Project-Pro/krolewskie-miody.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add .paul/codebase/ codebase map (7 documents)

Browse Source 
Stack, architecture, conventions, testing, integrations, db_schema, concerns.
Generated by PAUL /map-codebase workflow from codebase analysis.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacek Pyziak
2026-04-28 21:40:11 +02:00
parent a95acc355b
commit 78d5743c12
7 changed files with 758 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
.paul/codebase/architecture.md Normal file
View File

@@ -0,0 +1,142 @@
# Architecture — krolewskie-miody.pl
## Repository Structure
Only `wp-content/` and WordPress root files are tracked in Git.
`wp-includes/` and `wp-admin/` core directories are present but represent standard WordPress core.
```
krolewskie-miody.pl/
├── wp-config.php # DB config + constants
├── .htaccess # Rewrites, max_input_vars=10000
├── index.php # WP entry point
├── wp-blog-header.php # WP bootstrap
├── wp-content/
│ ├── themes/
│ │ ├── betheme/ # Active theme (parent, no child)
│ │ ├── twentytwentyfive/
│ │ ├── twentytwentyfour/
│ │ └── twentytwentythree/
│ └── plugins/ # 76 plugins
├── .paul/ # PAUL project management
├── .serena/ # Serena AI tooling
├── .vscode/ # VS Code + FTP config
└── CLAUDE.md # AI assistant instructions
```
## Theme Architecture: BeTheme (betheme/)
```
betheme/
├── functions.php # Theme bootstrap (defines MFN_THEME_VERSION)
├── style.css # Theme header metadata only
├── woocommerce.php # WooCommerce template root
├── header.php / header-shop.php # Header templates
├── footer.php # Footer template (19KB)
├── style.php / style-colors.php # Dynamic PHP-generated CSS
├── functions/ # Core theme PHP logic
│ ├── theme-functions.php # 119KB — main hooks & functions
│ ├── theme-head.php # 79KB — HEAD/frontend logic
│ ├── theme-woocommerce.php # 72KB — WooCommerce customization (1,752 lines)
│ ├── theme-shortcodes.php # 405KB / 13,793 lines — visual builder shortcodes
│ ├── theme-hooks.php # Hook definitions
│ ├── theme-menu.php # Menu handling (350 lines)
│ ├── admin/ # Admin-side classes
│ ├── builder/ # Visual builder (class-mfn-builder*.php)
│ ├── modules/ # Dynamic data module
│ ├── plugins/
│ │ ├── visual-composer.php # 81KB VC integration
│ │ └── elementor/ # Elementor support
│ ├── post-types/ # Custom post type classes
│ └── widgets/ # Theme widgets
├── woocommerce/ # 27 WooCommerce template overrides
│ ├── archive-product.php
│ ├── content-product.php
│ ├── content-single-product.php
│ ├── cart/ (5 files)
│ ├── checkout/form-checkout.php
│ ├── single-product/ (6+ files)
│ ├── loop/ (4 files)
│ ├── myaccount/downloads.php
│ └── notices/ (2 files)
├── muffin-options/
│ └── theme-options.php # 337KB master options panel
├── visual-builder/ # Muffin's visual page builder
├── css/ # Pre-compiled stylesheets
├── js/ # Pre-compiled JavaScript
├── includes/ # Template partials
├── templates/ # Page templates
├── languages/ # Translations
└── wpml/wpml-config.xml # WPML multilingual config
```
## Class Architecture (BeTheme)
BeTheme uses a class-per-feature pattern with `mfn_` prefix on all functions:
**Admin classes** (`functions/admin/`):
- `class-mfn-api.php`, `class-mfn-dashboard.php`, `class-mfn-helper.php`
- `class-mfn-update.php`, `class-mfn-plugins.php`, `class-mfn-setup.php`
**Builder classes** (`functions/builder/`):
- `class-mfn-builder.php` — main builder
- `class-mfn-builder-fields.php` — 2.4MB field definitions
- `class-mfn-builder-admin.php` — 154KB
