Archive

Articles taggués ‘Wordpress’

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

10/09/2020 Comments off

Few days ago, my friend’s WordPress website went down. After investigation, I have figured out that it was receiving massive amount of posts requests to the xmlrpc.php file, which brings the apache and mysql to eat up all the system resources and the website crashed. Fortunately, I have figured out the way to mitigate this attack using Fail2Ban, which I’ll share in this post.

Install the Fail2Ban package using the following command:

apt-get install fail2ban iptables

1Make a local copy of jail.conf file for configuration change:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

2

Lire la suite…

URL rewriting, Apache 2.4 et WordPress: pour ne pas y passer deux heures…

30/08/2020 Comments off

Le URL rewriting (permaliens) sous WordPress nécessite pour la version 2.4 de Apache des paramètres différents de ceux utilisés pour Apache 2.2.

La configuration des fichiers:

  • monsite.com.conf
  • .htaccess

de votre site Wordpress est spécifique lors du passage à Apache 2.4.

Si vous choisissez /%year%/%monthnum%/%postname%/, il faut préciser le chemin complet dans la configuration du site (monsite.com.conf):

En effet, il faut activer:

 <Directory /var/www/dbsysnet/>
 Require all granted
 Options -Indexes
 AllowOverride All
 </Directory>

en n’oubliant surtout pas Require all granted et surtout le “/” à la fin du chemin vers le dossier racine.

Sinon tous les permaliens amèneront à une page “Not found” et même pas celle que vous avez défini pour les erreurs 404 dans votre .htaccess.

Voilà. Ça m’a pris plus de deux heures (si Julien n’avait pas été là, on aurait retrouvé mon cadavre au bout d’une branche…).

 

Protect WordPress sites with .htaccess

26/07/2020 Comments off

Plug-ins

Our job as WordPress users (aside from contributing to the WordPress community) is keeping our installs safe from people we do not want to access our sites. There are numerous plug-ins to help shore up our WordPress defenses such as Login LockDown which records IP address and blocks them after a set number of login attempts which helps against brute force attacks. Lire la suite…

WordPress: Se protéger des spams sur les commentaires via un fichier .htaccess

21/07/2020 Comments off
Si vous autorisez vos visiteurs à poster des commentaires sur les articles de votre blog, vous avez certainement fait face aux robots spammeurs.Pour aider Askimet à lutter et réduire les attaques des spammeurs, il existe une astuce qui consiste à bloquer l’accès au fichier wp-comments-post.php qui permet de traiter la soumission des commentaires. Le code qui suit est à placer dans un fichier .htaccess à la racine de votre site Internet.

## ******** Pour se protéger contre des commentaires de Spam **********
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !.*mon-site.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.mon-site.com [R=301,L]

Thumbnail Generation PHP Memory Limit NextGEN Gallery

28/05/2020 Comments off

Source: Visser Labs Blog

When uploading a set of admittedly large images using NextGEN Gallery to my WordPress site I exceeded my web hosts default memory usage allocation for PHP applications. The error was:

Follow thumbnails could not created. sample.jpg (Error : Exceed Memory limit. Require : 80.65 MByte)

This issue can be resolved by increasing the memory usage allocation at a per-plugin level for PHP applications that require more grunt than others. It’s quick and easy!

  1. Open an FTP connection to your root WordPress directory
  2. Open /wp-content/plugins/nextgen-gallery/lib/gd.thumbnail.inc.php with your favourite text editor (e.g. UltraEdit, etc.)
  3. On line #168 un-comment (remove the //) from before @ini_set('memory_limit', '128M');
  4. Save and upload changes
  5. Delete image/s that failed to generate a thumbnail and re-upload using NextGEN Gallery’s standard Upload Images feature

If you find 128MB is too ‘conservative’ this can be increased again to any figure of your liking, I find 128MB appropriate for most commercial and personal usage but if you’re a HD photographer then you’re going to hit this limit very quickly… that’s it!

 

Categories: Logiciel Tags: , ,