Can WordPress Multisite work like a regular site? - wordpress

I'm helping someone that has no technical experiences with their WordPress site, and I realized he may have accidentally set it up as a multisite.
My question is if I don't want to go through all the trouble of changing the site back to a regular WordPress site, can I just treat and use the site as a regular WordPress site? Or will there be any technical difficulties later on?
(the site just displays some content and can put items in shopping cart to buy them)
And since it's a multisite and I only have admin power and not super admin, to install plugins I would have to either ask for access to the super admin account or have the person install the plugins for me, right?
Lastly, how would I access and change the wp-content/ files to customize (css/html/js) the templates myself? Do I just download Filezilla to grab the files and change them and upload them back? Or is there a better way to do this?
And would I need super admin power to do this and what additional information do I need to set up the Filezilla besides the site url, my admin account and password?
Sorry for so many questions on here, please let me know if you need any additional information.
Thanks!

he may have accidentally set it up as a multisite.
This sounds weird. Setting up a multisite is not something you do accidently.
I would suggest you ask access through ftp (FileZilla should do, and you do not need to be super admin). To see if it's multisite or not, you can look at the .htaccess file or wp-config.php. If you really do not need the multisite, it's best to revert back to a single install.
Now, to answer your questions,
can I just treat and use the site as a regular WordPress site?
No, you can't, especially not if you are not network admin. You need this to upgrade WP, plugins and the theme. Keeping the installation up-to-date is crucial for security.
to install plugins I would have to either ask for access to the super
admin account or have the person install the plugins for me, right?
Being able to install and update plugins from within the WordPress Admin is convenient. Technically, however, you can also do so through FTP: simply add the plugins to /wp-content/plugins/ and the themes to /wp-content/themes/. You can then activate these on the site.
how would I access and change the wp-content/ files to customize
(css/html/js) the templates myself?
FileZilla indeed. If you have access to the network you can edit these in the WP admin too, but I personally prefer to do so with an editor like Notepad++.
what additional information do I need to set up the Filezilla besides
the site url, my admin account and password?
You can't use your WordPress password for this, you need to have FTP access, and even better sFTP (encrypted). This is something the host should provide. Perhaps these tutorials may be helpful.
GL with it!

Related

My wordpress website being hacked with code eval($_SERVER['HTTP_81DB2B3']

I have a problem with my website, I get information from wordfence about my WordPress website getting hacked
enter image description here add found a code eval($_SERVER['HTTP_81DB2B3'] so i removed it but in a few second the code going back. someone, please help me
I had something very similar to this. Go to your cPanel and search for "Cron Jobs" and scroll down to see if there's any malicious cronjobs setup. You might have some that look like eval(gzinflate(base64_decode(.... that are essentially causing this to reoccur. Not a complete fix to this issue, but you'll have to delete those cronjobs to ensure that that line of code doesn't keep reappearing. In addition to that, you'll also need to make sure those cronjobs don't show up again. Use a plugin like Wordfence (suggested above as well) to look for malicious files and if it helps replace your home directory (except for wp-content and wp-config) with fresh files.
If your website got hacked then I guess more than 1 file was affected by it,
case-1: If you are able to access the Wordpress Backend In this case, if you are able to access the Wordpress backend then I suggest you
Step-1: Add one plugin called (Wordfence Security – Firewall & Malware Scan
) and scan your website with it.
Step-2: After scanning the site remove all suspicious code from the site.
Case 2: If you are not able to access the Wordpress backend then you have to update your Wordpress manually with the hosting file manager or FTP.
Please Note: Please take a backup of your website before do any changes.

Would one-click installation delete previous website?

I am helping a friend build a simple Wordpress website, their current website is with a hosting and domain service called https://www.icuk.net/.
The website is very poorly built on this platform. I told them I'd make a website for free on WordPress as I have some experience with drag and drop WordPress website builders.
My question is, if I use the platform's one-click WordPress installation, does it automatically delete the website that was previously using the domain and hosting? If so, could anyone explain in layman's terms how I would go about backing it up, as it's always better to be safe than sorry.
I would be hesitant to do this, personally. I believe you can use the one click service to uninstall, at which point you can install WP again. A better option, however, if WP is already installed, would be to just change the theme, deactivate and delete any unwanted plugins, and then delete (or change to draft if you may want any of the content for your new development) any unwanted posts or pages. A current version of WP is a current version of WP, thus there is no reason to reinstall. Once you change the theme, remove the posts and pages, and remove the plugins, you are essentially back to a new install. Maybe do that instead?

