Now in these days WordPress is very popular and Demanding CMS.
But security is a measure concern with WordPress websites.
So hold on take a breath and go through the below article and secure your WordPress instance using BEDROCK.
What is Bedrock?
Bedrock is a WordPress boilerplate that modifies, improves the structure and execution of WordPress. It will help us to make our instance more secure and powerful.
Advantage of Bedrock
1. Separate configuration per environment
Bedrock has a separate configuration file for each environment like local, staging, production.
2. Environment variables
Bedrock use dotenv (.env) file for configuration and environment variables.
3. Enhanced security:
Bedrock has separate locations for files (Themes / Plugins / Uploads) and WordPress core. Also, Bedrock’s web root is isolated to limit access to non-web files. Bedrock also has more secure passwords through the wp-password-bcrypt plugin.
4. Custom wp-content directory
Bedrock has a different folder (app) for data that is placed in the wp-content folder.
5. Composer for managing WordPress installation
Bedrock use composer and you can easily manage, modify things using composer.
6. Composer for managing WordPress plugins and themes
Using composer you can install/ delete WordPress plugin and theme in bedrock environment.
7. PSR-2 coding standards
Bedrock follow PSR-2 Standards
8. mu-plugins autoloader
Bedrock has pre-build autoloader for mu-plugins (Must Use Plugins)
How we can Use it, Files & Folder Structure
Just Chill…. It really simple and easy to use Bedrock, you just need to follow the below steps and go to work with bedrock.
Files & Folder Structure:
Bedrock follows a simple file & Folder structure as below.
- PHP 7.1
Step 1: Using the composer execute below command to create a new bedrock instance.
composer create-project roots/bedrock instance_name
Step 2. Update environment variable in .env file (Available in the root of the installation folder)
- Database Configuration
DB_NAME – Database Name
DB_USER – Database Username
DB_PASSWORD – Database Password
DB_HOST – Database HOST
- Environment Configuration
WP_ENV ( development , staging , production)
- URL Configuration
WP_HOME – Full URL to WordPress home directory e.g. http://example.com
WP_SITEURL – Full URL to WordPress including subdirectory http://example.com/wp
- Access WordPress admin using http://example.com/wp/wp-amin
- Add themes, plugins in web/app/ folder
- Set document root on the server to bedrock folder “path/to/site/web/”
- Update salts key in .env file using salt generator command or online tool
a. Salt Generator Command – https://github.com/aaemnnosttv/wp-cli-dotenv-command
b. Online WordPress Salt Generator – https://cdn.roots.io/salts.html
Now you are done with the installation of bedrock with more secure and handy tools like command-line installation and configuration. 🙂