├── .gitignore
├── .gitmodules
├── .htaccess
├── .htusers
├── README.md
├── humans.txt
├── index.php
├── robots.txt
├── wp-config.php
├── wp-content
    ├── .htaccess
    ├── blogs.dir
    │   └── .gitignore
    ├── index.php
    ├── themes
    │   └── index.php
    └── upgrade
    │   └── .gitignore
└── wp-plugins
    └── index.php


/.gitignore:
--------------------------------------------------------------------------------
 1 | /shared
 2 | /sql-dump-*.sql
 3 | /adminer*
 4 | /db-sync
 5 | 
 6 | ## File-based project format
 7 | *.ipr
 8 | *.iws
 9 | .svn
10 | *.svn
11 | 
12 | ## Single files
13 | clover.xml
14 | *.log
15 | *.cache
16 | .DS_Store
17 | Desktop.ini
18 | Thumbs.db
19 | 
20 | ## WordPress
21 | # Ignore everything in the "wp-content" directory, except the "plugins"
22 | # and "themes" directories.
23 | /wp-content/*
24 | !wp-content/plugins
25 | !wp-content/themes
26 | 
27 | ## Grunt, NPM
28 | node_modules/
29 | 
30 | ## Composer template
31 | composer.phar
32 | !/js/vendor/*
33 | /vendor/
34 | 
35 | ## PhpStorm IDE
36 | .idea
37 | .iws
38 | workspace.xml
39 | tasks.xml
40 | 
41 | ## Aptana IDE
42 | .settings
43 | *.aptana.*
44 | .project
45 | 


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "wpbeta"]
2 | 	path = wpbeta
3 | 	url = git@github.com:WordPress/WordPress.git
4 | 	
5 | [submodule "wpmu-plugins"]
6 | 	path = wpmu-plugins
7 | 	url = git@github.com:bueltge/Must-Use-Loader.git
8 | 


