Merge pull request #3 from justcoded/develop

Fix rewrites in htaccess, updated docs

.htaccess.example

@@ -45,17 +45,17 @@ AddType image/x-icon .ico
 	</files>
 </IfModule>
 
+# BEGIN WordPress
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 
-RewriteRule .git.* / [R=301,L]
-
-RewriteRule ^cms\/?$ /cms/wp-admin/ [R=301,L]
+RewriteRule ^(^\.|\/\.) /index.php [QSA,L]
 
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 </IfModule>
+# END WordPress
 

DEPLOYMENT.md

@@ -1,6 +1,8 @@
 Project setup instructions
 ---
 To setup current WordPress project, you should do the following steps:
+(Project is based on [WordPress Starter](https://github.com/justcoded/wordpress-starter)
+)
 
 #### Navigate to project and clone git repo:
 
@@ -20,8 +22,9 @@ git checkout <branch-name>
 
 #### Download wp core with composer
 ```bash
-php composer.phar update
+composer update
 ```
+(if you don't have composer installed on your machine you can download php script: https://getcomposer.org/download/)
 
 #### Create new branch for your changes
 ```bash
@@ -30,21 +33,16 @@ git checkout -b {issue#}_{short descr}
 
 #### Create your environment
 
-1. Copy .env.example into .env
-2. Copy .htaccess.example into .htaccess
-3. Update environment variables in `.env`  file:
+1. Update environment variables in `.env`  file:
   * `DB_NAME` - Database name
   * `DB_USER` - Database user
   * `DB_PASSWORD` - Database password
   * `DB_HOST` - Database host
   * `WP_ENV` - Set to environment (`development`, `staging`, `production`)
   * `WP_HOME` - Full URL to WordPress home (http://example.com)
-  * `WP_SITEURL` - Full URL to WordPress including subdirectory (http://example.com/cms)
 
 #### Database setup (Dev environment ONLY)
 
 1. Download latest database dump from repository "Downloads" section (Bitbucket)
 2. Import sql dump to your database
-3. Update wp_options table 'siteurl' / 'home' to your new project url. (remember siteurl should have "cms" at the end)
-	* Save old URL somewhere before replace
-4. Upgrade URLs with any method you like the most: [WP Host update](https://github.com/justcoded/wp-host-update), [WP Migrate](https://wordpress.org/plugins/wp-migrate-db/), WP CLI
+3. Upgrade URLs inside database with any method you like the most: [WP Host update](https://github.com/justcoded/wp-host-update), [WP Migrate](https://wordpress.org/plugins/wp-migrate-db/), WP CLI

README.md

@@ -2,11 +2,11 @@
     <a href="https://wordpress.org" target="_blank">
         <img src="https://s.w.org/about/images/logos/wordpress-logo-notext-rgb.png" height="100px">
     </a>
-    <h1 align="center">WordPress JustCoded Project Template</h1>
+    <h1 align="center">WordPress Project Template by JustCoded</h1>
     <br>
 </p>
 
-WordPress JustCoded Project Template is a skeleton [WordPress](https://wordpress.org/) site best for
+WordPress Project Template is a skeleton [WordPress](https://wordpress.org/) site best for
 rapidly creating projects with modern development tools, easier configuration, and an improved folder structure.
 
 ## Features
@@ -35,22 +35,45 @@ rapidly creating projects with modern development tools, easier configuration, a
   * `DB_HOST` - Database host
   * `WP_ENV` - Set to environment (`development`, `staging`, `production`)
   * `WP_HOME` - Full URL to WordPress home (http://example.com)
-  * `WP_SITEURL` - Full URL to WordPress including subdirectory (http://example.com/cms)
-  * `AUTH_KEY`, `SECURE_AUTH_KEY`, `LOGGED_IN_KEY`, `NONCE_KEY`, `AUTH_SALT`, `SECURE_AUTH_SALT`, `LOGGED_IN_SALT`, `NONCE_SALT`
 
-  Salts can be generated automatically using custom composer command:
+3. Run WordPress install as usual by accessing your site at `http://example.com/`
 
-      composer wp:salts
+4. That's it!
 
-3. Add theme(s) in `wp-content/themes` as you would for a normal WordPress site.
