So, I've got a Magento installation with Wordpress integration. I've got an install where I need to have SSL to cover payments, and unfortunately the Wordpress folder isn't secure and serving images through http. In order to get the green lock, I need to secure the entire wordpress folder.
I know in the backend of Magento, you can specify which folders belong to skin, media and js to secure, but how (if it is in the same parent directory) would I secure the wordpress folder?
yes you can secure your wordpress setup with extra wordpress plugin
use this link this is very good plugin to use with wordpress to get SSL certficate to all pages as well as in admin area.
Also there is one another alternative solution to make some change in code to use this useful link
http://yoast.com/wordpress-ssl-setup/
Pls not that i am not associate with any of the above link.A purpose to share this link to solve your problem.
hope this will sure help you.
Try to add that in your httpd-ssl.conf (one of your Apache config files)
Related
I am new to WordPress. I have a WordPress woocommerce application, which I want to copy to local server.
But all the links still point to the same server. E.g. when I login it takes me to live website as the action target is sth like : www.example.com/wp-login.php.
How to change all links to point to local servers so that I can develop locally.
I have done the same with WP CLONE Plugin.
https://wordpress.org/plugins/wp-clone-by-wp-academy/
Try this.
WordPress has absolute links inside its database, i.e. http://yoursite.org. To make site functional on another domain or localserver you have to change all links inside database. Any manual manipulation with database may corrupt it.
The robust way to move your site is usage of Duplicator plugin.
Easiest way is to use WP All in One plugin, you export whole wordpress and woocommerce, and only thing you need to change when you set it to localhost are permalinks
I'm helping someone that has no technical experiences with their WordPress site, and I realized he may have accidentally set it up as a multisite.
My question is if I don't want to go through all the trouble of changing the site back to a regular WordPress site, can I just treat and use the site as a regular WordPress site? Or will there be any technical difficulties later on?
(the site just displays some content and can put items in shopping cart to buy them)
And since it's a multisite and I only have admin power and not super admin, to install plugins I would have to either ask for access to the super admin account or have the person install the plugins for me, right?
Lastly, how would I access and change the wp-content/ files to customize (css/html/js) the templates myself? Do I just download Filezilla to grab the files and change them and upload them back? Or is there a better way to do this?
And would I need super admin power to do this and what additional information do I need to set up the Filezilla besides the site url, my admin account and password?
Sorry for so many questions on here, please let me know if you need any additional information.
Thanks!
he may have accidentally set it up as a multisite.
This sounds weird. Setting up a multisite is not something you do accidently.
I would suggest you ask access through ftp (FileZilla should do, and you do not need to be super admin). To see if it's multisite or not, you can look at the .htaccess file or wp-config.php. If you really do not need the multisite, it's best to revert back to a single install.
Now, to answer your questions,
can I just treat and use the site as a regular WordPress site?
No, you can't, especially not if you are not network admin. You need this to upgrade WP, plugins and the theme. Keeping the installation up-to-date is crucial for security.
to install plugins I would have to either ask for access to the super
admin account or have the person install the plugins for me, right?
Being able to install and update plugins from within the WordPress Admin is convenient. Technically, however, you can also do so through FTP: simply add the plugins to /wp-content/plugins/ and the themes to /wp-content/themes/. You can then activate these on the site.
how would I access and change the wp-content/ files to customize
(css/html/js) the templates myself?
FileZilla indeed. If you have access to the network you can edit these in the WP admin too, but I personally prefer to do so with an editor like Notepad++.
what additional information do I need to set up the Filezilla besides
the site url, my admin account and password?
You can't use your WordPress password for this, you need to have FTP access, and even better sFTP (encrypted). This is something the host should provide. Perhaps these tutorials may be helpful.
GL with it!
Goal: We have a Magento installation which contains a lot of sensitive data. We're looking to host a Wordpress installation.
Problem: Since we're installing third-party modules on Wordpress, we don't want any security issues in Wordpress to be able to compromise Magento.
I've spoken to a couple of my friends, and also had a think back to how it's been implemented in the past, but I wanted another opinion.
Since the wordpress directory will reside inside of the magento directory, would it be sufficient to chown the files inside of wordpress to a new user ("user-wp"), and then to chroot the user-wp user to the wordpress directory? Magento would then still have access to all of the Wordpress files, but not vice-versa.
Any other suggestions on how to go about implementing this would be more than appreciated! Somebody also suggested configuring a separate vhost.
Using a subdomain like blog.site.com would probably be the easiest way to set this up. All you would have to do is add a new VHost for the WordPress installation.
I don't think Chrooting would provide much security. You may also run into WordPress Plugin issues with such a configuration.
The setup is tricky. You would have to go and modify the PHP-fpm process pool and users it runs with. Then assign one pool to Magento and another to WordPress. Additionally you will also want to serve static assets & uploads from the Webserver itself.
And when you change this config you have to retest your Magento install to make sure things you didn't break anything accidentally.
Too much hassle, just use the subdomain. :)
I am using Word press that Hosted on Blue Host
after activate Jetpack and when click on "connect to wordpress.com" button, i see this error:
site_inaccessible
The Jetpack server was unable to communicate with your site [HTTP 404]. Ask your web host if they allow connections from WordPress.com. If you need further assistance, contact Jetpack Support: http://jetpack.me/support/
I had this issue because I have installed iThemes Security plug-in. To solve the problem :
Disable it.
Connect JetPack
Enable it and look what exactly in the config is making the problem.
Probably other security plug-ins/firewalls will have the same effect.
The jetpack plugin error in wordpress is due to the ModSecurity is enabled in the cpanel and xmrpc rule is not added in the .htaccess file.
First diable the mod securty for the domain from cpanel.
Log into cPanel
Under Security choose ModSecurity
Under Configure Individual Domains, Switch affected On or Off (For all domains, ModSecurity is On by default)
Add xmlrpc.php requests rule in .htaccess
<Files "xmlrpc.php">
Order Allow,Deny
Allow from all
</Files>
And check xmlrpc is working or not
http://example.com/xmlrpc.php
i deactivating all plugins and uninstall jetpack , after reinstall jetpack its work successfuly. thanks for all
In your case, a security plugin or your host may be blocking access to this file. As long as this is the case, you won't be able to use Jetpack, or any other app or plugin using the XML-RPC file.
### yourblog/wordpress/xmlrpc.php
Could you try to deactivate all security plugins, and if that doesn't help to contact your hosting provider and ask them if they block access top the URL above?
Thanks,
Rahul
I have tried all types of work around and none has solved, even this above. At least with me.
What I found was, comparing with other running websites I have this one, which is a new installation had a strange folder within the same folder installation.
A folder called ".didb", I never heard of it and there was several text files within. Searched online to see if was something important to have on server, nothing clear found.
So guess what I did. Deleted the sweet folder and boom. Is working perfectly well now.
Sorry, I don't have the names of the files and folders within, and to be honest, I don't want to know, all I want to know if is the website is working with the files I want which is WordPress only.
So, you may have a similar situation, take a look under your high level folder via FTP or whichever other way you may want to and that could save the day. ;-)
I have a wordpress website called http://mysite.com (example only), I want to have a link http://blog.mysite.com, how would I configure that one using only one wordpress install(same wordpress install on http://mysite.com) and of course the same database that the http://mysite.com uses. Should I just use a plugin or what?
If you want to use 1 wordpress install for two different sites try using http://wordpress.org/support/forum/multisite .
Otherwise, I would agree with the answer above and you would only need to setup a simple redirect in your hosting control panel.
Add a subdomain of a kind http://blog.mysite.com pointing to a location similar to http://mysite.com. In this way both the domains will point to the same wordpress installation.