` tag.
```
Date
From 2be2bb4f2e26c3976fef47bea66cf7a9178b6849 Mon Sep 17 00:00:00 2001
From: James Lee
Date: Thu, 8 Jun 2023 18:54:08 +0800
Subject: [PATCH 04/82] Create php.md
Created a new PHP page under the Performance section.
Most of the contents are derived from:
https://github.com/WordPress/hosting-handbook/blob/main/performance.md#php
Ref: #161
---
performance/php.md | 71 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
create mode 100644 performance/php.md
diff --git a/performance/php.md b/performance/php.md
new file mode 100644
index 00000000..15690e6a
--- /dev/null
+++ b/performance/php.md
@@ -0,0 +1,71 @@
+PHP (PHP: Hypertext Preprocessor) is a popular programming language on the Internet. PHP turns dynamic content, like that in WordPress, into HTML, CSS, and JavaScript that web browsers can read. WordPress is written primarily in PHP, and a server must have PHP in order for WordPress to be able to run.
+
+As PHP is an interpreted language, its version and configuration has a large impact on how well and whether WordPress will run.
+
+### Version
+
+When possible, PHP 7.4 or greater should be used to run WordPress. As of the writing of this document, PHP 7.4 is the officially supported version for WordPress while PHP 8 is on "beta support". PHP 8 is the only major version of PHP still receiving active development and support. The PHP group regularly retires support for older versions of PHP, and older versions are not guaranteed to be updated for security concerns.
+
+At the same time, newer versions of PHP contain both security and performance improvements, while being accompanied by new features and bug fixes, which are not guaranteed to be backwards compatible. However, extreme care must be taken when upgrading the version of PHP. While WordPress is compatible with the latest releases of PHP, sites built to use older versions of PHP may not be compatible due to their included plugins and themes.
+
+If upgrading to PHP 8 is not immediately possible, upgrading to PHP 7.4 should be done as soon as possible. While WordPress _may_ work with older versions of PHP, these versions have reached official End Of Life, and running outdated PHP installations **may expose your site to security vulnerabilities**.
+
+You can find which PHP version is compatible with your WordPress version in the [PHP Compatibility and WordPress Versions](https://make.wordpress.org/core/handbook/references/php-compatibility-and-wordpress-versions/) page.
+
+More information about the support versions of PHP can always be found [on PHP's supported versions page](http://php.net/supported-versions.php).
+
+When upgrading PHP, it's a good practice to test sites for compatibility before upgrading. If you offer multiple environments, such as a staging and a production environment, PHP version should be configurable separately for each environments. This will allow users to test newer version of PHP in their non-production environment and resolve any issues before upgrading PHP version in the production environment.
+
+There's a useful [WP-CLI command](https://github.com/danielbachhuber/php-compat-command) for performing a general compatibility check, but be aware that it is not 100% accurate.
+
+### Configuration
+
+PHP is primarily configured using a configuration file, `php.ini`, from which PHP reads all of its settings and configuration at runtime. This usually happens through CGI/FastCGI, or a process manager like PHP-FPM.
+
+Some server environment may allow PHP configurations to be customized with other files like the `.htaccess` or `.user.ini` file.
+
+You can see detailed information about each of these directives [in the official PHP documentation](http://php.net/manual/en/ini.core.php).
+
+#### Timeouts
+
+There are several timeout settings on a system that limit different aspects of a request. When configuring your timeouts, it's important to select values that work well together. For example, it doesn't make sense to have a very high script execution timeout on your PHP service, if the web server (e.g. Apache) timeout is lower than that - in such case, if the request takes longer, it will be killed by the web server no matter your PHP timeout setting is.
+
+Note that processes take different amount of time, depending on the server load, and those limitations are placed to ensure that your server functions properly. If you have high server load, processes may take longer to complete thus causing a cascade effect leading to even more server load. That's why it's a matter of balance between giving enough time for your scripts to be compiled and ensuring that you're within normal server loads.
+
+The primary PHP timeout can be set with the [`max_execution_time`](http://php.net/manual/en/info.configuration.php#ini.max-execution-time) `php.ini` directive. This limits code execution, and not system library calls or MySQL queries, [except on Windows](http://php.net/manual/en/function.set-time-limit.php), where it does.
+
+The maximum time allowed for data transfer from the web server to PHP is specified with the [`max_input_time`](http://php.net/manual/en/info.configuration.php#ini.max-input-time) `php.ini` directive. It is usually used to limit the amount of time allowed to upload files. It's important to note that the amount of time is separate from `max_execution_time`, and defines the amount of time between when the web server calls PHP and execution starts.
+
+Note that these timeouts are often configured per server and you won't be able to modify them if you're on a shared hosting account. The best approach would be to contact your hosting company tech support and see if they can be modified to suit your needs.
+
+#### Memory Limits
+
+The maximum amount of memory that PHP is allowed to use per page render is specified with the [`memory limit`](https://www.php.net/manual/en/ini.core.php#ini.memory-limit) `php.ini` directive.
+
+In addition to setting memory limits within PHP, WordPress has two memory configuration constants that can be changed in the **wp-config.php** file. WordPress will raise the PHP `memory_limit` to these values if it has permission to do so, but if the `php.ini` specifies higher amounts, WordPress will not lower the amount allowed.
+
+The option `WP_MEMORY_LIMIT` declares the amount of memory WordPress should request for rendering the frontend of the website. WordPress default is 40 MB and WordPress MultiSite default is 64 MB.
+
+ define( 'WP_MEMORY_LIMIT', '128M' );
+
+The option `WP_MAX_MEMORY_LIMIT` declares the amount of memory WordPress should request for rendering the backend of the website. WordPress default is 256 MB.
+
+ define( 'WP_MAX_MEMORY_LIMIT', '256M' );
+
+Since the WordPress backend usually requires more memory, there's a separate setting for the amount, that can be set for logged in users. This is mainly required for media uploads. You can have it set higher than the front end limit to ensure your backend has all the resources it needs. Usually, `WP_MEMORY_LIMIT` <= `WP_MAX_MEMORY_LIMIT`.
+
+#### File Upload Sizes
+
+When uploading media files and other content to WordPress using the WordPress admin dashboard, WordPress uses PHP to process the uploads. PHP's configuration includes limits on the size of files that can be uploaded through PHP and on the size of requests that can be sent to the web server for processing. These will need to align with the server's timeouts, discussed above.
+
+The limit on the size of individual file uploads can be configured using the [`upload_max_filesize`](https://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize) `php.ini` directive.
+
+The limit on the entire size of a request that can be sent from the web server to PHP for processing can be configured using the [`post_max_size`](http://php.net/manual/en/ini.core.php#ini.post-max-size) `php.ini` directive. The value for `post_max_size` must be greater than or equal to the value for `upload_max_filesize`. PHP will not process requests larger in size than the value for `post_max_size`.
+
+Note that `post_max_size` applies to every PHP request and not only uploads, so it may become important to address separately if a site processes a large amount of other data included with the request.
+
+Bear in mind that on shared hosting accounts, those limits are usually set on a server level and you may not be able to modify them or increase them above a certain value. In addition to that, different setups have different ways to modify the above mentioned values. Contact your hosting company tech support for additional assistance on that matter.
+
+#### Replacing WordPress' Cron Triggers
+
+The `wp-cron.php` script is responsible for causing certain tasks to be scheduled and executed automatically. Every time someone visits your website, `wp-cron.php` checks whether it is time to execute a job or not. Even though these checks are small and fast they consume time and produce load. For this reason, it's worth considering setting the [`DISABLE_WP_CRON` constant](https://codex.wordpress.org/Editing_wp-config.php#Disable_Cron_and_Cron_Timeout) and using an alternative method to trigger WordPress' cron system. Note, however, that the WordPress cron system is designed with performance in mind and requires minimal resources to operate so it's not mandatory to replace it unless you really need to do so.
From 8c321abc6212e5c5bf1e86bb1e169b9a63b9615b Mon Sep 17 00:00:00 2001
From: Christoph Daum
Date: Thu, 8 Jun 2023 16:11:13 +0300
Subject: [PATCH 05/82] Update cookies.md
---
wordpress/cookies.md | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/wordpress/cookies.md b/wordpress/cookies.md
index e93ac48a..b2b855da 100644
--- a/wordpress/cookies.md
+++ b/wordpress/cookies.md
@@ -24,11 +24,11 @@ After login, WordPress sets the `wordpress_logged_in_[hash]` cookie, which indic
WordPress also sets a few `wp-settings-{time}-[UID]` cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
-The cookies length can be adjusted with the `auth_cookie_expiration` hook. An example of this can be found at [what's the easiest way to stop wp from ever logging me out](https://wordpress.stackexchange.com/questions/515/whats-the-easiest-way-to-stop-wp-from-ever-logging-me-out).
+The cookies lifetime can be adjusted with the `auth_cookie_expiration` hook. An example of this can be found at [what's the easiest way to stop wp from ever logging me out](https://wordpress.stackexchange.com/questions/515/whats-the-easiest-way-to-stop-wp-from-ever-logging-me-out).
### Non-Version-Specific Data
-The actual cookies contain _hashed_ data, so you don't have to worry about someone gleaning your username and password by reading the cookie data. A _hash_ is the result of a specific mathematical formula applied to some input data (in this case your `user name` and `password`, respectively). It's quite hard to reverse a _hash_ (bordering on practical infeasibility with today's computers). This means it is very difficult to take a _hash_ and _"unhash"_ it to find the original input data.
+The actual cookies contain your username, the expiration time and _hashed_ data that ensures you have a valid session. A _hash_ is the result of a specific mathematical formula applied to some data. In case of this cookies, only 4 characters of your hashed password stored in a hash in your cookie. This ensures that it is impossible to retrieve your password from the cookie. It also ensures that any cookie will invalidated whenever your password is changed.
WordPress uses the two cookies to bypass the password entry portion of `wp-login.php`. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the [WordPress Administration Screen](https://wordpress.org/documentation/article/administration-screens). If you don't have the cookies, or they're expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies.
@@ -42,6 +42,16 @@ When visitors comment on your blog, they get cookies stored on their computer to
The commenter cookies are set to expire a little under one year from the time they're set.
+## WordPress Test Cookie
+
+WordPress will set a temporary cookie named `wordpress_test_cookie` which is to probe the ability of WordPress to set cookies. If writing this cookie fails, you will get the following error message "Cookies are blocked or not supported by your browser."
+
+In case you get this after moving your website, always try to delete your cookies and if you are using a caching plugin, the server cache. This will solve temporary issues.
+
+## Language Cookie
+
+WordPress allows you to alter the language of all translatable strings on login. For this measure WordPress will set a cookie named `wp_lang` which is a session cookie and will store the language key of the selected language.
+
## References
- [Wikipedia: Cookies](http://en.wikipedia.org/wiki/HTTP_cookie)
@@ -50,5 +60,6 @@ The commenter cookies are set to expire a little under one year from the time th
## Changelog
+- 2023-06-08: Adding Test Cookie, language cookie and improvements.
- 2022-09-20: Minor adjustments.
- 2022-09-11: Original content from [Cookies](https://wordpress.org/documentation/article/cookies/); added minor adjustments.
From 9544392211099236b64b66172bfcef8f29fe02a9 Mon Sep 17 00:00:00 2001
From: Milana Cap
Date: Mon, 31 Jul 2023 12:14:08 +0200
Subject: [PATCH 06/82] Update migrating.md
---
upgrade/migrating.md | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/upgrade/migrating.md b/upgrade/migrating.md
index 72c54361..e492d8e0 100644
--- a/upgrade/migrating.md
+++ b/upgrade/migrating.md
@@ -425,15 +425,11 @@ If you are moving from subdomains to subfolders, or vice-versa, remember to adju
### Related Links
-- [How to move WordPress site to another server with zero downtime](http://www.prelovac.com/vladimir/how-to-move-wordpress-site-to-another-server-with-zero-downtime)
- [Moving a blog from wordpress.com to self-hosted blog](http://www.problogger.net/archives/2009/01/03/how-to-move-from-wordpresscom-to-wordpressorg/)
- [Moving WordPress to a new domain or server](http://sltaylor.co.uk/blog/moving-wordpress-new-domain-server/)
- [Italian version of this article – Versione italiana dell'articolo](http://www.valent-blog.eu/2007/09/14/trasferire-wordpress/)
-- [How to move a WordPress Blog or Website](http://www.velvetblues.com/web-development-blog/how-to-move-a-wordpress-blog-or-website/)
- [Search and Replace for WordPress Databases](http://interconnectit.com/124/search-and-replace-for-wordpress-databases/)
-- [Online WordPress Serialized PHP Search and Replace](http://pixelentity.com/wordpress-search-replace-domain/)
-- [Cloning a live WordPress site to a local Mac test environment](http://egalo.com/2012/05/15/clone-live-wordpress-to-local-env/)
-- P[HP script to replace site url in WordPress database dump, even with WPML](http://blog.lavoie.sl/2012/07/php-script-to-replace-site-url-in.html)
+- [PHP script to replace site url in WordPress database dump, even with WPML](http://blog.lavoie.sl/2012/07/php-script-to-replace-site-url-in.html)
- [The Duplicator plugin helps administrators move a site from one location to another](https://wordpress.org/plugins/duplicator/)
- [Technical tutorial on moving your WordPress blog to Bitnami's AWS configuration](http://www.agileweboperations.com/migrate-your-wordpress-blog-to-a-bitnami-ec2-instance)
From 460c143781627ec1c25c9bf4ff31fce38bc2da63 Mon Sep 17 00:00:00 2001
From: Javier Casares
Date: Thu, 14 Sep 2023 16:41:59 +0300
Subject: [PATCH 07/82] new page
---
security/display-errors.md | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 security/display-errors.md
diff --git a/security/display-errors.md b/security/display-errors.md
new file mode 100644
index 00000000..c0d342de
--- /dev/null
+++ b/security/display-errors.md
@@ -0,0 +1,7 @@
+# Display Errors
+
+
+
+## Changelog
+
+- 2023-09-14: Setup.
From a7b89dc8301fdf14c435e48613828590a7d8790e Mon Sep 17 00:00:00 2001
From: Javier Casares
Date: Thu, 14 Sep 2023 17:14:48 +0300
Subject: [PATCH 08/82] title and fixed links
---
performance/php.md | 30 ++++++++++++++++++++----------
1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/performance/php.md b/performance/php.md
index 15690e6a..dc7e12d4 100644
--- a/performance/php.md
+++ b/performance/php.md
@@ -1,10 +1,12 @@
+## PHP
+
PHP (PHP: Hypertext Preprocessor) is a popular programming language on the Internet. PHP turns dynamic content, like that in WordPress, into HTML, CSS, and JavaScript that web browsers can read. WordPress is written primarily in PHP, and a server must have PHP in order for WordPress to be able to run.
As PHP is an interpreted language, its version and configuration has a large impact on how well and whether WordPress will run.
### Version
-When possible, PHP 7.4 or greater should be used to run WordPress. As of the writing of this document, PHP 7.4 is the officially supported version for WordPress while PHP 8 is on "beta support". PHP 8 is the only major version of PHP still receiving active development and support. The PHP group regularly retires support for older versions of PHP, and older versions are not guaranteed to be updated for security concerns.
+When possible, PHP 7.4 or greater should be used to run WordPress. As of the writing of this document, PHP 7.4 is the officially supported version for WordPress while PHP 8.0 and 8.1 are "compatible with exceptions", and PHP 8.2 is on "beta support". PHP 8 is the only major version of PHP still receiving active development and support. The PHP group regularly retires support for older versions of PHP, and older versions are not guaranteed to be updated for security concerns.
At the same time, newer versions of PHP contain both security and performance improvements, while being accompanied by new features and bug fixes, which are not guaranteed to be backwards compatible. However, extreme care must be taken when upgrading the version of PHP. While WordPress is compatible with the latest releases of PHP, sites built to use older versions of PHP may not be compatible due to their included plugins and themes.
@@ -12,7 +14,7 @@ If upgrading to PHP 8 is not immediately possible, upgrading to PHP 7.4 should b
You can find which PHP version is compatible with your WordPress version in the [PHP Compatibility and WordPress Versions](https://make.wordpress.org/core/handbook/references/php-compatibility-and-wordpress-versions/) page.
-More information about the support versions of PHP can always be found [on PHP's supported versions page](http://php.net/supported-versions.php).
+More information about the support versions of PHP can always be found [on PHP's supported versions page](https://www.php.net/supported-versions.php).
When upgrading PHP, it's a good practice to test sites for compatibility before upgrading. If you offer multiple environments, such as a staging and a production environment, PHP version should be configurable separately for each environments. This will allow users to test newer version of PHP in their non-production environment and resolve any issues before upgrading PHP version in the production environment.
@@ -24,7 +26,7 @@ PHP is primarily configured using a configuration file, `php.ini`, from which PH
Some server environment may allow PHP configurations to be customized with other files like the `.htaccess` or `.user.ini` file.
-You can see detailed information about each of these directives [in the official PHP documentation](http://php.net/manual/en/ini.core.php).
+You can see detailed information about each of these directives [in the official PHP documentation](https://www.php.net/manual/en/ini.core.php).
#### Timeouts
@@ -32,9 +34,9 @@ There are several timeout settings on a system that limit different aspects of a
Note that processes take different amount of time, depending on the server load, and those limitations are placed to ensure that your server functions properly. If you have high server load, processes may take longer to complete thus causing a cascade effect leading to even more server load. That's why it's a matter of balance between giving enough time for your scripts to be compiled and ensuring that you're within normal server loads.
-The primary PHP timeout can be set with the [`max_execution_time`](http://php.net/manual/en/info.configuration.php#ini.max-execution-time) `php.ini` directive. This limits code execution, and not system library calls or MySQL queries, [except on Windows](http://php.net/manual/en/function.set-time-limit.php), where it does.
+The primary PHP timeout can be set with the [`max_execution_time`](https://www.php.net/manual/en/info.configuration.php#ini.max-execution-time) `php.ini` directive. This limits code execution, and not system library calls or MySQL queries, [except on Windows](https://www.php.net/manual/en/function.set-time-limit.php), where it does.
-The maximum time allowed for data transfer from the web server to PHP is specified with the [`max_input_time`](http://php.net/manual/en/info.configuration.php#ini.max-input-time) `php.ini` directive. It is usually used to limit the amount of time allowed to upload files. It's important to note that the amount of time is separate from `max_execution_time`, and defines the amount of time between when the web server calls PHP and execution starts.
+The maximum time allowed for data transfer from the web server to PHP is specified with the [`max_input_time`](https://www.php.net/manual/en/info.configuration.php#ini.max-input-time) `php.ini` directive. It is usually used to limit the amount of time allowed to upload files. It's important to note that the amount of time is separate from `max_execution_time`, and defines the amount of time between when the web server calls PHP and execution starts.
Note that these timeouts are often configured per server and you won't be able to modify them if you're on a shared hosting account. The best approach would be to contact your hosting company tech support and see if they can be modified to suit your needs.
@@ -46,13 +48,17 @@ In addition to setting memory limits within PHP, WordPress has two memory config
The option `WP_MEMORY_LIMIT` declares the amount of memory WordPress should request for rendering the frontend of the website. WordPress default is 40 MB and WordPress MultiSite default is 64 MB.
- define( 'WP_MEMORY_LIMIT', '128M' );
+```
+define( 'WP_MEMORY_LIMIT', '128M' );
+```
The option `WP_MAX_MEMORY_LIMIT` declares the amount of memory WordPress should request for rendering the backend of the website. WordPress default is 256 MB.
- define( 'WP_MAX_MEMORY_LIMIT', '256M' );
+```
+define( 'WP_MAX_MEMORY_LIMIT', '256M' );
+```
-Since the WordPress backend usually requires more memory, there's a separate setting for the amount, that can be set for logged in users. This is mainly required for media uploads. You can have it set higher than the front end limit to ensure your backend has all the resources it needs. Usually, `WP_MEMORY_LIMIT` <= `WP_MAX_MEMORY_LIMIT`.
+Since the WordPress backend usually requires more memory, there's a separate setting for the amount, that can be set for logged in users. This is mainly required for media uploads. You can have it set higher than the front end limit to ensure your backend has all the resources it needs. Usually, `WP_MEMORY_LIMIT <= WP_MAX_MEMORY_LIMIT`.
#### File Upload Sizes
@@ -60,7 +66,7 @@ When uploading media files and other content to WordPress using the WordPress ad
The limit on the size of individual file uploads can be configured using the [`upload_max_filesize`](https://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize) `php.ini` directive.
-The limit on the entire size of a request that can be sent from the web server to PHP for processing can be configured using the [`post_max_size`](http://php.net/manual/en/ini.core.php#ini.post-max-size) `php.ini` directive. The value for `post_max_size` must be greater than or equal to the value for `upload_max_filesize`. PHP will not process requests larger in size than the value for `post_max_size`.
+The limit on the entire size of a request that can be sent from the web server to PHP for processing can be configured using the [`post_max_size`](https://www.php.net/manual/en/ini.core.php#ini.post-max-size) `php.ini` directive. The value for `post_max_size` must be greater than or equal to the value for `upload_max_filesize`. PHP will not process requests larger in size than the value for `post_max_size`.
Note that `post_max_size` applies to every PHP request and not only uploads, so it may become important to address separately if a site processes a large amount of other data included with the request.
@@ -68,4 +74,8 @@ Bear in mind that on shared hosting accounts, those limits are usually set on a
#### Replacing WordPress' Cron Triggers
-The `wp-cron.php` script is responsible for causing certain tasks to be scheduled and executed automatically. Every time someone visits your website, `wp-cron.php` checks whether it is time to execute a job or not. Even though these checks are small and fast they consume time and produce load. For this reason, it's worth considering setting the [`DISABLE_WP_CRON` constant](https://codex.wordpress.org/Editing_wp-config.php#Disable_Cron_and_Cron_Timeout) and using an alternative method to trigger WordPress' cron system. Note, however, that the WordPress cron system is designed with performance in mind and requires minimal resources to operate so it's not mandatory to replace it unless you really need to do so.
+The `wp-cron.php` script is responsible for causing certain tasks to be scheduled and executed automatically. Every time someone visits your website, `wp-cron.php` checks whether it is time to execute a job or not. Even though these checks are small and fast they consume time and produce load. For this reason, it's worth considering setting the [`DISABLE_WP_CRON` constant](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#disable-cron-and-cron-timeout) and using an alternative method to trigger WordPress' cron system. Note, however, that the WordPress cron system is designed with performance in mind and requires minimal resources to operate so it's not mandatory to replace it unless you really need to do so.
+
+## Changelog
+
+- 2023-06-08: New page created.
From 483945868084c32c6a5da82a266dc745a4b3c20f Mon Sep 17 00:00:00 2001
From: Javier Casares
Date: Thu, 14 Sep 2023 17:17:51 +0300
Subject: [PATCH 09/82] added to manifest
---
bin/handbook-manifest.json | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/bin/handbook-manifest.json b/bin/handbook-manifest.json
index 0ca1eefe..ed3e7e20 100644
--- a/bin/handbook-manifest.json
+++ b/bin/handbook-manifest.json
@@ -440,6 +440,13 @@
"parent": "performance",
"order": 2
},
+ "performance\/php": {
+ "title": "PHP Optimization",
+ "slug": "php",
+ "markdown_source": "https:\/\/github.com\/WordPress\/Advanced-administration-handbook\/blob\/main\/performance\/php.md",
+ "parent": "performance",
+ "order": 3
+ },
"debug": {
"title": "Debugging WordPress",
"slug": "debug",
From 4798b1ef8cb9db7d8960d18a6d4225e95d0ebb3f Mon Sep 17 00:00:00 2001
From: Simon Kraft <1038789+krafit@users.noreply.github.com>
Date: Thu, 14 Sep 2023 17:47:25 +0300
Subject: [PATCH 10/82] Remove links to multilingual plugins
---
wordpress/multilingual.md | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/wordpress/multilingual.md b/wordpress/multilingual.md
index 45bed8cb..402f26f8 100644
--- a/wordpress/multilingual.md
+++ b/wordpress/multilingual.md
@@ -4,16 +4,14 @@ WordPress does not support a bilingual or multilingual blog out-of-the-box. Ther
Creating a multilingual blog is basically installing WordPress in more than one language and letting the Plugin switch between them. This includes installing .mo languages files which most Plugins will require you to do manually. See [Installing WordPress in Your Language](https://developer.wordpress.org/advanced-administration/before-install/in-your-language/) for details.
-The free [WPGlobus](https://wordpress.org/plugins/wpglobus/), [Polylang](https://wordpress.org/plugins/polylang/), [qTranslate-X](https://wordpress.org/plugins/qtranslate-x/), [xili-language](https://wordpress.org/plugins/xili-language/) or [Sublanguage](https://wordpress.org/plugins/sublanguage/) plugins are installable on standalone WordPress sites. For multisite WordPress (one website per language), you can try [Multisite Language Switcher](https://wordpress.org/plugins/multisite-language-switcher/), [Zanto](https://wordpress.org/plugins/zanto/) or [Multilingual Press](https://wordpress.org/plugins/multilingual-press/) or purchase [WPML](https://wpml.org/).
-
## Different types of multilingual plugins {#different-types-of-multilingual-plugins}
There are a few basic types of multilingual Plugins:
-1. Manage multilingual posts in one post per language (e.g. [WPML](https://wpml.org/) – paid, [xili-language](https://wordpress.org/plugins/xili-language/), [Polylang](https://wordpress.org/plugins/polylang/), [Bogo](https://wordpress.org/plugins/bogo/) or [Sublanguage](https://wordpress.org/plugins/sublanguage/)). Translations are then linked together, indicating that one page is the translation of another.
-2. Store all languages alternatives for each post in the same post (e.g. [qTranslate-X](https://wordpress.org/plugins/qtranslate-x/), [WPGlobus](https://wordpress.org/plugins/wpglobus/)).
-3. Manage translations on the generated page instead of using a post context (e.g. [Transposh](https://wordpress.org/plugins/transposh-translation-filter-for-wordpress) and [Global Translator](https://wordpress.org/plugins/global-translator/)).
-4. Plugins like [Multisite Language Switcher](https://wordpress.org/plugins/multisite-language-switcher/), [Multilingual Press](https://wordpress.org/plugins/multilingual-press/), and [Zanto](https://wordpress.org/plugins/zanto/), link together separate WordPress network (multisite) installations for each language by pinging back and forth.
+1. Manage multilingual posts in one post per language. Translations are then linked together, indicating that one post is the translation of another.
+2. Store all languages alternatives for each post in the same post.
+3. Manage translations on the generated page instead of using a post context.
+4. Link together separate WordPress sites in a network (multisite) installations for each language by pinging back and forth.
### One language per post {#one-language-per-post}
@@ -119,4 +117,5 @@ Since many multilingual plugins change the database significantly, doing a [data
## Changelog
+- 2023-09-14: Removed links to individual plugins
- 2022-10-25: Original content from [Multilingual WordPress](https://wordpress.org/documentation/article/multilingual-wordpress/).
From bab6d310138af8d7e3f3f70efa6f92e4438e07ae Mon Sep 17 00:00:00 2001
From: Auri <73830184+aurigit@users.noreply.github.com>
Date: Thu, 14 Sep 2023 17:56:36 +0300
Subject: [PATCH 11/82] Update display-errors.md
---
security/display-errors.md | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/security/display-errors.md b/security/display-errors.md
index c0d342de..789baae6 100644
--- a/security/display-errors.md
+++ b/security/display-errors.md
@@ -1,7 +1,33 @@
# Display Errors
+## What is display_errors?
+
+`display_errors` is a directive found in PHP, found in the php.ini file. With this option, PHP determines whether or not errors should be printed directly on the page.
+
+## Why does display_errors need to be disabled?
+
+According to [PHP documentation](https://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors), it should never be enabled on production environments or live sites.
+
+While `display_errors` may provide useful information in debugging scenarios, there are potential security issues that need to be taken into account if it is activated. [See OWASP article about improper error handling.](https://owasp.org/www-community/Improper_Error_Handling)
+
+However, some hosting companies have `display_errors` enabled by default. This may be due to a misconfiguration, such as trying to disable it by using a configuration that does not work in hosting environments where for example PHP is not running as a module, but with PHP FastCGI Process Manager (PHP-FPM).
+
+## How to disable display_errors
+
+Check your hosting control panel to disable `display_errors` or reach out to your hosting provider.
+
+If your PHP is running as Apache module, you may be able to disable display_errors with the following .htaccess configuration:
+
+` php_flag display_errors off `
+
+If your server uses FastCGI/PHP-FPM, it may be possible disable the display_errors by ensuring that a .user.ini file with the following content:
+
+`display_errors = 0`
+
+If these examples do not work for you, or if you need more instructions, please reach out to your hosting provider.
## Changelog
- 2023-09-14: Setup.
+- 2023-09-14: Adding text.
From cdcbc17b05ba19b28be11e86be0081939585b124 Mon Sep 17 00:00:00 2001
From: Javier Casares
Date: Thu, 14 Sep 2023 18:02:20 +0300
Subject: [PATCH 12/82] fix changelog and adding manifest
---
bin/handbook-manifest.json | 7 +++++++
security/display-errors.md | 4 +---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/bin/handbook-manifest.json b/bin/handbook-manifest.json
index ed3e7e20..d601fbc6 100644
--- a/bin/handbook-manifest.json
+++ b/bin/handbook-manifest.json
@@ -412,6 +412,13 @@
"parent": "security",
"order": 6
},
+ "security\/hardening\/display-errors": {
+ "title": "Display Errors",
+ "slug": "display-errors",
+ "markdown_source": "https:\/\/github.com\/WordPress\/Advanced-administration-handbook\/blob\/main\/security\/display-errors.md",
+ "parent": "hardening",
+ "order": 1
+ },
"security\/monitoring": {
"title": "Monitoring",
"slug": "monitoring",
diff --git a/security/display-errors.md b/security/display-errors.md
index 789baae6..1cccc79e 100644
--- a/security/display-errors.md
+++ b/security/display-errors.md
@@ -26,8 +26,6 @@ If your server uses FastCGI/PHP-FPM, it may be possible disable the display_erro
If these examples do not work for you, or if you need more instructions, please reach out to your hosting provider.
-
## Changelog
-- 2023-09-14: Setup.
-- 2023-09-14: Adding text.
+- 2023-09-14: Setup, and Adding text.
From 77c702a361a3b9dab8115d0ab22f2938b95f7130 Mon Sep 17 00:00:00 2001
From: Leemy Pakvn <3759923+leemyongpakvn@users.noreply.github.com>
Date: Fri, 15 Sep 2023 07:25:49 +0700
Subject: [PATCH 13/82] redundant ]
---
wordpress/wp-config.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wordpress/wp-config.md b/wordpress/wp-config.md
index 5a624750..b16626f9 100644
--- a/wordpress/wp-config.md
+++ b/wordpress/wp-config.md
@@ -16,7 +16,7 @@ TEMPORALLY NOTE: this may link for the simple part, to:
The following sections may contain advanced information and some changes might result in unforeseen issues. Please make sure you practice [regular backups](https://developer.wordpress.org/advanced-administration/security/backup/) and know how to restore them before modifying these settings.
-### table_prefix {#table-prefix}]
+### table_prefix {#table-prefix}
The **$table_prefix** is the value placed in the front of your database tables. Change the value if you want to use something other than **wp_** for your database prefix. Typically this is changed if you are [installing multiple WordPress blogs](https://developer.wordpress.org/advanced-administration/before-install/multiple-instances/) in the same database, as is done with the multisite feature.
From 1bd681dada6b511b31cbc068452a58f82136dea7 Mon Sep 17 00:00:00 2001
From: Leemy Pakvn <3759923+leemyongpakvn@users.noreply.github.com>
Date: Fri, 15 Sep 2023 07:47:59 +0700
Subject: [PATCH 14/82] correct MD tag
---
security/brute-force.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/brute-force.md b/security/brute-force.md
index e5d0f64e..83625382 100644
--- a/security/brute-force.md
+++ b/security/brute-force.md
@@ -8,7 +8,7 @@ Due to the nature of these attacks, you may find your server's memory goes throu
This sort of attack is not endemic to WordPress, it happens with every webapp out there, but WordPress is popular and thus a frequent target.
-### Throttling Multiple Login Attempts (#throttling-multiple-login-attempts)
+### Throttling Multiple Login Attempts {#throttling-multiple-login-attempts}
One of the most common kinds of attacks targeting internet services is brute force login attacks. With this form of attack, a malicious party tries to guess WordPress usernames and passwords. The attacker needs only the URL of a user site to perform an attack. Software is readily available to perform these attacks using botnets, making increasingly complex passwords easier to find.
From e7e01e9313af13907fe1ac3328f9880061cb54b3 Mon Sep 17 00:00:00 2001
From: Leemy Pakvn <3759923+leemyongpakvn@users.noreply.github.com>
Date: Sat, 16 Sep 2023 09:35:55 +0700
Subject: [PATCH 15/82] there is no wp-images folder in WordPress
---
upgrade/upgrading.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/upgrade/upgrading.md b/upgrade/upgrading.md
index 5026eeaf..338ef2e0 100644
--- a/upgrade/upgrading.md
+++ b/upgrade/upgrading.md
@@ -17,7 +17,6 @@ This page contains a more detailed version of [the upgrade instructions](https:/
7. [Delete the old WordPress files](https://developer.wordpress.org/advanced-administration/upgrade/upgrading/#step-7-delete-the-old-wordpress-files) on your site, but **DO NOT DELETE**
– `wp-config.php` file;
– `wp-content` folder; Special Exception: the `wp-content/cache` and the `wp-content/plugins/widgets` folders should be deleted.
- – `wp-images` folder;
– `.htaccess` file–if you have added custom rules to your `.htaccess`, do not delete it;
– `robots.txt` file–if your blog lives in the root of your site (ie. the blog is the site) and you have created such a file, do not delete it.
From 6435191c4c021908041294aaeb104eaeac3c9c64 Mon Sep 17 00:00:00 2001
From: Leemy Pakvn <3759923+leemyongpakvn@users.noreply.github.com>
Date: Sat, 16 Sep 2023 09:38:30 +0700
Subject: [PATCH 16/82] emphasize
---
multisite/create-network.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/multisite/create-network.md b/multisite/create-network.md
index 04fc0ee2..03555bb3 100644
--- a/multisite/create-network.md
+++ b/multisite/create-network.md
@@ -61,7 +61,7 @@ Once more: See [Before You Create A Network](https://developer.wordpress.org/adv
**Network Details**
-These are filled in automatically, but you can make changes. Server Address The domain of the URL you are using to access your WordPress installation. Network Title The title of your network as a whole. Admin E-mail Address Your email address as super admin of the network as a whole.
+These are filled in automatically, but you can make changes. `Server Address`: the domain of the URL you are using to access your WordPress installation. `Network Title`: the title of your network as a whole. `Network Admin E-mail`: your email address as super admin of the network as a whole.
Double-check the details and press the **Install** button.
From fd054645ab51f1e30f08961a1318b3af7ca7fbbf Mon Sep 17 00:00:00 2001
From: henkwhite <82368058+henkwhite@users.noreply.github.com>
Date: Thu, 19 Oct 2023 13:35:55 +0200
Subject: [PATCH 17/82] Mentioned phase 4 + link roadmap
---
wordpress/multilingual.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wordpress/multilingual.md b/wordpress/multilingual.md
index 402f26f8..ee7ea974 100644
--- a/wordpress/multilingual.md
+++ b/wordpress/multilingual.md
@@ -1,6 +1,6 @@
# Multilingual WordPress
-WordPress does not support a bilingual or multilingual blog out-of-the-box. There are however Plugins developed by the WordPress community which will allow you to create a multilingual blog easily.
