNIX Shell Skills](https://codex.wordpress.org/UNIX%20Shell%20Skills) * [Rewrite API](https://codex.wordpress.org/Rewrite%20API) -## Changelog - -- 2023-04-25: Original content from [htaccess](https://wordpress.org/documentation/article/htaccess/). diff --git a/server/index.md b/server/index.md index 60932483..388097df 100644 --- a/server/index.md +++ b/server/index.md @@ -4,6 +4,3 @@ -## Changelog - -- 2022-08-16: Nothing here, yet. diff --git a/server/mail.md b/server/mail.md new file mode 100644 index 00000000..4ffe8867 --- /dev/null +++ b/server/mail.md @@ -0,0 +1,69 @@ +# Mail + +This page details the philosphy, operations, and the recommended practices of making mailing work on WordPress. + +## Prerequisites + +Before starting, you'll need to have a basic understanding of the [SMTP protocol](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol) and the roles of each of its nodes ([MUA](https://en.wikipedia.org/wiki/Mail_user_agent) and [MTA](https://en.wikipedia.org/wiki/Message_transfer_agent)). + +## WordPress's Philosophy on Mailing + +WordPress's role as a CMS is to act as a [MUA](https://en.wikipedia.org/wiki/Mail_user_agent), not a MTA, in the email route. Hence, `wp_mail()` is setup by default to rely on the presence of a local MTA. + +WordPress can neither be a reliable or performant MTA (the same holds true for most other CMSs as well). Test benchmarks have shown that when WordPress is acting as a MTA itself (either via remote SMTP calls or HTTP API), page load time suffers by magnitudes due to network connection overhead compared to relaying to a local MTA. + +## How WordPress's Mailing operates out-of-the-box + +WordPress uses the `wp_mail()` function that utilizes the [PHPMailer](https://github.com/PHPMailer/PHPMailer) library in its default configuration. By default configuration, the PHPMailer library uses PHP's internal `mail()` function that requires the presence of a sendmail equivalent binary acting as [MTA](https://en.wikipedia.org/wiki/Message_transfer_agent) (configured via `sendmail_path` setting in `php.ini` which defaults to `/usr/sbin/sendmail` on most systems). Hence, in order for WordPress to work out-of-the-box, one needs to have the related mailing environment properly configured. + +This is generally not a problem if you are using a managed hosting service, but if you are running your own server and do not have a SMTP server (MTA) set up and/or the related mailing environment properly configured, the outgoing mail is unlikely to send. + +## Recommended Actions + +Besides the technical aspects, it's worthwhile to outline the recommended solutions given the different scenarios so the admins do not end up choosing solutions that don't fit them. + +If your WordPress site is on managed hosting, then there's typically nothing extra you need to do. Mails originated from your WordPress install shall work out-of-the-box. All mailing related questions shall be directed to your webhost. + +If you're on unmanged hosting (i.e. running your own server), there are typically three ways you can setup your mails: + +- Setup a local MTA or dedicated mail servers that sends mails directly: in this method, you as the admin is responsible for everything. Please keep in mind, even if you've configured all the related software correctly, you may still run into issues as mail deliverability extend into factors outside of your control such as IP reputation. Due to the amount of overhead and ongoing maintenance required, this method is typically reserved if you've the need to send very large volume of emails or you're a large webhost and need to be in control of the mail service. + +- Setup a local MTA and have it relay mails to a third party mailing service. This is the recommended method for most self-hosted setups, is easier to implement than the previous one, and still retains compatibility with WordPress' philosophy. If you don't want to deal with the complexity of mail deliverability issues in running a MTA, this is way to go. In fact, some smaller web hosts utilize this method (they would hold a business account with the third party mailing services and relay all the mails to the mailing service). If you host and manage your own site and need to send to a sizable newsletter audience, this method is also ideal. + +- Use a SMTP plugin and configure it to utilize a third party mailing service: doing this way, your WordPress install becomes a MTA itself. While the setup is much easier compared to other methods, your site may encounter significant performance degratdation due to network connection overhead. + +## Setting up your own mail servers + +If you are running your own *NIX server, you should have either `postfix` or `sendmail` equivalent on your machine and just need to set them up (you may search on the web for how-tos). If you wish to use a third party mailing service, the recommended practice is to setup your local MTA to relay mail to the remote SMTP server as this will prevent the page load time from suffering. If you do not want to manually setup a complete mail server such as `postfix` or `sendmail` on your *NIX box, there are two other ways: + +* Use a relay MTA in place of a local full-featured MTA: for example, [msmtp-mta](https://wiki.debian.org/msmtp) is a simplified MTA that can be used to relay emails using a remote SMTP server (i.e. a remote MTA). The package provides a `/usr/sbin/sendmail` symlink to `msmtp` and has sendmail compatible interface that other software can use directly. On a Windows machine, try a sendmail emulator like [Fake sendmail for Windows with TLS v1.2 support](https://github.com/sendmail-tls1-2/main). + +* Use SMTP plugins: You can install [SMTP plugins](https://wordpress.org/plugins/search/smtp/) from the WP.org plugin directory. These type of plugins overrides `wp_mail()` default settings to use PHPMailer's internal SMTP method instead, which utlize remote third party mailing services to send mail on your behalf of your domain. Doing this way, your WordPress install becomes a MTA itself. Please keep in mind, the performance of the page load time may degrade significantly utilizing this method. + +### Windows Host Server Specific + +Check your “Relay” settings on the SMTP Virtual Server. Grant access to `127.0.0.1` . Then in your `php.ini` file, set the `SMTP` setting to the same IP address. Also set `smtp_port` to `25`. + +### Ensuring Deliverability + +#### Ensure Proper Return Address is Used + +By default, the WordPress mailer fills in the `From:` field with *wordpress@example.com* and the `From:` name as *WordPress*. + +This is fine if this is a valid e-mail address. For example, if your domain is *example.com* and your email is *wordpress@example.com*, your host shall pass the email on for delivery. It will probably send your mail as long as *example.com* is setup to send and receive mail, even if *wordpress* is not a valid mail box. But if you set your real email as the `From:` address and it’s something like *wordpress@example.net*, the mail may not send because the DNS records of *example.net* did not authorize its mails to be handled by your mail server. + +#### When Treated as Spam + +Your email message may have been routed to a spam folder or even worse, simply discarded as malicious. There are a couple measures you can use to convince recipient’s mail servers that your message is legitimate and should be delivered as addressed. If you have a personal site, setting up SPF is the bare minimum to ensure deliverability. If your site also deals with commercial transaction related content, setting up both SPF and DKIM would be ideal, if not required. + +##### SPF (Sender Policy Framework) + +This is the most common anti-spam measure used. If you are on a managed hosting service, there is a good chance your host has set this up for the mail server you are using. Have WordPress email you and check the message headers for evidence that the message passed the SPF check. You can get a message sent by following the Forgot Password link on the login page. To keep your old password, do not follow the link in the message. + +If your system email failed the SPF check, you can set up the credentials if you have access to your DNS records and your mail server’s domain belongs to you. Check the return path of the email your system sent. If the mail server listed there has your domain name, you can set up SPF credentials. There are several how-tos on the Internet. + +##### DKIM (Domain Key Identified Mail) + +This system is also used. You can use both SPF and DKIM in the same message. Again, just as with SPF, you can check if your receiving mailserver verified your host’s domain key by examining the mail header. There is a fair chance no signature key was provided, indicating your host chose to not use this protocol. Also as with SPF, if you can edit your DNS records and the mail server belongs to your domain, you can set up DKIM credentials yourself. Some how-tos exist if you search the Internet. + +To get WordPress to send the proper DKIM keys, hook the `'phpmailer_init'` action. You are passed the `$phpmailer` object. Set the necessary properties and return the object. See the class source code for more information. It’s on [wp-includes/PHPMailer/PHPMailer.php](https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/PHPMailer/PHPMailer.php). diff --git a/server/nginx.md b/server/nginx.md index 15d781ab..e6d9dac3 100644 --- a/server/nginx.md +++ b/server/nginx.md @@ -10,7 +10,7 @@ When talking about Nginx, it is important to know that there are multiple ways t - Pretty Permalinks functionality is slightly different when running Nginx. - Since Nginx does not have .htaccess-type capability and WordPress cannot automatically modify the server configuration for you, it cannot generate the rewrite rules for you. - Without modifications to your install, “index.php” will be added to your Permalinks. (There are ways to mitigate this with plugins (see below) and/or adding custom code to your child theme’s functions.php.) -- However, if you do want to have some (limited) .htaccess capability, it is technically possible to do add by installing the [htscanner PECL extension for PHP](http://php.net/manual/en/book.htscanner.php). (However, this is not a perfect solution so be sure to test and debug thoroughly before using on a live site.) +- However, if you do want to have some (limited) .htaccess capability, it is technically possible to do add by installing the [htscanner PECL extension for PHP](https://www.php.net/manual/en/book.htscanner.php). (However, this is not a perfect solution so be sure to test and debug thoroughly before using on a live site.) This guide is not going to cover how to install and configure Nginx, so this assumes that you have already installed Nginx and have a basic understanding of how to work with and debug it. @@ -71,7 +71,7 @@ http { ### Per Site configuration ``` -# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil +# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ server { server_name _; @@ -181,16 +181,79 @@ server { This is more up-to-date example for Nginx: https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/ -### WordPress Multisite Subdirectory rules +### WordPress Multisite -For multisite subdirectory installations, here is the `global/wordpress.conf` file: +For multisite installations, use one of the below sections for the `global/wordpress.conf` file, depending on the version of WordPress that was in use when multisite was *activated*, as well as the domain/subdirectory configuration. + +#### WordPress 3.5 and up + +If you activated Multisite on WordPress 3.5 or later, use one of these. + +##### WordPress 3.5 and up Subdirectory Examples ``` -# WordPress multisite subdirectory rules. -# Designed to be included in any server {} block. +# WordPress multisite subdirectory config file for WP 3.5 and up. +server { + server_name example.com ; + + root /var/www/example.com/htdocs; + index index.php; + + if (!-e $request_filename) { + rewrite /wp-admin$ $scheme://$host$request_uri/ permanent; + rewrite ^(/[^/]+)?(/wp-.*) $2 last; + rewrite ^(/[^/]+)?(/.*\.php) $2 last; + } + + location / { + try_files $uri $uri/ /index.php?$args ; + } + + location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php; + } + + #add some rules for static content expiry-headers here +} +``` + +##### WordPress 3.5 and up Subdomains Examples + +``` +# WordPress multisite subdomain config file for WP 3.5 and up. +server { + server_name example.com *.example.com ; + + root /var/www/example.com/htdocs; + index index.php; + + location / { + try_files $uri $uri/ /index.php?$args ; + } + + location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php; + } + + #add some rules for static content expiry-headers here +} +``` + +#### WordPress 3.4 and below + +If you originally activated Multisite with WordPress with 3.4 or older, you need to use one of these: + +##### WordPress <=3.4 Subdirectory Examples + +``` +# WordPress multisite subdirectory config file for WP 3.4 and below. map $uri $blogname{ - ~^(?P/[^/]+/)files/(.*) $blogpath ; + ~^(?P/[^/]+/)files/(.*) $blogpath ; } map $blogname $blogid{ @@ -240,9 +303,10 @@ server { NGINX provides 2 special directive: X-Accel-Redirect and map. Using these 2 directives, one can eliminate performance hit for static-file serving on WordPress multisite network. -### WordPress Multisite subdomains rules +##### WordPress <=3.4 Subdomains Examples ``` +# WordPress multisite subdomain config file for WP 3.4 and below. map $http_host $blogid { default -999; @@ -294,8 +358,9 @@ Enabling HTTPS in Nginx is relatively simple. server { # listens both on IPv4 and IPv6 on 443 and enables HTTPS and HTTP/2 support. # HTTP/2 is available in nginx 1.9.5 and above. - listen *:443 ssl http2; - listen [::]:443 ssl http2; + listen *:443 ssl; + listen [::]:443 ssl; + http2 on; # indicate locations of SSL key files. ssl_certificate /srv/www/ssl/ssl.crt; @@ -547,9 +612,9 @@ location ~ /purge(/.*) { If you get an ‘unknown directive “fastcgi_cache_purge”‘ error check that your Nginx installation has fastcgi_cache_purge module. -## Better Performance for Static Files in Multisite +## Better Performance for Static Files in Multisite (WP <= 3.4) -By default, on a Multisite setup, a static file request brings php into picture i.e. `ms-files.php` file. You can get much better performance using Nginx `Map{..}` directive. +By default, on multisite networks activated prior to 3.5, a static file request brings php into picture i.e. `ms-files.php` file. You can get much better performance using Nginx `Map{..}` directive. In Nginx config for your site, above `server{..}` block, add a section as follows: @@ -608,28 +673,23 @@ A typo in [Global restrictions file](https://developer.wordpress.org/advanced-ad ### External Links -- [Nginx WordPress wiki page](http://wiki.nginx.org/WordPress) -- [Nginx Full Example](http://wiki.nginx.org/FullExample) -- [Nginx Full Example 2](http://wiki.nginx.org/FullExample2) -- [LEMP guides on Linode’s Library](http://library.linode.com/lemp-guides/) -- [Various guides about Nginx on Linode’s Library](http://library.linode.com/web-servers/nginx/) -- [Lightning fast WordPress with Php-fpm and Nginx](http://www.sitepoint.com/lightning-fast-wordpress-with-php-fpm-and-nginx/) -- [Virtual Hosts Examples](http://wiki.nginx.org/VirtualHostExample) -- [List of 20+ WordPress-Nginx Tutorials for common situations](http://rtcamp.com/wordpress-nginx/tutorials/) -- [An introduction to Nginx configuration](http://blog.martinfjordvald.com/2010/07/nginx-primer/) +- [Nginx WordPress wiki page](https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/) +- [LEMP guides on Linode’s Library](https://www.linode.com/docs/guides/web-servers/lemp/) +- [Various guides about Nginx on Linode’s Library](https://www.linode.com/docs/guides/web-servers/nginx/) +- [Lightning fast WordPress with Php-fpm and Nginx](https://www.sitepoint.com/lightning-fast-wordpress-with-php-fpm-and-nginx/) +- [Virtual Hosts Examples](https://wiki.nginx.org/VirtualHostExample) +- [List of 20+ WordPress-Nginx Tutorials for common situations](https://rtcamp.com/wordpress-nginx/tutorials/) +- [An introduction to Nginx configuration](https://blog.martinfjordvald.com/nginx-primer/) - [A comprehensive blog series on hosting WordPress yourself using Nginx](https://deliciousbrains.com/hosting-wordpress-setup-secure-virtual-server/) -- [WordPress Installation CentminMod](http://centminmod.com/nginx_configure_wordpress.html) +- [WordPress Installation CentminMod](https://centminmod.com/nginx_configure_wordpress.html) - [Nginx WordPress Installation Guide](https://thecustomizewindows.com/2015/12/nginx-wordpress-installation-guide-steps/) ### Scripts & Tools -For WordPress Nginx scripted installation [CentminMod](http://centminmod.com/nginx_configure_wordpress.html) can be used for CentOS. +For WordPress Nginx scripted installation [CentminMod](https://centminmod.com/nginx_configure_wordpress.html) can be used for CentOS. ### Securing Nginx -- [Securing Nginx and PHP](http://kbeezie.com/view/securing-nginx-php/) +- [Securing Nginx and PHP](http://kbeezie.com/securing-nginx-php/) - [Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration!](https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/) -## Changelog - -- 2022-10-25: Original content from [Nginx](https://wordpress.org/documentation/article/nginx/). diff --git a/server/server-info.md b/server/server-info.md index 7472b5ee..ac0a5238 100644 --- a/server/server-info.md +++ b/server/server-info.md @@ -23,7 +23,7 @@ Make sure there are no spaces before or after the command, just the command, and Upload the file to the root directory of your site. Then type in the address to the file in your browser: ``` -http://example.com/sffdsajk234.php +https://example.com/sffdsajk234.php ``` The result will be several pages long and it will contain a ton of information. Though your data may be in a different order, for the most part, you just need the summary items that lists things like this: @@ -40,10 +40,7 @@ That’s it. Make sure you remember to delete the file once you’re done with i ## Information and Resources -- [PHP.net’s phpinfo Manual](http://us3.php.net/phpinfo) -- [Zend’s PHP Manual on phpinfo](http://www.zend.com/manual/function.phpinfo.php) +- [PHP.net’s phpinfo Manual](https://www.php.net/phpinfo) +- [Zend’s PHP Manual on phpinfo](https://www.zend.com/manual/function.phpinfo.php) - [WordPress Environment PHP library](https://github.com/abelcallejo/wordpress-environment) -## Changelog - -- 2022-11-11: Original content from [Finding Server Info](https://wordpress.org/documentation/article/finding-server-info/). diff --git a/server/subdomains-wildcard.md b/server/subdomains-wildcard.md index 7bbfdd54..8679daee 100644 --- a/server/subdomains-wildcard.md +++ b/server/subdomains-wildcard.md @@ -42,7 +42,7 @@ ServerAlias *.