Accueil / Parcours Intermediaire : Ingenieur WordPress Production № 48916 · 2025.12.19
5 min de lecture · 986 mots

Parcours Intermediaire : Ingenieur WordPress Production

YouArewelCom Auteur
vendredi 19 décembre 2025 5 min

Niveau: Intermediaire
Duree estimee: 12-16 semaines
Prerequis: Maitrise de WordPress, bases Linux/VPS, connaissance Git

Vue d’ensemble

Ce parcours vous transformera en ingenieur WordPress Production capable de gerer des infrastructures haute performance, implementer des pipelines CI/CD avec GitHub Actions, securiser des environnements critiques et optimiser des sites a grande echelle. Vous apprendrez a integrer des workflows assistes par IA (Claude.ai, ChatGPT) pour accelerer votre productivite.

Phase 1 : Infrastructure VPS & Stack Haute Performance

Objectifs

  • Maitriser le deploiement d’un stack WordPress optimise sur VPS Debian
  • Configurer WordOps pour une gestion simplifiee
  • Implementer un systeme de cache multi-couches
  • Optimiser les performances au niveau noyau Linux

    • Competences techniques

    1.1 Preparation VPS Debian

    Technologies: Debian 11/12, SSH, UFW, Fail2Ban

    Configuration initiale securisee:

# Mise a jour systeme
apt update && apt upgrade -y

# Configuration utilisateur non-root
adduser deployuser
usermod -aG sudo deployuser

# Securisation SSH
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshdconfig
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshdconfig
systemctl restart sshd

# Firewall UFW
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable

Ressources:

  • Guide Debian Security
  • Documentation officielle UFW

    • 1.2 Installation et configuration WordOps

    Technologies: WordOps 3.x, Nginx, PHP 8.2/8.3, MariaDB 10.11, Redis 7.x

    Installation WordOps (2025):

    # Installation
wget -qO wo wops.cc && sudo bash wo

# Verification
wo --version
# WordOps 3.x.x

# Stack complet
wo stack install
wo stack install --php82 --php83
wo stack install --redis

    Note importante: Des problemes d’installation ont ete reportes sur Debian 12.10 debut 2025. Verifiez le forum communautaire WordOps pour les dernieres mises a jour de compatibilite.

    Creation de site optimise:

    # Site WordPress avec cache Redis et Let's Encrypt
wo site create example.com --wp 
  --php83 
  --redis 
  --letsencrypt

# Verification configuration Nginx
wo site info example.com

    Caracteristiques WordOps:

  • TTFB < 100 ms sur VPS economiques
  • Support HTTP/3 QUIC integre
  • Optimisations noyau Linux automatiques
  • Certificats SSL/TLS wildcard avec validation DNS

    • Ressources:

  • WordOps Documentation Officielle
  • Guide WordOps VPS – Linux Nest

    • 1.3 Cache multi-couches : Nginx FastCGI + Redis Object Cache

    A. Nginx FastCGI Cache

    Le cache FastCGI permet a Nginx de servir directement le HTML genere par PHP-FPM sans solliciter WordPress, PHP ou MySQL pour les requetes suivantes.

    Configuration Nginx (/etc/nginx/conf.d/fastcgi-cache.conf):

    # Zone de cache
fastcgicachepath /var/run/nginx-cache levels=1:2
    keyszone=WORDPRESS:100m
    inactive=60m
    maxsize=500m;

fastcgicachekey "$scheme$requestmethod$host$requesturi";
fastcgicacheusestale error timeout invalidheader http500;
fastcgiignoreheaders Cache-Control Expires Set-Cookie;

    Dans votre configuration de site:

    # Conditions de bypass
set $skipcache 0;

if ($requestmethod = POST) {
    set $skipcache 1;
}
if ($querystring != "") {
    set $skipcache 1;
}
if ($requesturi ~ "/wp-admin/|/xmlrpc.php|wp-..php|/feed/|sitemap(index)?.xml") {
    set $skipcache 1;
}
if ($httpcookie ~ "commentauthor|wordpress[a-f0-9]+|wp-postpass|wordpressloggedin") {
    set $skipcache 1;
}

# Application du cache
fastcgicachebypass $skipcache;
fastcginocache $skipcache;
fastcgicache WORDPRESS;
fastcgicachevalid 200 60m;
fastcgicachevalid 404 10m;

addheader X-FastCGI-Cache $upstreamcachestatus;

    Plugin WordPress recommande:

  • Nginx Cache Purge Preload (NPP) – Gestion directe des fichiers cache sans modules Nginx

    • B. Redis Object Cache

    Redis reduit de jusqu’a 80% les requetes base de donnees en stockant en memoire les resultats frequemment demandes.

    Configuration Redis (/etc/redis/redis.conf):

    # Memoire allouee (minimum 256MB production)
maxmemory 512mb
maxmemory-policy allkeys-lru

# Persistence
save 900 1
save 300 10
save 60 10000

# Performance
tcp-backlog 511
timeout 0
tcp-keepalive 300

    Configuration WordPress (wp-config.php):

    define('WPREDISHOST', '127.0.0.1');
define('WPREDISPORT', 6379);
define('WPREDISDATABASE', 0);
define('WPREDISMAXTTL', 86400); // 24 heures

// Options recommandees
define('WPREDISTIMEOUT', 1);
define('WPREDISREADTIMEOUT', 1);

    Plugins recommandes:

  • Redis Object Cache (gratuit) – Supporte Predis, PhpRedis, Relay, clustering
  • Object Cache Pro (premium) – 1500+ tests, optimise WooCommerce, PHP 7.2-8.4

    • TTL recommandes (2025):

  • Donnees dynamiques (paniers, sessions): 60-300 secondes
  • Menus, options site: 3600-86400 secondes
  • Taxonomies, termes: 7200 secondes

    • Verification performances:

    # Stats Redis
redis-cli INFO stats

# Monitoring en temps reel
redis-cli MONITOR

# Via WP-CLI
wp redis status
wp redis info

    Cas d’usage optimaux:

  • E-commerce (WooCommerce)
  • Sites membres
  • Forums et communautes
  • Sites haute concurrence (>10000 visiteurs/jour)

    • Attention: Pour les petits blogs avec cache page-level efficace et trafic faible, Redis peut compliquer inutilement votre stack.

    Ressources:

  • Redis Object Cache Plugin
  • Guide Nginx FastCGI 2025 – DoHost
  • Redis WordPress 2025 – Boosted Host

    • 1.4 Optimisations serveur avancees

    PHP 8.3 OPcache configuration (/etc/php/8.3/fpm/conf.d/10-opcache.ini):

    opcache.enable=1
opcache.memoryconsumption=256
opcache.internedstringsbuffer=16
opcache.maxacceleratedfiles=10000
opcache.revalidatefreq=2
opcache.fastshutdown=1
opcache.enablecli=0

# Performance optimale (maintenir proche de 100%)
opcache.validatetimestamps=0

    Monitoring OPcache:

    # Via WP-CLI
wp opcache status

    Configuration PHP-FPM (/etc/php/8.3/fpm/pool.d/www.conf):

    ; Process manager
pm = dynamic
pm.maxchildren = 50
pm.startservers = 10
pm.minspareservers = 5
pm.maxspareservers = 20
pm.maxrequests = 500

; Monitoring
pm.statuspath = /status
ping.path = /ping

    Calcul memoire par worker:

    # Memoire moyenne par process PHP-FPM
ps --no-headers -o "rss,cmd" -C php-fpm8.3 | awk '{ sum+=$1 } END { printf ("%d%sn", sum/NR/1024,"M") }'

# Formule: RAMdisponible / Memoireparprocess = pm.maxchildren

    Optimisations noyau Linux (/etc/sysctl.conf):

    # Network performance
net.core.somaxconn = 65535
net.ipv4.tcpmaxsynbacklog = 8192
net.ipv4.tcpfintimeout = 30
net.ipv4.tcpkeepalivetime = 300
net.ipv4.tcpkeepaliveintvl = 30
net.ipv4.tcpkeepaliveprobes = 3

# File descriptors
fs.file-max = 100000

# Application
sysctl -p

    Requis materiels production (2025):

  • Minimum: 4vCPU / 4GB RAM / NVMe
  • Recommande: 8vCPU / 8GB RAM / NVMe RAID
  • Cache Redis: 256MB minimum, 512MB-1GB recommande
  • OPcache: 128MB minimum, 256MB recommande

    • Objectifs performance:

  • TTFB: < 100ms
  • LCP (Largest Contentful Paint): < 2.5s
  • FID (First Input Delay): < 100ms
  • CLS (Cumulative Layout Shift): < 0.1
  • Capacite: 500+ utilisateurs concurrents sur 2GB RAM (avec cache)

    • Projet pratique Phase 1

    Deploiement infrastructure complete:

