Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Changes to WordPress apps

    Announcements
    10
    82
    608
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcusquinn
      marcusquinn @micmc last edited by marcusquinn

      @micmc Cloudron on Hetzner (Germany). The speed is the same on any spec as it can only use one CPU at a time anyway. Hardware won't fix unoptimised software. Much of the optimisation is selective plugin unloading per page, so that only the plugins actually used on any page are loaded. The shop is Elasticsearch, again on a pretty small VM.

      1 Reply Last reply Reply Quote 1
      • Lonk
        Lonk @micmc last edited by Lonk

        @micmc said in Changes to WordPress apps:

        Yep, that is why I discussed about the above plugins and mentioned it was working prertty well at the time, Now that they are retired and GPL as well one can update and use them. And maybe just study them and see how ut was done so one can find the solution to adapt it to WP multisite on CLOUDRON.

        The three caveats I mentioned.

        • URL / Location changing without crashing the site. It’s a fix that needs to be done on Cloudron’s side but I think I can patch it to make this work pretty easily.
        • WP-Cron could be made as a primary or network activated plug-in to trigger all of the other sub-site Crons. So that’s possible. But more ideal would be to edit Cloudron’s custom CRON to support sub-sites which should be pretty easy and I’m sure the devs would let me.
        • Sub-sites have to be subdirectories, no TLDs or subdomains. This also can only be fixed by adding domain aliases in box and dashboard (the two parts that make up Cloudron). This would be the hardest to add for me though @girish heavily implied he wants to add them himself (he didn’t promise anything tho)

        1 Reply Last reply Reply Quote 2
        • MooCloud_Matt
          MooCloud_Matt @girish last edited by MooCloud_Matt

          @girish said in Changes to WordPress apps:

          Make WordPress plugins should just work

          I believe it is okay to have a greylist of unsupported plugins anyway, all providers that use docker or other forms of LVM have it, because there are plugins that cannot work on some platforms by their nature, due to lack of a PHP library or for security and stability reasons.

          For example you can't use a server with LS, OLS or Nginx and WP-Rocket Cache, they go into conflict.
          this for example is the list provided by Kinsta (some plugins are there because they use too many performances others because they are incompatible).

          all-in-one-wp-migration
          allow-php-execute
          backupbuddy
          backwpup
          better-wordpress-minify
          cache-enabler
          codistoconnect
          dynamic-widgets
          eww-image-optimizer
          exec-php
          inactive-user-deleter
          jch-optimize
          litespeed-cache
          login-wall
          p3
          p3-profiler
          pagefrog
          rvg-optimize-database
          snapshot
          updraft
          updraftplus
          wonderm00ns-simple-facebook-open-graph-tags
          wordpress-gzip-compression
          wordpress-popular-posts
          wordpress-rss-multi-importer
          wp-db-backup
          wp-db-backup-made
          wp-optimize
          
          girish 1 Reply Last reply Reply Quote 2
          • girish
            girish Staff @MooCloud_Matt last edited by

            @MooCloud_Matt Thanks, this is a good list to keep in mind for support.

            1 Reply Last reply Reply Quote 1
            • jdaviescoates
              jdaviescoates last edited by

              And here's WPengines list of disallowed plugins too just fyi

              https://wpengine.com/support/disallowed-plugins/

              1 Reply Last reply Reply Quote 2
              • mdreira
                mdreira last edited by

                I want to trust in Cloudron developers and therefore I am going to use Wordpress Managed for our clients.

                Having said that, I would like to ask about @girish wrote at this point: "Make many of the security plugins which do all sorts of crazy things like adjust the admin URL, modify files etc work. While we personally don't" vouch "for such security practices, we can't deny that WP is still the most installed app in our platform and most people install these plugins. In the spirit of picking our battles, we grant this one to the existing WP ecosystem 😉".

                As I see in that text the words "crazy things", "personally don´t vouch for such security practices" or "picking our battles" I understand that Cloudron developers do not like this type of plugins very much. So I would like to ask:

                1-Is a security plugin necessary in wordpress managed?
                2-If the answer is yes, what would be the plugin that Cloudron would recommend and that works well in WP Managed ?. I know that wordfence may be the best, but this plugin requires a waf file in the WP root, so it may be discarded (I don't know).
                3-If there is a recommended plugin, are there any configuration tips for cloudron? What security features should we activate and which ones are not necessary?

