プラグインとの付き合い方 #WPmeetupkobe / 2019-08-31 Kansai WordPress Meetup Kobe vol.10

Transcript

1. ϓϥάΠϯͱͷ෇͖߹͍ํ Toro_Unit @Kansai WP Meetup Kobe vol.10 1

2. $ whoami 2

3. Toro_Unit ઎෦ ߛ (͏Β΂ ͻΖ͠) • Frontend Engineer • WordPress

   Plugin and Theme Developer Github: @torounit Twitter: @Toro_Unit 3

4. Contribution • Shinshu WordPress Meetup • WordPress 4.3 / 4.4

   / 4.7 / 5.0 / 5.1 / 5.2 • WordCamp Osaka 2019 • WordCamp Osaka 2018 Speaker. • etc... 4

5. Plugins and Themes • Custom Post Type Permalinks • Advanced

   Posts Blocks • Simple Post Type Permalinks • Powerful Posts Per Page (PPPP) • Vanilla • and more... 5

6. 6

7. ௕໺ݝদຊࢢ͔Β͖·ͨ͠ • ࠷ۙɺچ։ஐֶߍߍࣷͱ͍͏໌࣏ͷ ݐங͕ࠃๅʹͳΓ·ͨ͠ɻ • 8/29~9/9 ϏʔϧࡇΓ(দຊαϚʔϑΣ ετ) • 9/21

   Shinshu WordPress Meetup • 9/20~23 ΫϥϑτϏʔϧϑΣε@দຊ ৓ 7

8. 8

9. 1.Α͋͘Δͭ͠΋Μɻ 9

10. Q.ʮϓϥάΠϯͬͯԿݸ͙Β͍͕͍͍ΜͰ͔͢ʁʯ 10

11. ͦΜͳ΋Ͷ͐Αʂʂʂ 11

12. Ͱ΋ɺϓϥάΠϯೖΕ͗͢Δͱ஗͘ͳΔͬͯฉ͍ͨΜͰ͚͢Ͳɾɾɾ 12

13. • ϓϥάΠϯͷ1ສߦͷϓϥάΠϯ1ͭͱɺ10ߦͷϓϥάΠϯ 100ݸͳΒ͹ɺޙऀͷํ͕ߦ਺গͳ͍ (10000ߦ > 1000ߦ)ɻ • PHPϑΝΠϧ 100ݸͷϓϥάΠϯ̍ͭͱɺ1ݸͷϓϥάΠϯ10 ݸͳΒʁ

    13

14. ͦ΋ͦ΋ͦΜͳʹߦ਺ͱ͔ϑΝΠϧ਺ͱ͔Ͱ஗͘ͳΓ·͢ʁ ޡࠩ͡Όͳ͍ʁ ܭଌͨ͠ʁ 14

15. • ద੾ʹ؅ཧग़དྷΔͷͰ͋Ε͹ ɺ͓޷͖ͳ͚ͩͲ͏ͧɻ • ਺͕ଟ͍΄Ͳɺߋ৽ͳͲอकͷखؒ͸૿͑Δɻʢޙड़ʣ 15

16. ʮઈରʹΠϯετʔϧ͢΂͖ϓϥάΠϯʯ ʮඞਢϓϥάΠϯ ◦બʯ 16

17. Μͳ΋ΜͶ͐Αʂʂʂ 17

18. • શͯͷ WordPress ϢʔβʔʹඞཁͳػೳͳΒͳΜͰຊମʹ ೖͬͯͳ͍ͷʁ • ͦ΋ͦ΋ຊମΛΧελϚΠζ͢ΔͨΊͷػೳɻͦΜͳʹΰϦ ΰϦΧελϚΠζ͠ͳ͍ͱ࢖͑ͳ͍Ϟϊʁ 18