+WordPress currently does not support a bilingual or multilingual blog out-of-the-box. There are however Plugins developed by the WordPress community which will allow you to create a multilingual blog easily. The fourth and finale phase of WordPress's Gutenberg project will make multiligual support a core component of WordPress and the Site Editor as you can see on the roadmap (https://wordpress.org/about/roadmap/).
Creating a multilingual blog is basically installing WordPress in more than one language and letting the Plugin switch between them. This includes installing .mo languages files which most Plugins will require you to do manually. See [Installing WordPress in Your Language](https://developer.wordpress.org/advanced-administration/before-install/in-your-language/) for details.
From 0f440fb574c545f356c1f7395924e52da5fbe637 Mon Sep 17 00:00:00 2001
From: henkwhite <82368058+henkwhite@users.noreply.github.com>
Date: Thu, 19 Oct 2023 13:44:52 +0200
Subject: [PATCH 18/82] align wording with existing documentation
---
wordpress/multilingual.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wordpress/multilingual.md b/wordpress/multilingual.md
index ee7ea974..1f228614 100644
--- a/wordpress/multilingual.md
+++ b/wordpress/multilingual.md
@@ -1,6 +1,6 @@
# Multilingual WordPress
-WordPress currently does not support a bilingual or multilingual blog out-of-the-box. There are however Plugins developed by the WordPress community which will allow you to create a multilingual blog easily. The fourth and finale phase of WordPress's Gutenberg project will make multiligual support a core component of WordPress and the Site Editor as you can see on the roadmap (https://wordpress.org/about/roadmap/).
+WordPress currently does not support a bilingual or multilingual blog out-of-the-box. There are however Plugins developed by the WordPress community which will allow you to create a multilingual blog easily. The fourth and final phase of the WordPress Gutenberg project will add core implementation for multilingual sites as listed in the [WordPress roadmap](https://wordpress.org/about/roadmap/).
Creating a multilingual blog is basically installing WordPress in more than one language and letting the Plugin switch between them. This includes installing .mo languages files which most Plugins will require you to do manually. See [Installing WordPress in Your Language](https://developer.wordpress.org/advanced-administration/before-install/in-your-language/) for details.
From 0b6200c695854c6d9d3be4f6844b461e2f698f52 Mon Sep 17 00:00:00 2001
From: Niklas Gutberlet <70433191+InpsydeNiklas@users.noreply.github.com>
Date: Thu, 19 Oct 2023 15:20:26 +0200
Subject: [PATCH 19/82] Create adminer.md
Initial Adminer page draft
---
upgrade/adminer.md | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
create mode 100644 upgrade/adminer.md
diff --git a/upgrade/adminer.md b/upgrade/adminer.md
new file mode 100644
index 00000000..7dbeb84e
--- /dev/null
+++ b/upgrade/adminer.md
@@ -0,0 +1,42 @@
+# Adminer
+
+## What is Adminer?
+
+[Adminer](https://www.adminer.org/), formerly known as phpMinAdmin, is a full-featured database management tool written in PHP. Unlike [phpMyAdmin](https://developer.wordpress.org/advanced-administration/upgrade/phpmyadmin/), which is a multi-file solution, Adminer consists of a single file that's ready for deployment to the target server. It is available for various databases, including MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Elasticsearch, MongoDB, and others. Since WordPress stores all its data in the MySQL database, Adminer offers a "raw" view of the data, tables, and fields within this database.
+
+## Advantages of Adminer
+
+- **Simple Interface**: Adminer offers a clean and user-friendly interface, unlike some other database management tools.
+- **Direct Data Manipulation**: Useful for direct database edits, especially if WordPress stopped working.
+- **Lightweight**: Being a single PHP file, it is easy to upload/install and use.
+
+## What is it good for?
+
+Adminer is beneficial for table maintenance, data backups, and direct database edits. Occasionally, in the [Support Forums](https://wordpress.org/support/welcome/#asking-for-support), contributors share beneficial SQL queries that can be executed using tools like Adminer.
+
+## Where can I get it?
+
+Many hosting control panels, like cPanel and Plesk, come with [phpMyAdmin](https://wordpress.org/documentation/article/phpmyadmin/) pre-installed. If unavailable, users can consult with their hosting provider to get database access.
+
+For those who prefer to use Adminer, it can be downloaded from the [Adminer project page](https://www.adminer.org/).
+
+## Installing Adminer
+
+1. Download the latest version of Adminer from the [Adminer download page](https://www.adminer.org/en/#download).
+2. Upload the Adminer PHP file into the WordPress root directory (where the `wp-config.php` file is located) using an FTP tool like [FileZilla](https://wordpress.org/documentation/article/using-filezilla/).
+3. After uploading the Adminer PHP file to the WordPress root directory, you can access it from your browser by adding the file name to the URL, e.g., `https://example.com/adminer-4.8.1.php`.
+4. The database login credentials must be manually filled and can be obtained from the `wp-config.php` file.
+
+## Installing Adminer as a WordPress Plugin
+
+Adminer might also be available as a plugin in the [WordPress plugin repository](https://wordpress.org/plugins/search/database+adminer/). When installing Adminer as a WordPress plugin, the database login credentials may be automatically inserted from the `wp-config.php` file.
+
+## Security Precautions
+
+To prevent unauthorized access, please ensure that Adminer is either removed or protected after use, especially if it can be accessed publicly. One way to protect it is by restricting access using the `.htaccess` file. If you're unfamiliar with `.htaccess` file restrictions, consider seeking [guidance on hardening WordPress](https://wordpress.org/documentation/article/hardening-wordpress/) or removing Adminer after use.
+
+## Changelog
+
+- 2023-10-19: Include content from [phpMyAdmin](https://wordpress.org/documentation/article/phpmyadmin/).
+- 2023-10-19: Include content from [FileZilla](https://wordpress.org/documentation/article/using-filezilla/).
+- 2023-10-19: Include content from [Hardening WordPress](https://wordpress.org/documentation/article/hardening-wordpress/)
From 934827b441659077ce164158734537ec1be3edc0 Mon Sep 17 00:00:00 2001
From: Niklas Gutberlet <70433191+InpsydeNiklas@users.noreply.github.com>
Date: Thu, 19 Oct 2023 16:06:00 +0200
Subject: [PATCH 20/82] Update adminer.md
minor text tweaks
---
upgrade/adminer.md | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/upgrade/adminer.md b/upgrade/adminer.md
index 7dbeb84e..85ea4245 100644
--- a/upgrade/adminer.md
+++ b/upgrade/adminer.md
@@ -8,7 +8,7 @@
- **Simple Interface**: Adminer offers a clean and user-friendly interface, unlike some other database management tools.
- **Direct Data Manipulation**: Useful for direct database edits, especially if WordPress stopped working.
-- **Lightweight**: Being a single PHP file, it is easy to upload/install and use.
+- **Lightweight**: Being a single PHP file, it is easy to upload, use, and remove.
## What is it good for?
@@ -16,8 +16,7 @@ Adminer is beneficial for table maintenance, data backups, and direct database e
## Where can I get it?
-Many hosting control panels, like cPanel and Plesk, come with [phpMyAdmin](https://wordpress.org/documentation/article/phpmyadmin/) pre-installed. If unavailable, users can consult with their hosting provider to get database access.
-
+Many hosting control panels, like cPanel and Plesk, come with [phpMyAdmin](https://developer.wordpress.org/advanced-administration/upgrade/phpmyadmin/) pre-installed. If no database access is available, users can consult with their hosting provider to get database access.
For those who prefer to use Adminer, it can be downloaded from the [Adminer project page](https://www.adminer.org/).
## Installing Adminer
@@ -29,7 +28,7 @@ For those who prefer to use Adminer, it can be downloaded from the [Adminer proj
## Installing Adminer as a WordPress Plugin
-Adminer might also be available as a plugin in the [WordPress plugin repository](https://wordpress.org/plugins/search/database+adminer/). When installing Adminer as a WordPress plugin, the database login credentials may be automatically inserted from the `wp-config.php` file.
+Adminer might also be available as a plugin in the [WordPress plugin repository](https://wordpress.org/plugins/search/database+adminer/). If installed as a WordPress plugin, Adminer may automatically use the database login credentials from the `wp-config.php` file when accessing it.
## Security Precautions
From e63ff5b1bd3664b384bad3b237ceda793f1fdf6d Mon Sep 17 00:00:00 2001
From: Benjamin Zekavica
Date: Mon, 6 Nov 2023 15:48:31 +0100
Subject: [PATCH 21/82] Update index.md
---
themes/index.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/themes/index.md b/themes/index.md
index 3a4f670b..934c485b 100644
--- a/themes/index.md
+++ b/themes/index.md
@@ -1,9 +1,61 @@
# Themes
+The Theme refers to the underlying technologies and components that come together to deliver the visual design and functionality of a WordPress website. It encompasses the server-side components that power WordPress, as well as the architecture and files specific to WordPress themes.
+Understanding the technology behind WordPress themes on the server is fundamental to building and maintaining successful WordPress websites. Whether you're a developer, designer, or administrator, this knowledge empowers you to create and manage themes effectively, ensuring a secure, high-performing, and visually appealing web presence.
+## Technology of Themes
+### Web Servers
+Web servers (e.g., Apache, Nginx) handle incoming HTTP requests and serve web pages. They play a critical role in delivering WordPress themes to users.
+
+### PHP
+PHP is the server-side scripting language that WordPress is built upon. It processes requests, connects to the database, and generates dynamic content based on theme files and user input.
+
+### Databases
+WordPress relies on databases, typically MySQL, to store content, settings, and theme data. It retrieves information from the database to dynamically generate web pages.
+
+### File Systems
+File systems are used to store theme files, images, JavaScript, and CSS. Understanding the structure and organization of theme files is essential for theme development.
+
+## Theme Architecture
+
+WordPress themes consist of PHP template files, CSS stylesheets, JavaScript files, and other assets. Themes are organized within the `wp-content/themes` directory on the server.
+
+Template files determine the layout and structure of web pages. Key templates include `header.php`, `footer.php`, and various content-specific templates like `single.php` and `page.php`.
+
+### Style Sheets (CSS)
+CSS files control the visual presentation of the theme. Styles are defined in CSS files and determine elements like colors, fonts, and layout.
+
+### JavaScript
+JavaScript files enhance website interactivity and functionality. These files can be included in themes for tasks like form validation, animations, and AJAX functionality.
+
+### Functions.php
+The `functions.php` file contains PHP functions and code for theme-specific features and customizations. It's where you can add actions, filters, and custom functions to modify how the theme behaves.
+
+## Workflow on your Webserver
+
+### User Requests
+When a user visits a WordPress site, the web server processes their request and forwards it to WordPress.
+
+### WordPress Core
+WordPress core, which includes PHP scripts and database queries, interprets the user's request and retrieves content and settings.
+
+### Theme Integration
+The selected theme's template files and styles are integrated into the content, and the final HTML, CSS, and JavaScript are generated and sent to the user's browser.
+
+## Customization and Optimization
+
+### Child Themes
+Child themes are used to extend and customize existing themes without modifying the original theme files. This allows you to make changes without losing updates or risking theme conflicts.
+
+### Performance
+Optimizing themes for performance includes minimizing server requests, reducing image sizes, and optimizing CSS and JavaScript. Caching techniques can also enhance loading speed.
+
+### Security Considerations
+Proper security practices include keeping themes and WordPress core up-to-date, securing database access, and sanitizing user input to prevent vulnerabilities.
## Changelog
+- 2023-11-06: Added Update Theme Informationen.
- 2022-08-16: Nothing here, yet.
From b05b622969ae0e9a4c4ba8bf3853f06ab90dac24 Mon Sep 17 00:00:00 2001
From: Benjamin Zekavica
Date: Mon, 6 Nov 2023 15:51:58 +0100
Subject: [PATCH 22/82] Update index.md
---
themes/index.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/themes/index.md b/themes/index.md
index 934c485b..8c9a683f 100644
--- a/themes/index.md
+++ b/themes/index.md
@@ -19,7 +19,6 @@ WordPress relies on databases, typically MySQL, to store content, settings, and
File systems are used to store theme files, images, JavaScript, and CSS. Understanding the structure and organization of theme files is essential for theme development.
## Theme Architecture
-
WordPress themes consist of PHP template files, CSS stylesheets, JavaScript files, and other assets. Themes are organized within the `wp-content/themes` directory on the server.
Template files determine the layout and structure of web pages. Key templates include `header.php`, `footer.php`, and various content-specific templates like `single.php` and `page.php`.
From 920a29f9d760d65a69787778c7652cc28225845f Mon Sep 17 00:00:00 2001
From: Javier Casares
Date: Thu, 11 Jan 2024 10:22:48 +0100
Subject: [PATCH 23/82] fix some http:// to https://
---
before-install/creating-database.md | 2 +-
before-install/development.md | 22 ++++++------
before-install/howto-install.md | 20 +++++------
before-install/in-your-language.md | 4 +--
debug/test-driving.md | 21 ++++++-----
multisite/administration.md | 2 +-
multisite/create-network.md | 2 +-
multisite/prepare-network.md | 10 +++---
performance/cache.md | 6 ++--
plugins/mu-plugins.md | 2 +-
resources/faq.md | 4 +--
resources/index.md | 10 +++---
security/backup-database.md | 14 ++++----
security/backup-files.md | 2 +-
security/backup.md | 6 ++--
security/brute-force.md | 26 +++++++-------
security/hardening.md | 44 +++++++++++------------
security/https.md | 12 +++----
security/mfa.md | 4 +--
server/file-permissions.md | 8 ++---
server/nginx.md | 26 +++++++-------
server/server-info.md | 6 ++--
server/subdomains-wildcard.md | 2 +-
server/wordpress-in-directory.md | 6 ++--
upgrade/filezilla.md | 2 +-
upgrade/ftp.md | 4 +--
upgrade/migrating.md | 56 ++++++++++++++---------------
upgrade/upgrading.md | 6 ++--
wordpress/common-errors.md | 6 ++--
wordpress/cookies.md | 6 ++--
wordpress/edit-files.md | 2 +-
wordpress/feeds.md | 38 ++++++++++----------
wordpress/site-architecture.md | 16 ++++-----
wordpress/wp-config.md | 32 ++++++++---------
34 files changed, 212 insertions(+), 217 deletions(-)
diff --git a/before-install/creating-database.md b/before-install/creating-database.md
index ee6788e8..3cf08413 100644
--- a/before-install/creating-database.md
+++ b/before-install/creating-database.md
@@ -73,7 +73,7 @@ If you need to write these values somewhere, avoid writing them in the system th
## Using Plesk
-If your hosting provider supplies the [Plesk](http://www.plesk.com/) hosting control panel and you want to install WordPress manually, follow the instructions below to create a database:
+If your hosting provider supplies the [Plesk](https://www.plesk.com/) hosting control panel and you want to install WordPress manually, follow the instructions below to create a database:
1. Log in to Plesk.
2. Click **Databases** in the Custom Website area of your website on the Websites & Domains page:
diff --git a/before-install/development.md b/before-install/development.md
index 54ade3f3..f15b91a8 100644
--- a/before-install/development.md
+++ b/before-install/development.md
@@ -9,20 +9,20 @@ Use these instructions for setting up a local server environment for testing and
Installing WordPress locally is usually meant for the purpose of development. Those interested in development should follow the instructions below and download WordPress locally.
- [Local](https://localwp.com/) – Free, one-click WordPress installer.
- [Lando](https://docs.lando.dev/wordpress/) – Free plugin to install WordPress locally.
-- [AMPPS](http://ampps.com/download) – Free WAMP/MAMP/LAMP stack, with inbuilt Softaculous Installer. Can 1 click install and upgrade WordPress and others as well.
+- [AMPPS](https://ampps.com/downloads/) – Free WAMP/MAMP/LAMP stack, with inbuilt Softaculous Installer. Can 1 click install and upgrade WordPress and others as well.
- [Installing WordPress Locally on Your Mac With MAMP](https://codex.wordpress.org/Installing_WordPress_Locally_on_Your_Mac_With_MAMP)
- [User:Beltranrubo/BitNami](https://codex.wordpress.org/User:Beltranrubo/BitNami) Free all-in-one installers for OS X, Windows and Linux. There are also available installers for WordPress Multisite [User:Beltranrubo/BitNami_Multisite](https://codex.wordpress.org/User:Beltranrubo/BitNami_Multisite) using different domains or subdomains.
-- [Instant WordPress](http://www.instantwp.com/) is a free, standalone, portable WordPress development environment for Windows that will run from a USB key.
+- [Instant WordPress](https://instantwp.com/) is a free, standalone, portable WordPress development environment for Windows that will run from a USB key.
### Software Appliance - Ready-to-use
-You may find that using a pre-integrated [software appliance](http://en.wikipedia.org/wiki/Software_appliance) is a great way to get up and running with WordPress, especially in combination with virtual machine software (e.g., VMWare, VirtualBox, Xen HVM, KVM).
+You may find that using a pre-integrated [software appliance](https://en.wikipedia.org/wiki/Software_appliance) is a great way to get up and running with WordPress, especially in combination with virtual machine software (e.g., VMWare, VirtualBox, Xen HVM, KVM).
Another software that can be used is Parallels, which you would have to pay for unlike virtual machine software. It allows you to run both Mac and Windows on your machine.
A software appliance allows users to altogether skip manual installation of WordPress and its dependencies, and instead deploy a self-contained system that requires little to no setup, in just a couple of minutes.
-- [TurnKey WordPress Appliance](http://www.turnkeylinux.org/wordpress): a free Debian-based appliance that just works. It bundles a collection of popular WordPress plugins and features a small footprint, automatic security updates, SSL support and a Web administration interface. Available as ISO, various virtual machine images, or launch in the cloud.
+- [TurnKey WordPress Appliance](https://www.turnkeylinux.org/wordpress): a free Debian-based appliance that just works. It bundles a collection of popular WordPress plugins and features a small footprint, automatic security updates, SSL support and a Web administration interface. Available as ISO, various virtual machine images, or launch in the cloud.