- `class-mfn-builder-front.php` — 136KB
- `class-mfn-builder-woo-helper.php` — WooCommerce builder integration
**Post type classes** (`functions/post-types/`):
- `class-mfn-post-type-page.php`, `class-mfn-post-type-product.php`
- `class-mfn-post-type-template.php` — 84KB
- 10+ additional post type classes
**Elementor widget classes** (`functions/plugins/elementor/`):
- `class-mfn-elementor.php` + 80+ widget classes
## WordPress Request Flow
```
HTTP Request
→ index.php (defines WP_USE_THEMES = true)
→ wp-blog-header.php
→ wp-load.php → wp-config.php (DB + constants)
→ wp-settings.php (load plugins + theme)
→ betheme/functions.php (theme init: MFN_THEME_VERSION = 27.6.4)
→ Loads theme-options.php, theme-functions.php, theme-head.php
→ WordPress template hierarchy selects template file
→ WooCommerce hooks modify product/cart/checkout rendering
```
## WooCommerce Integration Points
1. **Theme support declared** in `theme-woocommerce.php`:
- `wc-product-gallery-zoom`, `wc-product-gallery-lightbox`, `wc-product-gallery-slider`
- Custom image sizes for thumbnails and single product
2. **Hooks removed** (theme replaces defaults):
- `woocommerce_before_main_content` wrappers, breadcrumb, sidebar, sale flash, product thumbnail
3. **Hooks added** (theme enhancements):
- Quantity buttons, wishlist button, excerpt in loop, cart fragment AJAX
4. **Template overrides** (`betheme/woocommerce/`):
- 27 files override WooCommerce default templates
## Custom Code Locations
| Location | Purpose |
|----------|---------|
| `betheme/functions/theme-woocommerce.php` | WooCommerce hooks & filters |
| `betheme/functions/theme-functions.php` | Theme hooks, helpers, shortcodes |
| `betheme/woocommerce/` | WooCommerce template overrides |
| `code-snippets` plugin | DB-stored PHP snippets (admin-managed) |
| `head-footer-code` plugin | Header/footer injection |
| `wp-headers-and-footers` plugin | Global header/footer scripts |
## Database
- **Engine:** MariaDB at `mariadb114.miody.nazwa.pl`
- **Database:** `miody_miodynew`
- **Table prefix:** `wp_` (default — not hardened)
- **Custom tables:** None confirmed outside standard WordPress/WooCommerce tables
- **Schema doc:** `.paul/codebase/db_schema.md`

165
.paul/codebase/concerns.md Normal file
View File

@@ -0,0 +1,165 @@
# Concerns — krolewskie-miody.pl
## CRITICAL (Immediate Action Required)
### C1 — Credentials Exposed in Version Control
- **wp-config.php** contains live database credentials committed to Git
- **.vscode/ftp-kr.json** contains live FTP credentials committed to Git
- **wp-config.php** line 3: `RSSSL_KEY` (Really Simple SSL API key) committed
- **Action:** Rotate all credentials immediately. Add `.gitignore`. Remove from Git history (`git filter-branch` or `git filter-repo`).
### C2 — No .gitignore
- Entire WordPress installation tracked in Git with no exclusions
- Sensitive files: `wp-config.php`, `.vscode/ftp-kr.json`
- Large vendor code: all 76 plugin directories, all theme files
- **Action:** Create `.gitignore` excluding at minimum: `wp-config.php`, `.vscode/ftp-kr.json`, `/wp-content/uploads/`, `/wp-content/plugins/*/` (third-party), WordPress core dirs
### C3 — FTP Instead of SFTP
- `.vscode/ftp-kr.json` uses plain FTP (port 21) — credentials and file contents transmitted unencrypted
- **Action:** Switch to SFTP in deploy config
---
## HIGH (Address Soon)
### H1 — No Child Theme
- All customizations are in the BeTheme parent theme directly
- Any BeTheme update will overwrite custom code in `functions/`, WooCommerce overrides, etc.
