{"id":14984599,"url":"https://github.com/danie1k/php-bulletproof-wordpress","last_synced_at":"2026-01-04T04:05:13.914Z","repository":{"id":56961835,"uuid":"263142961","full_name":"danie1k/php-bulletproof-wordpress","owner":"danie1k","description":"Bulletproof Wordpress deployment automation based on Ansible \u0026 Composer","archived":false,"fork":false,"pushed_at":"2020-05-17T15:03:15.000Z","size":90,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"dev","last_synced_at":"2025-01-23T07:09:42.469Z","etag":null,"topics":["ansible","ansible-role","composer","composer-package","php","wordpress","wordpress-boilerplate","wordpress-development","wordpress-hardening"],"latest_commit_sha":null,"homepage":"https://packagist.org/packages/danie1k/bulletproof-wordpress","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danie1k.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-11T19:49:18.000Z","updated_at":"2020-05-17T15:03:18.000Z","dependencies_parsed_at":"2022-08-21T09:20:57.909Z","dependency_job_id":null,"html_url":"https://github.com/danie1k/php-bulletproof-wordpress","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danie1k%2Fphp-bulletproof-wordpress","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danie1k%2Fphp-bulletproof-wordpress/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danie1k%2Fphp-bulletproof-wordpress/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danie1k%2Fphp-bulletproof-wordpress/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danie1k","download_url":"https://codeload.github.com/danie1k/php-bulletproof-wordpress/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243926129,"owners_count":20369933,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","composer","composer-package","php","wordpress","wordpress-boilerplate","wordpress-development","wordpress-hardening"],"created_at":"2024-09-24T14:09:19.170Z","updated_at":"2026-01-04T04:05:13.826Z","avatar_url":"https://github.com/danie1k.png","language":"Shell","readme":"# Bulletproof-Wordpress\n\n[![Build Status](https://img.shields.io/travis/danie1k/php-bulletproof-wordpress)][1]\n[![Current Version](https://img.shields.io/packagist/v/danie1k/bulletproof-wordpress)][2]\n[![PHP Version Support](https://img.shields.io/packagist/php-v/danie1k/bulletproof-wordpress)][2]\n[![MIT License](https://img.shields.io/github/license/danie1k/php-bulletproof-wordpress)][3]\n\nBulletproof\\* Wordpress deployment automation based on Ansible \u0026 Composer\n\n# Table of Contents\n\n1. [Requirements](#requirements)\n 1. [Developer's Computer](#developers-computer)\n 2. [Web server (hosting)](#web-server-hosting)\n2. [Installation](#installation)\n3. [Usage](#usage)\n4. [Basic Wordpress Configuration](#basic-wordpress-configuration)\n 1. [Database settings](#database-settings)\n 2. [Secret keys](#secret-keys)\n5. [Extended Wordpress Configuration](#extended-wordpress-configuration)\n 1. [HTTPS detection mechanism](#https-detection-mechanism)\n 2. [Paths customization](#paths-customization)\n 3. [Cron](#cron)\n6. [SMTP Configuration](#smtp-configuration)\n 1. [Global settings](#global-settings)\n 2. [Mailer-specific settings](#mailer-specific-settings)\n 1. [PHP](#php)\n 2. [SMTP.com](#smtpcom)\n 3. [Pepipost](#pepipost)\n 4. [Sendinblue](#sendinblue)\n 5. [Mailgun](#mailgun)\n 6. [SendGrid](#sendgrid)\n 7. [Classic SMTP server](#classic-smtp-server)\n7. [Advanced options](#advanced-options)\n 1. [Various settings](#various-settings)\n 2. [Files upload mechanism](#files-upload-mechanism)\n8. [Roadmap](#roadmap)\n9. [License](#license)\n\n## Requirements\n\n### Developer's Computer\n\n* Bash\n* [Ansible](https://www.ansible.com/)\n\n### Web server (hosting)\n\n* SSH access (for Ansible)\n* PHP \u003e= 5 (for Wordpress)\n* Apache or Nginx web server\n\n## Installation\n\nTo begin run the following command in Bash-compatible terminal:\n```bash\nbash \u003c(curl -s https://raw.githubusercontent.com/danie1k/php-bulletproof-wordpress/dev/.github/installer.sh)\n```\n\n*Work in progress, more to come...*\n\n## Usage\n\n*To be added...*\n\n\n## Basic Wordpress Configuration\n\n### Database settings\n\n| Ansible Variable | PHP equivalent | |\n|-------------------------|-------------------------|--------------------------|\n| `bpwp_db_host` | `DB_HOST` | *required* |\n| `bpwp_db_name` | `DB_NAME` | *required* |\n| `bpwp_db_user` | `DB_USER` | *required* |\n| `bpwp_db_password` | `DB_PASSWORD` | *required* |\n| `bpwp_db_charset` | `DB_CHARSET` | `utf8mb4` by default |\n| `bpwp_db_collate` | `DB_COLLATE` | `utf8mb4_bin` by default |\n| `bpwp_db_table_prefix` | `$table_prefix` | `wp_` by default |\n| `bpwp_db_client_flags` | `MYSQL_CLIENT_FLAGS` | *optional* |\n\n### Secret keys\n*TIP: Use https://api.wordpress.org/secret-key/1.1/salt/ to generate all the following keys.*\n\n| Ansible Variable | PHP equivalent | |\n|-------------------------|-------------------------|--------------------------|\n| `bpwp_auth_key` | `AUTH_KEY` | *required* |\n| `bpwp_secure_auth_key` | `SECURE_AUTH_KEY` | *required* |\n| `bpwp_logged_in_key` | `LOGGED_IN_KEY` | *required* |\n| `bpwp_nonce_key` | `NONCE_KEY` | *required* |\n| `bpwp_auth_salt` | `AUTH_SALT` | *required* |\n| `bpwp_secure_auth_salt` | `SECURE_AUTH_SALT` | *required* |\n| `bpwp_logged_in_salt` | `LOGGED_IN_SALT` | *required* |\n| `bpwp_nonce_salt` | `NONCE_SALT` | *required* |\n\n## Extended Wordpress Configuration\n\n### HTTPS detection mechanism\nSelect how WordPress should detect that a page is loaded via HTTPS, it strongly depends on your web server \u0026 DNS configuration. \n\n| Ansible Variable | Default value |\n|---------------------|---------------|\n| `bpwp_https_method` | `SERVER_PORT` |\n\nAvailable options:\n\n| Value | Description/Usage case |\n|-----------------------------------|---------------------------------------------|\n| `true` (boolean) | Force HTTPS always on |\n| `false` (boolean) | Force HTTPS always off |\n| `SERVER_PORT` | Check if `$_SERVER['SERVER_PORT']` is `443` |\n| `HTTP_X_FORWARDED_PROTO` | Load balancer, reverse proxy, Nginx |\n| `HTTP_X_FORWARDED_SSL` | Reverse proxy |\n| `HTTP_CLOUDFRONT_FORWARDED_PROTO` | AWS CloudFront |\n| `HTTP_X_FORWARDED_SCHEME` | KeyCDN |\n| `HTTP_X_ARR_SSL` | Windows Azure ARR |\n\n### Paths settings\nAll directories mentioned in this section are publicly exposed!\n\n| Ansible Variable | Description | |\n|-------------------------------|----------------------------------------------------------------------------------------------------------------|-----------------------|\n| `bpwp_wp_admin_dir_name` | **Name for wordpress admin panel directory** | Default: `wp-admin` |\n| | | |\n| `bpwp_wp_uploads_dir_name` | Directory name for storing [uploaded media files](https://wordpress.org/support/article/media-library-screen/) | Default: `uploads` |\n| `bpwp_wp_plugins_dir_name` | Directory name for storing [Plugins](https://wordpress.org/support/article/plugins/) | Default: `plugins` |\n| `bpwp_wp_themes_dir_name` | Directory name for storing [Themes](https://wordpress.org/support/article/using-themes/) | Default: `themes` |\n| `bpwp_wp_mu_plugins_dir_name` | Directory name for storing [Must Use Plugins](https://wordpress.org/support/article/must-use-plugins/) | Default: `mu-plugins` |\n| | | |\n| `bpwp_wp_symlink_core` | Whether to deploy Wordpress core files into \"public_html\" directory (`false`), or **symlink** only (`true`) | Default: `true` |\n\n### Cron\nIt is highly recommended to use Crontab-based cron to drive Wordpress, over built-in one. \nCheck following links fore more information:\n* https://support.hostgator.com/articles/specialized-help/technical/wordpress/how-to-replace-wordpress-cron-with-a-real-cron-job\n* https://easyengine.io/tutorials/wordpress/wp-cron-crontab/\n\n| Ansible Variable | Description | Type (default value) |\n|---------------------------|----------------------------------------------------------------------------|-------------------------------------------|\n| `bpwp_custom_cron` | Disables Wordpress built-in Cron and sets system crontab entry. | boolean (`false`) |\n| `bpwp_project_public_url` | Public URL of your Wordpress site, crontab will look there for wp-cron.php | required only if `bpwp_custom_cron: true` |\n| | | |\n| `bpwp_cron_minute` | *Used only if `bpwp_custom_cron` is enabled.* Every 10 minutes. | string (`*/10`) |\n| `bpwp_cron_hour` | *Used only if `bpwp_custom_cron` is enabled.