|DOMAIN| _If you ever need to un-do a custom Httpd: return here, delete text from input area, save._ -- DirectAdmin.com: [Apache Wildcard Documentation](https://help.directadmin.com/item.php?id=127). DirectAdmin.com forum: [WordPress wildcard subdomains](http://www.directadmin.com/forum/showthread.php?p=195033). +- DirectAdmin.com: [Apache Wildcard Documentation](https://help.directadmin.com/item.php?id=127). DirectAdmin.com forum: [WordPress wildcard subdomains](https://forum.directadmin.com/threads/wildcard-subdomains-yea-i-know-its-a-common-one.29074/#post-195033). ## Amazon Web Services {#amazon-web-services} @@ -55,6 +55,3 @@ AWS Elastic Load Balancers cannot be assigned an elastic IP, therefore you must - Some registrars do not currently support wildcard CNames. - Amazon's Route53 Domain Name Service eliminates the CName issue, but at an additional cost. -## Changelog - -- 2023-01-20: Original copied from [Configuring Wildcard Subdomains](https://wordpress.org/documentation/article/configuring-wildcard-subdomains/) and links checked. diff --git a/server/web-server.md b/server/web-server.md index 0ef5d894..eb7a50fb 100644 --- a/server/web-server.md +++ b/server/web-server.md @@ -4,12 +4,9 @@ The web server is a piece of software that accepts user web requests and serves ## Apache HTTPD -TBD +See [Apache HTTPD / .htaccess](https://developer.wordpress.org/advanced-administration/server/web-server/httpd/) ## nginx -See [Nginx](nginx.md). +See [Nginx](https://developer.wordpress.org/advanced-administration/server/web-server/nginx/). -## Changelog - -- 2022-09-11: First move from the old handbook. diff --git a/server/wordpress-in-directory.md b/server/wordpress-in-directory.md index c9a9caf3..b9da005c 100644 --- a/server/wordpress-in-directory.md +++ b/server/wordpress-in-directory.md @@ -8,15 +8,15 @@ As of [Version 3.5](https://wordpress.org/documentation/wordpress-version/versio ## Moving a Root install to its own directory -Let's say you've installed WordPress at `example.com`. Now you have two different methods to move wordpress installations into subdirectory: +Let's say you've installed WordPress at `example.com`. Now you have two different methods to move WordPress installations into subdirectory: 1. Without change of SITE-URL (remains `example.com`) 2. With change in SITE-URL (it will redirect to `example.com/subdirectory`) ## Method I (Without URL change) -1. After Installing the wordpress in root folder, move EVERYTHING from root folder into subdirectory. -2. Create a `.htaccess` file in root folder, and put this content inside (just change `example.com` and `my_subdir`): +1. After Installing WordPress in the root folder, move EVERYTHING from the root folder into subdirectory. +2. Create a `.htaccess` file in the root folder, and put this content inside (just change `example.com` and `my_subdir`): ``` @@ -27,7 +27,7 @@ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /my_subdir/$1 RewriteCond %{HTTP_HOST} ^(www.)?example.com$ -RewriteRule ^(/)?$ my_subdir/index.php \[L\] +RewriteRule ^(/)?$ my_subdir/index.php [L] ``` @@ -39,17 +39,17 @@ That's all 🙂 _(p.s. If you've already installed WP in subdirectory, some steps might be already done automatically)._ -1. Create the new location for the core WordPress files to be stored (we will use `/wordpress` in our examples). (On linux, use `mkdir wordpress` from your `www` directory. You'll probably want to use `chown apache:apache` on the `wordpress` directory you created.) -2. Go to the [General](https://wordpress.org/documentation/article/administration-screens/#settings-configuration-settings) Screen. -3. In **WordPress address (URL):** set the address of your main WordPress core files. Example: http://example.com/wordpress -4. In **Site address (URL):** set root directory's URL. Example: http://example.com -5. Click **Save Changes**. (Do not worry about the errors that happen now! Continue reading) +1. Create the new location for the core WordPress files to be stored—we will use `/wordpress` in our examples. On Linux, use `mkdir wordpress` from your `www` directory. You'll probably want to use `chown apache:apache` on the `wordpress` directory you created. +2. Go to the [General](https://wordpress.org/documentation/article/administration-screens/#settings-configuration-settings) screen. +3. In **WordPress address (URL):** set the address of your main WordPress core files. Example: `https://example.com/wordpress`. +4. In **Site address (URL):** set root directory's URL. Example: `https://example.com`. +5. Click **Save Changes**. Do not worry about the errors that happen now! Continue reading. 6. Now move your WordPress core files (from root directory) to the subdirectory. 7. Copy (NOT MOVE!) the `index.php` and `.htaccess` files from the WordPress directory into the root directory of your site (Blog address). The `.htaccess` file is invisible, so you may have to set your FTP client to [show hidden files](https://developer.wordpress.org/advanced-administration/server/file-permissions/#Unhide_the_hidden_files). If you are not using [pretty permalinks](https://wordpress.org/documentation/article/using-permalinks/#using-pretty-permalinks), then you may not have a .`htaccess` file. _**If you are running WordPress on a Windows (IIS) server** and are using pretty permalinks, you'll have a `web.config` rather than a `.htaccess` file in your WordPress directory. For the `index.php` file the instructions remain the same, copy (don't move) the index.php file to your root directory. The `web.config` file, must be treated differently than the `.htaccess` file so you must MOVE (DON'T COPY) the `web.config` file to your root directory._ -8. Open your root directory's `index.php` file in a [text editor](https://wordpress.org/documentation/article/glossary#text-editor) -9. Change the following and save the file. Change the line that says:`require dirname( __FILE__ ) . '/wp-blog-header.php';`to the following, using your directory name for the WordPress core files: `require dirname( __FILE__ ) . '/wordpress/wp-blog-header.php';` -10. Login to the new location. It might now be http://example.com/wordpress/wp-admin/ -11. If you have set up [Permalinks](https://wordpress.org/documentation/article/using-permalinks/), go to the [Permalinks Screen](https://wordpress.org/documentation/article/administration-screens/#permalinks) and update your Permalink structure. WordPress will automatically update your `.htaccess` file if it has the appropriate file permissions. If WordPress can't write to your `.htaccess` file, it will display the new rewrite rules to you, which you should manually copy into your `.htaccess` file (in the same directory as the main `index.php` file.) +8. Open your root directory's `index.php` file in a [text editor](https://wordpress.org/documentation/article/glossary#text-editor). +9. Change the following and save the file. Change the line that says:`require dirname( __FILE__ ) . '/wp-blog-header.php';`to the following, using your directory name for the WordPress core files: `require dirname( __FILE__ ) . '/wordpress/wp-blog-header.php';`. +10. Login to the new location. It might now be `https://example.com/wordpress/wp-admin/`. +11. If you have set up [Permalinks](https://wordpress.org/documentation/article/using-permalinks/), go to the [Permalinks Screen](https://wordpress.org/documentation/article/administration-screens/#permalinks) and update your Permalink structure. WordPress will automatically update your `.htaccess` file if it has the appropriate file permissions. If WordPress can't write to your `.htaccess` file, it will display the new rewrite rules to you, which you should manually copy into your `.htaccess` file (in the same directory as the main `index.php` file). ### .htaccess modification @@ -78,6 +78,3 @@ The following links explains how to change specific directories within WordPress * [Using Caddy to give WordPress its own directory](https://caddy.community/t/using-caddy-to-give-wordpress-its-own-directory/13185) -## Changelog - -- 2022-09-11: Original content from [Giving WordPress Its Own Directory](https://wordpress.org/documentation/article/giving-wordpress-its-own-directory/). diff --git a/themes/index.md b/themes/index.md index 3a4f670b..f1c0c3a3 100644 --- a/themes/index.md +++ b/themes/index.md @@ -1,9 +1,56 @@ # Themes +The Theme refers to the underlying technologies and components that come together to deliver the visual design and functionality of a WordPress website. It encompasses the server-side components that power WordPress, as well as the architecture and files specific to WordPress themes. +Understanding the technology behind WordPress themes on the server is fundamental to building and maintaining successful WordPress websites. Whether you're a developer, designer, or administrator, this knowledge empowers you to create and manage themes effectively, ensuring a secure, high-performing, and visually appealing web presence. +## Technology of Themes +### Web Servers +Web servers (e.g., Apache, Nginx) handle incoming HTTP requests and serve web pages. They play a critical role in delivering WordPress themes to users. -## Changelog +### PHP +PHP is the server-side scripting language that WordPress is built upon. It processes requests, connects to the database, and generates dynamic content based on theme files and user input. + +### Databases +WordPress relies on databases, typically MySQL, to store content, settings, and theme data. It retrieves information from the database to dynamically generate web pages. + +### File Systems +File systems are used to store theme files, images, JavaScript, and CSS. Understanding the structure and organization of theme files is essential for theme development. + +## Theme Architecture +WordPress themes consist of PHP template files, CSS stylesheets, JavaScript files, and other assets. Themes are organized within the `wp-content/themes` directory on the server. + +Template files determine the layout and structure of web pages. Key templates include `header.php`, `footer.php`, and various content-specific templates like `single.php` and `page.php`. + +### Style Sheets (CSS) +CSS files control the visual presentation of the theme. Styles are defined in CSS files and determine elements like colors, fonts, and layout. + +### JavaScript +JavaScript files enhance website interactivity and functionality. These files can be included in themes for tasks like form validation, animations, and AJAX functionality. + +### Functions.php +The `functions.php` file contains PHP functions and code for theme-specific features and customizations. It's where you can add actions, filters, and custom functions to modify how the theme behaves. + +## Workflow on your Webserver + +### User Requests +When a user visits a WordPress site, the web server processes their request and forwards it to WordPress. + +### WordPress Core +WordPress core, which includes PHP scripts and database queries, interprets the user's request and retrieves content and settings. + +### Theme Integration +The selected theme's template files and styles are integrated into the content, and the final HTML, CSS, and JavaScript are generated and sent to the user's browser. + +## Customization and Optimization + +### Child Themes +Child themes are used to extend and customize existing themes without modifying the original theme files. This allows you to make changes without losing updates or risking theme conflicts. + +### Performance +Optimizing themes for performance includes minimizing server requests, reducing image sizes, and optimizing CSS and JavaScript. Caching techniques can also enhance loading speed. + +### Security Considerations +Proper security practices include keeping themes and WordPress core up-to-date, securing database access, and sanitizing user input to prevent vulnerabilities. -- 2022-08-16: Nothing here, yet. diff --git a/upgrade/adminer.md b/upgrade/adminer.md new file mode 100644 index 00000000..69587b11 --- /dev/null +++ b/upgrade/adminer.md @@ -0,0 +1,36 @@ +# Adminer + +## What is Adminer? + +[Adminer](https://www.adminer.org/), formerly known as phpMinAdmin, is a full-featured database management tool written in PHP. Unlike [phpMyAdmin](https://developer.wordpress.org/advanced-administration/upgrade/phpmyadmin/), which is a multi-file solution, Adminer consists of a single file that's ready for deployment to the target server. It is available for various databases, including MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Elasticsearch, MongoDB, and others. Since WordPress stores all its data in the MySQL database, Adminer offers a "raw" view of the data, tables, and fields within this database. + +## Advantages of Adminer + +- **Simple Interface**: Adminer offers a clean and user-friendly interface, unlike some other database management tools. +- **Direct Data Manipulation**: Useful for direct database edits, especially if WordPress stopped working. +- **Lightweight**: Being a single PHP file, it is easy to upload, use, and remove. + +## What is it good for? + +Adminer is beneficial for table maintenance, data backups, and direct database edits. Occasionally, in the [Support Forums](https://wordpress.org/support/welcome/#asking-for-support), contributors share beneficial SQL queries that can be executed using tools like Adminer. + +## Where can I get it? + +Many hosting control panels, like cPanel and Plesk, come with [phpMyAdmin](https://developer.wordpress.org/advanced-administration/upgrade/phpmyadmin/) pre-installed. If no database access is available, users can consult with their hosting provider to get database access. +For those who prefer to use Adminer, it can be downloaded from the [Adminer project page](https://www.adminer.org/). + +## Installing Adminer + +1. Download the latest version of Adminer from the [Adminer download page](https://www.adminer.org/en/#download). +2. Upload the Adminer PHP file into the WordPress root directory (where the `wp-config.php` file is located) using an FTP tool like [FileZilla](https://wordpress.org/documentation/article/using-filezilla/). +3. After uploading the Adminer PHP file to the WordPress root directory, you can access it from your browser by adding the file name to the URL, e.g., `https://example.com/adminer-4.8.1.php`. +4. The database login credentials must be manually filled and can be obtained from the `wp-config.php` file. + +## Installing Adminer as a WordPress Plugin + +Adminer might also be available as a plugin in the [WordPress plugin repository](https://wordpress.org/plugins/search/database+adminer/). If installed as a WordPress plugin, Adminer may automatically use the database login credentials from the `wp-config.php` file when accessing it. + +## Security Precautions + +To prevent unauthorized access, please ensure that Adminer is either removed or protected after use, especially if it can be accessed publicly. One way to protect it is by restricting access using the `.htaccess` file. If you're unfamiliar with `.htaccess` file restrictions, consider seeking [guidance on hardening WordPress](https://wordpress.org/documentation/article/hardening-wordpress/) or removing Adminer after use. + diff --git a/upgrade/filezilla.md b/upgrade/filezilla.md index c9b7f4ca..94dfa627 100644 --- a/upgrade/filezilla.md +++ b/upgrade/filezilla.md @@ -16,7 +16,7 @@ It's fast, stable, easy to use, and free. FTP is a standard way to upload or dow You will need the following details regarding the FTP account on your server: -1. Your website FTP address (usually `ftp://example.com` if your URL is `http://example.com`) +1. Your website FTP address (usually `ftp://example.com` if your URL is `https://example.com`) 2. Your FTP username 3. Your FTP password @@ -55,7 +55,3 @@ Look at the top area of the FileZilla main window and check the messages. 