Archives

Install WordPress on a user account as root

You don’t have Softaculous on your server and a user asks you to install WordPress for him.
You can download the WordPress zip, unzip the archive, upload the files via FTP to the user account. You will also need to log in to cPanel and create the database and username.

We will show you an alternative way to install WordPress. We will install WordPress for user “plothost”.

  1. Login as root via SSH on your web hosting server.
  2. Change location to where you want to install WordPress
    root@web [~]# cd /home/plothost/public_html/
    root@web [/home/plothost/public_html]#
    
  3. Download the latest WordPress version. The permanent link is https://wordpress.org/latest.zip
    root@web [/home/plothost/public_html]# wget https://wordpress.org/latest.zip
    --2017-05-01 08:14:59--  https://wordpress.org/latest.zip
    Resolving wordpress.org (wordpress.org)... 66.155.40.249, 66.155.40.250
    Connecting to wordpress.org (wordpress.org)|66.155.40.249|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 8756989 (8.4M) [application/zip]
    Saving to: 'latest.zip'
    
    100%[==============================================================================================================================>] 8,756,989   7.07MB/s   in 1.2s
    
    2017-05-01 08:15:01 (7.07 MB/s) - 'latest.zip' saved [8756989/8756989]
    
    root@web [/home/plothost/public_html]#
    
    
  4.  Extract the archive-zip file in the current directory.
    root@web [/home/plothost/public_html]# unzip latest.zip -d .
    

    The zip archive will be extracted to public_html/plothost/wordpress/

  5. We want to install WordPress in public_html/ folder. So let’s move the files.
    root@web [/home/plothost/public_html]# mv ./wordpress/* .
    

    We now have all the WordPress files in /plothost/public_html/

  6. We should create the database and assign the username
    root@web [/home/plothost/public_html]# mysql
    Welcome to the MariaDB monitor.  Commands end with ; or \g.
    Your MariaDB connection id is 384766
    Server version: 10.1.22-MariaDB MariaDB Server
    
    Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [(none)]> CREATE DATABASE wpbase;
    Query OK, 1 row affected (0.00 sec)
    
    MariaDB [(none)]> CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'pass123456';
    Query OK, 0 rows affected (0.19 sec)
    
    MariaDB [(none)]> GRANT ALL ON wpbase.* TO 'wpuser'@'localhost';
    Query OK, 0 rows affected (0.02 sec)
    
    MariaDB [(none)]>
    
  7. We rename the configuration file wp-config-sample.php to wp-config.php
    root@web [/home/plothost/public_html]# mv wp-config-sample.php wp-config.php
    root@web [/home/plothost/public_html]#
    
  8. Edit the file wp-config.php in your preferred editor (like vi). Modify the lines with the WordPress details you’ve used earlier:

    /** The name of the database for WordPress */
    define(‘DB_NAME’, ‘database_name_here’);

    /** MySQL database username */
    define(‘DB_USER’, ‘username_here’);

    /** MySQL database password */
    define(‘DB_PASSWORD’, ‘password_here’);

    becomes

    /** The name of the database for WordPress */
    define(‘DB_NAME’, ‘wpbase’);

    /** MySQL database username */
    define(‘DB_USER’, ‘wpuser’);

    /** MySQL database password */
    define(‘DB_PASSWORD’, ‘pass123456’);

  9. We are almost finished. Let’s change the files’ user/group, so the user can modify the files.
    root@web [/home/plothost/public_html]# chown -R plothost:plothost .
    
  10. You can now give the installation URL to the user, and he/she will finish the installation by entering Site Title, Admin Username and Password, Email. (as in the image below)

WordPress Install Options

On our web hosting plans you can install WordPress easily via Softaculous. Check out the WordPress Hosting page.

Change the default SSH server port number

The Secure Shell (SSH) Protocol is using by default port 22. As a virtual/dedicated server administrator, it’s always a good idea to change this. Changing the port to another number will stop many attacks – as attack tools will try to connect to port 22.

The commands we use are tested on a CentOS distribution with cPanel installed.
If you are using a firewall on your server, whitelist the new port number. After finishing the port change, block the old port number.

To change the SSH port: 

  1. Log in to your server as root.
  2. Open the /etc/ssh/sshd_config file in a text editor (like vi, nano etc.).
    vi /etc/ssh/sshd_config
  3. Look for the line
    Port 22
  4. Change the 22 value to 3700 for example. You can use a port from the User Ports Interval (1024-49151), as assigned by the Internet Assigned Numbers Authority (IANA).
  5. Save the file, exit the editor and restart the SSH server.
    service sshd restart
  6. Open a new terminal window (or using PuTTY) and try to connect to the new assigned port:
    ssh username@yourserver.com 3700

Port numbers are assigned in various ways, based on three ranges: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535); the difference uses of these ranges is described in [RFC6335].

Related KB article: How to install nano editor with yum

Whitelist an IP in CSF for remote MySQL connections

ConfigServer Security & Firewall (csf) is a popular firewall for Linux web servers. Many cPanel web servers use it. By default, the csf is configured to block incoming connections to MySQL port, which is 3306.
But you have a client that requires a direct connection to the MySQL server. What can you do? Opening the port 3306 to public is not a very good idea. You can set up a rule in csf to allow incoming connections to MySQL from specific IP(s).

 

csf WHM Interface
csf WHM Interface

For this you will need to edit the file /etc/csf/csf.allow

####################### ########################## # Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ########################## # The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore

 

Add the following lines to the file /etc/csf/csf.allow (replace 192.168.1.0 with the desired IP):

tcp|in|d=3306|s=192.168.1.0
udp|in|d=3306|s=192.168.1.0

Restart csf and that IP will be able to connect to MySQL/MariaDB server.

