I had installed two WordPress sites on same server (Ubuntu + Nginx +Mariadb + php-fpm).
/var/www/html
/var/www/html2
Now problem is that file manager plugin installed on one WordPress site can read and edit files of another site.
Example: Plugin of WordPress at /var/www/html and edit files of /var/www/html2
Is there any way to restrict access of file manager plugin of one WordPress to installation_folder of that WordPress only?
The only way to do this is to run several php-fpm pools with different users specified in www.conf, one user per site. And lock users in their respective folders: /var/www/html, /var/www/html2, etc.
WordPress plugin has those access rights which php has. Php has those access rights, which user has, under which name it is executed.
It is a common problem, not related to any certain plugin. Now php code by itself has access to all sites, and if one site will become infected, then virus will copy itself to all sites on the server.
Finally solved the problem. As KAGG Design suggested, creating separate php process for each site fixed it.
In case anybody face same problem in future:- https://www.digitalocean.com/community/tutorials/how-to-host-multiple-websites-securely-with-nginx-and-php-fpm-on-ubuntu-14-04
Related
I am trying to setup Wordpress manually.
First, I created the database and user and connected them both with all privileges.
Next, I downloaded the Wordpress setup file and added the database name, username and password to the wp-config.php file and uploaded the Wordpress file to the file manager under public_html.
But when I visit my website, it's still not showing the setup wizard. I also tried manually entering the URL - www.example.com/wp-admin/install.php, but it redirects to me the same page (page image is below)
this the page i am getting instead of wordpress setup wizard
According to the screenshot, you haven't set up your Wix account to use your domain name. If you have, was this done recently? DNS propagation can take 24 - 48 hours.
If the domain name and server are connected, then you need to make sure all WP files are uploaded. You should have downloaded a zip file to your computer. Unzip the file, then FTP the entire folder inside your public_html folder.
Once that is done, then you can proceed with the installation.
The problem is, Wix has their own software and blog features. You will need to set up WP on a subdomain. You can learn how to set up a subdomain through Wix here and how to install the WP to a subdomain here.
The biggest problem, though, is Wix. You would be a lot better off getting stand alone hosting such as SiteGround, A2hosting, etc. If you are looking for cheap hosting, HostGator and Green Geeks are decent enough.
We have a linux based server through which we offer a hosting service. We have a problem with WordPress and other platforms. each wordpress site asks FTP accounts every time you install WordPress, themes, add ons or to try to upgrade it .
We need to get write access to the wordpress , joomla , drupal , etc. platforms automatically when its installed to customers server space via softaculus .
I have no experience of the hosting service, im just make websites, and I've tried to make the ftp accounts wp -config file, but it does not fix the other customer sites and when added to the wp -config file, it is not the best solution (Still asks for a password when install theme, add ons or update anything)
Sorry for bad english. can anyone help me to get this problem fixed?
We need write acces for: Joomla, Wordpress, Drupal, Magent ETC bases. We have c-panel acces for every customer and softaculus installer for wordpress etc platforms
When you get the error message, web server needs to get write access to the WordPress files. So you can add write access to the files, I think the problem will resolved.
If you couldn't add write access to the files, you would contact your hosting service center.
It's most likely the permissions problems here.
You need to be sure that your webserver can read all files and folders in the web root folder and you need to make every user the owner of each folder and files.
Using cPanel it should be done automatically when you create FTP user and providing it's home directory. If you have a mess with permissions already you may need to edit them manually. You can try to set 644 permission for all files and folders and then change owner to the actual user.
Look here for more information about file permissions on Linux, it should help.
Its been fixed, I set on apache write access different so its now working probably!
Link for details:
https://wordpress.org/support/topic/folder-permission-on-linux-ubuntu
I installed a Wordpress website with the wordpress Docker image, and then installed my themes. All works well, but when I want to update Wordpress later on, I get this message:
To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host.
The Wordpress container is not running an FTP server on the web root. How could I solve this problem?
PS: I have my web root in a data container, shared among different containers.
PS2: I am planning on storing several Wordpress websites in the same host. Is there also a solution that is compatible with this?
The key is to make sure your web server is the owner of the directory WordPress is installed in (and its sub-directories). You're seeing an error because your web server doesn't have the proper privileges to write to your directories.
I recommend running a chown -R user:group /path/to/wordpress, substituting the user and group with your server's info.