- Violates CLAUDE.md rule: *"Customizations only in child theme or dedicated plugin"*
- **Files at risk:** `betheme/functions/theme-woocommerce.php`, `betheme/woocommerce/` (27 templates)
- **Action:** Create a child theme; migrate project-specific hooks and template overrides
### H2 — Duplicate SEO Plugins (2 full suites active)
- Yoast SEO + Yoast SEO Premium
- All in One SEO + AIOSEO Pro (same plugin, free + paid simultaneously)
- Plus: broken-link-checker-seo, buffor-seo, aioseo-index-now
- **Impact:** Conflicting meta tag output, duplicate sitemap generation, DB bloat
- **Action:** Pick one suite (Yoast recommended as it's newer and at v27.4). Deactivate and delete AIOSEO free/pro
### H3 — Duplicate Analytics Plugins (7 implementations)
- `ga-google-analytics`, `google-analytics-for-wordpress`, `google-analytics-premium`, `google-site-kit`, `woo-ecommerce-tracking-for-google-and-facebook`, `pixelyoursite`, and GTM plugin
- **Impact:** GA4 events firing multiple times, inflated conversion data, page speed degradation
- **Action:** Consolidate to Google Site Kit (official) + GTM for custom events. Remove legacy GA plugins
### H4 — Duplicate Cookie Consent Plugins
- `complianz-gdpr` (primary, comprehensive)
- `cookie-notice` (separate plugin)
- `wpconsent-cookies-banner-privacy-suite` (third plugin)
- **Impact:** Multiple consent banners shown, conflicting consent state, GDPR compliance uncertainty
- **Action:** Keep Complianz only; deactivate and remove cookie-notice and wpconsent
### H5 — Duplicate SMTP Plugins
- `easy-wp-smtp` (primary, configured)
- `wp-mail-smtp` (secondary)
- **Impact:** Email delivery conflicts, double configuration
- **Action:** Deactivate and remove wp-mail-smtp
### H6 — Duplicate Coupon Plugins (free + pro simultaneously)
- `flexible-coupons` (free v1.14.4)
- `flexible-coupons-pro` (pro v2.5.3)
- **Impact:** Plugin conflicts — pro version should replace free
- **Action:** Deactivate and delete flexible-coupons free; keep pro only
### H7 — SQL Injection Risk in Builder Queries
- **File:** `wp-content/themes/betheme/functions/builder/` — 82+ `$wpdb->query()` / `$wpdb->get_results()` calls
- Some queries use direct variable interpolation without `$wpdb->prepare()`:
```php
$wpdb->get_results("... and m.meta_value IN ( '{$type}' )");
```
- **Impact:** SQL injection if `$type` is user-controlled
- **Action:** Audit all `$wpdb` calls in builder files; wrap dynamic values in `$wpdb->prepare()`
### H8 — Duplicator Installer Files Present
- `wp-content/plugins/duplicator/installer/` contains active installer scripts
- Known security risk — Duplicator installers have been exploited historically
- `.htaccess` protections are in place but installer framework is accessible
- **Action:** Delete installer directory after backups are complete
### H9 — No Caching Layer
- 76 plugins with zero caching plugin installed
- Shared hosting (Nazwa.pl) without built-in object cache
- **Impact:** Every page request hits database with full plugin stack
- **Action:** Install LiteSpeed Cache (if host supports LiteSpeed) or WP Super Cache
---
## MEDIUM (Plan to Address)
### M1 — Security Constants Missing from wp-config.php
- `DISALLOW_FILE_EDIT` not set — theme/plugin editor accessible in WP admin
- `FORCE_SSL_ADMIN` not set — admin login may occur over HTTP
- `WP_MEMORY_LIMIT` not set — using PHP default
- **Action:** Add to wp-config.php:
```php
define('DISALLOW_FILE_EDIT', true);
define('FORCE_SSL_ADMIN', true);
define('WP_MEMORY_LIMIT', '256M');
```
### M2 — Default Table Prefix
- Tables use `wp_` prefix — slightly easier for automated attacks to target
- Changing after installation requires DB migration
- **Action:** Note for future migration during next major maintenance
### M3 — xmlrpc.php Present
- `xmlrpc.php` is a common brute-force and DDoS vector
- Not needed if no XML-RPC integrations are active
- **Action:** Block via .htaccess or disable via plugin if not used
### M4 — No Code Quality Tooling
- No `.phpcs.xml`, no ESLint, no PHPStan
- No pre-commit hooks enforcing standards
- **Action:** Add PHPCS with WordPress ruleset; configure in CI
### M5 — Plugin Count (76 plugins)
- Industry best practice: under 20-25 plugins for performance
- 76 plugins = significant memory and execution time overhead
- Audit has identified at least 10-15 redundant plugins (see H1-H6)
- **Action:** After deduplication, target 50-55 active plugins
### M6 — No Automated Tests
- No PHPUnit, no CI/CD pipeline
- Custom WooCommerce hooks and checkout modifications untested
- See `testing.md` for setup recommendations
---
## LOW (Nice to Have)
### L1 — Code Snippets Plugin on Production
- `code-snippets` stores PHP in the database — not version-controlled
- Snippets invisible in Git history; changes untracked
- **Action:** Migrate any production snippets to a custom plugin or child theme functions
### L2 — Multiple Form Plugins
- `contact-form-7` and `wpforms-lite` both installed
- **Action:** Pick one and remove the other
### L3 — Duplicate Popup Plugins
- `optinmonster` and `popup-maker` both installed
- **Action:** Consolidate to one popup solution
---
## Summary Matrix
| ID | Severity | Issue | Effort |
|----|----------|-------|--------|
| C1 | CRITICAL | Credentials in Git | Low (rotate + gitignore) |
| C2 | CRITICAL | No .gitignore | Low |
| C3 | CRITICAL | FTP unencrypted | Low |
| H1 | HIGH | No child theme | High |
| H2 | HIGH | Duplicate SEO plugins | Low |
| H3 | HIGH | Duplicate analytics (7x) | Low |
| H4 | HIGH | Duplicate cookie consent | Low |
| H5 | HIGH | Duplicate SMTP | Low |
| H6 | HIGH | Duplicate coupon plugins | Low |
| H7 | HIGH | SQL injection in builder | Medium |
| H8 | HIGH | Duplicator installer exposed | Low |
| H9 | HIGH | No caching | Low |
| M1 | MEDIUM | Security constants missing | Low |
| M2 | MEDIUM | Default table prefix | High |
| M3 | MEDIUM | xmlrpc.php active | Low |
| M4 | MEDIUM | No code quality tooling | Medium |
| M5 | MEDIUM | 76 plugins | Medium |
| M6 | MEDIUM | No automated tests | High |

94
.paul/codebase/conventions.md Normal file
View File

@@ -0,0 +1,94 @@
# Conventions — krolewskie-miody.pl
## PHP Conventions (CLAUDE.md)
- **Standard:** PSR-12 formatting
- **Classes:** PascalCase — e.g. `MfnDynamicData`, `class-mfn-builder.php`
- **Methods/Functions:** snake_case — e.g. `mfn_woocommerce_product_reviews_tab_title()`
- **Database variables:** snake_case
- **Theme function prefix:** `mfn_` for all BeTheme functions
- **Max nesting depth:** 3 levels — extract deeper logic to named methods
- **Comments:** Only when explaining *why*, never *what*
- **Customizations:** Child theme or dedicated plugin only — never in WordPress core or parent theme directly
## File Naming
- Plugin/theme files: kebab-case — `class-mfn-builder.php`
- Class files: prefixed with `class-``class-mfn-dynamic-data.php`
## WordPress Hook Usage
Hooks registered in `wp-content/themes/betheme/functions/`:
**Core hooks used:**
- `after_setup_theme` — theme init
- `init` — WP initialization
- `wp_enqueue_scripts` — script/style loading
- `pre_get_posts` — query modification
- `admin_menu` — admin customization
**Custom theme hooks (mfn_):**
- `mfn_before_content` / `mfn_after_content`
- `mfn_before_shop_content` / `mfn_after_shop_content`
- `mfn_hook_bottom`
## WooCommerce Hook Pattern
See `wp-content/themes/betheme/functions/theme-woocommerce.php`.
**Remove defaults, then add custom:**
```php
// Remove WooCommerce defaults
remove_action('woocommerce_before_main_content', 'woocommerce_output_content_wrapper', 10);
remove_action('woocommerce_sidebar', 'woocommerce_get_sidebar', 10);
// Add theme equivalents
add_action('woocommerce_before_quantity_input_field', 'mfn_woocommerce_before_quantity_input_field');
add_action('woocommerce_after_add_to_cart_button', 'mfn_append_wishlist_button');
add_filter('loop_shop_columns', 'mfn_woo_loop_shop_columns', 20);
add_filter('woocommerce_add_to_cart_fragments', 'woocommerce_header_add_to_cart_fragment');
```
## CSS / JS Conventions
- **No build tooling** — no SASS, Webpack, or Gulp
