generated from bisco/codex-bootstrap
fix: harden WordPress content rendering
This commit is contained in:
@@ -8,8 +8,9 @@ nor MariaDB publishes a host port; automated security checks guard this assumpti
|
||||
The custom `azionelab` classic theme renders the public single page. Theme modifications
|
||||
store the hero, manifesto, laboratory, teacher, lesson, and contact fields. The
|
||||
`azionelab-content` must-use plugin registers Shows and Gallery custom post types so
|
||||
structured editorial content survives a theme change. Images use WordPress featured
|
||||
images with local SVG fallbacks.
|
||||
structured editorial content survives a theme change. These custom post types are
|
||||
editorial data sources for the homepage, not standalone public routes or REST
|
||||
collections. Images use WordPress featured images with local SVG fallbacks.
|
||||
|
||||
WP-CLI is an opt-in tools-profile service. Its idempotent bootstrap installs WordPress,
|
||||
activates the theme, configures the site, and creates realistic demo content. Certbot is
|
||||
|
||||
@@ -6,6 +6,9 @@
|
||||
ignored and real secrets must come from the deployment secret manager.
|
||||
- WordPress uses its normal capability, nonce, authentication, cookie, and password
|
||||
controls. Theme settings sanitize input and templates escape output.
|
||||
- Structured Shows and Gallery content is editable in WordPress admin but is consumed
|
||||
by the homepage only; it is not exposed as standalone public routes or REST
|
||||
collections.
|
||||
- File editing is always disabled. Production also disables web-based core, theme, and
|
||||
plugin changes; patched images are rebuilt and redeployed instead.
|
||||
- XML-RPC and comments are disabled. NGINX blocks PHP execution below uploads, dotfiles,
|
||||
|
||||
Reference in New Issue
Block a user