2. If it says that the user does not exist or _Incorrect Login_ and so on, check the Site Manager setting and ensure that it reflects what your FTP account and password details provided by your host says, or use the web server administration interface provided to you by your host to re-check the existence of the FTP account. Check your password carefully. It is case-sensitive (capitals and small letters). You may want to ask your web host for some assistance, too. 3. If it says _Could not retrieve directory listing_, you may need to change the Transfer Setting. From Site Manager, select your FTP Server and click the *Transfer Settings* tab. Select *Passive* from Transfer mode and click OK. -## Changelog - -- 2023-05-05: Correct and clarify the Connecting section. -- 2022-09-11: Original content from [Using FileZilla](https://wordpress.org/documentation/article/using-filezilla/). \ No newline at end of file diff --git a/upgrade/ftp.md b/upgrade/ftp.md index 7d5e5cdd..e77af437 100644 --- a/upgrade/ftp.md +++ b/upgrade/ftp.md @@ -3,7 +3,7 @@ ## FTP Clients There are two ways of getting files onto your site, and once there, changing them: -1. By using the file manager provided in your host’s control panel. Popular file managers: [cPanel](https://documentation.cpanel.net/display/64Docs/File+Manager), [DirectAdmin](http://www.site-helper.com/filemanager.html), [Plesk](https://www.plesk.com/). +1. By using the file manager provided in your host’s control panel. Popular file managers: [cPanel](https://documentation.cpanel.net/display/64Docs/File+Manager), [DirectAdmin](https://www.site-helper.com/filemanager.html), [Plesk](https://www.plesk.com/). 2. By using an FTP or SFTP client. This guide will show you how to use [FileZilla](https://filezilla-project.org/). FTP or “File Transfer Protocol” has been the most widely used transfer protocol for over thirty years, but it sends your information in the clear, which is a security risk. Use SFTP (Secure File Transfer Protocol) if your host supports it. This transfers your files and your password over a secured connection, and should therefore be used instead of FTP whenever possible. Sometimes you have to contact your host to have SFTP enabled on your account. @@ -14,8 +14,5 @@ Why use FileZilla? Because, like WordPress, it is released under the GPL. So, it 2. [Setting Permissions](https://developer.wordpress.org/advanced-administration/server/file-permissions/) 3. [FileZilla’s Extensive Documentation](https://wiki.filezilla-project.org/Documentation) -Want to try a different FTP or SFTP client? [Find more on Wikipedia](http://en.wikipedia.org/wiki/Comparison_of_FTP_clients). +Want to try a different FTP or SFTP client? [Find more on Wikipedia](https://en.wikipedia.org/wiki/Comparison_of_FTP_clients). -## Changelog - -- 2022-09-11: Original content from [FTP Clients](https://wordpress.org/documentation/article/ftp-clients/). Minor copy-editing. diff --git a/upgrade/index.md b/upgrade/index.md index f7e19f5d..768cf01f 100644 --- a/upgrade/index.md +++ b/upgrade/index.md @@ -4,6 +4,3 @@ -## Changelog - -- 2022-08-16: Nothing here, yet. diff --git a/upgrade/migrating.md b/upgrade/migrating.md index 72c54361..9b1a874c 100644 --- a/upgrade/migrating.md +++ b/upgrade/migrating.md @@ -2,14 +2,14 @@ ## Changing The Site URL -On the `Settings -> General` screen in a single site installation of WordPress, there are two fields named "WordPress Address (URL)" and "Site Address (URL)". They are important settings, since they control where WordPress is located. These settings control the display of the URL in the admin section of your page, as well as the front end, and are used throughout the WordPress code. +On the `Settings -> General` screen in a single site installation of WordPress, there are two fields named "WordPress Address (URL)" and "Site Address (URL)". They are important settings since they control where WordPress is located. These settings control the display of the URL in the admin section of your page, as well as the front end, and are used throughout the WordPress code. - The "Site Address (URL)" setting is the address you want people to type in their browser to reach your WordPress blog. - The "WordPress Address (URL)" setting is the address where your WordPress core files reside. -**Note:** Both settings should include the http:// part and should not have a slash `/` at the end. +**Note:** Both settings should include the https:// part and should not have a slash `/` at the end. -Every once in a while, somebody finds a need to manually change (or fix) these settings. Usually this happens when they change one or both and discover that their site no longer works properly. This can leave the user with no easily discoverable way to correct the problem. This article tells you how to change these settings directly. +Every once in a while, somebody finds a need to manually change (or fix) these settings. Usually, this happens when they change one or both and discover that their site no longer works properly. This can leave the user with no easily discoverable way to correct the problem. This article tells you how to change these settings directly. Additional information is presented here for the case where you are moving WordPress from one site to another, as this will also require changing the site URL. You should not attempt to use this additional information if you're only attempting to correct a "broken" site. @@ -24,8 +24,8 @@ It is possible to set the site URL manually in the `wp-config.php` file. Add these two lines to your `wp-config.php`, where "example.com" is the correct location of your site. ``` -define( 'WP_HOME', 'http://example.com' ); -define( 'WP_SITEURL', 'http://example.com' ); +define( 'WP_HOME', 'https://example.com' ); +define( 'WP_SITEURL', 'https://example.com' ); ``` This is not necessarily the best fix, it's just hard-coding the values into the site itself. You won't be able to edit them on the General settings page anymore when using this method. @@ -38,10 +38,10 @@ If you have access to the site via FTP, then this method will help you quickly g 2. Add these two lines to the file, immediately after the initial ` 500 ports."` -9. Then go do something for ten minutes and when you get back see if the external url http://example.com:port/yourblog from a LAN browser brings the page up correctly. +9. Then go do something for ten minutes and when you get back see if the external url https://example.com:port/yourblog from a LAN browser brings the page up correctly. #### Relocate method @@ -111,7 +111,7 @@ if ( defined( 'RELOCATE' ) AND RELOCATE ) { // Move flag is set if ( isset( $_SERVER['PATH_INFO'] ) AND ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], "", $_SERVER['PHP_SELF'] ); - $url = dirname( set_url_scheme( 'http://'. $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) ); + $url = dirname( set_url_scheme( 'https://'. $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) ); if ( $url != get_option( 'siteurl' ) ) update_option( 'siteurl', $url ); } @@ -122,7 +122,7 @@ if ( defined( 'RELOCATE' ) AND RELOCATE ) { 1. Edit the `wp-config.php` file. 2. After the "define" statements (just before the comment line that says "That's all, stop editing!"), insert a new line, and type: `define('RELOCATE',true);` 3. Save your `wp-config.php` file. -4. Open a web browser and manually point it to `wp-login.php` on the new server. For example, if your new site is at http://www.example.com, then type http://www.example.com/wp-login.php into your browser's address bar. +4. Open a web browser and manually point it to `wp-login.php` on the new server. For example, if your new site is at https://www.example.com, then type https://www.example.com/wp-login.php into your browser's address bar. 5. Login as per normal. 6. Look in your web browser's address bar to verify that you have, indeed, logged in to the correct server. If this is the case, then in the Admin back-end, navigate to `Settings > General` and verify that both the address settings are correct. Remember to Save Changes. 7. Once this has been fixed, edit `wp-config.php` and either completely remove the line that you added (delete the whole line), comment it out (with `//`) or change the true value to false if you think it's likely you will be relocating again. @@ -174,7 +174,7 @@ UPDATE `newprefix_usermeta` SET `meta_key` = REPLACE( `meta_key` , 'oldprefix_', #### Changing Template Files -In your WordPress Theme, open each template file and search for any manually entered references to your old domain name and replace it with the new one. Look for specific hand coded links you may have entered on the various template files such as the `sidebar.php` and `footer.php`. WordPress uses a template tag called `bloginfo()` to automatically generate your site address from information entered in your Administration > Settings > General panel. The tag in your template files will not have to be modified. +In your WordPress Theme, open each template file and search for any manually entered references to your old domain name and replace it with the new one. Look for specific hand-coded links you may have entered on the various template files such as the `sidebar.php` and `footer.php`. WordPress uses a template tag called `bloginfo()` to automatically generate your site address from information entered in your Administration > Settings > General panel. The tag in your template files will not have to be modified. #### Changing the Config file @@ -218,11 +218,11 @@ If you make a mistake, you can [Restore Your Database](https://developer.wordpre There are other things you may wish to change in order to correct URLs when moving sites. 1. Images link: image links are stored in "post_content" in the `wp_posts` table. You can use the similar code above to update image links. -2. wp_options: Besides the "siteurl" and "home" items mentioned above, there are other option_value which also need revision, such as "upload path", and some plugin items (depends on what you've installed, such as widgets, stats, DMSGuestbook, sitemap, etc.) +2. wp_options: Besides the "siteurl" and "home" items mentioned above, there are other option_value that also need revision, such as "upload path", and some plugin items (depends on what you've installed, such as widgets, stats, DMSGuestbook, sitemap, etc.) 3. To fix widgets that contain outdated URL's, you may edit them in Dashboard / Appearance / Widgets. 4. Do a FULL database search for any items left. **MAKE SURE** you know what you are changing and go through each item for possible improper replacement. 5. If you a running a network / have multiple sites, you will need to replace instances of the URL in the database. They are stored in many tables, including each one of the sites (blogs). Be careful in what you replace and be sure you know the meaning of the field before changing it. See the Important GUID note below for an example of what not to change. -6. **Note:** If you find your old url in the database options table under `dashboard_incoming_links`, you can ignore or delete that option. It's unused since WP 3.8. +6. **Note:** If you find your old URL in the database options table under `dashboard_incoming_links`, you can ignore or delete that option. It's unused since WP 3.8. #### Important GUID Note @@ -250,14 +250,14 @@ See [Moving WordPress Multisite](https://developer.wordpress.org/advanced-admini #### wp-cli -[wp-cli](http://wp-cli.org/) is a super useful shell tool. +[wp-cli](https://wp-cli.org/) is a super useful shell tool. `wp search-replace 'example.dev' 'example.com' --skip-columns=guid` Or, if you only want to change the option, you can do: ``` -wp option update home 'http://example.com' -wp option update siteurl 'http://example.com' +wp option update home 'https://example.com' +wp option update siteurl 'https://example.com' ``` # Moving WordPress @@ -279,12 +279,12 @@ Moving your domain without changing the Home and Site URLs of your WordPress sit ### Changing Your Domain Name and URLs -Moving a website and changing your domain name or URLs (i.e. from http://example.com/site to http://example.com, or http://example.com to http://example.net) requires the following steps – in sequence. +Moving a website and changing your domain name or URLs (i.e. from https://example.com/site to https://example.com, or https://example.com to https://example.net) requires the following steps – in sequence. 1. Download your existing site files. 2. Export your database – go in to MySQL and export the database. 3. Move the backed up files and database into a new folder – somewhere safe – this is your site backup. -4. Log in to the site you want to move and go to Settings > General, then change the URLs. (ie from http://example.com/ to http://example.net) – save the settings and expect to see a 404 page. +4. Log in to the site you want to move and go to Settings > General, then change the URLs. (ie from https://example.com/ to https://example.net) – save the settings and expect to see a 404 page. 5. Download your site files again. 6. Export the database again. 7. Edit `wp-config.php` with the new server's MySQL database name, user and password. @@ -296,7 +296,7 @@ When your domain name or URLs change there are additional concerns. The files an If you do a search and replace on your entire database to change the URLs, you can cause issues with data serialization, due to the fact that some themes and widgets store values with the length of your URL marked. When this changes, things break. To avoid that serialization issue, you have three options: 1. Use the [Velvet Blues Update URLs](https://wordpress.org/plugins/velvet-blues-update-urls/) or [Better Search Replace](https://wordpress.org/plugins/better-search-replace/) plugins if you can access your Dashboard. -2. Use [WP-CLI's search-replace](http://wp-cli.org/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI. +2. Use [WP-CLI's search-replace](https://developer.wordpress.org/cli/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI. 3. Use the [Search and Replace for WordPress Databases Script](https://interconnectit.com/products/search-and-replace-for-wordpress-databases/) to safely change all instances on your old domain or path to your new one. (**only use this option if you are comfortable with database administration** ) Note: Only perform a search and replace on the wp_posts table. @@ -317,10 +317,10 @@ Here are the step-by-step instructions to move your WordPress site to a new loca 5. In the box for **Site Address (URL)**: change the address to the new location, which should match the WordPress (your public site) address. 6. Click **Save Changes**. 7. (Do not try to open/view your site now!) -8. Move your WordPress core files to the new location. This includes the files found within the original directory, such as http://example.com/wordpress, and all the sub-directories, to the new location. +8. Move your WordPress core files to the new location. This includes the files found within the original directory, such as https://example.com/wordpress, and all the sub-directories, to the new location. 9. Now, try to open your site by going to yourdomain.com/wp-admin. Note, you may need to go to yourdomain.com/wp-login.php 10. If you are using [Permalinks](https://wordpress.org/documentation/article/using-permalinks/), go to the Administration > Settings > [Permalinks](https://wordpress.org/documentation/article/settings-permalinks-screen/) panel and update your Permalink structure to your [.htaccess](https://wordpress.org/documentation/article/glossary/#htaccess), file, which should be in the same directory as the main `index.php` file. -11. Existing image/media links uploaded media will refer to the old folder and must be updated with the new location. You can do this with the [Better Search Replace](https://wordpress.org/plugins/better-search-replace/) or [Velvet Blues Update URLs](https://wordpress.org/plugins/velvet-blues-update-urls/) plugins, [WP-CLI's search-replace](http://wp-cli.org/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI, manually in your SQL database, or by using the 3rd party database updating tool [Search and Replace Databases Script](https://interconnectit.com/products/search-and-replace-for-wordpress-databases/) * **Note:** this script is best used by experienced developers. +11. Existing image/media links uploaded media will refer to the old folder and must be updated with the new location. You can do this with the [Better Search Replace](https://wordpress.org/plugins/better-search-replace/) or [Velvet Blues Update URLs](https://wordpress.org/plugins/velvet-blues-update-urls/) plugins, [WP-CLI's search-replace](https://developer.wordpress.org/cli/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI, manually in your SQL database, or by using the 3rd party database updating tool [Search and Replace Databases Script](https://interconnectit.com/products/search-and-replace-for-wordpress-databases/) * **Note:** this script is best used by experienced developers. 12. In some cases your permissions may have changed, depending on your ISP. Watch for any files with "0000" permissions and change them back to "0644". 13. If your theme supports menus, links to your home page may still have the old subdirectory embedded in them. Go to Appearance > Menus and update them. 14. Sometimes you would need to restart your server, otherwise your server may give out an error. (happens in MAMP software (Mac)). @@ -337,7 +337,7 @@ ln -s /path/to/new /path/to/old ``` and then follow the steps above as normal. Afterwards, delete the symlink if you want. -2. If you forget to change the WordPress Address and Blog Address, you will be unable to change it using the wordpress interface. However, you can fix it if you have access to the database. Go to the database of your site and find the wp_options table. This table stores all the options that you can set in the interface. The WordPress Address and Blog Address are stored as `siteurl` and `home` (the option_name field). All you have to do is change the option_value field to the correct URL for the records with `option_name='siteurl‘` or `option_name='home‘`. +2. If you forget to change the WordPress Address and Blog Address, you will be unable to change it using the WordPress interface. However, you can fix it if you have access to the database. Go to the database of your site and find the wp_options table. This table stores all the options that you can set in the interface. The WordPress Address and Blog Address are stored as `siteurl` and `home` (the option_name field). All you have to do is change the option_value field to the correct URL for the records with `option_name='siteurl‘` or `option_name='home‘`. Note: Sometimes, the WordPress Address and Blog Address are stored in [WordPress Transients](https://developer.wordpress.org/apis/handbook/transients/). Search and replace scripts can have trouble modifying those to the new address and some plugins might therefore refer to the old address because of them. Transients are temporary (cached) values stored in the wp_options database table that can be recreated on-demand when removed. It's therefore safe to delete them from the migrated database copy and let them be recreated. This database query (again, have a backup!) clears all transients: @@ -359,8 +359,8 @@ and insert the following lines below: ``` //FIXME: do comment/remove these hack lines. (once the database is updated) -update_option('siteurl', 'http://your.domain.name/the/path' ); -update_option('home', 'http://your.domain.name/the/path' ); +update_option('siteurl', 'https://example.com/the/path' ); +update_option('home', 'https://example.com/the/path' ); ``` You're done. Test your site to make sure that it works right. If the change involves a new address for your site, make sure you let people know the new address, and consider adding some redirection instructions in your `.htaccess` file to guide visitors to the new location. @@ -371,7 +371,7 @@ You're done. Test your site to make sure that it works right. If the change invo ## Managing Your Old Site ### Shutting It Down -1. Download a copy of the main wordpress files from your OLD site to your hard drive and [edit wp-config.php](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/) to suit the new server. +1. Download a copy of the main WordPress files from your OLD site to your hard drive and [edit wp-config.php](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/) to suit the new server. 2. Go back to your OLD site and go to [Administration](https://wordpress.org/documentation/article/administration-screens/) > [Settings](https://wordpress.org/documentation/article/administration-screens/#settings-configuration-settings) > [General](https://wordpress.org/documentation/article/settings-general-screen/) screen and change the URL (both of them) to that of your new site. 3. Login on your server, go to phpMyAdmin, export as file, and save your database (but keep the old one just in case). Now, upload this new database and the copy of the wordpress core files with the edited wp-config.php to your new server. That's it! @@ -397,15 +397,15 @@ _Part B – Restoring Your Old Site_ Another procedure for making copies of posts, comments, pages, categories and custom field (post status, data, permalinks, ping status, etc.) easy to follow: 1. Install a new WordPress site -2. Go on old site Admin panel. Here, in Manage > Export select "all" in menu Restrict Author. +2. Go to the old site Admin panel. Here, in Manage > Export select "all" in the menu Restrict Author. 3. Click on Download Export File -4. In new site go on Manage > Import, choose WordPress item. -5. In the page that will be shown, select the file just exported. Click on Upload file and Import -6. It will appear a page. In Assign Authors, assign the author to users that already exist or create new ones. +4. In the new site go to Manage > Import, and choose WordPress item. +5. On the page that will be shown, select the file just exported. Click on Upload file and Import +6. It will appear on a page. In Assign Authors, assign the author to users that already exist or create new ones. 7. Click on Submit 8. At the end, click on Have fun -_Note: using this method, if there are some articles in the new site (like Hello World, Info Page, etc.), these will not be erased. Articles are only added. Using the former procedure, the articles in new site will be deleted._ +_Note: using this method, if there are some articles in the new site (like Hello World, Info Page, etc.), these will not be erased. Articles are only added. Using the former procedure, the articles in the new site will be deleted._ ## Moving WordPress Multisite @@ -415,7 +415,7 @@ If, instead, you are changing domains, then the best way to move Multisite is to If you're moving Multisite from one folder to another, you will need to make sure you edit the `wp_blogs` entries to change the folder name correctly. You should manually review both `wp_site` and `wp_blogs` regardless, to ensure all sites were changed correctly. -Also, manually review all the wp_x_options tables and look for three fields and edit them as needed: +Also, manually review all the wp_x_options tables look for three fields, and edit them as needed: - home - siteurl @@ -425,17 +425,13 @@ If you are moving from subdomains to subfolders, or vice-versa, remember to adju ### Related Links -- [How to move WordPress site to another server with zero downtime](http://www.prelovac.com/vladimir/how-to-move-wordpress-site-to-another-server-with-zero-downtime) -- [Moving a blog from wordpress.com to self-hosted blog](http://www.problogger.net/archives/2009/01/03/how-to-move-from-wordpresscom-to-wordpressorg/) -- [Moving WordPress to a new domain or server](http://sltaylor.co.uk/blog/moving-wordpress-new-domain-server/) -- [Italian version of this article – Versione italiana dell'articolo](http://www.valent-blog.eu/2007/09/14/trasferire-wordpress/) -- [How to move a WordPress Blog or Website](http://www.velvetblues.com/web-development-blog/how-to-move-a-wordpress-blog-or-website/) -- [Search and Replace for WordPress Databases](http://interconnectit.com/124/search-and-replace-for-wordpress-databases/) -- [Online WordPress Serialized PHP Search and Replace](http://pixelentity.com/wordpress-search-replace-domain/) -- [Cloning a live WordPress site to a local Mac test environment](http://egalo.com/2012/05/15/clone-live-wordpress-to-local-env/) -- P[HP script to replace site url in WordPress database dump, even with WPML](http://blog.lavoie.sl/2012/07/php-script-to-replace-site-url-in.html) +- [Moving a blog from wordpress.com to self-hosted blog](https://problogger.com/how-to-move-from-wordpresscom-to-wordpressorg/) +- [Moving WordPress to a new domain or server](https://sltaylor.co.uk/blog/moving-wordpress-new-domain-server/) +- [Italian version of this article – Versione italiana dell'articolo](https://www.valent-blog.eu/2007/09/14/trasferire-wordpress/) +- [Search and Replace for WordPress Databases](https://interconnectit.com/search-and-replace-for-wordpress-databases/) +- [PHP script to replace site url in WordPress database dump, even with WPML](http://blog.lavoie.sl/2012/07/php-script-to-replace-site-url-in.html) - [The Duplicator plugin helps administrators move a site from one location to another](https://wordpress.org/plugins/duplicator/) -- [Technical tutorial on moving your WordPress blog to Bitnami's AWS configuration](http://www.agileweboperations.com/migrate-your-wordpress-blog-to-a-bitnami-ec2-instance) +- [Technical tutorial on moving your WordPress blog to Bitnami's AWS configuration](https://agileweboperations.com/2011/01/20/migrate-your-wordpress-blog-to-a-bitnami-ec2-instance/) # Migrating multiple blogs into WordPress multisite @@ -450,7 +446,7 @@ This tutorial assumes that you are hosting WordPress on a server using cPanel. I Generate a full site backup in cPanel. It might also help to copy all the files on the server via FTP, so that you can easily access the files for plugins and themes, which you'll need in a later step. #### Export from your existing WordPress installs -In each of your existing WordPress installations, go Tools > Export in WordPress. Download the WXR files that contain all your posts and pages for each site. See the instructions on the [Tools Export Screen](https://wordpress.org/documentation/article/tools-export-screen/). +In each of your existing WordPress installations, go to Tools > Export in WordPress. Download the WXR files that contain all your posts and pages for each site. See the instructions on the [Tools Export Screen](https://wordpress.org/documentation/article/tools-export-screen/). Make sure that your export file actually has all the posts and pages. You can verify this by looking at the last entry of the exported file using a text editor. The last entry should be the most recent post. @@ -467,14 +463,14 @@ Install WordPress. Follow the instructions for [Installing WordPress](https://de Activate multi-site in your WordPress install. This involves editing `wp-config.php` a couple of times. You need to use the subdomain, not the subdirectory, option. See the instructions on how to [Create A Network](https://developer.wordpress.org/advanced-administration/multisite/create-network/). #### Create blogs for each site you want to import -Create blogs for each of the sites you want to host at separate domains. For example, `importedblogdotorg.mydomain.com`. +Create blogs for each of the sites you want to host in separate domains. For example, `importedblogdotorg.mydomain.com`. Note: choose the name carefully, because changing it causes admin redirection issues. This is particularly important if you are migrating a site within the same hosting account. #### Import WXR files for each blog Go to the backend of each blog, and import the exported WXR file for each blog. Map the authors to the proper users, or create new ones. Be sure to check the box that will pull in photos and other attachments. See the instructions on Tools Import SubPanel. -**Note:** if you choose to import images from the source site into the target site, make sure they have been uploaded into the right place and are displayed correctly in the respective post or page. +**Note:** If you choose to import images from the source site into the target site, make sure they have been uploaded into the right place and are displayed correctly in the respective post or page. #### Edit WordPress configuration settings for each site @@ -483,7 +479,7 @@ Edit the configuration settings, widget, etc. for each site. By the end of this #### Limitations of PHP configuration You may run into trouble with the PHP configuration on your host. There are two potential problems. One is that PHP's `max_upload_size` will be too small for the WXR file. The other problem is that the PHP memory limit might be too small for importing all the posts. -There are a couple ways to solve it. One is to ask your hosting provider to up the limits, even temporarily. The other is to put a php.ini file in your /wp-admin/ and /wp-includes directories that ups the limits for you (php.ini files are not recursive, so it has to be in those directories). Something like a 10 MB upload limit and a 128 MB memory limit should work, but check with your hosting provider first so that you don't violate the terms of your agreement. +There are a couple of ways to solve it. One is to ask your hosting provider to up the limits, even temporarily. The other is to put a php.ini file in your /wp-admin/ and /wp-includes directories that ups the limits for you (php.ini files are not recursive, so it has to be in those directories). Something like a 10 MB upload limit and a 128 MB memory limit should work, but check with your hosting provider first so that you don't violate the terms of your agreement. Search the [WordPress forum support](https://wordpress.org/support/forums/) for help with PHP configuration problems. @@ -500,6 +496,3 @@ If the old site is no longer available and you find you have forgotten to copy s Another option might be the [Internet Archive Wayback Machine](https://archive.org/web/). They may have a copy of the site (or some part of it) archived. -## Changelog - -- 2022-09-11: Original content from [Changing The Site URL](https://wordpress.org/documentation/article/changing-the-site-url/), and [Moving WordPress](https://wordpress.org/documentation/article/moving-wordpress/). diff --git a/upgrade/phpmyadmin.md b/upgrade/phpmyadmin.md index 1b31b2de..eeed2ea0 100644 --- a/upgrade/phpmyadmin.md +++ b/upgrade/phpmyadmin.md @@ -14,6 +14,3 @@ Often host control panels, such as cPanel and Plesk, have phpMyAdmin pre-install You can download phpMyAdmin yourself and install it from the main [phpMyAdmin project page](https://www.phpmyadmin.net/). -## Changelog - -- 2022-09-11: Original content from [phpMyAdmin](https://wordpress.org/documentation/article/phpmyadmin/). diff --git a/upgrade/upgrading.md b/upgrade/upgrading.md index 5026eeaf..2b774e98 100644 --- a/upgrade/upgrading.md +++ b/upgrade/upgrading.md @@ -4,7 +4,25 @@ This page contains a more detailed version of [the upgrade instructions](https://wordpress.org/documentation/article/updating-wordpress/). -### Detailed Instructions {#detailed-instructions} +### Back up WordPress {#backup-up-wordpress} + +Before you get started, it’s a good idea to back up your website. This means if there are any issues you can restore your website. Complete instructions to make a backup can be found in the WordPress Backup. + +### One-click Upgrade {#one-click-upgrade} + +WordPress lets you update with the click of a button. You can launch the update by clicking the link in the new version banner (if it’s there) or by going to the Dashboard > Updates screen. Once you are on the “Update WordPress” page, click the button “Update Now” to start the process off. You shouldn’t need to do anything else and, once it’s finished, you will be up-to-date. + +One-click updates work on most servers. If you have any problems, it is probably related to permissions issues on the filesystem. + +#### Hosting Services Tools {#hosting-services-tools} + +You may have access to WP-Toolkit if your websites are hosted in cPanel (Look for "WordPress Management" in the left menu bar) or Plesk (Look for "WordPress" in the left menu bar). You can perform one-click update of your WordPress websites inside WP-Toolkit. You will also have the ability to configure automatic updates in WP-Toolkit. + +If your websites are hosted in a WP Squared server, you will see a notification and a button to perform one-click update of your WordPress website when a new update is available. Automatic update is enabled by default, and you have the ability to configure whether to enable or disable automatic updates in WP Squared. + +_Hosting providers: If your tools are missing here, feel free to create a pull request in Github to add it._ + +### Manual Upgrade {#manual-upgrade} #### Overview of the Upgrade Process {#overview-of-the-upgrade-process} @@ -17,7 +35,6 @@ This page contains a more detailed version of [the upgrade instructions](https:/ 7. [Delete the old WordPress files](https://developer.wordpress.org/advanced-administration/upgrade/upgrading/#step-7-delete-the-old-wordpress-files) on your site, but **DO NOT DELETE** – `wp-config.php` file; – `wp-content` folder; Special Exception: the `wp-content/cache` and the `wp-content/plugins/widgets` folders should be deleted. - – `wp-images` folder; – `.htaccess` file–if you have added custom rules to your `.htaccess`, do not delete it; – `robots.txt` file–if your