* | string (`*`) |\n| `bpwp_cron_day` | *Used only if `bpwp_custom_cron` is enabled.* | string (`*`) |\n| `bpwp_cron_month` | *Used only if `bpwp_custom_cron` is enabled.* | string (`*`) |\n| `bpwp_cron_weekday` | *Used only if `bpwp_custom_cron` is enabled.* | string (`*`) |\n\n### W3 Total Cache\n\n| Ansible Variable | Default value |\n|---------------------|---------------|\n| `bpwp_w3tc_enabled` | `false` |\n\n## SMTP Configuration\nBPWP SMTP support is provided with third-party Wordpress plugin: https://wordpress.org/plugins/wp-mail-smtp/\n\n### Global settings\n\n| Setting name | Ansible Variable | Description | Type (default value) |\n|----------------------|----------------------------------|------------------------------------------------------------------------------------------------|----------------------|\n| | `bpwp_smtp_enabled` | Turns on/off SMTP support | boolean (`false`) |\n| **From Email** | `bpwp_smtp_mail_from` | The email address which emails are sent from | string, **required** |\n| **From Name** | `bpwp_smtp_mail_from_name` | The name which emails are sent from | string, **required** |\n| **Force From Email** | `bpwp_smtp_mail_from_force` | The From Email setting above will be used for all emails, ignoring values set by other plugins | boolean (`false`) |\n| **Force From Name** | `bpwp_smtp_mail_from_name_force` | The From Name setting above will be used for all emails, ignoring values set by other plugins | boolean (`false`) |\n| **Return Path** | `bpwp_smtp_set_return_path` | Return Path indicates where non-delivery receipts - or bounce messages - are to be sent.\u003cbr /\u003eIf disabled, bounce messages may be lost. Some providers may ignore this option. | boolean (`true`) |\n| **Mailer** | `bpwp_smtp_mailer` | Mailer engine. Possible values: `php`, `smtp.com`, `pepipost`, `sendinblue`, `mailgun`, `sendgrid`, `smtp` | string (`php`) |\n\n### Mailer-specific settings\n\n#### PHP\n*No settings*\n\n#### SMTP.com\nFull documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-smtp-com-mailer-in-wp-mail-smtp\n\n| Setting name | Ansible Variable | Description | Type (default value) |\n|----------------------|----------------------------------|------------------------------------------------------------------------------------------------|----------------------|\n| **API Key** | `bpwp_smtp_smtpcom_api_key` | [API Key from SMTP.com](https://my.smtp.com/settings/api) | string, **required** |\n| **Sender Name** | `bpwp_smtp_smtpcom_channel` | [Sender Name from SMTP.com](https://my.smtp.com/senders/) | string, **required** |\n\n#### Pepipost\nFull documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-pepipost-mailer-in-wp-mail-smtp\n\n| Setting name | Ansible Variable | Description | Type (default value) |\n|----------------------|----------------------------------|------------------------------------------------------------------------------------------------|----------------------|\n| **API Key** | `bpwp_smtp_pepipost_api_key` | [API Key from Pepipost](https://app.pepipost.com/app/settings/integration) | string, **required** |\n\n#### Sendinblue\nFull documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-sendinblue-mailer-in-wp-mail-smtp\n\n| Setting name | Ansible Variable | Description | Type (default value) |\n|----------------------|----------------------------------|------------------------------------------------------------------------------------------------|----------------------|\n| **API Key** | `bpwp_smtp_sendinblue_api_key` | [v3 API Key from Sendinblue](https://account.sendinblue.com/advanced/api) | string, **required** |\n\n#### Mailgun\nFull documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-mailgun-mailer-in-wp-mail-smtp\n\n| Setting name | Ansible Variable | Description | Type (default value) |\n|----------------------|----------------------------------|------------------------------------------------------------------------------------------------|----------------------|\n| **Private API Key** | `bpwp_smtp_mailgun_api_key` | [Private API Key from Mailgun](https://app.mailgun.com/app/account/security/api_keys) | string, **required** |\n| **Domain