- CSS and JS are pre-compiled and committed directly
- Main files: `betheme/css/be.css`, `betheme/js/scripts.js`
- Both minified and unminified versions maintained
- Custom CSS should go in child theme `style.css` (once child theme is created)
## Configuration Constants (wp-config.php)
Currently defined:
```php
define('RSSSL_KEY', '...'); // Really Simple SSL API key
define('WP_DEBUG', false); // Production mode
```
**Not yet defined (recommended):**
```php
define('DISALLOW_FILE_EDIT', true);
define('FORCE_SSL_ADMIN', true);
define('WP_MEMORY_LIMIT', '256M');
```
## Database Conventions
- Schema documented in `.paul/codebase/db_schema.md`
- Every schema change requires a new migration — never modify existing ones
- Use `$wpdb->prepare()` for all dynamic queries
- Table prefix: `wp_` (default)
## Version Control
- **Remote:** `https://git.project-pro.pl/Project-Pro/krolewskie-miody.pl.git`
- **Branch:** `main`
- **No `.gitignore`** — currently all files tracked (security risk; see concerns.md)
- Excluded from FTP deploy: `.git`, `.vscode`, `.paul`, `.serena`, `CLAUDE.md`
## Code Quality Tools
None configured. Recommended additions:
- `.phpcs.xml` — PHP CodeSniffer with WordPress/PSR-12 ruleset
- `phpstan.neon` — Static analysis
- `.eslintrc` — JavaScript linting

82
.paul/codebase/db_schema.md Normal file
View File

@@ -0,0 +1,82 @@
# Database Schema — krolewskie-miody.pl
## Connection
- **Engine:** MariaDB
- **Host:** `mariadb114.miody.nazwa.pl`
- **Database:** `miody_miodynew`
- **Table prefix:** `wp_` (default WordPress prefix)
- **Charset:** `utf8mb4`
## Standard WordPress Tables
| Table | Purpose |
|-------|---------|
| `wp_posts` | All content (pages, products, orders, templates) |
| `wp_postmeta` | Post metadata (product price, order items, etc.) |
| `wp_terms` | Taxonomy terms (categories, tags, product attributes) |
| `wp_term_taxonomy` | Term-taxonomy relationships |
| `wp_term_relationships` | Object-term relationships |
| `wp_options` | Site configuration, plugin settings |
| `wp_users` | Customer and admin accounts |
| `wp_usermeta` | User metadata (shipping address, billing, roles) |
| `wp_comments` | Product reviews, order notes |
| `wp_commentmeta` | Comment metadata |
| `wp_links` | Blogroll (legacy, rarely used) |
## WooCommerce Tables
| Table | Purpose |
|-------|---------|
| `wp_woocommerce_sessions` | Cart sessions |
| `wp_woocommerce_api_keys` | REST API authentication |
| `wp_woocommerce_attribute_taxonomies` | Product attribute definitions |
| `wp_woocommerce_downloadable_product_permissions` | Digital product access |
| `wp_woocommerce_order_items` | Line items per order |
| `wp_woocommerce_order_itemmeta` | Metadata for order items |
| `wp_woocommerce_tax_rates` | Tax rate definitions |
| `wp_woocommerce_tax_rate_locations` | Tax rate geographic zones |
| `wp_woocommerce_shipping_zones` | Shipping zone definitions |
| `wp_woocommerce_shipping_zone_locations` | Zone geographic areas |
| `wp_woocommerce_shipping_zone_methods` | Methods per zone |
| `wp_woocommerce_payment_tokens` | Saved payment methods |
| `wp_woocommerce_payment_tokenmeta` | Payment token metadata |
| `wp_woocommerce_log` | WooCommerce action log |
## Plugin Tables (selected)
| Table | Plugin | Purpose |
|-------|--------|---------|
| `wp_code_snippets` | Code Snippets | Custom PHP snippet storage |
| `wp_complianz_*` | Complianz GDPR | Cookie consent records |
| `wp_wfpk_*` or similar | PixelYourSite | Tracking pixel config |
## Key Relationships
### Products
- `wp_posts` (post_type = 'product' or 'product_variation')
- `wp_postmeta``_price`, `_regular_price`, `_sale_price`, `_sku`, `_stock`
- `wp_term_relationships``wp_terms` (product categories, tags, attributes)
### Orders
- `wp_posts` (post_type = 'shop_order')
- `wp_postmeta``_billing_*`, `_shipping_*`, `_order_total`, `_payment_method`
- `wp_woocommerce_order_items` + `wp_woocommerce_order_itemmeta`
### Customers
- `wp_users` — account
- `wp_usermeta``billing_address_1`, `shipping_city`, etc.
