Question

Bedrock WordPress: Modern Project Structure & Workflow

Posted on by William Zheng

Frustrated by messy WordPress projects or struggling to keep your site organized? You’re not alone—many developers and site owners wish for a smoother, more secure way to build and manage WordPress sites. That’s where Bedrock comes in.

Understanding how Bedrock works can transform your workflow and unlock powerful tools for version control, environment configuration, and security. This article will walk you through what Bedrock is, how to set it up, and tips for getting the most out of it.

Related Video

What Is Bedrock in WordPress?

Bedrock is a modern WordPress boilerplate that transforms the way you build, organize, and manage WordPress projects. Think of it as the foundation for WordPress development—a starter kit that equips you with professional tools and best practices right out of the box.

While traditional WordPress sites tend to mix up core files, themes, plugins, and custom code in the same folder, Bedrock introduces a cleaner project structure, robust dependency management, and improved security features. It’s particularly useful if you want your WordPress site to be easier to develop, update, and collaborate on.

Key Features of Bedrock

Bedrock stands out from standard WordPress installations with several powerful enhancements:

  • Project Organization: Separates WordPress core files from your project’s custom code and assets.
  • Composer Integration: Manages plugins, themes, and even WordPress itself as Composer packages.
  • Environment Configuration: Supports multiple environments (development, staging, production) via a straightforward configuration system inspired by frameworks like Laravel.
  • Version Control Friendly: Makes it easier for teams to collaborate and track code history using Git.
  • Enhanced Security: Keeps sensitive files and configuration out of the public web root.

Now, let’s break down how Bedrock accomplishes all of this and how you can get started.

How Bedrock Works: Breaking Down the Core Concepts


How to deploy your WordPress site with Bedrock and Moss - bedrock wordpress

1. Modern Directory Structure

Bedrock changes the default WordPress file structure, placing custom code in logical directories. Here’s what a typical Bedrock project looks like:

  • /web: Public web root (where WordPress core lives)
  • /config: Stores environment-specific settings
  • /vendor: Composer managed packages (WordPress, plugins, themes)
  • composer.json: Lists all your site dependencies

This separation means your custom code and settings are isolated from WordPress’s core files—making upgrades safer and easier.

2. Composer Dependency Management

Composer is a PHP dependency manager, and Bedrock leverages it to:

  • Install WordPress core as a dependency
  • Manage plugins and themes as packages
  • Lock versions to ensure consistent deployments across environments

This eliminates the need to manually download or update plugins and themes through the WordPress dashboard.

Composer in Action

For example, to add a plugin or update WordPress, you’d run a command like:

composer require wpackagist-plugin/wordpress-seo

Composer keeps your packages and versions in check, boosting reliability and team coordination.

3. Environment Configuration

Bedrock uses a clever .env file for configuration. Each environment (local, staging, production) can have its own settings:

  • Database credentials
  • Security keys (nonces, salts)
  • Debug modes or URLs

This pattern makes it easier to work with multiple environments, without sharing sensitive settings or breaking your application when deploying changes.

4. Improved Security

Because Bedrock organizes core files and sensitive configuration outside the public web root, you get:

  • Reduced exposure to attacks on core files
  • Centralized handling of secrets
  • Cleaner permission settings

This tightens your site’s defense from the get-go.

How to Set Up Bedrock Step-by-Step

Thinking of giving Bedrock a try? Here’s a simplified step-by-step process to get started:

1. System Requirements

Make sure you have:

  • Composer installed on your system
  • A web server (Apache or Nginx)
  • PHP 7.4 or higher
  • Access to create databases

2. Installing Bedrock

  1. Create a New Bedrock Project

Run in your terminal:
composer create-project roots/bedrock your-project-folder

  1. Configure Environment Variables

  2. Copy .env.example to .env.

  3. Set your database credentials, URLs, and secret keys in .env.

  4. Set Up Your Web Server

  5. Point your document root to web (not the project root).

  6. Adjust your server configuration accordingly.

  7. Install WordPress and Dependencies

composer install

  1. Run the WordPress Installation

  2. Visit your site URL in the browser.

  3. Follow the standard WordPress setup screens.

3. Managing Plugins and Themes

Instead of uploading via the admin panel, you use Composer to add plugins and themes:

  • Official WordPress plugins and themes are available via the [Wpackagist repository (proxy for the WordPress.org repo)].
  • Custom plugins/themes can be added as custom Composer packages or repositories in composer.json.