blog lives in the root of your site (ie. the blog is the site) and you have created such a file, do not delete it. @@ -40,129 +57,206 @@ If you plan on upgrading across more than **two** major releases, you should c WordPress 3.7 introduced an easy to use one-button updater which will take you directly to Current Version. This update step is safe, and it is possible to one-click update from 3.7 to any later version. -##### Step 1: Back up your database {#step-1-back-up-your-database} +##### Upgrading from WordPress 0.7 - 3.6 (by migration) -Perform a backup of your database. All of your WordPress data, such as Users, Posts, Pages, Links, and Categories, are stored in your [MySQL](https://wordpress.org/documentation/article/glossary#mysql) [database](https://codex.wordpress.org/Database_Description). Please read [Backing Up Your Database](https://wordpress.org/article/backing-up-your-database/) for a detailed explanation of this process. +Goals: +- WordPress: upgrade to WordPress 6.2 +- PHP: upgrade to PHP 7.4 +- SQL: upgrade to MySQL 8.0 / MariaDB 10.11 -It is extremely important to back up your database before beginning the upgrade. If, for some reason, you find it necessary to revert back to the ‘old' version of WordPress, you may have to restore your database from these backups. +Losses: +- Content: none +- Plugins: all +- Themes: all -##### Step 2: Back up ALL your WordPress files {#step-2-back-up-all-your-wordpress-files} +These are the oldest versions of WordPress and the ones that have not been supported for years. In general, have to assume some losses, although not of the contents, but probably of some functionality on themes and plugins. -Back up ALL of your files in your WordPress directory and your [`.htaccess`](https://wordpress.org/documentation/article/wordpress-glossary/#.htaccess) file. Typically, this process involves using an [FTP program](https://developer.wordpress.org/advanced-administration/upgrade/ftp/) to download ALL your WordPress files from your host to your local computer. +Considering that the goal is to keep the contents and assuming the loss of the rest of the elements, there are some steps. -Please read [Backing Up Your WordPress Site](https://developer.wordpress.org/advanced-administration/security/backup/#backing-up-your-wordpress-site) for further explanation. +As with any upgrade, the first thing to do is to make a backup copy. The best way to upgrade from WP < 3.6 is to perform a content migration. -If you have made changes to any core WordPress files, or if you've got customized Plugins or Themes, you will want to have a good backup of those files. It is extremely important to back up your files before beginning the upgrade. If for some reason you find it necessary to revert back to the ‘old' version of WordPress you will need to upload these files. +1. Create a brand-new WordPress, without the database. +2. Copy the old WordPress files from the "/wp-content/uploads/" content to the new one. +3. Create a new database with the old database information. The best way is using "mysqldump". +4. Configure the wp-config.php with all the new data. +5. Access the "/wp-admin/" page, and follow the upgrading process. -##### Step 3: Verify the backups {#step-3-verify-the-backups} +With this way, WordPress will be able to maintain and update the contents in the database and be able to work with these contents in an updated version of WordPress. -Verify that the backups you created are there and usable. **This is the most important step in the upgrade process!** +A WordPress with the default theme, and all the contents should now be available. -The verification process involves making sure you can see the backup files on your local computer (or wherever you've stored them) and that you can navigate into any sub-folders. If the files are in a zip file, make sure you can open the zip file. Also consider opening a _.sql_ file in an [editor](https://wordpress.org/documentation/article/glossary#text-editor) to see if the tables and data are represented. +Character Encoding commonly presents technical hiccups when restoring a database. It is possible that backup data is not encoded in UTF-8 and instead may be in an ISO or ASCII "deprecated" format. Make sure that the character encoding is updated correctly upon restoring a database! More information on [converting Character Sets in a WordPress database can be found here](https://codex.wordpress.org/Converting_Database_Character_Sets). -##### Step 4: Deactivate ALL your Plugins {#step-4-deactivate-all-your-plugins} +##### Upgrading from WordPress 3.7 - 4.0 -In your [Administration Screen](https://wordpress.org/documentation/article/administration-screens/), under the Plugins choice, deactivate any Plugins. Because of the changes to WordPress, some Plugins may conflict with the upgrade process. If you're not able to access the administrative menus you can deactivate all plugins by [resetting the plugins folder](https://wordpress.org/documentation/article/faq-troubleshooting/#how-to-deactivate-all-plugins-when-not-able-to-access-the-administrative-menus). +Goals +- WordPress: upgrade to WordPress 4.1 +- PHP: upgrade to PHP 5.6.20+ +- SQL: upgrade to MySQL 5.6 / MariaDB 10.0 -##### Step 5: Ensure first four steps are completed {#step-5-ensure-first-four-steps-are-completed} +Losses: +- Content: none +- Plugins: probably yes +- Themes: probably yes -If you have not completed the first four procedures, STOP, and do them! Do not attempt the upgrade unless you have completed the first four steps. +WordPress Versions <= 4.0 are compatible with PHP versions that are hardly available today. They can range from PHP 5.2 (or even earlier) to PHP 5.5. That is why the main goal will be to go to a version that is still easy to get on many operating systems. -The best resource for problems with your upgrade is the [WordPress Support Forums](https://wordpress.org/support/forums/), and if you have problems, the volunteers at the [WordPress Support Forums](https://wordpress.org/support/forums/) will likely ask if you have completed the first four steps. +The same will happen with the database. It is very likely that there is a MySQL 5.5 or earlier. Depending on whether want to continue with MySQL or move to MariaDB, choose which way to go and migrate the database to a MySQL 5.6 or MariaDB 10.0. -##### Step 6: Download and extract the WordPress package {#step-6-download-and-extract-the-wordpress-package} +Note that WP-CLI is not available for PHP versions lower than PHP 5.6.20, so this process still must be done somewhat manually. -Download and unzip the WordPress package from [https://wordpress.org/download/](https://wordpress.org/download/). +As with any upgrade, the first thing to do is to make a backup copy. -* If you will be uploading WordPress to a remote web server, download the WordPress package to your computer with your favorite web browser and unzip the package. -* If you have [shell](https://wordpress.org/documentation/article/glossary#shell) access to your web server, and are comfortable using console-based tools, you may wish to download WordPress directly to your [web server](https://wordpress.org/documentation/article/glossary#web-server). You can do so using `wget` , `lynx` or another console-based web browser, which are valuable if you want to avoid [FTPing](https://wordpress.org/documentation/article/wordpress-glossary/#FTP). Place the package in a directory parallel to your current wordpress directory (like "uploads," for example). Then, unzip it using: `gunzip -c wordpress-_Version_.tar.gz | tar -xf -` or by using: `tar -xzvf latest.tar.gz` +Remove all themes that are not active, leaving only the main theme. If there is a child theme active, please, maintain the child and parent. -The WordPress package will be extracted into a folder called `wordpress`. +Install and activate the [Twenty Ten](https://wordpress.org/themes/twentyten/) theme and activate it. This theme works in all sites since WordPress 3.7. -##### Step 7: Delete the old WordPress files {#step-7-delete-the-old-wordpress-files} +In the same way, delete all deactivated plugins (and, therefore, not working). -**Why Delete?** Generally, it is a good idea to delete whatever is possible because the uploading (or upgrading through cPanel) process may not correctly overwrite an existing file and that may cause problems later. +Deactivate all left active plugins. -**DO NOT DELETE these folders and files:** +Now, WordPress will have: +- Core: any version (between WordPress 3.7 and WordPress 4.0) +- Themes: Twenty Ten is active, and the main theme is deactivated. +- Plugins: all plugins that should be active are deactivated. -* `wp-config.php` file; -* `wp-content` folder; -* `wp-includes/languages/` folder–if you are using a language file, and it is here rather than in `wp-content/languages/`, do not delete this folder (you might want to move your language files to `wp-content/languages/` for easier upgrading in the future);. -* `.htaccess` file–if you have added custom rules to your `.htaccess`, do not delete it; -* Custom Content and/or Plugins–if you have any images or other custom content or Plugins inside the `wp-content` folder, do NOT delete them. +At this point, overwrite the WordPress Core with [WordPress 4.1](https://wordpress.org/wordpress-4.1.zip), available in the [release list](https://wordpress.org/download/releases/). Install WordPress 4.1 major version or, if available and recommended, the latest 4.1.x minor version. -**Delete these Files and Folders:** +Upgrade the systems up to PHP 5.6.20+ and MySQL 5.6.x or MariaDB 10.0.x. Please, do not install the newest major version. -* `wp-*` (except for those above), `readme.html`, `wp.php`, `xmlrpc.php`, and `license.txt` files; Typically files in your root or wordpress folder. Again, don't delete the `wp-config.php` file. **Note**: some files may not exist in later versions. -* `wp-admin` folder; -* `wp-includes` folder; -* `wp-content/plugins/widgets` folder; You only see this folder if you previously installed the Sidebar Widgets plugin. The Sidebar Widgets code conflicts with the built-in widget ability. +Access the "/wp-admin/" page, and follow the upgrading process. -**How to Delete?** There are several ways to delete the files from your WordPress site. You can use your FTP Client, or if you have access to SSH you can use that. Some host providers also provide the ability to delete files and folders. +WordPress will be able to maintain and update the contents in the database and be able to work with these contents. WordPress, with the default theme and all the contents should now be available and working. -**Using FTP to delete files and folders** +Character Encoding commonly presents technical hiccups when restoring a database. It is possible that backup data is not encoded in UTF-8 and instead may be in an ISO or ASCII "deprecated" format. Make sure that the character encoding is updated correctly upon restoring a database! More information on [converting Character Sets in a WordPress database can be found here](https://codex.wordpress.org/Converting_Database_Character_Sets). -The same [FTP client](https://developer.wordpress.org/advanced-administration/upgrade/ftp/) you use for [uploading](https://developer.wordpress.org/advanced-administration/upgrade/ftp/filezilla/) can be used to delete files and folders. If your [FTP client](https://developer.wordpress.org/advanced-administration/upgrade/ftp/) does not appear to permit you to delete non-empty folders, check the available options for your [FTP client](https://developer.wordpress.org/advanced-administration/upgrade/ftp/). You'll usually find an option that permits deleting non-empty folders. Deleting non-empty folders is a quick and thorough method cleaning out an old installation of WordPress. It is recommended that once the deleting is done, you switch back to the original setting for safety reasons. +Proceed to the next step, which is upgrade to WordPress 4.9 from WordPress 4.1. -**Using SSH to delete file** +##### Upgrading from WordPress 4.1 - 4.8 -If you have a command-line login (ssh), you can enter the following commands to make backup copies of the files you need to keep and to delete ONLY the wordpress files in your directory (plus .htaccess). If you've customized other files (like `index.php`) not included by the `cp` commands below, copy them as well: +Goals +- WordPress: upgrade to WordPress 4.9 +- PHP: upgrade to PHP 7.2 +- SQL: maintain or upgrade to MySQL 5.6 / MariaDB 10.0 -``` -$ mkdir backup -cp wp-config.php .htaccess backup -cp -R wp-content backup -rm wp*.php .htaccess license.txt readme.html xmlrpc.php -rm -rf wp-admin wp-includes -cp backup/wp-config.php . -``` +Losses: +- Content: none +- Plugins: probably yes +- Themes: probably yes + +_If you don't have PHP 5.6.20+ configured yet, do it. Chances are that everything will still work normally._ + +From WordPress 4.1 and PHP 5.6.20+, you can continue with the manual update process, or start using [WP-CLI](https://wp-cli.org/), the tool to run WordPress commands directly via console, something that can easy the process. + +As with any upgrade, the first thing to do is to make a backup copy. + +Remove all themes that are not active, leaving only the main theme. If there is a child theme active, please, maintain the child and parent. + +Install and activate the [Twenty Ten](https://wordpress.org/themes/twentyten/) theme and activate it. This theme works in all sites since WordPress 3.7. + +In the same way, delete all deactivated plugins (and, therefore, not working). -After you have finished with the upgrade, you can restore any customizations to your templates or plugins from your backup directory. For example, use `cp backup/index.php .` to restore `index.php`. +Now, WordPress will have: +- Core: any version (between WordPress 4.1 and WordPress 4.8) +- Themes: Twenty Ten is active, and the main theme is deactivated. +- Plugins: all plugins that should be active are deactivated. -Alternatively, using SSH, you could copy `wp-config.php, .htaccess`, and any content files you've added or altered into the _new_ wordpress directory. Then, rename the old one (to archive it), and move the new one into its place. +At this point, overwrite the WordPress Core with [WordPress 4.9](https://wordpress.org/wordpress-4.9.zip), available in the [release list](https://wordpress.org/download/releases/). Install WordPress 4.9 major version or, if available and recommended, the latest 4.9.x minor version. -##### Step 8: Upload the new files {#step-8-upload-the-new-files} +Upgrade the systems up to PHP 7.2 and, if they are not already, to MySQL 5.6.x or MariaDB 10.0.x. Please, do not install the newest major version. -With the new upgrade on your local computer, and using [FTP](https://wordpress.org/documentation/article/glossary#ftp), [upload](https://developer.wordpress.org/advanced-administration/upgrade/ftp/filezilla/) the new files to your site server just as you did when you first installed WordPress. See [Using FileZilla](https://developer.wordpress.org/advanced-administration/upgrade/ftp/filezilla/) and [Uploadi](https://codex.wordpress.org/Uploading_WordPress_to_a_remote_host)[n](https://developer.wordpress.org/advanced-administration/upgrade/ftp/filezilla/)[g WordPress to a remote host](https://codex.wordpress.org/Uploading_WordPress_to_a_remote_host) for detailed guidelines in using an FTP Client to upload. +Access the "/wp-admin/" page, and follow the upgrading process. -**NOTE: If you did not delete the `wp-content` folder, you will need to overwrite some files during the upload.