19. ྑ͘঺հ͞ΕΔ΋ͷɻ 19

20. 1. ΩϟογϡܥϓϥάΠϯ • WP Super Cache • W3 Total Cache

    ͋ͨΓ͕Α͘ɺʮߴ଎ԽͷͨΊʹೖΕΑ͏ʂʯతϊϦ঺հ͞Ε ͯ·͕͢ɻ 20

21. • Ωϟογϡ = Ұ࣌తʹอଘͯ͠σʔλΛ࢖͍·Θ͢࢓૊Έɻ • WordPress ͸جຊతʹಈతʹHTMLΛੜ੒͢Δઓུɻ ਖ਼͘͠ ෇͖߹Θͳ͍ͱࣄނΔɻ •

    Ωϟογϡػߏ͕ຊମʹଘࡏ͢Δ CMS ΋͋Δ • Drupal, concrete5 ౳ • ͦ΋ͦ΋ htmlϑΝΠϧΛ࣮ࡍʹੜ੒͢ΔCMS΋ɻ ( MovableType, ੩తαΠτδΣωϨʔλʔͳͲɻ) 21

22. 22

23. • Πϯετʔϧ͢Δ͚ͩͰ؆୯ʂߴ଎ԽʂͦΜͳ͏·͍࿩͕͋ ΔΘ͚ͳ͍ɻ • ͦ΋ͦ΋ WP Super Cache ͸ Automattic

    ͕ 12೥લ͔Β࡞ͬ ͍ͯΔϓϥάΠϯ͕ͩɺ͍·ͩʹίΞʹऔΓࠐ·ΕΔ༧ఆ΋ ؾ഑΋ແ͍࣌఺ͰશͯͷέʔεʹඞཁͳϞϊͰ͸ͳ͍ɻ • αΠτͷछྨɺઃఆɺػೳ࣍ୈͰ͸༷ʑͳෆ۩߹ΛҾ͖ى͜ ͢৔߹΋ɻ 23

24. 24

25. 2. ηΩϡϦςΟରࡦܥ • All In One WP Security & Firewall

    • Wordfence Security • SiteGuard WP Plugin • etc... ਖ਼͘͠ઃఆ͢Ε͹ηΩϡϦςΟΛ޲্ͤͯ͘͞ΕΔ৔߹΋͋Δ ͔΋͠Εͳ͍͚ͲɺͦΕΛ͠ͳ͚Ε͹΄΅ҙຯ͕ແ͍ɻ 25

26. ηΩϡϦςΟӠʑΛؾʹ͢ΔͳΒɺ·ͣ౰ͨΓલͷ͜ͱΛ౰ͨΓલʹ΍͔ͬͯΒɻ 26

27. ౰ͨΓલͷ͜ͱ • ຊମɾϓϥάΠϯɾςʔϚͷΞοϓσʔτ • े෼ͳ௕͞ͷύεϫʔυ • ΞΧ΢ϯτΛෳ਺ਓͰڞ༗͠ͳ͍ / ద੾ͳݖݶઃఆ •

    αʔόʔύεϫʔυͷద੾ͳ؅ཧɻॳظύεϫʔυͷ··ʹ͠ͳ͍ɻ • αʔόʔ্Ͱݖݶͷઃఆɻ • ສ͕Ұʹඋ͑ͨόοΫΞοϓͱɺ෮چଶ੎ɻ 27

28. 3. ΤσΟλ֦ுܥ • AddQuicktag • TinyMCE Advanced ΫϥγοΫΤσΟλʔʹ͍Ζ͍ΖػೳΛ଍ͯ͠هࣄͷ૷০ͱ͔ Λ͍͡Δ΍ͭɻ σϑΥϧτͰຬ଍Ͱ͖ͳ͔ͬͨͱ͖ʹߟ͑Ε͹ʁ

