Top Nav

Archive | WordPress

Upgrade CURL

The Yoast SEO plugin in WordPress has started advising users to upgrade curl to the latest version. On CentoOS this can be done easily using the city-fan.org repo here:

http://www.city-fan.org/ftp/contrib/yum-repo/

For a CentOS 6 server, here are the steps:

 

 

0

404 On sitemap_index.xml With Yoast SEO After Site Migration

After moving and renaming a site, we were getting 404 errors for the sitemap generated by Yoast SEO at:

http://acme.com/sitemap_index.xml

After digging around it turned out the solution was to reset permalinks by going to:

Settings -> Permalinks

and clicking the Save button without making any changes.

0

How-to Mitigate Bittorrent DDOS Attacks

You’ll know that you’re getting hit with a Bittorrent attack when the server slows down and you see log entries referencing:

Here’s a good article about one sysadmin’s struggle with this type of attack:

http://blog.carlesmateo.com/2015/01/23/stopping-a-bittorrent-ddos-attack/

There are a number of possible strategies to mitigate this attack:

1. CloudFlare will block but it can take time to move DNS to CloudFlare and activate.

2. Create an announce.php file that returns an error like this:

This will use fewer resources then letting WordPress or other CMS return a 404.

3. Block in iptables with a rule like this:

Not sure how efficient this is on a high traffic web server.

4. Block in Apache config:

5. Block with fail2ban as described here:

http://shazbert.com/blog/2015/01/24/fail2ban-china-ddos-announce-bittorent/

Note that Plesk 12 has fail2ban built-in so this fix is easy to implement.

6. If traffic is limited to a range of IP addresses then block that range in any available firewall. For example we’ve defeated this attack in one case by blocking a class B range from China.

Other suggestions on blocking this type of attack are welcomed. Comment below and let us know if you’ve seen this attack and how you handled it.

0

Multiple Domains One WordPress

Let’s say you want to have more then one domain pointing to a WordPress site. Each domain should show the same content but you don’t want to redirect to the primary domain. This is a problem with WordPress because it tries to redirect to a single canonical domain. The solution is the “Any Hostname” plugin:

https://wordpress.org/plugins/any-hostname/

After installing the plugin, go to:

WordPress Admin -> Settings -> General

At the bottom of the screen you’ll find an “Any Hostname” section where you can add additional domain names to the site. So now you can have “www.acme.com” as the primary domain and one or more additional names like “www.acmeinc.com”. The website will be displayed on each domain as if it were the primary with no redirect.

0

Block wp-login.php On Single Site In WordPress Multisite

Take the case where you have a WordPress multi-site with many domains pointing to a single virtual host. When the site gets hit with a wp-login.php attack you want to password protect the wp-login.php script but just for the targeted site … not for every site in the multisite. ¬†Here’s the .htaccess rules to accomplish this:

We set an environment variable based on the Host header and then require login from requests with the matching environment variable.

0