HTTP Nginx Auth (Password Required) Option?
Not at this time. We felt that adding a secondary “http auth” login via Nginx to the WP Admin / WP login is a bit pointless. SlickStack already has built in anti-brute force features for that URI pattern, as does Cloudflare. You can even use Cloudflare to setup a DNS-level auth page or security rules […]
Errors During Update
The vast majority of “errors” or issues with SlickStack can be solved by simply running the following scripts, sometimes repeatedly, until all files and configuration are force updated: ss-check ss-worker ss-update ss-install If you have run ss-update or ss-install for example, but encounter either errors in the shell (CLI) or frontend (e.g. 500 error, etc) […]
Subdomains Support
Yes subdomains and sub-subdomains are supported with SlickStack for both single sites and multisite networks in WordPress. Single site examples: sub.example.com sub.sub.example.com blog.example.com Multisite network examples: shops.example.com blogs.students.example.com However if you are using the “www” subdomain for vanity or usability reasons, this will also work fine — but most developers will not refer to this […]
All the SSL Variation Options
Complete breakdown of the variations used in SlickStack config when generating SSL certificates for both OpenSSL and Let’s Encrypt (Certbot): https://github.com/littlebizzy/slickstack/blob/master/ss-encrypt.txt Single Site + Not Subdomain + Contains www + Email Alerts Single Site + Subdomain + Contains www + Email Alerts Single Site + Not Subdomain + Not www + Email Alerts Single […]
Can we run SlickStack without using Cloudflare?
Yes you can. As of December 2019 we now support Let’s Encrypt (Certbot), as a backup SSL option instead of self-signed OpenSSL (which must be paired with Cloudflare to load properly). However the idea here is that Let’s Encrypt is a “backup” SSL option, to ensure that SlickStack does not fully rely on a third […]
Blacklisted WordPress Plugins
The Plugin Blacklist plugin is included by default in SlickStack, but is not a required “core” MU plugin. However, there are certain categories of WP plugins that will still be force-deleted by the ss-clean Bash script in SlickStack for reasons of security and stability. We try to keep this list relatively slim, to avoid overly […]
Will SlickStack ever add any type of user interface?
No we will never add any UI or GUI type interface. The reason is because we want SlickStack to be as lightweight and secure as possible. Plus, this approach allows other services to build on top of SlickStack, for example if an agency wants to offer server deployment premium interface they can use SlickStack as […]
What pages does SlickStack skip caching?
By default the following are skipped: /cart* /checkout* /my-* /contact* /dashboard* /login* /register* /order* /profile* /settings* /view* /wc-api* /wp-admin* /wp-*.php https://github.com/littlebizzy/slickstack/blob/master/nginx/default-single-site.txt
PHP Strict Types
PHP gets enough flack for being insecure and untamed. Moving toward stronger security and stricter coding is one of the benefits of PHP 7+ The short answer is you should pretty much always use strict_types whenever possible, these days. However, if you’re upgrading old code, you of course need to be sure that everything works […]
Dangerous PHP Functions
This page to be updated asap for PHP 7.2 and PHP 7.4 focus… below are historically known dangerous PHP functions: exec,shell_exec,curl_exec,curl_multi_exec,escapeshellarg,system,mail,passthru,proc_open,proc_close,proc_terminate,popen,curl_exec,parse_ini_file,show_source,dl