    ϩΫʹ࢖͍ͬͯͳ͍ͷʹೖͬͯΔ͜ͱΊͬͪΌଟ͍ɻ 28

29. • Classic Editor ͱΓ͋͑ͣɺϒϩοΫΤσΟλʔͱͪΌΜͱ෇͖߹͔ͬͯΒͩͱ ࢥ͏Αɻ 29

30. 4. SEO ܥ • All in One SEO Pack •

    Yeost SEO • Google XML Sitemap • and more.... 30

31. • ͱΓ͋͑ͣೖΕͱ͖ΌॱҐ্͕Δͱ͔͋Γಘͳ͍ɻద੾ͳઃ ఆ & ӡ༻͕ඞཁɻ • XML Sitemap ͕ڝ߹ͯ͠Δͷ·ΕʹΑ͘ݟ͔͚Δɻ •

    ྑ͘ղΒͳ͍ͳΒͪΌΜͱ࢖͑ͳ͍ͷͰɺ·ͣ͸ͦͬͪͷษ ڧΛɻͦͷ্Ͱඞཁͳઃఆ͕͋ΔͳΒ͹ߟ͑Δɻ 31

32. ϓϥάΠϯͷબఆ 32

33. ͪΌΜͱߟ͑ͯೖΕΔ • ͳΜͰೖΕ͔ͨྑ͘ղΒͳ͍ϓϥάΠϯ͸͍Ζ͍Ζॏՙʹ͔͠ͳΒ ͳ͍ɻ • ͳΜͰೖΕ͔ͨղΒͳ͍͔Βফͤͳ͍ɻ • ͪΌΜͱػೳΛ֬ೝͯ͠ೖΕΔɻ • ͨ·ʔʹɺಉ͡ػೳΛఏڙ͢ΔϓϥάΠϯ͕ෳ਺༗ޮʹͳͬͯͨ

    Γ͢Δɻ • ྑ͘ղΒͳ͍΋ͷ͍Εͳ͍ɻ 33

34. ͳΔ΂͘γϯϓϧͳϞϊΛ • γϯϓϧʹɺͻͱͭͷ͜ͱΛ্ख͘͜ͳ͢ϓϥάΠϯͷํ͕ ཧղ͠қ͘ɺϝϯς͠΍͍͢ɻ • All in One ͳΜͱ͔Έ͍ͨͳͷͱ͔ɺԿ͔͛͢ʔύϫʔΞο ϓ͢ΔϓϥάΠϯ͸ɺͪΌΜͱཧղ͠ͳ͍ͱة͏͍ɻ

    • ϓϥάΠϯ͸։ൃ͕ࢭ·ͬͨΓ͢Δ͜ͱرʹΑ͋͘ΔͷͰɺ ͦͷࡍʹɺ༰қʹ৐Γ׵͑ΒΕΔ or ࣗ෼Ͱϝϯςφϯεग़དྷ ΔϞϊΛɻ 34

35. େن໛ͳϞϊ͸৺த͢Δ֮ޛΛ • WooCommerce ΍ BuddyPress ౳ɺେن໛ʹαΠτͦͷ΋ͷ ͷੑ࣭Λม͑ͯ͠·͏Α͏ͳϓϥάΠϯ͸ɺWordPress ϕʔε ͷผͷ CMS

    ͱଊ͑ͯ৺த͢Δ֮ޛΛɻ • ʮWooCommerce ࣙΊΔ = ଞͷ CMS ʹ৐Γ׵͑Δʯ͘Β ͍ͷϞϊͱଊ͑ͯ෇͖߹͏ɻ • ͦͷࡍʹॏཁʹͳͬͯ͘Δͷ͸ɺ αϙʔτ ɺ ίϛϡχςΟ ɺ ΤίγεςϜ 35

36. ๻ͷબఆج४ • ϓϥάΠϯ͸୭Ͱ΋࡞ΕΔͷͰɺۄੴࠞަɻ • ഁյతมߋ͕ೖͬͨΓɺPro൛ʹҠߦͯ͠Free൛͸ػೳ͕ݮͬͨΓ͢ Δ͜ͱ΋ɻ • ࡞ऀͷ࣮੷ɺWordPress.org ΍ɺGithub ౳Ͱͷ׆ಈɺίʔυͷ඼

