Ready to get started with WordPress VIP? Contact us
Showing page 22 of 26
The GitHub flow is strongly recommended for developing code for new features, bug fixes, and testing. By using the GitHub flow, developer teams can more effectively collaborate and more confidently deploy new code to production environments.
PHP_CodeSniffer (PHPCS) scans that are run against WordPress application code will return a report of any identified errors and warnings and categorizes them by severity.
By default, all WordPress multisite environments on the VIP Platform are configured with a subdirectory structure. The SUBDOMAIN_INSTALL constant is defined at platform level in wp-config.php with a default value of false. This value cannot be overridden, even by defining the constant differently in vip-config.php or with any other methods.
Data sync config files are necessary for running a data sync from a WordPress multisite production environment to a non-production environment. The values added to a data sync config file determine the search and replace operations that occur for the domain values of each network site in the synced database.
Custom code added to client-sunrise.php can enable a network site to be accessible from more than one URL, or for a domain to serve a specific part of a site.
When developing for a WordPress multisite, it is often necessary to load some custom code very early in the WordPress application’s loading sequence, for example custom domain mapping functionality.
When writing theme and plugin code, it is important to be mindful of how data coming into WordPress is handled and how it is presented to the end user. This is commonly needed when building a settings page for a theme, creating and manipulating shortcodes, or saving and rendering extra data associated with a post. There is a distinction between how input and output are managed.
By default, two-factor authentication is required for all administrators and custom roles with the manage_options capability on WordPress sites on the WPVIP Platform. All other users, no matter what role is assigned to them, are strongly encouraged to enable two-factor authentication for their WordPress accounts. Under no circumstances should a password-less authentication solution be implemented on a site (e.g., an IP address check, or a one-click login by email).
The primary vulnerability of note in JavaScript is Cross Site Scripting (XSS). In WordPress with PHP, best practice is to use escaping functions to avoid that, e.g. esc_html(), esc_attr(), esc_url(), etc.
Two-factor authentication (also known as multi-factor authentication and 2FA) is a method for securing user accounts. This method requires a user to know something (e.g. a password), and requires a user to possess something (e.g. their mobile device). Requiring multiple forms of verification is a basic way to protect sites against common account breaches due to leaked or guessed passwords. Two-factor authentication options are integrated with all WordPress sites on the VIP Platform.