--------------------------------------------------------------------------------
/.htaccess:
--------------------------------------------------------------------------------
  1 | # ----------------------------------------------------------------------
  2 | # BEGIN WordPress
  3 | # ----------------------------------------------------------------------
  4 | <IfModule mod_rewrite.c>
  5 |   RewriteEngine On
  6 |   RewriteBase /
  7 |   RewriteCond %{REQUEST_FILENAME} !-f
  8 |   RewriteCond %{REQUEST_FILENAME} !-d
  9 |   RewriteRule . /index.php [L]
 10 | </IfModule>
 11 | 
 12 | 
 13 | # ----------------------------------------------------------------------
 14 | # UTF-8 encoding
 15 | # ----------------------------------------------------------------------
 16 | # Use UTF-8 encoding for anything served text/plain or text/html
 17 | AddDefaultCharset utf-8
 18 | 
 19 | # Force UTF-8 for a number of file formats
 20 | AddCharset utf-8 .css .js .xml .json .rss .atom
 21 | 
 22 | 
 23 | # ----------------------------------------------------------------------
 24 | # Better website experience for IE users
 25 | # ----------------------------------------------------------------------
 26 | # Force the latest IE version, in various cases when it may fall back to IE7 mode
 27 | #  github.com/rails/rails/commit/123eb25#commitcomment-118920
 28 | # Use ChromeFrame if it's installed for a better experience for the poor IE folk
 29 | <IfModule mod_headers.c>
 30 |   Header set X-UA-Compatible "IE=Edge,chrome=1"
 31 |   # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
 32 |   <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
 33 |   Header unset X-UA-Compatible
 34 |   </FilesMatch>
 35 | </IfModule>
 36 | 
 37 | 
 38 | # ----------------------------------------------------------------------
 39 | # Cross-domain AJAX requests
 40 | # ----------------------------------------------------------------------
 41 | # Serve cross-domain Ajax requests, disabled by default.
 42 | # enable-cors.org
 43 | # code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
 44 | #  <IfModule mod_headers.c>
 45 | #  Header set Access-Control-Allow-Origin "*"
 46 | #  </IfModule>
 47 | 
 48 | 
 49 | # ----------------------------------------------------------------------
 50 | # CORS-enabled images (@crossorigin)
 51 | # ----------------------------------------------------------------------
 52 | # Send CORS headers if browsers request them; enabled by default for images.
 53 | # developer.mozilla.org/en/CORS_Enabled_Image
 54 | # blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
 55 | # hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
 56 | # wiki.mozilla.org/Security/Reviews/crossoriginAttribute
 57 | <IfModule mod_setenvif.c>
 58 |   <IfModule mod_headers.c>
 59 |   # mod_headers, y u no match by Content-Type?!
 60 |   <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
 61 |     SetEnvIf Origin ":" IS_CORS
 62 |     Header set Access-Control-Allow-Origin "*" env=IS_CORS
 63 |   </FilesMatch>
 64 |   </IfModule>
 65 | </IfModule>
 66 | 
 67 | 
 68 | # ----------------------------------------------------------------------
 69 | # Webfont access
 70 | # ----------------------------------------------------------------------
 71 | # Allow access from all domains for webfonts.
 72 | # Alternatively you could only whitelist your
 73 | # subdomains like "subdomain.example.com".
 74 | <IfModule mod_headers.c>
 75 |   <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
 76 |   Header set Access-Control-Allow-Origin "*"
 77 |   </FilesMatch>
 78 | </IfModule>
 79 | 
 80 | # ----------------------------------------------------------------------
 81 | # Stop search engines from indexing different files
 82 | # ----------------------------------------------------------------------
 83 | <FilesMatch "\.(txt|log|xml|css|js|gz)$">
 84 |   Header set X-Robots-Tag "noindex"
 85 | </FilesMatch>
 86 | 
 87 | # ----------------------------------------------------------------------
 88 | # Proper MIME type for all files
 89 | # ----------------------------------------------------------------------
 90 | # JavaScript
 91 | #   Normalize to standard type (it's sniffed in IE anyways)
 92 | #   tools.ietf.org/html/rfc4329#section-7.2
 93 | AddType application/javascript      js jsonp
 94 | AddType application/json        json
 95 | 
 96 | # Audio
 97 | AddType audio/ogg            oga ogg
 98 | AddType audio/mp4            m4a f4a f4b
 99 | 
100 | # Video
101 | AddType video/ogg            ogv
102 | AddType video/mp4            mp4 m4v f4v f4p 
103 | AddType video/webm            webm
104 | AddType video/x-flv            flv
105 | 
106 | # SVG
107 | #   Required for svg webfonts on iPad
108 | #   twitter.com/FontSquirrel/status/14855840545
109 | AddType   image/svg+xml          svg svgz
110 | AddEncoding gzip            svgz
111 | 
112 | # Webfonts
113 | AddType application/vnd.ms-fontobject  eot
114 | AddType application/x-font-ttf      ttf ttc
115 | AddType font/opentype          otf
116 | AddType application/x-font-woff      woff
117 | AddType image/svg+xml          svg
118 | 
119 | # Assorted types
120 | AddType image/x-icon            ico
121 | AddType image/webp              webp
122 | AddType text/cache-manifest          appcache manifest
123 | AddType text/x-component          htc
124 | AddType application/xml            rss atom xml rdf
125 | AddType application/x-chrome-extension    crx
126 | AddType application/x-opera-extension    oex
127 | AddType application/x-xpinstall        xpi
128 | AddType application/octet-stream      safariextz
129 | AddType application/x-web-app-manifest+json  webapp
130 | AddType text/x-vcard            vcf
131 | AddType application/x-shockwave-flash    swf
132 | 
133 | 
