WordPress

Hacking
Hack Check

11 Top Reasons Why WordPress Sites Get Hacked (and How to Prevent it)

How To Hack A WordPress Web Site

WordPress Releases
https://wordpress.org/download/releases/

WordPress with NginX
https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04

NOTES

sudo apt-get install nano sudo apt-get install nginx sudo apt-get install mysql-server sudo apt-get install php-fpm php-mysql sudo apt-get install php7.0-xml sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc sudo apt-get install curl

https://www.techrepublic.com/article/how-to-install-mcrypt-for-php-7-2/

Registration Page
/wp-login.php?action=register

Backup
https://managewp.com/features/backup

WordPress Site Management
https://mainwp.com/features/

WordPress MultiSite
https://premium.wpmudev.org/blog/ultimate-guide-multisite/

HOWTO: Download Older Versions of WordPress Plugins
https://kinsta.com/knowledgebase/download-older-versions-of-wordpress-plugins/

HOWTO: Increase PHP Memory Limit (UpdraftPlus Error)
https://updraftplus.com/faqs/deal-fatal-error-allowed-memory-size-errors/

HOWTO: Disable wp-cron.php WP_CRON
WordPress uses a file called wp-cron.php as a virtual cron job, or scheduled task in order to automate things like publishing scheduled posts, checking for plugin or theme updates, sending email notifications and more.

By default WordPress is set up to call wp-cron.php every time someone visits your WordPress website when a scheduled task is present, to basically ask "is it time to do anything yet?".

On low traffic sites this is perfectly fine, but when visitors roll in, checking multiple times for scheduled tasks can be very inefficient and lead to resource usage problems for your server, plus make your website load slower.

To fix this, change the following setting in your wp-config.php file...

define('DISABLE_WP_CRON', true);

Thanks - https://www.inmotionhosting.com/support/website/wordpress/disabling-the-wp-cronphp-in-wordpress

HOWTO: Disable WordPress User Account

 * Method 1 - change the user's role to 'No Role For This Site'
 * Method 2 - install the Disable Users Plugin and disable that user.

Thanks - https://9seeds.com/how-to-disable-wordpress-user-accounts/

HOWTO: Hide Page Title Per Basis
style.css

.page-id-1826 .entry-title {display: none;}

Thanks - https://premium.wpmudev.org/blog/wordpress-hide-page-title-or-post-title-on-a-case-by-case-basis/

HOWTO: Download Latest Version
wget -O wordpress-latest.tar.gz http://wordpress.org/latest.tar.gz

WordPress Lighttpd
sudo -i apt-get install lighttpd php-cgi php-mysql mysql-server lighty-enable-mod fastcgi lighty-enable-mod fastcgi-php wget -O wordpress-latest.tar.gz http://wordpress.org/latest.tar.gz tar --strip-components=1 -xzvf wordpress-latest.tar.gz -C /var/www/domain.co.uk/html/ cd /var/www/domain.co.uk/html mv wp-config-sample.php wp-config.php chown -R ftpuser1:www-data. find. -type f -exec chmod 664 {} + find. -type d -exec chmod 775 {} + chmod 660 wp-config.php

https://www.smashingmagazine.com/2014/05/proper-wordpress-filesystem-permissions-ownerships

HOWTO: Update Admin User Password Command Line
mysql -u root -p wordpress_database -e "UPDATE wp_users SET user_pass=MD5('MyNewPassword') WHERE ID='1';"

HOWTO: Extract WordPress Without First Directory
sudo tar --strip-components=1 -xzvf latest.tar.gz -C /path/to/directory/

e.g.

sudo tar --strip-components=1 -xzvf latest.tar.gz -C /var/www/domain.com/html/

HOWTO: Correct Ownership And Permissions Of Wordpress Files
You need to make the user the FTP login and the group the user Apache or Lighttpd runs as...

sudo chown -R fred:www-data /var/www/fred.com/html/

Change to the correct directory...

cd /var/www/fred.com/html/

For secure permissions...

sudo find. -type f -exec chmod 644 {} + sudo find. -type d -exec chmod 755 {} + sudo chmod 640 wp-config.php