  • Provisionner un VPS Debian 11/12 (4GB RAM minimum)
  • Securiser le serveur (SSH, firewall, fail2ban)
  • Installer WordOps avec stack complet
  • Creer un site WordPress avec Redis et SSL
  • Configurer cache Nginx FastCGI + Redis Object Cache
  • Optimiser PHP-FPM et OPcache
  • Effectuer des tests de charge (ApacheBench, k6)
  • Documenter votre configuration et resultats de performance

    • Benchmark attendus:

  • TTFB < 100ms
  • 1000 req/s sans degradation
  • Taux hit cache > 90%

    • Phase 2 : Securite Production & Hardening

    Objectifs

  • Implementer les techniques de hardening WordPress 2025
  • Configurer un WAF applicatif
  • Automatiser les audits de securite
  • Gerer les vulnerabilites et mises a jour

    • Contexte menaces 2025

    Statistiques critiques:

  • 7,966 vulnerabilites decouvertes dans l’ecosysteme WordPress en 2024 (+34% vs 2023)
  • Les plugins populaires (WooCommerce, LiteSpeed Cache, The Events Calendar) sont des cibles prioritaires
  • 87.8% des attaques testees contournent les defenses niveau hebergeur
  • Le delai de mise a jour cree les degats, pas l’absence de patches

    • Source: Patchstack Q3 2025 Report

    Competences techniques

    2.1 Hardening wp-config.php

    Configuration securisee complete:

    
  WordPress Configuration securisee - Production 2025
 /

// === CLES DE SECURITE ===
// Generees via https://api.wordpress.org/secret-key/1.1/salt/
define('AUTHKEY',         'votre-cle-unique-generee');
define('SECUREAUTHKEY',  'votre-cle-unique-generee');
define('LOGGEDINKEY',    'votre-cle-unique-generee');
define('NONCEKEY',        'votre-cle-unique-generee');
define('AUTHSALT',        'votre-cle-unique-generee');
define('SECUREAUTHSALT', 'votre-cle-unique-generee');
define('LOGGEDINSALT',   'votre-cle-unique-generee');
define('NONCESALT',       'votre-cle-unique-generee');

// === SECURITE PRODUCTION ===
// Desactiver editeur de fichiers
define('DISALLOWFILEEDIT', true);
define('DISALLOWFILEMODS', true);

// Limiter revisions
define('WPPOSTREVISIONS', 5);
define('AUTOSAVEINTERVAL', 300);

// Vider corbeille automatiquement
define('EMPTYTRASHDAYS', 7);

// Forcer SSL admin
define('FORCESSLADMIN', true);

// Bloquer requetes externes (sauf services approuves)
define('WPHTTPBLOCKEXTERNAL', true);
define('WPACCESSIBLEHOSTS', 'api.wordpress.org,.github.com,.cloudflare.com');

// === PERFORMANCE ===
define('WPMEMORYLIMIT', '256M');
define('WPMAXMEMORYLIMIT', '512M');
define('WPCACHE', true);

// === MODE DEBUG (DESACTIVE EN PRODUCTION) ===
define('WPDEBUG', false);
define('WPDEBUGLOG', false);
define('WPDEBUGDISPLAY', false);
define('SCRIPTDEBUG', false);
@iniset('displayerrors', 0);

// === BASE DE DONNEES ===
define('DBNAME', 'databasename');
define('DBUSER', 'databaseuser');
define('DBPASSWORD', 'strongpasswordhere');
define('DBHOST', 'localhost');
define('DBCHARSET', 'utf8mb4');
define('DBCOLLATE', '');
$tableprefix = 'wp'; // Changer pour prefixe unique en production

// === SECURITE COOKIES ===
define('COOKIEDOMAIN', 'example.com');
define('COOKIEPATH', '/');
define('SITECOOKIEPATH', '/');
define('ADMINCOOKIEPATH', SITECOOKIEPATH . 'wp-admin');

// === PARAMETRES AVANCES ===
define('CONCATENATESCRIPTS', false); // Desactive si HTTP/2 actif
define('COMPRESSSCRIPTS', true);
define('COMPRESSCSS', true);

/ C'est tout, ne modifiez pas ce qui suit ! Bonne publication. /
if ( ! defined( 'ABSPATH' ) ) {
    define( 'ABSPATH', DIR . '/' );
}
requireonce ABSPATH . 'wp-settings.php';

    Rotation cles de securite (recommande tous les 3-6 mois):

    # Generer nouvelles cles
curl -s https://api.wordpress.org/secret-key/1.1/salt/

    2.2 Permissions fichiers et verrouillage systeme

    Permissions optimales:

    # Repertoires
find /var/www/example.com/htdocs -type d -exec chmod 755 {} ;

# Fichiers
find /var/www/example.com/htdocs -type f -exec chmod 644 {} ;

# wp-config.php ultra-securise
chmod 440 /var/www/example.com/htdocs/wp-config.php
chown www-data:www-data /var/www/example.com/htdocs/wp-config.php

# .htaccess
chmod 444 /var/www/example.com/htdocs/.htaccess

    Verrouillage immutabilite (fichiers critiques):

    # Rendre wp-config.php immuable
chattr +i /var/www/example.com/htdocs/wp-config.php

# Verification
lsattr /var/www/example.com/htdocs/wp-config.php

# Retirer l'immutabilite (pour modification)
chattr -i /var/www/example.com/htdocs/wp-config.php

    Protection repertoires sensibles (Nginx):

    # Bloquer acces wp-config.php
location ~ wp-config.php {
    deny all;
}

# Bloquer fichiers sensibles
location ~ .(log|sql|conf|bak|old|git)$ {
    deny all;
}

# Limiter acces wp-login.php par IP (optionnel)
location = /wp-login.php {
    allow 203.0.113.0/24; # Votre IP
    deny all;

    include fastcgiparams;
    fastcgipass php;
}

    2.3 Protection authentification avancee

    A. Authentification a deux facteurs (2FA)

    Plugins recommandes:

  • Two Factor Authentication (gratuit)
  • Wordfence Security (freemium) – Inclut 2FA + WAF
  • WP 2FA (premium)

    • Configuration via WP-CLI:

    # Installer plugin 2FA
wp plugin install two-factor --activate

# Forcer 2FA pour tous les administrateurs
wp user meta update USERID twofactorrequired 1

    B. Limitation tentatives connexion

    Plugin: Limit Login Attempts Reloaded

    Configuration Nginx (alternative):

    # Rate limiting connexions
limitreqzone $binaryremoteaddr zone=login:10m rate=5r/m;

location = /wp-login.php {
    limitreq zone=login burst=2 nodelay;

    include fastcgiparams;
    fastcgipass php;
}

    C. Renommer URL admin

    Plugin: WPS Hide Login

    Avantages:

  • Reduit drastiquement attaques brute-force automatisees
  • Masque /wp-admin et /wp-login.php
  • Configuration simple via interface

    • 2.4 Web Application Firewall (WAF) niveau application

    Solutions 2025:

    1. Patchstack (Recommande)

  • Mitigation couche application (RapidMitigate)
  • Bloque 87.8%+ des exploits WordPress
  • Base de donnees vulnerabilites temps reel
  • Protection virtuelle avant patch officiel

    • 2. Wordfence

  • WAF + scanner vulnerabilites
  • Protection brute-force integree
  • Monitoring temps reel

    • 3. Cloudflare WAF (Niveau edge)

  • Protection DDoS
  • Rate limiting global
  • Rules personnalisables

    • Configuration Cloudflare Rules (exemples):

    # Bloquer scanners connus
(http.useragent contains "nikto") or
(http.useragent contains "sqlmap") or
(http.useragent contains "masscan")
Action: Block

# Rate limiting aggressif wp-login
(http.request.uri.path eq "/wp-login.php")
Action: Rate Limit (5 requests / 5 minutes)

# Bloquer acces xmlrpc.php
(http.request.uri.path eq "/xmlrpc.php")
Action: Block

    Configuration Wordfence recommandee:

    // wp-config.php
define('WFWAFENABLED', true);
define('WFWAFLOGATTACKS', true);
define('WFWAFSTORAGEENGINE', 'mysqli');

    2.5 Discipline mises a jour et gestion vulnerabilites

    Strategie mise a jour 2025:

    1. Surveillance vulnerabilites

    # WP-CLI - Verifier vulnerabilites connues
wp plugin list --field=name | xargs -I {} wp plugin verify-checksums {}

# Vulnerabilite scan automatise
wp vuln check

    2. Automatisation mises a jour mineures

    // wp-config.php - Activer mises a jour auto securite
define('WPAUTOUPDATECORE', 'minor');

// Auto-update plugins de securite
addfilter('autoupdateplugin', 'returntrue');

    3. Workflow mise a jour production

    Processus recommande:

  • Staging: Tester mise a jour sur environnement clone
  • Verification: Tester fonctionnalites critiques
  • Backup: Sauvegarde complete base + fichiers
  • Mise a jour production: Fenetre maintenance
  • Monitoring: Surveiller erreurs 24-48h

