Loading..

Secure WordPress Using Bedrock (WordPress Boilerplate)

2 Mins Read
Welcome to my world, Read on #xpertzmate!

Now in these days WordPress is very popular and Demanding CMS.

But security is a measure concern with WordPress websites.

So hold on take a breath and go through the below article and secure your WordPress instance using BEDROCK.

What is Bedrock?

Bedrock is a WordPress boilerplate that modifies, improves the structure and execution of WordPress. It will help us to make our instance more secure and powerful.

Advantage of Bedrock

1. Separate configuration per environment

Bedrock has a separate configuration file for each environment like local, staging, production.

2. Environment variables

Bedrock use dotenv (.env) file for configuration and environment variables.

3. Enhanced security:

Bedrock has separate locations for files (Themes / Plugins / Uploads) and WordPress core. Also, Bedrock’s web root is isolated to limit access to non-web files. Bedrock also has more secure passwords through the wp-password-bcrypt plugin.

4. Custom wp-content directory

Bedrock has a different folder (app) for data that is placed in the wp-content folder.

5. Composer for managing WordPress installation

Bedrock use composer and you can easily manage, modify things using composer.

6. Composer for managing WordPress plugins and themes

Using composer you can install/ delete WordPress plugin and theme in bedrock environment.

7. PSR-2 coding standards

Bedrock follow PSR-2 Standards

8. mu-plugins autoloader

Bedrock has pre-build autoloader for mu-plugins (Must Use Plugins)

How we can Use it, Files & Folder Structure

Just Chill…. It really simple and easy to use Bedrock, you just need to follow the below steps and go to work with bedrock.

Files & Folder Structure:

Bedrock follows a simple file & Folder structure as below.

wordpress-bedrock-structure

Bedrock Installation

Prerequisite

  1. PHP 7.1
  2. Composer

Step 1: Using the composer execute below command to create a new bedrock instance.

composer create-project roots/bedrock instance_name

Step 2. Update environment variable in .env file (Available in the root of the installation folder)

  1. Database Configuration
    DB_NAME – Database Name
    DB_USER  – Database Username
    DB_PASSWORD – Database Password
    DB_HOST – Database HOST
  2. Environment Configuration

    WP_ENV ( development , staging , production)
  3. URL Configuration

    WP_HOME – Full URL to WordPress home directory e.g. http://example.com
    WP_SITEURL – Full URL to WordPress including subdirectory http://example.com/wp

Key Points:

  1. Access WordPress admin using http://example.com/wp/wp-amin
  2. Add themes, plugins in web/app/ folder
  3. Set document root on the server to bedrock folder “path/to/site/web/”
  4. Update salts key in .env file using salt generator command or online tool
    a. Salt Generator Command – https://github.com/aaemnnosttv/wp-cli-dotenv-command
    b. Online WordPress Salt Generator – https://cdn.roots.io/salts.html

Now you are done with the installation of bedrock with more secure and handy tools like command-line installation and configuration. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

You Can Check Also:

LET’S GET IN TOUCH!!

Need Help? or want to publish your article here
Send us an email and we will get back to you as soon as possible!

[email protected]