    ࣭ɺαϙʔτϑΥʔϥϜͰͷճ౴ͳͲΛݟͯ൑அɻ • ࡞ऀͱͷίϛϡχέʔγϣϯίετɻ • ஌Γ߹͍΍ɺݴ༿͕௨͡΍͍͢ਓͷํ͕ίετ͸௿͍ɻ 36

37. • Active install΍ɺμ΢ϯϩʔυ਺͸ɺ։ൃ࣌ظɺ༻్࣍ୈͳ ͷͰͦ͜·Ͱ͋ͯʹͯ͠ͳ͍ɻࣅͨΑ͏ͳϓϥάΠϯ͕͋ͬ ͨΒؾʹ͢Δ͔ͳʔͬͯఔ౓ɻ 37

38. ༨ஊʮϓϥάΠϯΛ͔ͭΘͳ͍Ͱग़དྷΔʂʯͱ͔͋Δ͚Ͳ • ࣗ෼Ͱ࡞Δ৔߹ͷ޻਺ͱϝϯςφϯεͱɺϓϥάΠϯΛ࢖͏৔߹ ͷ޻਺ͱϦεΫ(ޙड़)Λఱṝʹ͔͚ͯબ୒ɻ • ͍ͯ͏͔Α͘͠Βͳ͍ͻͱͷίʔυΛӏವΈʹ͠ͳ͍ɻ • ͍ͯ͏͔ͦΕϓϥάΠϯʹ͢Ε͹͑͑΍Μɻ • functions.php

    ͳͷ͔ϓϥάΠϯͳͷ͔͸ςʔϚͷઃܭͷ࿩ͳ ͷͰ͋ͬͯɺطଘͷϓϥάΠϯΛ࢖͍͍͔ͨ࢖͍ͨ͘ͳ͍͔ͱ ͸ผ࣍ݩͷ࿩ͩΑɻ 38

39. ϓϥάΠϯͱ্खʹ෇͖߹͏ͨΊʹɻ 39

40. ࠓ೥࿩୊ͳͬͨ੬ऑੑɻ ใࠂ೔ ର৅ͷϓϥάΠϯ Πϯετʔϧ਺ όʔδϣϯ ੬ऑੑ 2019/03/15 Easy WP SMTP

    40ສ݅௒ 1.3.9Ҏલ ؅ཧऀ΁ͷಛݖঢ֨ 2019/03/21 Social Warfare 6ສ݅௒ 3.5.2Ҏલ XSSʢ֨ೲܕʣɺ೚ ҙίʔυͷ࣮ߦ 2019/03/30 Yuzo Related Posts 6ສ݅௒ 5.12.91Ҏલ XSSʢ֨ೲܕʣ 2019/04/09 Visual CSS Style Editor 3ສ݅௒ 7.1.9Ҏલ ؅ཧऀ΁ͷಛݖঢ֨ WordPressϓϥάΠϯΛૂ͏߈ܸ͕׆ൃԽ͍ͯ͠Δ݅Λ·ͱΊͯΈͨ - piyolog 40

41. Ҿ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़৘ใ | ιϑτ΢ΣΞWAFͷJP-Secure 41

42. • ຊମ΁ͷ߈ܸͱ͍͏ͷ͸࣮͸গͳ͍ɻ • ϓϥάΠϯɾςʔϚ΁ͷ߈ܸ͕6ׂ௒ɻ 42

43. /wp-content/themes/urbancity/lib/scripts/ download.php?file=../../../../../wp-config.php /wp-content/themes/trinity/lib/scripts/ download.php?file=../../../../../wp-config.php /wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php /wp-content/themes/TheLoft/download.php?file=../../../wp-config.php /wp-content/themes/lote27/download.php?download=../../../wp-config.php /wp-content/themes/authentic/includes/download.php? file=../../../../wp-config.php /wp-content/plugins/membership-simplified-for-oap-members-only/

    download.php?download_file=.././.././.././wp-config.php /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php? download_file=../../../wp-config.php Ҿ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़৘ใ | ιϑτ΢ΣΞWAFͷJP- Secure 43

