Wordpress: Difference between revisions
From DWIKI
m New page: =Documentation= *http://codex.wordpress.org/Main_Page |
m →FAQ Tag: wikieditor |
||
| (30 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Links= | |||
*[http://codex.wordpress.org/Debugging_WPMU Debugging WPMU] | |||
*[http://core.trac.wordpress.org/ Bugtracker] | |||
*[http://plugins.trac.wordpress.org/ Plugins bugtracker] | |||
*[https://translate.wordpress.org/projects/wp Language files] | |||
*https://www.wpbeginner.com | |||
=Documentation= | =Documentation= | ||
*http://codex.wordpress.org/Main_Page | *http://codex.wordpress.org/Main_Page | ||
*https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf | |||
=Howto= | |||
==Brute force monitoring== | |||
Check [https://docs.directadmin.com/operation-system-level/securing/csf.html CSF] | |||
==Make slugs work== | |||
In setttings->permalinks select custom structure /%postname%/ | |||
and make sure you have AllowOverride All in apache config | |||
==Get wordpress version on CLI== | |||
grep wp_version wp-includes/version.php | |||
==Show successful logins== | |||
grep 'wp-login.* 302 ' accesslog | |||
==Stop xmlrpc scanning== | |||
In .htaccess | |||
# Block WordPress xmlrpc.php requests | |||
<Files xmlrpc.php> | |||
order deny,allow | |||
deny from all | |||
allow from 111.222.333.444 | |||
</Files> | |||
or | |||
<Files xmlrpc.php> | |||
Require all denied | |||
</Files> | |||
===In nginx=== | |||
location /xmlrpc.php { | |||
deny all; | |||
return 404; | |||
} | |||
to keep it out of logs | |||
location /xmlrpc.php { | |||
deny all; | |||
log_not_found off; | |||
access_log off; | |||
return 404; | |||
} | |||
=FAQ= | |||
==An automated WordPress update has failed to complete - please attempt the update again now.== | |||
Files probably not owned by www-data or whatever used webserver runs as | |||
==What is this /wp-cron.php?doing_wp_cron in logs?== | |||
==Access denied for user 'username_here'@'localhost'== | |||
Someone trying to access config-sample.php | |||
==Stop prompting for credentials on updates== | |||
In wp-config.php: | |||
define('FS_METHOD', 'direct'); | |||
==Upload or install keeps giving "Connection Information" dialog== | |||
Seems to mean wordpress can't write somewhere, so it prompts for user with write access rights | |||
Check at least: | |||
wp-content/plugins | |||
wp-content/themes | |||
==multiple sidebars== | |||
*http://orangescale.com/blog/2006/06/multiple-sidebars-in-wordpress-widgets/ | |||
==The ssh2 PHP extension is not available== | |||
Install https://en-ca.wordpress.org/plugins/ssh-sftp-updater-support/ | |||
==How to log in?== | |||
In /wp-admin/ ! | |||
==Upload file and add link to it== | |||
Posts->Add new, in editor use "add media" | |||
==command line management tool== | |||
[https://wp-cli.org/ wp-cli] | |||
==CLI upgrade== | |||
wp core update | |||
==Could not fully remove the plugin== | |||
Check logs :) | |||
==user login history== | |||
Settings > User Login History | |||
==stop backtrack spam== | |||
*[https://www.greengeeks.com/tutorials/end-trackback-spam-wordpress/ How to End Trackback Spam in WordPress] | |||
Or just deselect '''Allow link notifications from other blogs (pingbacks and trackbacks) on new posts''' and in database update existing entries: | |||
update wp_posts set ping_status = 'closed'; | |||
==Error messages== | |||
===AjaxURL has NOT been defined=== | |||
fastest cache bug? | |||
Latest revision as of 10:09, 11 March 2026
Links
Documentation
- http://codex.wordpress.org/Main_Page
- https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf
Howto
Brute force monitoring
Check CSF
Make slugs work
In setttings->permalinks select custom structure /%postname%/ and make sure you have AllowOverride All in apache config
Get wordpress version on CLI
grep wp_version wp-includes/version.php
Show successful logins
grep 'wp-login.* 302 ' accesslog
Stop xmlrpc scanning
In .htaccess
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from 111.222.333.444 </Files>
or
<Files xmlrpc.php>
Require all denied
</Files>
In nginx
location /xmlrpc.php {
deny all;
return 404;
}
to keep it out of logs
location /xmlrpc.php {
deny all;
log_not_found off;
access_log off;
return 404;
}
FAQ
An automated WordPress update has failed to complete - please attempt the update again now.
Files probably not owned by www-data or whatever used webserver runs as
What is this /wp-cron.php?doing_wp_cron in logs?
Access denied for user 'username_here'@'localhost'
Someone trying to access config-sample.php
Stop prompting for credentials on updates
In wp-config.php:
define('FS_METHOD', 'direct');
Upload or install keeps giving "Connection Information" dialog
Seems to mean wordpress can't write somewhere, so it prompts for user with write access rights Check at least:
wp-content/plugins wp-content/themes
multiple sidebars
The ssh2 PHP extension is not available
Install https://en-ca.wordpress.org/plugins/ssh-sftp-updater-support/
How to log in?
In /wp-admin/ !
Upload file and add link to it
Posts->Add new, in editor use "add media"
command line management tool
CLI upgrade
wp core update
Could not fully remove the plugin
Check logs :)
user login history
Settings > User Login History
stop backtrack spam
Or just deselect Allow link notifications from other blogs (pingbacks and trackbacks) on new posts and in database update existing entries:
update wp_posts set ping_status = 'closed';
Error messages
AjaxURL has NOT been defined
fastest cache bug?
