Skip to content

danie1k/php-bulletproof-wordpress

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
.github
.github
 
 
ansible
ansible
 
 
languages
languages
 
 
mu-plugins
mu-plugins
 
 
plugins
plugins
 
 
themes
themes
 
 
wordpress
wordpress
 
 
.ansible-lint
.ansible-lint
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
.yamllint
.yamllint
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Bulletproof-Wordpress

Build Status Current Version PHP Version Support MIT License

Bulletproof* Wordpress deployment automation based on Ansible & Composer

Table of Contents

  1. Requirements
    1. Developer's Computer
    2. Web server (hosting)
  2. Installation
  3. Usage
  4. Basic Wordpress Configuration
    1. Database settings
    2. Secret keys
  5. Extended Wordpress Configuration
    1. HTTPS detection mechanism
    2. Paths customization
    3. Cron
  6. SMTP Configuration
    1. Global settings
    2. Mailer-specific settings
      1. PHP
      2. SMTP.com
      3. Pepipost
      4. Sendinblue
      5. Mailgun
      6. SendGrid
      7. Classic SMTP server
  7. Advanced options
    1. Various settings
    2. Files upload mechanism
  8. Roadmap
  9. License

Requirements

Developer's Computer

Web server (hosting)

  • SSH access (for Ansible)
  • PHP >= 5 (for Wordpress)
  • Apache or Nginx web server

Installation

To begin run the following command in Bash-compatible terminal:

bash <(curl -s https://raw.githubusercontent.com/danie1k/php-bulletproof-wordpress/dev/.github/installer.sh)

Work in progress, more to come...

Usage

To be added...

Basic Wordpress Configuration

Database settings

Ansible Variable PHP equivalent
bpwp_db_host DB_HOST required
bpwp_db_name DB_NAME required
bpwp_db_user DB_USER required
bpwp_db_password DB_PASSWORD required
bpwp_db_charset DB_CHARSET utf8mb4 by default
bpwp_db_collate DB_COLLATE utf8mb4_bin by default
bpwp_db_table_prefix $table_prefix wp_ by default
bpwp_db_client_flags MYSQL_CLIENT_FLAGS optional

Secret keys

TIP: Use https://api.wordpress.org/secret-key/1.1/salt/ to generate all the following keys.

Ansible Variable PHP equivalent
bpwp_auth_key AUTH_KEY required
bpwp_secure_auth_key SECURE_AUTH_KEY required
bpwp_logged_in_key LOGGED_IN_KEY required
bpwp_nonce_key NONCE_KEY required
bpwp_auth_salt AUTH_SALT required
bpwp_secure_auth_salt SECURE_AUTH_SALT required
bpwp_logged_in_salt LOGGED_IN_SALT required
bpwp_nonce_salt NONCE_SALT required

Extended Wordpress Configuration

HTTPS detection mechanism

Select how WordPress should detect that a page is loaded via HTTPS, it strongly depends on your web server & DNS configuration.

Ansible Variable Default value
bpwp_https_method SERVER_PORT

Available options:

Value Description/Usage case
true (boolean) Force HTTPS always on
false (boolean) Force HTTPS always off
SERVER_PORT Check if $_SERVER['SERVER_PORT'] is 443
HTTP_X_FORWARDED_PROTO Load balancer, reverse proxy, Nginx
HTTP_X_FORWARDED_SSL Reverse proxy
HTTP_CLOUDFRONT_FORWARDED_PROTO AWS CloudFront
HTTP_X_FORWARDED_SCHEME KeyCDN
HTTP_X_ARR_SSL Windows Azure ARR

Paths settings

All directories mentioned in this section are publicly exposed!

Ansible Variable Description
bpwp_wp_admin_dir_name Name for wordpress admin panel directory Default: wp-admin
bpwp_wp_uploads_dir_name Directory name for storing uploaded media files Default: uploads
bpwp_wp_plugins_dir_name Directory name for storing Plugins Default: plugins
bpwp_wp_themes_dir_name Directory name for storing Themes Default: themes
bpwp_wp_mu_plugins_dir_name Directory name for storing Must Use Plugins Default: mu-plugins
bpwp_wp_symlink_core Whether to deploy Wordpress core files into "public_html" directory (false), or symlink only (true) Default: true

Cron

It is highly recommended to use Crontab-based cron to drive Wordpress, over built-in one.
Check following links fore more information:

Ansible Variable Description Type (default value)
bpwp_custom_cron Disables Wordpress built-in Cron and sets system crontab entry. boolean (false)
bpwp_project_public_url Public URL of your Wordpress site, crontab will look there for wp-cron.php required only if bpwp_custom_cron: true
bpwp_cron_minute Used only if bpwp_custom_cron is enabled. Every 10 minutes. string (*/10)
bpwp_cron_hour Used only if bpwp_custom_cron is enabled. string (*)
bpwp_cron_day Used only if bpwp_custom_cron is enabled. string (*)
bpwp_cron_month Used only if bpwp_custom_cron is enabled. string (*)
bpwp_cron_weekday Used only if bpwp_custom_cron is enabled. string (*)

