Explore Wordpress Dev Environment
29 May 2020
Now that I've played around with developing a wordpress theme, I want to dive deeper into everything and understand what's under the hood.
Starting from scratch, with wordpress newly added and logged into. When I open the wordpress file on the command line, there are three directories: wp-admin, wp-content, and wp-includes.
The wp-content file is where we add all of our theme files, including themes, plugins and assets (images, css and js etc).
The remaining directories and folders in the wordpress root, are all core wordpress files. Modifying any of them can cause the site to be unstable, so it's important to be careful with these.
The wp-config file is super important. It contains all of the database connection settings, including the database name, username and password.
Wordpress will look for this file in the root of the wordpress directory. If it can't find it, it'll look in the parent directory. It's a good idea to move this file up a directory so that it's much harder (almost impossible) to access it from a web browser.
Generate secret keys
You can strengthen the security of Wordpress sites by setting secret keys in the wp-config file. Secret keys are where you hash salts, which makes your site harder to hack by adding random elements (salt) to the password you set.
You can autogenerate your own random secret keys by visiting Wordpress's secret key random generator.
You can generate secret keys whenever you want. When you do, all cookies will be wiped and your users will all be asked to log in again.
Change table prefix
You can also define database table prefixes in the config file. Doing this makes it harder for hackers to exploit your website via SQL injection attacks.
Adding this option to your config will let you save all database queries that are run, so that you can view them on Wordpress. Useful for debugging, especially plugins.
In the next post, I'm going to explore how the wordpress core works (pages, posts, tags, search, categories etc.