I am currently working on a intranet with a CMS (Drupal or Wordpress). I have to authenticate the users via Active Directory Database (more precisely Server Radius). I don't want to import the data but just check if the login and password are correct in AD. I search if there were a module/plugin in Drupal or Wordpress but i'm very lost because i found LDAP plugins and not Server Radius....
What's the difference between the two ? and can i use those plugin ?
Thanks a lot !
I would suggest you to use WordPress and use Active Directory integration plugin. it is very easy to use and configure and best of all it works.
install WAMP and Wordpress. here is tutorial
enable php ldap extension (check the below given instruction).
install Active Directory integration plugin
fill up all required configuration detail. (such as domain controller, Base Dn and Account Suffix this filed must be filled)
test the connection.
login to WordPress standard login screen using AD user info.
instruction to enable ldap php extension using wamp.
*click on wamp icon on task-bar*
*click on php floder*
*click on php extension*
*select php_ldap e.g*
let me know if you stuck somewhere or if any of the above instruction don't make sense.
hope that help.
Related
I am new to wordpress and loged in to my cPanel account and getting the message.
After research I found that I have to upgrade to wordpress toolkit.
But, Wordpress toolkit is not showing anywhere on cPanel. I would login to Wordpress admin dashboard.
thelearningcenter.pk/wp-login.php
Any idea how to do that. I also change the wordpress admin password but still not able to login. Or my hosting company in charge to upgrade? Or I have to find myself?
Any suggestion or recommendation or step by step reference doc/links from you will be appreciated.
First, take a full backup on your hosting. Re-download Wordpress after backup. After accessing your server with FTP, upload the existing wp.config.php and wp-content directory into the newly downloaded wordpress. In this way, you can reload the core modules of Wordpress without damaging the content of your website.
Use the instant full backup you have to go back in case of any problem.
I hope it solves your problem.
From here we can read:
Though still available as an option, the WordPress Manager interface
is deprecated. Customers can now use WordPress Toolkit to install and
manage WordPress. The WordPress Manager interface (cPanel >> Home >>
Applications >> WordPress Manager) allows you to install and manage
new or existing WordPress® sites within your cPanel interface.
In the order, I would:
check if you can install the WordPress Toolkit from the WHM Marketplace
if you have SSH access, install it using the manual way
If it's not installed, and you cannot install it, because no Marketplace or manual installation is possible: contact your host.
If you installed yourself Cpanel on your server, then you should have required access to upgrade it or its dependencies.
I have a security question. I gave the WordPress admin access to someone for a series of changes. Could he use the shell or any other way to infiltrate the server and access other hosts on server?
By default, any user that logs in with administrative permissions can access the WordPress plugin and theme editors, and change any theme or plugin file on your site in real-time.
– From https://wordpress.org/support/article/editing-files/
That, in theory, leaves your server open to arbitrary code execution. You might consider mitigating this default vulnerability by reviewing trellis's approach of locking down the root user, and bedrock's must-use-plugin-autoloader.
(It's very cool, you define your plugins in a composer.json file. Here's the magic sauce of that.)
"installer-paths": {
"web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin", "roots/wp-stage-switcher"],
"web/app/plugins/{$name}/": ["type:wordpress-plugin"],
"web/app/themes/{$name}/": ["type:wordpress-theme"]
},
That prevents "writing" new code to the theme/plugin folders outside the context of a theme deploy, and so elides the concern of WP admins writing whatever code they like.
(However, if you're assuming a malicious admin, you might be in need of social as much as technologica approaches.)
Short Answer:
No
Long Answer:
This kind of credentials can be used only from wordpress instance.
He can modify some lines of code by using a custom plugin but he cant go outside the theme folder.
Some plugin can modify the wp-config.php but no more.
By settings you can negate the GUI Plugin installation, so only the server administrator via FTP can install them.
In general, this credentials can modify only file of that wordpress installation because there are present on that Wordpress-DB
None can access via ftp/ssh because he needs user/password and IP of that server.
