Archive

Articles taggués ‘Wordpress’

How To Turn Off Post Revision In WordPress 2.6

04/02/2023 Comments off

One of the irritating feature for me in WordPress 2.6 is the post revision. I am the only author of my blog and hence this feature is useless to me.

Just in case you are wondering how post revision works, whenever a post is edited, a new row will be created in wp_posts table. Hence if your posts or pages got edited 10 times, you will have 10 new rows in wp_posts table.

In no time your wp_posts table will be filled up and the post ID will be huge.

To turn off this feature, add this following code to wp-config.php:

define('WP_POST_REVISIONS', false);

You can also delete all post revisions by running this query in phpMyAdmin:

DELETE a,b,c  
FROM wp_posts a  
LEFT JOIN wp_term_relationships b ON (a.ID = b.object_id)  
LEFT JOIN wp_postmeta c ON (a.ID = c.post_id)  
WHERE a.post_type = 'revision'  

Be sure to backup your database first before performing any queries in phpMyAdmin.

*UPDATE* Auto Saves does not create a revision of the post.

*UPDATE 2* Updated SQL query from Andrei Neculau as the previous query does not delete from wp_postmeta and wp_term_relationships tables.

*UPDATE 3* There is a proper way of cleaning up Post Revisions as mentioned by kitchin in Deleting Post Revisions: do NOT use the a,b,c JOIN code you see everywhere. I like his method more than the SQL query above.

Source: Lester Chan’s WordPress Plugins

Categories: Logiciel Tags:

Des requêtes SQL pour vous sauver la vie avec WordPress

03/02/2023 Comments off

sql wordpressVous avez changé votre blog WordPress de serveur et de domaine et là plus rien ne marche?

Vous voulez faire le ménage dans votre base de données ?

Et bien voici quelques exemples de requêtes SQL qui vous aiderons à faire tout ça rapidement et sans prise de tête.

Sauvegarde:

Avant de commencer la chose la plus importante à faire c’est de sauvegarder votre base de donnée.

Pour cela, plusieurs solutions s’offre à vous.

Soit vous utilisez directement une extensions WordPress tel que WP-DB-Backup ou WP-DBManager, ou alors vous pouvez le faire manuellement depuis l’interface de phpMyAdmin en suivant la procédure suivante:

  1. Connectez vous sur phpMyAdmin.
  2. Sélectionnez votre base WordPress.
  3. Cliquez sur « exporter » dans le menu en haut de la page.
  4. Sélectionnez les tables à sauvegarder.
  5. Sélectionnez SQL pour avoir un fichier de sortie en .sql.
  6. Cochez la case « Transmettre«
  7. Vous pouvez choisir un type de compression afin de réduire la taille de votre fichier.
  8. Cliquez sur « Exécuter » et le fichier devrait se télécharger.

phpmyadmin-export

Lire la suite…

Detect and Block WordPress Brute Force Login Attacks

26/01/2023 Aucun commentaire

detect and block wordpress brute forceIf you run a wordpress blog these days, you are likely to experience brute force attacks where nefarious individuals attempt to break in to your website by quickly a list of userids and passwords against your wp-login.php.  Here’s how I automated detection and blocking of WordPress brute force login attacks.

Detecting a WordPress Brute Force Attack

One can typically detect a wordpress brute force attack by parsing through your webserver’s access_log file.  The access_log file records all of the access requests that a web server handles.  A brute force attack typically will have frequent and numerous attempts to the wp-login.php file as shown below:

Example:  In the access_log file below, we detect a brute force login attack on our WordPress blog.  We detected it by noticing frequent and constant requests to the wp-login.php file.

31.192.210.159 - - [11/Sep/2014:02:01:43 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:44 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:45 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:47 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:49 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:50 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:51 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:52 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:54 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:55 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

Typically in an event like this, I lookup the IP address in the ARIN database as I showed in a previous article:  What Personal Information Can You Get From Your Web Server?  Frequently, I find that the address is from APAC or RIPE addresses.

Lire la suite…

WordPress Performance Tuning

17/01/2023 Comments off

wordpress performance tuning
WordPress is one of the most popular content publishing platform used by some of the very high traffic website. Beauty of the wordpress is in its simplicity. If you will setup your WordPress correctly then your website performance will be fantastic. In this article we will explore various aspect of the WordPress Performance Tuning. Before going further let me clear that why you need to optimize your WordPress website performance.

Why you should spend time on WordPress Performance Tuning ?

Performance tuning or Optimization is required due to following reason:

  1. If you will correctly optimize or tune your WordPress performance then your visitor experience will be better.
  2. Search engines are giving high preference to high speed website.  So your SEO will be improved.
  3. Sometime while doing your WordPress performance tuning you will analyzed and remove unwanted thing from your WordPress which reduce your server work. So your server will have less load.

Tool / Plugin / Stuff you need while WordPress Performance tuning

WordPress performance tuning does not mean to only changing some configuration of your WordPress. There are several area where you need to fine tune like apache(your webserver), Mysql etc. So before going further you need following tool/plugin

  1. Installation of plugin w3 total plugin.
  2. Firefox web browser with firebug tool.
  3. Google Page Speed Test  or GT Metrix.
  4. SSH connection to your server (only required if you want to tune Apache and MySQL performance).
  5. A good Internet speed.

Before going further for your WordPress Performance Tuning please arrange above written tool.

Analyze your WordPress Performance

Before going to optimize your WordPress Performance you need to analyze that whether your website performance is good or bad. Or in other word we can say that you need to check whether your website is served quickly or not. Following are the factor which mainly affect your website performance and you need to check.

  1. Time taken to load your web page
  2. Number of CSS, js and Images are getting downloaded on every request
  3. CSS and JS are placed correctly or not.

You can check your website performance in either Google Page Speed or Gtmetrix. I prefer to use Gtmetrix. Both tool will gives rating to your website Speed and suggestion to improve your website performance further. Gtmetrix will also provide you the timeline waterfall(what is repose time of your website and how many images, css , js or other resources are getting downloaded) of your website. I prefer Gtmetrix because of TimeLine waterfall feature.
You will get following type snapshot for your website in Gtmetrix
WordPress Performance Tuning

In above snapshot you can see the following 4 tab

  1. Page Speed : In this tab you can find your website performance analysis with GooglePageSpeed.
  2. YSlow : In this tab you can find your website performance analysis with YSlow.
  3. TimeLine : In this tab you can find your website page load water fall.
  4. History: In this tab you can find previous history of your website page speed test if you did the test in in future.

Lire la suite…

Categories: Logiciel Tags: ,

IPTABLES – better version for webserver like wordpress

13/01/2023 Comments off

IPTABLES for WordPress

Thanks to:
http://bencane.com/2012/09/17/iptables-linux-firewall-rules-for-a-basic-web-server/
http://www.linux.org/threads/base-iptables-rules-that-will-apply-to-virtually-any-web-server.10/ (used this script with modifications)

NOTES:

Here is a simple script that allows all outbound connections and the inbound connections coming back from those outbound connections (conntrack). Also port 80 and port 22 and port 443 are allowed in. A few more rules as well. Some rules are commented out for your use. Make sure you have an alternate connection because if you block yourself out of ssh, you might be out of luck (restarting the pc/server will clear the rules, unless you have a setting that says on boot read these iptables)

CLEAR ALL:

Clear all rules (this is good to keep handy, maybe save it as a script called iptables-clear-all.sh):

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
 
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Lire la suite…