### Unattended/automated installation of WordPress on Ubuntu Server 16.04 LTS
@@ -37,16 +37,16 @@ A popular approach to running a local copy of your live site is to use the same
Once you have your local files setup, you will need to modify wp-config.php in the root of your local install.
```
-define('WP_HOME', "http://{$_SERVER['HTTP_HOST']}");
-define('WP_SITEURL', "http://{$_SERVER['HTTP_HOST']}");
+define('WP_HOME', "https://{$_SERVER['HTTP_HOST']}");
+define('WP_SITEURL', "https://{$_SERVER['HTTP_HOST']}");
ob_start( 'ob_replace_home_url' );
function ob_replace_home_url( $content ) {
$home_urls = array(
- 'http://site.testing.foo.com',
- 'http://site.foo.com',
- 'http://site.authoring.testing.foo.com',
- 'http://site.authoring.foo.com',
+ 'https://site.testing.example.com',
+ 'https://site.example.com',
+ 'https://site.authoring.testing.example.com',
+ 'https://site.authoring.example.com',
);
$content = str_replace( $home_urls, WP_HOME, $content );
@@ -72,7 +72,7 @@ add_filter ( 'pre_option_home', 'test_localhosts' );
add_filter ( 'pre_option_siteurl', 'test_localhosts' );
function test_localhosts( ) {
if (... same logic as before to see if on dev site ...) {
- return "http://my.web.zz/dev";
+ return "https://my.example.com/dev";
}
else return false; // act as normal; will pull main site info from db
}
diff --git a/before-install/howto-install.md b/before-install/howto-install.md
index 261a6e98..560eaf30 100644
--- a/before-install/howto-install.md
+++ b/before-install/howto-install.md
@@ -16,12 +16,12 @@ Here's the quick version of the instructions for those who are already comfortab
3. (Optional) Find and rename `wp-config-sample.php` to `wp-config.php`, then edit the file [(see Editing wp-config.php)](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/) and add your database information.
**Note:** If you are not comfortable with renaming files, step 3 is optional and you can skip it as the install program will create the `wp-config.php` file for you.
4. Upload the WordPress files to the desired location on your web server:
- - If you want to integrate WordPress into the root of your domain (e.g. http://example.com/), move or upload all contents of the unzipped WordPress directory (excluding the WordPress directory itself) into the root directory of your web server.
- - If you want to have your WordPress installation in its own subdirectory on your website (e.g. http://example.com/blog/), create the blog directory on your server and upload the contents of the unzipped WordPress package to the directory via FTP.
+ - If you want to integrate WordPress into the root of your domain (e.g. https://example.com/), move or upload all contents of the unzipped WordPress directory (excluding the WordPress directory itself) into the root directory of your web server.
+ - If you want to have your WordPress installation in its own subdirectory on your website (e.g. https://example.com/blog/), create the blog directory on your server and upload the contents of the unzipped WordPress package to the directory via FTP.
- **Note:** If your FTP client has an option to convert file names to lower case, make sure it's disabled.
5. Run the WordPress installation script by accessing the URL in a web browser. This should be the URL where you uploaded the WordPress files.
-- If you installed WordPress in the root directory, you should visit: http://example.com/
-- If you installed WordPress in its own subdirectory called blog, for example, you should visit: http://example.com/blog/
+- If you installed WordPress in the root directory, you should visit: https://example.com/
+- If you installed WordPress in its own subdirectory called blog, for example, you should visit: https://example.com/blog/
That's it! WordPress should now be installed.
## Detailed instructions {#detailed-instructions}
@@ -107,8 +107,8 @@ Save the `wp-config.php` file.
### Step 4: Upload the files
Now you will need to decide where on your domain you'd like your WordPress-powered site to appear:
-- In the root directory of your website. (For example, http://example.com/)
-- In a subdirectory of your website. (For example, http://example.com/blog/)
+- In the root directory of your website. (For example, https://example.com/)
+- In a subdirectory of your website. (For example, https://example.com/blog/)
_**Note:** The location of your root web directory in the filesystem on your [web server](https://wordpress.org/documentation/article/glossary/#web-server) will vary across [hosting providers](https://wordpress.org/documentation/article/glossary/#hosting-provider) and operating systems. Check with your hosting provider or system administrator if you do not know where this is._
@@ -126,8 +126,8 @@ If your files are already on your web server, and you are using [shell](https://
Point a web browser to start the installation script.
-- If you placed the WordPress files in the root directory, you should visit: http://example.com/wp-admin/install.php
-- If you placed the WordPress files in a subdirectory called blog, for example, you should visit: http://example.com/blog/wp-admin/install.php
+- If you placed the WordPress files in the root directory, you should visit: https://example.com/wp-admin/install.php
+- If you placed the WordPress files in a subdirectory called blog, for example, you should visit: https://example.com/blog/wp-admin/install.php
#### Setup configuration file
@@ -159,7 +159,7 @@ You can also install WordPress on Ubuntu with [one click WordPress Hosting](http
### Installing WordPress at AWS
- [Installatron WordPress](https://aws.amazon.com/marketplace/pp/prodview-duuvqpjnl65oe) Installatron WordPress is a pre-configured and ready-to-launch image that contains a WordPress website and Installatron's WordPress management tools.
-- [Architecting a Highly Scalable WordPress Site in AWS](http://www.slideshare.net/harishganesan/scaling-wordpress-in-aws-amazon-ec2) A guide for building a more expensive, highly scalable AWS implementation using Amazon's Relational Data Store (RDS) et al.
+- [Architecting a Highly Scalable WordPress Site in AWS](https://www.slideshare.net/harishganesan/scaling-wordpress-in-aws-amazon-ec2) A guide for building a more expensive, highly scalable AWS implementation using Amazon's Relational Data Store (RDS) et al.
### Installing WordPress at DigitalOcean
@@ -173,7 +173,7 @@ You can also install WordPress on Ubuntu with one click using this [StackScript]
### Installing WordPress at iPage Hosting
-- [This is a great step by step tutorial by IStartBlogging](http://istartblogging.com/#express-blog-install) on how to setup your blog the smart way with iPage Hosting.
+- [This is a great step by step tutorial by IStartBlogging](https://istartblogging.com/#express-blog-install) on how to setup your blog the smart way with iPage Hosting.
In less than 5 minutes from now, you will have your blog ready on your domain. You will install WordPress on your own domain as an Automated Process with ONE Click WordPress Installation feature from iPage hosting.
diff --git a/before-install/in-your-language.md b/before-install/in-your-language.md
index 54219bca..1a9e9057 100644
--- a/before-install/in-your-language.md
+++ b/before-install/in-your-language.md
@@ -8,7 +8,7 @@ Although WordPress displays in U.S. English by default, it has the built-in capa
As of version 4.0, you can have WordPress [automatically install the language of your choice](https://make.wordpress.org/core/2014/09/05/language-chooser-in-4-0/) during the installation process.
-For WordPress 4.1 or later, you can [install language packs directly from the Admin back-end](http://wplang.org/wordpress-4-1-install-language-packs-dashboard/) at any time. WordPress will download them and switch the admin back-end to that language. Navigate to **Settings > General > Site Language** and select from the list of available languages. For Multisite Super Admins, you can set the default language using the Network Administration **Settings** panel.
+For WordPress 4.1 or later, you can [install language packs directly from the Admin back-end](https://wplang.org/wordpress-4-1-install-language-packs-dashboard/) at any time. WordPress will download them and switch the admin back-end to that language. Navigate to **Settings > General > Site Language** and select from the list of available languages. For Multisite Super Admins, you can set the default language using the Network Administration **Settings** panel.
## Manually installing language files
@@ -16,7 +16,7 @@ Here are the steps you will need to follow to install an international version o
**Note:** If you make an error in the steps or you do not specify the correct language, WordPress will default back to English. For more help Installing WordPress, see [Installing WordPress](https://developer.wordpress.org/advanced-administration/before-install/howto-install/) and [FAQ Installation](https://wordpress.org/documentation/article/faq-installation/).
-* Download the `.mo` language file for your language. The naming convention of the `.mo` files is based on the ISO-639 language code (e.g. _pt_ for Portuguese) followed by the ISO-3166 country code (e.g. _PT_ for Portugal or _BR_ for Brazil). So, the Brazilian Portuguese file would be called `pt_BR.mo`, and a non-specific Portuges file would be called `pt.mo`. Complete lists of codes can be found at [(country codes)](http://www.gnu.org/software/gettext/manual/html_chapter/gettext_16.html#Country-Codes) and [(language codes)](http://www.gnu.org/software/gettext/manual/html_chapter/gettext_16.html#Language-Codes).
+* Download the `.mo` language file for your language. The naming convention of the `.mo` files is based on the ISO-639 language code (e.g. _pt_ for Portuguese) followed by the ISO-3166 country code (e.g. _PT_ for Portugal or _BR_ for Brazil). So, the Brazilian Portuguese file would be called `pt_BR.mo`, and a non-specific Portuges file would be called `pt.mo`. Complete lists of codes can be found at [(country codes)](https://www.gnu.org/savannah-checkouts/gnu/gettext/manual/gettext.html#Country-Codes) and [(language codes)](https://www.gnu.org/savannah-checkouts/gnu/gettext/manual/gettext.html#Language-Codes).
## Setting the language for your site
diff --git a/debug/test-driving.md b/debug/test-driving.md
index 2eb4ad5b..32b011f5 100644
--- a/debug/test-driving.md
+++ b/debug/test-driving.md
@@ -111,13 +111,13 @@ This method is useful toward the end of testing as you can ask for people to tes
To hide your WordPress test folder from others, you can use the `.htaccess` file on an Apache web server. The `.htaccess` file is a file that stores server directives, instructions which tell the server what to do in specific situations. You could also use the Apache config file (httpd.conf) or other methods, but the `.htaccess` file can apply only to the folder in which the .htaccess file resides, and all the folders under that one, allowing you to restrict access to a specific folder.
-Remember, this will only work on servers that support `.htaccess`. If you are unsure that your server supports `.htaccess`, contact your hosting provider. You may or may not be able to do this depending upon the access permissions you have with your host server. You may need their assistance. If you are running your own server, or if your hosting provider is clue-free, consult the [AllowOverride documentation](http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride).
+Remember, this will only work on servers that support `.htaccess`. If you are unsure that your server supports `.htaccess`, contact your hosting provider. You may or may not be able to do this depending upon the access permissions you have with your host server. You may need their assistance. If you are running your own server, or if your hosting provider is clue-free, consult the [AllowOverride documentation](https://httpd.apache.org/docs/2.0/mod/core.html#allowoverride).
Using the `.htaccess` file, you need to provide instructions to tell the server to restrict or deny access to your WordPress test site. In the folder or directory in which WordPress is installed, do the following:
1. Using a text editor create a blank text file called `.htaccess`.
2. You need the following information:
-3. - The full path of a directory on your site server that is not accessible to the public (like http://example.com/public_html/ is accessible but http://example.com/private/ is not. Use the latter.
+3. - The full path of a directory on your site server that is not accessible to the public (like https://example.com/public_html/ is accessible but https://example.com/private/ is not. Use the latter.
4. - The name of the secured area such as “Enter Password” or “Secure Area” (this is not important, just simple).
5. In the file type the following, replacing /full/path/of/directory/ and Security Area with the above information: `AuthUserFile /full/path/of/directory/.htpasswd AuthName "Security Area" AuthType Basic require valid-user`
6. Save this .htaccess file and upload it to the directory on your server you want hidden and secured. This would be the installation directory for WordPress such as `/wordpress/` or `blog`.
@@ -128,12 +128,12 @@ Using the `.htaccess` file, you need to provide instructions to tell the server
When you are ready to open your site to the public and remove the protection, delete the password and `.htaccess` files from their locations.
-It is highly recommended that you remove the default ping URL to [Ping-o-Matic!](http://www.pingomatic.com/), otherwise your test posts will ping and your test blog will be made public though not accessible.
+It is highly recommended that you remove the default ping URL to [Ping-o-Matic!](https://pingomatic.com/), otherwise your test posts will ping and your test blog will be made public though not accessible.
### Htaccess Resources
-- [.htaccess files howto](http://httpd.apache.org/docs-2.0/howto/htaccess.html)
-- [Authentication, Authorization and Access Control](http://httpd.apache.org/docs-2.0/howto/auth.html)
+- [.htaccess files howto](https://httpd.apache.org/docs/2.0/howto/htaccess.html)
+- [Authentication, Authorization and Access Control](https://httpd.apache.org/docs/2.0/howto/auth.html)
## Installing WordPress on a Mac
@@ -143,9 +143,9 @@ Use these instruction for setting up a local server environment for testing and
## Installing WordPress on Your Windows Desktop
-In order for WordPress to work, it must have access to an Apache server, MySQL/MariaDB, and phpMyAdmin. Installing these separately can be painful. Luckily for us, [XAMPP](http://www.apachefriends.org/en/xampp-windows.html) installs all of these with one program, allowing you to run WordPress on your computer. There are two versions of the program, Basic and Lite. The Lite version is usually adequate.
+In order for WordPress to work, it must have access to an Apache server, MySQL/MariaDB, and phpMyAdmin. Installing these separately can be painful. Luckily for us, [XAMPP](https://www.apachefriends.org/download.html) installs all of these with one program, allowing you to run WordPress on your computer. There are two versions of the program, Basic and Lite. The Lite version is usually adequate.
-1. Download and install [XAMPP](http://www.apachefriends.org/en/xampp-windows.html).
+1. Download and install [XAMPP](https://www.apachefriends.org/download.html).
2. This installs by default into `C:/xampplite` or `C:\xampp`.
3. Start XAMPP from `c:\xampplite` or `c:\xampp`.
4. You may need to restart your computer to allow apache services to start.
@@ -178,7 +178,7 @@ With the help of XAMPP, you can install WordPress directly on your computer and
1. Access to your server database.
2. Ability to download your entire WordPress installation to your computer.
-3. [Basic XAMPP for Windows](http://www.apachefriends.org/en/xampp-windows.html)
+3. [Basic XAMPP for Windows](https://www.apachefriends.org/download.html)
4. Enough room on your hard drive to accommodate your database, WordPress installation, and XAMPP.
### Backup WordPress
@@ -246,7 +246,7 @@ define('DB_HOST', 'localhost'); // 99% chance you won't need to change this
Before you begin to import your SQL backup file, you need to change some information inside your `.SQL` file.
1. Using your text editor, open the `.sql` backup database file you downloaded.
-2. Find and replace all the instances of your old URL with your new URL. For instance if your blog address is at http://example.com/wordpress/, and your files on your computer are at `/htdocs/wordpress/`, replace it with http://127.0.0.1/wordpress/.
+2. Find and replace all the instances of your old URL with your new URL. For instance if your blog address is at https://example.com/wordpress/, and your files on your computer are at `/htdocs/wordpress/`, replace it with http://127.0.0.1/wordpress/.
3. Click **Save – Do not use Save as**.
@@ -268,8 +268,7 @@ WordPress should now function just as it did on the web. You do not need to use
Coming soon – how to move your test site from your computer back live onto your host server site.
### Resources
-- [Test themes on a live blog with Theme Test Drive](http://www.prelovac.com/vladimir/wordpress-plugins/theme-test-drive)
-- [qSandbox.com – Create a free WordPress test site to try (new) plugins and themes](http://qsandbox.com/)
+- [qSandbox.com – Create a free WordPress test site to try (new) plugins and themes](https://qsandbox.com/app/)
## Changelog
diff --git a/multisite/administration.md b/multisite/administration.md
index 7f39106b..9a2bc897 100644
--- a/multisite/administration.md
+++ b/multisite/administration.md
@@ -20,7 +20,7 @@ Also note that the `blog` prefix is not used for static pages which will be acce
Your first site on a fresh install will put uploaded files in the traditional location of `/wp-content/uploads/`, however all _subsequent_ sites on your network will be in the `/wp-content/uploads/sites/` folder, in their own subfolder based on the site number, designated by the database. These files will be accessible via that URL.
-This is a change from Multisite 3.0-3.4.2, where images of subsites were stored in `/wp-content/blogs.dir/` and were shown in http://example.com/files/ and http://example.com/sitename/files and so on. If you started with a Multisite install older than 3.5, it is _not_ an error if your images show with the URL of `/files/`.
+This is a change from Multisite 3.0-3.4.2, where images of subsites were stored in `/wp-content/blogs.dir/` and were shown in https://example.com/files/ and https://example.com/sitename/files and so on. If you started with a Multisite install older than 3.5, it is _not_ an error if your images show with the URL of `/files/`.