W3 Total Cache

Ansible Variable Default value
bpwp_w3tc_enabled false

SMTP Configuration

BPWP SMTP support is provided with third-party Wordpress plugin: https://wordpress.org/plugins/wp-mail-smtp/

Global settings

Setting name Ansible Variable Description Type (default value)
bpwp_smtp_enabled Turns on/off SMTP support boolean (false)
From Email bpwp_smtp_mail_from The email address which emails are sent from string, required
From Name bpwp_smtp_mail_from_name The name which emails are sent from string, required
Force From Email bpwp_smtp_mail_from_force The From Email setting above will be used for all emails, ignoring values set by other plugins boolean (false)
Force From Name bpwp_smtp_mail_from_name_force The From Name setting above will be used for all emails, ignoring values set by other plugins boolean (false)
Return Path bpwp_smtp_set_return_path Return Path indicates where non-delivery receipts - or bounce messages - are to be sent.
If disabled, bounce messages may be lost. Some providers may ignore this option.		 boolean (true)
Mailer bpwp_smtp_mailer Mailer engine. Possible values: php, smtp.com, pepipost, sendinblue, mailgun, sendgrid, smtp string (php)

Mailer-specific settings

PHP

No settings

SMTP.com

Full documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-smtp-com-mailer-in-wp-mail-smtp

Setting name Ansible Variable Description Type (default value)
API Key bpwp_smtp_smtpcom_api_key API Key from SMTP.com string, required
Sender Name bpwp_smtp_smtpcom_channel Sender Name from SMTP.com string, required

Pepipost

Full documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-pepipost-mailer-in-wp-mail-smtp

Setting name Ansible Variable Description Type (default value)
API Key bpwp_smtp_pepipost_api_key API Key from Pepipost string, required

Sendinblue

Full documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-sendinblue-mailer-in-wp-mail-smtp

Setting name Ansible Variable Description Type (default value)
API Key bpwp_smtp_sendinblue_api_key v3 API Key from Sendinblue string, required

Mailgun

Full documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-mailgun-mailer-in-wp-mail-smtp

Setting name Ansible Variable Description Type (default value)
Private API Key bpwp_smtp_mailgun_api_key Private API Key from Mailgun string, required
Domain Name bpwp_smtp_mailgun_domain Domain Name from Sendinblue string, required
Region bpwp_smtp_mailgun_region Define which endpoint you want to use for sending messages. More information on Mailgun.com. string, (US)

SendGrid

Full documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-sendgrid-mailer-in-wp-mail-smtp

Setting name Ansible Variable Description Type (default value)
API Key bpwp_smtp_sendgrid_api_key API Key from SendGrid string, required

Classic SMTP server

Full documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-other-smtp-mailer-in-wp-mail-smtp/

Setting name Ansible Variable Description Type (default value)
SMTP Host bpwp_smtp_host string, required
Encryption bpwp_smtp_ssl Possible values: null, ssl, tls (note: TLS is not STARTTLS) string, required
SMTP Port bpwp_smtp_port No encryption - 25 / SSL - 465 / TLS - 587 int, required
Auto TLS bpwp_smtp_autotls boolean (true)
Authentication bpwp_smtp_auth boolean (true)
SMTP Username bpwp_smtp_user string, required
SMTP Password bpwp_smtp_pass string, required

Advanced options

Various settings

Warning! Any changes made to files on remote server will be lost during Ansible-based deployment!

Ansible Variable Description
bpwp_wp_disallow_file_edit Disable the Plugin and Theme Editor? Default: true
bpwp_wp_disallow_file_mods Disable Plugin and Theme Update and Installation? Default: true
bpwp_wp_disable_autoupdates Disable Wordpress auto-updates using Easy Updates Manager plugin Default: true
bpwp_wp_custom_user_config Custom PHP code to be added to wp-config.php Empty by default

Files upload mechanism

There are two mechanism available for uploading your Wordpress files to remote server.

Ansible Variable Default value
bpwp_sync_method rsync
Value Description/Usage case
rsync Uses rsync via Ansible synchronize module
copy Uses Ansible copy module

Roadmap

  • Add .htaccess files for Apache web server
  • Nginx config generator
  • More detailed "DEPLOYMENT CONFIRMATION" report
  • Add support for Composer's autoload.php
  • Add shell script to update BPWP (similar to installer.sh)
  • Improve installation & usage instructions in README
  • Javascript converter "api.wordpress.org/secret-key/1.1/salt/" -> Ansible Variables

License

MIT

* Highly secured

About

Bulletproof Wordpress deployment automation based on Ansible & Composer

packagist.org/packages/danie1k/bulletproof-wordpress

Topics

php wordpress ansible composer wordpress-development ansible-role wordpress-boilerplate composer-package wordpress-hardening

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages