search

littlebizzy / slickstack

Lightning-fast WordPress on Nginx
https://slickstack.io
GNU General Public License v3.0
629 stars 112 forks source link

WP_ALLOW_REPAIR #27

Closed PDowney closed 4 years ago

PDowney commented 4 years ago

WP_ALLOW_REPAIR found within the wp-config.php file should be set to false unless it's specifically being used. Any visitor can run database repairs and optimizations on a site with it enabled, regardless of whether or not they are logged in.

Try it by visiting yoursite/wp-admin/maint/repair.php

define('WP_ALLOW_REPAIR', false);

jessuppi commented 4 years ago

@PDowney Thanks for your suggestion, it is now commented out by default. I've added a new section in the default wp-config.php boilerplate called:

Inactive Defined Constants (Modify Using Custom Functions Or Otherwise)

Ref: https://github.com/littlebizzy/slickstack/commit/9b85691f871875199f8b1bc417acf0b3b5ef7efe

jessuppi commented 4 years ago

A few others added (to be expanded in future), for future reference:

/** the following defined constants should not be hardcoded to allow for modification */
/** modify these constants using the Custom Functions MU plugin or otherwise */

// define('WP_ALLOW_REPAIR', false); // default = false
// define('SAVEQUERIES', false); // default = false
// define('CONCATENATE_SCRIPTS', false); // default = false
// define('SCRIPT_DEBUG', false); // default = false

Ref: https://github.com/littlebizzy/slickstack/blob/master/wordpress/wp-config.txt