44. Πϯετʔϧ਺͕ଟ͍ != ҆શ • ͻͱͭͷج४ʹ͸ҧ͍ͳ͍͚Ͳɺ҆શੑɾ඼࣭Λอূ͢Δج ४Ͱ͸ͳ͍ɻ • Πϯετʔϧ਺͕ଟ͍ = ߈ܸͷλʔήοτʹͳΓ΍͍͢ɻ

    44

45. ੬ऑੑͳͲͷ৘ใऩू ੬ऑੑͳͲ͸க໋తʹͳΓ͕ͪͳͷͰɺϚϝʹνΣοΫɻ • WordPress Tavern – WordPress News — Free

    as in Beer. • WPScan Vulnerability Database • JVN iPedia - ੬ऑੑରࡦ৘ใσʔλϕʔε • Blog – Plugin Vulnerabilities 45

46. 46

47. WPScan WPScan Vulnerability Database ͷσʔλΛ༻͍ͯɺ੬ऑੑݕࠪ Λ͢ΔϓϥάΠϯɻ • ੬ऑੑ͕ൃݟ͞Εͨ৔߹ϝʔϧͰͷ௨஌΋͞ΕΔɻ 47

48. ΞοϓσʔτઓུΛߟ͑Δ • ྲྀੴʹɺ24࣌ؒ365೔؂ࢹ͠ଓ͚Δͷ͸೉͍͠ • ۓٸ౓ͷߴ͍ϞϊͰແ͚Ε͹ͪΐͬͱ์ஔͯ͠΋େৎ෉ɻ • ์ஔ͗͢͠Δͱɺόʔδϣϯ্͕͕Γ͗͢Δ & ಉ࣌ʹෳ਺ͷ ϓϥάΠϯΛΞοϓσʔτ͢Δ͜ͱʹͳΓɺෆ۩߹ͷݕূ͕

    ࠔ೉ʹɻ 48

49. ྫ1 • ੬ऑੑ͕ൃݟ͞ΕͨΒ௚ͪʹߋ৽ • ͦ͏Ͱແ͚Ε͹ि1ͱ͔Ͱߋ৽ • ຊ൪ͱ΄΅ಉҰͷςετ؀ڥΛ༻ҙɺ֬ೝޙɺຊ൪΁ద༻ɻ 49

50. ྫ2 • Advanced Automatic Updates ΍ɺ JetPack ౳Ͱࣗಈߋ৽ɻ • յΕͨΒόοΫΞοϓ͔Β෮چͯ͠ݪҼௐࠪɻ

    50

51. ྫ3 • WordPress Λ੩తԽ • هࣄߋ৽࣌ͷΈαʔόʔΛىಈ 51

52. ϓϥάΠϯΛ࢖͏͜ͱ΁ͷϦ εΫ 1. ϓϥάΠϯͷόάɻෆ۩߹ɻηΩϡϦ ςΟϗʔϧɻ 2. ޙํޓ׵ੑͷແ͍มߋɻ 3. ։ൃͷఀࢭɻ 4.

