我就是这样做的,没有比这更好的了。我保留了不同版本的wp config。php文件受版本控制,然后在上面的一个目录中保留一个文件,其中保存所有数据库凭据和盐/键。同样,通过这种方式,我能够区分我正在运行的设置类型,并在此基础上进行不同的操作。
这是wp-config.php 我一直在下面git (https://gist.github.com/1923821):
<?php
/**
* Define type of server
*
* Depending on the type other stuff can be configured
* Note: Define them all, don\'t skip one if other is already defined
*/
define( \'DB_CREDENTIALS_PATH\', dirname( ABSPATH ) ); // cache it for multiple use
define( \'WP_LOCAL_SERVER\', file_exists( DB_CREDENTIALS_PATH . \'/local-config.php\' ) );
define( \'WP_DEV_SERVER\', file_exists( DB_CREDENTIALS_PATH . \'/dev-config.php\' ) );
define( \'WP_STAGING_SERVER\', file_exists( DB_CREDENTIALS_PATH . \'/staging-config.php\' ) );
/**
* Load DB credentials
*/
if ( WP_LOCAL_SERVER )
require DB_CREDENTIALS_PATH . \'/local-config.php\';
elseif ( WP_DEV_SERVER )
require DB_CREDENTIALS_PATH . \'/dev-config.php\';
elseif ( WP_STAGING_SERVER )
require DB_CREDENTIALS_PATH . \'/staging-config.php\';
else
require DB_CREDENTIALS_PATH . \'/production-config.php\';
/**
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*/
if ( ! defined( \'AUTH_KEY\' ) )
define(\'AUTH_KEY\', \'9*W=5<Rw-)c].9}g?^[:!j]h+Efr<y$<YmV0XOo|lOIujEE}+[R}iAQZ :Sy3wN}\');
if ( ! defined( \'SECURE_AUTH_KEY\' ) )
define(\'SECURE_AUTH_KEY\', \'APge3~H;g+b0FyNF&e`$=g?qj9@FQwqFe^Q4(@p#kDa=NR? $Z9|@v*a(tOj*B+.\');
if ( ! defined( \'LOGGED_IN_KEY\' ) )
define(\'LOGGED_IN_KEY\', \'5l0+:WTpj8#[V|;<Iw;%rkB(A}r++HwT|s[LW!.wt.=5J!b%Z{F1/[LxQ*d7J>Cm\');
if ( ! defined( \'NONCE_KEY\' ) )
define(\'NONCE_KEY\', \'zO2cmQX`Kc~_XltJR&T !Uc72=5Cc6`SxQ3;$f]#J)p</wwX&7RTB2)K1Qn2Y*c0\');
if ( ! defined( \'AUTH_SALT\' ) )
define(\'AUTH_SALT\', \'je]#Yh=RN DCrP9/N=IX^,TWqvNsCZJ4f7@3,|@L]at .-,yc^-^+?0ZfcHjD,WV\');
if ( ! defined( \'SECURE_AUTH_SALT\' ) )
define(\'SECURE_AUTH_SALT\', \'^`6z+F!|+$BmIp>y}Kr7]0]Xb@>2sGc>Mk6,$5FycK;u.KU[Tw$345K9qoF}WV,-\');
if ( ! defined( \'LOGGED_IN_SALT\' ) )
define(\'LOGGED_IN_SALT\', \'a|+yZsR-k<cSf@PQ~v82a_+{+hRCnL&|aF|Z~yU&V0IZ}Mrz@ND])YD22iUM[%Oc\');
if ( ! defined( \'NONCE_SALT\' ) )
define(\'NONCE_SALT\', \'|1.e9Tx{fPv8D#IXO6[<WY*,)+7+URp0~|:]uqiCOzu93b8,h4;iak+eIN7klkrW\');
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = \'ft_\';
/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de_DE.mo to wp-content/languages and set WPLANG to \'de_DE\' to enable German
* language support.
