Join the community today
Become a Member

Wordpress Differences between Wordpress regular install vs centmin.sh menu option 22 install

Discussion in 'Blogs & CMS usage' started by eva2000, Aug 18, 2018.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    54,045
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    11:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    In context of Wordpress caching for centmin.sh menu option 22 wordpress auto installer for Centmin Mod 123.09beta01 and newer, you have choice of 1 of 3 caching options automatically installed and configured and the following:
    1. Redis Nginx Level Caching for full page static html caching - centmin.sh menu option 22 will auto install redis if not detected if you choose this in centmin.sh menu option 22 setup. Otherwise, need to install redis yourself. Best combined with Autoptimize WP plugin
    2. KeyCDN Cache Enabler for full page static html caching (safest choice for balance of performance and reliability). Best combined with Autoptimize WP plugin + Autoptimize Gzip companion Wordpress plugin which is now automatically configured and installed when you choose KeyCDN Cache Enabler in latest 123.09beta01 version of centmin.sh menu option 22. Also configures Cache Enabler advanced caching which uses Nginx rules/config settings to bypass PHP usage for Nginx level caching and also automatically configures corresponding system level cronjob to clear the cache as advanced caching mode can't effectively use inbuilt admin panel set cache TTL purging which relies on PHP which is bypassed. Update July, 2020 - you can also try configuring Cache Enabler to cache Wordpress search requests too outlined here.
    3. WP Super Cache for full page static html caching. Best combined with Autoptimize WP plugin
    4. Tightened security with automatic rate limiting of wp-login.php, xmlrpc.php, wp-admin/load-scripts.php and wp-admin/load-styles.php. The latter 2 scripts are to workaround Wordpress DOS Attack Flaw Security CVE-2018-6389 which Wordpress refuse to fix on their end as they say the problem should be resolved at web server level which Centmin Mod Nginx has done via centmin.sh menu option 22
    5. Tightened security with inclusion of wpsecure include file for finer grain control over which Wordpress plugins you whitelist to operate on your wordpress install - see Wordpress - Wordpress 403 Permission Denied Errors
    6. Automatic randomisation of wordpress database prefix and database name and and database username and password.
    7. Automatic optimisation of wordpress database with additional indexing for performance/scaling.
    8. Automatic randomisation of Wordpress Admin userid within wordpress database instead of userid = 1
    9. Automatic install and activation of the following Wordpress plugins, Sucuri Security, disable XML RPC, and CDN Enabler (which you disable/remove if you don't need).
    10. Automatic creation and setup of system level cronjob for automatic Wordpress plugin updating every 8 hrs. The higher frequency of update/checks reduces the window of time a Wordpress plugin could be left vulnerable in terms of security updates needing an update. The /root/tools/wp_updater_yourdomain.com.sh auto generated cronjob scripts for each centmin.sh menu option 22 created Wordpress sites also optionally allow auto update of Wordpress core if you uncomment 4 lines within the cronjob script:
      Code (Text):
      #/usr/bin/wp core check-update --allow-root
      #/usr/bin/wp core update --allow-root
      #/usr/bin/wp core update-db --allow-root
      #/usr/bin/wp core update --allow-root
      
    11. Works well when paired with cache enabler caching option + Autoptimize Wordpress Plugin + Autoptimize Gzip companion Wordpress plugin
    12. September 2019 - added Google Native LazyLoad Wordpress plugin optional install support. A question prompt will ask if user wants to install this plugin.
    Centmin Mod 123.09beta01's centmin.sh menu option 22
    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 22
    --------------------------------------------------------
    


    Centmin Mod 123.09beta01 Wordpress installs via centmin.sh menu option 22 also install and activate Sucuri Wordpress Plugin which has a file integrity checker to report if Wordpress files have been modified. You can consult that in Wordpress Admin > Sucuri Security area for Dashboard as well as look at Wordpress login and failed login history.

    Example here reports file modified in the way of 9 additional files which are Centmin Mod default installed files when creating a new Nginx vhost site, so I would mark as fixed and these 9 files as I know they are safe. If they are files reported which you are not familiar with, inspect them to see if there's any malware/malicious code.

    [​IMG]

    After marking those known 9 Centmin Mod files, Sucuri Wordpress plugin's integrity monitor would list all correct status


    [​IMG]
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,045
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    11:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FYI, there's prep work for supporting PHP-FPM fastcgi_cache as Wordpress caching method too prep wordpress fastcgi_cache. So eventually, you will be able to select that as an option once I have done the testing for it.

    Code (Text):
    Default is to install KeyCDN WP Cache Enabler Plugin as it is more
    stable and reliable than WP Super Cache and Redis Cache.
    Redis cache may have issues with caching due to long 6hr cache TTL
    Fastcgi_cache (PHP-FPM) will have best performance
    You can select which caching method to use below:
    
    --------------------------------------------------------
           Wordpress Caching            
    --------------------------------------------------------
    1). KeyCDN Cache Enabler (default & recommended)
    2). Redis Nginx Level Caching (may have issues with some wp plugins)
    3). Wordpress Super Cache
    4). Fastcgi_cache (PHP-FPM)
    --------------------------------------------------------
    Enter option [ 1 - 4 ] 4
    


    Update: May 6, 2019. Latest tests for centmin.sh menu option 22 wordpress install with fastcgi_cache method + my Autoptimize Gzip companion plugin :) Seems the fastcgi_cache bug with 404 not found for preview wp posts is fixed from testing so far too :D You can see an example Centmin Mod centmin.sh option 22 wordpress install with PHP-FPM fastcgi_cache full page cache at https://servermanager.guide/

    :cool:

    fastcgi_cache cache related headers will only be configured to show for your own preconfigured whitelisted IP addresses i.e. your own ISP IP so normal visitors won't see the headers, but you will :)

    centminmod-centmin.sh-menu22-fastcgi_cache-wpadmin-autoptimize-010.png

    and Autoptimize Gzip companion plugin enables pre-compressed css/js versions of Autoptimize js/css optimised files :)
    Code (Text):
    ls -lah /home/nginx/domains/w7.domain.com/public/wp-content/cache/autoptimize/{css,js}
    /home/nginx/domains/w7.domain.com/public/wp-content/cache/autoptimize/css:
    total 512K
    drwxrws--- 2 nginx nginx 4.0K May  6 11:28 .
    drwxrws--- 4 nginx nginx   58 May  6 11:25 ..
    -rw-r--r-- 1 nginx nginx 2.7K May  6 11:28 autoptimize_bdfdc65c4a3d614fd24e8b557ea94b79.css
    -rw-r--r-- 1 nginx nginx  880 May  6 11:28 autoptimize_bdfdc65c4a3d614fd24e8b557ea94b79.css.gz
    -rw-r--r-- 1 nginx nginx 206K May  6 11:28 autoptimize_df99314d80be0a545ae6605f158a3739.css
    -rw-r--r-- 1 nginx nginx  29K May  6 11:28 autoptimize_df99314d80be0a545ae6605f158a3739.css.gz
    -rw-r--r-- 1 nginx nginx 1.1K May  6 11:28 autoptimize_snippet_5ca26d4ea597b0f25b8477a5e344c89b.css
    -rw-r--r-- 1 nginx nginx  442 May  6 11:28 autoptimize_snippet_5ca26d4ea597b0f25b8477a5e344c89b.css.gz
    -rw-r--r-- 1 nginx nginx  25K May  6 11:28 autoptimize_snippet_7a63f6bcae054a13315b6bf1d32dbcd4.css
    -rw-r--r-- 1 nginx nginx 4.2K May  6 11:28 autoptimize_snippet_7a63f6bcae054a13315b6bf1d32dbcd4.css.gz
    -rw-r--r-- 1 nginx nginx 2.7K May  6 11:28 autoptimize_snippet_aaa59a2522320aa1969d3dbd5b355bde.css
    -rw-r--r-- 1 nginx nginx  880 May  6 11:28 autoptimize_snippet_aaa59a2522320aa1969d3dbd5b355bde.css.gz
    -rw-r--r-- 1 nginx nginx 180K May  6 11:28 autoptimize_snippet_bbd1fd5ad6d89882489f27e0891262c8.css
    -rw-r--r-- 1 nginx nginx  24K May  6 11:28 autoptimize_snippet_bbd1fd5ad6d89882489f27e0891262c8.css.gz
    -rwxrwx--- 1 nginx nginx  189 May  6 10:58 index.html
    
    /home/nginx/domains/w7.domain.com/public/wp-content/cache/autoptimize/js:
    total 40K
    drwxrws--- 2 nginx nginx 4.0K May  6 11:28 .
    drwxrws--- 4 nginx nginx   58 May  6 11:25 ..
    -rw-r--r-- 1 nginx nginx 3.6K May  6 11:28 autoptimize_4d088b1288fe4c1c8cf034a6345672bd.js
    -rw-r--r-- 1 nginx nginx 1.7K May  6 11:28 autoptimize_4d088b1288fe4c1c8cf034a6345672bd.js.gz
    -rw-r--r-- 1 nginx nginx 1.4K May  6 11:28 autoptimize_a2dea89aa2e9c4e45d3c5e6a92c2ff4a.js
    -rw-r--r-- 1 nginx nginx  753 May  6 11:28 autoptimize_a2dea89aa2e9c4e45d3c5e6a92c2ff4a.js.gz
    -rw-r--r-- 1 nginx nginx 2.2K May  6 11:28 autoptimize_snippet_1d476ef0a02dea95add5d5e192d6c89a.js
    -rw-r--r-- 1 nginx nginx 1.1K May  6 11:28 autoptimize_snippet_1d476ef0a02dea95add5d5e192d6c89a.js.gz
    -rw-r--r-- 1 nginx nginx 1.4K May  6 11:28 autoptimize_snippet_2dce40d16f9ff6332d3cbb7ae488a2b9.js
    -rw-r--r-- 1 nginx nginx  753 May  6 11:28 autoptimize_snippet_2dce40d16f9ff6332d3cbb7ae488a2b9.js.gz
    -rwxrwx--- 1 nginx nginx  189 May  6 10:58 index.html
    

    centminmod-centmin.sh-menu22-fastcgi_cache-wpadmin-autoptimize-gzip-01.png
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,045
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    11:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Updated centmin.sh menu option 22 in 123.09beta01 so that wordpress installer can optionally generate QR Codes for wordpress login details, nginx pure-ftpd ftp login details and optionally for wp-login.php HTTP password protection login details so you can scan the QR Codes to get the info onto your mobile, laptop/desktop easily. QR Code generation is disabled by default unless you set QRCODE='y' in your persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 22.

    Examples below

    [​IMG]
    [​IMG]
    [​IMG]
     
Thread Status:
Not open for further replies.