Whitelist Google, Bing, Yahoo, Yandex, Baidu bots in csf and mod_security

ConfigServer Security & Firewall or csf for short is a popular firewall solution for cPanel servers. Combined with some good rules for mod_security, it does a great job.
To prevent csf temporary/permanently blocking the IPs of good bots you should edit the file /etc/csf/csf.rignore

####################### ##########################
# Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ##########################
# The following is a list of domains and partial domain that lfd process
# tracking will ignore based on reverse and forward DNS lookups. An example of
# its use is to prevent web crawlers from being blocked by lfd, e.g.
# .googlebot.com and .crawl.yahoo.net
#
# You must use either a Fully Qualified Domain Name (FQDN) or a unique ending
# subset of the domain name which must begin with a dot (wildcards are NOT
# otherwise permitted)
#
# For example, the following are all valid entries:
# www.configserver.com
# .configserver.com
# .configserver.co.uk
# .googlebot.com
# .crawl.yahoo.net
# .search.msn.com
#
# The following are NOT valid entries:
# *.configserver.com
# *google.com
# google.com (unless the lookup is EXACTLY google.com with no subdomain
#
# When a candidate IP address is inspected a reverse DNS lookup is performed on
# the IP address. A forward DNS lookup is then performed on the result from the
# reverse DNS lookup. The IP address will only be ignored if:
#
# 1. The results of the final lookup matches the original IP address
# AND
# 2a. The results of the rDNS lookup matches the FQDN
# OR
# 2b. The results of the rDNS lookup matches the partial subset of the domain
#
# Note: If the DNS lookups are too slow or do not return the expected results
# the IP address will be counted towards the blocking trigger as normal
#

Add the following lines to /etc/csf/csf.rignore file:

.googlebot.com
.crawl.yahoo.net
.search.msn.com
.google.com
.yandex.ru
.yandex.net
.yandex.com
.crawl.baidu.com
.crawl.baidu.jp

csf is blocking IPs when a host is blocked for a number of times by a mod_security rule. So, we must go to the root of the problem – we will create mod_security rules to allow good bots.
For this, we will edit the mod_security .conf files. If you are using cPanel EasyApache 4, add the following lines to the file /etc/apache2/conf.d/modsec/ modsec2.user.conf

HostnameLookups On
SecRule REMOTE_HOST "@endsWith .googlebot.com" "allow,log,id:5000001,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .google.com" "allow,log,id:5000002,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .search.msn.com" "allow,log,id:5000003,msg:'msn bot'"
SecRule REMOTE_HOST "@endsWith .crawl.yahoo.net" "allow,log,id:5000004,msg:'yahoo bot'"
SecRule REMOTE_HOST "@endsWith .yandex.ru" "allow,log,id:5000005,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.net" "allow,log,id:5000006,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.com" "allow,log,id:5000007,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.com" "allow,log,id:5000008,msg:'baidu bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.jp" "allow,log,id:5000009,msg:'baidu bot'"

After adding these lines, please restart the Apache Web Server. After some time, you will see entries in the server logs. Just go to WHM->Security Center->ModSecurity™ Tools->Hits List or from the command line:

root@web [/]# grep "500000" /usr/local/apache/logs/error_log | tail -30

 

cPanel Mod_Security Logs
cPanel Mod_Security Logs

Resources:
https://webmasters.googleblog.com/2006/09/how-to-verify-googlebot.html
https://yandex.com/support/webmaster/robot-workings/check-yandex-robots.xml
https://www.bing.com/webmaster/help/how-to-verify-bingbot-3905dc26
https://github.com/SpiderLabs/ModSecurity/wiki/

Working with cron jobs – create, edit and delete them with cPanel

Cron jobs allow you run a command or script on your site at user-defined time intervals.

To create a cron job in cPanel:

    1. Login to your cPanel account
    2. Go to Cron Jobs (ADVANCED Section)
    3. If you want to receive the output of the cron job then enter the email in the Email field and click the Update Email button
    4. Go to the Add New Cron Job section, select the Common Settings from the drop-down list. You can choose from the predefined values or you can enter your own values.
    5. Enter the command you wish to run. For example, to run a php file, use the command : home/username/public_html/test.php
    6. Click the Add New Cron Job button
    7. The new cron job will appear in the Current Cron Jobs Section

For the Common Settings you can choose from :

-Once Per Minute (* * * * *)

-Once Per Five Minutes (*/5 * * * *)

-Twice Per Hour (0,30 * * * *)

-Once Per Hour (0 * * * *)

-Twice Per Day (0 0,12 * * *)

-Once Per Day (0 0 * * *)

-Once Per Week (0 0 * * 0)

-On the 1st and 15th of the Month (0 0 1,15 * *)

-Once Per Month (0 0 1 * *)

-Once Per Year (0 0 1 1 *)

To delete a cron job in cPanel:

  1. Login to your cPanel account
  2. Go to Cron Jobs (ADVANCED Section)
  3. On the Current Cron Jobs Section, click the Delete link on the row with the cron job you want to delete.
  4. Click the Delete button when the cPanel is asking “Delete this cron job?
  5. The cron job is deleted now.

To edit a cron job in cPanel:

  1. Login to your cPanel account
  2. Go to Cron Jobs (ADVANCED Section)
  3. On the Current Cron Jobs Section, click the Edit link on the row with the cron job you want to edit.
  4. Make the necessary changes. When done, click the Edit Line button.
cPanel Cron Jobs
cPanel Cron Jobs
Many web hosting providers will block your cron job if the running interval is too short. Ask your host what is the minimum value.
A cron job must include Minute, Hour, Day, Month, Weekday and Command fields.
Page 6 of 7
1 4 5 6 7