Wordpress README Update

[palmcoasty]

Summary

Testing

• jq . templates/<template-name>/template.json
• Validated template or docs using the listed commands
• Other (add details below)

Validation details

Checklist

• I installed the pre-commit hooks and ran pre-commit run --all-files.
• I described the service or scenario this change targets.
• template.json references only files shipped in the same template directory.
• Template docs note how to import it (plugin bundle and/or web UI upload).
• I updated configs, screenshots, or notes impacted by this change.
• I linked related issues or discussions and added context for reviewers.

[TheophileDiot]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

WordPress Template Addition

Files added:

• templates/wordpress/README.md (47 lines)
• templates/wordpress/template.json (complete template definition)
• templates/wordpress/configs/modsec/wordpress_false_positives.conf (CRS tuning)

Template schema (template.json):

• Standard reverse proxy configuration for WordPress upstream
• TLS provisioning via Let's Encrypt (staging mode disabled, HTTP challenge)
• Request throttling enabled (5r/s, global URL scope)
• ModSecurity integration with CRS plugin activation (wordpress-rule-exclusions)
• Crawler IP whitelisting enabled (Google, Yandex, Bing, Baidu, LinkedIn)
• Large file upload support (MAX_CLIENT_SIZE: 50m)

Security configuration (configs/modsec/wordpress_false_positives.conf):

• CRS rule exclusions for WordPress-specific endpoints: /wp-admin/admin-ajax.php (IDs 941130, 942200, 942440, 942450) and /xmlrpc.php (IDs 949110, 949120)
• Extended content-type allowlist for REST API, multipart uploads, XML-RPC, and JSON payloads
• Critical note: REST API (PUT, DELETE methods) is disabled by default (ALLOWED_METHODS: GET|POST|HEAD|OPTIONS); users must explicitly add PUT|DELETE to enable it

README documentation:

• Includes prominent disclaimer and instructions for REST API enablement
• Documents ModSecurity exclusion plugin usage
• Covers standard setup (UI import, plugin bundle), customisation (reverse proxy host, rate limits, crawler whitelisting), and validation steps
• References actual files that exist in the template directory

Repository documentation impact:

• CHANGELOG.md was not updated in this PR; the WordPress template entry is absent from the ## Unreleased section

Pre-commit/tooling:

• No .pre-commit-config.yaml or .prettierignore changes specific to this template

Walkthrough

Documentation update to the WordPress template README, adding a disclaimer that the REST API is disabled by default and providing instructions for enabling it by modifying the ALLOWED_METHODS parameter to include PUT|DELETE operations.

Changes

Cohort / File(s)	Summary
Documentation templates/wordpress/README.md	Added REST API disabled-by-default disclaimer with configuration guidance for ALLOWED_METHODS. Includes before/after examples demonstrating default versus updated values. Minor markdown formatting and wording refinements applied throughout.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A template's tale, now crystal clear,
REST API: disabled, never fear!
With ALLOWED_METHODS the path is shown,
To PUT and DELETE, make them your own.
📝✨

