惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Application and Cybersecurity Blog
Application and Cybersecurity Blog
B
Blog RSS Feed
M
MIT News - Artificial intelligence
爱范儿
爱范儿
V
V2EX
雷峰网
雷峰网
D
Docker
美团技术团队
N
Netflix TechBlog - Medium
C
Cisco Blogs
T
Threatpost
K
Kaspersky official blog
P
Privacy International News Feed
W
WeLiveSecurity
T
Tor Project blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
F
Full Disclosure
Forbes - Security
Forbes - Security
V
Vulnerabilities – Threatpost
I
Intezer
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google Online Security Blog
Google Online Security Blog
The Register - Security
The Register - Security
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
SecWiki News
SecWiki News
Cyberwarzone
Cyberwarzone
Vercel News
Vercel News
罗磊的独立博客
The Hacker News
The Hacker News
腾讯CDC
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 【当耐特】
小众软件
小众软件
Hacker News: Ask HN
Hacker News: Ask HN
P
Proofpoint News Feed
TaoSecurity Blog
TaoSecurity Blog
IT之家
IT之家
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
Security Affairs
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
WordPress staging environments: the 15-minute setup that prevents client emergencies
devautomatio · 2026-05-21 · via DEV Community

Every WordPress emergency I've seen in the last five years had the same root cause: someone tested an update on production.

A staging environment eliminates this. If it breaks on staging, you fix it on staging. Nothing reaches the client's live site until it's verified. Here's how I set one up in 15 minutes.


Why staging isn't optional for client sites

"It worked on my machine" is a joke. "It worked on the live site yesterday" is a client emergency.

The risks of updating production directly:

  • Plugin update breaks the theme -- client's site is down during business hours
  • WooCommerce update changes checkout behavior -- orders fail, client loses revenue
  • PHP version bump reveals a deprecated function -- white screen on every page
  • Theme update wipes custom CSS -- site looks wrong until you remember what you changed

A staging environment catches all of these before they matter.


Option 1: Staging via hosting panel (easiest)

Most quality hosts (SiteGround, Kinsta, WP Engine, Cloudways) have one-click staging built in.

SiteGround: Site Tools -> WordPress -> Staging -> Create Staging Copy
Kinsta: MyKinsta -> Site -> Environments -> Add Environment
WP Engine: User Portal -> Sites -> Staging -> Copy to Staging

What this does: creates a full copy of the site (files + database) at a subdomain (usually staging.clientdomain.com or clientdomain.wpengine.com). Changes stay isolated until you push to live.

After testing updates:

  1. Test on staging: update plugins, verify site works
  2. Push to live: one-click merge from staging to production
  3. Verify on production: check key pages, checkout, contact forms

Time for the whole flow: 20-30 minutes. Time for a manual plugin update without staging: 5 minutes. Time to fix a broken production site without staging: 2-6 hours.


Option 2: Local by Flywheel (free, for local testing)

Local (getlocal.io) runs a full WordPress environment on your machine. Free, works offline, fast.

1. Download Local from localwp.com
2. Create new site -> WordPress
3. Click "Pull from host" (connects to WP Engine, Kinsta, etc.)
   Or use WP-CLI to import manually

Enter fullscreen mode Exit fullscreen mode

For clients on shared hosting without staging: this is the fallback. Pull the site locally, test, push changes manually.

Limitation: you can't test live payment processing locally. Use Option 1 for WooCommerce sites.


Option 3: WP-CLI staging on a VPS (most control)

If you have a VPS or the client's server has enough space:

#!/bin/bash
LIVE_PATH="/var/www/html/production"
STAGING_PATH="/var/www/html/staging"
STAGING_DOMAIN="staging.clientdomain.com"

# Copy files
cp -r $LIVE_PATH $STAGING_PATH

# Export live database
wp --path=$LIVE_PATH --allow-root db export /tmp/live_backup.sql

# Import to staging database (must create DB first)
mysql -u root -p staging_db < /tmp/live_backup.sql

# Update staging URLs in database
wp --path=$STAGING_PATH --allow-root search-replace "clientdomain.com" "$STAGING_DOMAIN"

# Update wp-config.php for staging database
sed -i "s/production_db/staging_db/" $STAGING_PATH/wp-config.php

Enter fullscreen mode Exit fullscreen mode

Then set up the staging subdomain in nginx/Apache. The staging site is fully isolated.


The staging workflow for monthly maintenance

This is how I handle updates for every client:

1. Create/refresh staging copy (hosting panel, 2 min)
2. Run all updates on staging (WP-CLI or dashboard)
3. Quick verification: homepage, key pages, checkout, contact form
4. If all good: merge to production (1 click)
5. Post-production check: same 4-5 pages

Enter fullscreen mode Exit fullscreen mode

With this workflow, the "update broke the site" emergency essentially doesn't happen. I've been doing this for 3 years across 15+ client sites.


What to test on staging before going live

Minimum verification checklist:

  • [ ] Homepage loads
  • [ ] Main navigation works
  • [ ] A key interior page (About, Services, etc.) loads correctly
  • [ ] Contact form submits (check that email arrives)
  • [ ] Login/logout works
  • [ ] For WooCommerce: add to cart, checkout, payment gateway (test mode)
  • [ ] Admin dashboard accessible
  • [ ] No PHP errors or warnings visible (check debug.log)

This takes 5-10 minutes. It's the difference between a routine update and an emergency call.


Client communication about staging

I include staging in my service agreements. Clients sometimes push for "just update it live, it'll be fine" -- especially for minor updates.

My response: "Updates on production cost me nothing extra to do safely. If something breaks, it costs both of us time to fix. Staging takes 10 minutes; cleanup takes hours. I always test first."

Some clients explicitly want to see the staging site before changes go live. I send them the staging URL and a list of what to check. It turns a potential complaint ("why did the button color change?") into a pre-approved change.


Automating the staging refresh

For sites I update monthly, I automate the staging refresh with a script that runs before the update window:

#!/bin/bash
# Run before monthly maintenance window
LIVE="clientdomain.com"
STAGING="staging.clientdomain.com"

# Refresh staging (Kinsta API - other hosts have similar)
curl -X POST "https://api.kinsta.com/v2/sites/$SITE_ID/environments/$STAGING_ENV_ID/clone-from/$LIVE_ENV_ID" \
  -H "Authorization: Bearer $KINSTA_TOKEN"

echo "Staging refreshed. Ready for updates."

Enter fullscreen mode Exit fullscreen mode

This ensures staging always reflects the current production state, not a 3-month-old copy.


Why most freelancers skip staging (and why that's the wrong call)

"It takes too long." -- 15 minutes to set up. 5 minutes per update cycle after that.

"The client is on shared hosting with no staging." -- Use Local by Flywheel or ask the client to upgrade to a plan with staging (and explain why).

"It's just a minor update." -- Plugin conflicts and WooCommerce breaking changes have happened on "minor" updates. The risk profile doesn't match your definition of minor.

The real cost of skipping staging isn't the 10 minutes you saved. It's the 6 hours you spend on an emergency fix, the client relationship damage, and the stress.


The monthly maintenance automation bundle includes pre-update backup scripts that work as a lightweight staging safety net:
WordPress Agency Automation Bundle

Service agreement template that includes staging workflow documentation:
WordPress Agency Starter Kit


Related articles

All paid tools: devautomation.gumroad.com


What staging setup do you use for client sites -- hosting-provided, Local, or something else?