134 | # ----------------------------------------------------------------------
135 | # Gzip compression
136 | # ----------------------------------------------------------------------
137 | <IfModule mod_deflate.c>
138 |   # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
139 |   <IfModule mod_setenvif.c>
140 |     <IfModule mod_headers.c>
141 |       SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
142 |       RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
143 |     </IfModule>
144 |   </IfModule>
145 | 
146 |   # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
147 |   <IfModule filter_module>
148 |     FilterDeclare   COMPRESS
149 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html
150 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css
151 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain
152 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml
153 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/x-component
154 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/javascript
155 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/json
156 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xml
157 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xhtml+xml
158 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/rss+xml
159 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/atom+xml
160 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/vnd.ms-fontobject
161 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/svg+xml
162 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/x-icon
163 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/x-font-ttf
164 |     FilterProvider  COMPRESS  DEFLATE resp=Content-Type $font/opentype
165 |     FilterChain   COMPRESS
166 |     FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
167 |   </IfModule>
168 | 
169 |   <IfModule !mod_filter.c>
170 |     # Legacy versions of Apache
171 |     AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
172 |     AddOutputFilterByType DEFLATE application/javascript
173 |     AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
174 |     AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
175 |     AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
176 | 
177 |     AddOutputFilter DEFLATE application/atom+xml
178 |     AddOutputFilter DEFLATE application/json
179 |     AddOutputFilter DEFLATE application/xhtml+xml
180 |     AddOutputFilter DEFLATE application/xml
181 |     AddOutputFilter DEFLATE text/css
182 |     AddOutputFilter DEFLATE text/html
183 |     AddOutputFilter DEFLATE text/plain
184 |     AddOutputFilter DEFLATE text/x-component
185 |     AddOutputFilter DEFLATE text/xml
186 | 
187 |     # The following MIME types are in the process of registration
188 |     AddOutputFilter DEFLATE application/xslt+xml
189 |     AddOutputFilter DEFLATE image/svg+xml
190 | 
191 |     # The following MIME types are NOT registered
192 |     AddOutputFilter DEFLATE application/mathml+xml
193 |     AddOutputFilter DEFLATE application/rss+xml
194 | 
195 |     # JavaScript has various MIME types
196 |     AddOutputFilter DEFLATE application/javascript
197 |     AddOutputFilter DEFLATE application/x-javascript
198 |     AddOutputFilter DEFLATE text/ecmascript
199 |     AddOutputFilter DEFLATE text/javascript
200 | 
201 |     # .ico files and other compressible images
202 |     AddOutputFilter DEFLATE image/vnd.microsoft.icon
203 |     AddOutputFilter DEFLATE image/x-icon
204 |     AddOutputFilter DEFLATE image/bmp
205 |     AddOutputFilter DEFLATE image/tiff
206 |     AddOutputFilter DEFLATE application/pdf
207 | 
208 |     # compressible fonts (.woff is already compressed)
209 |     AddOutputFilter DEFLATE font/opentype
210 |     AddOutputFilter DEFLATE application/x-font-ttf font/ttf font/otf image/svg+xml
211 |     AddOutputFilter DEFLATE application/vnd.ms-fontobject
212 |   </IfModule>
213 | </IfModule>
214 | 
215 | 
216 | # ----------------------------------------------------------------------
217 | # Expires headers (for better cache control)
218 | # ----------------------------------------------------------------------
219 | # These are pretty far-future expires headers.
220 | # They assume you control versioning with filename-based cache busting
221 | # Additionally, consider that outdated proxies may miscache
222 | #   www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
223 | # If you don't use filenames to version, lower the CSS  and JS to something like
224 | #   "access plus 1 week" or so.
225 | <IfModule mod_expires.c>
226 |   ExpiresActive on
227 | 
228 |   <FilesMatch ".(jpg|png|gif)$">
229 |     ExpiresDefault A0
230 |     Header set Cache-Control "max-age=0,  no-cache, must-revalidate"
231 |   </FilesMatch>
232 | 
233 |   # Perhaps better to whitelist expires rules? Perhaps.
234 |   ExpiresDefault                "access plus 1 year"
235 | 
236 |   # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
237 |   ExpiresByType text/cache-manifest      "access plus 0 seconds"
238 | 
239 |   ExpiresByType application/json        "access plus 1 year"
240 |   ExpiresByType application/pdf        "access plus 1 year"
241 |   ExpiresByType application/x-shockwave-flash  "access plus 1 year"
242 |   ExpiresByType image/bmp           "access plus 1 year"
243 |   ExpiresByType image/gif           "access plus 1 year"
244 |   ExpiresByType image/jpeg           "access plus 1 year"
245 |   ExpiresByType image/png           "access plus 1 year"
246 |   ExpiresByType image/svg+xml         "access plus 1 year"
247 |   ExpiresByType image/tiff           "access plus 1 year"
248 |   ExpiresByType image/vnd.microsoft.icon     "access plus 1 year"
249 |   ExpiresByType image/x-icon          "access plus 1 year"
250 |   ExpiresByType text/css             "access plus 1 year"
251 |   ExpiresByType video/x-flv           "access plus 1 year"
