My client has 1000 WordPress blogs hosted on a server for customers. Each one is in its own domain through cpanel and SuPHP, running in CGI mode on Apache2.2. Now he wants me (I'm the PHP programmer) to get WP-Cache loaded out on each of these blogs and not just activated, but enabled. He also wants the timeout value set to 2 days instead of the default setting.
I have root on LAMP.
What is the preferred way to roll out an update to each blog such that on a page view, it sees if WP-Cache is enabled or not. If not, it needs to copy it out from a central source, activate it, and then enable it along with the different timeout value being used.
A way, maybe not the best way, is to write a script to copy the wp-cache plugin to every wp-content/pulugins folder. Then run another script that will go and modify every DB entry for it enabling it.
If not done correctly this can be devastating as it hits customer db's.
However, one thing to note is wp-cache has a history of killing other plugins. So, if you go in and add this plugin to everyone's wordpress it might hurt there experience if it hurts another plugin they have installed thus increasing support costs as people might be emailing trying to figure out what broke.
I take it this is being done to work on performance issues. Is it possible to maybe do some type of server caching outside of wordpress?
edit: after reading Joes comment I concur with him. Didn't even cross my mind.
Related
When I visit first time on WordPress website, its open another website automatically on first click anywhere, I don't know why its showing this strong text
Of course, it is better to have more details. But if this happened without any actions from your side, I would agree with Michela - it could be some malware on your website.
If you don't know what's going on under the hood, it is hard to cleanup the website completely.
As a first action, I can recommend you to check if your hosting provider have any backups for the website. It is possible that you will be able to restore to the point when the website was clean.
To clean the website by yourself, you can use various Malware Scanner plugins, like Wordfence or other specific. They can check for changes inside Wordpress core or standard repositories + they can check for strange, vulnerable and malicious parts of code. But be careful - if you have some custom code, it is better to check it with the code author.
If you'll be able to cleanup the website, I will highly recommend to go harden the website security. Some classic recommendations may be found in the official documentation - https://wordpress.org/support/article/hardening-wordpress/.
I have been developing this website and we had to use Gravity Form plugin.
There was a time when it went very vulnerable and the website was attacked (a massive crash occurred to the site) ever since the website has never been normal every again. It is extremely slow to download sometimes there are some error messages 503 We have securely monitoring the website, have the wordpress and every plugin updated to the latest version or even delete the one without the recent updates but it seems not enough because if you access the website now you will feel that it's extremely slow.
Is there anybody who has experienced this kind of attacked? (especially, from when you got attacked via Gravity Form plugin)
I would really appreciate you answer.
Scott
As Ed Cottrell mentioned you must rebuild your site.
Make a backup of files and database
Write down which plugins you use
Delete everything (leave only wp-content/uploads)
Install clean WP - it will be best if you use the same version you used
Install all the plugins - the data is still in DB, so you won't have configure them again
If you bought a theme - just download it again and install it. If someone made it for you - check it for some strange eval or some js files you dont's know. When you are sure it's clean put it back on the server.
When everything is done, change user passwords and ftp password.
Use https://wordpress.org/plugins/gotmls/ - it will help to find some nasty code.
My apologies in advance if I am posting it in the wrong forum.
I have a WordPress site. Every couple of days, a new user is added as an "Administrator" as shown below
I have changed my password many times using complex passwords but to no use. I even searched on Google and have read links like this one.
I have also unchecked the option "Anyone can register"
However, I am unable to stop them from registering.
Fortunately, no malicious activity has been noticed (Ex: Deletions/Unwanted posts etc)
Please advise me on what I can do to stop these?
You clearly have a more serious compromise, like an uploaded malicious script or an unpatched vulnerability. You need to rebuild your site from scratch (clean install of the current versions of WP and any plugins and themes, using a known-good database export) ASAP before something really bad happens.
Unfortunately, it's impossible to say what happened without digging through your server. My guess is that somebody exploited a vulnerability and uploaded a script. It could be anything - an hole in the WP core, a plugin, or a theme; a malicious plugin or theme; a stolen password; a breach of another site on the same server; or a number of other things.
Regardless of what happened, the only safe fix is to rebuild the site. If you have data backups, you can achieve this in a few hours.
I strongly recommend installing the security plugin WordFence to help prevent similar problems in the future. (I have no affiliation with WordFence, but use it on a number of sites.)
Finally, you might want to read this discussion on security.stackexchange.com. The consensus in this situation is "nuke it from orbit." Good luck!
Someone is making a SQL injection in your site.
If you want to prevent this in future, you should do some things.
Rebuild your website from scratch.
Install some of the security plugins, like Bulletproof Security, Wordfence, iThemes Security. I suggest you to buy the license of Bulletproof, or use the free version + one of the others. And be careful for the equal settings.
The most common attack are with SQL Injection XSS, Plugin exploits and of course brute-forcing the admin pass. You should upgrade every plugin and Wordpress every time when you see a new version.
Use less plugins. They are one of the main reason for hacked websites. If you use Linux, Ican tell you how to scan your website for vulnerabilities. Or just tell me the url, and I will tell you the results.
Also change your /wp-admin path, there are a lot of bots who search the web and make bruteforce attacks.
Also is important to use different admin username from admin or Admin. And use strong passwords. It's a good practice when you make a new Wordpress installation, to do two more users. The first will be an Author and will post everything in the site, the second you should make with Administration role. After that delete the first admin user and start the new one.
Hackers knows that almost every time the user with id:1 is the admin, so they can try to access again. So in this case your admin will be with id:3, and again don't use username like admin and etc.
Best regards and wish you luck.
Kasmetski
Check index.php, wp-admin/index.php to see if they have been modified. Usually the following line of code is added to the top of the index.php file. A code starting with 'required' is usually added.
The file being ‘required’/’included’ here contains malicious code which is executed along with each run of WordPress. Such code can generate fake pharma pages, Japanese SEO spam pages and other malware infections.
Delete the #require code from the file after comparing it with the contents of the core WP files from it’s GitHub repository.
Check if there are any new files in the root of the server or /wp-admin folder that were not created by you. Some of the files that you may find are:
Marvins.php
db_.php
8c18ee
83965
admin.php
buddy.zip
dm.php
If you find any of the above suspicious files, take a backup and delete them.
Source: https://www.getastra.com/blog/911/fix-wordpress-admin-dashboard-wp-admin-hack/
Last Wednesday a variety of the WordPress sites I manage got hacked, they were infected with a Viagra link (malware is so original).
I noticed in the wp-includes directory a file called utils.php (wp-includes/js/tinymce/utils/utils.php), also an addition to my general-template.php for the get_footer function.
This hack seems to only affect Google search results for sites, not the site when directly viewed by entering the URL, i.e your cached site will show a malware infested mess and lose ranking, meanwhile you will wonder why due to the site looking fine when viewed.
My host (TSO Host) have cleaned up the sites, didn't even need to ask, but I have no idea how the infection got there in the first place.
So my question is, does anyone know how the breach happens and what I can do to prevent it, other than the usual security tips?
This happened to a site that I spent weeks cleaning up. I can give you a few pointers:
Go through the Wordpress core files (under wp-admin and wp-includes) and delete all files that you don't see in the default wordpress instillation. I've never seen a plugin create a file in one of those 2 directories. After this, it'd be a good idea to re-install Wordpress, just in case they changed any of the existing files.
After that, change your Wordpress/FTP/SSH passwords as they've likly been cracked. Install WP Better Security. It seems a little annoying at first, but you can monitor everything with it, change the login slug, remove version info hackers can use to find security holes, black-list known hackers, and so much more.
Finally, this last one will take some time. Google your theme and each one of your plugins, and see if Wordpress has stopped using them because they were a security vulnerability. You'd be surprised at how many plugins haves holes. Try to avoid really new plugins, and try to use the same plugin for as many different sites as you can. If you're hosting more than one site on the same server and one of the sites gets hacked, they're all hacked.
It sounds like a pain, and it is a little bit, but after you're done you'll feel so much better knowing that you're in control of everything. Trust me.
Not sure if this is the right place to ask, sorry if its not. I build a lot of Wordpress sites. My problem is, the number of them is getting big and harder to update them all when new releases come out.
I have written an app that will download the latest Wordpress release, and manually ftp the new files to all the clients, but this takes forever... need a new way.
I wanted to restructure this while I can or start a new process at least. Whats the best way to manage multiple Wordpress sites and keep them all updated? Some people have said 1 DB and modded config, others I have seen said to keep all installs separate and use plugins to automatically upgrade, but I don't know whats best to do. Ideas? Thanks :)
If these were all sites you managed on your own server, I'd recommend using a Multisite installation rather than separate instances of WordPress. This way you only have one set of themes, one set of plug-ins, and one copy of WordPress to maintain.
If these sites are on different servers (i.e. you're maintaining sites for clients remotely), I'd recommend you look in to a beta account with WP Remote. This is a service specifically built to allow you to remotely monitor and update multiple WordPress installations. It might be the best solution for you because it allows you to use the one-click update rather than manually downloading/FTP-ing the new files.
You can use this free self hosted app http://infinitewp.com
No limitation in number of sites being managed. You can update WP/plugin/themes, do backups, one click login to your WordPress admin panel.
EAMann is right, especially with the new Multi Site features in Wordpress 3.0, there is no better way to manage multiple sites under one umbrella. Being a developer myself, I know the pain of having to login to all those different accounts!
The way to set it up is create a "master domain name" that you will log into. Place this in your WP Config:
define('WP_ALLOW_MULTISITE', true);
Then login to your admin panel, navigate to TOOLS>Network.
After you've set everything up, copy/paste what it tells you to your HTAccess and WP Config file.
The next step, especially if you are putting clients on this network, is they will want their own domain name, not AIBot.com/theirname right? Thats where Domain Mapping comes in:
http://ottopress.com/2010/wordpress-3-0-multisite-domain-mapping-tutorial/
Check that out and good luck!
What you need is www.managewp.com it can do all of that for you plus a ton of other excellent features.