+## New composer commands
 
-4. Access WP admin at `http://example.com/cms/wp-admin`
+* `composer wp:theme` generate new theme based on our [Theme Boilerplate](https://github.com/justcoded/wordpress-theme-boilerplate)
+* `composer wp:secure` generate new HTTP password for wp-admin folder
+* `composer wp:dbPrefix` generate secure DB prefix inside .env/.env.example files. (executed automatically after installation)
+* `composer wp:salts` generating new secure WordPress salts
 
-## Contributing
+## Security
 
-Contributions are welcome from everyone.
+### Salts
+
+By default installer will generate WordPress salts automatically. To replace them you can change `.env` variables:
+
+  * `AUTH_KEY`
+  * `SECURE_AUTH_KEY`
+  * `LOGGED_IN_KEY`
+  * `NONCE_KEY`
+  * `AUTH_SALT`
+  * `SECURE_AUTH_SALT`
+  * `LOGGED_IN_SALT`
+  * `NONCE_SALT`
+
+Salts can be generated with:
 
-## WORKING WITH EXISTING PROJECT
+  * Custom composer command: `composer wp:salts`
+  * WordPress generator: https://api.wordpress.org/secret-key/1.1/salt/
+
+### WP Admin HTTP Authentication
 
-To deploy already existed site please read [Deployment instructions](https://github.com/justcoded/wordpress-starter/blob/master/DEPLOYMENT.md).
-We recommend to replace project README.md with DEPLOYMENT.md after project start.
+We recommend to set one more level of security - add additional HTTP password protection. 
+You can do this with our composer script:
+
+`composer wp:secure -u "login" -p "password"` 
+
+## Contributing
+
+Contributions are welcome from everyone.

composer.json

@@ -39,15 +39,18 @@
     "composer/installers": "^1.4",
     "vlucas/phpdotenv": "^2.0.1",
     "johnpbloch/wordpress": "4.9",
-    "justcoded/wordpress-composer-scripts": "~1.1",
+    "justcoded/wordpress-composer-scripts": "~1.2",
     "wpackagist-theme/twentyseventeen": "*",
+
     "wpackagist-plugin/wordpress-importer": "*",
     "wpackagist-plugin/wp-mail-smtp": "*",
     "wpackagist-plugin/regenerate-thumbnails": "*",
     "wpackagist-plugin/duplicate-post": "*",
-    "justcoded/wordpress-theme-framework": "~2.0",
+
+    "justcoded/wordpress-theme-framework": "^2.0.1",
     "justcoded/wordpress-theme-boilerplate": "~1.0",
     "wpackagist-plugin/titan-framework": "*",
+
     "wpackagist-plugin/just-custom-fields": "*",
     "wpackagist-plugin/just-responsive-images": "*",
     "wpackagist-plugin/just-tinymce-styles": "*",
@@ -74,22 +77,28 @@
   },
   "scripts": {
     "wp:postInstall": "JustCoded\\WP\\Composer\\Environment::post_install",
+    "wp:deployReadme": "JustCoded\\WP\\Composer\\Environment::deployment_readme",
     "wp:dbPrefix": "JustCoded\\WP\\Composer\\Environment::wpdb_prefix",
     "wp:salts": "JustCoded\\WP\\Composer\\Environment::salts",
+    "wp:secure": "JustCoded\\WP\\Composer\\Security::admin_http_auth",
     "wp:theme": "JustCoded\\WP\\Composer\\Boilerplates::theme",
+
     "post-create-project-cmd": [
       "@wp:postInstall",
       "@wp:dbPrefix",
-      "@wp:salts"
+      "@wp:salts",
+      "@wp:deployReadme"
     ],
     "post-install-cmd": [
-      "@wp:postInstall"
+      "@wp:postInstall",
+      "phpcsx-init"
     ],
     "post-update-cmd": [
-      "@wp:postInstall"
+      "@wp:postInstall",
+      "phpcsx-init"
     ],
     "phpcs": [
-      "vendor/bin/phpcsx --standard=JustcodedWordpress"
+      "vendor/bin/phpcs --standard=JustcodedWordpress"
     ]
   }
-}
+}

wp-content/mu-plugins/secure-rewrites.php

@@ -0,0 +1,12 @@
+<?php
+/**
+ * Set custom rewrite rules for .htaccess (security patch).
+ */
+
+if ( ! is_multisite() ) {
+	add_action('generate_rewrite_rules', function() {
+		global $wp_rewrite;
+		// block files started with . (dot).
+		$wp_rewrite->non_wp_rules = array( '(^\.|\/\.)' => 'index.php' ) + $wp_rewrite->non_wp_rules;
+	});
+}