                Thanks

                On the other hand, I see that there is talk of cache plugins. I usually use "Fastest cache". At the moment it has not given me problems in Cloudron.

                jdaviescoates 1 Reply Last reply Reply Quote 0
                • jdaviescoates
                  jdaviescoates @mdreira last edited by

                  @mdreira said in Changes to WordPress apps:

                  I want to trust in Cloudron developers and therefore I am going to use Wordpress Managed for our clients.

                  Everyone has different needs, and whilst I also trust the Cloudron developers I still don't really see the point of WordPress Managed.

                  IMHO there are just so many instances where a client will want or need a plugin that isn't compatible with managed that it makes it pointless (also, even aside from clients, I like to always install WordFence because it makes my life so much easier, and that doesn't work with Managed as you've noted).

                  mdreira 1 Reply Last reply Reply Quote 1
                  • mdreira
                    mdreira @jdaviescoates last edited by mdreira

                    @jdaviescoates Yes, I understand you perfectly. I am not questioning whether WP managed-developer is better or worse.

                    I'm just asking about the topic of a security plugin with WP Managed.

                    I just want some advice from the Cloudron developers, because I don't have enough knowledge to discern this.

                    1 Reply Last reply Reply Quote 1
                    • girish
                      girish Staff last edited by

                      I should probably not have been negative about the WP Developer app 🙂 In the past, the app was called "WP Unmanaged app" and some of the wording is from the times when we tried to discourage people from using it.

                      From a security perspective, the managed WP app is better because the WP core code is readonly. This means plugins you install or some bug in some PHP code cannot tamper with the core code base. The downside is that some plugins don't work with a readonly WP. If you already know the plugins you will ever need in advance, I would go with managed WP app and only use the Developer app if something doesn't work.

                      mdreira 1 Reply Last reply Reply Quote 1
                      • mdreira
                        mdreira @girish last edited by

                        @girish I understand.

                        So..

                        1-Is a security plugin necessary in wordpress managed?
                        2-If the answer is yes, what would be the plugin that Cloudron would recommend and that works well in WP Managed?
                        3-If there is a recommended plugin, are there any configuration tips for cloudron? What security features should we activate and which ones are not necessary?

                        Thank you!

                        d19dotca 1 Reply Last reply Reply Quote 0
                        • d19dotca
                          d19dotca @mdreira last edited by

                          @mdreira said in Changes to WordPress apps:

                          1-Is a security plugin necessary in wordpress managed?

                          I use the Developer package for WordPress so can't speak for the Managed version too much, but my general advice would be the following:

                          • Generally speaking, it'd best to only install plugins when you know you have a need that isn't already addressed in the system. Thus, knowing your exact needs would come before choosing any particular plugin. My rule of thumb personally is not to install a plugin unless I understand why I need it and what I want to achieve with it.

                          • Security is a huge umbrella with probably hundreds of different sub-categories / uses. So for example, it'd be good to know if you are wanting to be notified of any irregular file changes, block specific functionality in WordPress, lockdown user accounts with custom permissions, change the login page URL, rate limit logins, or a mix of those or a whole bunch of other ones.

                          • It's good to copy an existing WordPress site (or a default one) to test new plugins on to see if they will interfere with your current setup, avoiding testing in any live production website.

                          Aside from the above, I'd honestly recommend just using the Developer package of WordPress. I know that goes against Girish's recommendation 👼 but there are at least several of us "power users" in Cloudron that feel there's no real upside to the Managed package other than a little bit more security by default. Eventually, whether it's sooner or later, you'll likely have the need to use a particular plugin that will need to modify files or access certain files, in which case you'll then have to do a bunch of work to migrate from the Managed package to the Developer package, so IMO you may as well just start on the Developer package to begin with unless you have very basic needs for WordPress and don't plan on growing it at all. And you won't want to be caught in a project that's time-sensitive to then find out you need to now also migrate an entire website to a new app instance type. I learned that lesson the hard way myself. 😉

                          By the way, every app has its own category in the forum. You may be better served to create a separate and dedicated post in the WordPress (managed or developer) categories. This thread in particular is pretty old and is generally on a different topic than "security plugins" for WordPress.

                          1 Reply Last reply Reply Quote 2
                          • First post
                            Last post