diff --git a/.htaccess.example b/.htaccess.example index 1eeebb1..ee2fddd 100644 --- a/.htaccess.example +++ b/.htaccess.example @@ -45,17 +45,17 @@ AddType image/x-icon .ico +# BEGIN WordPress RewriteEngine On RewriteBase / -RewriteRule .git.* / [R=301,L] - -RewriteRule ^cms\/?$ /cms/wp-admin/ [R=301,L] +RewriteRule ^(^\.|\/\.) /index.php [QSA,L] RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] +# END WordPress diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index e3a58f3..142317d 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -1,6 +1,8 @@ Project setup instructions --- To setup current WordPress project, you should do the following steps: +(Project is based on [WordPress Starter](https://github.com/justcoded/wordpress-starter) +) #### Navigate to project and clone git repo: @@ -20,8 +22,9 @@ git checkout #### Download wp core with composer ```bash -php composer.phar update +composer update ``` +(if you don't have composer installed on your machine you can download php script: https://getcomposer.org/download/) #### Create new branch for your changes ```bash @@ -30,21 +33,16 @@ git checkout -b {issue#}_{short descr} #### Create your environment -1. Copy .env.example into .env -2. Copy .htaccess.example into .htaccess -3. Update environment variables in `.env` file: +1. Update environment variables in `.env` file: * `DB_NAME` - Database name * `DB_USER` - Database user * `DB_PASSWORD` - Database password * `DB_HOST` - Database host * `WP_ENV` - Set to environment (`development`, `staging`, `production`) * `WP_HOME` - Full URL to WordPress home (http://example.com) - * `WP_SITEURL` - Full URL to WordPress including subdirectory (http://example.com/cms) #### Database setup (Dev environment ONLY) 1. Download latest database dump from repository "Downloads" section (Bitbucket) 2. Import sql dump to your database -3. Update wp_options table 'siteurl' / 'home' to your new project url. (remember siteurl should have "cms" at the end) - * Save old URL somewhere before replace -4. Upgrade URLs with any method you like the most: [WP Host update](https://github.com/justcoded/wp-host-update), [WP Migrate](https://wordpress.org/plugins/wp-migrate-db/), WP CLI +3. Upgrade URLs inside database with any method you like the most: [WP Host update](https://github.com/justcoded/wp-host-update), [WP Migrate](https://wordpress.org/plugins/wp-migrate-db/), WP CLI diff --git a/README.md b/README.md index 990377f..4e10047 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ -

WordPress JustCoded Project Template

+

WordPress Project Template by JustCoded


-WordPress JustCoded Project Template is a skeleton [WordPress](https://wordpress.org/) site best for +WordPress Project Template is a skeleton [WordPress](https://wordpress.org/) site best for rapidly creating projects with modern development tools, easier configuration, and an improved folder structure. ## Features @@ -35,22 +35,45 @@ rapidly creating projects with modern development tools, easier configuration, a * `DB_HOST` - Database host * `WP_ENV` - Set to environment (`development`, `staging`, `production`) * `WP_HOME` - Full URL to WordPress home (http://example.com) - * `WP_SITEURL` - Full URL to WordPress including subdirectory (http://example.com/cms) - * `AUTH_KEY`, `SECURE_AUTH_KEY`, `LOGGED_IN_KEY`, `NONCE_KEY`, `AUTH_SALT`, `SECURE_AUTH_SALT`, `LOGGED_IN_SALT`, `NONCE_SALT` - Salts can be generated automatically using custom composer command: +3. Run WordPress install as usual by accessing your site at `http://example.com/` - composer wp:salts +4. That's it! -3. Add theme(s) in `wp-content/themes` as you would for a normal WordPress site. +## New composer commands -4. Access WP admin at `http://example.com/cms/wp-admin` +* `composer wp:theme` generate new theme based on our [Theme Boilerplate](https://github.com/justcoded/wordpress-theme-boilerplate) +* `composer wp:secure` generate new HTTP password for wp-admin folder +* `composer wp:dbPrefix` generate secure DB prefix inside .env/.env.example files. (executed automatically after installation) +* `composer wp:salts` generating new secure WordPress salts -## Contributing +## Security -Contributions are welcome from everyone. +### Salts + +By default installer will generate WordPress salts automatically. To replace them you can change `.env` variables: + + * `AUTH_KEY` + * `SECURE_AUTH_KEY` + * `LOGGED_IN_KEY` + * `NONCE_KEY` + * `AUTH_SALT` + * `SECURE_AUTH_SALT` + * `LOGGED_IN_SALT` + * `NONCE_SALT` + +Salts can be generated with: -## WORKING WITH EXISTING PROJECT + * Custom composer command: `composer wp:salts` + * WordPress generator: https://api.wordpress.org/secret-key/1.1/salt/ + +### WP Admin HTTP Authentication -To deploy already existed site please read [Deployment instructions](https://github.com/justcoded/wordpress-starter/blob/master/DEPLOYMENT.md). -We recommend to replace project README.md with DEPLOYMENT.md after project start. \ No newline at end of file +We recommend to set one more level of security - add additional HTTP password protection. +You can do this with our composer script: + +`composer wp:secure -u "login" -p "password"` + +## Contributing + +Contributions are welcome from everyone. diff --git a/composer.json b/composer.json index 33414c2..b53c844 100644 --- a/composer.json +++ b/composer.json @@ -39,15 +39,18 @@ "composer/installers": "^1.4", "vlucas/phpdotenv": "^2.0.1", "johnpbloch/wordpress": "4.9", - "justcoded/wordpress-composer-scripts": "~1.1", + "justcoded/wordpress-composer-scripts": "~1.2", "wpackagist-theme/twentyseventeen": "*", + "wpackagist-plugin/wordpress-importer": "*", "wpackagist-plugin/wp-mail-smtp": "*", "wpackagist-plugin/regenerate-thumbnails": "*", "wpackagist-plugin/duplicate-post": "*", - "justcoded/wordpress-theme-framework": "~2.0", + + "justcoded/wordpress-theme-framework": "^2.0.1", "justcoded/wordpress-theme-boilerplate": "~1.0", "wpackagist-plugin/titan-framework": "*", + "wpackagist-plugin/just-custom-fields": "*", "wpackagist-plugin/just-responsive-images": "*", "wpackagist-plugin/just-tinymce-styles": "*", @@ -74,22 +77,28 @@ }, "scripts": { "wp:postInstall": "JustCoded\\WP\\Composer\\Environment::post_install", + "wp:deployReadme": "JustCoded\\WP\\Composer\\Environment::deployment_readme", "wp:dbPrefix": "JustCoded\\WP\\Composer\\Environment::wpdb_prefix", "wp:salts": "JustCoded\\WP\\Composer\\Environment::salts", + "wp:secure": "JustCoded\\WP\\Composer\\Security::admin_http_auth", "wp:theme": "JustCoded\\WP\\Composer\\Boilerplates::theme", + "post-create-project-cmd": [ "@wp:postInstall", "@wp:dbPrefix", - "@wp:salts" + "@wp:salts", + "@wp:deployReadme" ], "post-install-cmd": [ - "@wp:postInstall" + "@wp:postInstall", + "phpcsx-init" ], "post-update-cmd": [ - "@wp:postInstall" + "@wp:postInstall", + "phpcsx-init" ], "phpcs": [ - "vendor/bin/phpcsx --standard=JustcodedWordpress" + "vendor/bin/phpcs --standard=JustcodedWordpress" ] } -} \ No newline at end of file +} diff --git a/wp-content/mu-plugins/secure-rewrites.php b/wp-content/mu-plugins/secure-rewrites.php new file mode 100644 index 0000000..1fb13b8 --- /dev/null +++ b/wp-content/mu-plugins/secure-rewrites.php @@ -0,0 +1,12 @@ +non_wp_rules = array( '(^\.|\/\.)' => 'index.php' ) + $wp_rewrite->non_wp_rules; + }); +}