For relaxed permissions...

sudo find. -type f -exec chmod 664 {} + sudo find. -type d -exec chmod 775 {} + sudo chmod 660 wp-config.php

HOWTO: Disable Update Check For A Single Plugin
Open the main plugin file and change the version number to 9.9.9

HOWTO: Create MySQL Database

 * 1) log in to mysql
 * 2) create database
 * 3) set user and password and permissions
 * 4) log out of mysql

mysql -u root -p create database wordpress; grant all on wordpress.* to 'wordpressuser'@'localhost' identified by 'mypassword'; quit;

HOWTO: Generate Salt Keys
https://api.wordpress.org/secret-key/1.1/salt/

HOWTO: Complete Configuration
cd /var/www/domain.com/html sudo rm -iv index.html sudo mv -v wp-config-sample.php wp-config.php sudo nano wp-config.php define('DB_NAME', 'wordpressdatabase'); define('DB_USER', 'wordpressuser'); define('DB_PASSWORD', 'mYPassWOrd'); define('DB_HOST', 'localhost'); /** Authentication Unique Keys and Salts. REPLACE LINES WITH YOUR LINES FROM SALT LINK ABOVE

Now load the web site in your web browser and complete installation.

HOWTO: Enable Updates Via SSH / SFTP
sudo aptitude install libssh2-php

Then, restart your web server software.

Thanks - https://snowulf.com/2010/06/29/wordpress-enabling-sshsftp-updates/

HOWTO: Update Via Command Line
WP CLI is a command line tool for managing your WordPress installation.

http://wp-cli.org

Install
sudo apt-get install php-cli curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod +x wp-cli.phar sudo mv wp-cli.phar /usr/local/bin/wp sudo -u www-data wp --info

Commands
wp help core wp core check-update wp core version wp core update wp core update-db

As Another User On Server
cd /path/to/wordpress/ sudo -u www-data wp --help sudo -u www-data wp core --help sudo -u www-data wp core version sudo -u www-data wp core check-update sudo -u www-data wp core download sudo -u www-data wp core is-installed sudo -u www-data wp core update sudo -u www-data wp core update-db sudo -u www-data wp core verify-checksums sudo -u www-data wp core version sudo -u www-data wp plugin --help sudo -u www-data wp plugin status sudo -u www-data wp plugin --help sudo -u www-data wp plugin update sudo -u www-data wp plugin update --all sudo -u www-data wp plugin status sudo -u www-data wp plugin --help sudo -u www-data wp plugin activate --all sudo -u www-data wp plugin status sudo -u www-data wp theme --help sudo -u www-data wp theme list sudo -u www-data wp theme update --all sudo -u www-data wp theme list

Reset User Password
1. Move into the /wordpress directory and type

sudo -u www-data wp user list

to see all users. Find the ID of the user you'd like to update.

2. Then, update the user

sudo -u www-data wp user update 1 --user_pass=$UP3RstrongP4$$w0rd

replacing "1" with the id of the user you want to update.

Search and Replace WordPress Database Change URL
sudo -u wpusername wp search-replace ' http://test.domain.co.uk ' ' http://www.domain.co.uk ' --dry-run sudo -u wpusername wp search-replace ' http://test.domain.co.uk ' ' http://www.domain.co.uk '

HOWTO: CREATE: Child Themes

 * FTP in to site
 * Navigate to wp-content | themes
 * Create a new folder for the child theme, for example twentyfifteen-child (where twentyfifteen is the name of your parent theme)
 * Create a text file named style.css
 * Copy and paste the text from Example 1 below in to the style.css file.

Example 1:

/* Theme Name: Example Theme URI: http://example.co.uk Description: Custom child theme Author: Why me of course Author URI: http://anotherexample.com Template: theme-child Version: 0.1 */ @import url("../theme/style.css");


 * Next alter the text so it matches the details of the website the parent theme.

Example 2:

/* Theme Name: twentyeleven-child Theme URI: http://mywebsite.co.uk Description: Custom child theme Author: Fred Dibnah Author URI: http://dibnah-inc.com Template: twentyeleven Version: 0.1 */ @import url("../twentyeleven/style.css");


 * FTP style.css to wp-content | themes | twentyfifteen-child
 * In the WordPress control panel navigate to Appearance | Themes

HOWTO: REMOVE: Comment Box From An Existing Page

 * All Pages
 * Select the 'Quick Edit' option
 * Un-tick 'Allow Comments'

HOWTO: ALTER: Site URL
There are various methods to change the Site URL manually. Any of these methods will work and perform much the same function.

1. Edit wp-config.php
It is possible to set the site URL manually in the wp-config.php file.

Add these two lines to your wp-config.php, where "example.com" is the correct location of your site.

define('WP_HOME',' http://example.com '); define('WP_SITEURL',' http://example.com ');

2. MySQL
Edit home and siteurl from the wp_options table using PHPMyAdmin or similar.

3. wp Command Line
A. You can use the official WP command line tool to alter the 'home', 'siteurl' options.

cd /path/to/wordpress/files sudo -u user wp option get home sudo -u user wp option get siteurl sudo -u user wp option update home 'http://www.domain.co.uk' sudo -u user wp option update siteurl 'http://www.domain.co.uk'

https://developer.wordpress.org/cli/commands/option/

B. You can also use the command line to alter every part of the MySQL Database.

cd /path/to/wordpress/files sudo -u user wp search-replace 'http://test.domain.co.uk' 'http://www.domain.co.uk' --dry-run sudo -u user wp search-replace 'http://test.domain.co.uk' 'http://www.domain.co.uk'

https://developer.wordpress.org/cli/commands/search-replace/

HOWTO: htaccess Extra Security Tweaks
 RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule. /index.php [L] RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] 
 * 1) extra security tweaks

http://wordpress.org/download/

HOWTO: Disable All Plugins Via PHPMyAdmin Or MySQL
mysql> update wp_options set option_value = "a:0:{}" where option_name = 'active_plugins';

Thanks to - http://www.webhostinghero.com/manually-disable-wordpress-plugins/

HOWTO: WordPress Security Plugins

 * 1) Captcha
 * 2) Activity Monitor
 * 3) WordFence
 * 4) Disable Author Pages

HOWTO: WordPress Security Updates Mailing List
http://www.wordfence.com/subscribe-to-the-wordfence-email-list/

HOWTO: WordPress Core: Add Page Last Modified Date
Add this code to your footer.php file...

Last modified: 

http://codex.wordpress.org/Template_Tags/the_modified_date

HOWTO: WP-Members: Remove Powered By Link In Footer
Edit the file...

wp-content/plugins/wp-members/wp-members-dialogs.php

Search for 'powered by' and comment out both lines.

HOWTO: Deactivate all plugins when unable to access the administrative menus?

 * Via FTP or your host's file manager, navigate to the wp-contents folder (directory)
 * Via FTP or your host's file manager, rename the folder "plugins" to "plugins.hold"
 * Login to your WordPress administration menus (/wp-admin)
 * Via FTP or your host's file manager, rename "plugins.hold" back to "plugins"

http://codex.wordpress.org/FAQ_Troubleshooting

DukaPress Shop Plugin
TO BE DONE.

HOWTO: SET: The Home Page As A Static Page Instead Of Post

 * Create a new page, it does not have to be called home.
 * Settings --> Reading --> Front page displays --> change from 'Your latest posts' to 'A static page (select below) and use the drop down menu to set the page required.
 * Click 'Save Changes'.
 * Optional: If you still want a 'Posts page' posts that option is also allowed for.

HOWTO: SET: Menus As A Non-Clickable Top Level Item
This method only applies if you are using the default menu provided in WordPress.

First off do not create a page for the non-clickable as there is no need.


 * WP Menu --> Appearance --> Menus
 * Links widget (under Pages in the left hand widget)
 * In the URL box change the contents 'http://' to '#' (without the quotes)
 * Add a label
 * Click the 'Add to Menu' button
 * Click the 'Save Menu' button

WorldPay
TO BE DONE.

Test Credit Card Numbers - http://www.worldpay.com/support/kb/bg/testandgolive/tgl5103.html

HOWTO: Permalinks (Page URL) - Alter
Go to:

Control Panel --> Settings --> Permalinks

Select 'Post name'

Finally click the 'Save Changes' button.

