builtnorth/wp-baseline 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

builtnorth/wp-baseline

Composer 安装命令:

composer require builtnorth/wp-baseline

包简介

Adds baseline functionality to WordPress. For example, security features, admin cleanup, svg sanitization, and more.

README 文档

README

WP Baseline is a Composer package that provides baseline functionality for WordPress. Some of the functionality includes:

  • Cleanup of unnecessary WordPress features
  • Enhanced security measures
  • SVG upload support with sanitization
  • Cleanup of the admin dashboard
  • Duplicate post/page functionality

Requirements

  • PHP >= 8
  • WordPress >= 6

Installation & Usage

This library is meant to be dropped into a theme or plugin via composer.

  1. In your WordPress project directory, run: composer require builtnorth/wp-baseline.
  2. In your main plugin file or theme's functions.php, add:
if (class_exists('BuiltNorth\WPBaseline\App')) {
    $baseline = BuiltNorth\WPBaseline\App::instance();
    $baseline->boot();
}

Features

Disable Comments

Comments remain enabled by default. To disable them, set this filter to return true:

add_filter('wpbaseline_disable_comments', '__return_true');

When comments are disabled, WP Baseline comprehensively removes all comment functionality:

Backend Changes:

  • Removes comment support from all post types
  • Closes comments on all existing posts
  • Removes Comments menu from admin
  • Removes Discussion settings page
  • Removes comment widgets from dashboard
  • Redirects comment admin pages to dashboard
  • Removes comment link from admin bar
  • Disables comment REST API endpoints
  • Disables block editor notes (prevents /wp/v2/comments?type=note requests when the REST route is removed)

Frontend Changes:

  • Disables comment feeds
  • Removes Recent Comments widget
  • Dequeues comment reply scripts
  • Removes discussion panel from block editor

Block Editor:

  • Removes all comment-related blocks including:
    • Comment templates and content
    • Comment forms and reply links
    • Comment pagination
    • Latest comments
    • Post comment counts and links

Howdy Text

By default the "Howdy" text is removed from the admin bar. You can customize this and add your own text using the following filter:

add_filter('wpbaseline_howdy_text', function ($text) {
    return 'Hey,';
});

Admin Bar

By default the WP logo, search, and updates nodes are removed from the admin bar. They can be re-enabled using the following filter:

add_filter('wpbaseline_clean_admin_bar', '__return_false');

Dashboard Widgets

Most core dashboard widgets are removed. They can be re-enabled using the following filter:

add_filter('wpbaseline_remove_dashboard_widgets', '__return_false');

Emojis

Emojis are disabled. They can be re-enabled using the following filter:

add_filter('wpbaseline_disable_emojis', '__return_false');

Auto Update Emails

Auto update emails are disabled. Additionally, the from name in the email is customized based on the site name. This functionality can be reverted back to the default by using the filter:

add_filter('wpbaseline_disable_update_emails', '__return_false');

Asset Version Numbering

Wordpress adds a version query argument to all enqueued assets by default. This exposes the version number, which can be a security risk. WP Baseline replaces the version number with filemtime of the theme's style.css file by default with a fallback to date('Ymd'). However, you can set a custom version by defining a constant in your theme or plugin:

define('YOUR_THEME_VERSION', '1.2.9');
add_filter('wpbaseline_asset_version_constant', function () {
    return 'YOUR_THEME_VERSION';
});

Security Headers

WP Baseline implements security headers by default for enhanced security. These include:

  • Content Security Policy (CSP)
  • X-Content-Type-Options
  • X-Frame-Options
  • And more...

To disable all security headers:

add_filter('wpbaseline_enable_security_headers', '__return_false');

To modify specific headers or CSP rules, use these filters:

// Modify security headers
add_filter('wpbaseline_security_headers', function($headers) {
    // Customize headers
    $headers['X-Frame-Options'] = 'DENY';
    return $headers;
});

Login Security

The following items have been added to enhance login security:

  • Prevent username login
  • Returnsa generic login error message
  • Disable autocomplete for login fields

To disable login security enhancements, use the following filter:

add_filter('wpbaseline_login_security', '__return_false');

REST API User Endpoints

REST API user endpoints are restricted to users with the list_users capability by default. To disable this restriction and make the user endpoint publicly accessible again use this filter:

add_filter('wpbaseline_disable_user_rest_endpoints', '__return_false');

XMLRPC

XMLRPC is disabled by default. To re-enable it, use the following filter:

add_filter('wpbaseline_disable_xmlrpc', '__return_false');

SVG Support

Adds support for SVG uploads. SVGs are automatically sanitized upon upload using the enshrined/svg-sanitize library for security to remove potentially malicious content.

To disable SVG support, use the following filter:

add_filter('wpbaseline_enable_svg_uploads', '__return_false');

Additional MIME Types

Support for JSON and Lottie file uploads is available but disabled by default for security.

To enable JSON uploads:

add_filter('wpbaseline_enable_json_uploads', '__return_true');

To enable JSON sanitization (optional, off by default):

add_filter('wpbaseline_sanitize_json_uploads', '__return_true');

To enable Lottie uploads:

add_filter('wpbaseline_enable_lottie_uploads', '__return_true');

To disable Lottie validation:

add_filter('wpbaseline_validate_lottie_uploads', '__return_false');

To customize Lottie file size limit (default: 10MB):

add_filter('wpbaseline_lottie_max_file_size', function() {
    return 5 * 1024 * 1024; // 5MB
});

Duplicate Post

Adds a "Duplicate" action to post and page row actions, allowing users to quickly create copies of existing content. Duplicated posts are created as drafts and include all content, meta fields, and taxonomies.

The feature is enabled by default for all post types. To customize or disable:

// Disable duplicate post functionality entirely
add_filter('wp_baseline_duplicate_post_config', function($config) {
    $config['enabled'] = false;
    return $config;
});

// Limit to specific post types
add_filter('wp_baseline_duplicate_post_config', function($config) {
    $config['post_types'] = ['post', 'page', 'product'];
    return $config;
});

// Disable for specific post types
add_filter('wp_baseline_duplicate_post_config', function($config) {
    // Get all public post types
    $post_types = get_post_types(['public' => true]);
    // Remove the ones you don't want
    unset($post_types['attachment']);
    $config['post_types'] = array_keys($post_types);
    return $config;
});

When a post is duplicated:

  • The new post is created as a draft with "(Copy)" appended to the title
  • All custom fields and meta data are copied
  • All taxonomies (categories, tags, etc.) are preserved
  • The user stays on the posts list with a success message
  • A link to edit the duplicate is provided in the success notice

Disclaimer

This software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

Use of this library is at your own risk. The authors and contributors of this project are not responsible for any damage to your website or any loss of data that may result from the use of this library.

While we strive to keep this library up-to-date and secure, we make no guarantees about its performance, reliability, or suitability for any particular purpose. Users are advised to thoroughly test the library in a safe environment before deploying it to a live site.

By using this library, you acknowledge that you have read this disclaimer and agree to its terms.

builtnorth/wp-baseline 适用场景与选型建议

builtnorth/wp-baseline 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 112 次下载、GitHub Stars 达 1, 最近一次更新时间为 2024 年 07 月 31 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 builtnorth/wp-baseline 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 builtnorth/wp-baseline 我们能提供哪些服务?
定制开发 / 二次开发

基于 builtnorth/wp-baseline 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 112
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 19
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: GPL-2.0-or-later
  • 更新时间: 2024-07-31