Update on SlickStack project and thanks to LET
It's been a few years since I posted about SlickStack:
TLDR: free, open source LEMP+ stack optimized for WordPress
Since that time, we've had quite a lot of users coming from LET to check it out, provide feedback and suggestions, and more. I wanted to say thanks to the energetic community here for all their ideas (and criticism) and also for helping SlickStack to get better and better
Here are some of the changes made since 2020:
- most of the previous LittleBizzy MU plugins are no longer installed
- much fewer files/plugins are now auto-deleted... a clearer policy has been established for file deletion which is now focused narrowly on malware, exploits, database thrashing, or conflicts with our core functionality... in other words, less opinion-based, and more security-based
- WordPress plugin blacklist can be completely disabled if desired (this is different from the file cleanup above, the blacklist simply prevents certain plugins from being installed in WP Admin, e.g. for clients)
- much cleaner/simpler file structure in our GitHub repo
- remote database servers are now 100% supported in SlickStack
- we have doubled down on not supporting any WP cache plugins or AMP, and instead leverage FastCGI caching via Nginx only, for stability
- swapfiles are now force-installed if they do not exist already
- WordPress Multisite is now supported (wildcard OpenSSL certs + Cloudflare)
/wp-admin/install.phpis now permanently blocked and all WordPress installation must be performed programmatically via the shell
- staging/dev subdomains are now quite stable, although syncing between them is still a work in progress... tools for managing this in WP Admin are being planned
A+ security headers now default:
junk content is now noindexed by default in SlickStack, for example
/page/...URL patterns, along with certain file types like DOC, PDF, and TXT, etc.
We have also decided to not move forward with supporting Postfix or other email servers for stronger security... we assume that an email API inside WordPress is good enough for now. We also decided to not support PHP Composer or apps that require it, such as Magento.
Anyway if anyone has any questions or feedback, please feel free to comment here. Thanks!