Wordpress, Some Details

Apr 9, 2020 · 2 min read · wordpress php  ·
Share:

I was collaborating with some companies that made changes to their websites, where Wordpress was used as the base CMS, these websites were being changed servers, updating to the most current version or verifying updates in their add-ons, in the process different problems arose , I had to see the official Wordpress Codex documentation and Google to give them a solution.

Wordpress Migration

Previously the websites were hosted by hosting providers (web hosting), the new servers where they are currently hosted have web services performing reverse-proxy or load balancing, for this In case it was necessary to specify some instances in the configuration file wp-config.php so that the CSS and JS files load correctly, another problem that existed was that the security for the HTTPS protocol showed the error of "Mixed content", then the solution of these problems was added the following:

 1# wp-config.php
 2define( 'DB_COLLATE', '' );
 3.....
 4/** Solución al problema */
 5define('WP_HOME','https://www.dominio.com');
 6define('WP_SITEURL','https://www.dominio.com');
 7
 8if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
 9       $_SERVER['HTTPS']='on';
10.....

Wordpress Update

As is normal, hosting providers provide an FTP service to upload files, the update method was also done via FTP, the new servers did not have an FTP service, the first solution that was wanted was using SSH ( with public and private keys), but in the end it was decided to carry out the updates directly from Wordpress.

1# wp-config.php
2....
3/** Actualizaciones directas */
4define(‘FS_METHOD’,’direct’);

Hide Sensitive Wordpress Information

Another detail that existed was that sensitive CMS information was shown, such as the version used and the readme.html file, for these cases two files functions.php and .htaccess (or, failing that, the web server configuration file).

1# wp-content/themes/nombre_tema/functions.php
2....
3/** Ocultar version */
4remove_action('wp_head', 'wp_generator');
5add_filter('the_generator', '__return_false');

The configuration can be done in .htaccess as in the web server configuration file.

 1## For Apache
 2# .htaccess
 3....
 4<Files readme.html>
 5	Order allow,deny
 6	Deny from all
 7</Files>
 8
 9## For Nginx
10# dominio.conf
11location readme\.html{
12	deny  all;
13}

References

Translations: