Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
プラグインとの付き合い方 #WPmeetupkobe / 2019-08-31 Kansai WordPress Meetup Kobe vol.10
Toro_Unit (Hiroshi Urabe)
August 31, 2019
Technology
4
1.1k
プラグインとの付き合い方 #WPmeetupkobe / 2019-08-31 Kansai WordPress Meetup Kobe vol.10
Toro_Unit (Hiroshi Urabe)
August 31, 2019
Tweet
Share
More Decks by Toro_Unit (Hiroshi Urabe)
See All by Toro_Unit (Hiroshi Urabe)
torounit
4
590
torounit
11
1.9k
torounit
2
1.3k
torounit
0
140
torounit
0
1.3k
torounit
0
130
torounit
2
170
torounit
1
39
torounit
0
50
Other Decks in Technology
See All in Technology
htomine
0
120
raykataoka
9
8.5k
1027kg
0
200
tosh2230
3
300
myajiri
0
320
imdigitallab
0
450
miura55
0
340
aditya45
2
2.3k
akitok_
1
700
torisoup
11
6k
ihcomega56
1
580
lmi
3
1.1k
Featured
See All Featured
wjessup
339
16k
lynnandtonic
272
16k
schacon
145
6.6k
jonyablonski
19
1.2k
keithpitt
401
20k
addyosmani
494
110k
dougneiner
118
7.9k
lemiorhan
627
43k
iamctodd
19
2k
lara
172
9.6k
mthomps
38
2.3k
colly
66
3k
Transcript
ϓϥάΠϯͱͷ͖߹͍ํ Toro_Unit @Kansai WP Meetup Kobe vol.10 1
$ whoami 2
Toro_Unit ෦ ߛ (͏Β ͻΖ͠) • Frontend Engineer • WordPress
Plugin and Theme Developer Github: @torounit Twitter: @Toro_Unit 3
Contribution • Shinshu WordPress Meetup • WordPress 4.3 / 4.4
/ 4.7 / 5.0 / 5.1 / 5.2 • WordCamp Osaka 2019 • WordCamp Osaka 2018 Speaker. • etc... 4
Plugins and Themes • Custom Post Type Permalinks • Advanced
Posts Blocks • Simple Post Type Permalinks • Powerful Posts Per Page (PPPP) • Vanilla • and more... 5
6
ݝদຊࢢ͔Β͖·ͨ͠ • ࠷ۙɺچ։ஐֶߍߍࣷͱ͍͏໌࣏ͷ ݐங͕ࠃๅʹͳΓ·ͨ͠ɻ • 8/29~9/9 ϏʔϧࡇΓ(দຊαϚʔϑΣ ετ) • 9/21
Shinshu WordPress Meetup • 9/20~23 ΫϥϑτϏʔϧϑΣε@দຊ 7
8
1.Α͋͘Δͭ͠Μɻ 9
Q.ʮϓϥάΠϯͬͯԿݸ͙Β͍͕͍͍ΜͰ͔͢ʁʯ 10
ͦΜͳͶ͐Αʂʂʂ 11
ͰɺϓϥάΠϯೖΕ͗͢Δͱ͘ͳΔͬͯฉ͍ͨΜͰ͚͢Ͳɾɾɾ 12
• ϓϥάΠϯͷ1ສߦͷϓϥάΠϯ1ͭͱɺ10ߦͷϓϥάΠϯ 100ݸͳΒɺޙऀͷํ͕ߦগͳ͍ (10000ߦ > 1000ߦ)ɻ • PHPϑΝΠϧ 100ݸͷϓϥάΠϯ̍ͭͱɺ1ݸͷϓϥάΠϯ10 ݸͳΒʁ
13
ͦͦͦΜͳʹߦͱ͔ϑΝΠϧͱ͔Ͱ͘ͳΓ·͢ʁ ޡࠩ͡Όͳ͍ʁ ܭଌͨ͠ʁ 14
• దʹཧग़དྷΔͷͰ͋Ε ɺ͓͖ͳ͚ͩͲ͏ͧɻ • ͕ଟ͍΄Ͳɺߋ৽ͳͲอकͷखؒ૿͑Δɻʢޙड़ʣ 15
ʮઈରʹΠϯετʔϧ͖͢ϓϥάΠϯʯ ʮඞਢϓϥάΠϯ ◦બʯ 16
ΜͳΜͶ͐Αʂʂʂ 17
• શͯͷ WordPress ϢʔβʔʹඞཁͳػೳͳΒͳΜͰຊମʹ ೖͬͯͳ͍ͷʁ • ͦͦຊମΛΧελϚΠζ͢ΔͨΊͷػೳɻͦΜͳʹΰϦ ΰϦΧελϚΠζ͠ͳ͍ͱ͑ͳ͍Ϟϊʁ 18
ྑ͘հ͞ΕΔͷɻ 19
1. ΩϟογϡܥϓϥάΠϯ • WP Super Cache • W3 Total Cache
͋ͨΓ͕Α͘ɺʮߴԽͷͨΊʹೖΕΑ͏ʂʯతϊϦհ͞Ε ͯ·͕͢ɻ 20
• Ωϟογϡ = Ұ࣌తʹอଘͯ͠σʔλΛ͍·Θ͢Έɻ • WordPress جຊతʹಈతʹHTMLΛੜ͢Δઓུɻ ਖ਼͘͠ ͖߹Θͳ͍ͱࣄނΔɻ •
Ωϟογϡػߏ͕ຊମʹଘࡏ͢Δ CMS ͋Δ • Drupal, concrete5 • ͦͦ htmlϑΝΠϧΛ࣮ࡍʹੜ͢ΔCMSɻ ( MovableType, ੩తαΠτδΣωϨʔλʔͳͲɻ) 21
22
• Πϯετʔϧ͢Δ͚ͩͰ؆୯ʂߴԽʂͦΜͳ͏·͍͕͋ ΔΘ͚ͳ͍ɻ • ͦͦ WP Super Cache Automattic
͕ 12લ͔Β࡞ͬ ͍ͯΔϓϥάΠϯ͕ͩɺ͍·ͩʹίΞʹऔΓࠐ·ΕΔ༧ఆ ؾແ͍࣌ͰશͯͷέʔεʹඞཁͳϞϊͰͳ͍ɻ • αΠτͷछྨɺઃఆɺػೳ࣍ୈͰ༷ʑͳෆ۩߹ΛҾ͖ى͜ ͢߹ɻ 23
24
2. ηΩϡϦςΟରࡦܥ • All In One WP Security & Firewall
• Wordfence Security • SiteGuard WP Plugin • etc... ਖ਼͘͠ઃఆ͢ΕηΩϡϦςΟΛ্ͤͯ͘͞ΕΔ߹͋Δ ͔͠Εͳ͍͚ͲɺͦΕΛ͠ͳ͚Ε΄΅ҙຯ͕ແ͍ɻ 25
ηΩϡϦςΟӠʑΛؾʹ͢ΔͳΒɺ·ͣͨΓલͷ͜ͱΛͨΓલʹ͔ͬͯΒɻ 26
ͨΓલͷ͜ͱ • ຊମɾϓϥάΠϯɾςʔϚͷΞοϓσʔτ • ेͳ͞ͷύεϫʔυ • ΞΧϯτΛෳਓͰڞ༗͠ͳ͍ / దͳݖݶઃఆ •
αʔόʔύεϫʔυͷదͳཧɻॳظύεϫʔυͷ··ʹ͠ͳ͍ɻ • αʔόʔ্Ͱݖݶͷઃఆɻ • ສ͕Ұʹඋ͑ͨόοΫΞοϓͱɺ෮چଶɻ 27
3. ΤσΟλ֦ுܥ • AddQuicktag • TinyMCE Advanced ΫϥγοΫΤσΟλʔʹ͍Ζ͍ΖػೳΛͯ͠هࣄͷ০ͱ͔ Λ͍͡Δͭɻ σϑΥϧτͰຬͰ͖ͳ͔ͬͨͱ͖ʹߟ͑Εʁ
ϩΫʹ͍ͬͯͳ͍ͷʹೖͬͯΔ͜ͱΊͬͪΌଟ͍ɻ 28
• Classic Editor ͱΓ͋͑ͣɺϒϩοΫΤσΟλʔͱͪΌΜͱ͖߹͔ͬͯΒͩͱ ࢥ͏Αɻ 29
4. SEO ܥ • All in One SEO Pack •
Yeost SEO • Google XML Sitemap • and more.... 30
• ͱΓ͋͑ͣೖΕͱ͖ΌॱҐ্͕Δͱ͔͋Γಘͳ͍ɻదͳઃ ఆ & ӡ༻͕ඞཁɻ • XML Sitemap ͕ڝ߹ͯ͠Δͷ·ΕʹΑ͘ݟ͔͚Δɻ •
ྑ͘ղΒͳ͍ͳΒͪΌΜͱ͑ͳ͍ͷͰɺ·ͣͦͬͪͷษ ڧΛɻͦͷ্Ͱඞཁͳઃఆ͕͋ΔͳΒߟ͑Δɻ 31
ϓϥάΠϯͷબఆ 32
ͪΌΜͱߟ͑ͯೖΕΔ • ͳΜͰೖΕ͔ͨྑ͘ղΒͳ͍ϓϥάΠϯ͍Ζ͍Ζॏՙʹ͔͠ͳΒ ͳ͍ɻ • ͳΜͰೖΕ͔ͨղΒͳ͍͔Βফͤͳ͍ɻ • ͪΌΜͱػೳΛ֬ೝͯ͠ೖΕΔɻ • ͨ·ʔʹɺಉ͡ػೳΛఏڙ͢ΔϓϥάΠϯ͕ෳ༗ޮʹͳͬͯͨ
Γ͢Δɻ • ྑ͘ղΒͳ͍ͷ͍Εͳ͍ɻ 33
ͳΔ͘γϯϓϧͳϞϊΛ • γϯϓϧʹɺͻͱͭͷ͜ͱΛ্ख͘͜ͳ͢ϓϥάΠϯͷํ͕ ཧղ͠қ͘ɺϝϯς͍͢͠ɻ • All in One ͳΜͱ͔Έ͍ͨͳͷͱ͔ɺԿ͔͛͢ʔύϫʔΞο ϓ͢ΔϓϥάΠϯɺͪΌΜͱཧղ͠ͳ͍ͱة͏͍ɻ
• ϓϥάΠϯ։ൃ͕ࢭ·ͬͨΓ͢Δ͜ͱرʹΑ͋͘ΔͷͰɺ ͦͷࡍʹɺ༰қʹΓ͑ΒΕΔ or ࣗͰϝϯςφϯεग़དྷ ΔϞϊΛɻ 34
େنͳϞϊ৺த͢Δ֮ޛΛ • WooCommerce BuddyPress ɺେنʹαΠτͦͷͷ ͷੑ࣭Λม͑ͯ͠·͏Α͏ͳϓϥάΠϯɺWordPress ϕʔε ͷผͷ CMS
ͱଊ͑ͯ৺த͢Δ֮ޛΛɻ • ʮWooCommerce ࣙΊΔ = ଞͷ CMS ʹΓ͑Δʯ͘Β ͍ͷϞϊͱଊ͖͑ͯ߹͏ɻ • ͦͷࡍʹॏཁʹͳͬͯ͘Δͷɺ αϙʔτ ɺ ίϛϡχςΟ ɺ ΤίγεςϜ 35
ͷબఆج४ • ϓϥάΠϯ୭Ͱ࡞ΕΔͷͰɺۄੴࠞަɻ • ഁյతมߋ͕ೖͬͨΓɺPro൛ʹҠߦͯ͠Free൛ػೳ͕ݮͬͨΓ͢ Δ͜ͱɻ • ࡞ऀͷ࣮ɺWordPress.org ɺGithub Ͱͷ׆ಈɺίʔυͷ
࣭ɺαϙʔτϑΥʔϥϜͰͷճͳͲΛݟͯஅɻ • ࡞ऀͱͷίϛϡχέʔγϣϯίετɻ • Γ߹͍ɺݴ༿͕௨͍͢͡ਓͷํ͕ίετ͍ɻ 36
• Active installɺμϯϩʔυɺ։ൃ࣌ظɺ༻్࣍ୈͳ ͷͰͦ͜·Ͱ͋ͯʹͯ͠ͳ͍ɻࣅͨΑ͏ͳϓϥάΠϯ͕͋ͬ ͨΒؾʹ͢Δ͔ͳʔͬͯఔɻ 37
༨ஊʮϓϥάΠϯΛ͔ͭΘͳ͍Ͱग़དྷΔʂʯͱ͔͋Δ͚Ͳ • ࣗͰ࡞Δ߹ͷͱϝϯςφϯεͱɺϓϥάΠϯΛ͏߹ ͷͱϦεΫ(ޙड़)Λఱṝʹ͔͚ͯબɻ • ͍ͯ͏͔Α͘͠Βͳ͍ͻͱͷίʔυΛӏವΈʹ͠ͳ͍ɻ • ͍ͯ͏͔ͦΕϓϥάΠϯʹ͢Ε͑͑Μɻ • functions.php
ͳͷ͔ϓϥάΠϯͳͷ͔ςʔϚͷઃܭͷͳ ͷͰ͋ͬͯɺطଘͷϓϥάΠϯΛ͍͍͔͍ͨͨ͘ͳ͍͔ͱ ผ࣍ݩͷͩΑɻ 38
ϓϥάΠϯͱ্खʹ͖߹͏ͨΊʹɻ 39
ࠓͳͬͨ੬ऑੑɻ ใࠂ ରͷϓϥάΠϯ Πϯετʔϧ όʔδϣϯ ੬ऑੑ 2019/03/15 Easy WP SMTP
40ສ݅ 1.3.9Ҏલ ཧऀͷಛݖঢ֨ 2019/03/21 Social Warfare 6ສ݅ 3.5.2Ҏલ XSSʢ֨ೲܕʣɺ ҙίʔυͷ࣮ߦ 2019/03/30 Yuzo Related Posts 6ສ݅ 5.12.91Ҏલ XSSʢ֨ೲܕʣ 2019/04/09 Visual CSS Style Editor 3ສ݅ 7.1.9Ҏલ ཧऀͷಛݖঢ֨ WordPressϓϥάΠϯΛૂ͏߈ܸ͕׆ൃԽ͍ͯ͠Δ݅Λ·ͱΊͯΈͨ - piyolog 40
Ҿ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़ใ | ιϑτΣΞWAFͷJP-Secure 41
