Good day, im a freelance developer and quick question is how do i hide or disable a client from seeing wp content wp config files of WordPress, they supplied me with cPanel logins and have sensitive files i don't want touched or viewed. Thanks
First of all, very important to know you that WordPress Administrator can able to see the wp_content, wp_config files and so on (if you have no restriction from your host). Why not there are some plugins (ex: Wp File Manager) to direct access on this kind of files.
To prevent it you can change the role Administrator to Editor or you can restricted the file permission from server.
Thank you
Related
I have a security question. I gave the WordPress admin access to someone for a series of changes. Could he use the shell or any other way to infiltrate the server and access other hosts on server?
By default, any user that logs in with administrative permissions can access the WordPress plugin and theme editors, and change any theme or plugin file on your site in real-time.
– From https://wordpress.org/support/article/editing-files/
That, in theory, leaves your server open to arbitrary code execution. You might consider mitigating this default vulnerability by reviewing trellis's approach of locking down the root user, and bedrock's must-use-plugin-autoloader.
(It's very cool, you define your plugins in a composer.json file. Here's the magic sauce of that.)
"installer-paths": {
"web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin", "roots/wp-stage-switcher"],
"web/app/plugins/{$name}/": ["type:wordpress-plugin"],
"web/app/themes/{$name}/": ["type:wordpress-theme"]
},
That prevents "writing" new code to the theme/plugin folders outside the context of a theme deploy, and so elides the concern of WP admins writing whatever code they like.
(However, if you're assuming a malicious admin, you might be in need of social as much as technologica approaches.)
Short Answer:
No
Long Answer:
This kind of credentials can be used only from wordpress instance.
He can modify some lines of code by using a custom plugin but he cant go outside the theme folder.
Some plugin can modify the wp-config.php but no more.
By settings you can negate the GUI Plugin installation, so only the server administrator via FTP can install them.
In general, this credentials can modify only file of that wordpress installation because there are present on that Wordpress-DB
None can access via ftp/ssh because he needs user/password and IP of that server.
I am trying to setup Wordpress manually.
First, I created the database and user and connected them both with all privileges.
Next, I downloaded the Wordpress setup file and added the database name, username and password to the wp-config.php file and uploaded the Wordpress file to the file manager under public_html.
But when I visit my website, it's still not showing the setup wizard. I also tried manually entering the URL - www.example.com/wp-admin/install.php, but it redirects to me the same page (page image is below)
this the page i am getting instead of wordpress setup wizard
According to the screenshot, you haven't set up your Wix account to use your domain name. If you have, was this done recently? DNS propagation can take 24 - 48 hours.
If the domain name and server are connected, then you need to make sure all WP files are uploaded. You should have downloaded a zip file to your computer. Unzip the file, then FTP the entire folder inside your public_html folder.
Once that is done, then you can proceed with the installation.
The problem is, Wix has their own software and blog features. You will need to set up WP on a subdomain. You can learn how to set up a subdomain through Wix here and how to install the WP to a subdomain here.
The biggest problem, though, is Wix. You would be a lot better off getting stand alone hosting such as SiteGround, A2hosting, etc. If you are looking for cheap hosting, HostGator and Green Geeks are decent enough.
I have a website built on WordPress platform. Today, when I opened the website and when I clicked anywhere on the website, adult site pages are opening up continuously.
Can anyone please suggest what could be done to resolve the issue?
Your site is hacked by someone and some script injected in your WordPress installation or database which causing to load this video your website need to scan your website using plugin like SECURI You can get this on Securi.net
Here are some solutions that you can try(Remember to take a backup before using this)
Check and clean all your recently modified files
Contact your hosting provider if you are not using dedicated server.
If you have some inactive themes and plugins which you don't need more remove them.Hackers can hide script there.
-You can upload new word-press core files which you haven't customised.
Install fresh copy of themes and plugins if you not customised them.
Change your secret keys in your wp-config file.
Check users in your word-press and delete suspected ones.
Check permission of your installation directory .if not secure them make changes.
Change you WordPress password
If this all not works to solve problem let me i will look into it.
We have a linux based server through which we offer a hosting service. We have a problem with WordPress and other platforms. each wordpress site asks FTP accounts every time you install WordPress, themes, add ons or to try to upgrade it .
We need to get write access to the wordpress , joomla , drupal , etc. platforms automatically when its installed to customers server space via softaculus .
I have no experience of the hosting service, im just make websites, and I've tried to make the ftp accounts wp -config file, but it does not fix the other customer sites and when added to the wp -config file, it is not the best solution (Still asks for a password when install theme, add ons or update anything)
Sorry for bad english. can anyone help me to get this problem fixed?
We need write acces for: Joomla, Wordpress, Drupal, Magent ETC bases. We have c-panel acces for every customer and softaculus installer for wordpress etc platforms
When you get the error message, web server needs to get write access to the WordPress files. So you can add write access to the files, I think the problem will resolved.
If you couldn't add write access to the files, you would contact your hosting service center.
It's most likely the permissions problems here.
You need to be sure that your webserver can read all files and folders in the web root folder and you need to make every user the owner of each folder and files.
Using cPanel it should be done automatically when you create FTP user and providing it's home directory. If you have a mess with permissions already you may need to edit them manually. You can try to set 644 permission for all files and folders and then change owner to the actual user.
Look here for more information about file permissions on Linux, it should help.
Its been fixed, I set on apache write access different so its now working probably!
Link for details:
https://wordpress.org/support/topic/folder-permission-on-linux-ubuntu
I am trying to delete a specific URL for a website and cannot seem to locate the file in FTP. There is no public_html folder for the site when I FTP in. Does someone know where I might be able to access the pages?
Remove it via your WP admin login? Not via FTP?
By "URL" do you mean removing one of the webpages? Because you have to do that via your wordpress panel you can't do that by FTP (you can do it via the database tho I believe)
Wordpress is a cms system. You would need to log into the portal. http://yourdomainname.com/wp-admin. There is no actual pages. They are all theme files inside your wordpress theme folder. (httpdocs/wp-content/themes/your-theme-name/page.php. Though I don't think the url would be there.)