WordPress: Difference between revisions

← Older edit Newer edit →

VisualWikitext

@@ Line 125: / Line 125: @@
 <syntaxHighlight lang="nix">
 services.wordpress.sites."example.org" = {
-   plugins = [ pkgs.wordpressPackages.plugins.static-mail-sender-configurator ];
+   plugins = {
+    inherit (pkgs.wordpressPackages.plugins)
+      static-mail-sender-configurator;
+  };
    extraConfig = ''
        // Enable the plugin
@@ Line 132: / Line 135: @@
        require_once(ABSPATH . 'wp-settings.php');
        require_once ABSPATH . 'wp-admin/includes/plugin.php';
-       activate_plugin( 'wordpress-plugin-static-mail-sender-configurator-${pkgs.wordpressPackages.plugins.static-mail-sender-configurator.version}/static-mail-sender-configurator.php' );
+       activate_plugin( 'static-mail-sender-configurator/static-mail-sender-configurator.php' );
    '';
    settings = {
@@ Line 287: / Line 290: @@
 * [https://pagespeed.web.dev Google PageSpeed Insights]
 * [https://www.seobility.net/en/seocheck seobility SEO Checker]
+=== Security hardening ===
+By enabling these two plugins, your Wordpress login is protected by a simple numeric captcha and the xml-rpc api, used by alternative Wordpress clients, gets disabled.
+<syntaxHighlight lang="nix">
+services.wordpress.sites."example.org" = {
+  plugins = {
+    inherit (pkgs.wordpressPackages.plugins)
+      disable-xml-rpc
+      simple-login-captcha;
+  };
+  extraConfig = ''
+      // Enable the plugin
+      if ( !defined('ABSPATH') )
+        define('ABSPATH', dirname(__FILE__) . '/');
+      require_once(ABSPATH . 'wp-settings.php');
+      require_once ABSPATH . 'wp-admin/includes/plugin.php';
+      activate_plugin( 'disable-xml-rpc/disable-xml-rpc.php' );
+      activate_plugin( 'simple-login-captcha/simple-login-captcha.php' );
+  '';
+};
+</syntaxHighlight>
 == Troubleshooting ==