Ready to get started with WordPress VIP? Contact us
Showing page 22 of 26
Data sync config files are necessary for running a data sync from a WordPress multisite production environment to a non-production environment. The values added to a data sync config file determine the search and replace operations that occur for the domain values of each network site in the synced database.
Custom code added to client-sunrise.php can enable a network site to be accessible from more than one URL, or for a domain to serve a specific part of a site.
When developing for a WordPress multisite, it is often necessary to load some custom code very early in the WordPress application’s loading sequence, for example custom domain mapping functionality.
When writing theme and plugin code, it is important to be mindful of how data coming into WordPress is handled and how it is presented to the end user. This is commonly needed when building a settings page for a theme, creating and manipulating shortcodes, or saving and rendering extra data associated with a post. There is a distinction between how input and output are managed.
By default, two-factor authentication is required for all administrators and custom roles with the manage_options capability on WordPress sites on the WPVIP Platform. All other users, no matter what role is assigned to them, are strongly encouraged to enable two-factor authentication for their WordPress accounts. Under no circumstances should a password-less authentication solution be implemented on a site (e.g., an IP address check, or a one-click login by email).
The primary vulnerability of note in JavaScript is Cross Site Scripting (XSS). In WordPress with PHP, best practice is to use escaping functions to avoid that, e.g. esc_html(), esc_attr(), esc_url(), etc.
Two-factor authentication (also known as multi-factor authentication and 2FA) is a method for securing user accounts. This method requires a user to know something (e.g. a password), and requires a user to possess something (e.g. their mobile device). Requiring multiple forms of verification is a basic way to protect sites against common account breaches due to leaked or guessed passwords. Two-factor authentication options are integrated with all WordPress sites on the VIP Platform.
Single Sign-On (SSO) for logging in to a WordPress site can be enabled using any identity provider (IdP) that supports Security Assertion Markup Language (SAML). Most IdPs can support SAML.
By default, Jetpack is enabled on all WordPress sites hosted on the VIP Platform. Jetpack adds a suite of powerful security, performance, and marketing features. Jetpack features that aid in content consumption, distribution, and syndication are collectively referred to as “content distribution tools“.
VIP-CLI is the command-line interface for VIP Go for interacting with VIP applications and performing actions like syncing data between VIP environments.