    • Script backup pre-update:

    #!/bin/bash
SITE="example.com"
DATE=$(date +%Y%m%d%H%M%S)
BACKUPDIR="/backups/$SITE"

# Backup base de donnees
wp db export "$BACKUPDIR/db$DATE.sql" --path=/var/www/$SITE/htdocs

# Backup fichiers
tar -czf "$BACKUPDIR/files$DATE.tar.gz" -C /var/www/$SITE htdocs

# Garder 7 derniers backups
find "$BACKUPDIR" -name ".sql" -mtime +7 -delete
find "$BACKUPDIR" -name ".tar.gz" -mtime +7 -delete

echo "Backup complete: $DATE"

    4. Monitoring post-update

    # Verifier erreurs PHP
tail -f /var/log/php8.3-fpm.log

# Verifier erreurs Nginx
tail -f /var/log/nginx/error.log

# Monitoring WordPress
wp core verify-checksums

    2.6 Headers de securite HTTP

    Configuration Nginx (/etc/nginx/common/wpcommon.conf):

    # Security headers
addheader X-Frame-Options "SAMEORIGIN" always;
addheader X-Content-Type-Options "nosniff" always;
addheader X-XSS-Protection "1; mode=block" always;
addheader Referrer-Policy "strict-origin-when-cross-origin" always;

# CSP (Content Security Policy) - Adapter a votre site
addheader Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.example.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'self';" always;

# HSTS (HTTP Strict Transport Security) - Attention: preload permanent
addheader Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

# Permissions Policy
addheader Permissions-Policy "geolocation=(), microphone=(), camera=()" always;

    Verification headers:

    curl -I https://example.com | grep -E "(X-Frame|X-Content|Strict-Transport)"

    Outils audit:

  • SecurityHeaders.com
  • Mozilla Observatory

    • Projet pratique Phase 2

    Audit et hardening securite complet:

  • Auditer site existant avec WPScan et Wordfence
  • Implementer toutes configurations hardening wp-config.php
  • Configurer permissions fichiers optimales
  • Installer et configurer 2FA pour tous admins
  • Deployer WAF (Wordfence ou Patchstack)
  • Configurer headers securite HTTP
  • Mettre en place processus backup pre-update
  • Tester tentatives intrusion et verifier blocages
  • Documenter toutes procedures securite

    • Livrable: Documentation securite complete + rapport audit avant/apres

    Ressources:

  • WordPress Security Hardening 2025 – Security Ninja
  • WordPress Developer Handbook – Hardening
  • 30+ Best Practices 2025 – WP Umbrella

    • Phase 3 : CI/CD avec GitHub Actions

    Objectifs

  • Maitriser Git workflows pour WordPress
  • Implementer pipelines CI/CD automatises
  • Deployer automatiquement via GitHub Actions
  • Integrer tests automatises

    • Competences techniques

    3.1 Structure repository Git pour WordPress

    Architecture recommandee:

    mon-site-wordpress/
├── .github/
│   ├── workflows/
│   │   ├── deploy-production.yml
│   │   ├── deploy-staging.yml
│   │   └── code-quality.yml
├── wp-content/
│   ├── themes/
│   │   └── mon-theme/
│   ├── plugins/
│   │   └── mon-plugin/
│   └── mu-plugins/
├── config/
│   ├── wp-config-production.php
│   ├── wp-config-staging.php
│   └── nginx/
│       └── site.conf
├── scripts/
│   ├── deploy.sh
│   └── backup.sh
├── tests/
│   ├── phpunit/
│   └── e2e/
├── .gitignore
├── composer.json
├── package.json
└── README.md

    .gitignore optimise WordPress:

    # WordPress core
/wp-admin/
/wp-includes/
wp-.php
xmlrpc.php
readme.html
license.txt

# Configuration
wp-config.php
.htaccess

# Uploads et cache
wp-content/uploads/
wp-content/cache/
wp-content/upgrade/

# Plugins et themes tiers (geres via composer)
wp-content/plugins/
!wp-content/plugins/mon-plugin/
wp-content/themes/
!wp-content/themes/mon-theme/

# Dependencies
/vendor/
/nodemodules/

# OS et IDE
.DSStore
Thumbs.db
.idea/
.vscode/
.swp

# Backups
.sql
.sql.gz
.tar.gz

    composer.json pour dependencies:

    {
    "name": "example/mon-site",
    "description": "Site WordPress production",
    "type": "project",
    "require": {
        "php": ">=8.2",
        "composer/installers": "^2.0",
        "wpackagist-plugin/redis-cache": "^2.5",
        "wpackagist-plugin/wordfence": "^7.11"
    },
    "require-dev": {
        "phpunit/phpunit": "^10.0",
        "squizlabs/phpcodesniffer": "^3.7",
        "phpstan/phpstan": "^1.10"
    },
    "repositories": [
        {
            "type": "composer",
            "url": "https://wpackagist.org"
        }
    ],
    "extra": {
        "installer-paths": {
            "wp-content/plugins/{$name}/": ["type:wordpress-plugin"],
            "wp-content/themes/{$name}/": ["type:wordpress-theme"]
        }
    }
}

    3.2 GitHub Actions workflow – Deploiement Staging

    .github/workflows/deploy-staging.yml:

    name: Deploy to Staging

on:
  push:
    branches:
      - develop

env:
  SSHHOST: ${{ secrets.STAGINGSSHHOST }}
  SSHUSER: ${{ secrets.STAGINGSSHUSER }}
  SSHPORT: ${{ secrets.STAGINGSSHPORT }}
  DEPLOYPATH: /var/www/staging.example.com/htdocs

jobs:
  deploy:
    name: Deploy to Staging Server
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.3'
          extensions: mbstring, xml, zip
          tools: composer:v2

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install Composer dependencies
        run: |
          composer install --no-dev --optimize-autoloader --no-interaction

      - name: Install NPM dependencies and build
        run: |
          npm ci
          npm run build

      - name: Run PHP CodeSniffer
        run: |
          vendor/bin/phpcs --standard=PSR12 wp-content/themes/mon-theme
          vendor/bin/phpcs --standard=WordPress wp-content/plugins/mon-plugin

      - name: Run PHPStan
        run: vendor/bin/phpstan analyse wp-content/themes/mon-theme wp-content/plugins/mon-plugin

      - name: Setup SSH key
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.STAGINGSSHPRIVATEKEY }}

      - name: Add server to known hosts
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -p $SSHPORT -H $SSHHOST >> ~/.ssh/knownhosts

      - name: Deploy via rsync
        run: |
          rsync -avz 
            --delete 
            --exclude='.git' 
            --exclude='.github' 
            --exclude='nodemodules' 
            --exclude='tests' 
            --exclude='wp-config.php' 
            --exclude='wp-content/uploads' 
            --exclude='wp-content/cache' 
            -e "ssh -p $SSHPORT" 
            ./ $SSHUSER@$SSHHOST:$DEPLOYPATH/

      - name: Run post-deployment commands
        run: |
          ssh -p $SSHPORT $SSHUSER@$SSHHOST << 'ENDSSH'
            cd ${{ env.DEPLOYPATH }}

            # Composer autoload
            composer dump-autoload --optimize --no-dev

            # WP-CLI operations
            wp cache flush --allow-root
            wp rewrite flush --allow-root

            # Permissions
            find . -type f -exec chmod 644 {} ;
            find . -type d -exec chmod 755 {} ;

            # Redis cache clear
            wp redis cli FLUSHDB --allow-root

            echo "Deployment complete!"
          ENDSSH

      - name: Notify deployment
        if: always()
        run: |
          echo "Staging deployment finished: ${{ job.status }}"
          # Integration Slack/Discord possible ici

    3.3 GitHub Actions workflow – Deploiement Production

    .github/workflows/deploy-production.yml:

    name: Deploy to Production

on:
  push:
    branches:
      - main
  workflowdispatch: # Permet declenchement manuel

env:
  SSHHOST: ${{ secrets.PRODSSHHOST }}
  SSHUSER: ${{ secrets.PRODSSHUSER }}
  SSHPORT: ${{ secrets.PRODSSHPORT }}
  DEPLOYPATH: /var/www/example.com/htdocs

jobs:
  test:
    name: Run Tests
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.3'
          extensions: mbstring, xml, zip, mysql

      - name: Install dependencies
        run: composer install --no-interaction

      - name: Run PHPUnit tests
        run: vendor/bin/phpunit tests/

      - name: Run PHP CodeSniffer
        run: vendor/bin/phpcs --standard=WordPress wp-content/themes/ wp-content/plugins/

      - name: Run PHPStan
        run: vendor/bin/phpstan analyse --level=5 wp-content/themes/ wp-content/plugins/

  backup:
    name: Backup Production
    runs-on: ubuntu-latest
    needs: test

    steps:
      - name: Setup SSH key
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.PRODSSHPRIVATEKEY }}