How to exclude wordpress from magento root

I have a magento store running on name.pippo.com
Now I am considering to install wordpress for blogging.
Since I would like to integrate magento + wordpress as a fully integrate system (maybe with magento fishpig extension), i would like to knwo how to obtain same result but installing wordpress in a subfolder of my TLD, i.e. www.pippo.com/wp
can i Do that?
The main reason is to have both system separate and avoiding magento system backup to back up wordpress too. I would like to have magento on its own, in a thirdlevel domain keeping the magento installation as much clean as I can.
thank you very much, I hope i was clear. I appreciate any advise.
This is possible but it makes no sense and would take a bit of hacking together. This is one of those situations where if you have to ask how to do it, you probably won't be able to do it.
My advice would be to integrate WordPress normally and just have WP as part of your backup.
Keep WP as lean as possible, install few plugins and only have 1 theme installed. If you want to be really secure, limit access to your WP Admin by IP address and ensure all permissions are set restrictively.
Yes, you can made sub folder in your TLD and as you know the fishpig wordpress integration in this extension you can make a separate database for wordpress or you can merge wordpress database to magento database and you can take both backup separately.

Installing multiple different instances of wordpress on the same website

I currently have a website up and running that is my freelancing website. What I wanted to do was create a testing subdirectory on the website.
So for example my site would be:
website.com
I want the testing site to be: website.com/test
I need this test to be private and require a password to view, as well as be a different installation of wordpress so I can manipulate it without editing my main website. Is this possible? Currently I have created a test directory from the cPanel that requires a password but it just brings me to a 404 not found page.
I would also like to create more, public, instances that I can use as a portfolio until I get more real clients. So for example I would like to have my site be: website.com/themeOne
Is any of this possible, or am I out of luck? Please let me know I would greatly appreciate any help. Anything I found found online thus far has either not been relevant or has not worked.
You can achieve this by setting up a wordpress multisite installation. I currently use this to host all my clients.
Will work like this.. Main site is website.com
Depending on how long you have had that site set up will determine whether your multisite install will be a subdirectory or a subdomain. If you have had your main site for a while it will be subdomains. ie. xyz.website.com
You will have to set up a wild card subdomain on your server though...so keep that in mind.
Here is the documentation on setting up a wordpress multisite
https://premium.wpmudev.org/blog/ultimate-guide-multisite/
You can install as many WordPress instances as you like in subfolders example.com/test/ or subdomains test.example.com in one hosting account; see http://codex.wordpress.org/Installing_Multiple_Blogs. (You are, of course, limited if your host does not support subdomains. And you may find lots of sites with lots of traffic will slow your whole hosting account.)
For these separate WordPress installs, you can use the same database; simply give each WordPress install a different database table prefix in wp-config.php. https://codex.wordpress.org/Editing_wp-config.php Or, give them all the installs a totally different databases, only limited by your hosting account.
To control access to a WordPress site, there is no need for access control in .htaccess or via Cpanel; use any one of a number of plugins that allow you to restrict access to anyone not logged into WordPress. See https://wordpress.org/plugins/search.php?type=term&q=password
And you can still control the user's role when they are logged into the site with one of those plugins, i.e. editor, administrator, etc., from within WordPress. That's because you want to give a client a Subscriber user level so they can simply login and view the site, rather than Administrator, who can see posts, plugins, etc. See https://codex.wordpress.org/Roles_and_Capabilities
There is no need for WordPress Multisite, unless you want to go that way: see https://codex.wordpress.org/Create_A_Network But be aware that MS requires more server and DNS configurations if you want to use Domain Mapping: https://wordpress.org/plugins/wordpress-mu-domain-mapping/

How to jail Wordpress directory inside Magento directory?

Goal: We have a Magento installation which contains a lot of sensitive data. We're looking to host a Wordpress installation.
Problem: Since we're installing third-party modules on Wordpress, we don't want any security issues in Wordpress to be able to compromise Magento.
I've spoken to a couple of my friends, and also had a think back to how it's been implemented in the past, but I wanted another opinion.
Since the wordpress directory will reside inside of the magento directory, would it be sufficient to chown the files inside of wordpress to a new user ("user-wp"), and then to chroot the user-wp user to the wordpress directory? Magento would then still have access to all of the Wordpress files, but not vice-versa.
Any other suggestions on how to go about implementing this would be more than appreciated! Somebody also suggested configuring a separate vhost.
Using a subdomain like blog.site.com would probably be the easiest way to set this up. All you would have to do is add a new VHost for the WordPress installation.
I don't think Chrooting would provide much security. You may also run into WordPress Plugin issues with such a configuration.
The setup is tricky. You would have to go and modify the PHP-fpm process pool and users it runs with. Then assign one pool to Magento and another to WordPress. Additionally you will also want to serve static assets & uploads from the Webserver itself.
And when you change this config you have to retest your Magento install to make sure things you didn't break anything accidentally.
Too much hassle, just use the subdomain. :)

Resources