• ຊମͷ߈ܸͱ͍͏ͷ࣮গͳ͍ɻ • ϓϥάΠϯɾςʔϚͷ߈ܸ͕6ׂɻ 42
/wp-content/themes/urbancity/lib/scripts/ download.php?file=../../../../../wp-config.php /wp-content/themes/trinity/lib/scripts/ download.php?file=../../../../../wp-config.php /wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php /wp-content/themes/TheLoft/download.php?file=../../../wp-config.php /wp-content/themes/lote27/download.php?download=../../../wp-config.php /wp-content/themes/authentic/includes/download.php? file=../../../../wp-config.php /wp-content/plugins/membership-simplified-for-oap-members-only/
download.php?download_file=.././.././.././wp-config.php /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php? download_file=../../../wp-config.php Ҿ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़ใ | ιϑτΣΞWAFͷJP- Secure 43
Πϯετʔϧ͕ଟ͍ != ҆શ • ͻͱͭͷج४ʹҧ͍ͳ͍͚Ͳɺ҆શੑɾ࣭Λอূ͢Δج ४Ͱͳ͍ɻ • Πϯετʔϧ͕ଟ͍ = ߈ܸͷλʔήοτʹͳΓ͍͢ɻ
44
੬ऑੑͳͲͷใऩू ੬ऑੑͳͲக໋తʹͳΓ͕ͪͳͷͰɺϚϝʹνΣοΫɻ • WordPress Tavern – WordPress News — Free
as in Beer. • WPScan Vulnerability Database • JVN iPedia - ੬ऑੑରࡦใσʔλϕʔε • Blog – Plugin Vulnerabilities 45
46
WPScan WPScan Vulnerability Database ͷσʔλΛ༻͍ͯɺ੬ऑੑݕࠪ Λ͢ΔϓϥάΠϯɻ • ੬ऑੑ͕ൃݟ͞Εͨ߹ϝʔϧͰͷ௨͞ΕΔɻ 47
ΞοϓσʔτઓུΛߟ͑Δ • ྲྀੴʹɺ24࣌ؒ365ࢹ͠ଓ͚Δͷ͍͠ • ۓٸͷߴ͍ϞϊͰແ͚Εͪΐͬͱ์ஔͯ͠େৎɻ • ์ஔ͗͢͠Δͱɺόʔδϣϯ্͕͕Γ͗͢Δ & ಉ࣌ʹෳͷ ϓϥάΠϯΛΞοϓσʔτ͢Δ͜ͱʹͳΓɺෆ۩߹ͷݕূ͕
ࠔʹɻ 48
ྫ1 • ੬ऑੑ͕ൃݟ͞ΕͨΒͪʹߋ৽ • ͦ͏Ͱແ͚Εि1ͱ͔Ͱߋ৽ • ຊ൪ͱ΄΅ಉҰͷςετڥΛ༻ҙɺ֬ೝޙɺຊ൪ద༻ɻ 49
ྫ2 • Advanced Automatic Updates ɺ JetPack Ͱࣗಈߋ৽ɻ • յΕͨΒόοΫΞοϓ͔Β෮چͯ͠ݪҼௐࠪɻ
50
ྫ3 • WordPress Λ੩తԽ • هࣄߋ৽࣌ͷΈαʔόʔΛىಈ 51
ϓϥάΠϯΛ͏͜ͱͷϦ εΫ 1. ϓϥάΠϯͷόάɻෆ۩߹ɻηΩϡϦ ςΟϗʔϧɻ 2. ޙํޓੑͷແ͍มߋɻ 3. ։ൃͷఀࢭɻ 4.
