These are collection of my WordPress notes.

WordPress Platform

• PHP
  • WordPress PHP Versions: Best PHP for WordPress in 2023 - Technocript.com - Choosing the best WordPress PHP version is crucial to make sure that the software is secure and free of bugs. Find out more in this article.
• Where are WordPress Users and Permissions Stored in the Database? - PublishPress - This is an introduction to WordPress permissions and where they are stored in the WordPress database: wp_user_roles, wp_capabilities and more.
• WP-CLI
  • Installing – WP-CLI – WordPress.org - WP-CLI is the official command line tool for interacting with and managing your WordPress sites.
  • The WP-CLI | WP-CLI - WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installations and much more, without using a web browser.

Security

• Block xmlrc.php with htaccess (WordFence will do this for you)

  <Files xmlrpc.php>
    ErrorDocument 403 default 
    order deny,allow
    deny from all
  </Files>

• Disable all of the search features with a plugin.

Finding Bottlenecks

• Finding Bottlenecks in WordPress Code - In this article I want to demonstrate a few ways in which you can identify potential performance issues in your codebase, which will hopefully allow you to fix them before they become real issues.
• How to Fix Common Bottlenecks that Slow Down WordPress Sites - There can be many reasons that slow down WordPress. In this article, we’ll cover the most common bottlenecks and solutions for them.
• How to do WordPress plugin performance analysis - Super Speedy Plugins
  • In the video below, I show an example of performance analysis of a WordPress plugin. Performance optimisation is firstly performance analysis – you need to find out where your performance bottlenecks are.
  • Performance bottlenecks in WordPress are most commonly found in the database, so a plugin tool like Query Monitor can help a great deal. If you want to do performance analysis and optimisation properly however, break out the big-boy tools.
• Dismantle WordPress Performance Bottlenecks Seminar - YouTube | Seravo - The host of the webinar is Otto Kekäläinen, the code-loving CEO of Seravo. He is joined by Benjamin Eberlei, the founder of Tideways.

Performance Issues

• How to Diagnose High Admin-Ajax Usage on Your WordPress Site - Learn how to diagnose high admin-ajax.php usage in WordPress sites and fix it for good. Tame the WordPress Heartbeat API and speed up.

Debugging

• Use profiling plugins to
  • get metrics like load time
  • show which plugin is causing the slowness
  • which SQL commands are executed and show the slow ones.
  • which crons running

• Tutorials
  • Turn Visual Studio Code into the Ultimate Editor for WordPress Development - Learn how to set up VS Code for WordPress development including installing necessary extensions, setting up PHP and JS debugging, git integration, and more.
  • Debugging in WordPress – Advanced Administration Handbook | Developer.WordPress.org
    • This page describes the various debugging tools in WordPress and how to be more productive in your coding as well as increasing the overall quality and interoperability of your code.
    • Here is TL;DR of the functions:

      // Enable WordPress debugging mode
      define( 'WP_DEBUG', true );
      
      // Enable Debug logging
      define( 'WP_DEBUG_LOG', true );                    // to the default log file `/wp-content/debug.log`
      //define( 'WP_DEBUG_LOG', '/tmp/wp-errors.log' );  // to a specified log file
      
      // Disable display of errors and warnings
      define( 'WP_DEBUG_DISPLAY', false );
      @ini_set( 'display_errors', 1 );
      
      // Use dev versions of core JS and CSS files rather than the minified production versions
      define( 'SCRIPT_DEBUG', true );
      
      // Should debug messages be shown inside the HTML of pages or not
      define( 'WP_DEBUG_DISPLAY', true );
      
      // Saves database queries to an array, which can then be displayed to help analyze those queries
      define( 'SAVEQUERIES', true );

  • Using Your Browser to Diagnose JavaScript Errors – Advanced Administration Handbook | Developer.WordPress.org
    • If you’re experiencing issues with your interactive functionality this may be due to JavaScript errors or conflicts.
    • This guide will show you how to diagnose JavaScript issues in different browsers.
  • How to Find and Access WordPress Error Logs (Step by Step) - Need to enable debug mode in WordPress? Here's how to set up WordPress error logs with a plugin or wp-config so you can track errors and troubleshoot your site.
  • How to Enable WordPress Debug Mode and Get the Debug.Log File - YouTube | WP STAGING - Find out how to enable the WordPress debug mode and how to let WordPress generate the "debug.log" file. The debug mode can help you a lot if your WordPress site experiences a fatal error like a server error 500 or a blank white page and you want to fix your WordPress website.
• Enable debugging via a URL variable
  • This can be very useful if you want to switch between Dev and Production quickly without having to maintain 2 sites.

    // Enable debugging via an URL GET variable
    if ($_GET['debug'] ?: null) {
        define( 'WP_DEBUG', true );
        define( 'SCRIPT_DEBUG', true );
    }

• WSOD (White Screen of Death)
  • Debugging and Fixing the WordPress "White Screen of Death" - SpinupWP - Is your WordPress site showing a blank white screen? Learn how to investigate & fix issues that could cause the infamous White Screen of Death.
• The link you followed has expired
  • How To Fix "The Link You Followed Has Expired" Error in WordPress - Are you seeing 'The link you followed has expired' error in WordPress?
    
    • The quickest way to fix ‘The link you followed has expired’ is by increasing the file upload size, PHP memory, and execution time limits for your WordPress website.
  • How to Fix "The Link You Followed Has Expired" WordPress Error
    • Encountering the "the link you followed has expired" error on your WordPress site? Inside, you will learn how to remove the error for good.
    • Fixing the "The link you followed has expired" WordPress error doesn't have to be a headache. We offer 4 solutions right here.

Performance

• Caching
  • Caching in SpinupWP - SpinupWP - SpinupWP implements multiple caching layers: browser caching, page caching and object caching. Read this to learn more about how SpinupWP handles caching.
  • WordPress Caching: All You Need To Know - SpinupWP - We cover what caching is and why it’s important. We also go over each caching layer and the role it plays in WordPress optimization.
  • By default, any POST requests or URLs containing query string parameters bypass the page cache.
  • What Is Redis Object Caching? (And How To Use It for Your WordPress Site) - 20i - We all know the importance of fast-loading web pages. When you implement this form of server-side caching, you’ll be able to store database query results to deliver content as quickly as possible.
  • Redis vs Memcached
    • Both are open-source, in-memory data stores. However, Memcached is designed for simplicity, and doesn’t support some of the advanced data structures that you’ll find in Redis.
  • The Home of Redis Developers | The Home of Redis Developers - Learn all the best practices to get up and running with Redis in no time. Get started and discover the power of Redis, whether on your local machines or in the cloud.
  • WP Super Cache – WordPress plugin | WordPress.org - A very fast caching engine for WordPress that produces static html files.
• TTFB
  • Improve your WordPress website's TTFB – 20i Support Database - Time To First Byte (TTFB) is the time it takes for your browser to receive the first byte of page content from the server. Reducing TTFB plays an important role in ensuring your site is performant and responsive for its users.

Plugins

• Divi has it's own page at QW.
• Total Cache  - Control iframe embedding
  
  • If the 'self' flag is not set, Divi will not work on quantumwarp.com because it uses iframes.
  • I manually set the Header set Content-Security-Policy in the .htaccess file but it kept getting changed (As below) whenever i load this plugin in the admin area, it alters the .htaccess to match it's current configuration. As youo can see the 'self' statement gets removed which can cause issues.
    

    Header set Content-Security-Policy "frame-ancestors 'self' *.quantumwarp.com"
    
    -->
    
    Header set Content-Security-Policy "frame-ancestors *.quantumwarp.com"

  • The solution is to add this extra statement in Total Cache's configuration but it is hard to find.
    
    • Performance --> Browser Cache --> Security Headers --> frame-ancestors: 'self' *.quantumwarp.com
• Wordfence - Blocking iframes
  
  • WF Firewall Blocking Header iframe | WordPress.org
    • As for your issue, it sounds like Learning Mode will be your friend here. From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options --> Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues, such as visiting the page(s) containing the iframe code. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if your iframe works correctly.
  • Firewall Learning Mode - Wordfence - "Learning Mode" allows the firewall to be adjusted to your site. is an amazing resource for learning more about the WAF and learning mode.
  • Disabling WordFence will fix this issue, but is not ideal and should only be briefly done to verify WordFence is the issue.
  • Blocking xmlrc.php
    • with htaccess - This is done on the server level.
    • If you use WordFence this will be done at the php level but allows more control rather than a blanket ban.
• WordFence
  • To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP function add the define file on the beginning of every file that is requested by a browser.
  • Check the WordFence logs and see what URL it is blocking, then you can add an exception.

Articles / Things

A collection of solutions for problems I found while using WordPress. I might move these to their own articles.

...