Are you ready to elevate your WordPress projects to a new level of efficiency and security? Bedrock might be the modern solution you’ve been looking for. Whether you’re a freelance developer or part of a web development company, this guide will walk you through what Bedrock is, why it’s an excellent choice for WordPress development, and how to set it up with a virtual host on Ubuntu.
What is Bedrock?
Developed by Roots, Bedrock is a WordPress boilerplate that improves the standard WordPress setup with a better folder structure, enhanced security, and modern development practices. By using tools like Composer for dependency management and .env files for environment configuration, Bedrock provides a clean and organized way to manage WordPress projects.
Key Features of Bedrock:
- Dependency Management with Composer:
Composer is a PHP dependency manager that Bedrock uses to handle WordPress core, plugins, and themes as dependencies. Instead of manually managing these components, you can define them in a composer.json file, ensuring consistency across all environments. This approach saves time, reduces conflicts, and allows for easy rollbacks if an update causes issues.
- Improved Folder Structure:
Unlike the traditional setup where all WordPress files are in one directory, Bedrock introduces a more organized folder structure. The web directory is where public files like index.php reside, while the core WordPress files are outside this directory. This structure not only improves security but also makes the project more maintainable by clearly separating custom code from WordPress core files.
- Environment Configuration Using .env Files:
Managing environment-specific settings such as database credentials, debug options, and URLs is streamlined in Bedrock through .env files. This allows for easy configuration across development, staging, and production environments without altering the codebase. Sensitive information is kept out of the code repository, making deployments safer and more straightforward.
- Enhanced Security:
Bedrock enhances security by moving core WordPress files outside the public web directory, reducing the attack surface. Additionally, environment variables are used for sensitive data like database credentials and API keys, further protecting your WordPress site from unauthorized access.
Main Advantages of Using Bedrock
- Enhanced Security: In a traditional WordPress setup, core files, themes, and plugins are all in the same directory accessible from the webroot. Bedrock improves security by moving core files out of the webroot directory (e.g., /web), limiting exposure to potential attackers. This separation reduces the attack surface by keeping sensitive files outside public access.
- Environment Configuration with .env Files: Managing different environments (development, staging, production) is challenging in a typical WordPress setup. Bedrock uses .env files to store environment-specific settings, such as database credentials and debug options. This makes it easy to switch environments and keeps sensitive information out of the version control system.
- Modern Development Workflow with Composer: Composer is a dependency management tool for PHP that allows you to manage libraries and dependencies efficiently. In Bedrock, you can use Composer to manage WordPress core updates, plugins, and even themes. This means:
- No more manual downloads or FTP uploads of plugins and themes.
- Easy rollback to a previous version if an update breaks the site.
- Consistent versions across different environments.
- Better Project Organization: Bedrock follows a modern project structure where the application code (wp-content) is separate from the WordPress core. This allows developers to focus on custom code, keeps the project organized, and simplifies maintenance.
Bedrock vs. Traditional WordPress Setup
- Core File Location
In WordPress, core files, themes, and plugins are located in the root directory, making them publicly accessible and more vulnerable to attacks.
With Bedrock, core files are moved outside the webroot (/web directory), reducing the risk of unauthorized access and improving security. - Dependency Management
In WordPress, plugins, themes, and even the core itself require manual downloads and updates, which can lead to version mismatches and difficulties in managing dependencies.
With Bedrock, dependency management is handled through Composer, which automates updates, ensures compatibility, and simplifies version control. - Environment Configuration
In WordPress, settings are hardcoded in the wp-config.php file, making it difficult to manage different environments like development, staging, and production.
With Bedrock, environment-specific settings are managed using .env files, allowing easy switching between environments without modifying code or exposing sensitive information. - Project Organization
In WordPress, all files are located in the same directory, which can make the project less organized and harder to maintain over time.
With Bedrock, the project is organized into separate directories for core files, configuration, and content, resulting in a cleaner and more maintainable project structure. - Version Control
In WordPress, tracking plugins and themes in version control is challenging, and backups must often be managed manually.
With Bedrock, everything is managed via Composer, enabling easy updates, rollbacks, and consistent environments across different setups or team members. - Security
In WordPress, the core files being accessible from the web increases the risk of potential security breaches.
With Bedrock, sensitive files are moved outside the public web directory, reducing the attack surface and improving overall security.
Prerequisites
- PHP (>= 8.0)
- Composer (for dependency management)
Setting Up Bedrock with a Virtual Host in Ubuntu
Setting up Bedrock for the first time can be a bit different if you’re used to the traditional WordPress installation process. Here’s a step-by-step guide with added explanations to help you get started:
Step 1: Install Composer
Composer is required for Bedrock because it handles dependencies like the WordPress core, themes, and plugins. If you don’t have Composer installed, run:
sudo apt install composer
To confirm Composer is installed, check its version with:
composer --version
Step 2: Create a New Bedrock Project
With Composer installed, create a new Bedrock project. This step sets up Bedrock’s unique folder structure. Create a new project named “bedrock-wp” in your desired directory:
composer create-project roots/bedrock bedrock-wp
Replace bedrock-wp with the name of your project. This command downloads Bedrock and sets up the necessary directory structure.
Step 3: Configure Environment Variables
Navigate to your project folder and copy the .env.example file to .env:
cd your-project-name
cp .env.example .env
Edit the .env file to configure your database settings:
DB_NAME='your_database_name'
DB_USER='your_database_user'
DB_PASSWORD='your_database_password'
DB_HOST='localhost'
DB_PREFIX='wp_'
WP_ENV='development'
WP_HOME='http://bedrock-wp.local'
WP_SITEURL="${WP_HOME}/wp"
Set the WP_ENV variable to development, staging, or production depending on your environment.
Step 4: Set Up Web Server (Apache)
Configure your web server to point to the Bedrock web directory as the document root.
Edit the Apache virtual host configuration file:
sudo nano /etc/apache2/sites-available/your-site.conf
Add the following configuration:
<VirtualHost *:80>
ServerName bedrock-wp.local
ServerAlias www.bedrock-wp.local
DocumentRoot /path/to/bedrock-wp/web
<Directory /path/to/bedrock-wp/web>
Options Indexes FollowSymLinks Multiviews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/bedrock-error.log
CustomLog ${APACHE_LOG_DIR}/bedrock-access.log combined
</VirtualHost>
Replace /path/to/bedrock-wp with the actual path to your Bedrock project. Save and close the file.
Step 5: Enable the Virtual Host
Enable the site and reload the Apache configuration:
sudo a2ensite your-site.conf
sudo systemctl reload apache2
Step 6: Edit Hosts File
To make the virtual host accessible via the browser, edit the /etc/hosts file:
sudo nano /etc/hosts
Add the following line:
127.0.0.1 bedrock-site.local
Save and close the file.
Testing and Final Setup
Open your browser and navigate to http://bedrock-site.local. You should see the WordPress installation screen, indicating that your Bedrock setup is successful.
If you encounter any errors, check the Apache logs in /var/log/apache2/ for troubleshooting.
Conclusion
By using Bedrock, you’ve enhanced your WordPress setup with improved security, a modern development workflow, and better organization. Whether you’re a developer or part of a web development company looking for a structured approach to managing WordPress or simply aiming to improve site security, Bedrock offers a powerful solution.