Presenter: Binh Quan

Twitter: @binhqd

Github: binhqd

LinkedIn: /in/binhqd

GOALS

❖ Highest security

❖ Safe deployment

❖ Highest score according to Page Speed Insight

❖ Controllable

❖ Backup/Restorable

❖ Quality proof for potential customers

ROLESHTML/CSS Developer

WordPress Developer

CM/DevOps

1

2

3

WP DevelopmentChecklist

HTML/CSS Team

1. CSS Sprite must be used when theming

2. Concat all CSS files into single file

3. Concat all JS files into single file

4. CSS in Head, JS in Body

5. Images (jpg, png, svg) must be optimized

6. CSS must follow standard

7. Define sizes of images with name, width and height

❖ Imagemin-CLI: https://www.npmjs.com/package/imagemin-cli

❖ gulp-imagemin: https://www.npmjs.com/package/gulp-imagemin

WP Development Checklist

HTML/CSS Team

Images (jpg, png, svg) must be optimized

❖ Custom CSS in WP: https://codex.wordpress.org/CSS

❖ Default WordPress Generated CSS: http://www.wpbeginner.com/wp-themes/default-wordpress-generated-css-cheat-sheet-for-beginners/

WP Development Checklist

HTML/CSS Team

CSS must follow standard

WP Development Checklist

HTML/CSS Team

Define sizes of images with name, width and height

❖ Size name: string❖ Width: Integer❖ Height: Integer❖ Crop: boolean

WP DevelopmentChecklist

WP Developer

1. Using docker provided by Green Global company

2. Using latest version of WP (4.7)

3. Using Git for source versioning

4. Using WordPress Packagist. Don’t commit third party code

5. Follow Git Flow Process

6. Follow Code Review Checklist

7. Applying cache

8. Scoring at least 90/100 according to Google Page Speed

WP DevelopmentChecklist

WP Developer

9. Grade A according to https://www.webpagetest.org

10. Grade A accroding to https://tools.pingdom.com

11. Minify all CSS, JS

12. CSS in Head, JS in Body

13. Never using 'full' size for WP thumbnail

14. Using latest WP Plugin

15. Checking favicon

16. Don't try to modify original source, plugins

17. Set WP_DEBUG = true when development and WP_DEBUG =

false for production

❖ Github: https://github.com/greenglobal/wordpress-dockerize

WP Development Checklist

WordPress Developer

Using docker provided by Green Global company

❖ URL: https://wpackagist.org/

WP Development Checklist

WordPress Developer

Using WordPress Packagist. Don’t commit third party code

❖ Purpose:➢ Better source control

➢ Reviewable

➢ Easier deployment

➢ Continuous Delivery

➢ Backup/Restorable

❖ Slide: https://docs.google.com/presentation/d/18ozMxHvZStbQjbn2utRt-jcAa0zpsQ3Q5E7e4BYyrAA/pub?start=false&loop=false&delayms=3000

WP Development Checklist

WordPress Developer

Follow Git Flow Process

Pull Request Review Checklist

Category Task

1

Coding convention

Not use linting config provided by our company

2 Still error/warning reported by linting tool

3 Coding format not follow company's standard

4 Not follow Best Practice

5Document & comment

Comment not in English, typo

6 Not remove unused code or comment blocks

7 Variables Variables don't have meaningful name

8 Function & Class Class names, function names don't have meaningful name

9

Coding

Not clean up debugging blocks

10 Code blocks are not divided into units, unable to write unit test

11 Double code block, code blocks are not being reuse

12 Source code not in using Package Manager and contain third party code

13 Not use constants for values that configurable

14 Coding logic Not cover enough case which may caused further bugs

15

Git Flow

Commit message not follow standard

16 Not clean unused code when creating new PR

17 Not clean up development information when creating new PR

18 Not remove critical information such as username, password or including credential keys

19 Not resolve conflict when creating new PR

20 Careless and making lost of other's code

21Language

Content in English has typo- Content in plural form not being cared

22 Sentence not meaningful and wrong purpose

23 Integration Not retest that cause conflict with original source branch

❖ WP Fastest cache (*)

❖ W3 total cache

❖ WP Super Cache

WP Development Checklist

WordPress Developer

Applying Cache

WP Development Checklist

WordPress Developer

Never using 'full' size for WP thumbnail

DO

DON’T

WP Development Checklist

WordPress Developer

Checking favicon

WP DevelopmentChecklist

CM/DevOps

# Tasks Own host (Dedicated Server or VPS) Shared Host

1 Compress assets Compress JS and CSS. Set header for serving gzip files

2 Caching Varnish Cache

3 Deployment Using CI and Git Using DeployBot

4 Backup - Each deployment- Weekly

- Each deployment- Weekly

5

File/Folder permission

- File/Folder mode: 755- All files/folders: root access- Upload folders: www-data- .htpasswd to protect /wp-admin folder

- Mode 400 for wp-config.php- Change name of wp-config.php- BE CAREFUL when chmod some folders as 777. If some folder need to be writable, then you should change the folder name before chmod them as 777

6 Server Software Requirement Varnish/NGINX/MySQL

7 Image optimize WP Smush IT WP Smush IT

WP Development Checklist

CM/DevOps

Compress Assets (CSS/JS)

WP Development Checklist

CM/DevOps

Caching

WP Development Checklist

CM/DevOps

Deployment (Dedicated server/VPS)

Using Jenkins as

Deployment tool

WP Development Checklist

CM/DevOps

Deployment (Shared host)

Using DeployBotas

Deployment tool

WP DevelopmentChecklist

Security

1. Using Git

Easy tracking changes and backdoor

2. File/Folder permission

- All folders should be 0755

- All files should be 0644

- wp-config.php should be 400

Read more:❖ https://codex.wordpress.org/Hardening_WordPres

s❖ https://codex.wordpress.org/Changing_File_Permis

sions

Question&

Discussion