      - name: Create backup
        run: |
          ssh -p $SSHPORT $SSHUSER@$SSHHOST << 'ENDSSH'
            BACKUPDIR="/backups/example.com"
            DATE=$(date +%Y%m%d%H%M%S)

            # Database backup
            wp db export "$BACKUPDIR/pre-deploy$DATE.sql" 
              --path=${{ env.DEPLOYPATH }} 
              --allow-root

            # Files backup
            tar -czf "$BACKUPDIR/files$DATE.tar.gz" 
              -C ${{ env.DEPLOYPATH }} 
              wp-content/themes/mon-theme 
              wp-content/plugins/mon-plugin

            echo "Backup created: $DATE"
          ENDSSH

  deploy:
    name: Deploy to Production
    runs-on: ubuntu-latest
    needs: backup
    environment:
      name: production
      url: https://example.com

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.3'

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Build assets
        run: |
          composer install --no-dev --optimize-autoloader
          npm ci
          npm run build:production

      - name: Setup SSH key
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.PRODSSHPRIVATEKEY }}

      - name: Enable maintenance mode
        run: |
          ssh -p $SSHPORT $SSHUSER@$SSHHOST << 'ENDSSH'
            wp maintenance-mode activate --allow-root 
              --path=${{ env.DEPLOYPATH }}
          ENDSSH

      - name: Deploy files
        run: |
          rsync -avz 
            --delete 
            --exclude='.git' 
            --exclude='nodemodules' 
            --exclude='wp-config.php' 
            --exclude='wp-content/uploads' 
            -e "ssh -p $SSHPORT" 
            ./ $SSHUSER@$SSHHOST:$DEPLOYPATH/

      - name: Post-deployment tasks
        run: |
          ssh -p $SSHPORT $SSHUSER@$SSHHOST << 'ENDSSH'
            cd ${{ env.DEPLOYPATH }}

            # Database migration (si necessaire)
            # wp migrate --allow-root

            # Clear all caches
            wp cache flush --allow-root
            wp rewrite flush --allow-root

            # Redis flush
            wp redis cli FLUSHDB --allow-root

            # Nginx cache purge
            rm -rf /var/run/nginx-cache/

            # OPcache reset
            wp opcache reset --allow-root

            # Permissions
            find wp-content/themes/mon-theme -type f -exec chmod 644 {} ;
            find wp-content/plugins/mon-plugin -type f -exec chmod 644 {} ;

            echo "Post-deployment complete"
          ENDSSH

      - name: Disable maintenance mode
        if: always()
        run: |
          ssh -p $SSHPORT $SSHUSER@$SSHHOST << 'ENDSSH'
            wp maintenance-mode deactivate --allow-root 
              --path=${{ env.DEPLOYPATH }}
          ENDSSH

      - name: Health check
        run: |
          RESPONSE=$(curl -s -o /dev/null -w "%{httpcode}" https://example.com)
          if [ $RESPONSE -ne 200 ]; then
            echo "Health check failed! HTTP $RESPONSE"
            exit 1
          fi
          echo "Health check passed: HTTP $RESPONSE"

      - name: Notify deployment success
        if: success()
        run: echo "Production deployment successful!"

      - name: Notify deployment failure
        if: failure()
        run: echo "Production deployment failed! Rolling back..."

    3.4 Workflow qualite code

    .github/workflows/code-quality.yml:

    name: Code Quality Checks

on:
  pullrequest:
    branches:
      - develop
      - main

jobs:
  code-quality:
    name: Code Quality
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.3'
          coverage: xdebug

      - name: Install dependencies
        run: composer install --no-interaction

      - name: PHP CodeSniffer
        run: |
          vendor/bin/phpcs 
            --standard=WordPress 
            --extensions=php 
            --ignore=vendor 
            wp-content/

      - name: PHPStan Static Analysis
        run: vendor/bin/phpstan analyse --level=6 wp-content/

      - name: PHPUnit with Coverage
        run: vendor/bin/phpunit --coverage-text tests/

      - name: Check WordPress Coding Standards
        run: |
          composer require --dev wp-coding-standards/wpcs
          vendor/bin/phpcs --config-set installedpaths vendor/wp-coding-standards/wpcs
          vendor/bin/phpcs --standard=WordPress-Core wp-content/themes/
          vendor/bin/phpcs --standard=WordPress-Extra wp-content/plugins/

    3.5 Configuration secrets GitHub

    Secrets a configurer dans GitHub (Settings > Secrets and variables > Actions):

    Staging:

  • STAGINGSSHHOST: staging.example.com
  • STAGINGSSHUSER: deployuser
  • STAGINGSSHPORT: 22
  • STAGINGSSHPRIVATEKEY: Cle SSH privee (format PEM)

    • Production:

  • PRODSSHHOST: example.com
  • PRODSSHUSER: deployuser
  • PRODSSHPORT: 22
  • PRODSSHPRIVATEKEY: Cle SSH privee (format PEM)

    • Generation paire cles SSH pour deploiement:

    # Sur votre machine locale
ssh-keygen -t ed25519 -C "github-actions-deploy" -f ~/.ssh/githubdeploykey

# Copier cle publique sur serveur
ssh-copy-id -i ~/.ssh/githubdeploykey.pub deployuser@example.com

# Copier cle privee dans GitHub Secrets
cat ~/.ssh/githubdeploykey

    3.6 Deploiement avec Deployer.org (alternative)

    Installation Deployer:

    composer require --dev deployer/deployer

    deploy.php configuration:

    releases', 3);
set('writablemode', 'chmod');
set('writablechmodmode', '0755');

// Serveurs
host('production')
    ->setHostname('example.com')
    ->setRemoteUser('deployuser')
    ->setDeployPath('/var/www/example.com')
    ->set('branch', 'main')
    ->set('httpuser', 'www-data');

host('staging')
    ->setHostname('staging.example.com')
    ->setRemoteUser('deployuser')
    ->setDeployPath('/var/www/staging.example.com')
    ->set('branch', 'develop')
    ->set('httpuser', 'www-data');

// Fichiers partages entre deploiements
set('sharedfiles', [
    'wp-config.php',
    '.htaccess'
]);

set('shareddirs', [
    'wp-content/uploads',
    'wp-content/cache'
]);

// Fichiers a exclure
set('writabledirs', [
    'wp-content/uploads',
    'wp-content/cache'
]);

// Tasks personnalisees
desc('Clear WordPress cache');
task('wp:cache:clear', function () {
    run('cd {{releasepath}} && wp cache flush --allow-root');
    run('cd {{releasepath}} && wp redis cli FLUSHDB --allow-root');
});

desc('Clear Nginx FastCGI cache');
task('nginx:cache:clear', function () {
    run('rm -rf /var/run/nginx-cache/');
});

desc('Backup database before deploy');
task('wp:db:backup', function () {
    $date = date('YmdHis');
    run("wp db export /backups/{{application}}/db$date.sql --path={{deploypath}}/current --allow-root");
});

// Workflow deploiement
desc('Deploy WordPress');
task('deploy', [
    'deploy:prepare',
    'wp:db:backup',
    'deploy:vendors',
    'deploy:publish',
    'wp:cache:clear',
    'nginx:cache:clear',
    'deploy:cleanup'
]);

after('deploy:failed', 'deploy:unlock');

    GitHub Actions avec Deployer:

    - name: Deploy with Deployer
  run: |
    vendor/bin/dep deploy production 
      --branch=main 
      -vvv

    Projet pratique Phase 3

    Mise en place CI/CD complete:

  • Initialiser repository Git avec structure recommandee
  • Configurer .gitignore et composer.json
  • Creer workflows GitHub Actions (staging + production)
  • Configurer secrets GitHub
  • Implementer tests PHPUnit basiques
  • Configurer PHP CodeSniffer avec standards WordPress
  • Tester deploiement sur staging via push develop
  • Tester deploiement production via push main
  • Implementer rollback automatique en cas d’echec
  • Documenter processus deploiement

    • Livrable: Repository Git fonctionnel + documentation CI/CD + captures deploys reussis

    Ressources:

  • GitHub Actions for WordPress – Axioned
  • rtCamp WordPress Deploy Action
  • Deploying WordPress with GitHub Actions – CSS Tricks

    • Phase 4 : Performance a Grande Echelle

    Objectifs

  • Optimiser pour sites haute concurrence (10000+ visiteurs/jour)
  • Implementer CDN et optimisations edge
  • Maitriser monitoring et observabilite
  • Gerer bases de donnees volumineuses

    • Competences techniques

    4.1 Core Web Vitals et optimisation 2025

    Metriques critiques Google (impact SEO):

