Headless CP - suggestion about plugins

anon71687268 · January 24, 2020, 3:56pm

It so happens that I built a solution for exactly the goal @Simone wants to achieve. It’s pretty simple and straight forward. This is a theme-driven technique that bypasses the need for 3rd party plugins or complicated solutions.

Getting Started

Get your update domain setup with a fresh install of ClassicPress and a security plugin of your choice. From there, install the Update Manager plugin and create a first endpoint to test with. I used a subdomain for mine.

Custom Theme

Since you (presumably) won’t be publicly serving anything except plugin update endpoints, your theme can consist of a simple index.php file. Give the directory whatever name you like. Here’s the important bits from my own file. Set this as your active theme.

<?php

// Prevent direct access.
if (!defined('ABSPATH')) {
	die();
}

// Redirect all requests to the homepage.
if ($_SERVER['SCRIPT_URL'] !== '/') {
	header('Location: https://your.updateserver.com');
	exit;
}

// Page content.
?>
<!doctype html>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Update Server for Code Potent Plugins">
<meta name="generator" content="Code Potent">
<link rel="icon" href="https://static.codepotent.com/images/logotype/code-potent-logotype-lettermark-64x64.png">
</head>
<body>
<p>This content displays on every frontend page.</p>
<p>Add branding, some trendy JS effect, or just use a blank page.</p>
</body>
</html>

Permalinks

Set your permalink structure to Post name. This ensures that any 404s are routed through your theme’s index file.

Config File

Optional: You can shave a few extra nanoseconds off requests by adding the following at the very top of your wp-config.php file, just inside the opening PHP tag. This directive ensures that your domain (as a whole) is compressed for all frontend requests (much like how you compress images, scripts, styles via .htaccess.)

if (!strstr($_SERVER['REQUEST_URI'], '/wp-admin/')) {
	ob_start("ob_gzhandler");
}

Additional Notes

Are my endpoints faster when served from the subdomain? Yes.
I couldn’t get this working with the SHORTINIT constant; this would make it even faster.
Here are a slew of htaccess directives to further improve domain performance.
Do test your update endpoints from both the old and new domains for comparison.
It took longer to write this post than to set the whole thing up.

Wrapping Up

Using the above, my implementation serves up a JS-animated logo for all requests, unless the request is for an update endpoint. I still have full access to the backend and have used htpasswd for an extra layer of security over the login and admin.