Many users are asking us how to enable automatic updates in WordPress. For the moment, there is no option in the WordPress admin panel. You must enable this option by editing the configuration file – wp-config.php.
The line that needs to be added to the bottom of the wp-config.php file to enable automatic minor and major updates is:
define( 'WP_AUTO_UPDATE_CORE', true );
More info on the WP_AUTO_UPDATE_CORE option from the WordPress site:
WP_AUTO_UPDATE_CORE can be defined with one of three values, each producing a different behavior:
Value of true – Development, minor, and major updates are all enabled
Value of false – Development, minor, and major updates are all disabled
Value of ‘minor’ – Minor updates are enabled, development, and major updates are disabled
Notice: The WordPress will update itself to a development release ONLY if you already are using such a release.
You don’t have Softaculous on your server and a user asks you to install WordPress for him.
You can download the WordPress zip, unzip the archive, upload the files via FTP to the user account. You will also need to log in to cPanel and create the database and username.
We will show you an alternative way to install WordPress. We will install WordPress for user “plothost”.
We now have all the WordPress files in /plothost/public_html/
We should create the database and assign the username
root@web [/home/plothost/public_html]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 384766
Server version: 10.1.22-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE wpbase;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'pass123456';
Query OK, 0 rows affected (0.19 sec)
MariaDB [(none)]> GRANT ALL ON wpbase.* TO 'wpuser'@'localhost';
Query OK, 0 rows affected (0.02 sec)
We rename the configuration file wp-config-sample.php to wp-config.php
Accelerated Mobile Pages (AMP) is an HTML type language that is optimized for mobile using. Google puts more and more SEO value on AMP pages. For example, you can see statistics for your AMP pages in Google Analytics. In this post we will show you how to install the AMP WordPress plugin by Automattic.
The steps to support AMP in WordPress:
Log in to your WordPress installation (usually the url is domain.com/wordpress_directory/wp-login.php)
Go to Plugins->Add New
Type “AMP” in the Search plugins edit box
You’ll see a list of available plugins. Install the AMP by Automattic plugin by clicking the Install button.
Activate the plugin by clicking the Activate button.
Now you will have AMP support for your WordPress blog. To see the AMP pages, just add /amp/ to any URL on your blog.(eg. domain.com/post-1/amp/)
You see a lot of traffic to your site from bad bots? If you have a WordPress site, maybe the first reaction is to search for a WordPress plugin that will block such visits. But instead of using a free/paid WordPress plugin, you can also modify the .htaccess file from the the root of your site. The location of the file is most of the time /home/username/public_html/.htaccess.
You can applies these rules to any website.
Just edit the file and add these lines:
#Rules to block bad bods from accessing web pages on your site.
#Remove or add more rules as per your needs.
BrowserMatchNoCase "Baiduspider" bots
BrowserMatchNoCase "SemrushBot" bots
BrowserMatchNoCase "Yandex" bots
BrowserMatchNoCase "BLEXBot" bots
BrowserMatchNoCase "AhrefsBot" bots
BrowserMatchNoCase "DotBot" bots
BrowserMatchNoCase "Exabot" bots
BrowserMatchNoCase "SeznamBot" bots
BrowserMatchNoCase "aiHitBot" bots
BrowserMatchNoCase "spbot" bots
BrowserMatchNoCase "MJ12bot" bots
BrowserMatchNoCase "oBot" bots
BrowserMatchNoCase "DeuSu" bots
BrowserMatchNoCase "ia_archiver" bots
BrowserMatchNoCase "MetaURI" bots
BrowserMatchNoCase "FlipboardProxy" bots
Allow from ALL
Deny from env=bots
These bots will get now a 403 HTTP Error when trying to access your pages.
Double-check the bots you want to block! Not all bots are bad.
Using the .hatccess file, you can also block bad IPs. If you know malicious IPs, add them like:
#Deny malicious bots/visitors by IP addresses.
deny from 18.104.22.168
deny from 22.214.171.124
WordPress just released version 4.7.3. This is security update and you should update your blog(s) as soon as possible.
Security issues that were fixed in version 4.7.3:
– Cross-site scripting (XSS) via media file metadata.
– Control characters can trick redirect URL validation.
– Unintended files can be deleted by administrators using the plugin deletion functionality.
– Cross-site scripting (XSS) via video URL in YouTube embeds.
– Cross-site scripting (XSS) via taxonomy term names.
– Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
Also, WordPress version 4.7.3 contains 39 maintenance fixes.
If you need any help updating your WordPress installation please submit a ticket and we’ll be happy to help.