Wordpress: Difference between revisions

From Psygen Wiki
Jump to navigation Jump to search
Created page with "== Default Wordpress .htaccess == <pre> # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FI..."
 
 
(9 intermediate revisions by the same user not shown)
Line 15: Line 15:


== Deny Access to WP login except for certain IP's ==
== Deny Access to WP login except for certain IP's ==
(add to the .htaccess for the site)


<pre>
<pre>
Line 31: Line 33:
</Files>
</Files>
</pre>
</pre>
== Update URLs ==
The site has changed servers, domain names, or whatever, and Wordpress still has a bunch of stuff that links to the old location, even after you've updated the URL's in the Dashboard. What do?
Install this plugin to update all the URL's:<br />
[https://wordpress.org/plugins/velvet-blues-update-urls/ Velvet Blues Update URL's plugin]
== Enable error log ==
1. At the end of wp-config.php, add:<br />
<code>define( 'WP_DEBUG', true );<br />
define( 'WP_DEBUG_LOG', true );<br />
define( 'WP_DEBUG_DISPLAY', false );</code>
2. Logs will be in: ./wp-content/debug.log
== Wordpress corn Jobs ==
Is Wordpress getting a lot of traffic and touching itself inappropriately? Follow the below to turn off Wordpress's built-in "cron" system, and use a real Linux cron job instead.
1. Disable WP Cron
In your wp-config.php file, add the following line:<br />
<code>define('DISABLE_WP_CRON', true);</code>
2. Setup the linux crontab
- su to the site owner<br />
- crontab -e<br />
- Add: <br />
<code>/15 * * * wget -q -O - http://yourdomain.com/wp-cron.php?doing_wp_cron</code>
== Disable xmlrpc ==
Add the following to the Apache pre-virthost include:
<pre>
# START XML RPC BLOCKING 
<Files xmlrpc.php>
Order Deny,Allow 
Deny from all 
allow from 127.0.0.1
#AUTOMATTIC jetpack etc
allow from 192.0.64.0/18
errordocument 401 default 
errordocument 403 default 
errordocument 404 default 
errordocument 411 default 
</Files> 
# FINISH XML RPC BLOCKING
</pre>
== Throttle Wordpress logins ==
(On Litespeed servers...)
Add the following to /etc/apache2/conf.d/includes/pre_main_global.conf
<code>
    <IfModule Litespeed>
    WordPressProtect throttle, 5
    </IfModule>
</code>
== References ==
<ol>
  <li>[https://tommcfarlin.com/wordpress-cron-jobs/ tommcfarlin - Wordpress cron jobs]</li>
  <li>[https://wordpress.org/download/release-archive/ https://wordpress.org/download/release-archive]</li>
  <li>[https://docs.litespeedtech.com/lsws/cp/cpanel/wp-protect/ https://docs.litespeedtech.com/lsws/cp/cpanel/wp-protect/]</li>
</ol>

Latest revision as of 18:33, 9 April 2024

Default Wordpress .htaccess

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress


Deny Access to WP login except for certain IP's

(add to the .htaccess for the site)

<Files "wp-login.php">
# set up rule order
order deny,allow
# default deny
deny from all
# Add IPs for access below:
allow from 10.20.4.0/22
allow from 192.168.5.20
# End of additional IPs
errordocument 401 default
errordocument 403 default
errordocument 404 default
</Files>


Update URLs

The site has changed servers, domain names, or whatever, and Wordpress still has a bunch of stuff that links to the old location, even after you've updated the URL's in the Dashboard. What do?

Install this plugin to update all the URL's:
Velvet Blues Update URL's plugin


Enable error log

1. At the end of wp-config.php, add:

define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );

2. Logs will be in: ./wp-content/debug.log

Wordpress corn Jobs

Is Wordpress getting a lot of traffic and touching itself inappropriately? Follow the below to turn off Wordpress's built-in "cron" system, and use a real Linux cron job instead.

1. Disable WP Cron

In your wp-config.php file, add the following line:
define('DISABLE_WP_CRON', true);

2. Setup the linux crontab

- su to the site owner
- crontab -e
- Add:
/15 * * * wget -q -O - http://yourdomain.com/wp-cron.php?doing_wp_cron


Disable xmlrpc

Add the following to the Apache pre-virthost include:

# START XML RPC BLOCKING  
<Files xmlrpc.php>
Order Deny,Allow  
Deny from all  
allow from 127.0.0.1
#AUTOMATTIC jetpack etc
allow from 192.0.64.0/18
errordocument 401 default  
errordocument 403 default  
errordocument 404 default  
errordocument 411 default  
</Files>  
# FINISH XML RPC BLOCKING

Throttle Wordpress logins

(On Litespeed servers...)

Add the following to /etc/apache2/conf.d/includes/pre_main_global.conf

   <IfModule Litespeed>
   WordPressProtect throttle, 5
   </IfModule>

References

  1. tommcfarlin - Wordpress cron jobs
  2. https://wordpress.org/download/release-archive
  3. https://docs.litespeedtech.com/lsws/cp/cpanel/wp-protect/