** +WordPress will be able to maintain and update the contents in the database and be able to work with these contents. WordPress, with the default theme and all the contents should be available and working. -The `wp-content` folder holds your WordPress Themes and Plugins. These should remain. Upload everything else first, then upload only those WordPress files that are new or changed to your new `wp-content` folder. Overwrite any old versions of default plugins with the new ones. +Character Encoding commonly presents technical hiccups when restoring a database. It is possible that backup data is not encoded in UTF-8 and instead may be in an ISO or ASCII "deprecated" format. Make sure that the character encoding is updated correctly upon restoring a database! More information on [converting Character Sets in a WordPress database can be found here](https://codex.wordpress.org/Converting_Database_Character_Sets). -The WordPress default theme has changed so you will want to upload the `wp-content/themes/default` folder. If you have custom changes to the default theme, those changes will need to be reviewed and installed after the upgrade. +Proceed to the next step, which is upgrade to WordPress 5.3 from WordPress 4.9. -##### Step 9: Run the WordPress upgrade program {#step-9-run-the-wordpress-upgrade-program} +##### WordPress 4.9 - 5.2 -Using a web browser, go to the WordPress admin pages at the normal /wp-admin location. WordPress will check to see if a database upgrade is necessary, and if it is, it will give you a new link to follow. +Goals +- WordPress: upgrade to WordPress 5.3 +- PHP: upgrade to PHP 7.4 +- SQL: maintain or upgrade to MySQL 8.0 / MariaDB 10.3 -This link will lead you to run the WordPress upgrade script by accessing `wp-admin/upgrade.php`. Follow the instructions presented on your screen. +Losses: +- Content: none +- Plugins: probably no +- Themes: probably no -Note: Make sure the database user name registered to WordPress has permission to create, modify, and delete database tables before you do this step. If you installed WordPress in the standard way, and nothing has changed since then, you are fine. +_If you don't have PHP 7.4 configured yet, do it. Chances are that everything will still work normally._ -If you want to run the upgrade script manually: +WordPress 4.9 was the last version with the Classic Editor, so, a lot of people, afraid of the new editor, stopped updating WordPress. WordPress 5.0+ is fully compatible with the Classic Editor content, so it can be upgraded without losing any content. -* If WordPress is installed in the root directory, point your browser to: http://example.com/wp-admin/upgrade.php -* If WordPress is installed in its own subdirectory called `blog`, for example, point your browser to: http://example.com/blog/wp-admin/upgrade.php +Also, when WordPress 4.9 was released, PHP 7.0+ was very stablished and WordPress 5.0 version had support. Upgrading from PHP 5.6.20+ to PHP 7.0+ should be very stable. -If you experience difficulties with login after your upgrade, it is worth clearing your browser's cookies. +From WordPress 4.9, you can continue with the manual update process, or start using [WP-CLI](https://wp-cli.org/), the tool to run WordPress commands directly via console, something that can ease the process. -##### Step 10: Update Permalinks and .htaccess {#step-10-update-permalinks-and-htaccess} +As with any upgrade, the first thing to do is to make a backup copy. -In your [Administration Screen](https://wordpress.org/documentation/article/administration-screens/) > [Settings](https://wordpress.org/documentation/article/administration-screens/#permalinks) > [Permalinks](https://wordpress.org/documentation/article/settings-permalinks-screen/) screen update your Permalink Structure and, if necessary, place the rules in your [`.htaccess`](https://wordpress.org/documentation/article/wordpress-glossary/#.htaccess) file. Also see [Using Permalinks](https://wordpress.org/documentation/article/using-permalinks/) for details regarding Permalinks and the [`.htaccess`](https://wordpress.org/documentation/article/wordpress-glossary/#.htaccess) file. +Remove all themes that are not active, leaving only the main theme. If there is a child theme active, please, maintain the child and parent. -##### Step 11: Install updated Plugins and Themes {#step-11-install-updated-plugins-and-themes} +Install and activate the [Twenty Ten](https://wordpress.org/themes/twentyten/) theme and activate it. This theme works in all sites since WordPress 3.7. -Please visit individual plugin and theme pages and look for the compatibility information with your new WordPress version. Install new versions of your Plugins and Themes, if necessary. +In the same way, delete all deactivated plugins. -##### Step 12: Reactivate Plugins {#step-12-reactivate-plugins} +Now, WordPress will have: +- Core: any version (between WordPress 4.9 and WordPress 5.2) +- Themes: Twenty Ten is active, and the main theme is deactivated. +- Plugins: all plugins that should be active are deactivated. -Use your Administration Screen, Plugins, to activate your Plugins. If you are not sure if they will work correctly with the new version, activate each plugin, one at a time, and test that there are no problems before continuing. +At this point, overwrite the WordPress Core with [WordPress 5.3](https://wordpress.org/wordpress-5.3.zip), available in the [release list](https://wordpress.org/download/releases/). Install WordPress 5.3 major version or, if available and recommended, the latest 5.3.x minor version. -##### Step 13: Review what has changed in WordPress {#step-13-review-what-has-changed-in-wordpress} +Upgrade the systems up to PHP 7.4 and, if they are not already, to MySQL 8.0.x or MariaDB 10.3.x. Please, do not install the newest major version. -Please review these resources to see what's new in WordPress: +Access the "/wp-admin/" page, and follow the upgrading process. -* [Version history](https://codex.wordpress.org/WordPress_Versions) +WordPress will be able to maintain and update the contents in the database and be able to work with these contents. + +Getting this moment, make a new backup copy, because some more updates will be made and, at this point, there is a good WordPress situation. + +Most of the plugins available in WordPress 4.9+ should work with WordPress 5.3, so try to update everything available in the plugin list. Please, do it one by one and check all the warnings and errors. If you get some big error, try an older release for this plugin. Usually they are at the end of the "Developer" tab in each plugin page at wordpress.org. + +Try the same with the theme. Most of the themes available in WordPress 4.9+ should work with WordPress 5.3. + +Proceed to the next step, which is upgrade to WordPress 6.2 from WordPress 5.3. + +##### WordPress 5.3 - 6.2 + +Goals +- WordPress: upgrade to WordPress 6.2 +- PHP: upgrade to PHP 7.4 +- SQL: maintain or upgrade to MySQL 8.0 LTS / MariaDB 10.11 LTS + +Losses: +- Content: none +- Plugins: probably no +- Themes: probably no + +_If you don't have PHP 7.4 configured yet, do it. Chances are that everything will still work normally._ + +Upgrade everything normally. Everything should work fine. + +##### WordPress 6.3 - 6.8 + +Goals +- WordPress: upgrade to WordPress 6.8 +- PHP: upgrade to at least PHP 8.1 (WordPress 6.6+ supports PHP 8.2) +- SQL: maintain or upgrade to MySQL 8.0 LTS / MariaDB 10.11 LTS + +Losses: +- Content: none +- Plugins: probably no +- Themes: probably no + +_If you don't have PHP 8.1 configured yet, do it. Chances are that everything will still work normally._ + +When WordPress 6.3 was released, support for PHP 5.6 dropped and PHP 7.0 was stablished as the minimum PHP version. Upgrading from PHP 5.6.20+ to PHP 7.0+ should be very stable. + +When WordPress 6.6 was released, support for PHP 7.0 and 7.1 dropped and PHP 7.2.24 was stablished as the minimum PHP version. Upgrading from PHP 7.0+, or PHP 7.1+ to PHP 7.2+ should be very stable. WordPress 6.6 also supports PHP 8.2 so you can try switching to PHP 8.2 when upgraded WordPress. + +Upgrade everything normally. Everything should work fine. ### Troubleshooting {#troubleshooting} @@ -184,7 +278,7 @@ You can, but it is usually not recommended to rollback (revert) your current ver **Get More Help** -If you get any errors following an upgrade, check [Troubleshooting: Common Installation Problems](https://developer.wordpress.org/advanced-administration/before-install/howto-install/#common-installation-problems), [Troubleshooting](https://codex.wordpress.org/Troubleshooting), and the [Installation Category of Articles](https://wordpress.org/documentation/category/installation/). If you can't find an answer, post a clear question on the [WordPress Suppport Forums](https://wordpress.org/support/forums/). You will be asked if you have used any old code. You'll be told to change it then, so you may as well change it now 🙂. +If you get any errors following an upgrade, check [Troubleshooting: Common Installation Problems](https://developer.wordpress.org/advanced-administration/before-install/howto-install/#common-installation-problems), [Troubleshooting](https://codex.wordpress.org/Troubleshooting), and the [Installation Category of Articles](https://wordpress.org/documentation/category/installation/). If you can't find an answer, post a clear question on the [WordPress Support Forums](https://wordpress.org/support/forums/). You will be asked if you have used any old code. You'll be told to change it then, so you may as well change it now 🙂. ## Configuring Automatic Background Updates @@ -360,9 +454,6 @@ apply_filters( 'auto_core_update_send_email', true, $type, $core_update, $result ### Resources {#resources} * More examples at [https://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7/](https://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7/) -* More information here: [http://wordpress.stackexchange.com/questions/120081/how-do-i-configure-automatic-updates-in-wordpress-3-7](http://wordpress.stackexchange.com/questions/120081/how-do-i-configure-automatic-updates-in-wordpress-3-7) +* More information here: [How Do I Configure Automatic Updates in WordPress 3.7?](https://wordpress.stackexchange.com/questions/120081/how-do-i-configure-automatic-updates-in-wordpress-3-7) * Info about wp-cli conflict: [https://github.com/wp-cli/wp-cli/issues/1310](https://github.com/wp-cli/wp-cli/issues/1310) -## Changelog - -- 2022-10-25: Original content from [Configuring Automatic Background Updates](https://wordpress.org/documentation/article/configuring-automatic-background-updates/), and [Upgrading WordPress – Extended Instructions](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/). diff --git a/wordpress/common-errors.md b/wordpress/common-errors.md index 0733da86..f5911480 100644 --- a/wordpress/common-errors.md +++ b/wordpress/common-errors.md @@ -58,7 +58,7 @@ Contact your hosting provider to see if either of these issues is causing your p If you have checked `wp-config.php` for errors, and confirmed with your host for hosting issues, it is possible that your site has been hacked. -Scan your site with [Sucuri SiteCheck](http://sitecheck.sucuri.net/) to ensure that it hasn't been compromised. If it has you should check out [My Site was Hacked](https://wordpress.org/documentation/article/faq-my-site-was-hacked/). +Scan your site with [Sucuri SiteCheck](https://sitecheck.sucuri.net/) to ensure that it hasn't been compromised. If it has you should check out [My Site was Hacked](https://wordpress.org/documentation/article/faq-my-site-was-hacked/). ## Failed Auto-Upgrade {#failed-auto-upgrade} @@ -130,6 +130,16 @@ You may experience problems with 404 errors and [custom post types](https://word 1. Make sure that none of your Custom Post Types and single pages have the same name. If they do, rename the single page, including the [slug](https://wordpress.org/documentation/article/glossary/#post-slug). 2. Log in to your WordPress Administration Screens, navigate to **Settings > Permalinks**. Select the default permalinks. Save. Then reselect your preferred permalinks. This will flush the rewrite rules and should solve your problem. +## Critical Error Message {#critical-error-message} + +If you come across the message "There has been a critical error on this website. Please check your site admin email inbox for instructions.", this indicates that something in your site has caused a critical error that prevents WordPress from running as expected. + +First, check your email to see if WordPress has sent you any details about the error. Next, enable debug mode in your [wp-config.php](https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/#example-wp-config-php-for-debugging) file. + +After enabling this, review the error logs located in wp-content/debug.log to find out what specifically went wrong. + +Some of the most common causes you might uncover include conflicts between plugins, compatibility issues with your theme, running an incompatible PHP version, hitting the memory limit, or having corrupted WordPress files. + ## Specific Error Messages {#specific-error-messages} There are a number of different errors that will appear in your error logs. To access your error logs you will need to turn on [debugging](https://wordpress.org/documentation/article/editing-wp-config-php/#wp_debug) and then locate your error log via FTP. The following information will help you to decipher some of the common error messages. @@ -272,12 +282,9 @@ If you have not used phpMyAdmin before, or are uncomfortable doing so, contact y An unknown column error can be caused by a missing column in the database. If you have just upgraded WordPress then try manually upgrading again. To update your WordPress site manually, see the [Update article](https://wordpress.org/documentation/article/updating-wordpress/#manual-update). -If you are running a database query when you encounter the error then you may by using incorrect quotation marks for the identifier quote character. This [question on Stack Overflow provides more details](https://stackoverflow.com/questions/1346209/unknown-column-in-field-list-error-on-mysql-update-query). Also see the [MySQL documentation](http://dev.mysql.com/doc/refman/en/identifiers.html). +If you are running a database query when you encounter the error then you may by using incorrect quotation marks for the identifier quote character. This [question on Stack Overflow provides more details](https://stackoverflow.com/questions/1346209/unknown-column-in-field-list-error-on-mysql-update-query). Also see the [MySQL documentation](https://dev.mysql.com/doc/refman/8.2/en/identifiers.html). ## Resources {#resources} -* [MySQL Error Codes and Messages](http://dev.mysql.com/doc/refman/en/error-messages-server.html) - -## Changelog +* [MySQL Error Codes and Messages](https://dev.mysql.com/doc/refman/en/error-messages-server.html) -- 2023-01-20: Copy content from [Common WordPress Errors](https://wordpress.org/documentation/article/common-wordpress-errors/) diff --git a/wordpress/cookies.md b/wordpress/cookies.md index e93ac48a..848a847c 100644 --- a/wordpress/cookies.md +++ b/wordpress/cookies.md @@ -24,17 +24,17 @@ After login, WordPress sets the `wordpress_logged_in_[hash]` cookie, which indic WordPress also sets a few `wp-settings-{time}-[UID]` cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. -The cookies length can be adjusted with the `auth_cookie_expiration` hook. An example of this can be found at [what's the easiest way to stop wp from ever logging me out](https://wordpress.stackexchange.com/questions/515/whats-the-easiest-way-to-stop-wp-from-ever-logging-me-out). +The cookies lifetime can be adjusted with the `auth_cookie_expiration` hook. An example of this can be found at [what's the easiest way to stop wp from ever logging me out](https://wordpress.stackexchange.com/questions/515/whats-the-easiest-way-to-stop-wp-from-ever-logging-me-out). ### Non-Version-Specific Data -The actual cookies contain _hashed_ data, so you don't have to worry about someone gleaning your username and password by reading the cookie data. A _hash_ is the result of a specific mathematical formula applied to some input data (in this case your `user name` and `password`, respectively). It's quite hard to reverse a _hash_ (bordering on practical infeasibility with today's computers). This means it is very difficult to take a _hash_ and _"unhash"_ it to find the original input data. +The actual cookies contain your username, the expiration time and _hashed_ data that ensures you have a valid session. A _hash_ is the result of a specific mathematical formula applied to some data. In case of these cookies, only 4 characters of your hashed password are stored in a hash in your cookie. This ensures that it is impossible to retrieve your password from the cookie. It also ensures that any cookie will invalidated whenever your password is changed. WordPress uses the two cookies to bypass the password entry portion of `wp-login.php`. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the [WordPress Administration Screen](https://wordpress.org/documentation/article/administration-screens). If you don't have the cookies, or they're expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies. ## Commenter's Cookie -When visitors comment on your blog, they get cookies stored on their computer too. This is purely a convenience, so that the visitor won't need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters: +When visitors comment on your blog, they get cookies stored on their computers too. This is purely a convenience, so that the visitor won't need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters: - `comment_author_{HASH}` - `comment_author_email_{HASH}` @@ -42,13 +42,19 @@ When visitors comment on your blog, they get cookies stored on their computer to The commenter cookies are set to expire a little under one year from the time they're set. -## References +## WordPress Test Cookie + +WordPress will set a temporary cookie named `wordpress_test_cookie` which is to probe the ability of WordPress to set cookies. If writing this cookie fails, you will get the following error message "Cookies are blocked or not supported by your browser." + +In case you get this after moving your website, always try to delete your cookies and if you are using a caching plugin, the server cache. This will solve temporary issues. -- [Wikipedia: Cookies](http://en.wikipedia.org/wiki/HTTP_cookie) -- [RFC2965](http://www.faqs.org/rfcs/rfc2965) -- [PHP cookie documentation](http://www.php.net/manual/en/features.cookies.php) +## Language Cookie + +WordPress allows you to alter the language of all translatable strings on login. For this measure WordPress will set a cookie named `wp_lang` which is a session cookie and will store the language key of the selected language. + +## References -## Changelog +- [Wikipedia: Cookies](https://en.wikipedia.org/wiki/HTTP_cookie) +- [RFC2965](http://www.faqs.org/rfcs/rfc2965.html) +- [PHP cookie documentation](https://www.php.net/manual/en/features.cookies.php) -- 2022-09-20: Minor adjustments. -- 2022-09-11: Original content from [Cookies](https://wordpress.org/documentation/article/cookies/); added minor adjustments. diff --git a/wordpress/css.md b/wordpress/css.md index 70a90558..373c1ac8 100644 --- a/wordpress/css.md +++ b/wordpress/css.md @@ -187,6 +187,3 @@ If you are having some problems or questions about your WordPress Theme or layou * [Conditional Comment CSS](https://codex.wordpress.org/Conditional_Comment_CSS) * [Validating a Website](https://codex.wordpress.org/Validating_a_Website) -## Changelog - -- 2022-09-04: Original content from [CSS](https://wordpress.org/documentation/article/css/); ticket [Github](https://github.com/WordPress/Documentation-Issue-Tracker/issues/424). diff --git a/wordpress/edit-files.md b/wordpress/edit-files.md index 59e10cfb..626527c9 100644 --- a/wordpress/edit-files.md +++ b/wordpress/edit-files.md @@ -88,12 +88,13 @@ Editors to avoid include any do-it-yourself instant web page software (like Adob The following [text editors](https://wordpress.org/documentation/article/wordpress-glossary/#text-editor) are acceptable for file editing: -* [BBEdit](https://www.barebones.com/products/bbedit/) (Mac, $) +* [BBEdit](https://www.barebones.com/products/bbedit/) (Mac, Free) * [Crimson Editor](http://www.crimsoneditor.com/) (Windows, Free) +* [CodeLobster](https://codelobster.com/) (Mac, Linux, Windows, Free) * [EditPad](https://www.editpadpro.com/) (Windows) * [EditPlus](https://www.editplus.com/) (Windows) * [emacs](https://www.gnu.org/software/emacs/emacs.html) (Mac, Linux, Windows) Open-Source, Free -* [JEdit](http://jedit.org/) (Mac, Linux, Windows) +* [JEdit](https://jedit.org/) (Mac, Linux, Windows) * [Notepad++](https://notepad-plus-plus.org/) (Windows) Open-Source, Free * [PSPad](https://www.pspad.com/) (Windows) Free * [Smultron](https://www.peterborgapps.com/smultron/) (Mac) $ @@ -106,7 +107,3 @@ The following [text editors](https://wordpress.org/documentation/article/wordpre * [Visual Studio Code](https://code.visualstudio.com/) (Mac, Linux, Windows) * [NetBeans](https://netbeans.apache.org/) (Mac, Linux, Windows) -## Changelog - -- 2023-01-20: Updated broken links. Removed non-existing text editors. -- 2022-09-11: Original content from [Editing Files](https://wordpress.org/documentation/article/editing-files/). \ No newline at end of file diff --git a/wordpress/feeds.md b/wordpress/feeds.md index 2605e1b0..0724cba8 100644 --- a/wordpress/feeds.md +++ b/wordpress/feeds.md @@ -2,68 +2,68 @@ ## WordPress Built-in Feeds {#wordpress-built-in-feeds} -By default, WordPress comes with various feeds. They are generated by template tag for [bloginfo()](https://developer.wordpress.org/reference/functions/bloginfo/) for each type of feed and are typically listed in the sidebar and/or footer of most WordPress Themes. They look like this: +By default, WordPress comes with various feeds. They are generated by template tag for [bloginfo()](https://developer.wordpress.org/reference/functions/bloginfo/) for each type of feed and are typically listed in the sidebar and/or footer of most WordPress Themes. They look like this: -URL for [RDF/RSS 1.0 feed](https://web.resource.org/rss/1.0/)  +URL for [RDF/RSS 1.0 feed](https://web.resource.org/rss/1.0/) ``` - + ``` -URL for [RSS 0.92 feed](https://www.rssboard.org/rss-0-9-2) +URL for [RSS 0.92 feed](https://www.rssboard.org/rss-0-9-2) ``` - + ``` -URL for [RSS 2.0 feed](https://www.rssboard.org/rss-specification)  +URL for [RSS 2.0 feed](https://www.rssboard.org/rss-specification) ``` - + ``` -URL for [Atom feed](http://www.atomenabled.org/)  +URL for [Atom feed](http://www.atomenabled.org/) ``` - + ``` -URL for comments RSS 2.0 feed  +URL for comments RSS 2.0 feed ``` - + ``` The first four feeds display recent updates and changes to your site's content for the different feedreaders. Of these, the RSS feeds are the most well known. The last feed example is used by RSS 2.0 feedreaders and does not show your site's content. It only shows the comments made on your site. -To track the comments on a specific post, the [post_comments_feed_link()](https://developer.wordpress.org/reference/functions/post_comments_feed_link/) template tag is used on single post pages like this: +To track the comments on a specific post, the [post_comments_feed_link()](https://developer.wordpress.org/reference/functions/post_comments_feed_link/) template tag is used on single post pages like this: ``` ``` -There are ways to modify these feeds, and these are covered in the article on [Customizing Feeds](https://codex.wordpress.org/Customizing_Feeds). +There are ways to modify these feeds, and these are covered in the article on [Customizing Feeds](https://codex.wordpress.org/Customizing_Feeds). ## Adding Feeds {#adding-feeds} -Not all WordPress Themes feature all of the RSS Feed types that are available through WordPress. To add a feed to your site, find the location of where the other feeds are, typically in your sidebar.php or footer.php template files of your Theme. Then add one of the tags listed above to the list, like this example: +Not all WordPress Themes feature all of the RSS Feed types that are available through WordPress. To add a feed to your site, find the location of where the other feeds are, typically in your sidebar.php or footer.php template files of your Theme. Then add one of the tags listed above to the list, like this example: ``` ``` ### Adding Graphics to Feed Links {#adding-graphics-to-feed-links} -Many people like to have a graphic representing the feed instead of words. There are now [standards](http://www.feedicons.com/) for these graphics or "buttons", but you can [make your own](https://kalsey.com/tools/buttonmaker/) to match the look and colors on your site. ![](https://wordpress.org/documentation/files/2019/03/rssfeed.gif) +Many people like to have a graphic representing the feed instead of words. There are now [standards](http://www.feedicons.com/) for these graphics or "buttons", but you can [make your own](https://kalsey.com/tools/buttonmaker/) to match the look and colors on your site. ![](https://wordpress.org/documentation/files/2019/03/rssfeed.gif) To add a graphic to your feed link, simply wrap the link around the graphic such as: ``` -RSS Feed +RSS Feed ``` ### Changing Addresses {#changing-addresses} @@ -84,5 +84,3 @@ Here is an example for MovableType Users: RewriteRule ^index.xml(.*)? /wordpress/?feed=rss2 [QSA] ``` -## Changelog -- 2023-01-20: Original content from [WordPress Feeds](https://wordpress.org/documentation/article/wordpress-feeds/), issue [#93](https://github.com/WordPress/Advanced-administration-handbook/issues/93). diff --git a/wordpress/import.md b/wordpress/import.md index d6791192..54be9fa7 100644 --- a/wordpress/import.md +++ b/wordpress/import.md @@ -34,16 +34,6 @@ You can import posts, comments, categories and authors from Blogger. WordPress i 5. Click "Choose File" and navigate to your Blogger XML file. 6. Click "Upload file and import". -## Blogroll - -WordPress includes an import tool designed specifically for importing content from Blogroll. - -1. In your WordPress site, select Tools -> Import on the left nav of the admin screen. -2. Under "Blogroll", if you haven't already installed the importer, click "Install Now". -3. Click the "Run Importer" link. -4. Click "Choose File" and navigate to your Blogroll OPML file. -5. Click "Upload file and import". - ## Drupal Many resources are available to help you migrate content from Drupal to WordPress. A few are highlighted here, and you're likely to find many others by searching the web. @@ -58,15 +48,6 @@ Here are some resources that can help guide you in importing XML or CSV content * The [WP All Import](https://wordpress.org/plugins/wp-all-import/) plugin can import any XML or CSV file. It integrates with the [WP All Export](https://wordpress.org/plugins/wp-all-export/) plugin. -## HTML - -WordPress includes an import tool designed specifically for importing content from static HTML pages. - -1. In your WordPress site, select Tools -> Import on the left nav of the admin screen. -2. Under "HTML", click the "Run Importer" link. -3. Click "Choose File" and navigate to your HTML file. -4. Click "Upload file and import". - ## Joomla For Joomla you can use [FG Joomla to WordPress](https://wordpress.org/plugins/fg-joomla-to-wordpress/). This plugin has been tested with Joomla versions 1.5 through 4.0 on huge databases. It is compatible with multisite installations. @@ -205,6 +186,3 @@ You will first be asked to map the authors in this export file to users on the b [xanga.r](https://www.timwylie.com/xword.html) is a program that parses xanga pages to get the post and comments. Then it can output them in the WordPress rss 2.0 xml format for WordPress to import. -## Changelog - -- 2023-04-25: Added content from [Importing Content](https://wordpress.org/documentation/article/importing-content/). diff --git a/wordpress/index.md b/wordpress/index.md index 25fa6a10..288db807 100644 --- a/wordpress/index.md +++ b/wordpress/index.md @@ -4,6 +4,3 @@ -## Changelog - -- 2022-08-16: Nothing here, yet. diff --git a/wordpress/loopback.md b/wordpress/loopback.md index eae4d95d..7bcb0d64 100644 --- a/wordpress/loopback.md +++ b/wordpress/loopback.md @@ -2,7 +2,7 @@ A loopback is when your own server or website tries to connect to it self. -WordPress uses his functionality to trigger scheduled posts, and other scheduled events that plugins or themes may introduce. +WordPress uses this functionality to trigger scheduled posts, and other scheduled events that plugins or themes may introduce. They are also used when making changes in the Plugin- or Theme-editor, by connecting back to the website and making sure that the changes made does not break your website. @@ -18,6 +18,3 @@ The most common cause of loopback failures is a plugin or theme conflict, you sh * Switching to a Twenty-Something theme to rule out any theme-specific problems. If you can't log in to change themes, you can remove the theme folders via [SFTP/FTP](https://developer.wordpress.org/advanced-administration/upgrade/ftp/) so the only one is `twentytwentythree`. That will force your site to use it. * If you can install plugins, install the plugin [Health Check](https://wordpress.org/plugins/health-check/). On the troubleshooting tab, you can click the button to disable all plugins and change the theme for you, while you're still logged in, **without affecting normal visitors to your site**. -## Changelog - -- 2023-01-20: Content migrated from [Loopbacks](https://wordpress.org/documentation/article/loopbacks/). diff --git a/wordpress/multilingual.md b/wordpress/multilingual.md index 45bed8cb..5cebec54 100644 --- a/wordpress/multilingual.md +++ b/wordpress/multilingual.md @@ -1,19 +1,17 @@ # Multilingual WordPress -WordPress does not support a bilingual or multilingual blog out-of-the-box. There are however Plugins developed by the WordPress community which will allow you to create a multilingual blog easily. +WordPress currently does not support a bilingual or multilingual blog out-of-the-box. However, plugins developed by the WordPress community make it easy to create a multilingual blog. The fourth and final phase of the WordPress Gutenberg project will add core implementation for multilingual sites as listed in the [WordPress roadmap](https://wordpress.org/about/roadmap/). -Creating a multilingual blog is basically installing WordPress in more than one language and letting the Plugin switch between them. This includes installing .mo languages files which most Plugins will require you to do manually. See [Installing WordPress in Your Language](https://developer.wordpress.org/advanced-administration/before-install/in-your-language/) for details. - -The free [WPGlobus](https://wordpress.org/plugins/wpglobus/), [Polylang](https://wordpress.org/plugins/polylang/), [qTranslate-X](https://wordpress.org/plugins/qtranslate-x/), [xili-language](https://wordpress.org/plugins/xili-language/) or [Sublanguage](https://wordpress.org/plugins/sublanguage/) plugins are installable on standalone WordPress sites. For multisite WordPress (one website per language), you can try [Multisite Language Switcher](https://wordpress.org/plugins/multisite-language-switcher/), [Zanto](https://wordpress.org/plugins/zanto/) or [Multilingual Press](https://wordpress.org/plugins/multilingual-press/) or purchase [WPML](https://wpml.org/). +Creating a multilingual blog is basically installing WordPress in more than one language and letting the Plugin switch between them. This includes installing .mo languages files which most Plugins will require you to do manually. For more details, see [Installing WordPress in Your Language](https://developer.wordpress.org/advanced-administration/before-install/in-your-language/). ## Different types of multilingual plugins {#different-types-of-multilingual-plugins} There are a few basic types of multilingual Plugins: -1. Manage multilingual posts in one post per language (e.g. [WPML](https://wpml.org/) – paid, [xili-language](https://wordpress.org/plugins/xili-language/), [Polylang](https://wordpress.org/plugins/polylang/), [Bogo](https://wordpress.org/plugins/bogo/) or [Sublanguage](https://wordpress.org/plugins/sublanguage/)). Translations are then linked together, indicating that one page is the translation of another. -2. Store all languages alternatives for each post in the same post (e.g. [qTranslate-X](https://wordpress.org/plugins/qtranslate-x/), [WPGlobus](https://wordpress.org/plugins/wpglobus/)). -3. Manage translations on the generated page instead of using a post context (e.g. [Transposh](https://wordpress.org/plugins/transposh-translation-filter-for-wordpress) and [Global Translator](https://wordpress.org/plugins/global-translator/)). -4. Plugins like [Multisite Language Switcher](https://wordpress.org/plugins/multisite-language-switcher/), [Multilingual Press](https://wordpress.org/plugins/multilingual-press/), and [Zanto](https://wordpress.org/plugins/zanto/), link together separate WordPress network (multisite) installations for each language by pinging back and forth. +1. Manage multilingual posts in one post per language. Translations are then linked together, indicating that one post is the translation of another. +2. Store all languages alternatives for each post in the same post. +3. Manage translations on the generated page instead of using a post context. +4. Link together separate WordPress sites in a network (multisite) installations for each language by pinging back and forth. ### One language per post {#one-language-per-post} @@ -117,6 +115,3 @@ Since many multilingual plugins change the database significantly, doing a [data * [WordPress in Your Language](https://developer.wordpress.org/advanced-administration/before-install/in-your-language/) -## Changelog - -- 2022-10-25: Original content from [Multilingual WordPress](https://wordpress.org/documentation/article/multilingual-wordpress/). diff --git a/wordpress/oembed.md b/wordpress/oembed.md index 6a30a7f0..cd4ebb6f 100644 --- a/wordpress/oembed.md +++ b/wordpress/oembed.md @@ -34,7 +34,3 @@ However, if you feel you are knowledgeable enough to not require this level of s The oEmbed discovery content for "link" and "photo" types is not quite so heavily filtered in this manner; however, it is properly escaped for security and to prevent any malicious content from being displayed on the site -## Changelog - -- 2023-01-25: Review and Update Content. Linked list of whitelisted providers. -- 2022-09-11: Added content from [oEmbed](https://docs.google.com/document/d/1ni59ohlSHeCH_BwRtxUXzGY1LLWqFiaaGQFcCjh_2rQ/). diff --git a/wordpress/post-formats.md b/wordpress/post-formats.md index 9eb67916..ae5c2ceb 100644 --- a/wordpress/post-formats.md +++ b/wordpress/post-formats.md @@ -158,6 +158,3 @@ You must also register the `post_format` taxonomy with [register_taxonomy()](htt * [Smarter Post Formats?](https://dougal.gunters.org/blog/2010/12/10/smarter-post-formats/) * [WordPress Theme Support Generator](https://generatewp.com/theme-support/) -## Changelog - -- 2023-04-25: original content from [Post Formats](https://wordpress.org/documentation/article/post-formats/). diff --git a/wordpress/site-architecture.md b/wordpress/site-architecture.md index 1cd7500c..e004e970 100644 --- a/wordpress/site-architecture.md +++ b/wordpress/site-architecture.md @@ -196,7 +196,7 @@ Like the Classic Theme, this division sets up the style for post and the identif

Post Title

