These are collection of my WordPress notes.

WordPress Platform

• PHP
  • WordPress PHP Versions: Best PHP for WordPress in 2023 - Technocript.com - Choosing the best WordPress PHP version is crucial to make sure that the software is secure and free of bugs. Find out more in this article.
• Where are WordPress Users and Permissions Stored in the Database? - PublishPress - This is an introduction to WordPress permissions and where they are stored in the WordPress database: wp_user_roles, wp_capabilities and more.
• WP-CLI
  • Installing – WP-CLI – WordPress.org - WP-CLI is the official command line tool for interacting with and managing your WordPress sites.
  • The WP-CLI | WP-CLI - WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installations and much more, without using a web browser.

Security

• Block xmlrc.php with htaccess (WordFence will do this for you)

  <Files xmlrpc.php>
    ErrorDocument 403 default 
    order deny,allow
    deny from all
  </Files>

• Disable all of the search features with a plugin.

Debugging

• Debugging in WordPress – Documentation - This page describes the various debugging tools in WordPress and how to be more productive in your coding as well as increasing the overall quality and interoperativity of your code.
• WSOD (White Screen of Death)
  • Debugging and Fixing the WordPress "White Screen of Death" - SpinupWP - Is your WordPress site showing a blank white screen? Learn how to investigate & fix issues that could cause the infamous White Screen of Death.
• The link you followed has expired
  • How To Fix "The Link You Followed Has Expired" Error in WordPress - Are you seeing 'The link you followed has expired' error in WordPress?
    
    • The quickest way to fix ‘The link you followed has expired’ is by increasing the file upload size, PHP memory, and execution time limits for your WordPress website.
  • How to Fix "The Link You Followed Has Expired" WordPress Error - Encountering the "the link you followed has expired" error on your WordPress site? Inside, you will learn how to remove the error for good.
  • How To Fix “The Link You Followed Has Expired” WordPress Error - Fixing the "The link you followed has expired" WordPress error doesn't have to be a headache. We offer 4 solutions right here.

Performance

• Caching
  • Caching in SpinupWP - SpinupWP - SpinupWP implements multiple caching layers: browser caching, page caching and object caching. Read this to learn more about how SpinupWP handles caching.
  • WordPress Caching: All You Need To Know - SpinupWP - We cover what caching is and why it’s important. We also go over each caching layer and the role it plays in WordPress optimization.
  • By default, any POST requests or URLs containing query string parameters bypass the page cache.
  • What Is Redis Object Caching? (And How To Use It for Your WordPress Site) - 20i - We all know the importance of fast-loading web pages. When you implement this form of server-side caching, you’ll be able to store database query results to deliver content as quickly as possible.
  • Redis vs Memcached
    • Both are open-source, in-memory data stores. However, Memcached is designed for simplicity, and doesn’t support some of the advanced data structures that you’ll find in Redis.
  • The Home of Redis Developers | The Home of Redis Developers - Learn all the best practices to get up and running with Redis in no time. Get started and discover the power of Redis, whether on your local machines or in the cloud.
  • WP Super Cache – WordPress plugin | WordPress.org - A very fast caching engine for WordPress that produces static html files.
• TTFB
  • Improve your WordPress website's TTFB – 20i Support Database - Time To First Byte (TTFB) is the time it takes for your browser to receive the first byte of page content from the server. Reducing TTFB plays an important role in ensuring your site is performant and responsive for its users.

Plugins

• Divi has it's own page at QW.
• Total Cache  - Control iframe embedding
  
  • If the 'self' flag is not set, Divi will not work on quantumwarp.com because it uses iframes.
  • I manually set the Header set Content-Security-Policy in the .htaccess file but it kept getting changed (As below) whenever i load this plugin in the admin area, it alters the .htaccess to match it's current configuration. As youo can see the 'self' statement gets removed which can cause issues.
    

    Header set Content-Security-Policy "frame-ancestors 'self' *.quantumwarp.com"
    
    -->
    
    Header set Content-Security-Policy "frame-ancestors *.quantumwarp.com"

  • The solution is to add this extra statement in Total Cache's configuration but it is hard to find.
    
    • Performance --> Browser Cache --> Security Headers --> frame-ancestors: 'self' *.quantumwarp.com
• Wordfence blocking iframes
  
  • WF Firewall Blocking Header iframe | WordPress.org
    • As for your issue, it sounds like Learning Mode will be your friend here. From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options --> Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues, such as visiting the page(s) containing the iframe code. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if your iframe works correctly.
  • Firewall Learning Mode - Wordfence - "Learning Mode" allows the firewall to be adjusted to your site. is an amazing resource for learning more about the WAF and learning mode.
  • Disabling WordFence will fix this issue, but is not ideal and should only be briefly done to verify WordFence is the issue.
  • Blocking xmlrc.php
    • with htaccess - This is done on the server level.
    • If you use WordFence this will be done at the php level but allows more control rather than a blanket ban.
• WordFence
  • To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP function add the define file on the beginning of every file that is requested by a browser.
  • Check the WordFence logs and see what URL it is blocking, then you can add an exception.