Regardless of WP version, these locations cannot be changed by site admins. Only the network admin can make changes on the site settings page. It is not recommended that you change these without understanding how both the `ms-files.php` works in conjunction with your `.htaccess`, as it can easily become non-functional. If the `/files/` urls aren't working, it's indicative of a misconfigured .htaccess or httpd.conf file on your server.
diff --git a/multisite/create-network.md b/multisite/create-network.md
index 03555bb3..7a5897e7 100644
--- a/multisite/create-network.md
+++ b/multisite/create-network.md
@@ -109,7 +109,7 @@ For help troubleshooting:
* [Hosting WordPress](https://wordpress.org/documentation/article/hosting-wordpress/)
* [Installing Multiple Blogs](https://developer.wordpress.org/advanced-administration/before-install/multiple-instances/)
-* [How to adapt my plugin to Multisite?](http://stackoverflow.com/questions/13960514/how-to-adapt-my-plugin-to-multisite/)
+* [How to adapt my plugin to Multisite?](https://stackoverflow.com/questions/13960514/how-to-adapt-my-plugin-to-multisite/)
## Changelog
diff --git a/multisite/prepare-network.md b/multisite/prepare-network.md
index 3d3f04a6..725536ab 100644
--- a/multisite/prepare-network.md
+++ b/multisite/prepare-network.md
@@ -55,7 +55,7 @@ Some server requirements depend on the type of multisite network you want to cre
### Domain-based {#domain-based}
-Also known as 'Subdomain' installs, a Domain-based network uses URLs like http://subsite.example.com
+Also known as 'Subdomain' installs, a Domain-based network uses URLs like https://subsite.example.com
A domain-based network maps different domain names to the same directory in the server's file system where WordPress is installed. You can do this in various ways, for example:
@@ -71,17 +71,17 @@ WordPress _should_ be run from the root of your webfolder (i.e. `public_html`)
External links:
-* [Wildcard DNS record](http://en.wikipedia.org/wiki/Wildcard_DNS_record) (Wikipedia)
-* [Apache Virtual Host](http://httpd.apache.org/docs/2.0/en/vhosts/) (Apache HTTP Server documentation)
+* [Wildcard DNS record](https://en.wikipedia.org/wiki/Wildcard_DNS_record) (Wikipedia)
+* [Apache Virtual Host](https://httpd.apache.org/docs/2.0/en/vhosts/) (Apache HTTP Server documentation)
* [cPanel Domains](https://documentation.cpanel.net/display/74Docs/cPanel+Features+List#DomainsTab) (cPanel documentation)
For some examples of how to configure wildcard subdomains on various systems, see: [Configuring Wildcard Subdomains](https://wordpress.org/documentation/article/configuring-wildcard-subdomains/)
### Path-based {#path-based}
-Also known as 'Subfolder' or 'Subdirectory' installs, a path-based network uses URLs like http://example.com/subsite
+Also known as 'Subfolder' or 'Subdirectory' installs, a path-based network uses URLs like https://example.com/subsite
-If you are using pretty permalinks in your site already, then a path-based network will work as well, and you do not need any of the other information in this section. That said, be aware that your main site will use the following URL pattern for posts: http://example.com/blog/[postformat]/
+If you are using pretty permalinks in your site already, then a path-based network will work as well, and you do not need any of the other information in this section. That said, be aware that your main site will use the following URL pattern for posts: https://example.com/blog/[postformat]/
At this time, you **cannot** remove the blog slug without manual configuration to the network options in a non-obvious place. It's not recommended.
diff --git a/performance/cache.md b/performance/cache.md
index f11d3d82..6a2d4260 100644
--- a/performance/cache.md
+++ b/performance/cache.md
@@ -16,7 +16,7 @@ If your posts/pages have a lot of dynamic content configuring caching can be mor
**Browser caching** can help to reduce server load by reducing the number of requests per page. For example, by setting the correct file headers on files that don't change (static files like images, CSS, JavaScript etc) browsers will then cache these files on your visitor's computer. This technique allows the browser to check to see if files have changed, instead of simply requesting them. The result is your web server can answer many more 304 responses, confirming that a file is unchanged, instead of 200 responses, which require the file to be sent.
-Look into HTTP Cache-Control (specifically **max-age**) and Expires headers, as well as [Entity Tags](http://en.wikipedia.org/wiki/HTTP_ETag) for more information.
+Look into HTTP Cache-Control (specifically **max-age**) and Expires headers, as well as [Entity Tags](https://en.wikipedia.org/wiki/HTTP_ETag) for more information.
## Object Caching {#object-caching}
@@ -37,8 +37,8 @@ Adding an opcode cache like [Opcache](https://www.php.net/manual/en/book.opcache
## Further Reading {#further-reading}
* [Core Caching Concepts in WordPress](https://www.tollmanz.com/core-caching-concepts-in-wordpress/)
-* [Best Practices for Speeding Up Your Web Site](http://developer.yahoo.com/performance/rules.html) – Expires / Cache-Control Header and ETags (by Yahoo! Developer Network)
-* [WebSiteOptimization.com: Use Server Cache Control to Improve Performance](http://www.websiteoptimization.com/speed/tweak/cache/)
+* [Best Practices for Speeding Up Your Web Site](https://developer.yahoo.com/performance/rules.html) – Expires / Cache-Control Header and ETags (by Yahoo! Developer Network)
+* [WebSiteOptimization.com: Use Server Cache Control to Improve Performance](https://www.websiteoptimization.com/speed/tweak/cache/)
## Changelog
diff --git a/plugins/mu-plugins.md b/plugins/mu-plugins.md
index 1ec7d568..bdf6d775 100644
--- a/plugins/mu-plugins.md
+++ b/plugins/mu-plugins.md
@@ -29,7 +29,7 @@ The code handling /mu-plugins/ was merged into the main WordPress code on 03/07/
In this process the name “mu plugins” became a misnomer because it did not apply exclusively to multisite installs and because “MU” was not even being used anymore to refer to WP installations with multiple blogs. Despite this, the name was kept and **re-interpreted to mean “must-use plugins”**, i.e. these are plugins that must always be used, thus they are autoloaded on all sites regardless of the settings in the Plugins pane of wp-admin.
-Thus “Must-Use” is effectively a [Backronym](http://en.wikipedia.org/wiki/Backronym), like [PHP](https://wordpress.org/documentation/article/wordpress-glossary/#PHP) (which originally meant “Personal Home Page” but was later re-interpreted as meaning “PHP Hypertext Preprocessor”, which is also a [Recursive Acronym](http://en.wikipedia.org/wiki/Recursive_acronym)).
+Thus “Must-Use” is effectively a [Backronym](https://en.wikipedia.org/wiki/Backronym), like [PHP](https://wordpress.org/documentation/article/wordpress-glossary/#PHP) (which originally meant “Personal Home Page” but was later re-interpreted as meaning “PHP Hypertext Preprocessor”, which is also a [Recursive Acronym](https://en.wikipedia.org/wiki/Recursive_acronym)).
## Source Code
* `get_mu_plugins()` is located in [wp-admin/includes/plugin.php](https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-admin/includes/plugin.php#L0).
diff --git a/resources/faq.md b/resources/faq.md
index deeb0edd..7b1084e5 100644
--- a/resources/faq.md
+++ b/resources/faq.md
@@ -188,7 +188,7 @@ For example, if you are adding the following in your post:
```
...an article about "Happiness" is at
-Happiness
+Happiness
if you would like to read it...
```
@@ -196,7 +196,7 @@ Is actually imported into the database looking like this:
```
...an article about \"Happiness\" is at
-Happiness
+Happiness
if you would like to read it...
```
diff --git a/resources/index.md b/resources/index.md
index 8a554cc2..48b4c5d7 100644
--- a/resources/index.md
+++ b/resources/index.md
@@ -40,8 +40,8 @@ Other than that, these are some solid resources for you to review:
- [W3 Schools](https://www.w3schools.com/cssref/default.asp)
- [MDN](https://developer.mozilla.org/en-US/docs/CSS)
-- [CSS Tricks](http://css-tricks.com/)
-- [CSS Zen Garden - the art of the possible in CSS](http://www.csszengarden.com/)
+- [CSS Tricks](https://css-tricks.com/)
+- [CSS Zen Garden - the art of the possible in CSS](https://www.csszengarden.com/)
- [CSS on A List Apart](https://alistapart.com/blog/topic/css/)
- [Flexbox Guide](https://duckduckgo.com/?q=css+tricks+flexbox&ia=web)
- [CSS Grid Guide](https://duckduckgo.com/?q=css+tricks+grid&ia=web)
@@ -56,10 +56,10 @@ Other than that, these are some solid resources for you to review:
## PHP
-- [PHP Language Reference](http://php.net/manual/en/langref.php)
-- [PHP Function Reference](http://php.net/manual/en/funcref.php)
+- [PHP Language Reference](https://www.php.net/manual/en/langref.php)
+- [PHP Function Reference](https://www.php.net/manual/en/funcref.php)
- [W3Schools PHP](https://www.w3schools.com/php/default.asp)
-- [PHP The Right Way](http://www.phptherightway.com/) is a high level review of modern PHP
+- [PHP The Right Way](https://phptherightway.com/) is a high level review of modern PHP
- [PHPDoc](https://www.phpdoc.org/docs/latest/index.html) for documenting your code
- [SitePoint's PHP resources](https://www.sitepoint.com/php/)
diff --git a/security/backup-database.md b/security/backup-database.md
index 027e383c..776b0f33 100644
--- a/security/backup-database.md
+++ b/security/backup-database.md
@@ -177,15 +177,15 @@ In addition to MySQL Workbench, there are many GUI tools that let you backup (ex
| Name | OS (Paid edition) | OS (Free edition) | |
|---|---|---|
-| [MySQL Workbench](http://www.mysql.com/products/workbench/) | Windows/Mac/Linux | Windows/Mac/Linux | See [above](https://developer.wordpress.org/advanced-administration/security/backup/database/#Using_MySQL_Workbench) |
-| [EMS SQL Management Studio for MySQL](http://sqlmanager.net/en/products/studio/mysql) | Windows | | |
-| [Aqua Data Studio](http://www.aquafold.com/) | Windows/Mac/Linux | Windows/Mac/Linux (14 days trial) | Available in 9 languages |
+| [MySQL Workbench](https://www.mysql.com/products/workbench/) | Windows/Mac/Linux | Windows/Mac/Linux | See [above](https://developer.wordpress.org/advanced-administration/security/backup/database/#Using_MySQL_Workbench) |
+| [EMS SQL Management Studio for MySQL](https://www.sqlmanager.net/products/mysql/studio) | Windows | | |
+| [Aqua Data Studio](https://www.aquafold.com/) | Windows/Mac/Linux | Windows/Mac/Linux (14 days trial) | Available in 9 languages |
| [Navicat for MySQL](https://www.navicat.com/en/products/navicat-for-mysql) | Windows/Mac/Linux | Windows/Mac/Linux (14 days trial) | Available in 8 languages |
-| [SQLyog](http://www.webyog.com/en/) | Windows | | |
+| [SQLyog](https://webyog.com/en/) | Windows | | |
| [Toad for MySQL](https://www.toadworld.com/) | | Windows | |
-| [HeidiSQL](http://www.heidisql.com/) | | Windows | |
-| [Sequel Pro](http://sequelpro.com/) | Mac | CocoaMySQL successor | |
-| [Querious](http://www.araelium.com/querious/) | | Mac | |
+| [HeidiSQL](https://www.heidisql.com/) | | Windows | |
+| [Sequel Pro](https://sequelpro.com/) | Mac | CocoaMySQL successor | |
+| [Querious](https://www.araelium.com/querious/) | | Mac | |
### Using WordPress Database Backup Plugin {#using-wordpress-database-backup-plugin}
diff --git a/security/backup-files.md b/security/backup-files.md
index 9d306b5b..09b634a4 100644
--- a/security/backup-files.md
+++ b/security/backup-files.md
@@ -31,7 +31,7 @@ Most website hosts provide software to back up your site. Check with your host t
**Create Synchs With Your Site**
-[WinSCP](http://winscp.net/eng/index.php) and other programs allow you to synchronize with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places.
+[WinSCP](https://winscp.net/eng/index.php) and other programs allow you to synchronize with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places.
#### Synchronize your files in WinScp {#synchronize-your-files-in-winscp}
diff --git a/security/backup.md b/security/backup.md
index 9d43b722..6ab9a590 100644
--- a/security/backup.md
+++ b/security/backup.md
@@ -64,7 +64,7 @@ Most website hosts provide software to back up your site. Check with your host t
**Create Sync With Your Site**
-[WinSCP](http://winscp.net/eng/index.php) and other programs allow you to sync with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places.
+[WinSCP](https://winscp.net/eng/index.php) and other programs allow you to sync with your website to keep a mirror copy of the content on your server and hard drive updated. It saves time and makes sure you have the latest files in both places.
**Copy Your Files to Your Desktop**
@@ -172,8 +172,8 @@ Various plugins exist to take automatic scheduled backups of your WordPress data
### Backup Resources
-* [FTP Backups](http://www.guyrutenberg.com/2010/02/28/improved-ftp-backup-for-wordpress/) – How to automate backing up to an FTP server
-* [Incremental Backups](http://www.guyrutenberg.com/2013/03/28/incremental-wordpress-backups-using-duply-duplicity/) – How to make encrypted incremental backups using duplicity
+* [FTP Backups](https://www.guyrutenberg.com/2010/02/28/improved-ftp-backup-for-wordpress/) – How to automate backing up to an FTP server
+* [Incremental Backups](https://www.guyrutenberg.com/2013/03/28/incremental-wordpress-backups-using-duply-duplicity/) – How to make encrypted incremental backups using duplicity
* [Using phpMyAdmin with WordPress](https://developer.wordpress.org/advanced-administration/upgrade/phpmyadmin/)
#### Backup Tools
diff --git a/security/brute-force.md b/security/brute-force.md
index 83625382..5527324e 100644
--- a/security/brute-force.md
+++ b/security/brute-force.md
@@ -28,7 +28,7 @@ You can also use the plugin [Change Username](https://wordpress.org/plugins/chan
#### Good Passwords {#good-passwords}
-The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed. Many [automatic password generators](http://www.google.com/?q=password+generator) are available that can be used to create secure passwords.
+The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed. Many [automatic password generators](https://www.google.com/?q=password+generator) are available that can be used to create secure passwords.
WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this when changing your password to ensure its strength is adequate.
@@ -62,7 +62,7 @@ You can have the 401 point to 401.html, but the point is to aim it at _not_ Word
For Nginx you can use the `error_page` directive but must supply an absolute url.
```
-error_page 401 http://example.com/forbidden.html;
+error_page 401 https://example.com/forbidden.html;
```
On IIS web servers you can use the `httpErrors` element in your web.config, set `errorMode="custom"`:
@@ -81,7 +81,7 @@ On IIS web servers you can use the `httpErrors` element in your web.config, set
Password protecting your wp-login.php file (and wp-admin folder) can add an extra layer to your server. Because password protecting wp-admin can break any plugin that uses ajax on the front end, it's usually sufficient to just protect wp-login.php.
-To do this, you will need to create a .htpasswd file. Many hosts have tools to do this for you, but if you have to do it manually, you can use this [htpasswd generator](http://www.htaccesstools.com/htpasswd-generator/). Much like your .htaccess file (which is a file that is only an extension), .htpasswd will also have no prefix.
+To do this, you will need to create a .htpasswd file. Many hosts have tools to do this for you, but if you have to do it manually, you can use this [htpasswd generator](https://hostingcanada.org/htpasswd-generator/). Much like your .htaccess file (which is a file that is only an extension), .htpasswd will also have no prefix.
You can either put this file outside of your public web folder (i.e. not in /public_html/ or /domain.com/, depending on your host), or you _can_ put it in the same folder, but you'll want to do some extra security work in your .htaccess file if you do.
@@ -105,7 +105,7 @@ Speaking of which, once you've uploaded the .htpasswd file, you need to tell .ht
The actual location of AuthUserFile depends on your server, and the 'require user' will change based on what username you pick.
-If you are using Nginx you can password protect your wp-login.php file using the [HttpAuthBasicModule](http://wiki.nginx.org/HttpAuthBasicModule). This block should be inside your server block.
+If you are using Nginx you can password protect your wp-login.php file using the [HttpAuthBasicModule](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html). This block should be inside your server block.
```
location /wp-login.php {
@@ -126,7 +126,7 @@ user3:pass3
Unfortunately there is no easy way of configuring a password protected wp-login.php on Windows Server IIS. If you use a .htaccess processor like Helicon Ape, you can use the .htaccess example mentioned above. Otherwise you'd have to ask your hosting provider to set up Basic Authentication.
-All passwords must be encoded by function `crypt(3)`. You can use an online [htpasswd generator](http://www.htaccesstools.com/htpasswd-generator/) to encrypt your password.
+All passwords must be encoded by function `crypt(3)`. You can use an online [htpasswd generator](https://hostingcanada.org/htpasswd-generator/) to encrypt your password.
#### Throttle Multiple Login Attempts
@@ -142,7 +142,7 @@ If you are the only person who needs to login to your Admin area and you have a
**Note:** Beware your ISP or computer may be changing your IP address frequently, this is called dynamic IP addressing, rather than fixed IP addressing. This could be used for a variety of reasons, such as saving money. If you suspect this to be the case, find out out how change your computer's settings, or contact your ISP to obtain a fixed address, in order to use this procedure.
-In all examples you have to replace 203.0.113.15 with your IP address. Your Internet Provider can help you to establish your IP address. Or you can use an online service such as [What Is My IP](http://www.whatismyip.com/).
+In all examples you have to replace 203.0.113.15 with your IP address. Your Internet Provider can help you to establish your IP address. Or you can use an online service such as [What Is My IP](https://www.whatismyip.com/).
Examples for multiple IP addresses are also provided. They're ideal if you use more than one internet provider, if you have a small pool of IP addresses or when you have a couple of people that are allowed access to your site's Dashboard.
@@ -193,7 +193,7 @@ If you want to add more than one IP address, you can use:
For Nginx you can add a location block inside your server block that works the same as the Apache example above.
```
-error_page 403 http://example.com/forbidden.html;
+error_page 403 https://example.com/forbidden.html;
location /wp-login.php {
allow 203.0.113.15
# or for the entire network:
@@ -233,7 +233,7 @@ Extended from [Combatting Comment Spam](https://codex.wordpress.org/Combating_Co
RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
- RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L]
+ RewriteRule (.*) https://%{REMOTE_ADDR}/$1 [R=301,L]
```
@@ -241,7 +241,7 @@ Nginx – Deny Access to No Referrer Requests
```
location ~* (wp-comments-posts|wp-login)\\.php$ {
- if ($http_referer !~ ^(http://example.com) ) {
+ if ($http_referer !~ ^(https://example.com) ) {
return 405;
}
}
@@ -265,7 +265,7 @@ Change example.com to your domain. If you're using Multisite with mapped domains
#### ModSecurity {#modsecurity}
-If you use ModSecurity, you can follow the advice from [Frameloss – Stopping brute force logins against WordPress](http://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/). This requires root level access to your server, and may need the assistance of your webhost.
+If you use ModSecurity, you can follow the advice from [Frameloss – Stopping brute force logins against WordPress](https://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/). This requires root level access to your server, and may need the assistance of your webhost.