``` -This encompasses the post's title code, styled by the

tag. +This encompasses the post's title code, styled by the `

` tag. ``` Date @@ -262,11 +262,11 @@ Comments may be featured in the single post view (using the comments.php templat

- RSS feed for comments on this post. - TrackBack URI + RSS feed for comments on this post. + TrackBack URI

Leave a comment

-
+

@@ -360,7 +360,7 @@ The Default Theme comments feature a loop query within the comments.php and comm

  1. - Mr WordPress + Mr WordPress Says:
    Date and Time @@ -369,7 +369,7 @@ The Default Theme comments feature a loop query within the comments.php and comm

Leave a Reply

- +

Comments

- ....Classic Theme commment section..... + ....Classic Theme comment section..... ...Classic Theme footer.... ``` @@ -606,7 +606,7 @@ The footer is found within the footer.php template file. In both the Default and ```

- Powered by WordPress + Powered by WordPress

``` @@ -624,8 +624,8 @@ The tag displays the number of mysql queries used on the page and the time it to ``` @@ -647,7 +647,3 @@ The Default Theme's footer is styled by the footer ID and the paragraph tag. Whi * [Blog Design and Layout](https://codex.wordpress.org/Blog_Design_and_Layout) * [Stepping Into Template Tags](https://codex.wordpress.org/Stepping_Into_Template_Tags) -## Changelog - -- 2022-09-11: Check the content and format. -- 2022-09-04: Original content from [Site Architecture 1.5](https://codex.wordpress.org/Site_Architecture_1.5); ticket [Github](https://github.com/WordPress/Documentation-Issue-Tracker/issues/332). diff --git a/wordpress/update-services.md b/wordpress/update-services.md index e582de0a..55ccdd06 100644 --- a/wordpress/update-services.md +++ b/wordpress/update-services.md @@ -1,6 +1,6 @@ # Update Services -Update Services are tools you can use to let other people know you've updated your blog. WordPress automatically notifies popular Update Services that you've updated your blog by sending a [XML-RPC](http://www.xmlrpc.com/) [ping](https://wordpress.org/documentation/article/glossary/#pingback) each time you create or update a post. In turn, Update Services process the ping and updates their proprietary indices with _your_ update. +Update Services are tools you can use to let other people know you've updated your blog. WordPress automatically notifies popular Update Services that you've updated your blog by sending a [XML-RPC](https://xmlrpc.com/) [ping](https://wordpress.org/documentation/article/glossary/#pingback) each time you create or update a post. In turn, Update Services process the ping and updates their proprietary indices with _your_ update. ## Common Usage @@ -11,20 +11,16 @@ Most people use [Ping-o-Matic](https://pingomatic.com/) which, with just one "pi If you do not want the update services to be pinged, remove all the update service URIs listed under "Update Services" on the [Settings](https://wordpress.org/documentation/article/administration-screens/#settings-configuration-settings)->[Writing](https://wordpress.org/documentation/article/settings-writing-screen/) administration screen of your WordPress installation. -![Screenshot of the Update Services screen.](https://wordpress.org/documentation/files/2018/10/update_service.png) +![Screenshot of the Update Services screen.](https://wordpress.org/documentation/files/2025/06/update_service.png) Certain web hosts – particularly free ones – disable the PHP functions used to alert update services. If your web host prevents pings, you should stop WordPress from attempting to ping. ## XML-RPC Ping Services ``` -http://rpc.pingomatic.com -http://rpc.twingly.com -http://www.blogdigger.com/RPC2 +https://rpc.pingomatic.com +https://rpc.twingly.com http://ping.blo.gs/ -http://ping.feedburner.com -http://rpc.weblogs.com/RPC2 -http://www.pingmyblog.com ``` ## Alternatives @@ -34,6 +30,3 @@ An alternative is [Feed Shark](https://feedshark.brainbliss.com/), which pings o By default, editing the Ping Services for a WordPress Multisite network site is disabled. This can be re-enabled with a plugin such as the [Activate Update Services](https://wordpress.org/plugins/activate-update-services/) plugin. -## Changelog - -- 2022-09-11: Original content from [Update Services](https://wordpress.org/documentation/article/update-services/). diff --git a/wordpress/wp-config.md b/wordpress/wp-config.md index 5a624750..94e45c53 100644 --- a/wordpress/wp-config.md +++ b/wordpress/wp-config.md @@ -16,7 +16,7 @@ TEMPORALLY NOTE: this may link for the simple part, to: The following sections may contain advanced information and some changes might result in unforeseen issues. Please make sure you practice [regular backups](https://developer.wordpress.org/advanced-administration/security/backup/) and know how to restore them before modifying these settings. -### table_prefix {#table-prefix}] +### table_prefix {#table-prefix} The **$table_prefix** is the value placed in the front of your database tables. Change the value if you want to use something other than **wp_** for your database prefix. Typically this is changed if you are [installing multiple WordPress blogs](https://developer.wordpress.org/advanced-administration/before-install/multiple-instances/) in the same database, as is done with the multisite feature. @@ -28,9 +28,9 @@ $table_prefix = 'example123_'; // Only numbers, letters, and underscores please! ### WP_SITEURL {#wp-siteurl} -WP_SITEURL allows the WordPress address (URL) to be defined. The value defined is the address where your WordPress core files reside. It should include the http:// part too. Do not put a slash "**/**" at the end. Setting this value in `wp-config.php` overrides the [wp_options table](https://codex.wordpress.org/Database_Description#Table:_wp_options) value for **siteurl**. Adding this in can reduce the number of database calls when loading your site. **Note:** This will **not** change the database stored value. The URL will revert to the old database value if this line is ever removed from `wp-config`. [Use the **RELOCATE** constant](https://developer.wordpress.org/advanced-administration/upgrade/migrating/) to change the **siteurl** value in the database. +WP_SITEURL allows the WordPress address (URL) to be defined. The value defined is the address where your WordPress core files reside. It should include the https:// part too. Do not put a slash "**/**" at the end. Setting this value in `wp-config.php` overrides the [wp_options table](https://codex.wordpress.org/Database_Description#Table:_wp_options) value for **siteurl**. Adding this in can reduce the number of database calls when loading your site. **Note:** This will **not** change the database stored value. The URL will revert to the old database value if this line is ever removed from `wp-config`. [Use the **RELOCATE** constant](https://developer.wordpress.org/advanced-administration/upgrade/migrating/) to change the **siteurl** value in the database. -If WordPress is installed into a directory called "wordpress" for the [domain](http://en.wikipedia.org/wiki/Domain_name_system) example.com, define `WP_SITEURL` like this: +If WordPress is installed into a directory called "wordpress" for the [domain](https://en.wikipedia.org/wiki/Domain_name_system) example.com, define `WP_SITEURL` like this: ``` define( 'WP_SITEURL', 'https://example.com/wordpress' ); @@ -47,27 +47,27 @@ define( 'WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST'] . '/path/to/wordpress' Dynamically set `WP_SITEURL` based on `$_SERVER['SERVER_NAME']` ``` -define( 'WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME'] . '/path/to/wordpress' ); +define( 'WP_SITEURL', 'https://' . $_SERVER['SERVER_NAME'] . '/path/to/wordpress' ); ``` ### Blog address (URL) {#blog-address-url} -Similar to WP_SITEURL, WP_HOME _overrides the [wp_options table](https://codex.wordpress.org/Database_Description#Table:_wp_options) value for_ home _but does not change it in the database._ **home** is the address you want people to type in their browser to reach your WordPress blog. It should include the http:// part and should not have a slash "**/**" at the end. Adding this in can reduce the number of database calls when loading your site. +Similar to WP_SITEURL, WP_HOME _overrides the [wp_options table](https://codex.wordpress.org/Database_Description#Table:_wp_options) value for_ home _but does not change it in the database._ **home** is the address you want people to type in their browser to reach your WordPress blog. It should include the https:// part and should not have a slash "**/**" at the end. Adding this in can reduce the number of database calls when loading your site. ``` -define( 'WP_HOME', 'http://example.com/wordpress' ); +define( 'WP_HOME', 'https://example.com/wordpress' ); ``` If you are using the technique described in [Giving WordPress Its Own Directory](https://developer.wordpress.org/advanced-administration/server/wordpress-in-directory/) then follow the example below. Remember, you will also be placing an `index.php` in your web-root directory if you use a setting like this. ``` -define( 'WP_HOME', 'http://example.com' ); +define( 'WP_HOME', 'https://example.com' ); ``` Dynamically set `WP_HOME` based on `$_SERVER['HTTP_HOST']` ``` -define( 'WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/path/to/wordpress' ); +define( 'WP_HOME', 'https://' . $_SERVER['HTTP_HOST'] . '/path/to/wordpress' ); ``` ### Moving wp-content folder {#moving-wp-content-folder} @@ -83,7 +83,7 @@ define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/blog/wp-content' ); Set WP_CONTENT_URL to the full **URL** of this directory (no trailing slash), e.g. ``` -define( 'WP_CONTENT_URL', 'http://example/blog/wp-content' ); +define( 'WP_CONTENT_URL', 'https://example/blog/wp-content' ); ``` ### Moving plugin folder {#moving-plugin-folder} @@ -97,10 +97,10 @@ define( 'WP_PLUGIN_DIR', dirname(__FILE__) . '/blog/wp-content/plugins' ); Set WP_PLUGIN_URL to the full **URI** of this directory (no trailing slash), e.g. ``` -define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins' ); +define( 'WP_PLUGIN_URL', 'https://example/blog/wp-content/plugins' ); ``` -If you have compability issues with plugins Set PLUGINDIR to the full **local path** of this directory (no trailing slash), e.g. +If you have compatibility issues with plugins Set PLUGINDIR to the full **local path** of this directory (no trailing slash), e.g. ``` define( 'PLUGINDIR', dirname(__FILE__) . '/blog/wp-content/plugins' ); @@ -181,7 +181,7 @@ define( 'WP_ALLOW_MULTISITE', true ); NOBLOGREDIRECT can be used to redirect the browser if the visitor tries to access a nonexistent subdomain or a subfolder. ``` -define( 'NOBLOGREDIRECT', 'http://example.com' ); +define( 'NOBLOGREDIRECT', 'https://example.com' ); ``` ### Fatal Error Handler {#wp-disable-fatal-error-handler} @@ -207,9 +207,9 @@ define( 'WP_DISABLE_FATAL_ERROR_HANDLER', true ); // 5.2 and later define( 'WP_DEBUG', true ); ``` -[Database errors are printed only if WP_DEBUG is set to true](https://trac.wordpress.org/ticket/5473). Database errors are handled by the [wpdb](https://developer.wordpress.org/reference/classes/wpdb/) class and are not affected by [PHP's error settings](http://www.php.net/errorfunc). +[Database errors are printed only if WP_DEBUG is set to true](https://trac.wordpress.org/ticket/5473). Database errors are handled by the [wpdb](https://developer.wordpress.org/reference/classes/wpdb/) class and are not affected by [PHP's error settings](https://www.php.net/errorfunc). -Setting WP_DEBUG to true also raises the [error reporting level](http://www.php.net/error-reporting) to E_ALL and activates warnings when deprecated functions or files are used; otherwise, WordPress sets the error reporting level to E_ALL ^ E_NOTICE ^ E_USER_NOTICE. +Setting WP_DEBUG to true also raises the [error reporting level](https://www.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting) to E_ALL and activates warnings when deprecated functions or files are used; otherwise, WordPress sets the error reporting level to E_ALL ^ E_NOTICE ^ E_USER_NOTICE. ### WP_ENVIRONMENT_TYPE {#wp-environment-type} @@ -237,7 +237,7 @@ define( 'SCRIPT_DEBUG', true ); ### Disable Javascript Concatenation {#disable-javascript-concatenation} -To result in faster administration screens, all JavaScript files are [concatenated](http://en.wikipedia.org/wiki/Concatenation) into one URL. If JavaScript is failing to work in an administration screen, you can try disabling this feature: +To result in faster administration screens, all JavaScript files are [concatenated](https://en.wikipedia.org/wiki/Concatenation) into one URL. If JavaScript is failing to work in an administration screen, you can try disabling this feature: ``` define( 'CONCATENATE_SCRIPTS', false ); @@ -259,7 +259,7 @@ ignore_repeated_source = Off html_errors = Off ``` -**About Error Reporting 4339** This is a custom value that only logs issues that affect the functioning of your site, and ignores things like notices that may not even be errors. See [PHP Error Constants](http://php.net/manual/en/errorfunc.constants.php) for the meaning of each binary position for 1000011110011, which is the binary number equal to 4339. The far left 1 means report any E_RECOVERABLE_ERROR. The next 0 means do not report E_STRICT, (which is thrown when sloppy but functional coding is used) and so on. Feel free to determine your own custom error reporting number to use in place of 4339. +**About Error Reporting 4339** This is a custom value that only logs issues that affect the functioning of your site, and ignores things like notices that may not even be errors. See [PHP Error Constants](https://www.php.net/manual/en/errorfunc.constants.php) for the meaning of each binary position for 1000011110011, which is the binary number equal to 4339. The far left 1 means report any E_RECOVERABLE_ERROR. The next 0 means do not report E_STRICT, (which is thrown when sloppy but functional coding is used) and so on. Feel free to determine your own custom error reporting number to use in place of 4339. Obviously, you will want different settings for your development environment. If your staging copy is on the same server, or you don't have access to `php.ini`, you will need to override the default settings at run time. It's a matter of personal preference whether you prefer errors to go to a log file, or you prefer to be notified immediately of any error, or perhaps both. Here's an example that reports all errors immediately that you could insert into your `wp-config.php` file: @@ -285,7 +285,7 @@ Here is an example that turns PHP error_logging on and logs them to a specific f /* That's all, stop editing! Happy blogging. */ ``` -Another example of logging errors, as suggested by Mike Little on the [wp-hackers email list](http://lists.automattic.com/pipermail/wp-hackers/2010-September/034830.html): +Another example of logging errors, as suggested by Mike Little on the [wp-hackers email list](https://lists.automattic.com/pipermail/wp-hackers/2010-September/034830.html): ``` /** @@ -299,7 +299,7 @@ define( 'WP_DEBUG_DISPLAY', false ); @ini_set( 'display_errors', 0 ); ``` -A refined version from Mike Little on the [Manchester WordPress User Group](http://groups.google.com/group/manchester-wordpress-user-group/msg/dcab0836cabc7f76): +A refined version from Mike Little on the [Manchester WordPress User Group](https://groups.google.com/g/manchester-wordpress-user-group/c/tHJxMGhcnZs/m/dn-8yjYIq9wJ): ``` /** @@ -668,7 +668,7 @@ Reference: [Disabling Auto Updates in WordPress 3.7](https://make.wordpress.org/ ### Cleanup Image Edits {#cleanup-image-edits} -By default, WordPress creates a new set of images every time you edit an image and when you restore the original, it leaves all the edits on the server. Defining IMAGE_EDIT_OVERWRITE as true changes this behaviour. Only one set of image edits are ever created and when you restore the original, the edits are removed from the server. +By default, WordPress creates a new set of images every time you edit an image and when you restore the original, it leaves all the edits on the server. Defining IMAGE_EDIT_OVERWRITE as true changes this behavior. Only one set of image edits are ever created and when you restore the original, the edits are removed from the server. ``` define( 'IMAGE_EDIT_OVERWRITE', true ); @@ -682,8 +682,3 @@ Before you save the file, be sure to **double-check** that you have not accident To save the file, choose **File > Save As > wp-config.php** and save the file in the root of your WordPress install. Upload the file to your web server and you're ready to install WordPress! -## Changelog - -- 2022-10-25: Fix content and links. -- 2022-09-04: Original content from [wp-config.php](https://developer.wordpress.org/apis/wp-config-php/); ticket [Github](https://github.com/WordPress/Documentation-Issue-Tracker/issues/349). -- 2023-01-20: Add content to the start from [documentation](https://wordpress.org/documentation/article/editing-wp-config-php/) ticket [Github](https://github.com/WordPress/Advanced-administration-handbook/issues/89)