Skip to content

Instantly share code, notes, and snippets.

View soderlind's full-sized avatar

Per Søderlind soderlind

View GitHub Profile
@soderlind
soderlind / README.md
Last active October 9, 2024 09:18
WordPress Web Application Firewall (WAF) Custom rules for Azure Front Door (AFD)

WordPress WAF Custom rules for Azure Front Door (AFD)

AFD WAF Managed Rules DRS 2.1 blocks WordPress. The below WP* custom rules let you access WordPress URLs that you need. I also implemented a rate-limiting rule to prevent brute force attacks.

The WP* rules are based on the OWASP CRS - WordPress Rule Exclusions Plugin rules

  • AFD Premuim supports max 5 (!) regex, so I had to convert the regex rules to separate rules.

Custom WordPress Allow Rules

@soderlind
soderlind / waf-policy.bicep
Last active September 19, 2024 10:40
WordPress: Use Azure Front Door to rate limit access the login page
resource wafPolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2022-05-01' = {
name: wafPolicyName
location: 'global'
sku: {
name: frontDoorSkuName
}
tags: tags
properties: {
policySettings: {
enabledState: 'Enabled'
@soderlind
soderlind / README.md
Last active September 11, 2024 08:30
WordPress: Add a media inserter to the block editor using the registerInserterMediaCategory

I did this to show how easy it is to create your own media inserter. In production I would create a a server that returns the json.

Install

  1. Create a block
    • in wp-content/plugins run npx @wordpress/create-block@latest my-image-inserter
    • cd my-image-inserter
  2. Copy index.js to my-image-inserter/src/index.js
  3. Delete my-image-inserter/my-image-inserter.php
  4. Copy plugin.php to my-image-inserter/plugin.php
@soderlind
soderlind / copilot.aliases.zshrc
Last active July 6, 2024 14:07
GitHub Copilot CLI aliases
# GitHub CLI aliases
eval "$(gh copilot alias -- zsh)" # or bash
# Old school aliases
alias '??'='ghcs'
alias 'git?'='ghcs -t git'
alias 'gh?'='ghcs -t gh'
alias 'explain'='ghce'
@soderlind
soderlind / docker-compose.yml
Last active July 9, 2024 08:55
Buggregator for local WordPress development
services:
buggregator:
image: ghcr.io/buggregator/server:latest
depends_on:
buggregator-database:
condition: service_healthy
ports:
- 127.0.0.1:8000:8000 # Sentry, Ray
- 127.0.0.1:1025:1025 # SMTP
environment:
@soderlind
soderlind / README.md
Last active January 23, 2024 16:06
WordPress Playground blueprint for a block plugin.

Live Preview for Jobbnorge Block

Plugin Previews are now available for opt-in, I've added a live preview to my block plugin

On wordpress.org, there are two things required for a plugin preview button to appear to all users:

  1. A valid blueprint.json file must be provided in the plugins assets/blueprints sub-directory.
  2. The plugin preview must be set to “public” from the plugin’s Advanced view by a committer.

Read the blueprint documentation for more information.

@soderlind
soderlind / afd-housekeeping.md
Last active December 19, 2023 03:21
Me talking with Copilot Chat

@soderlind: I need a bash script that read a list of domains from disk and use az cli to remove the domains from azure front door. I have several azure front doors in the resource group.

GitHub Copilot: Here's a step-by-step plan for the bash script:

  1. Define the script shebang to specify that the script should be run using bash.
  2. Read the file line by line using a while loop.
  3. Inside the loop, use the az network front-door frontend-endpoint delete command to delete the domain from each Azure Front Door in the resource group.
  4. The command requires the names of the resource group, the Front Door, and the endpoint (domain). You'll need to loop over each Front Door in the resource group.
  5. To get the list of Front Doors, use the az network front-door list command with the resource group name.
  6. Parse the output of the list command to extract the names of the Front Doors.
@soderlind
soderlind / hardcode-number-of-items.php
Created August 28, 2023 08:27
WordPress Admin: Hardcode max number of items per page.
<?php
/**
* name
*
* @package Soderlind\MuPlugins\HardcodeNumberOfItems
* @author Per Soderlind
* @copyright 2021 Per Soderlind
* @license GPL-2.0+
*
@soderlind
soderlind / plausible-2f-fix.php
Last active May 25, 2023 09:53
Fix for Plausible Analytics %2f removal from shard link
<?php
/**
* Plugin Name: Plausible 2f Fix
* Description: Fix for Plausible Analytics %2f removal from shard link.
* Plugin URI: https://gist.github.com/soderlind/6d6735baeab379b4d7e1e5497cd8581b
* License: GPL-2.0+
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
*/
declare( strict_types = 1 );
<?php
add_action( 'muplugins_loaded',function() : void {
$my_rest_endpoint = '/wp-json/super-admin-all-sites-menu/v1/sites/';
$request_uri = parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH );
/**
* Bail if not the correct request.
*/