I just changed it to an A record And it should be. :)
Hey eva2000, Firstly I have to say awesome awesome work. Centmin is such a great tool for so many people, great work! I just setup a new vm with git .08 beta 3 6-15-15, and after the wordpress install I am having issues getting logged in. I get past the first authentication but when presented with the wordpress login the credentials don't seem to want to work. I'm hoping its not user error , I have tried two different browsers to make sure no cached passwords were interfering. Not sure what logs might be beneficial other than the autogen-username has a / in it that might be causing problems with wordpress? Any ideas?
what was the auto generated password for wordpress ? you can try changing wordpress installs admin password using wpcli tool in SSH do the following change to wordpress install directory and run the wp change password command as outlined at wp user update | WP-CLI change password for userid = 1 Code: cd /home/nginx/domains/domain.com/public wp user update 1 --user_pass=MYNEWPASS you can also use the username or email instead of userid Code: <user>… The user login, user email or user ID of the user(s) to update.
Thanks for the quick reply eva! I attempted the password reset you suggested but still didn't have any luck. I ended up having to use wp cli to create a new admin user. Like I said the username had a "\" char, not sure if wordpress allows special chars in the username or what was the deal. Ill try running the script in a VM tomorrow on a fresh install again and report back with the results for bug testing purposes! Thanks again!
k updated .08 beta03 inc/wpsetup.inc to strip forward slash from salts update inc/wpsetup.inc ensure user/pass salts are stripped of forward… · centminmod/centminmod@5f9921d · GitHub
Hey Eva, Just tried a fresh install and ran into the same problem. The username this time has a + symbol. "zg8cfs8j+rHDrwp12053". Do you think special chars in the username is why again I can't login with the provided credentials?
k trying again with update to remove + as well as change admin userid from 1 to random 6 digit number update inc/wpsetup.inc correct wp username generation and user id ran… · centminmod/centminmod@7a24857 · GitHub
Hey Eva, is it possible to remove the php preauthentication for the wordpress login to allow other users to register on the site? Is it as simple as deleting a directory?
in your domain nginx vhost file in wp-login.php location context comment out these 2 lines Code: auth_basic "Private"; auth_basic_user_file /home/nginx/domains/yourdomain.com/htpasswd_wplogin; so they become Code: #auth_basic "Private"; #auth_basic_user_file /home/nginx/domains/yourdomain.com/htpasswd_wplogin; then restart nginx to renable, uncomment and remove # in front and restart nginx
Thanks Eva for the quick response as always! I will be installing a fresh copy of centmin from the latest git pull this weekend for a wordpress install and ill let you know if I run into any troubles, would it benefit us more for testing if I installed with CentOS 7 or 6.6?
Updated WP Auto installer for menu 22 option with commit at update inc/wpsetup.inc for php-wpsc.conf setup · centminmod/centminmod@0131ff0 · GitHub thanks to @RoldanLT report and solution at Wordpress - Correct WP Cache Contents? | Centmin Mod Community To fix, for existing users, run these 2 commands in SSH Code: \cp -f /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php-wpsc.conf sed -i "s|fastcgi_param SERVER_NAME \$server_name;|fastcgi_param SERVER_NAME \$http_host;|" /usr/local/nginx/conf/php-wpsc.conf Then in your Wordpress super cache domain nginx vhost replace all instances of Code: include /usr/local/nginx/conf/php.conf; replace with Code: include /usr/local/nginx/conf/php-wpsc.conf; then restart nginx and php-fpm Code: nprestart
Tighten security in centmin.sh menu option 22 Wordpress auto installer for the include file /usr/local/nginx/conf/wpsecure_${vhostname}.conf update inc/wpsetup.inc wordpress auto installer routine · centminmod/centminmod@cfa2a5a · GitHub changes from Code: # Deny access to any files with a .php extension in the uploads directory # Works in sub-directory installs and also in multisite network location ~* /(?:uploads|files)/.*\.php$ { deny all; } # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { return 444; } #nocgi location ~* \.(pl|cgi|py|sh|lua)$ { return 444; } #disallow location ~* (roundcube|webdav|smtp|http\:|soap|w00tw00t) { return 444; } location ~ /(\.|wp-config\.php|wp-config\.txt|readme\.html|license\.txt) { deny all; } to Code: # Deny access to any files with a .php extension in the uploads directory # Works in sub-directory installs and also in multisite network location ~* /(?:uploads|files)/.*\.php$ { deny all; } # Block PHP files in content directory. location ~* /wp-content/.*\.php$ { deny all; } # Block PHP files in includes directory. location ~* /wp-includes/.*\.php$ { deny all; } # Block PHP files in uploads, content, and includes directory. location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ { deny all; } # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { return 444; } #nocgi location ~* \.(pl|cgi|py|sh|lua)$ { return 444; } #disallow location ~* (roundcube|webdav|smtp|http\:|soap|w00tw00t) { return 444; } location ~ /(\.|wp-config\.php|wp-config\.txt|readme\.html|license\.txt) { deny all; }
Hi Eva, I am getting a wp-includes forbidden error for a visual editor, checked my wpsecure_${vhostname}.conf and it is empty, where is it being blocked? Thanks "NetworkError: 403 Forbidden - /wp-includes/js/tinymce/wp-tinymce.php?c=1&ver=4203-20150730"
i believe this one in /usr/local/nginx/conf/wpsecure_${vhostname}.conf would block it Code: # Block PHP files in content directory. location ~* /wp-content/.*\.php$ { deny all; } but you say yours is empty at /usr/local/nginx/conf/wpsecure_${vhostname}.conf ?