252 |   ExpiresByType application/vnd.bw-fontobject  "access plus 1 year"
253 |   ExpiresByType application/x-font-ttf    "access plus 1 year"
254 |   ExpiresByType application/font-woff      "access plus 1 year"
255 |   ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
256 |   ExpiresByType font/ttf            "access plus 1 year"
257 |   ExpiresByType font/otf            "access plus 1 year"
258 |   ExpiresByType font/x-woff          "access plus 1 year"
259 |   ExpiresByType image/svg+xml          "access plus 1 year"
260 |   ExpiresByType font/opentype          "access plus 1 year"
261 |   ExpiresByType image/webp          "access plus 1 year"
262 | 
263 |   # The following MIME types are in the process of registration
264 |   ExpiresByType application/xslt+xml      "access plus 1 year"
265 |   ExpiresByType image/svg+xml          "access plus 1 year"
266 | 
267 |   # The following MIME types are NOT registered
268 |   ExpiresByType application/mathml+xml    "access plus 1 year"
269 |   ExpiresByType application/rss+xml    "access plus 1 year"
270 | 
271 |   # JavaScript has various MIME types
272 |   ExpiresByType application/x-javascript     "access plus 1 year"
273 |   ExpiresByType application/javascript     "access plus 1 year"
274 |   ExpiresByType text/ecmascript       "access plus 1 year"
275 |   ExpiresByType text/javascript       "access plus 1 year"
276 | </IfModule>
277 | 
278 | 
279 | 
280 | # ----------------------------------------------------------------------
281 | # ETag removal
282 | # ----------------------------------------------------------------------
283 | 
284 | # FileETag None is not enough for every server.
285 | <IfModule mod_headers.c>
286 |   Header unset ETag
287 | </IfModule>
288 | 
289 | # Since we're sending far-future expires, we don't need ETags for
290 | # static content.
291 | #   developer.yahoo.com/performance/rules.html#etags
292 | FileETag None
293 | 
294 | 
295 | 
296 | # ----------------------------------------------------------------------
297 | # Stop screen flicker in IE on CSS rollovers
298 | # ----------------------------------------------------------------------
299 | # The following directives stop screen flicker in IE on CSS rollovers - in
300 | # combination with the "ExpiresByType" rules for images (see above). If
301 | # needed, un-comment the following rules.
302 | BrowserMatch "MSIE" brokenvary=1
303 | BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
304 | BrowserMatch "Opera" !brokenvary
305 | SetEnvIf brokenvary 1 force-no-vary
306 | 
307 | 
308 | # ----------------------------------------------------------------------
309 | # Set Keep-Alive Header
310 | # ----------------------------------------------------------------------
311 | # Keep-Alive allows the server to send multiple requests through one TCP-connection.
312 | # Be aware of possible disadvantages of this setting. Turn on if you serve a lot of
313 | # static content.
314 | <IfModule mod_headers.c>
315 |   Header set Connection Keep-Alive
316 | </IfModule>
317 | 
318 | 
319 | # ----------------------------------------------------------------------
320 | # Start rewrite engine
321 | # ----------------------------------------------------------------------
322 | # Turning on the rewrite engine is necessary for the following rules and features.
323 | # FollowSymLinks must be enabled for this to work.
324 | #
325 | # Some cloud hosting services require RewriteBase to be set: goo.gl/HOcPN
326 | # If using the h5bp in a subdirectory, use `RewriteBase /foo` instead where 'foo' is your directory.
327 | <IfModule mod_rewrite.c>
328 |   Options +FollowSymlinks
329 |   RewriteEngine On
330 | # RewriteBase /
331 | </IfModule>
332 | 
333 | 
334 | # ----------------------------------------------------------------------
335 | # Suppress or force the "www." at the beginning of URLs
336 | # ----------------------------------------------------------------------
337 | <IfModule mod_rewrite.c>
338 |   RewriteCond %{HTTPS} !=on
339 |   RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
340 |   RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
341 | </IfModule>
342 | 
343 | 
344 | # ----------------------------------------------------------------------
345 | # Built-in filename-based cache busting
346 | # ----------------------------------------------------------------------
347 | # If you're not using the build script to manage your filename version revving,
348 | # you might want to consider enabling this, which will route requests for
349 | # /css/style.20110203.css to /css/style.css
350 | # To understand why this is important and a better idea than all.css?v1231,
351 | # read: github.com/h5bp/html5-boilerplate/wiki/cachebusting
352 | <IfModule mod_rewrite.c>
353 |   RewriteCond %{REQUEST_FILENAME} !-f
354 |   RewriteCond %{REQUEST_FILENAME} !-d
355 |   RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L]
356 | </IfModule>
357 | 
358 | 
359 | # ----------------------------------------------------------------------
360 | # Prevent 404 errors for non-existing redirected folders
361 | # ----------------------------------------------------------------------
362 | # without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
363 | #   e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
364 | Options -MultiViews
365 | 
366 | 
367 | # ----------------------------------------------------------------------
368 | # Youth media protection
369 | #  read: http://de.wikipedia.org/wiki/Jugendmedienschutz-Staatsvertrag
370 | # Prefer:Safe with Apache for rewrite
371 | #  read: http://tools.ietf.org/html/draft-nottingham-safe-hint-01
372 | # ----------------------------------------------------------------------
373 | <IfModule mod_rewrite.c>
374 |     RewriteCond %{HTTP:prefer} =safe