    PHP ͷ ΞοϓσʔτʹΑΔෆ۩߹ͳ Ͳ 52

53. ͜ΕΒͱͲ͏෇͖߹͍ͬͯ͘ʁ 53

54. ϑΥʔΫͯࣗ͠෼Ͱϝϯςφϯεɻ • ϋʔυϞʔυɻ ΋͘͠͸͓ۚΛ෷ͬͯ΍ͬͯ΋Β͏ɻ શ෦ࣗ෼Ͱ։ൃ • ϋʔυϞʔυɻ طଘͷϓϥάΠϯͷ࣮૷͕ؾʹ͘Θͳ͍ɺ ΦʔόʔεϖοΫա͗Δͱ͖ͱ͔ɻ 54

55. or 55

56. ࡞ऀ΁ϑΟʔυόοΫ 56

57. ͨͱ͑͹ • ։ൃ൛ͷςετ • όάϨϙʔτ • ػೳఏҊ • υΩϡϝϯτ •

    मਖ਼ͨ͠Βύον΍ɺϓϧϦΫΤετͳͲΛૹͬͯΈΔɻ • ελʔΛ෇͚ͨΓɺد෇ͯ͠ΈͨΓɻ 57

58. ࡞ऀ͸ϑΟʔυόοΫΛ଴ͬͯ·͢ʂ Φʔϓϯιʔεʂ 58

59. ϓϥάΠϯΛެ։͍ͯ͠Δཧ༝ɻ • ؅ཧը໘͔ΒΞοϓσʔτ͍ͨ͠ʂ • ϓϥάΠϯʹ͢Δ͜ͱͰɺ͍Ζ͍Ζ࢖͍ճͤΔΑ͏ʹͳΔɻ • ࣗ෼Ͱ͸ؾ෇͔ͳ͍όά΍ɺ஌ࣝɾΞΠσΞͳͲΛڭ͑ͯ΋ ΒͬͨΓɻ௚ͯ͠΋ΒͬͨΓɻ • ͦΕʹΑͬͯൃੜ͢Δίϛϡχέʔγϣϯɻ

    59

60. ࡞ऀͱͷίϛϡχέʔγϣϯେ੾ɻ 60

61. • όάϨϙʔτɺࠔΓ͝ͱͳͲͷϑΟʔυόοΫ͸ଟ͍͕ɺϙ δςΟϒͳϑΟʔυόοΫ͸ҙ֎ʹগͳ͍ɻ • ࢖ΘΕ͍ͯΔ͜ͱΛ࡞ऀ͸஌Βͳ͍͜ͱ͸ҙ֎ʹଟ͍ɻ • ελʔΛ෇͚ͨΓɺد෇ͳͲΛ͢Δͷ͸΄Μͱʹॏཁɻ • ʮ࢓ࣄͱͯ͠ϓϥάΠϯอकͯ͠ ʯΈ͍ͨͳέʔε΋͋Δɻ

    61

62. WordPress ͸Φʔϓϯιʔε! 62

63. Φʔϓϯιʔεͷιϑτ΢ΣΞͱ͸ ୭Ͱ΋ࣗ༝ʹɺར༻ɾมߋɾڞ༗ग़དྷΔιϑτ΢ΣΞɻ Φʔϓϯιʔεͷ఩ֶͱ͸ ୭Ͱ΋ࣗ༝ʹɺίϐʔɺมߋɺίϛϡχέʔγϣϯΛ͠ͳ͕ΒߩݙͰ͖ Δڞಉ࡞ۀͷߟ͑ํͰ͋Δɻ Ҿ༻ɿGovernment open source — ੓෎΍࣏ࣗମͷΦʔϓϯιʔε׆༻

    // Speaker Deck 63

64. 64

65. 65

66. @See.. • Government open source — ੓෎΍࣏ࣗମͷΦʔϓϯιʔε׆ ༻ // Speaker

    Deck • Takayuki Miyauchi: ϫʔΫϑϩʔͱͯ͠ͷΦʔϓϯιʔε | WordPress.tv • Hiroshi Urabe: WordPressͷϓϥάΠϯ࡞ͬͨΓίΞίϯτϦ Ϗϡʔλʔʹͳͬͨ࿩ɻ ͦͯ͠ɺͦͷָ͠͞ͱҙٛ | WordPress.tv 66

67. Thanks! Github: @torounit Twitter: @Toro_Unit Facebook: fb.me/torounit Blog: https://torounit.com 67