https://github.com/codeconut-ltd/wordpress-plugin-default-config

WordPress plugin with some hardcoded, opinionated defaults for enhanced security and frontend performance. Reduced feature set that might not work with all plugins. Only use if you know what you need.
https://github.com/codeconut-ltd/wordpress-plugin-default-config

composer configuration configuration-management default-project opinionated-defaults ph7 php phpcs phpcs-wordpress plugin security security-hardening wordpress wordpress-development wordpress-plugin wordpress-security wordpress-settings

Last synced: 3 months ago
JSON representation

WordPress plugin with some hardcoded, opinionated defaults for enhanced security and frontend performance. Reduced feature set that might not work with all plugins. Only use if you know what you need.

• Host: GitHub
• URL: https://github.com/codeconut-ltd/wordpress-plugin-default-config
• Owner: Codeconut-Ltd
• License: mit
• Created: 2020-10-02T09:54:56.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2023-07-25T09:41:12.000Z (over 2 years ago)
• Last Synced: 2025-03-22T11:51:10.325Z (9 months ago)
• Topics: composer, configuration, configuration-management, default-project, opinionated-defaults, ph7, php, phpcs, phpcs-wordpress, plugin, security, security-hardening, wordpress, wordpress-development, wordpress-plugin, wordpress-security, wordpress-settings
• Language: PHP
• Homepage:
• Size: 63.5 KB
• Stars: 5
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
![WordPress Plugin Default Config](teaser.png)

# WordPress Plugin – Default Config

Security & Performance focus

- [About](#about)

- [Features](#features)

- [How to use](#how-to-use)

- [Credits](#credits)




---

## About

Only use if you know what you need. WordPress plugin with some hardcoded, opinionated defaults for enhanced security and reduced feature set. Generic and theme-independent implementation with a modern code style.

**Intended for developers – Not end users**

_Due to use of many 3rd party sources, this plugin is not official. Take what you need or use the setup as boilerplate for your own plugins._





## Features

Some features are **breaking changes** and limit functionality of plugins.

Unneeded features can be disabled in code.

### Security

- Disable XMLRPC API (breaks mobile app use!)

- Disallow login via email address (use username instead)

- Disable oEmbed

- Remove login error message

- Remove meta tags and version numbers

- Remove links + HTML from posted comments (anti-spam)

### Performance

- Disable Emoji font and styles (can still be used via Unicode)

- Remove unused links from `` (e.g. feeds)

- Move all loaded scripts to document end (remove from head)

### General

- Disable redundant self ping (reduce server load)

- Delay post publication via RSS (ideal for last-minute QA and fixes)

- Set image quality to 100% (use plugins for compression)

### Developer

- Clean and modern OOP style





## How to use

Copy the folder content in your WordPress installation.

#### Features

All features are loaded modular and can be edited here:

- `/wp-content/plugins/codeconut-global/app/class.php`

#### Git workflow

Use of submodules is recommended:

- `git submodule add USER:REPOSITORY wp-content/plugins/codeconut-global`

Call this from web root. The path must not be preceded with a slash.





## Credits

This plugin combines a few great public resources into one package.

### Authors

Andreas Hecht

- https://www.drweb.de/wordpress-snippets

Cloudflare

- https://blog.cloudflare.com/wordpress-pingback-attacks-and-our-waf

- https://blog.cloudflare.com/a-look-at-the-new-wordpress-brute-force-amplification-attack

WpBeginner

- https://www.wpbeginner.com/beginners-guide/vital-tips-and-tools-to-combat-comment-spam-in-wordpress

- https://www.wpbeginner.com/wp-tutorials/25-extremely-useful-tricks-for-the-wordpress-functions-file