375 |     RewriteRule ^ - [F,L]
376 | </IfModule>
377 | 
378 | 
379 | # ----------------------------------------------------------------------
380 | # Custom 404 page
381 | # ----------------------------------------------------------------------
382 | 
383 | # You can add custom pages to handle 500 or 403 pretty easily, if you like.
384 | # If you are hosting your site in subdirectory, adjust this accordingly
385 | # e.g. ErrorDocument 404 /subdir/404.php
386 | # ErrorDocument 404 /404.php
387 | 
388 | 
389 | # ----------------------------------------------------------------------
390 | # A little more security
391 | # ----------------------------------------------------------------------
392 | # Do we want to advertise the exact version number of Apache we're running?
393 | # Probably not.
394 | ## This can only be enabled if used in httpd.conf - It will not work in .htaccess
395 | # ServerTokens Prod
396 | 
397 | 
398 | # "-Indexes" will have Apache block users from browsing folders without a default document
399 | # Usually you should leave this activated, because you shouldn't allow everybody to surf through
400 | # every folder on your server (which includes rather private places like CMS system folders).
401 | <IfModule mod_autoindex.c>
402 |   Options -Indexes
403 | </IfModule>
404 | 
405 | 
406 | # Block access to "hidden" directories whose names begin with a period. This
407 | # includes directories used by version control systems such as Subversion or Git.
408 | <IfModule mod_rewrite.c>
409 |   RewriteCond %{SCRIPT_FILENAME} -d
410 |   RewriteCond %{SCRIPT_FILENAME} -f
411 |   RewriteRule "(^|/)\." - [F]
412 | </IfModule>
413 | 
414 | 
415 | # Block access to backup and source files
416 | # This files may be left by some text/html editors and
417 | # pose a great security danger, when someone can access them
418 | <FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
419 |   Order allow,deny
420 |   Deny from all
421 |   Satisfy All
422 | </FilesMatch>
423 | 
424 | # ----------------------------------------------------------------------
425 | # WordPress features, rewrites
426 | # ----------------------------------------------------------------------
427 | 
428 | <Ifmodule mod_rewrite.c>
429 |   RewriteEngine On
430 |   RewriteBase /
431 |   
432 |   RewriteRule (.+)(#|%23) /$1 [R=301,NE,L]
433 | 
434 |   # Redirect HTTPS requests to HTTP
435 |   RewriteCond %{HTTPS} on
436 |   RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
437 |   
438 |   # Deny access with invalid or missing referer on log-in attempts
439 |   RewriteCond %{REQUEST_METHOD} POST
440 |   # See http://tltech.com/info/referrer-htaccess/
441 |   RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://\1/wp-login\.php
442 |   RewriteRule wp-login\.php - [L,R=403]
443 |   
444 |   # Deny access with invalid or missing referer on log-in attempts
445 |   RewriteCond %{REQUEST_METHOD} POST
446 |   RewriteCond %{HTTP_REFERER} ^$
447 |   RewriteRule wp-login\.php - [L,R=403]
448 | 
449 |   RewriteRule ^index\.php$ - [L]
450 |   
451 |   # uploaded files
452 |   RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]
453 |   
454 |   # forbid double slashes in all URLs
455 |   RewriteCond %{THE_REQUEST} ^[A-Z]+\ /(([^/\ ]+/)*)/+([^\ ]*)
456 |   RewriteRule ^ /%1%3 [L,R=301]
457 |   
458 |   RewriteCond %{REQUEST_FILENAME} -f [OR]
459 |   RewriteCond %{REQUEST_FILENAME} -d
460 |   RewriteRule ^ - [L]
461 |   RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
462 |   RewriteRule ^(.*\.php)$ $1 [L]
463 |   RewriteRule . index.php [L]
464 |   
465 |   # add a trailing slash to /wp-admin
466 |   RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
467 |   
468 |   # Rewrite/Redirect REST API to 404
469 |   RewriteRule ^wp-json.*$ /404 [R=404,L]
470 |   Redirect 301 /wp-json /404
471 |  
472 |   # Enumerating author names, see http://wordpress.stackexchange.com/a/130171/73
473 |   RewriteCond %{QUERY_STRING} author=\d
474 |   RewriteRule ^ /? [L,R=301]
475 | </Ifmodule>
476 | 
477 | # ----------------------------------------------------------------------
478 | # Little more security in WP and htaccess protection
479 | # ----------------------------------------------------------------------
480 | # PROTECT all htaccess files
481 | <Files ~ "^[\._]ht">
482 |   Order Allow,Deny
483 |   Deny from all
484 |   Satisfy All
485 | </Files>
486 | 
487 | # PROTECT wp-config.php
488 | <files wp-config.php>
489 |   Order Allow,Deny
490 |   Deny from all
491 |   Satisfy all
492 | </files>
493 | 
494 | # PROTECT wp-login.php
495 | #<files wp-login.php>
496 | #  AuthName "Admin-Bereich"
497 | #  AuthType Basic
498 | #  AuthUserFile /www/htdocs/absolute_path/.htusers
499 | #  require valid-user
500 | #</files>
501 | 
502 | # PROTECT readme.html
503 | <Files readme.html>
504 |   Order Allow,Deny
505 |   Deny from all
506 |   Satisfy all
507 | </Files>
508 | 
509 | # PROTECT install.php
510 | # Unkomment or change to 'Allow from all' for install of WordPress
511 | <Files install.php>
512 |   Order Allow,Deny
513 |   Deny from all
514 |   Satisfy all
515 | </Files>
516 | 
517 | # PROTECT xmlrpc.php
518 | #<Files xmlrpc.php>
519 | #  Order Allow,Deny
520 | #  Deny from all
521 | #</Files>
522 | 
523 | # ACCESS for xmlrpc surface only for different apps
524 | <IfModule mod_setenvif.c>
525 |   <Files xmlrpc.php>
526 |     # blogs
527 |     BrowserMatch "WordPress" allowed
528 |     # poster
529 |     BrowserMatch "Poster" allowed
530 |     # Windows Livew Writer
531 |     BrowserMatch "Windows Live Writer" allowed
532 |     # WP 4 iOS
533 |     BrowserMatch "wp-iphone" allowed
534 |     # WP 4 Android
535 |     BrowserMatch "wp-android" allowed
536 |     
537 |     Order Allow,Deny
538 |     Deny from All
539 |     Allow from env=allowed
540 |   </Files>
541 | </IfModule>
542 | 