  • LCP (Largest Contentful Paint): < 2.5s (bon)
  • FID (First Input Delay): < 100ms (bon)
  • CLS (Cumulative Layout Shift): < 0.1 (bon)
  • TTFB (Time to First Byte): < 600ms (bon), < 200ms (excellent)
  • INP (Interaction to Next Paint): < 200ms (remplace FID en 2024)

    • Impact business:

  • 1 seconde de delai = -7% conversions
  • 53% utilisateurs mobiles abandonnent si chargement > 3s
  • Attention moyenne utilisateur: 8.25 secondes (2025)

    • Source: 15 WordPress Performance Tips 2025 – Odd Jar

    4.2 Optimisation images moderne

    A. Formats modernes (2025)

    AVIF (recommande):

  • Support WordPress Core natif (depuis WP 6.5)
  • Compression superieure a WebP (-30% vs WebP, -50% vs JPEG)
  • Support navigateurs: Chrome 85+, Firefox 93+, Safari 16+

    • WebP (fallback):

  • Support universel navigateurs modernes
  • -25-35% taille vs JPEG qualite equivalente

    • Configuration serveur Nginx:

    # Servir AVIF si supporte
location ~ .(jpg|jpeg|png)$ {
    set $avifsuffix "";
    if ($httpaccept ~ "image/avif") {
        set $avifsuffix ".avif";
    }
    addheader Vary Accept;
    tryfiles $uri$avifsuffix $uri.webp $uri =404;
}

    B. Plugins optimisation images

    Recommandes 2025:

  • Imagify (freemium) – Compression intelligente multi-format
  • ShortPixel (freemium) – AVIF + WebP + lazy loading
  • Smush (freemium) – Compression sans perte qualite

    • Configuration via WP-CLI:

    # Installer Imagify
wp plugin install imagify --activate

# Configuration API
wp option update imagifysettings '{"apikey":"YOURKEY","optimizationlevel":1,"autooptimize":1,"resizelarger":1,"resizelargerw":1920}'

# Optimiser bibliotheque existante (batch)
wp imagify optimize --path=/var/www/example.com/htdocs

    C. Lazy loading natif WordPress

    // Actif par defaut depuis WP 5.5
// Desactiver si conflit avec plugin tiers
addfilter('wplazyloadingenabled', 'returnfalse');

    D. Responsive images (srcset)

    WordPress genere automatiquement srcset. Verification:

    // functions.php - Ajouter tailles personnalisees
addimagesize('hero-desktop', 1920, 1080, true);
addimagesize('hero-tablet', 1024, 768, true);
addimagesize('hero-mobile', 640, 480, true);

// Regenerer vignettes existantes (WP-CLI)
wp media regenerate --yes

    4.3 Optimisation frontend avancee

    A. Minification et concatenation

    Plugin recommande: Autoptimize

    Configuration optimale:

    // wp-config.php
define('AUTOPTIMIZEENABLED', true);

// Via filtre
addfilter('autoptimizefilterjsexclude', function($exclude) {
    return $exclude . ', jquery.js, analytics.js';
});

    Alternative: Asset CleanUp (controle granulaire par page)

    B. Eliminer render-blocking

    Defer JavaScript:

    // functions.php
function deferparsingjs($url) {
    if (isadmin()) return $url;
    if (strpos($url, '.js') === false) return $url;
    if (strpos($url, 'jquery.js')) return $url; // Exclure jQuery
    return strreplace(' src', ' defer src', $url);
}
addfilter('scriptloadertag', 'deferparsingjs', 10);

    Preload critical resources:

    // functions.php
function preloadcriticalassets() {
    echo '';
    echo '';
    echo '';
}
addaction('wphead', 'preloadcriticalassets', 1);

    C. Critical CSS

    Plugin: WP Rocket (premium) – Generation automatique

    Manuel (technique avancee):

    # Installer criticalcss
npm install -g criticalcss

# Generer CSS critique
criticalcss https://example.com > critical.css

    Inline critical CSS:

    // functions.php
function inlinecriticalcss() {
    echo '';
}
addaction('wphead', 'inlinecriticalcss', 1);

// Charger CSS complet async
function asyncloadcss() {
    echo '';
}
addaction('wphead', 'asyncloadcss', 2);

    D. Speculation Rules API (2025)

    WordPress Core supporte desormais Speculation Rules pour pre-chargement instantane:

    // functions.php - Activer prefetch liens
function addspeculationrules() {
    ?>
    
    action('wpfooter', 'addspeculationrules');

    Resultat: Chargement quasi-instantane pages suivantes

    4.4 CDN et optimisations edge

    A. Configuration Cloudflare (recommande)

    Plan Pro minimum pour:

  • Polish (optimisation images automatique)
  • Mirage (lazy loading intelligent)
  • Argo Smart Routing (acceleration -30% TTFB)
  • Workers (edge computing)

    • Settings optimaux Cloudflare:

    Speed > Optimization:

  • Auto Minify: ON (HTML, CSS, JS)
    • 

  • Brotli: ON
    • 

  • Early Hints: ON
    • 

  • Rocket Loader: OFF (conflit WordPress)
    • 

  • HTTP/3 (with QUIC): ON
    • 

Caching:

  • Caching Level: Standard
    • 

  • Browser Cache TTL: Respect Existing Headers
    • 

  • Always Online: ON
    • 

Page Rules (example.com/):

  • Cache Level: Cache Everything
    • 

  • Edge Cache TTL: 1 month
    • 

  • Browser Cache TTL: 4 hours
    •

    Plugin WordPress: Cloudflare (officiel) – Purge cache automatique

    B. Cloudflare Workers pour optimisations edge

    Worker HTML minification:

    addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  const response = await fetch(request)
  const contentType = response.headers.get('content-type')

  if (contentType && contentType.includes('text/html')) {
    let html = await response.text()

    // Minification basique
    html = html.replace(/s+/g, ' ')
               .replace(/>s+<')

    return new Response(html, {
      headers: response.headers,
      status: response.status
    })
  }

  return response
}

    C. Configuration headers cache

    Nginx configuration:

    # Cache statique agressif
location ~ .(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
    expires 1y;
    addheader Cache-Control "public, immutable";
    accesslog off;
}

# HTML - cache court avec revalidation
location ~ .html$ {
    expires 1h;
    addheader Cache-Control "public, must-revalidate";
}

    WordPress headers cache:

    // functions.php
function setcacheheaders() {
    if (!isuserloggedin() && !isadmin()) {
        header('Cache-Control: public, max-age=3600, must-revalidate');
        header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 3600) . ' GMT');
    }
}
addaction('sendheaders', 'setcacheheaders');

    4.5 Base de donnees haute performance

    A. Configuration MariaDB 10.11 optimisee

    my.cnf pour serveur 8GB RAM:

    [mysqld]
# Performance schema
performanceschema = ON

# InnoDB settings
innodbbufferpoolsize = 4G        # 50% RAM disponible
innodblogfilesize = 512M
innodbflushlogattrxcommit = 2  # Performance (risque perte 1s data)
innodbflushmethod = ODIRECT
innodbfilepertable = 1

# Query cache (deprecated MySQL 8+, ok MariaDB)
querycachetype = 1
querycachesize = 256M
querycachelimit = 2M

# Connections
maxconnections = 200
threadcachesize = 50

# Temp tables
tmptablesize = 256M
maxheaptablesize = 256M

# Logs
slowquerylog = 1
slowquerylogfile = /var/log/mysql/slow-query.log
longquerytime = 2
logqueriesnotusingindexes = 1

# Character set
charactersetserver = utf8mb4
collationserver = utf8mb4unicodeci

    B. Optimisation tables WordPress

    Nettoyage regulier:

    -- Supprimer revisions anciennes (garder 5 dernieres)
DELETE FROM wpposts
WHERE posttype = 'revision'
AND ID NOT IN (
    SELECT ID FROM (
        SELECT ID FROM wpposts
        WHERE posttype = 'revision'
        ORDER BY postmodified DESC
        LIMIT 5
    ) tmp
);

-- Vider corbeille
DELETE FROM wpposts WHERE poststatus = 'trash';

-- Supprimer transients expires
DELETE FROM wpoptions WHERE optionname LIKE 'transient%';

-- Optimiser tables
OPTIMIZE TABLE wpposts, wppostmeta, wpoptions, wpcomments, wpcommentmeta;

    Automatisation via WP-CLI:

    # Script cron hebdomadaire
#!/bin/bash
wp transient delete --all --path=/var/www/example.com/htdocs --allow-root
wp post delete $(wp post list --poststatus=trash --format=ids --path=/var/www/example.com/htdocs --allow-root) --force --allow-root
wp db optimize --path=/var/www/example.com/htdocs --allow-root

    C. Index personalises haute performance

    Requetes lentes communes WordPress:

    -- Trouver requetes lentes
SELECT  FROM mysql.slowlog ORDER BY querytime DESC LIMIT 10;