Or the more complicated method:

Add this to your .htaccess file...

 RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule. /index.php [L] 
 * 1) BEGIN WordPress
 * 1) END WordPress

Mobile Skin
http://wordpress.org/extend/plugins/wptouch/

HOWTO: REMOVE: 'Home' Button
The code you need to modify is located in the TwentyTen Theme's functions.php file.

$args['show_home'] = false;

PLUGIN: Coming Soon and Maintenance Mode
https://en-gb.wordpress.org/plugins/coming-soon/

PLUGIN: All-In-One WP Migration
Size Limit Fix

/wp-content/plugins/all-in-one-wp-migration/constants.php

// ================= // = Max File Size = // ================= define( 'AI1WM_MAX_FILE_SIZE', 536870912 * 8 );

PLUGINS: Caching
https://www.elegantthemes.com/blog/resources/the-best-wordpress-cache-plugins-and-how-to-use-them

Error: Wordfence Update Error
If you see this error when updating Wordfence in the WordPress Dashboard...

Installing Plugin: Wordfence Security x.x.x Downloading install package from https://downloads.wordpress.org/plugin/wordfence.x.x.x.zip… Unpacking the package… Could not copy file. wordfence/xxxxx/xxxxxx

You need to go to /wp-content/upgrade/ and delete all the wordfence folders/files in there. Chances are you won't be able to do that via FTP due to chown problems but will need shell access to your server to get rid of them. After that is done you will be able to upgrade without a problem.

cd /home/user/www/wp-content/ sudo rm -rfv upgrade/*

Thanks - https://wordpress.org/support/topic/update-error-v-517

Lighttpd Permalinks
$HTTP["host"] =~ "www\.domain\.uk\.com$" { server.document-root = "/home/lighttpd/www.domain.uk.com/html" server.errorlog = "/home/lighttpd/www.domain.uk.com/logs/error.log" accesslog.filename = "/home/lighttpd/www.domain.uk.com/logs/access.log" url.rewrite-if-not-file = ( "^/(wp-.+).*/?" => "$0", "^/keyword/([A-Za-z_0-9\-]+)/?$" => "/index.php?keyword=$1", "^/.*?(\?.*)?$" => "/index.php$1" ) }

Thanks - http://antesarkkinen.com/blog/wordpress-with-lighttpd-pretty-url-permalinks-and-jetpack/

Error: PCLZIP_ERR_BAD_FORMAT
Installing Plugin: Disable Author Pages 0.7 Downloading install package from https://downloads.wordpress.org/plugin/disable-author-pages.zip… Unpacking the package… The package could not be installed. PCLZIP_ERR_BAD_FORMAT (-10) : Unable to find End of Central Dir Record signature

WP E-Commerce and Gold Cart Plugin
To reinstall for the new version...


 * 1) Go here - http://getshopped.org/extend/premium-upgrades-files/
 * 2) Put in API Key and then you can download (as of writing) version 2.9.3 of the gold cart.
 * 3) Unpack the /gold_cart_files/ folder to your hard disk
 * 4) FTP in and upload that whole folder to /public_html/wp-content/plugins
 * 5) Log in to the WP Admin Panel
 * 6) Go to Plugins and Activate the plugin
 * 7) Go to the Dashboard section and click on Store Upgrades
 * 8) Fill in your Name and API Key to activate the plugin
 * 9) Go to the Store > Presentations section to change drop-down View to Grid View

Updates On Hosting With 1&1
The problem I was having was the update would start, and then just stop after a few seconds.

Then in my wp-content folder I would see a bunch of failed downloads. They were the update zip files with a 0 byte size.

The Solution:

Add the following line to your .htaccess file in the root directory of your blog.

AddType x-mapp-php5 .php

This will enable PHP version 5 + on your blog and then your update should take off.

http://www.big-webmaster.com/wordpress-automatic-update-with-1and1/

White Screen of Death
https://wpmayor.com/what-to-do-when-a-wordpress-plugin-causes-your-website-to-crash/