--------------------------------------------------------------------------------
/.htusers:
--------------------------------------------------------------------------------
 1 | # ----------------------------------------------------------------------
 2 | # htaccess protection, the users for access
 3 | # ----------------------------------------------------------------------
 4 | # 
 5 | # Use http://bueltge.de/md5/ for get the password in md5 key
 6 | # List user:password
 7 | bueltge:asdfg123
 8 | maxmustermann:0123456789
 9 | johndoe:passwordinmd5
10 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # WordPress Starter
 2 | This is simple starter skeleton repo for a WordPress developer and live site - reduce the `wp-config.php` for live sites. The `.htaccess` is optimized for performance and security topics.
 3 | 
 4 | ## Description
 5 | * `wpbeta` as default name for the wp-directory; because i use the last nightly build for development
 6 | * WordPress as a Git submodule in `/wpbeta/`
 7 | * Custom content directory in `/wp-content/`
 8 | * Custom plugin directory in `/wp-plugins/`
 9 | * Custom multisite plugin directory in `/wpmu-plugins/`
10 | * `wp-config.php` in the root
11 | * Default as Multisite mode
12 | 
13 | ## Installation
14 | 1. Clone the Starter to your webserver `git clone https://github.com/bueltge/WordPress-Starter.git`
15 | 2. You need to run `git submodule init` and `git submodule update --recursive` to pull the WordPress Core
16 | 3. Change the settings, in particular the database inside the `wp-config.php`
17 | 
18 | ## Other Notes
19 | ### License
20 | Good news, this plugin is free for everyone! Since it's released under the GPL, you can use it free of charge on your personal or commercial blog. But if you enjoy this plugin, you can thank me and leave a [small donation](https://bueltge.de/wunschliste/ "Wishliste and Donate") for the time I've spent writing and supporting this plugin. And I really don't want to know how many hours of my life this plugin has already eaten ;)
21 | 
22 | ### Contact & Feedback
23 | The starter skeleton is created by me ([Frank Bültge](https://bueltge.de)) with many different input from other people
24 | 
25 | Please let me know if you like the plugin or you hate it or whatever ... Please fork it, add an issue for ideas and bugs.
26 | 
27 | ### Disclaimer
28 | I'm German and my English might be gruesome here and there. So please be patient with me and let me know of typos or grammatical farts. Thanks
29 | 
30 | ***
31 | 