Goal: We have a Magento installation which contains a lot of sensitive data. We're looking to host a Wordpress installation.
Problem: Since we're installing third-party modules on Wordpress, we don't want any security issues in Wordpress to be able to compromise Magento.
I've spoken to a couple of my friends, and also had a think back to how it's been implemented in the past, but I wanted another opinion.
Since the wordpress directory will reside inside of the magento directory, would it be sufficient to chown the files inside of wordpress to a new user ("user-wp"), and then to chroot the user-wp user to the wordpress directory? Magento would then still have access to all of the Wordpress files, but not vice-versa.
Any other suggestions on how to go about implementing this would be more than appreciated! Somebody also suggested configuring a separate vhost.
Using a subdomain like blog.site.com would probably be the easiest way to set this up. All you would have to do is add a new VHost for the WordPress installation.
I don't think Chrooting would provide much security. You may also run into WordPress Plugin issues with such a configuration.
The setup is tricky. You would have to go and modify the PHP-fpm process pool and users it runs with. Then assign one pool to Magento and another to WordPress. Additionally you will also want to serve static assets & uploads from the Webserver itself.
And when you change this config you have to retest your Magento install to make sure things you didn't break anything accidentally.
Too much hassle, just use the subdomain. :)
At the moment I have a WordPress installation in a subfolder of my current site (example.com/wordpress). How do I make it so that wordpress is accessible from a subdomain?
I.e. I would like wordpress to be accessible from this address: wordpress.example.com, and that all the links, posts and pages will still work flawlessly, e.g. wordpress.example.com/my-wp-post/
If it makes a difference which host one is with, I am asking specifically about 1&1.
Thank you
I am not a big fan of video tutorials, but I used this one to successfully set up a new subdomain and install wordpress.
Here is an overview of the process
Use cpanel to create the subdomain
Download the latest version of wordpress to your local drive
Upload to subdomain folder on your host
Extract the files, and move them into the subdomain folder
Use cpanel SQL Wizard to create a new data base
Make a note of the username, db name and db password
Copy wp-config-sample.php to wp-config.php in the subdomain folder
Edit wp-config.php to add the username, db name and db password
Open the URL "your-subdomain.your-domain.com/wp-admin/install.php"
Fill out the fields on the form and press "install wordpress"
After creating the a subdomain I use WP clone to create and install a backup of my live site into the new subdomain. The clone site allows me to verify updates before deploying them my public site.
Hopefully the OP has resolved this issue, but maybe this will be of use to others.
I think you have 2 options.
1) Manually:
Copy your wordpress install from the subfolder of your main domain to the subdomain's folder. Using a database editing tool (of your choice) go into the wp_options table and change the option_value of the option_name 'siteurl' and 'home'.
You might have a few other options that will need editing, but they are more often than not plugin specific.
2) A little better:
Create a new wordpress install in your subdomain. Copy your plugins, themes and uploads into it. Then, install the plugin wp-migrate-db-pro from https://deliciousbrains.com/wp-migrate-db-pro/ Use this plugin to copy the database from the subfolder install to the subdomain install. This plugin will globally search and replace the URLs and Folders for you.
I've been using this plugin for a while...and it saves me hours and hours of work.
Purchase your unique URL or subdomain or wherever you want the wordpress to live from your host provider.
wordpress.example.com
coolurl.cooltimes.com
upload Wordpress to that root. /
Or define a custom folder for it;
wordpress.example.com/partywp/
NOTE: If your looking for the free (no hosting required - though less custom website friendly) wordpress with similar URL, please use wordpress.com version and you don't need to do anything.
http://wordpress.com/ is different from http://wordpress.org/
Wordpress.com is like google blogger and you simply create an account and they give you a URL - and free blogging area with small templates. You can transfer your free wordpress.com to custom wordpress.org -- if you would like to use wordpress hosting naming convention, consult wordpress.
Added:
If you are changing the location from your original install; to a different path or location. You should then uninstall the Wordpress that is elsewhere or previous, and reinstall at where you want it to currently live to avoid any wholes or errors, etc.
So, if now it must be at: wordpress.example.com -- work with your host provider (hopefully not godaddy) locate the root to this domain, and reinstall with a fresh latest version and you should be OK. If you have further DNS issues, please try to describe your question more clearly.