PHP ͷ ΞοϓσʔτʹΑΔෆ۩߹ͳ Ͳ 52
͜ΕΒͱͲ͏͖߹͍ͬͯ͘ʁ 53
ϑΥʔΫͯࣗ͠Ͱϝϯςφϯεɻ • ϋʔυϞʔυɻ ͓ۚ͘͠ΛͬͯͬͯΒ͏ɻ શ෦ࣗͰ։ൃ • ϋʔυϞʔυɻ طଘͷϓϥάΠϯͷ࣮͕ؾʹ͘Θͳ͍ɺ ΦʔόʔεϖοΫա͗Δͱ͖ͱ͔ɻ 54
or 55
࡞ऀϑΟʔυόοΫ 56
ͨͱ͑ • ։ൃ൛ͷςετ • όάϨϙʔτ • ػೳఏҊ • υΩϡϝϯτ •
मਖ਼ͨ͠ΒύονɺϓϧϦΫΤετͳͲΛૹͬͯΈΔɻ • ελʔΛ͚ͨΓɺدͯ͠ΈͨΓɻ 57
࡞ऀϑΟʔυόοΫΛͬͯ·͢ʂ Φʔϓϯιʔεʂ 58
ϓϥάΠϯΛެ։͍ͯ͠Δཧ༝ɻ • ཧը໘͔ΒΞοϓσʔτ͍ͨ͠ʂ • ϓϥάΠϯʹ͢Δ͜ͱͰɺ͍Ζ͍Ζ͍ճͤΔΑ͏ʹͳΔɻ • ࣗͰؾ͔ͳ͍όάɺࣝɾΞΠσΞͳͲΛڭ͑ͯ ΒͬͨΓɻͯ͠ΒͬͨΓɻ • ͦΕʹΑͬͯൃੜ͢Δίϛϡχέʔγϣϯɻ
59
࡞ऀͱͷίϛϡχέʔγϣϯେɻ 60
• όάϨϙʔτɺࠔΓ͝ͱͳͲͷϑΟʔυόοΫଟ͍͕ɺϙ δςΟϒͳϑΟʔυόοΫҙ֎ʹগͳ͍ɻ • ΘΕ͍ͯΔ͜ͱΛ࡞ऀΒͳ͍͜ͱҙ֎ʹଟ͍ɻ • ελʔΛ͚ͨΓɺدͳͲΛ͢Δͷ΄Μͱʹॏཁɻ • ʮࣄͱͯ͠ϓϥάΠϯอकͯ͠ ʯΈ͍ͨͳέʔε͋Δɻ
61
WordPress Φʔϓϯιʔε! 62
ΦʔϓϯιʔεͷιϑτΣΞͱ ୭Ͱࣗ༝ʹɺར༻ɾมߋɾڞ༗ग़དྷΔιϑτΣΞɻ Φʔϓϯιʔεͷֶͱ ୭Ͱࣗ༝ʹɺίϐʔɺมߋɺίϛϡχέʔγϣϯΛ͠ͳ͕ΒߩݙͰ͖ Δڞಉ࡞ۀͷߟ͑ํͰ͋Δɻ Ҿ༻ɿGovernment open source — ࣏ࣗମͷΦʔϓϯιʔε׆༻
// Speaker Deck 63
64
65
@See.. • Government open source — ࣏ࣗମͷΦʔϓϯιʔε׆ ༻ // Speaker
Deck • Takayuki Miyauchi: ϫʔΫϑϩʔͱͯ͠ͷΦʔϓϯιʔε | WordPress.tv • Hiroshi Urabe: WordPressͷϓϥάΠϯ࡞ͬͨΓίΞίϯτϦ Ϗϡʔλʔʹͳͬͨɻ ͦͯ͠ɺͦͷָ͠͞ͱҙٛ | WordPress.tv 66
Thanks! Github: @torounit Twitter: @Toro_Unit Facebook: fb.me/torounit Blog: https://torounit.com 67