Archive

Articles taggués ‘Wordpress’

IPTABLES – better version for webserver like wordpress

20/02/2019 Aucun commentaire

IPTABLES for WordPress

Thanks to:
http://bencane.com/2012/09/17/iptables-linux-firewall-rules-for-a-basic-web-server/
http://www.linux.org/threads/base-iptables-rules-that-will-apply-to-virtually-any-web-server.10/ (used this script with modifications)

NOTES:

Here is a simple script that allows all outbound connections and the inbound connections coming back from those outbound connections (conntrack). Also port 80 and port 22 and port 443 are allowed in. A few more rules as well. Some rules are commented out for your use. Make sure you have an alternate connection because if you block yourself out of ssh, you might be out of luck (restarting the pc/server will clear the rules, unless you have a setting that says on boot read these iptables)

CLEAR ALL:

Clear all rules (this is good to keep handy, maybe save it as a script called iptables-clear-all.sh):

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
 
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Lire la suite…

Automating the Deployment of a Scalable WordPress Site

12/02/2019 Aucun commentaire

Introduction

In this guide we will create and deploy a scalable WordPress instance consisting of a MySQL database server, a GlusterFS distributed filesystem, Nginx web servers and an Nginx load balancer. By using user-data and droplet meta-data we will automate the deployment of our site. Finally we will provide a Ruby script which will automate this entire process and ease the creation of scalable WordPress sites. Through this tutorial you will learn about the power and flexibility of user-data and droplet meta-data in deploying services on DigitalOcean.

Step One – Planning our Deployment

The deployment we create in this tutorial will consist of a single MySQL database server, multiple GlusterFS servers in a cluster, multiple Nginx web servers and a single Nginx load balancer.

WordPress Deployment

Before we begin we should know:

  • What size droplet we will use for our MySQL server
  • How many GlusterFS nodes we will create
  • What size our GlusterFS nodes will be
  • How many web server nodes we will need
  • What size droplets we will use for our web servers
  • What size droplet we will use for our load balancer
  • The domain name we will use for our new site

We can add additional nodes or scale up the nodes we created if we need to later. Once we have decided on these details we can begin deploying our site.

Lire la suite…

How To Configure Secure Updates and Installations in WordPress on Ubuntu

12/02/2019 Aucun commentaire

Source: DigitalOcean – Justin Ellingwood

Introduction

WordPress is the most popular CMS (content management system) used on the internet today. While many people use it because it is powerful and simple, sometimes people make a trade-off for convenience at the expense of security.

This is the case in how you choose to assign directory ownership and permissions, and how you choose to perform upgrades. There are a variety of different methods to do this. We will choose what we consider a relatively secure way of upgrading and installing themes and plugins.

In this guide, we assume that you have gone through your initial server setup. You will also need to install a LAMP stack on your VPS.

We will also assume that you have installed WordPress on Ubuntu 12.04. You can follow our guide on how to install WordPress on Ubuntu 12.04 here.

Once you have the user and required software, you can start following this guide.

Set Up Secure Updates with SSH

If you do not have key-based updates and installations configured, you will get a prompt for connection information whenever you attempt to do either of these tasks.

It will ask you to provide FTP credentials, such as a hostname, FTP username, and FTP password:

ftp

FTP is an inherently insecure protocol, so we do not recommend you using it in most cases. We will be configuring our installation to use a secure alternative.

Changing Permissions

If you followed the guide on installing WordPress above, you will notice that you gave permission of the web directory to the Apache web user. This is a very quick way to get started, but can potentially be a security risk. In an ideal situation, you would separate the content owner from the web process. We will do this as part of our preparation for allowing SSH updates.

We will create a user called wp-user to own our WordPress installation.

sudo adduser wp-user

You will be asked a lot of question, including the password you want to set. We do not want to set a password, so press « ENTER » through all of the prompts, including the repeated password questions.

Next, change to the /var/www/html directory, where our WordPress files are being served.

cd /var/www/html

We will give our new user ownership over everything under this directory, changing it from the www-data Apache web user that we configured during installation.

sudo chown -R wp-user:wp-user /var/www/html

Lire la suite…

Categories: Logiciel Tags: , , ,

How To Optimize WordPress Performance With MySQL Replication On Ubuntu 14.04

11/02/2019 Aucun commentaire

Introduction

In this tutorial, we will teach you how to scale up your WordPress MySQL database server setup using master-slave database replication and the HyperDB plugin for WordPress. Adding more database servers to your environment in this manner allows your WordPress application to read from multiple database servers, increasing read performance.

MySQL replication reaps the most performance benefits for a system that processes frequent reads and infrequent writes, like most WordPress installations. By using a single-master with multiple-slave setup, you can add more slaves to scale your system, until you run out of network bandwidth or your master cannot handle the update load. If you wish, you can add more than one slaves by repeating the « slave » portions of the replication sections of this tutorial.

We are assuming that your setup includes two load balanced WordPress application servers that connect to a separate MySQL database server (see the prerequisites for a tutorial on how to set that up). It is not strictly necessary to have load balanced application servers to follow this tutorial, but your MySQL database server should be separate from your application servers.

Prerequisites

Before continuing with this tutorial, you should have completed two tutorials or have a similar environment:

After following those tutorials, to set up WordPress with two load balanced web application servers and a separate database server, you should have four VPSs. Because we will be dealing with several VPSs, for reference purposes, we will call your four existing VPSs the following:

  • haproxy-www: Your HAProxy server for layer 4 load balancing your WordPress web application servers. This is the entry point into your website
  • wordpress-1: Your first WordPress web application server
  • wordpress-2: Your second WordPress web application server
  • mysql-1: Your MySQL server for WordPress

That is, your environment should look something like this:

WordPress and Separate MySQL Database Server

In addition to your current environment, we will require one additional VPS during this tutorial. We will call it:

  • mysql-2: Your slave MySQL database server

Lire la suite…

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

11/01/2019 Comments off

Few days ago, my friend’s WordPress website went down. After investigation, I have figured out that it was receiving massive amount of posts requests to the xmlrpc.php file, which brings the apache and mysql to eat up all the system resources and the website crashed. Fortunately, I have figured out the way to mitigate this attack using Fail2Ban, which I’ll share in this post.

Install the Fail2Ban package using the following command:

apt-get install fail2ban iptables

1Make a local copy of jail.conf file for configuration change:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

2

Lire la suite…