/wp-cubi

WordPress modern stack for developers

Primary LanguagePHPGNU General Public License v2.0GPL-2.0

PHP Version Require Latest Stable Version License

WordPress modern stack for developers

wp-cubi

Overview

wp-cubi provides a modern stack and project structure to make professional web applications with WordPress.

Built with Composer dependency manager and Robo task runner.

Features

Security optimizations

Requirements

Installation

  1. Create a new project: composer create-project --remove-vcs globalis/wp-cubi your-project && cd your-project
  2. Run installation command and answer the questions: ./vendor/bin/robo install --setup-wordpress
  3. Access your new site administration: /wpcb/wp-admin/

Configuration

  • Edit WP_UNHOOKED_CONFIG constant, according to your needs, in config/application.php
  • Login page logo: Replace ./web/logo.png with your application logo (or edit 00-wp-cubi-core-mu/20-wp-login.php)
  • If your application uses a SMTP server for outgoing emails, configure it in config/local.php
  • Image minification: Configure globalis/wp-cubi-imagemin to enable a meaningfull level of uploads / image minification

wp-cron tasks

For an optimal wp-cron setup in production, apply following configuration :

  • Set constant DISABLE_WP_CRON to true in ./config/environments/production.php
  • Add to your production server crontab :
*/1 * * * * /usr/bin/php8.2 /var/www/my-app/web/wpcb/wp-cron.php &>/dev/null

Notes :

  • Be sure you adapt PHP binary path (with accurate version) and your application path in above command
  • Using absolute paths is recommended

WordPress core automatic updates

Even though WordPress does not comply with semantic versioning specification, core minor updates generally respect backward compatibility and could be applied automatically, for security purposes.

It can be done by adding to your staging and production server crontabs :

*/30 * * * *  /usr/bin/php8.2 /var/www/my-app/vendor/bin/wp core update --minor  &>/dev/null

Notes :

  • Be sure you adapt PHP binary path (with accurate version) and your application path in above command
  • Using absolute paths is recommended

This cron task will ensure, every 30 minutes, that WordPress instance running on server is up-to-date with latest minor version of its current branch.

This cron task will not automatically change roots/wordpress version in your composer.lock file.

To avoid unwanted rollbacks when deploying, wp-cubi deploy command will check before every deployment that you're about to deploy last minor version of your WordPress current branch. If not, it will invite you to abort deployment and run ./vendor/bin/robo wp:apply-available-patch.

Commands

wp-cli

Coding standards

  • ./vendor/bin/phpcs [directory] : Check coding standards (see ./phpcs.xml)
  • ./vendor/bin/phpcbf [directory] : Fix coding standards auto-fixable violations

Robo

  • ./vendor/bin/robo install [--setup-wordpress]
  • ./vendor/bin/robo configure
  • ./vendor/bin/robo build
  • ./vendor/bin/robo build:composer
  • ./vendor/bin/robo build:config
  • ./vendor/bin/robo build:htaccess
  • ./vendor/bin/robo wp:apply-available-patch
  • ./vendor/bin/robo wp:language-install [<language>] [--activate]
  • ./vendor/bin/robo wp:language-update [<language>] [--activate]
  • ./vendor/bin/robo wp:update-timezone
  • ./vendor/bin/robo wp:install-acf-pro [--username="<username>"] [--password="<password>"]
  • ./vendor/bin/robo feature:start <feature-name>
  • ./vendor/bin/robo feature:finish <feature-name>
  • ./vendor/bin/robo hotfix:start [--semversion=<version>]
  • ./vendor/bin/robo hotfix:finish [--semversion=<version>]
  • ./vendor/bin/robo release:start [--semversion=<version>]
  • ./vendor/bin/robo release:finish [--semversion=<version>]
  • ./vendor/bin/robo deploy <environment> <version> [--ignore-assets] [--ignore-composer]
  • ./vendor/bin/robo deploy:setup <environment>
  • ./vendor/bin/robo media:dump <environment> [--delete]
  • ./vendor/bin/robo media:push <environment> [--delete]

WordPress plugins

wp-cubi handles WordPress plugin dependencies (including wordpress.org plugins) through Composer.

If you want to use plugins that are not available through wordpress.org or a public Composer repository, you have two options:

  1. Simplest: Manually add the plugin in your ./web/app/modules/ directory, then whitelist it in your ./gitignore file
  2. Recommanded: Create a private Composer repository to host your plugin

Logs

wp-cubi comes with inpsyde/wonolog, which allows to log anything with a single line of code, and automatically writes logs for multiple events like PHP errors, DB errors, HTTP API errors, wp_mail() errors, and more.

Basic configuration is possible in wp-cubi ./config/application.php and ./config/environments/ files, where you can change the maximum number of log files and the log level.

For advanced configuration (adding channels or handlers), you can edit ./web/app/mu-modules/00-wp-cubi-core-mu/src/00-wonolog.php (see inpsyde/wonolog documentation and monolog documentation)

Deploys

wp-cubi provides a basic deploy command ./vendor/bin/robo deploy that builds the application and deploys it with rsync.

You can build your own deploy method using Deployer, Capistrano or any other tool by editing ./RoboFile.php.

Where is the block editor gone ?

We use globalis/wp-unhooked to disable a lot of things from WordPress core, such as block editor, REST-API, xmlrpc, comments, most of dashboard widgets and a few admin menus entries.

It allows your application to be cleaner, faster and lighter. It also improves security, by disabling potential attack routes when you don't need them.

If you need to activate one of those things, edit WP_UNHOOKED_CONFIG constant in config/application.php.