globalis / wp-cubi
WordPress modern stack for developers
Installs: 456
Dependents: 0
Suggesters: 0
Security: 0
Stars: 67
Watchers: 6
Forks: 8
Open Issues: 0
Type:project
Requires
- php: >=8.1 <8.4
- composer/installers: ^2.3.0
- globalis/wonolog: 2.x-dev
- globalis/wp-cli-bin: ^2.8.1
- globalis/wp-cubi-helpers: ^1.0.5
- globalis/wp-cubi-imagemin: ^1.3.3
- globalis/wp-cubi-transient-cache: ^0.3.0
- globalis/wp-unhooked: ^1.0.4
- johnbillion/extended-cpts: ^5.0.11
- johnbillion/query-monitor: ^3.17.0
- roots/soil: ^4.1.1
- roots/wordpress: ~6.7.1
- roots/wp-password-bcrypt: ^1.1.0
- wpackagist-plugin/acf-extended: ^0.9.0.9
- wpackagist-plugin/advanced-custom-fields: ^6.3.11
- wpackagist-plugin/autodescription: ^5.1.2
- wpackagist-plugin/dynamo: ^1.2
- wpackagist-plugin/limit-login-attempts-reloaded: ^2.26.16
- wpackagist-plugin/two-factor: ^0.9.1
- wpackagist-plugin/user-switching: ^1.9.1
- wpackagist-plugin/wp-crontrol: ^1.15.2
Requires (Dev)
- consolidation/robo: 3.x-dev@dev
- globalis/wp-cubi-robo: ^2.5.0
- squizlabs/php_codesniffer: ^3.7.2
Suggests
- globalis/wp-cubi-robo-globalis: Provides a BuildAssets trait for RoboFile
- dev-master
- 1.11.0
- 1.10.0
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.1
- 1.9.0
- 1.8.3
- 1.8.2
- 1.8.1
- 1.8.0
- 1.7.2
- 1.7.1
- 1.7.0
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.1
- 1.6.0
- 1.5.1
- 1.5.0
- 1.4.0
- 1.3.1
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.7.4
- 0.7.3
- 0.7.2
- 0.7.1
- 0.7.0
- 0.6.6
- 0.6.5
- 0.6.4
- 0.6.3
- 0.6.2
- 0.6.1
- 0.6.0
- 0.5.2
- 0.5.1
- 0.5.0
- 0.4.3
- 0.4.2
- 0.4.1
- 0.4.0
- 0.3.1
- 0.3.0
- 0.2.2
- 0.2.1
- 0.2.0
- 0.1.4
- 0.1.3
- 0.1.2
- 0.1.1
- 0.1.0
- dev-feature_add_two_factor_plugin
- dev-meta_robo_eucd_disable_indexation_restriction
- dev-feature_test_classicpress_install
- dev-feature_tests_acceptance
This package is auto-updated.
Last update: 2025-05-07 17:21:11 UTC
README
WordPress modern stack for developers
Overview
wp-cubi provides a modern stack and project structure to make professional web applications with WordPress.
Built with Composer dependency manager and Robo task runner.
Features
- Environment-specific configuration
- Automated
no-indexand mail-trapper on development / staging environments - Command-line administration with wp-cli
- Monitoring tools (query-monitor, wp-crontrol, user-switching, wp-cubi-admin-bar)
- Cleaner wp-admin with globalis/wp-unhooked
- Gitflow integration with Robo commands
- Optimized
.htaccessgeneration - Logging system with inpsyde/wonolog and monolog
- Standalone image minification plugin with globalis/wp-cubi-imagemin
- Additional functions with globalis/wp-cubi-helpers
- advanced-custom-fields-pro installed with composer, if license key provided
- SEO friendly, with The SEO Framework plugin and roots/soil DOM optimizations
- Lighter and faster than a default WordPress application, by disabling things we don't use from core
- Comments disabled by default
- Automatically cache nav-menus with globalis/wp-cubi-transient-cache
Security optimizations
- Separated web root folder
.htaccesssecurity directives- Deactivation of REST API and
xmlrpc.phpunless explicitly activated - Better password encryption with roots/wp-password-bcrypt
- Anti brute-force protection on
wp-login.phpwith Limit Login Attempts Reloaded
Requirements
Installation
- Create a new project:
composer create-project --remove-vcs globalis/wp-cubi your-project && cd your-project - Run installation command and answer the questions:
./vendor/bin/robo install --setup-wordpress - Access your new site administration:
/wpcb/wp-admin/
Configuration
- Edit
WP_UNHOOKED_CONFIGconstant, according to your needs, inconfig/application.php - Login page logo: Replace
./web/logo.pngwith your application logo (or edit00-wp-cubi-core-mu/20-wp-login.php) - If your application uses a SMTP server for outgoing emails, configure it in
config/local.php - Image minification: Configure globalis/wp-cubi-imagemin to enable a meaningfull level of uploads / image minification
wp-cron tasks
For an optimal wp-cron setup in production, apply following configuration :
- Set constant
DISABLE_WP_CRONtotruein./config/environments/production.php - Add to your production server crontab :
*/1 * * * * /usr/bin/php8.2 /var/www/my-app/web/wpcb/wp-cron.php &>/dev/null
Notes :
- Be sure you adapt PHP binary path (with accurate version) and your application path in above command
- Using absolute paths is recommended
WordPress core automatic updates
Even though WordPress does not comply with semantic versioning specification, core minor updates generally respect backward compatibility and could be applied automatically, for security purposes.