Name** | `bpwp_smtp_mailgun_domain` | [Domain Name from Sendinblue](https://app.mailgun.com/app/domains) | string, **required** |\n| **Region** | `bpwp_smtp_mailgun_region` | Define which endpoint you want to use for sending messages. [More information on Mailgun.com](https://www.mailgun.com/regions). | string, (`US`) |\n\n#### SendGrid\nFull documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-sendgrid-mailer-in-wp-mail-smtp\n\n| Setting name | Ansible Variable | Description | Type (default value) |\n|----------------------|----------------------------------|------------------------------------------------------------------------------------------------|----------------------|\n| **API Key** | `bpwp_smtp_sendgrid_api_key` | [API Key from SendGrid](https://app.sendgrid.com/settings/api_keys) | string, **required** |\n\n#### Classic SMTP server\nFull documentation: https://wpmailsmtp.com/docs/how-to-set-up-the-other-smtp-mailer-in-wp-mail-smtp/\n\n| Setting name | Ansible Variable | Description | Type (default value) |\n|----------------------|----------------------------------|------------------------------------------------------------------------------------------------|----------------------|\n| **SMTP Host** | `bpwp_smtp_host` | | string, **required** |\n| **Encryption** | `bpwp_smtp_ssl` | Possible values: `null`, `ssl`, `tls` (note: TLS is not STARTTLS) | string, **required** |\n| **SMTP Port** | `bpwp_smtp_port` | No encryption - `25` / SSL - `465` / TLS - `587` | int, **required** |\n| **Auto TLS** | `bpwp_smtp_autotls` | | boolean (`true`) |\n| **Authentication** | `bpwp_smtp_auth` | | boolean (`true`) |\n| **SMTP Username** | `bpwp_smtp_user` | | string, **required** |\n| **SMTP Password** | `bpwp_smtp_pass` | | string, **required** |\n\n## Advanced options\n\n### Various settings\n**Warning! Any changes made to files on remote server will be lost during Ansible-based deployment!**\n\n| Ansible Variable | Description | |\n|-------------------------------|---------------------------------------------------|------------------|\n| `bpwp_wp_disallow_file_edit` | Disable the Plugin and Theme Editor? | Default: `true` |\n| `bpwp_wp_disallow_file_mods` | Disable Plugin and Theme Update and Installation? | Default: `true` |\n| `bpwp_wp_disable_autoupdates` | Disable Wordpress auto-updates using [Easy Updates Manager](https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/) plugin | Default: `true` |\n| `bpwp_wp_custom_user_config` | Custom PHP code to be added to `wp-config.php` | Empty by default |\n\n\n### Files upload mechanism\nThere are two mechanism available for uploading your Wordpress files to remote server.\n\n| Ansible Variable | Default value |\n|---------------------|---------------|\n| `bpwp_sync_method` | `rsync` |\n\n| Value | Description/Usage case |\n|---------|---------------------------------------------------------------------------------------------------------------------------------------------------|\n| `rsync` | Uses [rsync](http://rsync.samba.org/) via [Ansible `synchronize` module](https://docs.ansible.com/ansible/latest/modules/synchronize_module.html) |\n| `copy` | Uses [Ansible `copy` module](https://docs.ansible.com/ansible/latest/modules/copy_module.html) |\n\n\n## Roadmap\n* Add `.htaccess` files for Apache web server\n* Nginx config generator\n* More detailed \"DEPLOYMENT CONFIRMATION\" report\n* Add support for Composer's `autoload.php`\n* Add shell script to update BPWP (similar to `installer.sh`)\n* Improve installation \u0026 usage instructions in README\n* Javascript converter \"api.wordpress.org/secret-key/1.1/salt/\" -\u003e Ansible Variables\n\n## License\n\nMIT\n\n----\n\n\\* *Highly secured*\n\n[1]: http://travis-ci.org/danie1k/php-bulletproof-wordpress\n[2]: https://packagist.org/packages/danie1k/bulletproof-wordpress\n[3]: https://github.com/danie1k/php-bulletproof-wordpress/blob/dev/LICENSE\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanie1k%2Fphp-bulletproof-wordpress","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanie1k%2Fphp-bulletproof-wordpress","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanie1k%2Fphp-bulletproof-wordpress/lists"}