-- Index metakey pour postmeta (requetes custom fields)
CREATE INDEX metakeyvalue ON wppostmeta(metakey, metavalue(20));

-- Index recherche commentaires
CREATE INDEX commentapprovedpostid ON wpcomments(commentapproved, commentpostID);

    Plugin recommande: Query Monitor - Identification requetes lentes temps reel

    D. Read replicas et load balancing (tres haute volumetrie)

    Configuration HyperDB (multi-DB):

    // db-config.php
$wpdb->adddatabase(array(
    'host'     => '192.168.1.10', // Master
    'user'     => 'wpuser',
    'password' => 'password',
    'name'     => 'wordpressdb',
    'write'    => 1,
    'read'     => 1,
));

$wpdb->adddatabase(array(
    'host'     => '192.168.1.11', // Replica 1 (read-only)
    'user'     => 'wpuser',
    'password' => 'password',
    'name'     => 'wordpressdb',
    'write'    => 0,
    'read'     => 1,
));

$wpdb->adddatabase(array(
    'host'     => '192.168.1.12', // Replica 2 (read-only)
    'user'     => 'wpuser',
    'password' => 'password',
    'name'     => 'wordpressdb',
    'write'    => 0,
    'read'     => 1,
));

    4.6 Monitoring et observabilite

    A. Monitoring serveur avec Netdata

    Installation:

    # Installation one-liner
bash <(curl -Ss https://get.netdata.cloud/kickstart.sh)

# Acces: http://votre-ip:19999

    Metriques surveillees:

  • CPU, RAM, I/O disque temps reel
  • Nginx connections et requests/s
  • PHP-FPM pools et memoire
  • MySQL queries et slow queries
  • Redis memory et ops/s

    • B. Application Performance Monitoring (APM)

    New Relic (recommande):

    # Installer agent PHP
wget -O - https://download.newrelic.com/548C16BF.gpg | apt-key add -
echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' > /etc/apt/sources.list.d/newrelic.list
apt update
apt install newrelic-php5

# Configuration
newrelic-install install

# Redemarrer PHP-FPM
systemctl restart php8.3-fpm

    Plugin WordPress: New Relic Reporting

    C. Monitoring WordPress avec Query Monitor

    # Installation
wp plugin install query-monitor --activate --allow-root

    Fonctionnalites:

  • Requetes base de donnees + temps execution
  • Hooks WordPress executes
  • Scripts et styles charges
  • Erreurs PHP et notices
  • HTTP API calls

    • D. Uptime monitoring externe

    Services recommandes:

  • UptimeRobot (gratuit) - Check toutes les 5min
  • Pingdom (premium) - Monitoring multi-regions
  • Hetrix Tools (freemium) - Monitoring serveur + blacklist

    • Configuration webhook alertes:

    # Script alerte Slack
#!/bin/bash
SLACKWEBHOOK="https://hooks.slack.com/services/YOUR/WEBHOOK/URL"

MESSAGE="ALERT: Site example.com DOWN!"

curl -X POST -H 'Content-type: application/json' 
  --data "{"text":"$MESSAGE"}" 
  $SLACKWEBHOOK

    E. Logs centralises

    Configuration rsyslog vers service central:

    # /etc/rsyslog.d/50-wordpress.conf
# Envoyer logs Nginx/PHP vers serveur centralise
. @logs.example.com:514

    Alternative cloud: Logtail, Papertrail, Datadog Logs

    Projet pratique Phase 4

    Optimisation site haute performance complete:

  • Auditer site existant (GTmetrix, PageSpeed Insights, WebPageTest)
  • Implementer formats images modernes (AVIF + WebP)
  • Configurer CDN Cloudflare avec settings optimaux
  • Implementer critical CSS et defer JS
  • Activer Speculation Rules API
  • Optimiser configuration MariaDB selon RAM disponible
  • Creer index base de donnees personnalises
  • Installer et configurer monitoring (Netdata + Query Monitor)
  • Effectuer tests charge avant/apres (k6, Apache Bench)
  • Documenter gains performance (screenshots audits)

    • Objectifs mesurables:

  • PageSpeed Score > 90 (mobile et desktop)
  • TTFB < 200ms
  • LCP < 2s
  • 1000+ req/s soutenus
  • Capacite 500+ utilisateurs concurrents

    • Ressources:

  • Ultimate WordPress Performance Guide 2025 - WP Engine
  • WordPress Performance Analysis - WordPress.com
  • Best Caching Setups VPS 2025 - Fussion Host

    • Phase 5 : Workflows Assistes par IA

    Objectifs

  • Integrer Claude.ai et ChatGPT dans workflow developpement
  • Accelerer developpement plugins/themes avec IA
  • Automatiser taches repetitives avec IA
  • Debugger et optimiser code avec assistance IA

    • Competences techniques

    5.1 Claude Code pour developpement WordPress

    A. Configuration environnement local + Claude Code

    Contexte 2025: Claude Code est devenu l'outil de reference pour le developpement WordPress assiste par IA grace a son contexte 200K tokens permettant d'analyser des codebases completes.

    Setup recommande:

  • Local by Flywheel ou Laravel Herd pour environnement local
  • Claude Pro (20$/mois) ou Claude Max (100$/mois) - Usage illimite recommande
  • VS Code avec extension Claude (si disponible)

    • Workflow "Vibe Coding" (methode 2025):

  • Wireframe ASCII - Visualiser sans coder
  • Requirements - Definir specifications
  • Rules - Etablir contraintes techniques
  • Execution - Laisser Claude generer code

    • Exemple session Claude Code:

    /wordpress-local

[Claude analyse automatiquement votre environnement WordPress local]

Vous: Je veux creer un plugin de gestion d'inventaire pour WooCommerce
avec les fonctionnalites suivantes:

  • Alertes stock bas
    • 

  • Import CSV produits
    • 

  • Dashboard avec graphiques
    • 

  • API REST pour integration tierce
    • 

Utilise:

  • WordPress Coding Standards
    • 

  • React pour dashboard
    • 

  • Chart.js pour graphiques
    • 

  • WP-CLI pour commandes
    • 

Claude: [Genere architecture complete + code en 15-20 minutes]

    Source: How I Vibe Code WordPress Plugin in 50min - Nathan Onn

    B. Custom instructions pour Claude (contexte WordPress)

    Fichier .claude-instructions (racine projet):

    # WordPress Development Context

## Environment

  • WordPress Version: 6.7+
    • 

  • PHP Version: 8.3
    • 

  • Database: MariaDB 10.11
    • 

  • Server: Nginx + PHP-FPM
    • 

## Coding Standards

  • Follow WordPress Coding Standards (WPCS)
    • 

  • Use WordPress functions over native PHP when possible
    • 

  • Sanitize inputs, escape outputs
    • 

  • Use prepared statements for database queries
    • 

  • Add nonce verification for forms
    • 

  • Use wpenqueuescript/style for assets
    • 

## Naming Conventions

  • Plugin prefix: yawc
    • 

  • Text domain: your-awesome-wordpress-course
    • 

  • Hook prefix: yawc
    • 

## Security Requirements

  • Validate and sanitize all inputs
    • 

  • Escape all outputs
    • 

  • Use nonces for form submissions
    • 

  • Check user capabilities
    • 

  • Prepare database queries
    • 

## Performance

  • Minimize database queries
    • 

  • Use transients for caching
    • 

  • Enqueue scripts in footer when possible
    • 

  • Conditional loading (only load when needed)
    • 

## Preferred Patterns

  • Object-oriented for plugins
    • 

  • Singleton pattern for main plugin class
    • 

  • Action/Filter hooks over direct function calls
    • 

  • WP-CLI commands for admin tasks
    •

    C. Prompts efficaces pour developpement WordPress

    Generation plugin complet:

    Cree un plugin WordPress "Advanced Contact Form" avec:

Architecture:

  • Namespace: AdvancedContactForm
    • 

  • Classe principale singleton
    • 

  • Separation concerns (Admin, Frontend, API)
    • 

Fonctionnalites:

  • Shortcode [acfform]
    • 

  • Gutenberg block
    • 

  • Validation AJAX
    • 

  • Stockage submissions en CPT
    • 

  • Export CSV admin
    • 

  • API REST endpoint
    • 

  • Hooks pour extensions
    • 

Requirements techniques:

  • WordPress 6.4+
    • 

  • PHP 8.2+
    • 

  • Coding Standards WordPress
    • 

  • Inline documentation PHPDoc
    • 

  • Internationalisation complete
    • 

  • Uninstall cleanup
    • 

Genere structure complete avec tous fichiers.

    Debugging assistance:

    J'ai cette erreur WordPress:

[Error log content]

Context:

  • Plugin: [nom]
    • 

  • Fonction: [fonction]
    • 

  • Action declenchante: [action]
    • 

Analyse l'erreur, identifie la cause racine et propose solution + code corrige.

