builtnorth/wp-baseline
Composer 安装命令:
composer require builtnorth/wp-baseline
包简介
Adds baseline functionality to WordPress. For example, security features, admin cleanup, svg sanitization, and more.
README 文档
README
WP Baseline is a Composer package that provides baseline functionality for WordPress. Some of the functionality includes:
- Cleanup of unnecessary WordPress features
- Enhanced security measures
- SVG upload support with sanitization
- Cleanup of the admin dashboard
- Duplicate post/page functionality
Requirements
- PHP >= 8
- WordPress >= 6
Installation & Usage
This library is meant to be dropped into a theme or plugin via composer.
- In your WordPress project directory, run:
composer require builtnorth/wp-baseline. - In your main plugin file or theme's functions.php, add:
if (class_exists('BuiltNorth\WPBaseline\App')) { $baseline = BuiltNorth\WPBaseline\App::instance(); $baseline->boot(); }
Features
Disable Comments
Comments remain enabled by default. To disable them, set this filter to return true:
add_filter('wpbaseline_disable_comments', '__return_true');
When comments are disabled, WP Baseline comprehensively removes all comment functionality:
Backend Changes:
- Removes comment support from all post types
- Closes comments on all existing posts
- Removes Comments menu from admin
- Removes Discussion settings page
- Removes comment widgets from dashboard
- Redirects comment admin pages to dashboard
- Removes comment link from admin bar
- Disables comment REST API endpoints
- Disables block editor notes (prevents
/wp/v2/comments?type=noterequests when the REST route is removed)
Frontend Changes:
- Disables comment feeds
- Removes Recent Comments widget
- Dequeues comment reply scripts
- Removes discussion panel from block editor
Block Editor:
- Removes all comment-related blocks including:
- Comment templates and content
- Comment forms and reply links
- Comment pagination
- Latest comments
- Post comment counts and links
Howdy Text
By default the "Howdy" text is removed from the admin bar. You can customize this and add your own text using the following filter:
add_filter('wpbaseline_howdy_text', function ($text) { return 'Hey,'; });
Admin Bar
By default the WP logo, search, and updates nodes are removed from the admin bar. They can be re-enabled using the following filter:
add_filter('wpbaseline_clean_admin_bar', '__return_false');
Dashboard Widgets
Most core dashboard widgets are removed. They can be re-enabled using the following filter:
add_filter('wpbaseline_remove_dashboard_widgets', '__return_false');
Emojis
Emojis are disabled. They can be re-enabled using the following filter:
add_filter('wpbaseline_disable_emojis', '__return_false');
Auto Update Emails
Auto update emails are disabled. Additionally, the from name in the email is customized based on the site name. This functionality can be reverted back to the default by using the filter:
add_filter('wpbaseline_disable_update_emails', '__return_false');
Asset Version Numbering
Wordpress adds a version query argument to all enqueued assets by default. This exposes the version number, which can be a security risk. WP Baseline replaces the version number with filemtime of the theme's style.css file by default with a fallback to date('Ymd'). However, you can set a custom version by defining a constant in your theme or plugin:
define('YOUR_THEME_VERSION', '1.2.9'); add_filter('wpbaseline_asset_version_constant', function () { return 'YOUR_THEME_VERSION'; });
Security Headers
WP Baseline implements security headers by default for enhanced security. These include:
- Content Security Policy (CSP)
- X-Content-Type-Options
- X-Frame-Options
- And more...
To disable all security headers:
add_filter('wpbaseline_enable_security_headers', '__return_false');
To modify specific headers or CSP rules, use these filters:
// Modify security headers add_filter('wpbaseline_security_headers', function($headers) { // Customize headers $headers['X-Frame-Options'] = 'DENY'; return $headers; });
Login Security
The following items have been added to enhance login security:
- Prevent username login
- Returnsa generic login error message
- Disable autocomplete for login fields
To disable login security enhancements, use the following filter:
add_filter('wpbaseline_login_security', '__return_false');
REST API User Endpoints
REST API user endpoints are restricted to users with the list_users capability by default. To disable this restriction and make the user endpoint publicly accessible again use this filter:
add_filter('wpbaseline_disable_user_rest_endpoints', '__return_false');
XMLRPC
XMLRPC is disabled by default. To re-enable it, use the following filter:
add_filter('wpbaseline_disable_xmlrpc', '__return_false');
SVG Support
Adds support for SVG uploads. SVGs are automatically sanitized upon upload using the enshrined/svg-sanitize library for security to remove potentially malicious content.
To disable SVG support, use the following filter:
add_filter('wpbaseline_enable_svg_uploads', '__return_false');
Additional MIME Types
Support for JSON and Lottie file uploads is available but disabled by default for security.
To enable JSON uploads:
add_filter('wpbaseline_enable_json_uploads', '__return_true');
To enable JSON sanitization (optional, off by default):
add_filter('wpbaseline_sanitize_json_uploads', '__return_true');
To enable Lottie uploads:
add_filter('wpbaseline_enable_lottie_uploads', '__return_true');
To disable Lottie validation:
add_filter('wpbaseline_validate_lottie_uploads', '__return_false');
To customize Lottie file size limit (default: 10MB):
add_filter('wpbaseline_lottie_max_file_size', function() { return 5 * 1024 * 1024; // 5MB });
Duplicate Post
Adds a "Duplicate" action to post and page row actions, allowing users to quickly create copies of existing content. Duplicated posts are created as drafts and include all content, meta fields, and taxonomies.
The feature is enabled by default for all post types. To customize or disable:
// Disable duplicate post functionality entirely add_filter('wp_baseline_duplicate_post_config', function($config) { $config['enabled'] = false; return $config; }); // Limit to specific post types add_filter('wp_baseline_duplicate_post_config', function($config) { $config['post_types'] = ['post', 'page', 'product']; return $config; }); // Disable for specific post types add_filter('wp_baseline_duplicate_post_config', function($config) { // Get all public post types $post_types = get_post_types(['public' => true]); // Remove the ones you don't want unset($post_types['attachment']); $config['post_types'] = array_keys($post_types); return $config; });
When a post is duplicated:
- The new post is created as a draft with "(Copy)" appended to the title
- All custom fields and meta data are copied
- All taxonomies (categories, tags, etc.) are preserved
- The user stays on the posts list with a success message
- A link to edit the duplicate is provided in the success notice
Disclaimer
This software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.
Use of this library is at your own risk. The authors and contributors of this project are not responsible for any damage to your website or any loss of data that may result from the use of this library.
While we strive to keep this library up-to-date and secure, we make no guarantees about its performance, reliability, or suitability for any particular purpose. Users are advised to thoroughly test the library in a safe environment before deploying it to a live site.
By using this library, you acknowledge that you have read this disclaimer and agree to its terms.
builtnorth/wp-baseline 适用场景与选型建议
builtnorth/wp-baseline 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 112 次下载、GitHub Stars 达 1, 最近一次更新时间为 2024 年 07 月 31 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 builtnorth/wp-baseline 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 builtnorth/wp-baseline 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 112
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 19
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: GPL-2.0-or-later
- 更新时间: 2024-07-31