Tiny WordPress Insights

FrankenPHP – A modern PHP server

Tue, 01 Jul 2025 12:02:25 +0000

On May 15, 2025, FrankenPHP has become a part of PHP Foundation. It means that going forward, FrankenPHP will have more peer-reviewers and more help towards bug-fixes. FrankenPHP is already a stable platform and is already officially promoted by Caddy web server to run PHP apps such as WordPress, Laravel, Symfony, etc. If you’d like to know the more in-depth info on all the…

Source

]]>

ssh-import-id-gh – Import your public SSH key from GitHub

Fri, 11 Aug 2023 12:29:21 +0000

The (WordPress) developers often use to troubleshoot sites hosted in remote servers. While I don’t recommend working with a production site directly, these days most hosted WP companies offer staging sites with SSH access, with wp-cli pre-installed. In order to log into those, most of us use password authentication that can lead to a number of security issues. For example…

Source

]]>

Bootstrapping DigitalOcean Servers

Thu, 26 Jan 2023 15:23:05 +0000

I manage multiple DigitalOcean servers. There are a number of configurations to be done in order to bring a secure DO droplet. For example, firewall, alerts, etc. I missed a step years ago that caused a low priority security alert lately. So, I automated most of the steps while configuring any DigitalOcean server (new or old). Like most other things, I open-sourced the project in Github.

Source

]]>

What did I do in 2022 and my WishList for 2023

Fri, 16 Dec 2022 03:28:10 +0000

It’s the year of MikroTik and network engineering. So, there is hardly any WordPress stuff in this post. I bought MikroTik hAP AX2 this year, just after its launch. I’d been waiting for it for years. This is my fourth MikroTik product for my R&D. Earlier, I owned two numbers of hAP ac2 and SXT LTE Kit. One hAP AC2 runs on Router OS v6. The other one is on the latest version.

Source

]]>

TinyWP.in Infrastructure

Thu, 10 Nov 2022 15:02:22 +0000

Back in 2011, I already wrote a colophon post. Nothing much changed in it in terms of underlying technologies used such as Nginx web server. However, a few things aren’t mentioned in it, but will have a mention here. Basically, I am running most of the services using Google services for this domain (tinywp.in). Even though, I’ve been trying to de-google myself for years, I still use Google…

Source

]]>

Rate limiting xmlrpc requests on WordPress using Nginx

Thu, 02 Dec 2021 02:02:30 +0000

WordPress based sites are target for most automated bots. Those bots look for various vulnerability in WordPress core, the themes, and the plugins. Then, there are some kids (and their kid bots) that target specific resources in a WP site. “xmlrpc.php” is one such resource. It uses XML-RPC protocol that does many things in WordPress. For example, it helps with remote sites to notify their mentions…

Source

]]>

Disable PHP warnings when running wp-cli

Tue, 18 May 2021 14:46:00 +0000

It is not uncommon to test sites on a development environment (locally or in a staging environment where others can see the work-in-progress). On a development environment, usually we have configured to be . Here’s the sample of file in a development / test / staging environment… While the above code is perfectly okay, if the site creates PHP warnings, it is a nuisance to see them…

Source

]]>

Nginx compatibility for “Cookies for Comments” plugin

Thu, 29 Apr 2021 06:07:57 +0000

Whether you are aware or not, spammers are more interested in your site than anyone else. You’ll understand this more vividly, when your blog starts to become famous and brings more and more visitors week after week, month after month, year after year. The most annoying thing about spam comments is the amount of time that you need to waste in dealing with it. There are some bright minds in…

Source

]]>

Buypass CA – SSL with 180 Days Validity

Tue, 21 Apr 2020 14:45:00 +0000

Buypass is a Certificate Authority (CA) based on Europe. It offers free SSL certificates with a validity of 180 days. Unlike LetsEncrypt, Buypass CA also offers paid SSL too. So, it is neither a competitor to LetsEncrypt, nor it is a nonprofit. It is a for-profit company that also offers free SSL certificates. There are other CAs that offer free SSL certificates too. However…

Source

]]>

Version Control

Wed, 10 Jul 2019 12:31:37 +0000

WordPress uses SVN internally such as for plugins repository. So, a plugin author must use SVN tools to upload a plugin and update the existing plugin/s in wp.org plugins repository. If you are new to SVN, WordPress docs team has a nice guide to get started with SVN and plugins repository. The best practices section is a gem. It is possible to update WP core using SVN. However…

Source

]]>