Want more timely Centmin Mod News Updates?
Become a Member

Beta Branch Preview: Wordpress + WP Super Cache installer - centmin.sh option 22

Discussion in 'Beta release code' started by eva2000, Apr 9, 2015.

  1. rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    2:15 AM
    Mainline
    10.2
    And it should be. :)
     
  2. rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    2:15 AM
    Mainline
    10.2
    Just tried but wp_uninstall script doesn't delete the database, is this intended?
     
  3. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    yup intended.. have to do that manually yourself

    just in case someone makes the mistake to uninstall :)
     
  4. girsnoopy

    girsnoopy New Member

    7
    1
    3
    Jun 16, 2015
    Ratings:
    +1
    Local Time:
    2:15 PM
    .08 beta3 - git 6-15-15
    default
    Hey eva2000,

    Firstly I have to say awesome awesome work. Centmin is such a great tool for so many people, great work! I just setup a new vm with git .08 beta 3 6-15-15, and after the wordpress install I am having issues getting logged in. I get past the first authentication but when presented with the wordpress login the credentials don't seem to want to work. I'm hoping its not user error :p, I have tried two different browsers to make sure no cached passwords were interfering. Not sure what logs might be beneficial other than the autogen-username has a / in it that might be causing problems with wordpress? Any ideas?
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    what was the auto generated password for wordpress ? you can try changing wordpress installs admin password using wpcli tool in SSH do the following

    change to wordpress install directory and run the wp change password command as outlined at wp user update | WP-CLI

    change password for userid = 1
    Code:
    cd /home/nginx/domains/domain.com/public
    wp user update 1 --user_pass=MYNEWPASS
    
    you can also use the username or email instead of userid
    Code:
    <user>…
    The user login, user email or user ID of the user(s) to update.
     
  6. girsnoopy

    girsnoopy New Member

    7
    1
    3
    Jun 16, 2015
    Ratings:
    +1
    Local Time:
    2:15 PM
    .08 beta3 - git 6-15-15
    default
    Thanks for the quick reply eva! I attempted the password reset you suggested but still didn't have any luck. I ended up having to use wp cli to create a new admin user. Like I said the username had a "\" char, not sure if wordpress allows special chars in the username or what was the deal. Ill try running the script in a VM tomorrow on a fresh install again and report back with the results for bug testing purposes! :)

    Thanks again!
     
  7. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    oh you mean username not password - what was the username ?
     
  8. girsnoopy

    girsnoopy New Member

    7
    1
    3
    Jun 16, 2015
    Ratings:
    +1
    Local Time:
    2:15 PM
    .08 beta3 - git 6-15-15
    default
    From the Log file: Wordpress Admin User: zvXE6ko2/vWH8wp27770
     
  9. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  10. girsnoopy

    girsnoopy New Member

    7
    1
    3
    Jun 16, 2015
    Ratings:
    +1
    Local Time:
    2:15 PM
    .08 beta3 - git 6-15-15
    default
  11. rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    2:15 AM
    Mainline
    10.2
    Yes I can confirm this.
     
  12. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  13. girsnoopy

    girsnoopy New Member

    7
    1
    3
    Jun 16, 2015
    Ratings:
    +1
    Local Time:
    2:15 PM
    .08 beta3 - git 6-15-15
    default
    Hey Eva, is it possible to remove the php preauthentication for the wordpress login to allow other users to register on the site? Is it as simple as deleting a directory?
     
  14. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    in your domain nginx vhost file in wp-login.php location context comment out these 2 lines
    Code:
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/yourdomain.com/htpasswd_wplogin; 
    so they become
    Code:
        #auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/yourdomain.com/htpasswd_wplogin; 
    then restart nginx

    to renable, uncomment and remove # in front and restart nginx
     
  15. girsnoopy

    girsnoopy New Member

    7
    1
    3
    Jun 16, 2015
    Ratings:
    +1
    Local Time:
    2:15 PM
    .08 beta3 - git 6-15-15
    default
    Thanks Eva for the quick response as always! I will be installing a fresh copy of centmin from the latest git pull this weekend for a wordpress install and ill let you know if I run into any troubles, would it benefit us more for testing if I installed with CentOS 7 or 6.6?
     
  16. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    either is fine although CentOS 7/7.1 would be nice
     
  17. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Updated WP Auto installer for menu 22 option with commit at update inc/wpsetup.inc for php-wpsc.conf setup · centminmod/centminmod@0131ff0 · GitHub thanks to @RoldanLT report and solution at Wordpress - Correct WP Cache Contents? | Centmin Mod Community :)

    To fix, for existing users, run these 2 commands in SSH
    Code:
    \cp -f /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php-wpsc.conf
    sed -i "s|fastcgi_param  SERVER_NAME        \$server_name;|fastcgi_param  SERVER_NAME        \$http_host;|" /usr/local/nginx/conf/php-wpsc.conf
    Then in your Wordpress super cache domain nginx vhost replace all instances of
    Code:
    include /usr/local/nginx/conf/php.conf;
    replace with
    Code:
    include /usr/local/nginx/conf/php-wpsc.conf;
    then restart nginx and php-fpm
    Code:
    nprestart
     
  18. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Tighten security in centmin.sh menu option 22 Wordpress auto installer for the include file
    /usr/local/nginx/conf/wpsecure_${vhostname}.conf update inc/wpsetup.inc wordpress auto installer routine · centminmod/centminmod@cfa2a5a · GitHub

    changes from

    Code:
    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
    }
    
    # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
    location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
    {
    return 444;
    }
    
    #nocgi
    location ~* \.(pl|cgi|py|sh|lua)$ {
    return 444;
    }
    
    #disallow
    location ~* (roundcube|webdav|smtp|http\:|soap|w00tw00t) {
    return 444;
    }
    
    location ~ /(\.|wp-config\.php|wp-config\.txt|readme\.html|license\.txt) { deny all; }
    
    to

    Code:
    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
    }
    
    # Block PHP files in content directory.
    location ~* /wp-content/.*\.php$ {
      deny all;
    }
    
    # Block PHP files in includes directory.
    location ~* /wp-includes/.*\.php$ {
      deny all;
    }
    
    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
      deny all;
    }
    
    # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
    location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
    {
    return 444;
    }
    
    #nocgi
    location ~* \.(pl|cgi|py|sh|lua)$ {
    return 444;
    }
    
    #disallow
    location ~* (roundcube|webdav|smtp|http\:|soap|w00tw00t) {
    return 444;
    }
    
    location ~ /(\.|wp-config\.php|wp-config\.txt|readme\.html|license\.txt) { deny all; }
    
     
  19. Inforit

    Inforit Premium Member Premium Member

    43
    14
    8
    Jul 30, 2014
    Ratings:
    +17
    Local Time:
    7:15 PM
    nginx/1.7.3
    MariaDB 5.5
    Hi Eva,
    I am getting a wp-includes forbidden error for a visual editor, checked my wpsecure_${vhostname}.conf and it is empty, where is it being blocked?

    Thanks

    "NetworkError: 403 Forbidden - /wp-includes/js/tinymce/wp-tinymce.php?c=1&ver=4203-20150730"
     
  20. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:15 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    i believe this one in /usr/local/nginx/conf/wpsecure_${vhostname}.conf would block it
    Code:
    # Block PHP files in content directory.
    location ~* /wp-content/.*\.php$ {
      deny all;
    }
    but you say yours is empty at /usr/local/nginx/conf/wpsecure_${vhostname}.conf ?