David Anderson
2014-05-02 11:22:52 UTC
Hi,
As someone who manages servers hosting lots of WordPress websites, I've
often wanted a convenient way for all WordPress websites on the server
to be able to include a plugin that's basically an mu-plugin (must-use).
* Collating system-wide IP data from distributed attacks (and feeding
that data to a firewall)
* Detect and terminate brute-force attacks early (e.g. detect certain
$_POST patterns, and end execution before further server resources are used)
* Require a local plugin on every site, without needing to manage every
site individually (e.g. hosting-company-provided automatic backups)
* Have a default hook into wp_mail() that uses the local SMTP setup
* Hook into a local cacheing system
Currently, doing this is really hack-ish. You can play around with PHP's
auto_prepend or auto_append configuration variables, or set up something
to automatically detect WordPress installs and to drop a file or symlink
into wp-content/mu-plugins.
I've now found time to author a core patch for this:
https://core.trac.wordpress.org/ticket/28105
The ticket has a few anticipated questions and answers about the
approach, so please do take a look at the ticket if this interests you.
I'd love to hear feedback from other hosting providers who'd find this
useful. I think it'd be good if the core devs could here about the level
of demand from server owners for the ability to do this. Personally I'd
find it hugely useful.
Best wishes,
David
As someone who manages servers hosting lots of WordPress websites, I've
often wanted a convenient way for all WordPress websites on the server
to be able to include a plugin that's basically an mu-plugin (must-use).
* Collating system-wide IP data from distributed attacks (and feeding
that data to a firewall)
* Detect and terminate brute-force attacks early (e.g. detect certain
$_POST patterns, and end execution before further server resources are used)
* Require a local plugin on every site, without needing to manage every
site individually (e.g. hosting-company-provided automatic backups)
* Have a default hook into wp_mail() that uses the local SMTP setup
* Hook into a local cacheing system
Currently, doing this is really hack-ish. You can play around with PHP's
auto_prepend or auto_append configuration variables, or set up something
to automatically detect WordPress installs and to drop a file or symlink
into wp-content/mu-plugins.
I've now found time to author a core patch for this:
https://core.trac.wordpress.org/ticket/28105
The ticket has a few anticipated questions and answers about the
approach, so please do take a look at the ticket if this interests you.
I'd love to hear feedback from other hosting providers who'd find this
useful. I think it'd be good if the core devs could here about the level
of demand from server owners for the ability to do this. Personally I'd
find it hugely useful.
Best wishes,
David
--
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net