====== Wordpress ====== http://wordpress.org ===== Documentation ===== Pour les développeurs * [[http://codex.wordpress.org/Theme_Development|Theme Development]] * [[https://developer.wordpress.org/themes/basics/template-hierarchy/#visual-overview|Template hierarchy (visual overview)]] * [[https://yoast.com/wordpress-theme-anatomy/|Wordpress Theme Anatomy]] * [[https://codex.wordpress.org/Stepping_Into_Templates|Stepping into Templates]] * [[https://developer.wordpress.org/plugins/|Plugin Handbook]] * Wordpress hooks * [[https://developer.wordpress.org/reference/hooks/|liste des hooks]] sur Codex WP * [[https://adambrown.info/p/wp_hooks|WordPress Hooks Database]] * Ajax * [[http://codex.wordpress.org/AJAX]] * [[/informatique/wordpress#load_wordpress_posts_with_ajax|Load WordPress Posts With AJAX]] * Form * [[https://premium.wpmudev.org/blog/handling-form-submissions/|Handling Form Submissions in WordPress with Admin-Post and Admin-Ajax]] * Settings * [[https://codex.wordpress.org/Function_Reference/wp_dropdown_categories|wp_dropdown_categories]]: HTML dropdown list of categories (options: show_option_none, hierarchical, ...) piratage [[/informatique/wordpress/weatherplllatform]] ===== Frameworks ===== * [[http://wpjourno.com/theme-options-plugins-frameworks-wordpress/|Theme options plugins & frameworks for WordPress]] * [[http://smashfreakz.com/2012/11/wordpress-theme-option-frameworks/|Top 8 WordPress Theme Option Frameworks]] * [[https://roots.io/sage/|Sage]] The best WordPress starter theme with a modern front-end development workflow. [[http://wordpress.org/extend/plugins/options-framework/]] - The Options Framework Plugin makes it easy to include an options panel in any WordPress theme. It was built so developers can concentrate on making the actual theme rather than spending time creating an options panel from scratch. [[http://podsframework.org|Pods Framework]] - Pods is a framework for WordPress that allows you to create, extend, manage, and deploy customized content types and fields. [[http://leemason.github.com/NHP-Theme-Options-Framework/|NHP-Theme-Options-Framework]] - Simple, easy to use, very extendable Options framework for WP themes. [[https://github.com/ghost1227/Redux-Framework|Redux-Framework]] a fork of NHP-Theme-Options-Framework. [[https://roots.io/bedrock/|Bedrock]] WordPress boilerplate with modern development tools, easier configuration, and an improved folder structure. Gestion complète avec git & composer, arborescence fichiers différente de la native WP. **De bons développeurs de plugins et thèmes pour inspiration**: * https://perfops.one/ ===== RGPD / GDPR ==== Remplace les fonts google de DIVI par une version copiée en local. Utilise le principe de ''wp_enqueue_script()'' et ''wp_enqueue_style()'' * [[https://fr.wordpress.org/plugins/gdpr-cache-scripts-styles/|GDPR Cache Scripts & Styles]] Quelques plugins: * [[https://fr.wordpress.org/plugins/oembed-manager/|oEmbed Manager]] * [[https://wordpress.org/plugins/gdpr-cookie-compliance/|gdpr-cookie-compliance]] * [[https://wordpress.org/plugins/cookie-law-info/|CookieYes - GDPR Cookie Consent & Compliance Notice (CCPA Ready)]] ===== Sécuriser Wordpress ==== * [[https://www.isitwp.com/best-wordpress-security-plugins-compared/|9 Best WordPress Security Plugins Compared (2022)]] * [[https://geekflare.com/find-wordpress-vulnerabilities/|9 WordPress Scanner to Find Security Vulnerabilities]] 2020 * [[https://securitytrails.com/blog/top-5-wordpress-vulnerability-scanners|Top 5 Wordpress Vulnerability Scanners]] 2018 * [[https://dropbear.xyz/2018/03/31/securing-wordpress-with-apparmor/|Securing WordPress with AppArmor]] Sucuri, StackPath, SiteLock, Jetpack Security, Wordfence Security, BulletProof Security, iThemes Security, All In One WP Security & Firewall (AIOS), Shield Security // Disallow file edit define( 'DISALLOW_FILE_EDIT', true ); ==== Monitoring & Observability ==== * https://perfops.one/ * https://perfops.one/decalog/ ==== Wordfence ==== Pare-feu d'applications Web ([[/glossaire/WAF]]) [[https://wordpress.org/plugins/wordfence/|Wordfence]] ==== All-In-One Security (AIOS) ==== All-In-One Security (AIOS) – Security and Firewall ([[/glossaire/WAF]]) https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ ==== Two-factor (2FA) ==== * [[https://wordpress.org/plugins/two-factor/|Two-factor]] plugin: [[/glossaire/2fa|2FA]] with Email, [[/glossaire/u2f|FIDO Universal 2nd Factor (U2F)]], [[/glossaire/totp|Time Based One-Time Passwords (TOTP)]] * enable 2FA for all: https://github.com/WordPress/two-factor/issues/307#issuecomment-624843209 ==== Single Sign On (SSO) ==== ==== Stream ==== Pour conserver les traces (QQQ) de toutes les actions dans Wordpress. https://wordpress.org/plugins/stream/ ==== PasswordLess ==== Password less, sans mot de passe. * [[https://fr.wordpress.org/plugins/tags/passwordless-login/|Étiquette de l’extension : passwordless login]] * [[https://passwordprotectwp.com/top-3-best-passwordless-plugins-for-wordpress-sites/|https://passwordprotectwp.com/top-3-best-passwordless-plugins-for-wordpress-sites/]] ==== Admin Url ==== Changer l'url pour se connecter et de l'admin * https://wordpress.org/plugins/rename-wp-login/ * a light plugin that lets you easily and safely change wp-login.php. It doesn’t literally rename or change files in core, nor does it add rewrite rules. **It simply intercepts page requests** and works on any WordPress website. The **wp-admin directory and wp-login.php page become inaccessible**, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before. * https://wordpress.org/plugins/wps-hide-login * URL d’inscription et de mot de passe oublié: Il vous faut donner l’url. exemple : /login?action=register ou /login?action=lostpassword. Mais il n’y pas de redirection via le plugin, de l’url par défaut de WordPress (/wp-login.php?action=register ou /wp-login.php?action=lostpassword) sinon tout le monde pourrait connaître l’url d’administration de votre site. ===== Login with OAuth2 ===== Le plugin de MiniOrange * L'auto register n'est pas dans la version gratuite. * L'extension https://wordpress.org/plugins/miniorange-login-with-eve-online-google-facebook/ * WP has SSO OAuth Server https://plugins.miniorange.com/single-sign-on-sso-for-nextcloud-using-wordpress-as-oauth-server Le plugin de Dash10 Digital * [[https://fr.wordpress.org/plugins/single-sign-on-client/|Simple Single Sign On]] de Dash10 Digital * configuration du Client ID et Client Secret issus de l'ajout client OAuth dans Nextcloud * et pour OAuth Server URL c'est https://cloud.internet.org/index.php/apps/oauth2/authorize Celui de steve06 * [[https://fr.wordpress.org/plugins/oauth-client-for-user-authentication/|WordPress OAuth client SSO( OAuth 2.0 SSO)]] * Login and authenticate Wordpress users using OAuth Server credentials * Avec des serveurs préconfigurés et un custom * Le mapping des user info permet-il d'exprimer un path ? * Question posée sur le forum https://wordpress.org/support/topic/attribute-mapping-with-key-path/ Le protocole OAuth fonctionne, mais que pour l'autorisation. Le problème est la récupération des infos du remote user pour mapper avec les wordpress users, il faut utiliser une API qui est propre à chaque service. Ces plugins n'implémentent pas l'API de Nextcloud (OCS) donc pas compatible. Le plugin wp_oauth2_client fonctionne avec Nextcloud * il permet de définir le mapping "''local user <-> remote user''" * option pour créer ou pas les comptes * https://framagit.org/Artefacts/wp_oauth2_client ===== Tricks & Tips ===== ==== "Une autre mise à jour est actuellement en cours" ==== * Supprimer le fichier ''.maintenance'' à la racine du site ; * Supprimer les dossiers contenus dans le répertoire ''wp-content/upgrade'' ; * Supprimer la ligne ''wp_options.option_name = core_upgrader.lock''. Il se peut qu'il n'y ai aucun fichier mais seulement le ligne dan la BdD. ==== Modifier préfixe base de données WordPress ==== [[https://wpchannel.com/wordpress/tutoriels-wordpress/modifier-prefixe-base-donnees-wordpress-installation/|Modifier le préfixe de votre base de données