General Wordpress Flashcards
If you were to change the WP table prefix in wp-config.php, would this update the existing tables or create new ones?
Creates new ones - you effectively end up with a clean installation.
What are the three main directories that appear in a default WP instalation?
wp-content
wp-admin
wp-includes
The core files are mainly where?
Most of the root directory, wp-admin and wp-includes
Where do all the custom files (content) go?
wp-content
What is one of the major disadvantages of editing core files in WP?
Updating the software version will overwrite the changes
What file contains all of the database configuration information?
wp-config.php
What is one easy security measure to implement with regards to wp-config.php?
Move it to higher than the root directory of the website. So…
myhost/public_html/wordpresssite/wp-config.php
myhost/public_html/wp-config.php
No config changes need to be done, as wordpress checks the root for the file first.
If you need to add a new option / constant to WP - what file would you at that in?
wp-config.php
What line in wp-config.php should you not edit past?
/* That’s all, stop editing! Happy blogging. */
What is another simple way to improve security in Wordpress?
Change the security keys (they are hashing salts) in wp-config.php
Changing the security keys at any time will have what effect?
It will simply require users to have to log in-again (it effectively invalidates the existing cookies).
How does changing the default wordpress table prefix ($table_prefix in wp-config.php) help with security.
If someone attempts an sql injection attack, it makes it a lot harder for them to guess the table names.
What setting would you enable to turn on debugging in WP?
WP_DEBUG in the wp-config.php file.
What is the purpose of WP_SITEURL in wp-config.php?
It overrides the setting for SITE URL in the wp installation database. (NOTE - this is temporary and will stop working if it is removed from the file (reverting back to the database setting)
What define would you use to configure a new place for the site content?
define(‘WP_CONTENT_DIR’, $_SERVER[‘DOCUMENT_ROOT’] . ‘/wordpress/blog/wp-content’);
define(‘WP_CONTENT_URL’, ‘http://domain.com/wordpress/blog/wp-content’);
What constant would you use to configure a new place for plugins?
define(‘WP_PLUGIN_DIR’, $_SERVER[‘DOCUMENT_ROOT’] . ‘/wordpress/blog/wp-content/plugins’);
define(‘WP_PLUGIN_URL’, ‘http://domain.com/wordpress/blog/wp-content/plugins’);
When developing plugins, why should you use the WP_PLUGIN_DIR and WP_CONTENT_DIR constants?
Because a user may configure their site differently, and if the folders are moved, it will break the plugin.
Adding post revisions (i.e. updating and revising posts) can add a huge overhead to the database, how do you prevent this from happening?
You can eitehr disable post revisions:
define(‘WP_POST_REVISIONS’, false);
or set a limit
define(‘WP_POST_REVISIONS’, 5);
Wordpress uses AJAX to implement autosaves on posts - how can you configure this?
define(‘AUTOSAVE_INTERVAL’, 300);
What is a good WP debug option for determine what is going wrong with a query?
define(‘SAVEQUERIES’, true);
saves all queries to an array for display.
to display them:
if (current_user_can(‘manage_options’)) {
global $wpdb;
print_r($wpdb->queries);
}
// NOTE This use of global means we are accessing a globally declared variable named $wpdb - that is outside the scope of this function.
How do you enable logging in wordpress.
Create a php_error.log file and place it in the root WP directory. Then set the following options in wp-config.php
@ini_set(‘log_errors’, ‘on’);
@ini_set(‘display_errors’, ‘off’);
@ini_set(‘error_log’, ‘/public_html/wordpress/php_error.log’);
The error_log value (when specifying location) is relative to…
the web server document root, not the wordpress installation root.
How do you increase the allowable memory limit of a wordpress installation?
define(‘WP_MEMORY_LIMIT’, ‘32M’);
Only if the hosting site allows it though!!
How do you specify the default language for the site?
define(‘WPLANG’, ‘en-GB’);
Gives english, great britain
How do you set the language directory?
define(‘LANGDIR’, ‘/wp-content/bury/my/languages’);
What file extensions are used for language translation?
.mo and .po
If you wanted two or more WP installs to use the same user data - what option would you use?
define(‘CUSTOM_USER_TABLE’, ‘joined_users’);
define(‘CUSTOM_USER_META_TABLE’, ‘joined_usermeta’);
Make sure you do this before installing the site.
What information is shared, if you use the CUSTOM_USER_TABLE, CUSTOM_USER_META_TABLE constants to share user data?
Login information, bio’s, passwords etc.
If you want users to have the same login data - but not share the same roles on different sites - what would you do?
