Wordpress: Difference between revisions
From DWIKI
m →FAQ Tag: wikieditor |
m →FAQ Tag: wikieditor |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 11: | Line 11: | ||
=Howto= | =Howto= | ||
==Brute force monitoring== | |||
Check [https://docs.directadmin.com/operation-system-level/securing/csf.html CSF] | |||
==Make slugs work== | ==Make slugs work== | ||
In setttings->permalinks select custom structure /%postname%/ | In setttings->permalinks select custom structure /%postname%/ | ||
| Line 22: | Line 26: | ||
==Show successful logins== | ==Show successful logins== | ||
grep 'wp-login.* 302 ' accesslog | grep 'wp-login.* 302 ' accesslog | ||
==Stop xmlrpc scanning== | |||
In .htaccess | |||
# Block WordPress xmlrpc.php requests | |||
<Files xmlrpc.php> | |||
order deny,allow | |||
deny from all | |||
allow from 111.222.333.444 | |||
</Files> | |||
or | |||
<Files xmlrpc.php> | |||
Require all denied | |||
</Files> | |||
===In nginx=== | |||
location /xmlrpc.php { | |||
deny all; | |||
return 404; | |||
} | |||
to keep it out of logs | |||
location /xmlrpc.php { | |||
deny all; | |||
log_not_found off; | |||
access_log off; | |||
return 404; | |||
} | |||
=FAQ= | =FAQ= | ||
==An automated WordPress update has failed to complete - please attempt the update again now.== | |||
Files probably not owned by www-data or whatever used webserver runs as | |||
==What is this /wp-cron.php?doing_wp_cron in logs?== | |||
==Access denied for user 'username_here'@'localhost'== | |||
Someone trying to access config-sample.php | |||
==Stop prompting for credentials on updates== | ==Stop prompting for credentials on updates== | ||
In wp-config.php: | In wp-config.php: | ||
| Line 62: | Line 103: | ||
==user login history== | ==user login history== | ||
Settings > User Login History | Settings > User Login History | ||
==stop backtrack spam== | |||
*[https://www.greengeeks.com/tutorials/end-trackback-spam-wordpress/ How to End Trackback Spam in WordPress] | |||
Or just deselect '''Allow link notifications from other blogs (pingbacks and trackbacks) on new posts''' and in database update existing entries: | |||
update wp_posts set ping_status = 'closed'; | |||
==Error messages== | |||
===AjaxURL has NOT been defined=== | |||
fastest cache bug? | |||
Latest revision as of 10:09, 11 March 2026
Links
Documentation
- http://codex.wordpress.org/Main_Page
- https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf
Howto
Brute force monitoring
Check CSF
Make slugs work
In setttings->permalinks select custom structure /%postname%/ and make sure you have AllowOverride All in apache config
Get wordpress version on CLI
grep wp_version wp-includes/version.php
Show successful logins
grep 'wp-login.* 302 ' accesslog
Stop xmlrpc scanning
In .htaccess
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from 111.222.333.444 </Files>
or
<Files xmlrpc.php>
Require all denied
</Files>
In nginx
location /xmlrpc.php {
deny all;
return 404;
}
to keep it out of logs
location /xmlrpc.php {
deny all;
log_not_found off;
access_log off;
return 404;
}
FAQ
An automated WordPress update has failed to complete - please attempt the update again now.
Files probably not owned by www-data or whatever used webserver runs as
What is this /wp-cron.php?doing_wp_cron in logs?
Access denied for user 'username_here'@'localhost'
Someone trying to access config-sample.php
Stop prompting for credentials on updates
In wp-config.php:
define('FS_METHOD', 'direct');
Upload or install keeps giving "Connection Information" dialog
Seems to mean wordpress can't write somewhere, so it prompts for user with write access rights Check at least:
wp-content/plugins wp-content/themes
multiple sidebars
The ssh2 PHP extension is not available
Install https://en-ca.wordpress.org/plugins/ssh-sftp-updater-support/
How to log in?
In /wp-admin/ !
Upload file and add link to it
Posts->Add new, in editor use "add media"
command line management tool
CLI upgrade
wp core update
Could not fully remove the plugin
Check logs :)
user login history
Settings > User Login History
stop backtrack spam
Or just deselect Allow link notifications from other blogs (pingbacks and trackbacks) on new posts and in database update existing entries:
update wp_posts set ping_status = 'closed';
Error messages
AjaxURL has NOT been defined
fastest cache bug?