    Optimisation performance:

    Analyse cette fonction WordPress et optimise-la pour performance:

[Code a optimiser]

Focus sur:

  • Reduction requetes DB
    • 

  • Utilisation caching
    • 

  • Optimisation boucles
    • 

  • N+1 queries
    • 

Fournis version optimisee + explication changements.

    5.2 ChatGPT pour taches rapides et repetitives

    Comparaison ChatGPT vs Claude (WordPress 2025):

    Claude Pro:

  • Architecture et planification
  • Analyse codebase large (200K tokens)
  • Debugging complexe
  • Refactoring

    • ChatGPT Pro:

  • Code generation rapide
  • Taches repetitives
  • Snippets code
  • Documentation

    • Source: ChatGPT Pro vs Claude Pro WordPress Development - Varun Dubey

    Approche hybride recommandee (2025):

    Planning/Architecture → Claude Pro
Implementation rapide → ChatGPT Pro + GitHub Copilot
Debugging complexe → Claude Code
Documentation → ChatGPT

    B. ChatGPT pour generation code snippets

    Prompt template efficace:

    Cree un snippet WordPress pour [fonctionnalite]

Contraintes:

  • Compatible WordPress 6.4+
    • 

  • Suit WordPress Coding Standards
    • 

  • Inclut sanitization/validation
    • 

  • Ajoute comments inline
    • 

  • Gere erreurs
    • 

Format: Code pret a copier-coller dans functions.php ou plugin

    Exemples use cases:

    Custom post type:

    Cree un CPT "Portfolio" avec:

  • Taxonomies: Type (hierarchique), Tags (non-hierarchique)
    • 

  • Supports: title, editor, thumbnail, excerpt
    • 

  • Archive publique
    • 

  • REST API enabled
    • 

  • Icone dashicons-portfolio
    • 

  • Rewrite slug: /projets/
    •

    Custom REST endpoint:

    Cree endpoint REST WordPress:

GET /wp-json/myapi/v1/stats

Response:
{
  "totalposts": int,
  "totalusers": int,
  "populartags": array
}

Securite: Accessible seulement admin
Cache: 1 heure via transients

    C. GitHub Copilot integration

    Installation VS Code:

    # Extension GitHub Copilot
code --install-extension GitHub.copilot

    Settings optimaux WordPress (settings.json):

    {
  "github.copilot.enable": {
    "": true,
    "yaml": true,
    "plaintext": false,
    "markdown": true,
    "php": true
  },
  "github.copilot.advanced": {
    "language": {
      "php": {
        "completions": {
          "wordpress": true
        }
      }
    }
  }
}

    Workflow recommande:

    Developpement general → GitHub Copilot (inline suggestions)
Questions complexes → Claude Code (browser tab ouvert)
Snippets rapides → ChatGPT (second ecran)

    Source: 7 Smart Ways to Use AI in WordPress - Kinsta

    5.3 Automatisation workflows avec IA

    A. Uncanny Automator + OpenAI/Claude

    Plugin: Uncanny Automator Pro (integration OpenAI et Anthropic Claude)

    Use cases automatisation:

    1. Moderation commentaires intelligente:

    Trigger: Nouveau commentaire soumis
Action: Envoyer a Claude API
Prompt: "Analyse ce commentaire et determine s'il est:

  • Spam
    • 

  • Inapproprie
    • 

  • Legitime
    • 

Commentaire: {{commentcontent}}
Auteur: {{commentauthor}}"

Condition:

  • Si "spam" ou "inapproprie" → Marquer spam
    • 

  • Si "legitime" → Approuver
    •

    2. Generation descriptions produits WooCommerce:

    Trigger: Nouveau produit publie sans description
Action: Envoyer a ChatGPT API
Prompt: "Genere description produit SEO-optimisee (150-200 mots) pour:

Nom: {{productname}}
Categorie: {{productcategory}}
Attributs: {{productattributes}}

Ton: Professionnel, persuasif
Focus: Benefices client"

Action: Mettre a jour postcontent du produit

    3. Reponses emails personnalisees:

    Trigger: Soumission formulaire contact
Action: Envoyer a Claude API avec historique client
Prompt: "Genere reponse personnalisee basee sur:

Message client: {{formmessage}}
Historique: {{userpurchasehistory}}
Categorie question: {{formcategory}}

Ton: Amical, professionnel
Longueur: 100-150 mots"

Action: Envoyer email + ajouter tag CRM

    B. WP-CLI + IA pour maintenance automatisee

    Script analyse securite avec Claude API:

    #!/bin/bash
# audit-security-ai.sh

SITEPATH="/var/www/example.com/htdocs"
CLAUDEAPIKEY="your-api-key"

# Generer rapport WPScan
wpscan --url https://example.com --format json > /tmp/wpscan-report.json

# Envoyer a Claude pour analyse
REPORT=$(cat /tmp/wpscan-report.json)

RESPONSE=$(curl -s https://api.anthropic.com/v1/messages 
  -H "x-api-key: $CLAUDEAPIKEY" 
  -H "anthropic-version: 2023-06-01" 
  -H "content-type: application/json" 
  -d "{
    "model": "claude-3-5-sonnet-20241022",
    "maxtokens": 2048,
    "messages": [{
      "role": "user",
      "content": "Analyse ce rapport WPScan et fournis recommandations priorisees pour securiser le site. Focus sur vulnerabilites critiques et actions immediates.nnRapport:n$REPORT"
    }]
  }")

# Extraire recommandations et envoyer par email
echo "$RESPONSE" | jq -r '.content[0].text' | mail -s "Audit Securite IA - $(date)" admin@example.com

    C. Generation contenu avec IA + publication automatique

    Plugin: AI Engine + WP Cron

    Workflow blog automatise:

    // functions.php - Generer article hebdomadaire

addaction('aiweeklypostgeneration', 'generateaiweeklypost');

function generateaiweeklypost() {
    // Topics pre-definis
    $topics = getoption('aiblogtopics', [
        'WordPress performance optimization',
        'Security best practices',
        'Plugin development tutorials'
    ]);

    $randomtopic = $topics[arrayrand($topics)];

    // API OpenAI
    $prompt = "Ecris article blog 800-1000 mots sur: $randomtopic

    Structure:
    - Introduction accrocheuse
    - 3-4 sections avec sous-titres H2
    - Exemples concrets
    - Conclusion avec CTA

    Ton: Expert mais accessible
    SEO: Inclure mot-cle naturellement 5-7 fois";

    $response = openaicompletion([
        'model' => 'gpt-4-turbo',
        'messages' => [
            ['role' => 'system', 'content' => 'Tu es expert WordPress et redacteur technique.'],
            ['role' => 'user', 'content' => $prompt]
        ],
        'maxtokens' => 2000
    ]);

    $content = $response['choices'][0]['message']['content'];

    // Creer brouillon
    $postid = wpinsertpost([
        'posttitle'   => "AI Generated: $randomtopic",
        'postcontent' => $content,
        'poststatus'  => 'draft',
        'postauthor'  => 1,
        'postcategory'=> [getcatID('AI Content')]
    ]);

    // Notifier admin pour review
    wpmail(
        getoption('adminemail'),
        'Nouveau brouillon IA genere',
        "Article genere sur: $randomtopicnReview: " . geteditpostlink($postid)
    );
}

// Scheduler hebdomadaire
if (!wpnextscheduled('aiweeklypostgeneration')) {
    wpscheduleevent(time(), 'weekly', 'aiweeklypostgeneration');
}

    5.4 Cas d'usage avances IA WordPress

    A. Refactoring legacy code avec Claude

    Prompt structure:

    Refactore ce code WordPress legacy vers modern standards:

[Ancien code]

Requirements:

  • PHP 8.3 compatible
    • 

  • Object-oriented
    • 

  • WordPress Coding Standards
    • 

  • Type hints strict
    • 

  • Error handling robuste
    • 

  • PHPDoc complete
    • 

  • Backward compatibility optionnelle
    • 

Explique changements majeurs et rationale.

    B. Generation tests unitaires automatique

    Prompt ChatGPT:

    Genere tests PHPUnit pour cette classe WordPress:

[Code classe]

Coverage requise:

  • Tous methodes publiques
    • 

  • Edge cases
    • 

  • Error handling
    • 

  • WordPress integration (use BrainMonkey)
    • 

Format: PHPUnit 10+ compatible

    C. Optimisation requetes base de donnees

    Prompt Claude:

    Analyse ces logs Query Monitor et optimise les requetes problematiques:

[Query logs]

Focus:

  • Eliminer N+1 queries
    • 

  • Ajouter index appropries
    • 

  • Utiliser WPQuery efficacement
    • 

  • Implementer object caching
    • 

Fournis:

  • SQL index a creer
    • 

  • Code optimise
    • 

  • Impact performance estime
    •

    D. Creation documentation automatique

    Script avec ChatGPT API:

    #!/bin/bash
# generate-docs.sh

# Extraire tous fichiers PHP plugin
PLUGINDIR="/var/www/example.com/htdocs/wp-content/plugins/mon-plugin"
PHPFILES=$(find "$PLUGINDIR" -name ".php")

# Concatener code source
CODE=""
for file in $PHPFILES; do
    CODE+="=== $file ===n"
    CODE+=$(cat "$file")
    CODE+="nn"
done

# Generer documentation via ChatGPT
curl -s https://api.openai.com/v1/chat/completions 
  -H "Authorization: Bearer $OPENAIAPIKEY" 
  -H "Content-Type: application/json" 
  -d "{
    "model": "gpt-4-turbo",
    "messages": [{
      "role": "user",
      "content": "Genere documentation technique complete pour ce plugin WordPress. Inclus: architecture, hooks disponibles, exemples utilisation, API reference.nnCode:n$CODE"
    }],
    "maxtokens": 4000
  }" | jq -r '.choices[0].message.content' > "$PLUGINDIR/DOCUMENTATION.md"

echo "Documentation generee: $PLUGINDIR/DOCUMENTATION.md"

    Projet pratique Phase 5

    Integration IA complete dans workflow:

  • Configurer Claude Pro + ChatGPT Pro
  • Installer GitHub Copilot dans VS Code
  • Creer plugin WordPress complet avec assistance Claude (30-60min)
  • Generer tests unitaires automatiques avec ChatGPT
  • Implementer automatisation Uncanny Automator + OpenAI
  • Creer script maintenance assiste IA (audit securite, optimization)
  • Generer documentation automatique projet
  • Mesurer gains productivite (temps avant/apres IA)

    • Livrable:

  • Plugin fonctionnel genere avec IA
  • Documentation complete auto-generee
  • Scripts automatisation
  • Rapport gains productivite (estimation 40-60% reduction temps developpement)

    • Ressources:

  • Building WordPress AI Workflow - JPTWeb
  • WordPress AI Plugins Guide 2025 - Wordable
  • AI Workflow Automation WordPress - Bit Flows

    • Projet Final : Deploiement Infrastructure Production Complete

    Objectif

    Deployer une infrastructure WordPress production complete integrant toutes competences acquises.

    Specifications techniques

    Infrastructure:

  • VPS Debian 12 (8GB RAM, 4vCPU, NVMe)
  • WordOps stack optimise
  • Multi-environnements (staging + production)
  • Monitoring complet

    • Performance:

  • Cache Nginx FastCGI + Redis Object Cache
  • CDN Cloudflare configure
  • Optimisations images (AVIF/WebP)
  • Score PageSpeed > 90

    • Securite:

  • Hardening complet wp-config.php
  • WAF niveau application
  • 2FA tous administrateurs
  • Headers securite HTTP
  • SSL A+ rating

    • CI/CD:

  • Repository Git structure
  • GitHub Actions pipelines (staging + production)
  • Tests automatises (PHPUnit, PHPCS, PHPStan)
  • Deploiements automatiques
  • Rollback automatique si echec

    • Monitoring:

  • Netdata metriques serveur
  • New Relic APM
  • Query Monitor WordPress
  • Uptime monitoring externe
  • Alertes Slack/Email

    • IA Integration:

  • Workflows assistes Claude/ChatGPT
  • Automatisations Uncanny Automator
  • Scripts maintenance IA

    • Livrables

  • Documentation technique complete:

    • - Architecture infrastructure
    - Procedures deploiement
    - Runbooks incidents
    - Guide maintenance

  • Repository Git:

    • - Code source organise
    - Workflows CI/CD fonctionnels
    - Tests automatises
    - Documentation inline

  • Dashboards monitoring:

    • - Screenshots Netdata
    - Rapports New Relic
    - Audits performance (GTmetrix, PageSpeed)

  • Rapport performance:

    • - Benchmarks charge (k6, Apache Bench)
    - Metriques Core Web Vitals
    - Capacite utilisateurs concurrents
    - TTFB, LCP, FID, CLS

  • Audit securite:

    • - Rapport WPScan
    - Scan headers (SecurityHeaders.com)
    - SSL Labs rating
    - Procedures incident response

    Criteres evaluation

  • Performance: TTFB < 200ms, PageSpeed > 90, 500+ utilisateurs concurrents
  • Securite: Zero vulnerabilites critiques, A+ SSL, tous headers securite
  • CI/CD: Deploiement automatique < 5min, tests passes 100%
  • Monitoring: Alertes fonctionnelles, metriques collectees
  • Documentation: Complete, claire, reproductible

    • Ressources Complementaires

    Documentation officielle

  • WordPress Developer Handbook
  • WordPress Advanced Administration
  • WordOps Documentation
  • Nginx Documentation
  • MariaDB Knowledge Base

    • Outils performance

  • GTmetrix
  • PageSpeed Insights
  • WebPageTest
  • k6 Load Testing

    • Outils securite

  • WPScan
  • Sucuri SiteCheck
  • SecurityHeaders.com
  • SSL Labs

    • Communautes

  • WordPress StackExchange
  • WordOps Community Forum
  • r/WordPress
  • WP Tavern

    • Formation continue

  • WordPress TV
  • Smashing Magazine WordPress
  • CSS-Tricks WordPress

    • Conclusion

    Ce parcours intermediaire vous a equipe des competences essentielles pour gerer des infrastructures WordPress production haute performance. Vous maitrisez desormais:

  • Le deploiement et l'optimisation de stacks VPS avec WordOps
  • L'implementation de caches multi-couches (Nginx FastCGI + Redis)
  • Les techniques de hardening securite 2025 (face a 7966+ vulnerabilites annuelles)
  • L'automatisation complete CI/CD avec GitHub Actions
  • L'optimisation performance grande echelle (Core Web Vitals, CDN, database)
  • L'integration workflows IA pour accelerer productivite 40-60%

    • Prochaines etapes: Parcours Avance - Architecture haute disponibilite, Kubernetes WordPress, scaling horizontal, disaster recovery.

    Duree moyenne realisation: 12-16 semaines a raison de 15-20h/semaine.

    Bon courage dans votre apprentissage!

    Version: 1.0
    Derniere mise a jour: Decembre 2025
    Auteur: You Are Welcome Community
    License:* CC BY-SA 4.0

    Sources

    Ce parcours s'appuie sur des donnees verifiees et des guides techniques publies en 2025:

    Performance WordPress

  • 15 Proven WordPress Performance Optimization Tips That Actually Work in 2025
  • Ultimate WordPress Performance Optimization Guide - WP Engine
  • WordPress Performance Analysis - WordPress.com
  • Best Caching Setups for WordPress VPS in 2025

    • CI/CD et GitHub Actions

  • Continuous Deployments for WordPress Using GitHub Actions - CSS-Tricks
  • GitHub Actions for WordPress - Axioned Handbook
  • rtCamp WordPress Deploy Action
  • Building a CI/CD Workflow - Pressidium

    • WordOps et VPS

  • WordOps: Complete Review and Hands-On Guide - BigMike.help
  • Installing WordOps on VPS: Ultimate Guide - Linux Nest
  • WordOps Official Documentation

    • Securite WordPress

  • WordPress Security Hardening Guide 2025 - Security Ninja
  • WordPress Security Best Practices 2025 - WP Umbrella
  • Hardening WordPress - WordPress Developer Handbook
  • Q3 2025 Most Exploited WordPress Vulnerabilities - Patchstack

    • Cache et Performance

  • Redis Object Caching for WordPress 2025 - Boosted Host
  • Configure Redis Object Cache - Boosted Host
  • Configuring Nginx FastCGI Cache - DoHost
  • How To Use NGINX FastCGI Cache - RunCloud

    • IA et WordPress

  • How I Vibe Code WordPress Plugin with Claude Code - Nathan Onn
  • Building WordPress AI Dev Workflow with Claude Code - JPTWeb
  • ChatGPT Pro vs Claude Pro WordPress Development - Varun Dubey
  • 7 Smart Ways to Use AI in WordPress - Kinsta
  • WordPress AI Plugins Guide 2025 - Wordable
  • AI Workflow Automation in WordPress - Bit Flows

    • Lectures voisines

    Toute l'archive →
    № 01 2026.05.19 · 5 min

    VMs et containers LXC sur Proxmox : premiers pas et bonnes pratiques
    № 02 2026.05.15 · 6 min

    Installer Proxmox VE sur Minisforum MS-01 : guide pas-à-pas 2026
    № 03 2026.05.12 · 6 min

    Minisforum MS-01 : le mini-PC idéal pour un homelab en 2026 ?

    Une remarque, un retour ?

    Cet article est vivant — corrections, contre-arguments et retours de production sont les bienvenus. Trois canaux, choisissez celui qui vous convient.

    Laisser un commentaire Écrire un email À propos de l'atelier