Differences

This shows you the differences between two versions of the page.

--- wordpress [2016/03/03 16:53] – luke7858
+++ wordpress [2024/05/23 07:26] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-Common Wordpress Issues
+~~NOCACHE~~
-=== Wordpress Permissions ===
+====== Wordpress ======
-Replace ${WP_ROOT} with the directory location of wordpress. If you are already in the wp document root, replace with a dot .
+{{tabembed>[[wordpress_issues|Common Wordpress Issues, Wordpress-Nginx, [[wordpress_permalinks|Permalinks/Rewrites, [[wordpress_xmlrpc|XMLRCP.php, [[wordpress_admin_user|Add Admin User Manually}}
-<sxh bash>
-find ${WP_ROOT} -exec chown :apache {} \;
-find ${WP_ROOT} -type d -exec chmod 755 {} \;
-find ${WP_ROOT} -type f -exec chmod 644 {} \;
-</sxh>
-\\
-=== Changing Site URL ===
-Check the current URL, first select the database with the 'use' command (eg. use live_database;):
-<sxh bash>
-SELECT * FROM wp_options WHERE option_name = 'siteurl' OR option_name = 'home' ;
-</sxh>
-Now we can update the URL:
-<sxh bash>
-UPDATE wp_options SET option_value = 'http://notes.lukeslinux.co.uk' WHERE option_name = 'siteurl' OR option_name = 'home';
-</sxh>
-\\
-=== .htaccess rewrite ===
-Used for permalinks
-<sxh bash>
-RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
-RewriteCond %{HTTPS} !=on [NC]
-RewriteRule ^/?(wp-admin/|wp-login\.php) https://mysite.com%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]
-</sxh>
-\\
-=== wp-config FTP ===
-<sxh bash>
-define('FS_METHOD', 'direct');
-define('FTP_BASE', '/var/www/vhosts/example.com/httpdocs/');
-define('FTP_CONTENT_DIR', '/var/www/vhosts/example.com/httpdocs/wp-content/');
-define('FTP_PLUGIN_DIR ', '/var/www/vhosts/example.com/httpdocs/plugins/');
-#define('FTP_PUBKEY', '/var/www/vhosts/example.com/httpdocs/.ssh/id_rsa.pub');
-#define('FTP_PRIKEY', '/var/www/vhosts/example.com/httpdocs/.ssh/id_rsa');
-define('FTP_USER', 'FTPusername');
-define('FTP_PASS', 'FTPpassword');
-define('FTP_HOST', 'localhost');
-define('FTP_SSL', false);
-</sxh>
-\\
-=== Auto Install Plugins (without FTP/FTPs details) ===
-vim /var/www/vhost/website/wp-config.php
-<sxh bash>
-define('FS_METHOD', 'direct');
-</sxh>
-\\
-=== XMLRPC ===
-To prevent xmlrpc attacks add the following to a .htaccess
-<sxh bash>
-<Files "xmlrpc.php">
-Order Allow,Deny
-deny from all
-</Files>
-</sxh>
-\\
-==What is an xmlrpc attack?==
-xml-rpc can use system.multicall - this can be used to execute multiple methods inside a single request. This allows applications to pass multiple commands with one http request.
-\\
-This means that potential bots and hackers can use the system.multicall method to guess 100's or 1000's of passwords with a single http request
-\\
-Hackers can attempt thousands of password attempts with  just a 3-4 http request. These requests bypass security tools designed to block brute force attempts. These requests will have 1 entry per request in the log file.
-\\
-\\
----
-**__NOTE__**: //WordPress, Drupal and most content management systems support XML-RPC.//
-\\
-It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages
-\\
-\\
-\\
-== JetPack ==
-This wordpress plugin does come with xmlrcp.php protection from brute force.
-\\
-Note: This is SITE specific and will note cover system wide wordpress sites.
-\\
-If you are a hosting reseller then you will want to add something similar to the code below, this code allows the wordpress IP range (current IP range) and denies potential attacks:
-<sxh bash>
-<files xmlrpc.php="">
-Order Deny,Allow
-Deny from all
-Allow from 192.0.64.0/18
-Satisfy All
-ErrorDocument 403 http://127.0.0.1/
-</files>
-</sxh>
-\\
-Jet pack:
-https://wordpress.org/plugins/jetpack/