WordPress après installation]] ==== WP-Cli ==== * [[https://developer.wordpress.org/cli/commands/cli/check-update/|wp-cli check-update]] * [[https://developer.wordpress.org/cli/commands/core/update/|wp-cli core update]] * [[https://developer.wordpress.org/cli/commands/plugin/update/|wp-cli plugin update]] ==== Backup / Sauvegarde ==== Voir [[/informatique/rsync|Rsync]]. [[https://fr.wordpress.org/plugins/updraftplus/|UpdraftPlus WordPress Backup Plugin]] ==== Maintenance ==== Ce bout de code dans le ''functions.php'' du thème affiche un message aux visiteurs et permets toujours de se connecter via ''/wp-admin''. // // Maintenance mode === // function wp_maintenance_mode() { if (!current_user_can('edit_themes') || !is_user_logged_in()) { wp_die('

Site de développement


Visitez le site site.prod'); } } add_action('get_header', 'wp_maintenance_mode'); ==== WP Query ==== === Categories et tags === Dans une catégorie et dans d'autres: $q = new \WP_Query([ 'cat'=> $cat->term_id, 'category__in'=> $another_categories_term_id, ... ==== Customize Admin ==== * [[/informatique/wordpress/customize_admin|Customize Admin]] ==== WP-Cron ==== * [[https://developer.wordpress.org/plugins/cron/hooking-wp-cron-into-the-system-task-scheduler/|Hooking WP-Cron Into the System Task Scheduler]] # Use system crontab # */5 * * * * /usr/bin/wget -q -O - --delete-after https://xxxx.xx/wp-cron.php?doing_wp_cron define('DISABLE_WP_CRON', true); ==== Flash message & co ==== Côté back * Afficher des notices (error or success) après une redirection: [[https://www.sitepoint.com/displaying-errors-from-the-save_post-hook-in-wordpress/|Displaying Errors from the save_post Hook in WordPress]] Côté front * [[https://premium.wpmudev.org/blog/set-get-delete-cookies/|Cookies and WordPress: How to Set, Get and Delete]] ==== Emoji ==== Si on ne veut pas des émojis il faut supprimer les actions wordpress associés : // Stop Loading wp-emoji-release.min.js and CSS file remove_action( 'wp_head', 'print_emoji_detection_script', 7 ); remove_action( 'wp_print_styles', 'print_emoji_styles' ); ==== Q & A ==== * [[http://themecheck.info]] Vérifier la qualité des thèmes. ==== Nginx configuration ==== Pour faire tourner Wordpress avec [[/informatique/nginx|Nginx]]. * https://wordpress.org/support/article/nginx/ * https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/ * https://codex.wordpress.org/Nginx ==== Cache ==== Wordpress gère nativement un cache ([[https://developer.wordpress.org/reference/classes/wp_object_cache/|WordPress object cache]]) pour toutes ses données (transients, options, meta, posts, users ...) {{ :informatique:wordpress:wordpressapcuobjectcache-without-with.png?nolink|}} Avec APCu * [[https://github.com/l3rady/WordPress-APCu-Object-Cache|WordPress APCu Object Cache Backend]] by Scott Cariss (l3rady) (a fork from [[https://wordpress.org/plugins/apc/|Mark Jaquith's APC Object Cache Backend]]) * **Ne pas oublier de définir une clé unique pour le site quand mutualisation de php avec ''define('WP_APCU_KEY_SALT','');''** * Un outil de visualisation de l'état d'APCu est fourni dans sa distribution, que l'on peut retrouver ici [[https://github.com/krakjoe/apcu|krakjoe/apcu]] ; prendre le fichier apc.php dans la release correspondante à celle installée Avec Memcached * [[https://scotty-t.com/2012/01/20/wordpress-memcached/|WordPress + Memcached]] One of the most bizarre critiques of WordPress that I often hear is “it doesn’t come with caching” – which makes no sense because Cache is one of the best features of WordPress out of the box Autre trucs: * NGinx plugins: https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/ (en bas de page) W3 Total Cache API flush_pgcache() //page cache flush_dbcache() // database cache flush_minify() // minify cache flush_all() //all caches // Clear all W3 Total Cache if( class_exists('W3_Plugin_TotalCacheAdmin') ) { $plugin_totalcacheadmin = & w3_instance('W3_Plugin_TotalCacheAdmin'); $plugin_totalcacheadmin->flush_all(); echo __('

All W3 Total Cache caches successfully emptied.

'); } === Varnish === WordPress with Varnish * [[https://www.varnish-software.com/wiki/content/tutorials/wordpress/|Implementing WordPress with Varnish]] (Varnish documentation) * [[https://wordpress.org/plugins/varnish-http-purge/|Varnish HTTP Purge]] purge sends a PURGE request to the URL of a page or post every time it it modified. * [[https://wordpress.org/plugins/wpbase-cache/|WPBase Cache]] was developed to optimize the WordPress deployment on varnish + nginx + php-fpm + php-apc server stack using three type of caches full page cache, db cache and opcode cache. * [[https://wordpress.org/plugins/w3-total-cache/|W3 Total Cache]] * [[https://code.tutsplus.com/tutorials/optimizing-wordpress-with-varnish-and-w3-total-cache--cms-21136|Optimizing WordPress with Varnish and W3 Total Cache]] (2014) ==== Update files without FTP ==== In ''wp-config.php'' : define('FS_METHOD','direct'); ==== Load WordPress Posts With AJAX ==== * Article & Plugin by Michael Martin: [[http://www.problogdesign.com/wordpress/load-next-wordpress-posts-with-ajax/|Load Next WordPress Posts With AJAX]] * Article by Emanuele Feronato: [[http://www.emanueleferonato.com/2010/04/01/loading-wordpress-posts-with-ajax-and-jquery/|Loading WordPress posts with Ajax and jQuery]], using the standard Kubrick theme without any plugin installed. ==== Maintenir un plugin sur Github ou GitLab ==== * [[https://github.com/marketplace/actions/wordpress-plugin-deploy|GitHub Action, WordPress Plugin Deploy]] * [[https://thereforei.am/2011/04/21/git-to-svn-automated-wordpress-plugin-deployment/|Git to SVN: Automated WordPress Plugin Deployment]] * [[https://github.com/deanc/wordpress-plugin-git-svn|deanc/wordpress-plugin-git-svn]] * variante: [[https://github.com/thenbrent/multisite-user-management/blob/master/deploy.sh|thenbrent deploy.sh]] * [[https://stackoverflow.com/questions/12520140/whats-the-correct-way-to-deploy-a-git-repo-to-wordpress-svn|What's the correct way to deploy a git repo to Wordpress SVN?]] * [[https://learnwithdaniel.com/2019/09/publishing-your-first-wordpress-plugin-with-git-and-svn/|Publishing your first WordPress Plugin with GIT and SVN]] ==== Bug avec MySql et Inner Join ==== [[/informatique/wordpress/wp_mysql_inner_join]] ==== get post custom orderby ==== On ne peut pas mettre ce qu'on veut en ''$args['orderby']'' de WP_Query ... WP filtre avec ''WP_Query::parse_orderby()''. Comment faire si j'ai besoin de ''ORDER BY min(wp_postmeta.meta_value) ASC'' ? On peut utiliser un ''filter'' temporaire comme : add_filter('posts_orderby', 'edit_posts_orderby'); function edit_posts_orderby($orderby_statement) { $orderby_statement = " term_taxonomy_id ASC "; return $orderby_statement; } query_posts($args); remove_filter('posts_orderby', 'edit_posts_orderby'); Si c'est dans une recherche ''$q['s']'' il y a le filtre ''posts_search_orderby'' appelé depuis ''WP_Query::get_posts()''. Il y a aussi ''apply_filters_ref_array( 'posts_orderby', array( $orderby, &$this ) );'' qui est dans ''WP_Query::get_posts()''. public function dmach_archive_post_args_posts_orderby( $orderby ) { $orderby = 'min(meta_value)' ; remove_filter('posts_orderby', [$this,'dmach_archive_post_args_posts_orderby']); return $orderby ; } public function dmach_archive_post_args( $args ) { Queries::fillWpQueryArgs( $args ); add_filter('posts_orderby', [$this,'dmach_archive_post_args_posts_orderby']); return $args ; } ==== Background & Async ==== Job, Runner ... * [[https://github.com/deliciousbrains/wp-background-processing|WP Background Processing]] * Async job * but use http ajax so it's depends to request time limit * [[https://github.com/10up/WP-Minions|WP-Minions]] * Listening a MQ (RabbitMQ or Gearman) ==== Youtube ==== Récupérer les videos d'une chaine (Channel) Youtube. Une clé Google API est-elle nécessaire ? * [[https://fr.wordpress.org/plugins/feeds-for-youtube/|YouTube