When making copies of a website for development and testing, populating a thorough content and data set is vital for Quality Assurance (QA). The most efficient path typically involves mirroring the entire production site’s database. But this can be problematic: a large site can have tens of thousands of posts (each with many revisions and healthy doses of metadata) and many user accounts.
Those user accounts (and sometimes the site’s content) can contain sensitive data that, if mishandled, can put clients at risk. On top of that, testing, development, and initial imports—often executed on lightweight virtual machines—can be painfully slow when working with very large datasets. Cleaning up imported production data is a must, but has been a tedious, inefficient task.
Enter 10up’s WP Hammer: an open source developer tool that quickly and efficiently reduces—or completely removes—production data and sensitive client information like email addresses and hashed account passwords from a WordPress installation.
Why cleanse this data?
Storing sensitive or private data on local or staging sites is a security risk. These environments rarely carry the same level of protective monitoring as a live production site. A staging site containing production credentials offers an easier (and often overlooked) target for a malicious attack.
Overtly private data—say, personal information within a medical or financial community—may even require scrubbing within an organization, by law, before being passed around for development or testing. While user tables are clear targets, some sites may also store sensitive personal data in content objects; e.g., a custom post type for “Medical Records” with custom fields.
Exposure of private information isn’t the only cause for concern. When working on a new feature, it’s far too easy for a test message or notification to accidentally be sent out to registered users brought over from the production site. It’s best to not keep contact information like email addresses in test environments.
Further, most test environments don’t require all client data—it isn’t a backup of production—just a workable subset. Why store and run complex, taxing queries on 100,000 posts when 100 posts is a sufficient sample set? In some cases, pruning posts to an exact number can even help developers test features like pagination.
How can I set up WP Hammer?
WP Hammer assumes you have basic command line familiarity, as well as a Linux / UNIX based environment (like VVV).
To install WP Hammer, begin by fetching the package and ensuring its built by running the following commands:
git clone https://github.com/10up/wp-hammer.git
Once available, there are several options for installation:
How does WP Hammer work?
WP Hammer adds the
wp hammer command (or, if you prefer to save keystrokes,
wp ha) to the popular WP-CLI (WordPress Command Line Interface) toolkit. With it, you can easy make sitewide changes to your data, but be aware that all database modifications are final. Be sure to backup your database before running any commands.
With these basic WP Hammer commands, you can:
You can also can chain tasks together:
wp ha -f posts.post_author=auto users.user_pass=__user_email__UMINtHeroJEreAGleC users.user_email='[email protected]' posts.post_title=ipsum posts.post_content=markov
The above string results in the following changes:
10up is actively developing WP Hammer, but we’ve also released it on Github for the entire open source community to advance. We encourage you to experiment with the tool, submit issues, and make pull requests.
This content was originally published here.