I am getting redirected to my website homepage when I login to the admin area in Wordpress or I get an error message saying 'Sorry, you are not allowed to access this page'
I just migrated my website from one host provider to another using the All in One WP migration plugin. I was able to access the admin area but once the backup, I am either being redirected to my homepage or getting the above error when I try to login. I have already tried to create a new user with admin privileges, modified the wp-config and htaccess files and even updating and changing the prefixes of the database. I have also tried disabling the plugin and theme files and none of them seem to work.
I just want to be able to login to the admin area of my WordPress site.
In such cases the steps I follow to resolve this case are:
Set .htaccess with only the default WordPress redirect rules, which you can check here.
Set the default TwentyNineteen theme as active. Since you do not have access to your admin dashboard you can perform this change by altering the "template" and "stylesheet" rows in your application database which both are located in the "_options" table.
The other option is via SSH. From the WordPress root directory you can execute the following command, which will change the currently active theme to TwentyNineteen:
wp theme activate twentynineteen
NOTE: No matter which option you choose the TwentyNineteen theme should be installed. If you have other WordPress default theme installed rather than TwentyNineteen, you can switch to it.
Deactivate all of the plugins. This can also be performed in two ways without access to the admin dashboard. The first option is to rename the wp-content/plugins folder to:
wp-content/plugins-backup
The other option is once again via the WP CLI tool with the next command:
wp plugin deactivate --all
Another NOTE: In order to use the WP CLI tool, please note that the same should be installed on the server. If you write the command and the terminal respond is:
-bash: wp: command not found
Or something similar ending with "command not found" this means that the tool in question is not installed. In this case you will be unable to use the WP CLI tool or you can ask your hosting provider to install this tool for you.
In my experience with this issue, after all of these changes are performed the access to the admin dashboard is restored. If the issue still persist even after the changes are applied, I would recommend you to contact your current host provider in order to understand if they have any custom Web Application Firewall (WAF) rules, default plugins/optimizations that could cause such issue.
We have a linux based server through which we offer a hosting service. We have a problem with WordPress and other platforms. each wordpress site asks FTP accounts every time you install WordPress, themes, add ons or to try to upgrade it .
We need to get write access to the wordpress , joomla , drupal , etc. platforms automatically when its installed to customers server space via softaculus .
I have no experience of the hosting service, im just make websites, and I've tried to make the ftp accounts wp -config file, but it does not fix the other customer sites and when added to the wp -config file, it is not the best solution (Still asks for a password when install theme, add ons or update anything)
Sorry for bad english. can anyone help me to get this problem fixed?
We need write acces for: Joomla, Wordpress, Drupal, Magent ETC bases. We have c-panel acces for every customer and softaculus installer for wordpress etc platforms
When you get the error message, web server needs to get write access to the WordPress files. So you can add write access to the files, I think the problem will resolved.
If you couldn't add write access to the files, you would contact your hosting service center.
It's most likely the permissions problems here.
You need to be sure that your webserver can read all files and folders in the web root folder and you need to make every user the owner of each folder and files.
Using cPanel it should be done automatically when you create FTP user and providing it's home directory. If you have a mess with permissions already you may need to edit them manually. You can try to set 644 permission for all files and folders and then change owner to the actual user.
Look here for more information about file permissions on Linux, it should help.
Its been fixed, I set on apache write access different so its now working probably!
Link for details:
https://wordpress.org/support/topic/folder-permission-on-linux-ubuntu
I am new to drupal and I have completed the installation process for commerce kickstart in my Ubuntu system. The thing is that when I am trying to access the admin page i get an error "403 access denied". I am using the predefined Username and password which is admin admin. I am using PHP 5.3.6. Can anyone help please?
Just to be a bit more clear, after the installation you will need to log in to the system. The login page is available at yoursiteurl/user or if you don't have the Clean URLs turned on, it will be on yoursiteurl/?q=user/login
If you don't have Clean URLs turned on, also admin pages will have to be accessed differently, ie. yoursiteurl/?q=admin
More about turning on Clean URLs in Drupal