eighteen73 / orbit Goto Github PK

Opinionated overrides for default WordPress behaviour.

License: MIT License

PHP 95.89% CSS 0.55% JavaScript 3.56%

orbit's Introduction

Orbit

Orbit moulds some of WordPress' default behaviour to simplify the CMS experience, protect users from changing settings that should be reserved for website developers, and reinforce some areas of the CMS that tend to be a little weak.

The plugin is unapologetically opinionated to fit the needs and preferences of our web agency. We feel the choices we've made (including which ones are even configurable in the CMS) are sensible and pragmatic for the kinds of websites we work on and the control we tend to hold back from CMS users. We understand not everyone will agree with the choices we have made.

Installation

This plugin has no prerequisites. Assuming you're using a modern Composer workflow for WordPress development (such as our Nebula WordPress stack) just run the following command and Orbit will be installed as a must-use plugin:

composer require eighteen73/orbit

If necessary, you may install it manually by downloading a Zip archive from GitHub and extracting it to your plugins directory.

Configuration

All available configuration is done via the menu link Settings > Orbit Options.

Summary of Features

UI Cleanup

Remove unwanted items from the menu (with limited configuration)
Remove unwanted items from the toolbar (with limited configuration)
Remove unwanted dashboard widgets
Replace the login logo (configurable)
Remove the footer message in CMS

Security

Disable user endpoints in the REST API (configurable)
Disable XML-RPC (configurable)
Hide the WordPress version in page markup (configurable)
Disable/hide unwanted website markup
- Short links
- REST API links
- Oembed links
- Windows Live Writer manifest links

Other Safety Measures

Disallow robot indexing in non-production environments
Disable updates

Other Features

Adds endpoint "/wp-json/orbit/up" for use as quick website availability check

orbit's People

Contributors

Stargazers

Watchers

Forkers

hempsworth

orbit's Issues

Version number still shown in RSS feed

There is still a version number mentioned in /feed, even when "Hide WordPress version" is enabled.

I.e.

<generator>https://wordpress.org/?v=6.0.2</generator>

WP Rocket: WP_CACHE constant

Look at a way to handle WP Rockets in built way of adding WP_CACHE to web/wp-config.php.

The easiest way is with a filter:

add_filter( 'rocket_set_wp_cache_constant', '__return_false' );

To decide where this lives - in Nebula or Orbit.

Settings not showing

Noticed that settings for Orbit don't show their fields in the admin, currently this is a settings framework but we can do this with React now so we are keeping it closer to core docs here

Block XMLRPC entirely

At the moment we are using the xmlrpc_enabled filter to disable XML-RPC methods requiring authentication but ideally there would be an option to disable access to xmlrpc.php entirely so it can't be used for any purpose (inc. bruteforcing credentials).

Remove Carbon Fields

Ideally this plugin would not have a dependency like Carbon Fields. We need to ensure that removing it doesn't spoil usability though.

Website health check: Include permission_callback arguement

Just noticed this notice when testing something unrelated:

 Notice: Function register_rest_route was called incorrectly. The REST API route definition for orbit/up is missing the required permission_callback argument. For REST API routes that are intended to be public, use __return_true as the permission callback.

Auto clear revisions in a specified timeframe

Post revisions can quickly grow and start to cause some issues.

Specific example, a site which had ACF repeater fields with a lot of data in them on its homepage had over 600 revisions, the site was getting out of memory errors when loading the edit page for it because it was loading all the meta for the revisions.

Unsure if this is really an issue with block editor sites but it is a potential one for "classic" sites which utilise ACF for their content.

Also makes sense to have a function to clean old data up

Mail: Test email function

I think this has previously been discussed, but the email section could do with a send test email feature so we can confirm the settings are working correctly.

User permissions

Currently we try to avoid giving clients adminstrator level access, and instead would prefer to give them editor or shop-manager (if its WooCommerce).

We should look at giving access to things these 2 roles may need. Menus come to mind as something that is not normally accessible for this user role.