Feed]] * [[https://fr.wordpress.org/plugins/yotuwp-easy-youtube-embed/|YotuWp]] ===== Qlqs plugins ===== * Developpement * **query-monitor** https://wordpress.org/plugins/query-monitor/ * ACF [[https://wordpress.org/plugins/advanced-custom-fields/|Advanced Custom Fields]] * [[https://capitainewp.io/formations/acf/hooker-champs-acf/|Hooker les champs ACF pour modifier leurs valeurs]] * [[https://mosaika.fr/astuces-developpement-acf/|8 snippets pour modifier le comportement d’ACF]] * Gestion de contenu * [[https://fr.wordpress.org/plugins/enhanced-media-library/|Enhanced Media Library]] par wpUXsolutions * Formulaires * ContactForm7 https://contactform7.com * [[/informatique/wordpress/contactform7|contactform7]] * WPForms https://wpforms.com (ex PirateForm) * GravityForms https://www.gravityforms.com * Représentation et gestion du temps * [[http://wordpress.org/plugins/wpit-gantt/|WPIT Gantt]] qui utilise [[http://bastianallgeier.com/gantti/|Gantti]] * [[http://wordpress.org/plugins/wp-timeline/screenshots/|WP Timeline]] et [[http://wordpress.org/plugins/wp-veriteco-timeline/|WP VeriteCo Timeline]] qui utilisent [[http://timeline.verite.co/|Timeline.verite.co]] * [[http://wordpress.org/plugins/wp-simile-timeline/|WP SIMILE Timeline]] qui utilise [[http://www.simile-widgets.org/timeline/|SIMILE Timeline]] * [[http://wordpress.org/plugins/my-calendar/|My Calendar]] * [[https://wordpress.org/plugins/all-in-one-event-calendar/|All-in-One Event Calendar]] * Carto * [[https://wordpress.org/plugins/geo-mashup/|Geo-Mashup]] * [[https://wordpress.org/plugins/osm/|OSM - OpenStreetMap]] * Gestion d'accès (droits et autres rôles) * [[https://wordpress.org/plugins/advanced-access-manager/|Advanced Access Manager (AAM)]] 30$ * Un wordpress privé avec [[https://wordpress.org/plugins/wp-force-login/|Force Login]] de Kevin Vess * Simple, léger et efficace :-) [[https://emdplugins.com/free-wordpress-plugins/|WP App Studio]]'s plugins (free & not free). ===== Qlqs thèmes ===== * [[http://falgunidesai.com/2016/03/theme-nisarg-has-been-released-on-wordpress-org/|Nisarg]] * [[http://documentation.artefacts.coop/index.php?title=Wordpress#Quelques_th.C3.A8mes|Qlqs thèmes]] sur artefacts.coop ==== Divi ==== Migrer un site: * Exporter les réglages DIVI (dossier et-cache est pas bon) * https://amazingsystem.zendesk.com/hc/en-us/articles/115002832512-Export-Divi-site-to-another-host ==== Zerif-lite ==== * https://fr.wordpress.org/themes/zerif-lite/ * [[http://docs.themeisle.com/search?query=Zerif|Search results for Zerif]] on docs.themeisle.com ==== oembed ==== WordPress oEmbed reconnait les URLs de quelques services et formate automatiquement le contenu à partir de l'URL (//version >= 2.9//). * [[https://wordpress.org/documentation/article/embeds/|La liste des services reconnus]]. * [[https://www.wpexplorer.com/wordpress-oembed/|WordPress oEmbed: Embed (Almost) Everything]] (2020) WP filters: * [[https://developer.wordpress.org/reference/hooks/embed_oembed_html/|embed_oembed_html]] * Filters the cached oEmbed HTML * ''apply_filters( 'embed_oembed_html', string|false $cache, string $url, array $attr, int $post_ID )'' * [[https://developer.wordpress.org/reference/hooks/oembed_dataparse/|oembed_dataparse]] * Filters the returned oEmbed HTML * ''apply_filters( 'oembed_dataparse', string $return, object $data, string $url )'' WP functions: * [[https://developer.wordpress.org/reference/classes/WP_Embed/shortcode/|WP_Embed::shortcode]] * Attempts to convert a URL into embed HTML * ''WP_Embed::shortcode( array $attr, string $url = '' ): string|false'' * [[https://developer.wordpress.org/reference/functions/wp_oembed_add_provider/|wp_oembed_add_provider()]] * https://generatewp.com/oembed/ * [[https://developer.wordpress.org/reference/functions/wp_embed_register_handler/|wp_embed_register_handler]] * https://wpmudev.com/blog/embedding-wordpress-oembed/