54 lines
2.8 KiB
Markdown
54 lines
2.8 KiB
Markdown
---
|
|
date: 2022-06-20T14:06:54Z
|
|
draft: false
|
|
aliases: []
|
|
categories: ['documentation']
|
|
series: ['apprentice', 'cms']
|
|
tags: ['wordpress', 'tech', 'cms']
|
|
chroma: true
|
|
toc: true
|
|
title: WordPress
|
|
description: The worlds most popular and whackiest web page Content Management System
|
|
---
|
|
|
|
WordPress is by far the world's most popular Content Management System.
|
|
And it makes sense with its ease of use.
|
|
It's famous for letting anyone have a blog setup within 5 minutes.
|
|
|
|
For the initial setup you just create an account for the admin panel.
|
|
And set things like the base URL/domain for the web page.
|
|
|
|
After that you're free to explore the /wp-admin and make the content for the page.
|
|
There is also the healthy plugin and theme marketplaces for WordPress that you may access from within the admin pages of a standard WordPress setup.
|
|
So without any technical skills one should be able to make a WordPress page or blog that looks fine and even has web store integration against stripe or some alternative payment provider.
|
|
By far the most popular option for having a simple web store is WooCommerce using stripe.
|
|
|
|
Anyway, while this is all cool, fine and dandy.
|
|
WordPress is super slow.
|
|
Because it's a PHP web-app where all requests should be run through the same index.php file.
|
|
The problem with this is that it has heavy implications for the security setup of the web server hosting the thing.
|
|
But also performance as that index.php would load the whole WordPress setup, including plugins and theme.
|
|
|
|
So what can we do about it?
|
|
|
|
Well as it turns out, a lot!
|
|
|
|
## Simple WordPress improvements
|
|
The first and easiest thing to do to a WordPress page is adding caching of the page.
|
|
The best WordPress cache plugin is [WP Fastest Cache](https://wordpress.org/plugins/wp-fastest-cache/).
|
|
Any cache should help with page load, but that one is for sure the best option.
|
|
And of course I'd recommend going through all the configuration options, but the defaults should be fine.
|
|
This and any other self-respecting WordPress cache plugin should be able to automagically detect when pages need re-rendering and if not show the cached version of the page.
|
|
|
|
## WordPress security
|
|
When it comes to securing a WordPress setup, it's important to make sure the actual web server in use is configured properly.
|
|
Here I'll showcase some example nginx and Apache configs for a hardened WordPress installation.
|
|
If your WordPress is installed in some shared hosting solution.
|
|
Then it's up to the hosting provider to configure the web server and potentially php-fpm or something properly.
|
|
|
|
Nginx site for hardened WordPress;
|
|
{{< highlight nginx >}}{{% asset "apprentice/wordpress/nginx.conf" %}}{{< /highlight >}}
|
|
|
|
Apache/LiteSpeed virtual host directives for a simillar setup;
|
|
{{< highlight aconf >}}{{% asset "apprentice/wordpress/apache.conf" %}}{{< /highlight >}}
|