If you're using ModSecurity 2.7.3, you can add the rules into your .htaccess file instead.
@@ -291,11 +291,9 @@ Services like CloudFlare and Sucuri CloudProxy can also help mitigate these atta
### See Also {#see-also}
-* [Sucuri: Protecting Against WordPress Brute Force Attacks](http://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html)
+* [Sucuri: Protecting Against WordPress Brute Force Attacks](https://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html)
* [How to: Protect WordPress from brute-force XML-RPC attacks](https://www.saotn.org/how-to-wordpress-protection-from-brute-force-xml-rpc-attacks/)
-* [Liquid Web: ModSecurity Rules To Alleviate Brute Force Attacks](http://kb.liquidweb.com/wordpress-modsecurity-rules/)
-* [HostGator: Password Protecting wp-login](http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack)
-* [Stopping Brute-force Logins](http://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/)
+* [Liquid Web: ModSecurity Rules To Alleviate Brute Force Attacks](https://www.liquidweb.com/kb/wordpress-modsecurity-rules/)
* [Swiss Army Knife for WordPress (SAK4WP)](https://github.com/orbisius/sak4wp/) – Free Open Source Tool that can help you protect your wp-login.php and /wp-admin/ but not /wp-admin/admin-ajax.php with one click and much more
## Changelog
diff --git a/security/hardening.md b/security/hardening.md
index ad4a86d9..b407f7bd 100644
--- a/security/hardening.md
+++ b/security/hardening.md
@@ -10,7 +10,7 @@ Fundamentally, security _is not_ about perfectly secure systems. Such a thing mi
**Website Hosts**
-Often, a good place to start when it comes to website security is your hosting environment. Today, there are a number of options available to you, and while hosts offer security to a certain level, it's important to understand where their responsibility ends and yours begins. Here is a good article explaining the complicated dynamic between [web hosts and the security of your website](http://perezbox.com/2014/11/how-hosts-manage-your-website-security/). A secure server protects the privacy, integrity, and availability of the resources under the server administrator's control.
+Often, a good place to start when it comes to website security is your hosting environment. Today, there are a number of options available to you, and while hosts offer security to a certain level, it's important to understand where their responsibility ends and yours begins. Here is a good article explaining the complicated dynamic between [web hosts and the security of your website](https://perezbox.com/2014/11/how-hosts-manage-your-website-security/). A secure server protects the privacy, integrity, and availability of the resources under the server administrator's control.
Qualities of a trusted web host might include:
@@ -44,7 +44,7 @@ Keeping backups and knowing the state of your WordPress installation at regular
**Trusted Sources**
-Do not get plugins/themes from untrusted sources. Restrict yourself to the WordPress.org repository or well known companies. Trying to get plugins/themes from the outside [may lead to issues](http://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html).
+Do not get plugins/themes from untrusted sources. Restrict yourself to the WordPress.org repository or well known companies. Trying to get plugins/themes from the outside [may lead to issues](https://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html).
### Vulnerabilities on Your Computer {#vulnerabilities-on-your-computer}
@@ -90,7 +90,7 @@ Your web host should be making sure that their network is not compromised by att
Many potential vulnerabilities can be avoided with good security habits. A strong password is an important aspect of this.
-The goal with your password is to make it hard for other people to guess and hard for a [brute force attack](https://developer.wordpress.org/advanced-administration/security/brute-force/) to succeed. Many [automatic password generators](http://www.google.com/?q=password+generator) are available that can be used to create secure passwords.
+The goal with your password is to make it hard for other people to guess and hard for a [brute force attack](https://developer.wordpress.org/advanced-administration/security/brute-force/) to succeed. Many [automatic password generators](https://www.google.com/?q=password+generator) are available that can be used to create secure passwords.
WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this when changing your password to ensure its strength is adequate.
@@ -173,7 +173,7 @@ When you tell WordPress to perform an automatic update, all file operations are
If you run multiple blogs on the same server, it is wise to consider keeping them in separate databases each managed by a different user. This is best accomplished when performing the initial [WordPress installation](https://developer.wordpress.org/advanced-administration/before-install/howto-install/). This is a containment strategy: if an intruder successfully cracks one WordPress installation, this makes it that much harder to alter your other blogs.
-If you administer MySQL yourself, ensure that you understand your MySQL configuration and that unneeded features (such as accepting remote TCP connections) are disabled. See [Secure MySQL Database Design](http://www.securityfocus.com/infocus/1667) for a nice introduction.
+If you administer MySQL yourself, ensure that you understand your MySQL configuration and that unneeded features (such as accepting remote TCP connections) are disabled. See [Secure MySQL Database Design](https://www.securityfocus.com/infocus/1667) for a nice introduction.
#### Restricting Database User Privileges {#restricting-database-user-privileges}
@@ -187,7 +187,7 @@ Therefore any other database structure and administration privileges, such as DR
### Securing wp-admin {#securing-wp-admin}
-Adding server-side password protection (such as [BasicAuth](http://en.wikipedia.org/wiki/Basic_access_authentication)) to `/wp-admin/` adds a second layer of protection around your blog's admin area, the login screen, and your files. This forces an attacker or bot to attack this second layer of protection instead of your actual admin files. Many WordPress attacks are carried out autonomously by malicious software bots.
+Adding server-side password protection (such as [BasicAuth](https://en.wikipedia.org/wiki/Basic_access_authentication)) to `/wp-admin/` adds a second layer of protection around your blog's admin area, the login screen, and your files. This forces an attacker or bot to attack this second layer of protection instead of your actual admin files. Many WordPress attacks are carried out autonomously by malicious software bots.
Simply securing the `wp-admin/` directory might also break some WordPress functionality, such as the AJAX handler at `wp-admin/admin-ajax.php`. See the [Resources](https://developer.wordpress.org/advanced-administration/resources/) section for more documentation on how to password protect your `wp-admin/` directory properly.
@@ -222,7 +222,7 @@ Note that this won't work well on Multisite, as `RewriteRule ^wp-includes/[^/]+\
You can move the `wp-config.php` file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store `wp-config.php` outside the web-root folder.
-**Note:** Some people assert that [moving wp-config.php has minimal security benefits](http://wordpress.stackexchange.com/q/58391/3898) and, if not done carefully, may actually introduce serious vulnerabilities. [Others disagree](http://wordpress.stackexchange.com/a/74972/24425).
+**Note:** Some people assert that [moving wp-config.php has minimal security benefits](https://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial) and, if not done carefully, may actually introduce serious vulnerabilities. [Others disagree](https://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial/74972#74972).
Note that `wp-config.php` can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission).
@@ -256,7 +256,7 @@ file and restricting some access at the Apache level, before it is processed by
Besides plugins, you can also install a WAF (web firewall) at your web server to filter content before it is processed by WordPress. The most popular open source WAF is ModSecurity.
-A website firewall can also be added as intermediary between the traffic from the internet and your hosting server. These services all function as reverse proxies, in which they accept the initial requests and reroute them to your server, stripping it of all malicious requests. They accomplish this by modifying your DNS records, via an A record or full DNS swap, allowing all traffic to pass through the new network first. This causes all traffic to be filtered by the firewall before reaching your site. A few companies offer such service, like [CloudFlare](http://cloudflare.com), [Sucuri](https://sucuri.net/wordpress-security/) and [Incapsula](http://www.incapsula.com).
+A website firewall can also be added as intermediary between the traffic from the internet and your hosting server. These services all function as reverse proxies, in which they accept the initial requests and reroute them to your server, stripping it of all malicious requests. They accomplish this by modifying your DNS records, via an A record or full DNS swap, allowing all traffic to pass through the new network first. This causes all traffic to be filtered by the firewall before reaching your site. A few companies offer such service, like [CloudFlare](https://www.cloudflare.com/), [Sucuri](https://sucuri.net/wordpress-security/) and [Incapsula](https://www.imperva.com/).
Additionally, these third parties service providers function as Content Distribution Network (CDNs) by default, introducing performance optimization and global reach.
@@ -272,7 +272,7 @@ A way to avoid using such a plugin is to use [custom page templates](https://wor
### Security through obscurity {#security-through-obscurity}
-[Security through obscurity](http://en.wikipedia.org/wiki/Security_through_obscurity) is generally an unsound primary strategy. However, there are areas in WordPress where obscuring information _might_ help with security:
+[Security through obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) is generally an unsound primary strategy. However, there are areas in WordPress where obscuring information _might_ help with security:
1. **Rename the administrative account:** When creating an administrative account, avoid easily guessed terms such as `admin` or `webmaster` as usernames because they are typically subject to attacks first. On an existing WordPress install you may rename the existing account in the MySQL command-line client with a command like:
```
@@ -305,11 +305,11 @@ Sometimes prevention is not enough and you may still be hacked. That's why intru
#### Monitoring your logs {#monitoring-your-logs}
-If you are on a dedicated or virtual private server, in which you have the luxury of root access, you have the ability easily configure things so that you can see what's going on. [OSSEC](http://www.ossec.net) easily facilitates this and here is a little write up that might help you out [OSSEC for Website Security – Part I](https://perezbox.com/2013/03/ossec-for-website-security-part-i/).
+If you are on a dedicated or virtual private server, in which you have the luxury of root access, you have the ability easily configure things so that you can see what's going on. [OSSEC](https://www.ossec.net/) easily facilitates this and here is a little write up that might help you out [OSSEC for Website Security – Part I](https://perezbox.com/2013/03/ossec-for-website-security-part-i/).
#### Monitoring your files for changes {#monitoring-your-files-for-changes}
-When an attack happens, it always leave traces. Either on the logs or on the file system (new files, modified files, etc). If you are using [OSSEC](http://www.ossec.net) for example, it will monitor your files and alert you when they change.
+When an attack happens, it always leave traces. Either on the logs or on the file system (new files, modified files, etc). If you are using [OSSEC](https://www.ossec.net/) for example, it will monitor your files and alert you when they change.
##### Goals {#goals}
@@ -332,11 +332,11 @@ Administrators can monitor file system via general technologies such as:
Options for file system monitoring include:
-* [diff](http://en.wikipedia.org/wiki/Diff_utility) – build clean test copy of your site and compare against production
-* [Git](http://git-scm.com/) – source code management
-* [inotify](https://en.wikipedia.org/wiki/Inotify) and [incron](http://inotify.aiken.cz/?section=incron&page=doc&lang=en) – OS kernel level file monitoring service that can run commands on filesystem events
+* [diff](https://en.wikipedia.org/wiki/Diff_utility) – build clean test copy of your site and compare against production
+* [Git](https://git-scm.com/) – source code management
+* [inotify](https://en.wikipedia.org/wiki/Inotify) and [incron](https://inotify.aiken.cz/?section=incron&page=doc&lang=en) – OS kernel level file monitoring service that can run commands on filesystem events
* [Watcher](https://github.com/gregghz/Watcher/blob/master/jobs.yml) – Python inotify library
-* [OSSEC](http://ossec.net) – Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
+* [OSSEC](https://www.ossec.net/) – Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
##### Considerations {#considerations}
@@ -364,16 +364,16 @@ If the attacker tries to deface your site or add malware, you can also detect th
### Resources {#resources}
-* [How to Improve WordPress Security (Infographic)](http://yourescapefrom9to5.com/wordpress-security-infographic)
+* [How to Improve WordPress Security (Infographic)](https://yourescapefrom9to5.com/wordpress-security-infographic)
* [Security Plugins](https://wordpress.org/plugins/tags/security)
-* [WordPress Security Cutting Through the BS](http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html)
-* [e-Book: Locking Down WordPress](http://build.codepoet.com/2012/07/10/locking-down-wordpress/)
-* [wpsecure.net has a few guides on how to lock down WordPress.](http://wpsecure.net/basics/)
-* [A Beginners Guide to Hardening WordPress](http://makeawebsitehub.com/wordpress-security/)
-* [Brad Williams: Lock it Up (Video)](http://wordpress.tv/2010/01/23/brad-williams-security-boston10/)
+* [WordPress Security Cutting Through the BS](https://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html)
+* [e-Book: Locking Down WordPress](https://build.codepoet.com/2012/07/10/locking-down-wordpress/)
+* [wpsecure.net has a few guides on how to lock down WordPress.](https://wpsecure.net/basics/)
+* [A Beginners Guide to Hardening WordPress](https://makeawebsitehub.com/wordpress-security/)
+* [Brad Williams: Lock it Up (Video)](https://wordpress.tv/2010/01/23/brad-williams-security-boston10/)
* [21 Ways to Secure Your WordPress Site](https://hostingfacts.com/how-to-secure-wordpress/)
-* [Official docs on how to password protect directories with an .htaccess file](http://httpd.apache.org/docs/2.2/howto/auth.html)
-* [Simple tutorial on how to password protect the WordPress admin area and fix the 404 error](http://www.wpbeginner.com/wp-tutorials/how-to-password-protect-your-wordpress-admin-wp-admin-directory/)
+* [Official docs on how to password protect directories with an .htaccess file](https://httpd.apache.org/docs/2.2/howto/auth.html)
+* [Simple tutorial on how to password protect the WordPress admin area and fix the 404 error](https://www.wpbeginner.com/wp-tutorials/how-to-password-protect-your-wordpress-admin-wp-admin-directory/)
### See Also {#see-also}
diff --git a/security/https.md b/security/https.md
index b548da2f..05f031ad 100644
--- a/security/https.md
+++ b/security/https.md
@@ -72,11 +72,11 @@ The following guide is for WordPress 1.5 and Apache running `mod_rewrite`, using
You need a (virtual) host configured for the secure server in addition to the non-secure site. In this example, the secure virtual host uses the same `DocumentRoot` as the insecure host. Hypothetically, you could use a host with a different name, such as wpadmin.mysite.com and link the document root to the wpadmin directory.
-Please ask your ISP to set up a secure virtual host for you, or if you have administrative access set up your own. Note that [you cannot use name based virtual hosting to identify different SSL servers](http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2).
+Please ask your ISP to set up a secure virtual host for you, or if you have administrative access set up your own. Note that [you cannot use name based virtual hosting to identify different SSL servers](https://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2).
**Rewrite Rules For The Insecure Host**
-In the `.htaccess` or virtual host stanza in `httpd.conf` for your insecure host, add this rewrite rule to automatically go to the secure host when you browse to http://example.com/wp-admin/ or http://example.com/wp-login.php
+In the `.htaccess` or virtual host stanza in `httpd.conf` for your insecure host, add this rewrite rule to automatically go to the secure host when you browse to https://example.com/wp-admin/ or https://example.com/wp-login.php
This should go above the main wordpress rewrite block.
@@ -98,7 +98,7 @@ The secure virtual host should have two rewrite rules in an .htaccess file or in
```
RewriteRule !^/wp-admin/(.*) - [C]
-RewriteRule ^/(.*) http://www.example.com/$1 [QSA,L]
+RewriteRule ^/(.*) https://www.example.com/$1 [QSA,L]
```
The first rule excludes the wp-admin directory from the next rule, which shuffles traffic to the secure site over to the insecure site, to keep things nice and seamless for your audience.
@@ -125,7 +125,7 @@ NOTE: The below config is not 100% compatible with WordPress 2.8+, WordPress 2.8
RewriteEngine On
RewriteRule !^/wp-(admin|includes)/(.*) - [C]
- RewriteRule ^/(.*) http://www.example.com/$1 [QSA,L]
+ RewriteRule ^/(.*) https://www.example.com/$1 [QSA,L]
@@ -182,7 +182,7 @@ RewriteBase /
# For a site running on port 443 or else (http over ssl)
RewriteCond %{SERVER_PORT} !^80$
RewriteRule !^wp-(admin|login|register)(.*) - [C]
-RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [L]
+RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L]
# For a site running on port 80 (http)
RewriteCond %{SERVER_PORT} ^80$
@@ -219,7 +219,7 @@ More testing, preferably with a packet sniffer and some hardcore network analysi
#### Limitations {#limitations}
-The author assumes (but hasn't checked) that if the user has stored cookies/told their browser to remember passwords (not based on form fields but if using certain external auth mechanism) and hits http://www.example.com/wp-admin/, those packets are sent in the clear and the cookie/auth headers could be intercepted. Therefore, to ensure maximum security, the user should explicitly use the https host or always log in at the beginning of new sessions.
+The author assumes (but hasn't checked) that if the user has stored cookies/told their browser to remember passwords (not based on form fields but if using certain external auth mechanism) and hits https://www.example.com/wp-admin/, those packets are sent in the clear and the cookie/auth headers could be intercepted. Therefore, to ensure maximum security, the user should explicitly use the https host or always log in at the beginning of new sessions.
## Changelog
diff --git a/security/mfa.md b/security/mfa.md
index dfd56725..6bca9296 100644
--- a/security/mfa.md
+++ b/security/mfa.md
@@ -30,7 +30,7 @@ Modern two-step authentication more frequently relies on a user's smartphone tha
**Something You Know**
-The most familiar form of authentication is the knowledge factor, or password. As old as [Open Sesame](http://en.wikipedia.org/wiki/Open_Sesame_(phrase)), passwords have long been a standard for anonymous authentication. In order for a knowledge factor to work, both parties need to know the password, but other parties must not be able to find or guess it.
+The most familiar form of authentication is the knowledge factor, or password. As old as [Open Sesame](https://en.wikipedia.org/wiki/Open_sesame), passwords have long been a standard for anonymous authentication. In order for a knowledge factor to work, both parties need to know the password, but other parties must not be able to find or guess it.
The first challenge is in exchanging the password with the trusted party safely. On the web, when you register for a new site, your password needs to be sent to that site's servers and might be intercepted in the process (which is why you should always check for SSL when registering or logging in — [HTTPS](https://developer.wordpress.org/advanced-administration/security/https/)).
@@ -40,7 +40,7 @@ Finally, the password needs to be verified. When a user visits the site, they ne
#### Benefits {#benefits}
-There are a lot of different places to increase the security of a site, but the WordPress Security Team [has said](http://vip.wordpress.com/security/) that "The weakest link in the security of anything you do online is your password," so it makes sense to put energy into strengthening that aspect of your site.
