How to make Woocommerce more enterprise friendly

Hello! After Working with WordPress and Woocommerce for a while, watching it grow and evolve over time, there are some constraints that we have been encountered over the years in particular with larger enterprise projects. WordPress appeals to a massive audience (43% market share to be exact). In this massive appeal, the WordPress development community has to make careful decisions in order to balance the needs of the majority of users with the unique demands that enterprise implementations may have. The most common requirements for enterprise WordPress sites would be : Redundancy, Deployment, Testing/QA and Security. All of these requirements are closely tied together in one way or another but they are all limited or hindered by the way WordPress is fundamentally designed. This can usually be accommodated with standard static WordPress sites. The moment you delve into the e-commerce world with Automattic’s Woocommerce, you run into problems. Why Woocommerce […]

How to push your single post or page content with this new WordPress plugin

Hello! There is quite a bit of documentation with how to scale your WordPress site for enterprise. Additionally there are quite a few enterprise WordPress hosting solutions that allow you to “stage” your content on staging sites with automated methods to push or clone the staging site (once an internal approved process gives the thumbs up perhaps) to the live / production website. These systems are great and not only sanitize and streamline the publication process of your website, but also increases the security and containment of any issues that may come up with your website. The live site can be further locked down and restricted as a result of this type of process because people (administrators, contributors) no longer need to be logging in and interacting with the live production website. All of it can be done on a more private staging site. For many people this type of […]

How to block your WordPress site from being scanned by WPScan with Nginx

Hello! First and foremost, why would you want to block WPScan from probing your site? Well we all know that security through obscurity is a bad practice. That said the risks of malicious activity on your site is undoubtedly heightened through many points of information disclosure that is freely available to parse and organize to make an accurate security risk assessment of your WordPress site. This type of information is easily attainable through automated scanners like WPScan. Tools like this scan for version tags in readme files, file size fingerprints and meta tags to determine not only the version of WordPress you are running but the version of each of the plugins you have installed. Why is information disclosure bad? Some would argue its not bad. Others would also point out that a 0-day WordPress core or plugin vulnerability could mean that minutes and hours of circumvention or lowered risk […]