I’m curious as to whether the following is possible as there are concerns that the WP site in question may be hacked via the front end & through a plugin..
- We want to have the front-end connect via a Read-Only DB user
- We want the admin area to have Read/Write access but have this URL protected by the server firewall rule that only allows internal traffic
I’m open to other suggestions
1 Answer
I have setup WP instance with 2 different database, one for read only and other for admin purpose.
But once the admin make the changes, then the ADMIN-DB should be copied and added to SLAVE-DB server.
// check if url contains wp-login or wp-admin and then create DB configuration for Master DB else Slave DB.
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if ( false !== strpos( $url, 'wp-admin' ) || false !== strpos( $url, 'wp-login' ) ) {
define( 'DB_NAME', 'SLAVE_DB_NAME' );
define( 'DB_USER', 'SLAVE_DB_USER' );
define( 'DB_PASSWORD', 'SLAVE_DB_PASSWORD' );
define( 'DB_HOST', 'SLAVE_DB_HOST' );
} else {
define( 'DB_NAME', 'MASTER_DB_NAME' );
define( 'DB_USER', 'MASTER_DB_USER' );
define( 'DB_PASSWORD', 'MASTER_DB_PASSWORD' );
define( 'DB_HOST', 'MASTER_DB_HOST' );
}