+There are a lot of different places to increase the security of a site, but the WordPress Security Team [has said](https://wpvip.com/security/) that "The weakest link in the security of anything you do online is your password," so it makes sense to put energy into strengthening that aspect of your site.
#### Drawbacks {#drawbacks}
diff --git a/server/file-permissions.md b/server/file-permissions.md
index 660501e0..21df82bb 100644
--- a/server/file-permissions.md
+++ b/server/file-permissions.md
@@ -104,11 +104,11 @@ In this specific type setup, WordPress will detect that it can directly create f
Popular methods used by sysadmins for this setup are:
-* [suPHP](http://www.suphp.org/Home.html), runs through php-cgi, currently unmaintained since 2013.
+* [suPHP](https://smarsching.github.io/suphp/Home.html), runs through php-cgi, currently unmaintained since 2013.
* [mod_ruid2](https://github.com/mind04/mod-ruid2), apache module, currently unmaintained since 2013.
* [mpm-itk](http://mpm-itk.sesse.net/), apache module.
-* [mod_fcgid](http://httpd.apache.org/mod_fcgid/), an Apache module and FastCGI server with more extensive configuration.
-* [PHP-FPM](http://php-fpm.org/), an alternative FastCGI server with shared OPCode, for use with Apache and Nginx.
+* [mod_fcgid](https://httpd.apache.org/mod_fcgid/), an Apache module and FastCGI server with more extensive configuration.
+* [PHP-FPM](https://php-fpm.org/), an alternative FastCGI server with shared OPCode, for use with Apache and Nginx.
## Using an FTP Client
@@ -136,7 +136,7 @@ You can now see that the file permissions have been changed.
### Unhide the hidden files
-By default, most [FTP Clients](https://developer.wordpress.org/advanced-administration/upgrade/ftp/), including [FileZilla](http://filezilla.sourceforge.net/), keep hidden files, those files beginning with a period (.), from being displayed. But, at some point, you may need to see your hidden files so that you can change the permissions on that file. For example, you may need to make your [.htaccess](https://wordpress.org/documentation/article/glossary#htaccess) file, the file that controls [permalinks](https://wordpress.org/documentation/article/using-permalinks/), writeable.
+By default, most [FTP Clients](https://developer.wordpress.org/advanced-administration/upgrade/ftp/), including [FileZilla](https://sourceforge.net/projects/filezilla/), keep hidden files, those files beginning with a period (.), from being displayed. But, at some point, you may need to see your hidden files so that you can change the permissions on that file. For example, you may need to make your [.htaccess](https://wordpress.org/documentation/article/glossary#htaccess) file, the file that controls [permalinks](https://wordpress.org/documentation/article/using-permalinks/), writeable.
To display hidden files in FileZilla, in it is necessary to select 'View' from the top menu, then select 'Show hidden files'. The screen display of files will refresh and any previously hidden file should come into view.
diff --git a/server/nginx.md b/server/nginx.md
index 15d781ab..e705a782 100644
--- a/server/nginx.md
+++ b/server/nginx.md
@@ -10,7 +10,7 @@ When talking about Nginx, it is important to know that there are multiple ways t
- Pretty Permalinks functionality is slightly different when running Nginx.
- Since Nginx does not have .htaccess-type capability and WordPress cannot automatically modify the server configuration for you, it cannot generate the rewrite rules for you.
- Without modifications to your install, “index.php” will be added to your Permalinks. (There are ways to mitigate this with plugins (see below) and/or adding custom code to your child theme’s functions.php.)
-- However, if you do want to have some (limited) .htaccess capability, it is technically possible to do add by installing the [htscanner PECL extension for PHP](http://php.net/manual/en/book.htscanner.php). (However, this is not a perfect solution so be sure to test and debug thoroughly before using on a live site.)
+- However, if you do want to have some (limited) .htaccess capability, it is technically possible to do add by installing the [htscanner PECL extension for PHP](https://www.php.net/manual/en/book.htscanner.php). (However, this is not a perfect solution so be sure to test and debug thoroughly before using on a live site.)
This guide is not going to cover how to install and configure Nginx, so this assumes that you have already installed Nginx and have a basic understanding of how to work with and debug it.
@@ -71,7 +71,7 @@ http {
### Per Site configuration
```
-# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil
+# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
server {
server_name _;
@@ -608,26 +608,24 @@ A typo in [Global restrictions file](https://developer.wordpress.org/advanced-ad
### External Links
-- [Nginx WordPress wiki page](http://wiki.nginx.org/WordPress)
-- [Nginx Full Example](http://wiki.nginx.org/FullExample)
-- [Nginx Full Example 2](http://wiki.nginx.org/FullExample2)
-- [LEMP guides on Linode’s Library](http://library.linode.com/lemp-guides/)
-- [Various guides about Nginx on Linode’s Library](http://library.linode.com/web-servers/nginx/)
-- [Lightning fast WordPress with Php-fpm and Nginx](http://www.sitepoint.com/lightning-fast-wordpress-with-php-fpm-and-nginx/)
-- [Virtual Hosts Examples](http://wiki.nginx.org/VirtualHostExample)
-- [List of 20+ WordPress-Nginx Tutorials for common situations](http://rtcamp.com/wordpress-nginx/tutorials/)
-- [An introduction to Nginx configuration](http://blog.martinfjordvald.com/2010/07/nginx-primer/)
+- [Nginx WordPress wiki page](https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/)
+- [LEMP guides on Linode’s Library](https://www.linode.com/docs/guides/web-servers/lemp/)
+- [Various guides about Nginx on Linode’s Library](https://www.linode.com/docs/guides/web-servers/nginx/)
+- [Lightning fast WordPress with Php-fpm and Nginx](https://www.sitepoint.com/lightning-fast-wordpress-with-php-fpm-and-nginx/)
+- [Virtual Hosts Examples](https://wiki.nginx.org/VirtualHostExample)
+- [List of 20+ WordPress-Nginx Tutorials for common situations](https://rtcamp.com/wordpress-nginx/tutorials/)
+- [An introduction to Nginx configuration](https://blog.martinfjordvald.com/nginx-primer/)
- [A comprehensive blog series on hosting WordPress yourself using Nginx](https://deliciousbrains.com/hosting-wordpress-setup-secure-virtual-server/)
-- [WordPress Installation CentminMod](http://centminmod.com/nginx_configure_wordpress.html)
+- [WordPress Installation CentminMod](https://centminmod.com/nginx_configure_wordpress.html)
- [Nginx WordPress Installation Guide](https://thecustomizewindows.com/2015/12/nginx-wordpress-installation-guide-steps/)
### Scripts & Tools
-For WordPress Nginx scripted installation [CentminMod](http://centminmod.com/nginx_configure_wordpress.html) can be used for CentOS.
+For WordPress Nginx scripted installation [CentminMod](https://centminmod.com/nginx_configure_wordpress.html) can be used for CentOS.
### Securing Nginx
-- [Securing Nginx and PHP](http://kbeezie.com/view/securing-nginx-php/)
+- [Securing Nginx and PHP](http://kbeezie.com/securing-nginx-php/)
- [Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration!](https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/)
## Changelog
diff --git a/server/server-info.md b/server/server-info.md
index 7472b5ee..b26ef11d 100644
--- a/server/server-info.md
+++ b/server/server-info.md
@@ -23,7 +23,7 @@ Make sure there are no spaces before or after the command, just the command, and
Upload the file to the root directory of your site. Then type in the address to the file in your browser:
```
-http://example.com/sffdsajk234.php
+https://example.com/sffdsajk234.php
```
The result will be several pages long and it will contain a ton of information. Though your data may be in a different order, for the most part, you just need the summary items that lists things like this:
@@ -40,8 +40,8 @@ That’s it. Make sure you remember to delete the file once you’re done with i
## Information and Resources
-- [PHP.net’s phpinfo Manual](http://us3.php.net/phpinfo)
-- [Zend’s PHP Manual on phpinfo](http://www.zend.com/manual/function.phpinfo.php)
+- [PHP.net’s phpinfo Manual](https://www.php.net/phpinfo)
+- [Zend’s PHP Manual on phpinfo](https://www.zend.com/manual/function.phpinfo.php)
- [WordPress Environment PHP library](https://github.com/abelcallejo/wordpress-environment)
## Changelog
diff --git a/server/subdomains-wildcard.md b/server/subdomains-wildcard.md
index 7bbfdd54..7a612cd1 100644
--- a/server/subdomains-wildcard.md
+++ b/server/subdomains-wildcard.md
@@ -42,7 +42,7 @@ ServerAlias *.|DOMAIN|
_If you ever need to un-do a custom Httpd: return here, delete text from input area, save._
-- DirectAdmin.com: [Apache Wildcard Documentation](https://help.directadmin.com/item.php?id=127). DirectAdmin.com forum: [WordPress wildcard subdomains](http://www.directadmin.com/forum/showthread.php?p=195033).
+- DirectAdmin.com: [Apache Wildcard Documentation](https://help.directadmin.com/item.php?id=127). DirectAdmin.com forum: [WordPress wildcard subdomains](https://forum.directadmin.com/threads/wildcard-subdomains-yea-i-know-its-a-common-one.29074/#post-195033).
## Amazon Web Services {#amazon-web-services}
diff --git a/server/wordpress-in-directory.md b/server/wordpress-in-directory.md
index c9a9caf3..a0cc6850 100644
--- a/server/wordpress-in-directory.md
+++ b/server/wordpress-in-directory.md
@@ -41,14 +41,14 @@ _(p.s. If you've already installed WP in subdirectory, some steps might be alrea
1. Create the new location for the core WordPress files to be stored (we will use `/wordpress` in our examples). (On linux, use `mkdir wordpress` from your `www` directory. You'll probably want to use `chown apache:apache` on the `wordpress` directory you created.)
2. Go to the [General](https://wordpress.org/documentation/article/administration-screens/#settings-configuration-settings) Screen.
-3. In **WordPress address (URL):** set the address of your main WordPress core files. Example: http://example.com/wordpress
-4. In **Site address (URL):** set root directory's URL. Example: http://example.com
+3. In **WordPress address (URL):** set the address of your main WordPress core files. Example: https://example.com/wordpress
+4. In **Site address (URL):** set root directory's URL. Example: https://example.com
5. Click **Save Changes**. (Do not worry about the errors that happen now! Continue reading)
6. Now move your WordPress core files (from root directory) to the subdirectory.
7. Copy (NOT MOVE!) the `index.php` and `.htaccess` files from the WordPress directory into the root directory of your site (Blog address). The `.htaccess` file is invisible, so you may have to set your FTP client to [show hidden files](https://developer.wordpress.org/advanced-administration/server/file-permissions/#Unhide_the_hidden_files). If you are not using [pretty permalinks](https://wordpress.org/documentation/article/using-permalinks/#using-pretty-permalinks), then you may not have a .`htaccess` file. _**If you are running WordPress on a Windows (IIS) server** and are using pretty permalinks, you'll have a `web.config` rather than a `.htaccess` file in your WordPress directory. For the `index.php` file the instructions remain the same, copy (don't move) the index.php file to your root directory. The `web.config` file, must be treated differently than the `.htaccess` file so you must MOVE (DON'T COPY) the `web.config` file to your root directory._
8. Open your root directory's `index.php` file in a [text editor](https://wordpress.org/documentation/article/glossary#text-editor)
9. Change the following and save the file. Change the line that says:`require dirname( __FILE__ ) . '/wp-blog-header.php';`to the following, using your directory name for the WordPress core files: `require dirname( __FILE__ ) . '/wordpress/wp-blog-header.php';`
-10. Login to the new location. It might now be http://example.com/wordpress/wp-admin/
+10. Login to the new location. It might now be https://example.com/wordpress/wp-admin/
11. If you have set up [Permalinks](https://wordpress.org/documentation/article/using-permalinks/), go to the [Permalinks Screen](https://wordpress.org/documentation/article/administration-screens/#permalinks) and update your Permalink structure. WordPress will automatically update your `.htaccess` file if it has the appropriate file permissions. If WordPress can't write to your `.htaccess` file, it will display the new rewrite rules to you, which you should manually copy into your `.htaccess` file (in the same directory as the main `index.php` file.)
### .htaccess modification
diff --git a/upgrade/filezilla.md b/upgrade/filezilla.md
index c9b7f4ca..7bc9cdc1 100644
--- a/upgrade/filezilla.md
+++ b/upgrade/filezilla.md
@@ -16,7 +16,7 @@ It's fast, stable, easy to use, and free. FTP is a standard way to upload or dow
You will need the following details regarding the FTP account on your server:
-1. Your website FTP address (usually `ftp://example.com` if your URL is `http://example.com`)
+1. Your website FTP address (usually `ftp://example.com` if your URL is `https://example.com`)
2. Your FTP username
3. Your FTP password
diff --git a/upgrade/ftp.md b/upgrade/ftp.md
index 7d5e5cdd..67951059 100644
--- a/upgrade/ftp.md
+++ b/upgrade/ftp.md
@@ -3,7 +3,7 @@
## FTP Clients
There are two ways of getting files onto your site, and once there, changing them:
-1. By using the file manager provided in your host’s control panel. Popular file managers: [cPanel](https://documentation.cpanel.net/display/64Docs/File+Manager), [DirectAdmin](http://www.site-helper.com/filemanager.html), [Plesk](https://www.plesk.com/).
+1. By using the file manager provided in your host’s control panel. Popular file managers: [cPanel](https://documentation.cpanel.net/display/64Docs/File+Manager), [DirectAdmin](https://www.site-helper.com/filemanager.html), [Plesk](https://www.plesk.com/).
2. By using an FTP or SFTP client. This guide will show you how to use [FileZilla](https://filezilla-project.org/).
FTP or “File Transfer Protocol” has been the most widely used transfer protocol for over thirty years, but it sends your information in the clear, which is a security risk. Use SFTP (Secure File Transfer Protocol) if your host supports it. This transfers your files and your password over a secured connection, and should therefore be used instead of FTP whenever possible. Sometimes you have to contact your host to have SFTP enabled on your account.
@@ -14,7 +14,7 @@ Why use FileZilla? Because, like WordPress, it is released under the GPL. So, it
2. [Setting Permissions](https://developer.wordpress.org/advanced-administration/server/file-permissions/)
3. [FileZilla’s Extensive Documentation](https://wiki.filezilla-project.org/Documentation)
-Want to try a different FTP or SFTP client? [Find more on Wikipedia](http://en.wikipedia.org/wiki/Comparison_of_FTP_clients).
+Want to try a different FTP or SFTP client? [Find more on Wikipedia](https://en.wikipedia.org/wiki/Comparison_of_FTP_clients).
## Changelog
diff --git a/upgrade/migrating.md b/upgrade/migrating.md
index e492d8e0..199bd680 100644
--- a/upgrade/migrating.md
+++ b/upgrade/migrating.md
@@ -7,7 +7,7 @@ On the `Settings -> General` screen in a single site installation of WordPress,
- The "Site Address (URL)" setting is the address you want people to type in their browser to reach your WordPress blog.
- The "WordPress Address (URL)" setting is the address where your WordPress core files reside.
-**Note:** Both settings should include the http:// part and should not have a slash `/` at the end.
+**Note:** Both settings should include the https:// part and should not have a slash `/` at the end.
Every once in a while, somebody finds a need to manually change (or fix) these settings. Usually this happens when they change one or both and discover that their site no longer works properly. This can leave the user with no easily discoverable way to correct the problem. This article tells you how to change these settings directly.
@@ -24,8 +24,8 @@ It is possible to set the site URL manually in the `wp-config.php` file.
Add these two lines to your `wp-config.php`, where "example.com" is the correct location of your site.
```
-define( 'WP_HOME', 'http://example.com' );
-define( 'WP_SITEURL', 'http://example.com' );
+define( 'WP_HOME', 'https://example.com' );
+define( 'WP_SITEURL', 'https://example.com' );
```
This is not necessarily the best fix, it's just hard-coding the values into the site itself. You won't be able to edit them on the General settings page anymore when using this method.
@@ -38,8 +38,8 @@ If you have access to the site via FTP, then this method will help you quickly g
2. Add these two lines to the file, immediately after the initial ` 500 ports."`
-9. Then go do something for ten minutes and when you get back see if the external url http://example.com:port/yourblog from a LAN browser brings the page up correctly.
+9. Then go do something for ten minutes and when you get back see if the external url https://example.com:port/yourblog from a LAN browser brings the page up correctly.
#### Relocate method
@@ -111,7 +111,7 @@ if ( defined( 'RELOCATE' ) AND RELOCATE ) {
// Move flag is set
if ( isset( $_SERVER['PATH_INFO'] ) AND ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], "", $_SERVER['PHP_SELF'] );
- $url = dirname( set_url_scheme( 'http://'. $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
+ $url = dirname( set_url_scheme( 'https://'. $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
if ( $url != get_option( 'siteurl' ) )
update_option( 'siteurl', $url );
}
@@ -122,7 +122,7 @@ if ( defined( 'RELOCATE' ) AND RELOCATE ) {
1. Edit the `wp-config.php` file.
2. After the "define" statements (just before the comment line that says "That's all, stop editing!"), insert a new line, and type: `define('RELOCATE',true);`
3. Save your `wp-config.php` file.
-4. Open a web browser and manually point it to `wp-login.php` on the new server. For example, if your new site is at http://www.example.com, then type http://www.example.com/wp-login.php into your browser's address bar.
+4. Open a web browser and manually point it to `wp-login.php` on the new server. For example, if your new site is at https://www.example.com, then type https://www.example.com/wp-login.php into your browser's address bar.
5. Login as per normal.
6. Look in your web browser's address bar to verify that you have, indeed, logged in to the correct server. If this is the case, then in the Admin back-end, navigate to `Settings > General` and verify that both the address settings are correct. Remember to Save Changes.
7. Once this has been fixed, edit `wp-config.php` and either completely remove the line that you added (delete the whole line), comment it out (with `//`) or change the true value to false if you think it's likely you will be relocating again.
@@ -250,14 +250,14 @@ See [Moving WordPress Multisite](https://developer.wordpress.org/advanced-admini
#### wp-cli
-[wp-cli](http://wp-cli.org/) is a super useful shell tool.
+[wp-cli](https://wp-cli.org/) is a super useful shell tool.
`wp search-replace 'example.dev' 'example.com' --skip-columns=guid`
Or, if you only want to change the option, you can do:
```
-wp option update home 'http://example.com'
-wp option update siteurl 'http://example.com'
+wp option update home 'https://example.com'
+wp option update siteurl 'https://example.com'
```
# Moving WordPress
@@ -279,12 +279,12 @@ Moving your domain without changing the Home and Site URLs of your WordPress sit
### Changing Your Domain Name and URLs
-Moving a website and changing your domain name or URLs (i.e. from http://example.com/site to http://example.com, or http://example.com to http://example.net) requires the following steps – in sequence.
+Moving a website and changing your domain name or URLs (i.e. from https://example.com/site to https://example.com, or https://example.com to https://example.net) requires the following steps – in sequence.
1. Download your existing site files.
2. Export your database – go in to MySQL and export the database.
3. Move the backed up files and database into a new folder – somewhere safe – this is your site backup.
-4. Log in to the site you want to move and go to Settings > General, then change the URLs. (ie from http://example.com/ to http://example.net) – save the settings and expect to see a 404 page.
+4. Log in to the site you want to move and go to Settings > General, then change the URLs. (ie from https://example.com/ to https://example.net) – save the settings and expect to see a 404 page.
5. Download your site files again.
6. Export the database again.
7. Edit `wp-config.php` with the new server's MySQL database name, user and password.
@@ -296,7 +296,7 @@ When your domain name or URLs change there are additional concerns. The files an
If you do a search and replace on your entire database to change the URLs, you can cause issues with data serialization, due to the fact that some themes and widgets store values with the length of your URL marked. When this changes, things break. To avoid that serialization issue, you have three options:
1. Use the [Velvet Blues Update URLs](https://wordpress.org/plugins/velvet-blues-update-urls/) or [Better Search Replace](https://wordpress.org/plugins/better-search-replace/) plugins if you can access your Dashboard.
-2. Use [WP-CLI's search-replace](http://wp-cli.org/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI.
+2. Use [WP-CLI's search-replace](https://developer.wordpress.org/cli/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI.
3. Use the [Search and Replace for WordPress Databases Script](https://interconnectit.com/products/search-and-replace-for-wordpress-databases/) to safely change all instances on your old domain or path to your new one. (**only use this option if you are comfortable with database administration** )
Note: Only perform a search and replace on the wp_posts table.
@@ -317,10 +317,10 @@ Here are the step-by-step instructions to move your WordPress site to a new loca
5. In the box for **Site Address (URL)**: change the address to the new location, which should match the WordPress (your public site) address.
6. Click **Save Changes**.
7. (Do not try to open/view your site now!)
-8. Move your WordPress core files to the new location. This includes the files found within the original directory, such as http://example.com/wordpress, and all the sub-directories, to the new location.
+8. Move your WordPress core files to the new location. This includes the files found within the original directory, such as https://example.com/wordpress, and all the sub-directories, to the new location.
9. Now, try to open your site by going to yourdomain.com/wp-admin. Note, you may need to go to yourdomain.com/wp-login.php
10. If you are using [Permalinks](https://wordpress.org/documentation/article/using-permalinks/), go to the Administration > Settings > [Permalinks](https://wordpress.org/documentation/article/settings-permalinks-screen/) panel and update your Permalink structure to your [.htaccess](https://wordpress.org/documentation/article/glossary/#htaccess), file, which should be in the same directory as the main `index.php` file.
-11. Existing image/media links uploaded media will refer to the old folder and must be updated with the new location. You can do this with the [Better Search Replace](https://wordpress.org/plugins/better-search-replace/) or [Velvet Blues Update URLs](https://wordpress.org/plugins/velvet-blues-update-urls/) plugins, [WP-CLI's search-replace](http://wp-cli.org/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI, manually in your SQL database, or by using the 3rd party database updating tool [Search and Replace Databases Script](https://interconnectit.com/products/search-and-replace-for-wordpress-databases/) * **Note:** this script is best used by experienced developers.
+11. Existing image/media links uploaded media will refer to the old folder and must be updated with the new location. You can do this with the [Better Search Replace](https://wordpress.org/plugins/better-search-replace/) or [Velvet Blues Update URLs](https://wordpress.org/plugins/velvet-blues-update-urls/) plugins, [WP-CLI's search-replace](https://developer.wordpress.org/cli/commands/search-replace/) if your hosting provider (or you) have installed WP-CLI, manually in your SQL database, or by using the 3rd party database updating tool [Search and Replace Databases Script](https://interconnectit.com/products/search-and-replace-for-wordpress-databases/) * **Note:** this script is best used by experienced developers.
12. In some cases your permissions may have changed, depending on your ISP. Watch for any files with "0000" permissions and change them back to "0644".
13. If your theme supports menus, links to your home page may still have the old subdirectory embedded in them. Go to Appearance > Menus and update them.
14. Sometimes you would need to restart your server, otherwise your server may give out an error. (happens in MAMP software (Mac)).
@@ -359,8 +359,8 @@ and insert the following lines below:
```
//FIXME: do comment/remove these hack lines. (once the database is updated)
-update_option('siteurl', 'http://your.domain.name/the/path' );
-update_option('home', 'http://your.domain.name/the/path' );
+update_option('siteurl', 'https://example.com/the/path' );
+update_option('home', 'https://example.com/the/path' );
```
You're done. Test your site to make sure that it works right. If the change involves a new address for your site, make sure you let people know the new address, and consider adding some redirection instructions in your `.htaccess` file to guide visitors to the new location.
@@ -425,13 +425,13 @@ If you are moving from subdomains to subfolders, or vice-versa, remember to adju
### Related Links
-- [Moving a blog from wordpress.com to self-hosted blog](http://www.problogger.net/archives/2009/01/03/how-to-move-from-wordpresscom-to-wordpressorg/)
-- [Moving WordPress to a new domain or server](http://sltaylor.co.uk/blog/moving-wordpress-new-domain-server/)
-- [Italian version of this article – Versione italiana dell'articolo](http://www.valent-blog.eu/2007/09/14/trasferire-wordpress/)
-- [Search and Replace for WordPress Databases](http://interconnectit.com/124/search-and-replace-for-wordpress-databases/)
+- [Moving a blog from wordpress.com to self-hosted blog](https://problogger.com/how-to-move-from-wordpresscom-to-wordpressorg/)
+- [Moving WordPress to a new domain or server](https://sltaylor.co.uk/blog/moving-wordpress-new-domain-server/)
+- [Italian version of this article – Versione italiana dell'articolo](https://www.valent-blog.eu/2007/09/14/trasferire-wordpress/)
+- [Search and Replace for WordPress Databases](https://interconnectit.com/search-and-replace-for-wordpress-databases/)
- [PHP script to replace site url in WordPress database dump, even with WPML](http://blog.lavoie.sl/2012/07/php-script-to-replace-site-url-in.html)
- [The Duplicator plugin helps administrators move a site from one location to another](https://wordpress.org/plugins/duplicator/)
-- [Technical tutorial on moving your WordPress blog to Bitnami's AWS configuration](http://www.agileweboperations.com/migrate-your-wordpress-blog-to-a-bitnami-ec2-instance)
+- [Technical tutorial on moving your WordPress blog to Bitnami's AWS configuration](https://agileweboperations.com/2011/01/20/migrate-your-wordpress-blog-to-a-bitnami-ec2-instance/)
# Migrating multiple blogs into WordPress multisite
diff --git a/upgrade/upgrading.md b/upgrade/upgrading.md
index 338ef2e0..b2e2a0ea 100644
--- a/upgrade/upgrading.md
+++ b/upgrade/upgrading.md
@@ -140,8 +140,8 @@ Note: Make sure the database user name registered to WordPress has permission to
If you want to run the upgrade script manually:
-* If WordPress is installed in the root directory, point your browser to: http://example.com/wp-admin/upgrade.php
-* If WordPress is installed in its own subdirectory called `blog`, for example, point your browser to: http://example.com/blog/wp-admin/upgrade.php
+* If WordPress is installed in the root directory, point your browser to: https://example.com/wp-admin/upgrade.php
+* If WordPress is installed in its own subdirectory called `blog`, for example, point your browser to: https://example.com/blog/wp-admin/upgrade.php
If you experience difficulties with login after your upgrade, it is worth clearing your browser's cookies.
@@ -359,7 +359,7 @@ apply_filters( 'auto_core_update_send_email', true, $type, $core_update, $result
### Resources {#resources}
* More examples at [https://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7/](https://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7/)
-* More information here: [http://wordpress.stackexchange.com/questions/120081/how-do-i-configure-automatic-updates-in-wordpress-3-7](http://wordpress.stackexchange.com/questions/120081/how-do-i-configure-automatic-updates-in-wordpress-3-7)
+* More information here: [How Do I Configure Automatic Updates in WordPress 3.7?](https://wordpress.stackexchange.com/questions/120081/how-do-i-configure-automatic-updates-in-wordpress-3-7)
* Info about wp-cli conflict: [https://github.com/wp-cli/wp-cli/issues/1310](https://github.com/wp-cli/wp-cli/issues/1310)
## Changelog
diff --git a/wordpress/common-errors.md b/wordpress/common-errors.md
index 0733da86..29b31100 100644
--- a/wordpress/common-errors.md
+++ b/wordpress/common-errors.md
@@ -58,7 +58,7 @@ Contact your hosting provider to see if either of these issues is causing your p
If you have checked `wp-config.php` for errors, and confirmed with your host for hosting issues, it is possible that your site has been hacked.
-Scan your site with [Sucuri SiteCheck](http://sitecheck.sucuri.net/) to ensure that it hasn't been compromised. If it has you should check out [My Site was Hacked](https://wordpress.org/documentation/article/faq-my-site-was-hacked/).
+Scan your site with [Sucuri SiteCheck](https://sitecheck.sucuri.net/) to ensure that it hasn't been compromised. If it has you should check out [My Site was Hacked](https://wordpress.org/documentation/article/faq-my-site-was-hacked/).
## Failed Auto-Upgrade {#failed-auto-upgrade}
@@ -272,11 +272,11 @@ If you have not used phpMyAdmin before, or are uncomfortable doing so, contact y
An unknown column error can be caused by a missing column in the database. If you have just upgraded WordPress then try manually upgrading again. To update your WordPress site manually, see the [Update article](https://wordpress.org/documentation/article/updating-wordpress/#manual-update).
-If you are running a database query when you encounter the error then you may by using incorrect quotation marks for the identifier quote character. This [question on Stack Overflow provides more details](https://stackoverflow.com/questions/1346209/unknown-column-in-field-list-error-on-mysql-update-query). Also see the [MySQL documentation](http://dev.mysql.com/doc/refman/en/identifiers.html).
+If you are running a database query when you encounter the error then you may by using incorrect quotation marks for the identifier quote character. This [question on Stack Overflow provides more details](https://stackoverflow.com/questions/1346209/unknown-column-in-field-list-error-on-mysql-update-query). Also see the [MySQL documentation](https://dev.mysql.com/doc/refman/8.2/en/identifiers.html).
## Resources {#resources}
-* [MySQL Error Codes and Messages](http://dev.mysql.com/doc/refman/en/error-messages-server.html)
+* [MySQL Error Codes and Messages](https://dev.mysql.com/doc/refman/en/error-messages-server.html)
## Changelog
diff --git a/wordpress/cookies.md b/wordpress/cookies.md
index b2b855da..07e2df22 100644
--- a/wordpress/cookies.md
+++ b/wordpress/cookies.md
@@ -54,9 +54,9 @@ WordPress allows you to alter the language of all translatable strings on login.
## References
-- [Wikipedia: Cookies](http://en.wikipedia.org/wiki/HTTP_cookie)
-- [RFC2965](http://www.faqs.org/rfcs/rfc2965)
-- [PHP cookie documentation](http://www.php.net/manual/en/features.cookies.php)
+- [Wikipedia: Cookies](https://en.wikipedia.org/wiki/HTTP_cookie)
+- [RFC2965](http://www.faqs.org/rfcs/rfc2965.html)
+- [PHP cookie documentation](https://www.php.net/manual/en/features.cookies.php)
## Changelog
diff --git a/wordpress/edit-files.md b/wordpress/edit-files.md
index 59e10cfb..9d883a82 100644
--- a/wordpress/edit-files.md
+++ b/wordpress/edit-files.md
@@ -93,7 +93,7 @@ The following [text editors](https://wordpress.org/documentation/article/wordpre
* [EditPad](https://www.editpadpro.com/) (Windows)
* [EditPlus](https://www.editplus.com/) (Windows)
* [emacs](https://www.gnu.org/software/emacs/emacs.html) (Mac, Linux, Windows) Open-Source, Free
-* [JEdit](http://jedit.org/) (Mac, Linux, Windows)
+* [JEdit](https://jedit.org/) (Mac, Linux, Windows)
* [Notepad++](https://notepad-plus-plus.org/) (Windows) Open-Source, Free
* [PSPad](https://www.pspad.com/) (Windows) Free
* [Smultron](https://www.peterborgapps.com/smultron/) (Mac) $
diff --git a/wordpress/feeds.md b/wordpress/feeds.md
index 2605e1b0..ebfd0733 100644
--- a/wordpress/feeds.md
+++ b/wordpress/feeds.md
@@ -2,68 +2,68 @@
## WordPress Built-in Feeds {#wordpress-built-in-feeds}
-By default, WordPress comes with various feeds. They are generated by template tag for [bloginfo()](https://developer.wordpress.org/reference/functions/bloginfo/) for each type of feed and are typically listed in the sidebar and/or footer of most WordPress Themes. They look like this:
+By default, WordPress comes with various feeds. They are generated by template tag for [bloginfo()](https://developer.wordpress.org/reference/functions/bloginfo/) for each type of feed and are typically listed in the sidebar and/or footer of most WordPress Themes. They look like this:
-URL for [RDF/RSS 1.0 feed](https://web.resource.org/rss/1.0/)
+URL for [RDF/RSS 1.0 feed](https://web.resource.org/rss/1.0/)
```
-
+
```
-URL for [RSS 0.92 feed](https://www.rssboard.org/rss-0-9-2)
+URL for [RSS 0.92 feed](https://www.rssboard.org/rss-0-9-2)
```
-
+
```
-URL for [RSS 2.0 feed](https://www.rssboard.org/rss-specification)
+URL for [RSS 2.0 feed](https://www.rssboard.org/rss-specification)
```
-
+
```
-URL for [Atom feed](http://www.atomenabled.org/)
+URL for [Atom feed](http://www.atomenabled.org/)
```
-
+
```
-URL for comments RSS 2.0 feed
+URL for comments RSS 2.0 feed
```
-
+
```
The first four feeds display recent updates and changes to your site's content for the different feedreaders. Of these, the RSS feeds are the most well known. The last feed example is used by RSS 2.0 feedreaders and does not show your site's content. It only shows the comments made on your site.
-To track the comments on a specific post, the [post_comments_feed_link()](https://developer.wordpress.org/reference/functions/post_comments_feed_link/) template tag is used on single post pages like this:
+To track the comments on a specific post, the [post_comments_feed_link()](https://developer.wordpress.org/reference/functions/post_comments_feed_link/) template tag is used on single post pages like this:
```
```
-There are ways to modify these feeds, and these are covered in the article on [Customizing Feeds](https://codex.wordpress.org/Customizing_Feeds).
+There are ways to modify these feeds, and these are covered in the article on [Customizing Feeds](https://codex.wordpress.org/Customizing_Feeds).
## Adding Feeds {#adding-feeds}
-Not all WordPress Themes feature all of the RSS Feed types that are available through WordPress. To add a feed to your site, find the location of where the other feeds are, typically in your sidebar.php or footer.php template files of your Theme. Then add one of the tags listed above to the list, like this example:
+Not all WordPress Themes feature all of the RSS Feed types that are available through WordPress. To add a feed to your site, find the location of where the other feeds are, typically in your sidebar.php or footer.php template files of your Theme. Then add one of the tags listed above to the list, like this example:
```
```
### Adding Graphics to Feed Links {#adding-graphics-to-feed-links}
-Many people like to have a graphic representing the feed instead of words. There are now [standards](http://www.feedicons.com/) for these graphics or "buttons", but you can [make your own](https://kalsey.com/tools/buttonmaker/) to match the look and colors on your site. 
+Many people like to have a graphic representing the feed instead of words. There are now [standards](http://www.feedicons.com/) for these graphics or "buttons", but you can [make your own](https://kalsey.com/tools/buttonmaker/) to match the look and colors on your site. 
To add a graphic to your feed link, simply wrap the link around the graphic such as:
```
-
+
```
### Changing Addresses {#changing-addresses}
diff --git a/wordpress/site-architecture.md b/wordpress/site-architecture.md
index 9c0497a5..df4a88ef 100644
--- a/wordpress/site-architecture.md
+++ b/wordpress/site-architecture.md
@@ -262,11 +262,11 @@ Comments may be featured in the single post view (using the comments.php templat
- RSS feed for comments on this post.
- TrackBack URI
+ RSS feed for comments on this post.
+ TrackBack URI
Leave a comment
-
+
```
### Changing Addresses {#changing-addresses}
diff --git a/wordpress/site-architecture.md b/wordpress/site-architecture.md
index 9c0497a5..df4a88ef 100644
--- a/wordpress/site-architecture.md
+++ b/wordpress/site-architecture.md
@@ -262,11 +262,11 @@ Comments may be featured in the single post view (using the comments.php templat
- RSS feed for comments on this post. - TrackBack URI + RSS feed for comments on this post. + TrackBack URI