Programming Uncategorized WordPress

Changes should happen in Code, not in UI

If you are deploying your WordPress site, it generally doesn’t make much sense to have to go in and setup changes when you push the newest version live. When you push to production, production should have all your changes.

One more benefit of this method is that you never need to be signed in with a user who can change settings, change plugins, or change themes. Being signed in as a user with as few capabilities as possible is a one part of limiting your vulnerability in case of attack

This is what I use to stop the majority of activities from happening in the UI.

tl;dr; Don’t Update Options in the admin, update them in the code.

6 replies on “Changes should happen in Code, not in UI”

I like update_option since it allows the DB to be the definitive record of which values are what. Filtering the option is really nice for development and for conditional changes, but if the option is going to be one value and the plan is for it to stay that value, updates seem to me to be the way to go.

I like this idea alot – coming from Rails and dealing with migrations, this makes perfect sense.

My question though is if you apply this to a full site (i.e. themes and plugins) – how can you apply this if there are plugins that need to be updated? I’m thinking using WP-CLI would be needed.

100% agree – so you’d suggest before deploying code, write up the plugin update routine yourself and not wait for the plugin to do that?

Well for the latter I don’t see that happening anytime soon.

I don’t think you should move the plugin update routines into your code. This is for the site update routines. Some of the common functions that go in here are activate_plugin and deactivate_plugins. After a site has been in development and right before going live, I’ll include an update routine that resets everyone password (since people use bad passwords when a site isn’t active and forget to update them). Also useful are things like updating specific plugin options.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.