## Migration Rules
Per CLAUDE.md:
1. Schema changes require a new migration file
2. Never modify existing migrations
3. Document all custom schema changes in this file
## Custom Schema Changes
*No custom tables or schema changes recorded yet.*
---
*Update this file whenever schema changes are made.*

117
.paul/codebase/integrations.md Normal file
View File

@@ -0,0 +1,117 @@
# Integrations — krolewskie-miody.pl
## Payment Gateways
| Integration | Plugin | Version | Notes |
|-------------|--------|---------|-------|
| Przelewy24 | woocommerce-gateway-przelewy24 | 4.1.16 | Polish market primary |
| PayU | woo-payu-payment-gateway | 2.10.1 | Polish market secondary |
| PayPal | woocommerce-paypal-payments | 4.0.3 | International |
| WooCommerce Payments | woocommerce-payments | 10.7.1 | WordPress.com |
| InPost Pay | inpost-pay | 2.0.7 | Linked to InPost shipping |
## Shipping & Logistics
| Integration | Plugin | Version | Notes |
|-------------|--------|---------|-------|
| InPost Paczkomaty | woocommerce-paczkomaty-inpost | 4.6.30 | Parcel lockers (paczkomaty) |
| InPost for WooCommerce | inpost-for-woocommerce | — | Courier + locker |
| InPost Map | ws-inpost-map | 1.0.0 | Interactive locker map widget |
| PolKurier | woocommerce-polkurier | — | Polish courier network |
| WooCommerce Services | woocommerce-services | 3.6.1 | Shipping labels + tax |
## Analytics & Tracking
| Integration | Plugin | Version | Notes |
|-------------|--------|---------|-------|
| Google Tag Manager | duracelltomi-google-tag-manager | 1.22.3 | GTM container injection |
| Google Site Kit | google-site-kit | 1.177.0 | GA4 + GSC + PageSpeed |
| MonsterInsights | google-analytics-for-wordpress | — | GA dashboard in WP admin |
| MonsterInsights Premium | google-analytics-premium | 10.1.3 | Advanced GA features |
| GA4 snippet | ga-google-analytics | 20260421 | Simple GA snippet (legacy) |
| PixelYourSite | pixelyoursite | 11.2.0.4 | Multi-pixel management |
| Meta Pixel | official-facebook-pixel | 5.0.1 | Facebook/Instagram tracking |
| Meta for WooCommerce | facebook-for-woocommerce | 3.6.3 | Product catalog + pixel |
| TikTok for Business | tiktok-for-business | — | TikTok pixel + catalog |
| WC Google & Facebook tracking | woo-ecommerce-tracking-for-google-and-facebook | — | Enhanced e-commerce events |
**Warning:** Significant tracking duplication — 4+ Google Analytics implementations. Review needed.
## SEO
| Integration | Plugin | Version | Notes |
|-------------|--------|---------|-------|
| Yoast SEO | wordpress-seo | 27.4 | Primary SEO |
| Yoast SEO Premium | wordpress-seo-premium | — | Premium features |
| AIOSEO | all-in-one-seo-pack | 4.9.6.2 | Duplicate — should remove |
| AIOSEO Pro | all-in-one-seo-pack-pro | 4.9.6.2 | Duplicate — should remove |
| AIOSEO IndexNow | aioseo-index-now | 1.0.13 | Instant indexing |
| Broken Link Checker | broken-link-checker-seo | 1.2.10 | SEO link audit |
| Google Listings & Ads | google-listings-and-ads | 3.6.1 | Google Shopping / Merchant |
| Buffor SEO | buffor-seo | — | Social media scheduling |
**Warning:** Both Yoast and AIOSEO active simultaneously — meta tag conflicts likely.
## Email / SMTP
| Integration | Plugin | Notes |
|-------------|--------|-------|
| Easy WP SMTP | easy-wp-smtp 2.14.0 | Primary — configured |
| WP Mail SMTP | wp-mail-smtp | Secondary — potential conflict |
## Reviews & Ratings
| Integration | Plugin | Version |
|-------------|--------|---------|
| eKomi | ekomi | 3.4.0 |
| Google Reviews | wp-reviews-plugin-for-google | 13.2.9 |
| Facebook Reviews | free-facebook-reviews-and-recommendations-widgets | 13.2.9 |
## Product Feeds (Polish Marketplaces)
| Integration | Plugin | Notes |
|-------------|--------|-------|
| Ceneo.pl | woocommerce-ceneo-official | Polish price comparison |
| WebAppick Feed | webappick-product-feed-for-woocommerce | Multi-platform (Google, Facebook, etc.) |
| WP Product Feed Manager | wp-product-feed-manager | Additional feed management |
## Security & Compliance
| Integration | Plugin | Version | Notes |
|-------------|--------|---------|-------|
| Really Simple SSL | really-simple-ssl | 9.5.9 | SSL + 2FA + hardening |
| Complianz GDPR | complianz-gdpr | 7.4.5 | Cookie consent (primary) |
| Complianz T&C | complianz-terms-conditions | — | Legal document generator |
| Cookie Notice | cookie-notice | 3.0.2 | Cookie banner (potential duplicate) |
| WPConsent | wpconsent-cookies-banner-privacy-suite | — | Privacy suite (potential duplicate) |
| Cloudflare Turnstile | simple-cloudflare-turnstile | 1.39.0 | Bot protection / CAPTCHA |
**Warning:** 3 cookie/consent plugins active simultaneously.
## Marketing & Automation
| Integration | Plugin | Version |
|-------------|--------|---------|
| ShopMagic | shopmagic-for-woocommerce | — | WooCommerce email automation |
| Uncanny Automator | uncanny-automator | 7.1.0.1 | No-code automation |
| OptinMonster | optinmonster | 2.16.22 | Lead capture / popups |
| Popup Maker | popup-maker | 1.22.0 | Popup builder |
## Checkout & Cart
| Integration | Plugin | Version |
|-------------|--------|---------|
| Flexible Checkout Fields | flexible-checkout-fields | 4.1.36 | Custom checkout fields |
| WC Checkout Field Editor Pro | woo-checkout-field-editor-pro | 2.1.8 | Checkout customization |
| WC Checkout Manager | woocommerce-checkout-manager | 7.8.9 | Checkout manager |
| Flexible Coupons | flexible-coupons | 1.14.4 | Advanced coupons |
| Flexible Coupons Pro | flexible-coupons-pro | 2.5.3 | Pro coupons (conflicts with free) |
| WC Auto-Added Coupons | woocommerce-auto-added-coupons | 3.4.2 | Auto-apply coupons |
| WC Active Payments | woocommerce-active-payments | 3.9.18 | Payment method manager |
## Hosting
- **Provider:** Nazwa.pl (Polish hosting)
- **FTP host:** `ftp.miody.nazwa.pl`
- **Database host:** `mariadb114.miody.nazwa.pl`
- **Git remote:** `https://git.project-pro.pl/Project-Pro/krolewskie-miody.pl.git`

104
.paul/codebase/stack.md Normal file
View File

@@ -0,0 +1,104 @@
# Stack — krolewskie-miody.pl
## Core Platform
| Layer | Technology | Version |
|-------|-----------|---------|
| CMS | WordPress | Check `wp-includes/version.php` |
| E-commerce | WooCommerce | 10.7.0 |
| Theme | BeTheme (Muffin Group) | 27.6.4 |
| Language | PHP | 7.4+ (WooCommerce requirement) |
| Database | MariaDB | mariadb114.miody.nazwa.pl |
| Hosting | Nazwa.pl (shared hosting) | FTP deploy |
## Theme
- **Parent theme:** `wp-content/themes/betheme/` — BeTheme v27.6.4 by Muffin Group
- **Child theme:** None — customizations live directly in parent theme (violation of CLAUDE.md; see concerns.md)
- **Visual builder:** Muffin's proprietary builder (`wp-content/themes/betheme/visual-builder/`)
- **WooCommerce overrides:** 27 template files in `wp-content/themes/betheme/woocommerce/`
## Payment Gateways
| Plugin | Version | Provider |
|--------|---------|----------|
| woocommerce-gateway-przelewy24 | 4.1.16 | Przelewy24 (P24) — Polish |
| woo-payu-payment-gateway | 2.10.1 | PayU — Polish |
| woocommerce-paypal-payments | 4.0.3 | PayPal |
| woocommerce-payments | 10.7.1 | WordPress.com Payments |
| inpost-pay | 2.0.7 | InPost Pay |
## Shipping
| Plugin | Version | Provider |
|--------|---------|----------|
| woocommerce-paczkomaty-inpost | 4.6.30 | InPost Paczkomaty (lockers) |
| inpost-for-woocommerce | — | InPost |
| ws-inpost-map | 1.0.0 | InPost map widget |
| woocommerce-polkurier | — | PolKurier courier |
| woocommerce-services | 3.6.1 | WooCommerce Services (tax/shipping) |
## Analytics & Tracking
| Plugin | Version | Purpose |
|--------|---------|---------|
| google-site-kit | 1.177.0 | GA4 + GSC + PageSpeed |
| duracelltomi-google-tag-manager | 1.22.3 | GTM container |
| pixelyoursite | 11.2.0.4 | Multi-pixel manager |
| official-facebook-pixel | 5.0.1 | Meta Pixel |
| facebook-for-woocommerce | 3.6.3 | Meta Catalog + Pixel |
| tiktok-for-business | — | TikTok Pixel |
| woo-ecommerce-tracking-for-google-and-facebook | — | Dual tracking |
| ga-google-analytics | 20260421 | GA snippet injection |
| google-analytics-for-wordpress | — | MonsterInsights |
| google-analytics-premium | 10.1.3 | MonsterInsights Premium |
## SEO
| Plugin | Version |
|--------|---------|
| wordpress-seo (Yoast) | 27.4 |
| wordpress-seo-premium | — |
| all-in-one-seo-pack | 4.9.6.2 |
| all-in-one-seo-pack-pro | 4.9.6.2 |
| aioseo-index-now | 1.0.13 |
| broken-link-checker-seo | 1.2.10 |
| buffor-seo | — |
| google-listings-and-ads | 3.6.1 |
## GDPR / Compliance
| Plugin | Version |
|--------|---------|
| complianz-gdpr | 7.4.5 |
| complianz-terms-conditions | — |
| cookie-notice | 3.0.2 |
| wpconsent-cookies-banner-privacy-suite | — |
| really-simple-ssl | 9.5.9 |
| simple-cloudflare-turnstile | 1.39.0 |
## Email
| Plugin | Version |
|--------|---------|
| easy-wp-smtp | 2.14.0 (primary) |
| wp-mail-smtp | — (secondary — potential conflict) |
## Frontend Assets
- **CSS:** Pre-compiled plain CSS — `wp-content/themes/betheme/css/be.css` (496KB), responsive.css, woocommerce.css
- **JS:** Pre-compiled plain JS — `wp-content/themes/betheme/js/scripts.js`, woocommerce.js
- **No build tooling:** No SASS, Webpack, or Gulp — assets are version-controlled compiled files
- **Skins:** 12 colour skins in `wp-content/themes/betheme/css/skins/`
## Deployment
- **Protocol:** FTP (plain, unencrypted) to `ftp.miody.nazwa.pl`
- **Remote path:** `/nowa`
- **Config:** `.vscode/ftp-kr.json` (credentials stored in file — security risk)
- **Strategy:** Manual upload — autoUpload disabled
- **Excluded from deploy:** `.git`, `.vscode`, `.paul`, `.serena`, `CLAUDE.md`
## Plugin Count
**76 plugins total** — heavy stack with significant duplication (see concerns.md)

54
.paul/codebase/testing.md Normal file
View File

@@ -0,0 +1,54 @@
# Testing — krolewskie-miody.pl
## Current Status
**No testing infrastructure is configured.**
CLAUDE.md acknowledges this: *"Testy — Uzupełnij jak uruchamiać testy"* (incomplete placeholder).
## What's Missing
- No `phpunit.xml` or `phpunit.xml.dist`
- No `tests/` directory
- No `.github/workflows/` CI/CD pipelines
- No PHPUnit dependency in any `composer.json`
- No JavaScript test runner (Jest, Mocha, etc.)
- No automated code quality checks on commit
## Recommended Setup
### PHPUnit (WordPress unit tests)
1. Install PHPUnit via Composer in a custom plugin or child theme:
```bash
composer require --dev phpunit/phpunit wp-phpunit/wp-phpunit
```
2. Create `phpunit.xml`:
```xml
<phpunit bootstrap="tests/bootstrap.php">
<testsuites>
<testsuite name="krolewskie-miody">
<directory>tests/</directory>
</testsuite>
</testsuites>
</phpunit>
```
3. Place test files in `tests/` with `Test` suffix: `tests/class-checkout-test.php`
### Manual Testing Checklist (current practice)
Since no automated tests exist, manual testing covers:
- Product listing and filtering
- Add to cart / cart updates
- Checkout flow (Przelewy24, PayU, PayPal)
- InPost locker selection
- Order confirmation emails (via Easy WP SMTP)
- Coupon application (flexible-coupons-pro)
- GDPR consent banner (Complianz)
## Notes
- WooCommerce 10.x ships with its own test utilities — can be leveraged for integration tests
- Code Snippets plugin stores custom PHP in DB — these snippets are not version-controlled or testable via standard tooling