In the course of delivering and hosting WordPress websites for the public sector, we undertake a significant quantity of assurance work, to ensure that the sites we build and the plugins they rely on are secure. We publish information about that work on this site.
Please use develop/main branches.
- Analytics for dxw Advisories is handled via our Plausible account
This site builds on PHP 8.2 and deploys on PHP 8.3.
Run the setup (first-time run only):
script/setupStart the server:
script/serverYou can also run the server in detached mode (i.e. without any output to your console):
script/server -dOnce the server has started, the following containers will be running:
- WordPress: http://localhost (username/password:
admin/admin) - MailCatcher: http://localhost:1080
- Beanstalk Console: http://localhost:2080
- MySQL: http://localhost:3306 (username/password:
root/foobar)
For a /bin/sh console running on the WordPress container, run script/console
For a MySQL console, run bin/wp db cli
Use Whippet to manage plugins or external themes.
See the theme README for more on how to develop the theme.
The site exposes an JSON API of plugin inspections:
curl -L https://security.dxw.com/wp-json/v1/inspections/{{plugin slug}}For example:
curl -L https://security.dxw.com/wp-json/v1/inspections/twitter-widget-pro[
{
"name": "Twitter Widget Pro",
"slug": "twitter-widget-pro",
"versions": "2.5.4",
"date": "2013-07-18T18:37:05+00:00",
"url": "http://localhost:8000/plugins/twitter-widget-pro/",
"result": "No issues found"
}
]The API code is packaged as a plugin.
To run the tests, run vendor/bin/kahlan specs from the plugin directory.
The first time you do this you'll need to composer install from the plugin
directory.