Knowledgebase

What is Code Freeze?

Code Freeze is a safety feature that prevents the current admin user altering plugins, the theme, or altering code on the server via the Wordpress admin. 

This is the same as any other enterprise software platform, ensuring that only if you have access to the server via FTP can you alter code in the application. 

By restricting access in this way, if a hacker access your account via a stolen password or session - then they cannot alter the code on your site to irreparably break it. This management of code is called an Immutable Filesystem. It's what you will find on the Enterprise level hosts such as Pagely and Wordpress VIP. You will not find it at GoDaddy!

You get the easy maintenance and convenience of updating your plugins right from the dashboard, but without the security risks that unrestricted plugin uploads bring with a compromised admin account.

It’s the best of both worlds.

Code Freeze detects if your site is running in production and ensures that:

  • No new plugins/themes can be installed from the repo.
  • No plugins/themes can be uploaded.
  • No files can be edited.
  • No plugins can be deactivated & themes can’t be switched.

How do I install a new plugin / alter my theme code?

Two ways to install a new plugin or alter your theme code (such as CSS)

  1. To alter your theme, you will need sFTP Access - we can provide this to you or your developer. 
  2. To add a new plugin you will need sFTP Access 

Can I activate a plugin?

Code Freeze does not prevent you from activating plugins, once you have pushed the code up via sFTP 

How do I deactivate a plugin? 

To do this you will need SSH access (this uses the same details as sFTP) and once you are in the site root you can run 

gp wp [domain.com] plugin deactivate [pluginslug] 

For example to deactivate the plugin Akismet on sixfive.io I would run: 

gp wp sixfive.io plugin deactivate akismet

I am used to altering my theme via Appearance > Theme > Editor 

Not any more. This is not safe and considered 'cowboy' coding because all you need to take over the site and potentially server is a Wordpress admin login. These are very easy to come by from session stealing or simply through sharing passwords or poor cyber hygene.

To change code on the site you need sFTP Access in line with good development practices.

What about on staging sites?

Code Freeze is not enabled on your staging sites, this is because these sites are designed for developing on and testing new features and are secured in other ways. 

What does Code Freeze cost?

Code Freeze is immediately available to all direct & hosting Fortress customers at no additional cost.

How do I install the occasional new plugin?

The recommended workflow is using staging sites and the classic workflow of:

  1. Push to staging.
  2. Install plugin(s) and test.
  3. Push to production

If you don’t want to use a staging environment, you can:

  • Install any wp.org plugin using WP-CLI.
  • Upload free and “pro” plugins via sFTP and then activate them via the admin dashboard.
  • Temporarily disable Code Freeze.

I hate this & want to keep cowboy-coding, can I disable Code Freeze?

Yes, Code Freeze is a module in Fortress that is completely independent of all other functionality and it can be disabled, however we do not recommend doing so.

We have seen too many sites have malicious code uploaded to them via wp-admin, and then the pain to clean it up and business disruption. 

If we are to diable Code Freeze for you then you waive the right to our free fix it if it's hacked guarantee. 

 

Was this answer helpful?

0 Users Found This Useful