Server :: Securing Wordpress With Htaccess ?
May 16, 2011
I have a blog on my site and am using htaccess rewrite rules to block all those nasty scripts from trying to execute various things mostly relating to phpmyadmin and wordpress. This has reduced my httpd error logs to less than half from before.
Am trying to come up with a rule to rewrite all calls to certain files if they are not originating from my domain, here is how it looks right now but it's not working as I can see scripts trying to hit "wp-comments-post.php" getting a 500 Internal Server Error.
View 2 Replies
ADVERTISEMENT
May 17, 2010
I run Debian 5.4 with ISP Manager as CP. I put a .htaccess in the root directory of my wordpress blog. The content of the .htaccess is:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
[Code]....
But after I created a static page and change permalinks in wordpress with anything other than standard I get a browser 404 error (not 404 error with template).
Location of the blog content that is shown in CP: /var/www/sorin/data/sitename.ro Only the index of the blog is loading. What can I do? I have Debian up-to-date.
View 1 Replies
View Related
Jun 27, 2010
I'm trying to get wordpress to work with lighttpd and my home test server... <name>.dnsalias.org as my IP is not static... When I install wordpress ( via apt-get ) and set it up through install script like this:
bash /usr/share/doc/wordpress/examples/setup-mysql -n wordpress <name>.dnsalias.org It is accessible from outside of my network but not from local one where the sever ip is 10.0.0.200 From outside it is using correctly domain <name>.dnsalias.org but from inside when I try to use ip 10.0.0.200 from other pc on net it will not work..a s it still using <name>.dnsalias.org in all links... Also I would like to have it in <name>.dnsalias.org/wordpress as I have another test site in <name>.dnsalias.org/<test_Site> which by thee way works from inside and outside of my network.... its just wordpress ...
I have followed this guide: [URL] but its for apache... I spend whole night searching for some solution and now I'm dead tired and you are my last hope ...( ....Obi Wan Kenobi ) So does someone running wordpress in setup like I described above, if yes
View 2 Replies
View Related
Sep 15, 2010
We have a public server and it can be accessed from any where through ssh.
My question is my server should not allow anyone directly to login as root user. First he should login as normal user then he should switch to root user.
I also have another questions is there any specific linux command is there to end other users ssh session without rebooting the server.
View 2 Replies
View Related
Jan 26, 2010
I installed OpenSSH via tasksel and am using Webmin for administration. I'd like to be able to SSH externally and want to setup the necessary public/private keys to use in FileZilla.
In Webmin, under Servers > SSH Server I can click 'Host Keys' and see an RSA key. Is this the public or private key for my server? Do I need to copy this into a text file to import it into FileZilla on my remote PC (that I want to connect from)? Is that all that needs to be done (aside from opening the port on my router/firewall)?
Is there an automated way to set this up via Webmin?
View 3 Replies
View Related
Mar 19, 2009
I am having trouble trying to setup an FTP server, so i made a video lesson to show how it is done PROPERLY. I actually had this before, but it was poor quality, and i went through it a little fast; so this time it is better quality and i explain more details. You can find it here:
[Code]...
View 2 Replies
View Related
Mar 11, 2010
I am creating an FTP server using VSFTP. It will be in the wild, initially at least only functioning as an FTP server. I have the iptables config from the previous box I set up 3-4 years ago. I have also got private/public key authentication running with SSH to eliminate brute force attacks.
Here is where is my specific question. On the old server I set up something that allowed my clients to log in using accounts that were not system accounts but would translate to a single system account that was limited to FTP. I remember setting up a passwd account that had username / password pairs that FTP used for authentication.
What app is this? Is it just part of VSFTP or maybe SELInux? I really want to utilize this.
View 2 Replies
View Related
May 16, 2009
I have a wordpress blogging server up and running and i've also got nagios monitoring the speed of webpage download etc.The thing is a couple of weeks ago nagios alerted me that the blog was returning pages really slow loading, when i went to the blog homepage for me also it was very slow. After about 30mins of http connections some finally loading and some not nagios stopped reporting issues, but thats not the end of the story, the graphing of speed i've got set-up on nagios shows quite clearly that ever since that big slow down the pages take avg of extra 2-3 seconds to load. However nothing drastic has changed and the datasize of the page hasn't really changed at all (also monitored).
During that weird period I carried out checks on the server itself like top, free -m, netstat (looking for maybe DOS attack number of connections), looked at mysql see if that was running slow and what processes it was running, checked on number of http processes see if they had ramped up, checked on php and web server errors see if they had increased some what as well. None of these things turned up anything noticeable to be causing such slow blog response.Now its still that average amount high and i'm lost at why this could be? Its niggling at me that something may have got in but i've taken several security steps to try and lock down the wordpress install etc.
View 5 Replies
View Related
Jul 20, 2011
I have an Ubuntu Lucid server that is public facing. I haven't really configured much on it except installing SSH (sshd) and Apache (httpd); I don't have a firewall or anything. Are there some common rules that I should follow to secure my system? I've been following this article on securing my Apache.
View 1 Replies
View Related
May 21, 2011
iam working on mail server in redhat centos. i want to know how to secure my mail server for heavy loading , any monitoring tools in GUI or console , is any essential tool which is used in Like MNC for mail server..
i know few command in like top,netstat,etc through google but i willing to know some more
View 8 Replies
View Related
Jun 19, 2011
I host a number of sites and recently migrated to a new server (both old and new are running Ubuntu 10.04 [I only upgrade my web server when there is a new LTS release]). After the migration, Wordpress is asking for ftp credentials to update plugins, which it never used to do. I'm certain this is user/group/permissions related, but because of the new setup, I'm not sure what these should be set to.
On the previous server, each site was a subdirectory of /var/www/ and everything was owned by www-data. This wasn't the best setup, since it meant my users didn't have direct access to their own sites. In the new setup, each page I host is in /home/username/www/. Consequently, all the files are owned by 'username'.
My guess is that Wordpress' request for ftp credentials stems from a conflict between the apache2 user and the usernames that own the sites. Is this accurate? If so, how do I rectify this?
View 4 Replies
View Related
Jan 19, 2011
I'm running an SFPT server which my clients logon to using an FTP client. at the moment each client has a user name and password.
Thus far to improve security I've disabled root login but an looking for futrhrt ways to protect it from attack, having researched using google some of the security features suggested prevent the FPT clients from connecting.
Questions:
1- what further things can i do to secure my server that still allows it to be usable for FTP clients?
2- specifically is it possible to use non login pre-share key authentication?
How i set up the server is shown here: [url]
View 3 Replies
View Related
Apr 15, 2011
What are the steps to and Procedure to follow for securing Linux Server???
View 3 Replies
View Related
Mar 9, 2011
I have question regarding setting permissions on wp-content/uploads... in wordpres. I read a tutorial where they want you to set permissions: chown -R julie.julie uploads/ chmod -R 777 uploads/ 777 makes it rwx for others as well. It's not secure! It works but is temporary fix. How I can make sure that the user julie (wordpress) will be able to write to it but anybody else wont.
View 3 Replies
View Related
Mar 5, 2010
i have been using kloxo with apache for my websites and it's on a high load, i have to change with lighttpd and i don't know how to make wordpress use permalinks, i tried to install mod magnet but it wasn't in centos.
View 1 Replies
View Related
Feb 7, 2011
I have a web server with LAMP and wordpress on it. I'm going to administer wordpress from a different host on the same LAN as the server (the server doesn't have X and desktop software on it). When you build a site, with wordpress, from a separate admin host what exactly is happening?. Do browser requests from the admin host go to the web server, then out to the Internet, then back to the web server, then the results get displayed back to the browser on the admin host?. Or does it work differently?. Will such a set up work automatically after the installation and basic configuration of LAMP and wordpress on the web server?.
View 3 Replies
View Related
Apr 1, 2010
I have to deploy a server to some customers that should not be given access to the server itself. I know that nothing is 100% secure but I've searched without finding a decent answer (maybe I googled for the wrong terms ?)I need some advice about encrypted filesystem. * The server must boot without asking for a passphrase (the server will be in a restricted access area so typing a password could take a while). I can't store the password for luks in an unencrypted file so it seems a loop to me. The only way out I can see is to store the passphrase in the boot binaries (better than nothing...) but this results in more work for me.* possibly the customer should not be able to move the hard disks to another pc, i.e. reading the passphrase from some unique hardware ID. This is risky but I could add a master passphrase to be used in case of hardware replacement
View 3 Replies
View Related
Jun 9, 2011
We want to set up a Linux server (hosting Git or later SVN repositories) which should have all stored data strongly encrypted, so that if one steals the server the data cannot be read. For example, our notebooks have all important data stored on a "true-crypted" partition.
We plan to access it with SSH private keys and only after successful login should the data be readable. The server would be located in our office, shut down at night and not be connected to the Internet directly, but only accessible in our intranet.
View 1 Replies
View Related
Feb 9, 2011
I've recently started setting up a new wordpress install on a new dedicated server. The system is installed on a linux debian 5 setup and running on apache.Having only ever run shared hosting before this setup is a much bigger leap than expected, but after a couple of weeks doing bits here and there I've finally got the setup running, and all appears ok.My issue is as follows:On the server the default owner of all the installed folders is "root"In order to allow media uploads, plugin installs and upgrades and wordpress auto-upgrades I've had to Chown the owner of the entire wordpress directory to the server as follows:Chown -R www-data:www-data /usr/share/wordpress/
Can anyone tell me if this is actually secure? (clearly if the server is compromised the folder would be writeable!) If not would I be better changing the owner back to root (or even creating a new user for the wordpress folder?), then chown just the uploads, theme, and blogs.dir folders to allow media uploads, upgrades, etc from with the wordpress, and then only chown the entire wordpress install when upgrading or installing new plugins, themes, etc.?Just a bit lost when it comes to the ownership of these folders as changing these ownerships is the only way i can get the system functioning 'correctly'
View 9 Replies
View Related
Feb 9, 2011
Everything looks like the same, port 110 is also open and accessible, the posting account got email, but never showed up in WordPress, why?