--------------------------------------------------------------------------------
/humans.txt:
--------------------------------------------------------------------------------
 1 | /* the humans responsible & colophon */
 2 | /* humanstxt.org */
 3 | 
 4 | /* TEAM */
 5 | 	company: John Goe Agency
 6 | 	Site: http://example.com
 7 | 	Twitter: example
 8 | 	Location: Germany
 9 | 	
10 | 	shareholder: Frank Bueltge
11 | 	Site: http://bueltge.de
12 | 	Twitter: bueltge
13 | 	Location: Stadtroda, Germany
14 | 	
15 | 	employee: Max Mustermann
16 | 	Site: http://bueltge.github.com
17 | 	Twitter: 
18 | 	Location: Spain
19 | 
20 | /* THANKS */
21 | 	To our great employee
22 | 
23 | /* SITE */
24 | 	Standards: HTML5, CSS3
25 | 	Components: html5shim, jQuery
26 | 	Software: Apache, PHP, WordPress and much more


--------------------------------------------------------------------------------
/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 | // Stop most of WordPress from being loaded if we just want the basics.
 4 | define( 'SHORTINIT', TRUE );
 5 | /**/
 6 | 
 7 | // WordPress view bootstrapper
 8 | define( 'WP_USE_THEMES', TRUE );
 9 | // Loads the WordPress Environment and Template
10 | require( './wpbeta/wp-blog-header.php' );
11 | 
12 | if ( ! empty( $_SERVER['HTTPS'] ) && ( 'on' == $_SERVER['HTTPS'] ) ) {
13 | 	$uri = 'https://';
14 | } else {
15 | 	$uri = 'http://';
16 | }
17 | $uri .= $_SERVER['HTTP_HOST'];
18 | 
19 | header( 'Location: ' . $uri . '/wpbeta/' );
20 | exit;
21 | 