It can be done by adding to your staging and production server crontabs :
*/30 * * * * /usr/bin/php8.2 /var/www/my-app/vendor/bin/wp core update --minor &>/dev/null
Notes :
- Be sure you adapt PHP binary path (with accurate version) and your application path in above command
- Using absolute paths is recommended
This cron task will ensure, every 30 minutes, that WordPress instance running on server is up-to-date with latest minor version of its current branch.
This cron task will not automatically change roots/wordpress version in your composer.lock file.
To avoid unwanted rollbacks when deploying, wp-cubi deploy command will check before every deployment that you're about to deploy last minor version of your WordPress current branch. If not, it will invite you to abort deployment and run ./vendor/bin/robo wp:apply-available-patch.
Commands
wp-cli
./vendor/bin/wp <command>(see complete list)
Coding standards
./vendor/bin/phpcs [directory]: Check coding standards (see./phpcs.xml)./vendor/bin/phpcbf [directory]: Fix coding standards auto-fixable violations
Robo
./vendor/bin/robo install [--setup-wordpress]./vendor/bin/robo configure./vendor/bin/robo build./vendor/bin/robo build:composer./vendor/bin/robo build:config./vendor/bin/robo build:htaccess./vendor/bin/robo wp:apply-available-patch./vendor/bin/robo wp:language-install [<language>] [--activate]./vendor/bin/robo wp:language-update [<language>] [--activate]./vendor/bin/robo wp:update-timezone./vendor/bin/robo wp:install-acf-pro [--username="<username>"] [--password="<password>"]./vendor/bin/robo feature:start <feature-name>./vendor/bin/robo feature:finish <feature-name>./vendor/bin/robo hotfix:start [--semversion=<version>]./vendor/bin/robo hotfix:finish [--semversion=<version>]./vendor/bin/robo release:start [--semversion=<version>]./vendor/bin/robo release:finish [--semversion=<version>]./vendor/bin/robo deploy <environment> <version> [--ignore-assets] [--ignore-composer]./vendor/bin/robo deploy:setup <environment>./vendor/bin/robo media:dump <environment> [--delete]./vendor/bin/robo media:push <environment> [--delete]
WordPress plugins
wp-cubi handles WordPress plugin dependencies (including wordpress.org plugins) through Composer.
If you want to use plugins that are not available through wordpress.org or a public Composer repository, you have two options:
- Simplest: Manually add the plugin in your
./web/app/modules/directory, then whitelist it in your./gitignorefile - Recommanded: Create a private Composer repository to host your plugin
Logs
wp-cubi comes with inpsyde/wonolog, which allows to log anything with a single line of code, and automatically writes logs for multiple events like PHP errors, DB errors, HTTP API errors, wp_mail() errors, and more.
Basic configuration is possible in wp-cubi ./config/application.php and ./config/environments/ files, where you can change the maximum number of log files and the log level.
For advanced configuration (adding channels or handlers), you can edit ./web/app/mu-modules/00-wp-cubi-core-mu/src/00-wonolog.php (see inpsyde/wonolog documentation and monolog documentation)
Deploys
wp-cubi provides a basic deploy command ./vendor/bin/robo deploy that builds the application and deploys it with rsync.
You can build your own deploy method using Deployer, Capistrano or any other tool by editing ./RoboFile.php.
Where is the block editor gone ?
We use globalis/wp-unhooked to disable a lot of things from WordPress core, such as block editor, REST-API, xmlrpc, comments, most of dashboard widgets and a few admin menus entries.
It allows your application to be cleaner, faster and lighter. It also improves security, by disabling potential attack routes when you don't need them.
If you need to activate one of those things, edit WP_UNHOOKED_CONFIG constant in config/application.php.