User Tools

Site Tools

Trace: zededitor mysql_cnf wordpress
wordpress

This is an old revision of the document!

Common Wordpress Issues

Wordpress Permissions

Replace ${WP_ROOT} with the directory location of wordpress. If you are already in the wp document root, replace with a dot . 

find ${WP_ROOT} -exec chown :apache {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

Changing Site URL

Check the current URL, first select the database with the 'use' command (eg. use live_database;): 

SELECT * FROM wp_options WHERE option_name = 'siteurl' OR option_name = 'home' ;
Now we can update the URL: 
UPDATE wp_options SET option_value = 'http://notes.lukeslinux.co.uk' WHERE option_name = 'siteurl' OR option_name = 'home';

.htaccess rewrite

Used for permalinks 

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^/?(wp-admin/|wp-login\.php) https://mysite.com%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]

wp-config FTP

define('FS_METHOD', 'direct');
define('FTP_BASE', '/var/www/vhosts/example.com/httpdocs/');
define('FTP_CONTENT_DIR', '/var/www/vhosts/example.com/httpdocs/wp-content/');
define('FTP_PLUGIN_DIR ', '/var/www/vhosts/example.com/httpdocs/plugins/');
#define('FTP_PUBKEY', '/var/www/vhosts/example.com/httpdocs/.ssh/id_rsa.pub');
#define('FTP_PRIKEY', '/var/www/vhosts/example.com/httpdocs/.ssh/id_rsa');
define('FTP_USER', 'FTPusername');
define('FTP_PASS', 'FTPpassword');
define('FTP_HOST', 'localhost');
define('FTP_SSL', false);

Auto Install Plugins (without FTP/FTPs details)

vim /var/www/vhost/website/wp-config.php 

define('FS_METHOD', 'direct');

XMLRPC

To prevent xmlrpc attacks add the following to a .htaccess 

<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>

What is an xmlrpc attack?

xml-rpc can use system.multicall - this can be used to execute multiple methods inside a single request. This allows applications to pass multiple commands with one http request.
This means that potential bots and hackers can use the system.multicall method to guess hundreds of passwords with a single http request
Hackers can attempt thousands of password attempts with just a 3-4 http request. These requests bypass security tools designed to block brute force attempts. These requests will have 1 entry per request in the log file.

NOTE: WordPress, Drupal and most content management systems support XML-RPC.
It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages


You could also use a plugin called JetPack to assist - more information to come soon
https://wordpress.org/plugins/jetpack/

wordpress.1457023612.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki