Tech-Today
I'm not really a system administrator and these steps are just based on my personal experience in securing our own wordpress websites.
Lately there has been a lot of attacks on wordpress sites (since it's a popular framework) specially on windows machine. So we decided to migrate on a linux machine. Obviously got a lot of attacks still, one of the nasty one is a DoS (denial of service), and here's how we handled it:
- Setup Mysql Database For Remote Access
Here are some useful guidelines in setting up a mysql server for remote access in Ubuntu. Install and configure mysql server. sudo apt-get update sudo apt-get install mysql-server mysql_secure_installation *Note in MySQL - it will ask to set the password...
- How To Setup A Subdomain In Your Nginx Server
Lately I've created a sub-domain for one of my website. I hope you follow this blog on how to setup your nginx wordpress site. In the same server where I host my maindomain.com, I've added a subdomain.maindomain.com. And here is how: I created...
- How To Migrate Your Godaddy Web Hosting To Digitalocean
Lately I've been reading some good articles about DigitalOcean as a cheap VPS option in online hosting and so I decided to try and subscribe to one. Since my wordpress website hosting is already expiring I decided to moved the hosting to DigitalOcean...
- Setup Wordpress In A Sub-domain In Godaddy's Windows Hosting
This configuration is for windows only. Configuration: For example you have domain anime.com that is powered by wordpress, you set up permalinks to use postname so post will be accessible at http://anime.com/postname. The problem is when you create a...
- Configure Custom Wordpress Permalink
The following guidelines will help us debug a custom wordpress permalink. Normally we want the URL to be customized, has sense for SEO purposes but wordpress by default use the jurassic id system (page_id=xxx). Fortunately wordpress already offer this...
Tech-Today
How to handle an xmlrcp wordpress attack on nginx server
I'm not really a system administrator and these steps are just based on my personal experience in securing our own wordpress websites.
Lately there has been a lot of attacks on wordpress sites (since it's a popular framework) specially on windows machine. So we decided to migrate on a linux machine. Obviously got a lot of attacks still, one of the nasty one is a DoS (denial of service), and here's how we handled it:
- Install akismet plugin.
- Install wordfence plugin - this one is really good.
- If you know how to type commands on linux, run tail -f /var/log/nginx/access.log. This will should the most frequent request together with its IP take note of it and under WordFence->Blocked IPs, add it.
- Install and configure ip tables.
- Block the ip in ip tables (INPUT section):
//add
sudo iptables -A INPUT -s [IP ADDRESS] -j DROP
//or insert as a first rule
sudo iptables -I INPUT 1 -s [IP ADDRESS] -j DROP
//check if configured correctly
sudo iptables -L --line-numbers
//to remove a rule
iptables -D INPUT [line-number] - Configure nginx.conf to block xmlrpc request (make sure that you are not using it). Normally you don't. Create nginx.conf in your webroot with the following contents:
# nginx configuration
Here's an htaccess to nginx converter, just in case you need: http://winginx.com/en/htaccess.
location /xmlrpc.php {
deny all;
} - Setup fail2ban. Google on how-to. Here's my favorite: https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04.
- Setup Mysql Database For Remote Access
Here are some useful guidelines in setting up a mysql server for remote access in Ubuntu. Install and configure mysql server. sudo apt-get update sudo apt-get install mysql-server mysql_secure_installation *Note in MySQL - it will ask to set the password...
- How To Setup A Subdomain In Your Nginx Server
Lately I've created a sub-domain for one of my website. I hope you follow this blog on how to setup your nginx wordpress site. In the same server where I host my maindomain.com, I've added a subdomain.maindomain.com. And here is how: I created...
- How To Migrate Your Godaddy Web Hosting To Digitalocean
Lately I've been reading some good articles about DigitalOcean as a cheap VPS option in online hosting and so I decided to try and subscribe to one. Since my wordpress website hosting is already expiring I decided to moved the hosting to DigitalOcean...
- Setup Wordpress In A Sub-domain In Godaddy's Windows Hosting
This configuration is for windows only. Configuration: For example you have domain anime.com that is powered by wordpress, you set up permalinks to use postname so post will be accessible at http://anime.com/postname. The problem is when you create a...
- Configure Custom Wordpress Permalink
The following guidelines will help us debug a custom wordpress permalink. Normally we want the URL to be customized, has sense for SEO purposes but wordpress by default use the jurassic id system (page_id=xxx). Fortunately wordpress already offer this...