Change the CUSTOM_USER_TABLE value to share the other site info - but don’t change the CUSTOM_USER_META_TABLE constant.
What constants should be checked if you run into issues with COOKIES?
COOKIE_DOMAIN
COOKIEPATH
SITECOOKIEPATH
If you try to install a plugin or theme, but you keep getting asked for your FTP information - what is the likely issue?
Your host may not be setup to deal with the automatic install process. To fix this you can configure FTP in the wp-config.php file.
define(‘FTP_USER’, ‘username’);
define(‘FTP_PASS’, ‘password’);
define(‘FTP_HOST’, ‘ftp.example.com:21/’);
What constant defines the FTP settings for the base plugin directory?
define(‘FTP_PLUGIN_DIR’, ‘public_html/wordpress/plugin’);
How would you specify your public and private SSH key for ftp?
define(‘FTP_PUBKEY’, ‘absolute path to file’);
define(‘FTP_PRIVKEY’, ‘absolute path to file’);
What defines could you use to override the default file permissions in WP?
define(‘FS_CHMOD_FILE’, ‘0644’);
define(‘FS_CHMOD_DIR’, ‘0755’);
What is another reason - when hosting a WP installation, that auto updates / plugin installs don’t work?
The host company may have very strict file system rules - using the define (‘FS_CHMOD_FILE / DIR’) constants may fix this.
What option is required for some caching plugins to work?
define(‘WP_CACHE’, true);
This will include the file wp-content/advanced-cache.php
How would you print a list of defined constants in your wordpress installation?
print_r(@get_defined_constants());
How would you force SSL login for a site (i.e. it would require users to login via https)?
define(‘FORCE_SSL_LOGIN’, true);
How would you force all admin pages to use ssl?
define(‘FORCE_SSL_ADMIN’, true);
Is using SSL simply a matter of turning on the option in WP?
No - you have to configure the site to use SSL.
What is the default time before the ‘trash bin’ is emptied in WP?
30 days
How do you configure the duration before the ‘trash bin’ empties?
define(‘EMPTY_TRASH_DAYS’, 7);
What happens if you set EMPTY_TRASH_DAYS to 0?
The trash link is replaced with a delete permanently link - note: it will NOT ask for confirmation.
What things does wordpress ‘cron’ do?
It checks for new themes, updates, scheduled posts etc.
How do you disable wordpress cron?
define(‘DISABLE_WP_CRON’, true);
What is one particular risk with rewrite rules when including an images directory that is mean to server images without starting the WP core?
The user may mistype the image file - the default rewrite rules say, if it can’t find the file, then pass it off to WP core to resolve. Of course - it can’t, so rather than getting a 404 (like you should) you get the default content of WP. To resolve: Either put wp in it’s own directory and have the images in another subdirectory outside of it’s folder (and hence rewrite rules) - or add a rewrite rule that passes image requests off to the web server:
RewriteRule ^images/(.*) images/$1 [L]
What file can you setup redirects in if you were to say change the URL for your about page?
The .htaccess file. You would add a redirect rule:
redirect 301 /about http://example.com/about-me
Permanently redirects anything to the about page, to the about-me page.
How would you secure the wp-admin directory?
You can add a .htaccess file in that directory that restricts access by IP address. Note: If you allow open registrations to your site - you can’t lock it off in this way.
How do you set a site into maintenance mode?
Add a .maintenance file to the root directory. Add the following code:
How would you create a custom maintenance page?
Create a new maintenance.php page and it to the wp-content directory.
Which folder contains all of the user made content?
wp-content
What is the purpose of the index.php file in the root of wp-content?
It is empty, but it is there to prevent users from trying to get access (get a directory listing) of wp-content. If the webserver allowed directory listings and this file didn’t exist, they could see what plugins are installed.
Where are user created plugins placed?
wp-content/plugins
If the plugin in wp-content/plugins is determined to be ‘valid’ - where will it appear?
Plugins => Installed Plugins panel
What is in the wp-content/mu-plugins folder?
Must Use plugins
Where are ‘themes’ located?
wp-content/themes
Each theme must be located in…
its own subdirectory
What is the minimum than can be in a theme directory?
an index.php and style.css file
If you have successfully added a theme, where will it appear?
appearance => Themes
What is the issue with wp-content and write permissions relating to uploading content?
When you upload the first image - you must set the folder to be world writable so that it can create the upload folder. Then reset it to 755 for security purposes.
What is the wp-content/upgrade
The upgrade folder is automatically created by WP when it uses the automated update process.
Can plugins create their own folder structures outside of the standard folders for use in the plugins?
Yes