View 2 Replies
View Related
Apr 19, 2010
To automatically upgrade i need to connect to a FTP server. Now do i have to allow wordpress access via apache to the machine it is on or do i have to create a ftp server on another machine with the files on it?
View 2 Replies
View Related
Jul 23, 2009
I want to give a 404 error when the index.html file is requested, i already know how to do this in php, but i cant seem to locate any information about how to do it in htaccess. I thought about just redirecting index.html to a page that dose not exist, but i would like to do it correctly from the start.
View 2 Replies
View Related
Feb 27, 2011
I have created a sub directory on my box on a website for my company. It is a page that has links to my tools I want to use when I do service calls. Links that connect to my servers webmin etc. Of course I don't want them found by webcrawling bots. I have created a .htpasswd file using htpasswd -c /location/to/file/.htpasswd.
This file is located outside the web. Just under the public_html folder. Then I went to the sub directory I want to protect and added a text file named .htaccess. It contains:
/home/sites/www.domain.net/tech/
AuthType Basic
AuthName "Some long name"
AuthUserFile /home/sites/www.domain.net/.htpasswd
Require valid-user
ErrorDocument errornumber /home/sites/errorpages/403.html
I also opened the httpd.conf and changed AllowedOverride to All
The error document doesn't work either.
I then restarted the httpd service. I try to access the site and it lets me right in without asking for a password. It is apache 2xxx on Centos 4.5. Webmin under Apache confifirms all this.
View 12 Replies
View Related
Nov 25, 2010
I want to use rewite module to change my site url from site/index.php to site/cat/ for example I have created .htaccess file in the directory where the file is and add to it:
Code:
RewriteEngine on
Rwerite ^cat$ /site/index.php
Here site is not my site, it just in example. I have rewrite.load in the loading list of modules and I can see it loads in phpinfo(). AllowOverride is set to All for the current site, but no redirect is made on site/cat
View 2 Replies
View Related
Dec 4, 2010
I create and edit .htaccess file under /var/www/html/ directory, everything goes well as expected.
The corresponding snippet of /etc/httpd/conf/httpd.conf:
AccessFileName .htaccess
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerName www.abc.com
<Directory /var/www/html/>
AllowOverride AuthConfig
[Code]...
View 5 Replies
View Related
Feb 22, 2011
I have searched high and low both on this website and the big G and nothing.I have a VPS with fresh CentOS 5.5 install and can't seem to get the server to act on the htaccess file.
View 1 Replies
View Related
May 7, 2011
Main purpose of this LAMP server is testing development. I would like to get this server setup up almost exactly to a T how my real web hosting server is setup. I am running 11.04 and have installed LAMP. I also installed vsftpd. I went ahead and made a symlink from /home/user/public_html to /var/www/. I login from a Windows 7 computer via CuteFTP to my Ubuntu server. I can enter the public_html directory and can create folders but the default permissions for any folder created is 700. I have tried running chmod -R 755 /home/user/public_html but this does not work. Every file or folder created now currently will take a 700 permission.
How do I make it so anything that is uploaded into this folder will be at either 755 or 775? Also what is the best practice for utilizing the /var/www directory? Should I be using a symlink to link it to my user's home folder? I have read through so many posts with regards to adding users to a group and giving this group permission and this or that I'm so confused.
View 2 Replies
View Related
Jun 20, 2010
I have VPS installed with Debian, NGINX, mysql, php and wordpress. By default the template gives 1 wordpress install in the /var/www/ directory. However, now I want to add more domains with wordpress to that VPS. I created a directory called /home/public_html/domain1.com and linked it to the /var/www/ directory. then I created another directory called /home/public_html/domain2.com and uploaded wordpress there. What I did next was edit my /etc/nginx/nginx.conf file with the following code:
Code:
user www-data www-data;
worker_processes 4;
events {
[code].....
View 1 Replies
View Related
Sep 14, 2010
I'm trying to set up my web server (nginx) as a catchall virtual host, as per an example that can be seen here: [URL].. (It's the Wildcard Subdomains in a Parent Folder example). Now, here's my issue. I use Wordpress on the coburndomain.org domain. I have pretty URLs enabled, that make my Wordpress articles look like this:[URL].. At the moment, nginx is reporting 500 Errors, saying that index.php is not a directory. What I want to do is make a rewrite rule that allows me to use the above URL example with nginx.
I followed this tutorial to do so: [URl].. , but I'm not sure how to apply it to my setup. Here's my configuration files from Debian Squeeze with Nginx onboard:
[Code]...
View 1 Replies
View Related
Nov 7, 2010
My Pastebin for .HTACCESSIf you can offer any tips on improvements..but the main reason: I cannot get the bots to stop showing up.Esp the first one in the list.I need to block these two specifically
Code:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
&
[code]....
View 5 Replies
View Related
