You could surely ask, why anybody wants to install WordPress in a 12 years old $25 tiny router. But if you are crazy enough this article is an epic one. You don't even need MySQL, it usage SQLite in a USB Storage. This is surely one of the science project type experiment. But you could surely use this for other useable case to run WordPress under 64MB RAM.
I recently got a Gl.Inet 6416 router off AliExpress for about $25. It’s an interesting little box that includes many features that routers ten times more expensive lack. (Thanks OpenWRT and open source!) The box is powered by the Atheros AR9331, an aging MIPS architecture processor clocked at a measly 400mhz with 64MB of RAM and 16MB of storage. In computer years, MIPS is stone-age technology, first launched in 1981(!), and the MIPS 24K standard this particular processor implements was first launched in 2004. But the router is still quite capable even by 2016 standards! There is an SSH server and a package manager, opkg, which has packages for PHP 5.6. I immediately thought of something crazy to do – namely to install WordPress on this poor little machine.
So let’s see how that works.
Scaling things down
64MB of memory can’t accomodate either Apache or MySQL, so we have to find a way to run without them. Luckily, PHP has a built-in web server since version 5.4 that we can use, and WordPress has a SQLite plugin. This is a truly cool plugin that hooks into the db.php drop-ins and dynamically rewrites all WordPress database calls from MySQL to SQLite-compatible
A better option is of course don't use ACF but not sure will ever win that argument
Do you use get_field() to echo values saved in Advanced Custom Field in your theme or plugin without escaping it first? Maybe something like this? echo get_field('my_field');
If so, your site is likely vulnerable to cross-site scripting attacks (XSS) and other malicious hijacking by users who have access to your ACF forms! (Through the admin backend or frontend, if using acf_form())
Luckily, it’s easy to do escaping on the front end with built-in WordPress escaping functions.
I’ve made a handly helper function called get_field_escaped() that you can use instead of get_field() to secure your output.
It takes the same parameters as get_field(), so you can do stuff like:
You can also pass $post_id and $format_value, just like in the regular get_field() function:
echo get_field_escaped('my_custom_field', $post_id, true);
What’s new, a new fourth parameter has been added. It selects which escaping method is used on the data before