--------------------------------------------------------------------------------
/robots.txt:
--------------------------------------------------------------------------------
 1 | # www.robotstxt.org/
 2 | # https://developers.google.com/webmasters/control-crawl-index/
 3 | 
 4 | # Google Image
 5 | User-agent: Googlebot-Image
 6 | Disallow:
 7 | Allow: /*
 8 | 
 9 | # Google AdSense
10 | User-agent: Mediapartners-Google
11 | Disallow:
12 | 
13 | # digg mirror
14 | User-agent: duggmirror
15 | Disallow: /
16 | 
17 | # global
18 | User-agent: *
19 | Disallow: /cgi-bin/
20 | Disallow: /wp-admin/
21 | Disallow: /wp-includes/
22 | Disallow: /wp-content/plugins/
23 | Disallow: /wp-content/cache/
24 | Disallow: /wp-content/themes/
25 | Disallow: /trackback/
26 | Disallow: /feed/
27 | Disallow: /comments/
28 | Disallow: /category/*/*
29 | Disallow: */trackback/
30 | Disallow: */feed/
31 | Disallow: */comments/
32 | Disallow: /*?
33 | Allow: /wp-content/uploads/
34 | 


--------------------------------------------------------------------------------
/wp-config.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | // For Debug purpose add the url param: ?wp_debug=true
  3 | if ( isset($_GET['wp_debug']) && $_GET['wp_debug'] === 'true')
  4 | 	define( 'WP_DEBUG', TRUE );
  5 | else
  6 | 	define( 'WP_DEBUG', FALSE );
  7 | 
  8 | if ( WP_DEBUG ) {
  9 | 	define( 'WP_DEBUG_LOG', TRUE ); // leave the debug file in WP_CONTENT_DIR . '/debug.log'
 10 | 	define( 'WP_DEBUG_DISPLAY', TRUE );
 11 | 	
 12 |  // Development Mode, since WP 6.3
 13 |  define( 'WP_DEVELOPMENT_MODE', 'all' );
 14 | 
 15 | 	// Debug
 16 | 	// When this is defined and set to TRUE the non-minified versions of the Javascripts will be used.
 17 | 	define( 'SCRIPT_DEBUG', TRUE );
 18 | 	
 19 | 	@ini_set( 'log_errors', 'On' );
 20 | 	@ini_set( 'display_errors', 'On' );
 21 | 	@ini_set( 'error_log', $_SERVER['DOCUMENT_ROOT'] . '/logs/php_errors.log' );
 22 | }
 23 | 
 24 | /*
 25 | // for deactivate login/logout
 26 | function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) {
 27 | 	
 28 | 	return 1;
 29 | }
 30 | /**/
 31 | 
 32 | /*
 33 | // Proxy Settings
 34 | define( 'WP_PROXY_HOST', '10.28.123.4' );
 35 | define( 'WP_PROXY_PORT', '8080' );
 36 | define( 'WP_PROXY_USERNAME', 'username123' );
 37 | define( 'WP_PROXY_PASSWORD', 'password123' );
 38 | define( 'WP_PROXY_BYPASS_HOSTS', 'localhost' );
 39 | /**/
 40 | 
 41 | /*
 42 | // FTP Data
 43 | define( 'FTP_HOST', '' );
 44 | define( 'FTP_USER', 'username123' );
 45 | define( 'FTP_PASS', 'password123' );
 46 | define( 'FTP_SSL', FALSE );
 47 | /**/
 48 | 
 49 | /* FTP Method
 50 | define( 'FS_METHOD', 'direct' );
 51 | /**/
 52 | 
 53 | //*
 54 | // MySQL settings
 55 | define( 'DB_NAME',     'wpbeta' );
 56 | define( 'DB_USER',     'root' );
 57 | define( 'DB_PASSWORD', '' );
 58 | define( 'DB_HOST',     'localhost' );
 59 | define( 'DB_CHARSET',  'utf8' );
 60 | define( 'DB_COLLATE',  '' );
 61 | /**/
 62 | 
 63 | /**
 64 |  * WordPress and Site Adress
 65 |  * The WordPress- and the Site-Adress are automatically adopted 
 66 |  *    uring the installation process of WordPress and may be changed in 
 67 |  *    the administrator panel after the installation is completed.
 68 |  * @see http://marketpress.com/2013/wordpress-and-site-adress-explained/
 69 |  */
 70 | /*
 71 | // Home URL of your WordPress.
 72 | define( 'WP_SITEURL', 'http://localhost/wpbeta' );
 73 | // URL to the WordPress root dir.
 74 | define( 'WP_HOME', 'http://localhost/wpbeta' );
 75 | /**/
 76 | 
 77 | //*
 78 | // Custom content directory
 79 | define( 'WP_CONTENT_DIR',  dirname( __FILE__ ) . '/wp-content' );
 80 | define( 'WP_CONTENT_URL',  'http://' . $_SERVER['HTTP_HOST'] . '/wp-content' );
 81 | // Custom plugin directory
 82 | define( 'WP_PLUGIN_DIR',   dirname( __FILE__ ) . '/wp-plugins' );
 83 | define( 'WP_PLUGIN_URL',   'http://' . $_SERVER['HTTP_HOST'] . '/wp-plugins' );
 84 | // Custom mu plugin directory
 85 | define( 'WPMU_PLUGIN_DIR', dirname( __FILE__ ) . '/wpmu-plugins' );
 86 | define( 'WPMU_PLUGIN_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/wpmu-plugins' );
 87 | /**/
 88 | 
 89 | // Set memory limit
 90 | define( 'WP_MEMORY_LIMIT', '128M' );
 91 | if (
 92 | 	function_exists('memory_get_usage') &&
 93 | 	( (int) @ini_get('memory_limit') < abs( (int) WP_MEMORY_LIMIT ) )
 94 | 	)
 95 | 	@ini_set( 'memory_limit', WP_MEMORY_LIMIT );
 96 | 
 97 | // Save queries for read and optimize
 98 | define( 'SAVEQUERIES', TRUE );
 99 | 
100 | // Skip wp-content when upgrading to a new WordPress version.
101 | define( 'CORE_UPGRADE_SKIP_NEW_BUNDLED', TRUE );
102 | 
103 | // Disabling WordPress' Automatic Update 
104 | define( 'AUTOMATIC_UPDATER_DISABLED', FALSE );
105 | 
106 | /**
107 |  * The WordPress core has three different types of updates:
108 |  *  + Core development updates, known as the "bleeding edge"
109 |  *  + Minor core updates, such as maintenance and security releases
110 |  *  + Major core release updates
111 |  * Starting with version 3.7, automatic background updates were introduced by default 
112 |  * for minor core updates releases (generally security updates). 
113 |  * This default behavior can be overridden
114 |  */
115 | define( 'WP_AUTO_UPDATE_CORE', TRUE );
116 | 
117 | // Set revisions
118 | define( 'WP_POST_REVISIONS', 3 );
119 | 
120 | // nabling the "Trash" Feature for Media Files
121 | define( 'MEDIA_TRASH', TRUE );
122 | 
123 | /*
124 | // for enabling/disabling theme/plugin editor
125 | define( 'DISALLOW_FILE_EDIT', TRUE );
126 | /**/
127 | 
128 | /*
129 | // Disallow anything that creates, deletes, or edits core, plugin, or theme files.
130 | // Files in uploads are excepted.
131 | define( 'DISALLOW_FILE_MODS', TRUE );
132 | /**/
133 | 
134 | /*
135 | // Disallow unfiltered_html for all users, even admins and super admins
136 | define( 'DISALLOW_UNFILTERED_HTML', TRUE );
137 | /**/
138 | 
139 | /*
140 | // Allow uploads of filtered file types to users with administrator role
141 | define( 'ALLOW_UNFILTERED_UPLOADS', TRUE );
142 | /**/
143 | 
144 | /*
145 | // This will disable WordPress internal cron job. Maybe you will replace with
146 | //     a Hoster cron to reduce the load
147 | define( 'DISABLE_WP_CRON', TRUE );
148 | /**/
149 | 
150 | // Allow Multisite
151 | define( 'WP_ALLOW_MULTISITE', TRUE );
152 | 
153 | //*
154 | // Network setup
155 | define( 'MULTISITE',            TRUE );
156 | define( 'SUBDOMAIN_INSTALL',    FALSE );
157 | $base = '/wpbeta/';
158 | define( 'DOMAIN_CURRENT_SITE',  'localhost' );
159 | define( 'PATH_CURRENT_SITE',    '/wpbeta/' );
160 | define( 'SITE_ID_CURRENT_SITE', 1 );
161 | define( 'BLOG_ID_CURRENT_SITE', 1 );
162 | /**/
163 | 
164 | // Salts, for security
165 | // Grab these from: https://api.wordpress.org/secret-key/1.1/salt
166 | define( 'AUTH_KEY',         'put your unique phrase here' );
167 | define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
168 | define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
169 | define( 'NONCE_KEY',        'put your unique phrase here' );
170 | define( 'AUTH_SALT',        'put your unique phrase here' );
171 | define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
172 | define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
173 | define( 'NONCE_SALT',       'put your unique phrase here' );
174 | 
175 | //*
176 | // One cookie for all sites in network, easy to logged in in each site
177 | define( 'ADMIN_COOKIE_PATH', '/' );
178 | define( 'COOKIE_DOMAIN', '' );
179 | define( 'COOKIEPATH', '' );
180 | define( 'SITECOOKIEPATH', '' );
181 | /**/
182 | 
183 | /*
184 | // Important for use Multisite Without a Domain Mapping Plugin
185 | define( 'COOKIE_DOMAIN', FALSE );
186 | /**/
187 | 
188 | // Table prefix
189 | // Change this if you have multiple installs in the same database
190 | $table_prefix  = 'wpbeta_';
191 | 
192 | // Bootstrap WordPress
193 | if ( ! defined( 'ABSPATH' ) )
194 | 	define( 'ABSPATH', dirname( __FILE__ ) . '/wpbeta/' );
195 | 
196 | require_once( ABSPATH . 'wp-settings.php' );
197 | 


--------------------------------------------------------------------------------
/wp-content/.htaccess:
--------------------------------------------------------------------------------
1 | # PROTECT all log files
2 | <FilesMatch "\.(log|txt)$">
3 |   Order Allow,Deny
4 |   Deny from all
5 |   Satisfy All
6 | </FilesMatch>


--------------------------------------------------------------------------------
/wp-content/blogs.dir/.gitignore:
--------------------------------------------------------------------------------
1 | !.gitignore


--------------------------------------------------------------------------------
/wp-content/index.php:
--------------------------------------------------------------------------------
1 | <?php
2 | // Silence is golden.
3 | 


--------------------------------------------------------------------------------
/wp-content/themes/index.php:
--------------------------------------------------------------------------------
1 | <?php
2 | // Silence is golden.
3 | ?>


--------------------------------------------------------------------------------
/wp-content/upgrade/.gitignore:
--------------------------------------------------------------------------------
1 | !.gitignore


--------------------------------------------------------------------------------
/wp-plugins/index.php:
--------------------------------------------------------------------------------
1 | <?php
2 | // Silence is golden.
3 | 


--------------------------------------------------------------------------------