Hanson.xyz Dev
85 lines
2.9 KiB
Markdown
85 lines
2.9 KiB
Markdown
# HomeProz Server Dependencies
|
|
|
|
This document tracks server-side dependencies required for the HomeProz WordPress site.
|
|
|
|
## PHP Extensions
|
|
|
|
| Extension | Purpose | Status |
|
|
|-----------|---------|--------|
|
|
| `gd` | Image manipulation, WebP conversion | Pre-installed |
|
|
| `imagick` | Image manipulation, WebP conversion (alternative to GD) | Pre-installed |
|
|
|
|
Both extensions include WebP support, verified with:
|
|
```bash
|
|
php -r "echo 'GD WebP: ' . (function_exists('imagewebp') ? 'Yes' : 'No') . PHP_EOL;"
|
|
php -r "echo 'Imagick WebP: ' . (in_array('WEBP', Imagick::queryFormats()) ? 'Yes' : 'No') . PHP_EOL;"
|
|
```
|
|
|
|
## Nginx Configuration
|
|
|
|
### WebP Serving Rules
|
|
|
|
Added to `/etc/nginx/sites-available/default` on 2025-11-28:
|
|
|
|
```nginx
|
|
# WebP Converter for Media - serve WebP when available
|
|
location ~ /wp-content/(?<path>.+)\.(?<ext>jpe?g|png|gif|webp)$ {
|
|
add_header Vary Accept;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
access_log off;
|
|
|
|
if ($http_accept !~* "image/webp") {
|
|
break;
|
|
}
|
|
try_files /wp-content/uploads-webpc/$path.$ext.webp $uri =404;
|
|
}
|
|
```
|
|
|
|
**Purpose:** When a browser requests an image from wp-content and sends `Accept: image/webp`, Nginx checks for a WebP version in `/wp-content/uploads-webpc/` and serves it instead. Falls back to original if WebP not available.
|
|
|
|
**After changes:** Run `nginx -t && service nginx reload`
|
|
|
|
## WordPress Plugins (Image Processing)
|
|
|
|
| Plugin | Version | Purpose |
|
|
|--------|---------|---------|
|
|
| Converter for Media | 6.3.2 | Converts uploaded images to WebP locally using PHP GD/Imagick |
|
|
|
|
The plugin stores converted WebP files in `/wp-content/uploads-webpc/` mirroring the structure of `/wp-content/uploads/`.
|
|
|
|
## WordPress Plugins (Security)
|
|
|
|
| Plugin | Version | Purpose |
|
|
|--------|---------|---------|
|
|
| All In One WP Security | 5.4.4 | Login protection, basic firewall, user enumeration blocking |
|
|
|
|
### AIOS Configuration Summary
|
|
|
|
**Login Protection:**
|
|
- Max login attempts: 10
|
|
- Retry time period: 5 minutes
|
|
- Lockout length: 30 minutes (max 60)
|
|
- Instant lockout usernames: admin, administrator, test
|
|
- Generic login error messages: enabled
|
|
- Email notifications: enabled
|
|
- Login honeypot: enabled
|
|
|
|
**Hardening:**
|
|
- File editing disabled
|
|
- WP generator meta removed
|
|
- Default WP file access prevented
|
|
- User enumeration blocked
|
|
- Unauthorized REST API blocked
|
|
- Clickjacking protection enabled
|
|
- Directory indexing disabled
|
|
|
|
**Note:** Many features (5G/6G firewall, IP blacklisting, advanced brute force) are intentionally disabled as Sucuri WAF will handle these at the edge.
|
|
|
|
## Notes
|
|
|
|
- No external APIs or services are used for image processing
|
|
- All image conversion happens locally on the server
|
|
- WordPress core handles thumbnail generation for all registered image sizes
|
|
- Security hardening complements (not duplicates) Sucuri WAF features
|