4. Version Control with Git

Bedrock is designed for Git:

  • Keep your custom code, configuration, and Composer files under version control.
  • Don’t commit vendor or web/wp (managed by Composer).
  • Git simplifies team collaboration and deployment.

Benefits of Using Bedrock for Your WordPress Projects

Switching to Bedrock has tangible upsides, especially for developers or agencies who manage multiple sites or work in teams.

Organization & Maintainability

  • Separates core WordPress files from your custom theme and plugin code.
  • Clear folder structure for modern development practices.
  • Makes it easier to track changes and updates.

Robust Dependency Management

  • Instantly install, update, or roll back plugins, themes, or WordPress itself.
  • Reproducible installs mean fewer “it works on my machine” issues.
  • Ensures consistent setups on all environments, local to production.

Enhanced Security

  • Keeps sensitive files secure and outside public reach.
  • Fewer default exploits are possible due to file placement.

Collaboration & CI/CD

  • Works seamlessly in team workflows using Git.
  • Integrates well with continuous integration and automated deployment pipelines.

Peace of Mind

  • Easy to rebuild your whole site with a single composer install.
  • Upgrading WordPress and plugins is less risky due to improved isolation.

Challenges and Considerations

While Bedrock offers many advantages, it’s good to be aware of possible challenges:

  • Composer Required: Team members and deployments need to work with Composer. There’s a learning curve if you’re new to it.
  • Non-Traditional Structure: Some hosts or tools expect a default WordPress directory layout.
  • Plugin Compatibility: A small minority of premium plugins may have issues with Composer installation or non-standard file locations.
  • Extra Setup: Initial setup may involve editing web server configuration and permissions.

Overcoming these is usually worth the effort for the discipline and scalability you gain.

Best Practices for Working With Bedrock

To get the most out of Bedrock, consider the following tips:

  • Understand the Structure: Familiarize yourself and your team with the new folder layout. Know where to place custom code, themes, and plugins.
  • Use Version Control: Track everything necessary in Git. Exclude WordPress core and vendor directories since they’re handled by Composer.
  • Automate Deployments: Use deployment tools like Capistrano or Ansible. They pair well with Bedrock for reliable updates and rollbacks.
  • Keep Dependencies Up to Date: Regularly run composer update for the latest improvements and security patches.
  • Embrace Environment Variables: Leverage the .env file for secure, flexible configuration across environments.

Managing Project Costs with Bedrock

Using Bedrock itself is completely free as it’s open-source. Here are some cost-related tips and considerations:

  • Hosting: Check with your hosting provider if they allow custom webroot configurations and support Composer.
  • Development Time: Allow some initial time to set up and learn Bedrock, but expect streamlined workflows and reduced maintenance long-term.
  • Plugin/Theme Purchases: Premium plugins and themes may still have license or purchase fees, regardless of how you install them.

There is no “shipping” in the traditional sense, but think of your websites as being easier (and faster) to “deliver” to production thanks to Bedrock’s automation features.

Concluding Summary

Bedrock brings modern PHP development practices to WordPress, making sites more organized, secure, and manageable. By restructuring your project, integrating Composer, and embracing environment variables, Bedrock makes building and deploying WordPress projects more professional and efficient. While there’s a bit of upfront setup and a learning curve for some teams, the long-term benefits are substantial—especially for developers who value reliability, security, and maintainable code.

If you build or manage WordPress sites beyond small-scale projects, or you’re looking for a more robust, team-friendly workflow, Bedrock could be the change you need.

Frequently Asked Questions (FAQs)

What’s the main difference between Bedrock and a typical WordPress installation?
Bedrock separates WordPress core files from custom code, uses modern dependency management (Composer), and offers environment-specific configuration—all of which are missing from standard WordPress setups.

Can I use any theme or plugin with Bedrock?
Most free and many premium plugins and themes work with Bedrock, especially if available via WordPress.org or Wpackagist. Some plugins with hardcoded paths or unconventional install instructions may need additional tweaks.

Will Bedrock make my site more secure?
Yes. Bedrock’s project structure keeps sensitive files and settings out of the web root, reducing potential attack vectors and making secure configuration easier.

Do I need to be a developer to use Bedrock?
While Bedrock is designed for developers or teams comfortable with command-line tools like Composer and Git, motivated users can learn the basics with a little research and practice.

How do I migrate an existing WordPress site to Bedrock?
The process involves setting up a new Bedrock project, moving your custom themes and plugins, migrating your uploads, and configuring your database and environment settings. It takes some care but results in a cleaner, more maintainable site structure.

Post Views: 8