*/
define( \'WPLANG\', \'\' );
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*/
if ( WP_LOCAL_SERVER || WP_DEV_SERVER ) {
define( \'WP_DEBUG\', true );
define( \'WP_DEBUG_LOG\', true ); // Stored in wp-content/debug.log
define( \'WP_DEBUG_DISPLAY\', true );
define( \'SCRIPT_DEBUG\', true );
define( \'SAVEQUERIES\', true );
} else if ( WP_STAGING_SERVER ) {
define( \'WP_DEBUG\', true );
define( \'WP_DEBUG_LOG\', true ); // Stored in wp-content/debug.log
define( \'WP_DEBUG_DISPLAY\', false );
} else {
define( \'WP_DEBUG\', false );
}
/* That\'s all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined(\'ABSPATH\') )
define(\'ABSPATH\', dirname(__FILE__) . \'/\');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . \'wp-settings.php\');
这里是本地配置文件,我在WordPress根目录上方保留了一个目录,这也使得它位于web可访问目录之外,因此如果apache停止解析PHP文件并开始抛出它们,我们的数据库凭据仍然是安全的(
https://gist.github.com/1923848):
<?php
/**
* WordPress config file to use one directory above WordPress root, when awesome version of wp-config.php is in use.
*
* Awesome wp-config.php file - https://gist.github.com/1923821
*/
/* WordPress Local Environment DB credentials */
define(\'DB_NAME\', \'project_21\');
define(\'DB_USER\', \'root\');
define(\'DB_PASSWORD\', \'root\');
define(\'DB_HOST\', \'localhost\');
define(\'DB_CHARSET\', \'utf8\');
define(\'DB_COLLATE\', \'\');
/* Keys & Salts */
define(\'AUTH_KEY\', \'5H%)s-nQ,+fn0gwg/p1UjBTmCQ?l[8-!>Q{MW&?X3DM,OF;TaI<SOOTrl0+-@) *\');
define(\'SECURE_AUTH_KEY\', \'+%rr@,XIt-V+[.B9++uH1L,L+r)uq}5(:~=&4~Lk|.LV|y;R}fEo?G}+Sntf_JN}\');
define(\'LOGGED_IN_KEY\', \'Szv!gQm9#(L&TUD OnM`>sXGge:m1j`L2 5sO;hRNVhlN>IUED1/`%<[ly-GxVJ \');
define(\'NONCE_KEY\', \'o-Jo;>G#-%~,[ki@REqXV%4^I.HDnc.3]P;e8];4pJt% $xe5K<aOb|a2*QKV4c-\');
define(\'AUTH_SALT\', \'8-tQb3d|W8,;Y_#mfuFB.1&b%U2fnlLD|F&yH).tLRX=ANEdNap{78o|9tqv6JPt\');
define(\'SECURE_AUTH_SALT\', \'RSa%^qd~T|@+!-;qgh,qK-GJ}zPpgxz#+@v6-I;BMwqT`TzGTtg_^n*ILxGOdbq4\');
define(\'LOGGED_IN_SALT\', \']+XV)YK.Q-EU1vR [BT!Y$!d(J_[AO37OP[Fg[/esFx;6cI-L[^O|cvtw9F[;_*Q\');
define(\'NONCE_SALT\', \'iP{nTQBzy&f^hSbwBgyan.v9<+ErvAMi2ymLhz`Tl-fF?HXa(j<W`wA*8U3R#-|w\');
如果上述文件命名为
local-config.php, 我的系统的运行方式类似于本地安装。如果其名称为
staging-config.php, 它的行为类似于临时安装
production-config.php. 它可以帮助我获得某些常量的不同值,例如调试在不同的环境下具有不同的值,并且仍然在SCM(git)下拥有所有内容。可能性是无限的,不同的环境不需要黑客。
这确保了你永远不会向公众透露任何敏感信息,我使用它只是为了开始我所从事的任何项目,默认情况下,我有更强的密钥,一旦我将它们添加到上面一个目录下的第二个配置文件中,就会使用这些密钥,而不是这里定义的密钥。幸福
