最後更新: 2019-08-09
目錄
- Check wordpress version
- 每 Version 的 changelog
- Installation Requestment
- wordpress disable permalinks database
- wordpress reset admin password
- Useful Plugin
- SMTP
- Plugin Usage: wordpress-conditional-display-for-mobile
- Set Home Page
- Add Languages
- Check Last Login by DB
- Development to Production
- SSL Offload
- gotmls (wordpress 的自我掃毒)
- [email protected] 不再 404 Err
- Child Themes
- functions.php
- Cron Jobs
- Security Settings
- Direct access php files
- Protect admin panel
- http -> http2
- remove version number from css and js
- 搬遷神器 - duplicator
Check wordpress version
File: wp-includes/version.php
<?php $wp_version = '3.8.1'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * * @global int $wp_db_version */ $wp_db_version = 26691; $tinymce_version = '359-20131026'; $required_php_version = '5.2.4'; $required_mysql_version = '5.0';
每 Version 的 changelog
http://codex.wordpress.org/WordPress_Versions
Installation Requestment
V5.3.2
- PHP: 7.3
- MySQL: 5.6
wordpress disable permalinks database
永久固定標識符
DB
SELECT * FROM `wp_options` WHERE `option_name` = 'permalink_structure'
/%postname%/ => blank
wordpress reset admin password
UPDATE (name-of-table-you-found) SET user_pass="(MD5-string-you-made)" WHERE ID = (id#-of-account-you-are-reseting-password-for);"
Useful Plugin
- TablePress
- Wordfence Security
- Google XML Sitemaps
- Contact Form 7
- TinyMCE Advanced
- WP-DB-Backup
- WordPress ReCaptcha Integration
- Cerber Limit Login Attempts
- Gallery Bank - Photo Galleries & Albums
- Compress JPEG & PNG images
- Akismet
- BackUpWordPress
=============================
- Revision Control
- Delete-Revision
SMTP
WordPress to Use SMTP For Sending Emails
By default, WordPress uses the PHP Mail function to send its emails.
However it is better to use SMTP as it handles sending messages better and you can also use it to send emails from a third party mailing service.
To begin, first you need to install a plugin named "WP Mail SMTP"
Plugin Usage
wordpress-conditional-display-for-mobile
https://www.wonderplugin.com/wordpress-conditional-display-for-mobile/#tutorial
The plugin supports two attributes: deviceinclude and deviceexclude.
deviceinclude="iPhone,iPod,Android" or deviceinclude="iPad"
# Hide on iPhone and iPad:
[wonderplugin_cond deviceexclude="iPhone,iPad"] This content shows on all devices except iPhone and iPad. [/wonderplugin_cond]
# Devices
iPod, iPhone, iPad, iOS, Android, Mobile, Windows, Mac and Linux
Set Home Page
Step 1 - Login to your WordPress Dashboard and navigate to the Settings > Reading section.
Step 2 - Select A Static Page option.
Step 3 - Choose the page you want as your home page from the Front Page dropdown list.
Add Languages
下載 https://downloads.wordpress.org/translation/core/4.9/zh_CN.zip
unzip zh_CN.zip 在 wp-content/languages
Check Last Login by DB
# 找出 admin 的 login event
select user_id,meta_value from wp_usermeta where meta_key='session_tokens' and user_id=1;
select * from wp_users where ID=1;
內容的形式是(它是 nest 結構來)
<type code>:<optional length><content>
i.e.
a:1 # indicates a data structure with one field.
s:64 # indicates a string with 64 characters
Within that data structure, each field has a “key” string and a “value”
login 時間是 unix time 來, 如果想轉成現在時間:
select from_unixtime(1513065034);
Development to Production
UPDATE `wp_options` SET `option_value` = REPLACE(`option_value`, "DEV_DOMAIN", "PROD_DOMAIN") UPDATE `wp_postmeta` SET `meta_value` = REPLACE(`meta_value`, "DEV_DOMAIN", "PROD_DOMAIN") UPDATE `wp_posts` SET `post_content` = REPLACE(`post_content`, "DEV_DOMAIN", "PROD_DOMAIN") UPDATE `wp_posts` SET `guid` = REPLACE(`guid`, "DEV_DOMAIN", "PROD_DOMAIN")
SSL Offload
nginx setting
location / { … proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host $host; }
wp-config.php
<?php # 一定要前過 "require_once ABSPATH . 'wp-settings.php';" 加 define('FORCE_SSL_ADMIN', true); define('WP_HOME','https://YourDomain'); define('WP_SITEURL','https://YourDomain'); $_SERVER['HTTPS']='on'; $_SERVER['HTTP_HOST']='YourDomain'; ...
gotmls
https://wordpress.org/plugins/gotmls/
http://gotmls.net/
[email protected] 不再 404 Err
原因:
當 theme 載入了 "retina.js" 它就會自動去找 "@2x.jpg" 的圖
Fix:
在 theme 的 folder 內 grep retina, 並 // 它們
i.e.
//wp_register_script('retina', get_template_directory_uri() . '/js/retina-1.1.0.min.js', 'jquery', '1.0', true);
//wp_enqueue_script('retina');
Child Themes
A child theme allows you to change small aspects of your site’s appearance yet still preserve your theme’s look and functionality.
save on development time since you are not recreating the wheel;
make your modifications portable and replicable;
a child theme of twentyfifteen: twentyfifteen-child
functions.php
The file location is in wp-content/themes.
The file automatically loads when you install and activate a theme on your WordPress site.
unique features to your theme
A child theme can have its own functions.php file.
Cron Jobs
SELECT * FROM `wp_options` WHERE `option_name` LIKE '%cron%'
Security Settings
Apache Settings
<Location "/xmlrpc.php"> Require ip 127.0.0.1 Require all denied </Location> <Location "/wp-json/wp/v2/users"> Require ip 127.0.0.1 Require all denied </Location>
Direct access php files
- admin-ajax.php
- xmlrpc.php
admin-ajax.php
Ajax to power its various backend feature
---
xmlrpc.php
WordPress specification was developed to standardize communication between different systems(app)
- transport mechanism: HTTP
- encoding mechanism: XML
The core features that xmlrpc.php enabled were
- allowing you to connect to your site via smartphone app
- implementing trackbacks and pingbacks from other sites
- some functions associated with the Jetpack plugin(all-in-one plugin)
With the new WordPress REST API, we can expect XML-RPC to be eliminated entirely.
---
wp-cron.php
---
wp-login.php
Protect admin panel
nginx setting
# Protect admin panel location ~ ^/(wp-admin|wp-login.php) { auth_basic "Restricted"; auth_basic_user_file htpasswd; }
http -> http2
方法1:
在 DB 內 replace link
# Core
UPDATE `wp_posts` SET `post_content` = REPLACE(`post_content`, "http://YOUR_DOMAIN_NAME", "https://YOUR_DOMAIN_NAME"); UPDATE `wp_posts` SET `guid` = REPLACE(`guid`, "http://YOUR_DOMAIN_NAME", "https://YOUR_DOMAIN_NAME"); UPDATE `wp_postmeta` SET `meta_value` = REPLACE(`meta_value`, "http://YOUR_DOMAIN_NAME", "https://YOUR_DOMAIN_NAME"); UPDATE `wp_options` SET `option_value` = REPLACE(`option_value`, "http://YOUR_DOMAIN_NAME", "https://YOUR_DOMAIN_NAME");
# Plugin
UPDATE `wp_icl_strings` SET `value` = REPLACE(`value`, "http://YOUR_DOMAIN_NAME", "https://YOUR_DOMAIN_NAME") UPDATE `wp_icl_translation_status` SET `translation_package` = REPLACE(`translation_package`, "http://YOUR_DOMAIN_NAME", "https://YOUR_DOMAIN_NAME") UPDATE `wp_icl_translation_status` SET `_prevstate` = REPLACE(`_prevstate`, "http://YOUR_DOMAIN_NAME", "https://YOUR_DOMAIN_NAME")
方法2:
用 Plugin "Duplicator" Backup 之後再 restore
Remove version number from css and js
./wp-includes/functions.php
<?php // remove wp version number from scripts and styles function remove_css_js_version( $src ) { if( strpos( $src, '?ver=' ) ) $src = remove_query_arg( 'ver', $src ); return $src; } // Remove WP Version From Styles add_filter( 'style_loader_src', 'remove_css_js_version', 9999 ); // Remove WP Version From Scripts add_filter( 'script_loader_src', 'remove_css_js_version', 9999 );
搬遷神器 - duplicator
它是一個 wordpress plugin 來, 可以應用在改 domain 及 http 轉 https 的情況
Remark: When completed with the installation please delete all installation files.
- dup-installer
- installer.php
- installer-backup.php
- dup-installer-bootlog__[HASH].txt
- archive.zip/daf
Notes
- 共他類似工具 - updraft