Tag Archives: Word Press

Installing wordpress using SSH

Most of my clients are on a WordPress platform. It is much easier to install new wordpresses through SSH, then through the traditional Cpanel/plesk and ftp. Here is how you install WordPress using SSH.

Step1: Login to your server via SSH. (I like using puTTY for this.)

Your will need your:
ip:
user:
pass:

Step2: Navigate to your current directory on the server

cd /var/www/vhosts/domain.com/httpdocs/

Step3: Download the latest version of wordpress to your server.

wget http://wordpress.org/latest.zip

Step4: Unzip the download

unzip wordpress-2.9.2.zip

Step5: Move contents from wordpress directory to current location on server.

cp -rf ./wordpress/* ./

Step6: Creating MySQL DB

-Login to MySQL

mysql -uusername -ppassword

-Create Database

create database dbname

-Grant user access to new db

grant usage on *.* to username@localhost identified by 'password'

-Set Privileges to this user on this db

grant all privileges on dbname.* to username@localhost

-Test conntection, change values below with the newly created info from above and user that was granted access.

mysql -uusername -ppassword dbname

Note: If all was successful with no errors, your db is installed.

Step7:  Your wordpress is ready for the final installation.  Go to your site with the new WordPress files are located and follow the steps.

Note: You can remove the zip file now as well.

rm wordpress-2.9.2.zip

Note: To remove an entire directory

rm -rf DirectoryName

That is it. Congrats on setting up your first WordPress through SSH.

WordPress iframe Redirect Hack!

I was just reading up on a new hack going around for WordPress. Sure enough a day later I find

this on my site. It is a nasty little script that will redirect the visitor to another site. The

script gets embedded on the Header.php file of your wordpress theme, right after the </head> tag

and right before the <body> tag.

I have the most recent version of wordpress too. I had heard of some security holes in the

previous version, so I did like any other good developer and upgraded the software. However, my

theme was still attacked. The code looks like a long line of javascript between two script tags.

It is pretty hard to miss when you open your Header.php file.

I have seen another one that hit wordpress blogs. That hack look similar to this one, however it

targets the index files on the server and injects a similar line of script to the end of your

index file. Another wordpress hack was to add a file to the root of your theme directory which

would allow the hacker access to your server.

If someone wants to get to your files bad enough, they will, but you don’t have to make it easy

for them. Here are some changes to your site that you can make if you have been hacked or even if

you just want to update your WordPress!

1. Upgrade your version of WordPress.

2. Exploit Scanner - There are several scanner tools, but this is the one I liked. You can

download and install a WordPress plugin that will scan your wordpress files, db tables, and

plugins for anything out of the ordinary. It will not remove any files for you, it leaves this to

the user. You can even allocate how much memory the scan can use if youre on a host with limited

access. Run this scan on your site.

3. Change your .htaccess file – There is a hack that adds new items to this file. Original

htaccess should look like this
# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress

Hacked addition
<ifmodule mod_security.c>
<files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</files>
</ifmodule>

4. Check that there are no new users added to your WordPress. Changing your passwords should be a

must. Having a hard time coming up with secure passwords? I love this site for creating long

crazy passwords.

5. Update or add the SECRET_KEY in your wp-config.php file. If you have never done this, you can

open the wp-config.php file in your wp root and follow the comments on where to get this updated.

WordPress does have some security updates they promote. You can find them here for more information.

You can also go to WordPress site. They have an article about Hardening WordPress.

Best wishes and keep on blogging!
Cheers :)

Word Press Navt Plugin for Static Homepage

I had a project come in that need the Word Press backbone. I like using Navt plugin for navigation. The wysiwyg is very user friendly and clients can figure it out pretty fast.  I ran into a bug with the static home page setting in wordpress and the Navt Plugin. The active setting wouldn’t trigger for the home tab. It would work on all other menu items, but not the home page.

I ran into this article here.
Continue reading