🚥 Pre-merge checks | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is a template scaffold with unchecked boxes and empty placeholders, containing no actual summary of the changes made.	Fill in the Summary section with a concise overview of what was changed (e.g., the REST API disclaimer and enabled methods documentation added to the README).
Title check	❓ Inconclusive	The title is vague and generic, lacking imperative mood and specific detail about the change (e.g., which aspect of the README was updated).	Use imperative mood with specific focus, e.g., 'docs: add WordPress REST API disclaimer to README' or 'docs: update WordPress template README with REST API instructions'.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@templates/wordpress/README.md`:
- Line 26: Add a single blank line before the "## Files" heading to satisfy
Markdown formatting (MD022); locate the heading "## Files" in
templates/wordpress/README.md and insert one empty line immediately above it so
the heading is separated from the previous content.
- Line 39: The README heading "## Customization Tips" uses American spelling;
update that heading text (the line containing "## Customization Tips") to
British English by changing "Customization" to "Customisation" so it reads "##
Customisation Tips" to comply with the documentation style guide.
- Around line 5-20: Fix the README markdown by adding blank lines around the
fenced code blocks and a language specifier, and ensure a blank line precedes
the next heading: in the "⚠️ Disclaimer – REST API Not Working in Standard
Config" section update both code fences showing ALLOWED_METHODS to use ```text
(not ```), add an empty line before each opening ```text and after each closing
```text, and insert a blank line before the "## Prerequisites" heading so the
heading is separated from the preceding paragraph/block.
- Line 30: Add a single blank line above the "## Setup" heading in README.md so
the heading "## Setup" is separated by an empty line from the previous content
(fixes MD022); locate the "## Setup" heading and insert one blank line
immediately before it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: daf1c3d1-244c-4535-bb0d-98c7eea7086f

📥 Commits

Reviewing files that changed from the base of the PR and between ab602a3 and 91eb041.

📒 Files selected for processing (1)

• templates/wordpress/README.md

📜 Review details

🧰 Additional context used

📓 Path-based instructions (2)

templates/**/README.md

⚙️ CodeRabbit configuration file

templates/**/README.md: Per-template README files exist to help users import and tune the template:

• State the target upstream service and minimum version validated (for example "Nextcloud 29+"), and call out any prerequisites on the upstream side (trusted proxies, headers, database).
• Document the distribution mode the template is aimed at (UI Raw import — recommended — and/or plugin bundle), mirroring the language in TEMPLATE_GUIDE.md.
• Explain non-obvious BunkerWeb settings defined in template.json, especially any that relax defaults, and say why.
• Provide the validation commands the author actually ran. The canonical NGINX snippet check is nginx -t -c <(printf 'events{} http{ include templates/<name>/configs/<file>.conf; }'); also suggest jq . templates/<name>/template.json for JSON sanity, and docker compose config or kubectl apply --server-dry-run -f only when the README genuinely walks the user through those integrations.
• Use British English, wrap commands in backticks, and keep lines to roughly 100 characters.
• Never include real credentials, real domains, or copy-pasted upstream licence text.

Files:

• templates/wordpress/README.md

**/*.md

⚙️ CodeRabbit configuration file

**/*.md: Documentation should be concise, accurate, and written in British English:

• Keep a sensible heading hierarchy and prefer concrete instructions over narrative.
• Commands go in backticks or fenced code blocks; keep lines under roughly 100 characters.
• Check that referenced paths, settings, workflows, and external links still match the current repository.
• When a PR changes behaviour, defaults, or packaging, require the matching doc update in the same PR.

Files:

• templates/wordpress/README.md

🪛 LanguageTool

templates/wordpress/README.md

[uncategorized] ~34-~34: The official name of this content management system is spelled with a capital “P”.
Context: .... - Plugin bundle: copy the entire wordpress/ directory into your plugin's `templat...

(WORDPRESS)

🪛 markdownlint-cli2 (0.22.0)

templates/wordpress/README.md

[warning] 12-12: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

[warning] 12-12: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 17-17: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

[warning] 17-17: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 21-21: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 26-26: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 30-30: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix markdown formatting in the disclaimer section.

The disclaimer content is accurate and follows the coding guidelines' requirement to document the REST API as disabled by default with explicit default vs. updated examples. However, the markdown formatting needs correction:

1. Fenced code blocks should have a language specifier: Add text after the opening triple backticks (lines 12, 17).
2. Fenced code blocks should be surrounded by blank lines: Add blank lines before line 12 and after lines 14 and 19.
3. Heading should be surrounded by blank lines: Add a blank line before line 21 (Prerequisites heading).

As per coding guidelines, commands and configuration examples should be properly formatted in fenced code blocks.

📝 Proposed fix for markdown formatting

 
 To enable the REST API, add `PUT` and `DELETE` to the `ALLOWED_METHODS` field in your configuration:
 
 **Default (REST API disabled):**
+
-```
+```text
 "ALLOWED_METHODS": "GET|POST|HEAD|OPTIONS"

Updated (REST API enabled):
+
- +text
"ALLOWED_METHODS": "GET|POST|HEAD|OPTIONS|PUT|DELETE"

+

## Prerequisites

🧰 Tools

🪛 markdownlint-cli2 (0.22.0)

[warning] 12-12: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

[warning] 12-12: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 17-17: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

[warning] 17-17: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@templates/wordpress/README.md` around lines 5 - 20, Fix the README markdown
by adding blank lines around the fenced code blocks and a language specifier,
and ensure a blank line precedes the next heading: in the "⚠️ Disclaimer – REST
API Not Working in Standard Config" section update both code fences showing
ALLOWED_METHODS to use ```text (not ```), add an empty line before each opening
```text and after each closing ```text, and insert a blank line before the "##
Prerequisites" heading so the heading is separated from the preceding
paragraph/block.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add blank line before heading.

The "Files" heading should have a blank line above it per markdown formatting conventions (MD022).

📝 Proposed fix

 - Domain name(s) that will serve the WordPress instance.
+
 ## Files

🧰 Tools

🪛 markdownlint-cli2 (0.22.0)

[warning] 26-26: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@templates/wordpress/README.md` at line 26, Add a single blank line before the
"## Files" heading to satisfy Markdown formatting (MD022); locate the heading
"## Files" in templates/wordpress/README.md and insert one empty line
immediately above it so the heading is separated from the previous content.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add blank line before heading.

The "Setup" heading should have a blank line above it per markdown formatting conventions (MD022).

📝 Proposed fix

 - `configs/modsec/wordpress_false_positives.conf` – ModSecurity CRS tuning for WordPress admin, cron, and XML-RPC traffic.
+
 ## Setup

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	## Setup
	- `configs/modsec/wordpress_false_positives.conf` – ModSecurity CRS tuning for WordPress admin, cron, and XML-RPC traffic.
	## Setup

🧰 Tools

🪛 markdownlint-cli2 (0.22.0)

[warning] 30-30: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@templates/wordpress/README.md` at line 30, Add a single blank line above the
"## Setup" heading in README.md so the heading "## Setup" is separated by an
empty line from the previous content (fixes MD022); locate the "## Setup"
heading and insert one blank line immediately before it.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider using British English spelling.

The heading uses "Customization" (American spelling) rather than "Customisation" (British spelling). As per coding guidelines, documentation should be written in British English.

This is a pre-existing inconsistency rather than something introduced in this PR, but it would be good to align with the coding standards.

🇬🇧 Proposed fix

-## Customization Tips
+## Customisation Tips

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	## Customization Tips
	## Customisation Tips

🧰 Tools

🪛 markdownlint-cli2 (0.22.0)

[warning] 39-39: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@templates/wordpress/README.md` at line 39, The README heading "##
Customization Tips" uses American spelling; update that heading text (the line
containing "## Customization Tips") to British English by changing
"Customization" to "Customisation" so it reads "## Customisation Tips" to comply
with the documentation style guide.