How to make Woocommerce more enterprise friendly

Hello! After Working with WordPress and Woocommerce for a while, watching it grow and evolve over time, there are some constraints that we have been encountered over the years in particular with larger enterprise projects. WordPress appeals to a massive audience (43% market share to be exact). In this massive appeal, the WordPress development community has to make careful decisions in order to balance the needs of the majority of users with the unique demands that enterprise implementations may have. The most common requirements for enterprise WordPress sites would be : Redundancy, Deployment, Testing/QA and Security. All of these requirements are closely tied together in one way or another but they are all limited or hindered by the way WordPress is fundamentally designed. This can usually be accommodated with standard static WordPress sites. The moment you delve into the e-commerce world with Automattic’s Woocommerce, you run into problems. Why Woocommerce […]

How to push your single post or page content with this new WordPress plugin

Hello! There is quite a bit of documentation with how to scale your WordPress site for enterprise. Additionally there are quite a few enterprise WordPress hosting solutions that allow you to “stage” your content on staging sites with automated methods to push or clone the staging site (once an internal approved process gives the thumbs up perhaps) to the live / production website. These systems are great and not only sanitize and streamline the publication process of your website, but also increases the security and containment of any issues that may come up with your website. The live site can be further locked down and restricted as a result of this type of process because people (administrators, contributors) no longer need to be logging in and interacting with the live production website. All of it can be done on a more private staging site. For many people this type of […]

How to scale your WordPress site for enterprise level redundancy

Hello! It often becomes a requirement for certain levels of clients to ensure service level agreements for uptime and redundancy are kept. What does this mean? Well we want to ensure that a particular site can withstand a single point of failure, which usually means we would need to expand the services across multiple endpoints. This is not a new requirement and usually is not something one would consider for small or even medium sized businesses because the costs essentially skyrocket because at this level of redundancy you need someone to design the infrastructure, roll it out, manage it, monitor it and then you need infrastructure resources such as multiple servers , load balancers and similar services to ensure this type of redundancy is kept. The purpose of this post is to walk you through, in technical terms, how to roll out a WordPress site using industry standard best practices, […]

How to bulk update all WordPress pages or posts

Hello! Sometimes its necessary to perform mass or automated actions against your WordPress content. Reasons for this can vary, but in our scenario there was a bug in a plugin relating to translated content via WPML where afte a fix / plugin update was applied, resolving the content errors was as simple as re-saving an existing post (with no changes). Normally this wouldn’t be a problem but what if your site has over 1,000 pages or posts? Doing those one at a time , or even via the “Quick edit” method can be tedious and resource-taxing (both in-person and server resources!). Alternatively, what if you needed to update a byline in the post content, or standardize a title format for your posts? The reasons can vary again ,but I thought it might be helpful to include an automated process using a method called “bootstrapping” WordPress. What this really means is […]

How to sanitize and reset all WordPress user accounts with linux shell scripting and wp-cli

Hello! There are several key best practices insofar as how to deal with security intrusions, including but not limited to restoring from backups on a clean server. In this article, I will be going over how to create an automated shell script that completes the following actions across multiple WordPress sites on your linux server : 1. Sanitize user and group permissions 2. Sanitize WordPress core admin and include files 3. Update WordPress Core 4. Update All installed plugins 5. Iterate through all WordPress user accounts and reset the passwords The above actions can be implemented as part of a broader security policy when dealing with shared hosting environments where you are hosting multiple WordPress sites. I will touch on each of the above items including the shell script snippets that are required to implement each. At the bottom of this article I will share the entirety of the shell […]

How we created our own free content delivery network for WordPress users

Try out our Free CDN service by installing the Shift8 CDN WordPress pluginHello! We thought it would be an interesting challenge both from a DevOPS perspective as well as a web development and integration perspective to create our own fully managed content delivery network. Utilization of the network is geared specifically for WordPress users. The idea being to give users a dead simple way to leverage geographic CDN endpoints across the globe by simply installing a WordPress plugin and activating with the click of a button. You never have to leave your site to register on a 3rd party website, you never have to set up API keys by hand or troubleshoot problems. We wanted it to be simple. And to work! There are many components that need to be integrated and ultimately tied together in order for a system of this magnitude to work. I’ll try to break it […]

How to block your WordPress site from being scanned by WPScan with Nginx

Hello! First and foremost, why would you want to block WPScan from probing your site? Well we all know that security through obscurity is a bad practice. That said the risks of malicious activity on your site is undoubtedly heightened through many points of information disclosure that is freely available to parse and organize to make an accurate security risk assessment of your WordPress site. This type of information is easily attainable through automated scanners like WPScan. Tools like this scan for version tags in readme files, file size fingerprints and meta tags to determine not only the version of WordPress you are running but the version of each of the plugins you have installed. Why is information disclosure bad? Some would argue its not bad. Others would also point out that a 0-day WordPress core or plugin vulnerability could mean that minutes and hours of circumvention or lowered risk […]

How to make bulk changes to WordPress Woocommerce product attributes with PHP

Hello! Sometimes its necessary to make site-wide changes to WordPress posts in order to save time and programmatically propagate changes without having to edit each post one at a time. For bulk manipulation of WordPress data, it is sometimes effective to write a command line PHP script to hook into your WordPress environment and execute changes. One of the main advantages with executing these types of functions on the command line as opposed to a web based interaction is you are not subject to the same execution and other timeout restrictions for web based requests. This means that a command line PHP solution can run longer, which is sometimes needed for complicated efforts. In our example, we will break down the PHP Command line script, how to safely and securely hook into WordPress to take advantage of all the built in functions, and update all the products in our WordPress […]

WordPress plugin to remotely manage and automate multiple WordPress sites

Hello! Being a Toronto based web design and development agency means that we interact with a significant number of WordPress sites. This tends to happen when a project starts (obviously), but often continues after a site is launched. This is something that we offer along the lines of “post launch maintenance”. By no means once a site is launched is our job done, and I’m sure a lot of other people in the industry can relate. If you follow the WP Vulnerability database notifications (if you don’t, you should), then you will see many notifications per day with various plugin or core vulnerability announcements. For this reason, among many others, we found ourselves struggling to automate and streamline the management of many client websites. We’re a fan of automation and have published articles on our efforts to integrate WordPress with Jenkins. With that particular plugin, we were able to automate […]