Through our expansive tutorials, we take on the beast known as WordPress! Whether you are a beginner blogger who needs help creating a site or an expert web admin needing to perform a search and replace, there is a tutorial for you here!
WP-CLI is a very handy set of commands. You can run anything that you would run in wp-admin on a WordPress site but from the command line. Useful commands which WP-CLI employs to keep WordPress core updated plugins including the default themes which come with WordPress.
Continue reading “What are Common Commands to Update WordPress Using WP-CLI?”
The error “too many redirects” means that the website keeps being redirected between different addresses in a way that will never complete. Often this is the result of competing redirects, one trying to force HTTPS (SSL) and another redirecting back to HTTP (non-SSL), or between www and non-www forms of the URL.
Whether its a hacked site or a lost password, you may find that you are locked out of your WordPress Admin control panel. If you’ve forgotten your password or don’t have access to the email address that the “Lost your password?” link sends to, you still have one more option to access it. Through the database! WordPress’ database stores all WordPress username, encrypted passwords, and the user’s email address and thus can be edited through a database client like phpMyAdmin. In this tutorial, we’ll be showing you how to edit the email address and change your user’s password.
You may have noticed, when transferring a website, that the URL is still stuck on the old site even though you have changed the virtual host file to reflect the new domain name. Or you may see the URL entirely greyed out in your WordPress portal. This mismatch can happen if you can’t change the URL within WordPress to reflect the new site name. In this tutorial, we will show you how to change the URL through the database.
If you don’t have your database credentials you can certainly grab them from your wp-config.php file, usually located in /var/www/html. Copy your username and password, you’ll need these to enter phpMyAdmin.
/** MySQL database username */
define('DB_USER', 'yourusername');
/** MySQL database password */
define('DB_PASSWORD', 'userpassword');
If you Ubuntu 14.XX and higher, you can visit https://yourhostname.com/phpmyadmin and enter your database username and password copied from your wp-config.php. CentOS users can usually go to their WHM panel and type in “phpMyAdmin” into the search bar for a shortcut into their database. With specialty platforms like Managed WordPress or Cloud Sites check with your support team to locate your phpMyAdmin instance.
Once you’ve entered phpMyAdmin, click on your database name on the left, in this case, ours is named 929368_kittens.
Locate wp_options, afterwards you’ll see rows on the right hand side. The home and site_url row is needed as we will be changing these values to the new website name.
Select Edit in the row of siteurl and home to edit the URL, including “http” or “https” (if you already have an SSL on the domain name). Once you’ve changed your URL, select GO to save your changes.
Your WordPress instance is now set to your new URL! If you haven’t done so already, you may need to set your A record to your new IP address or clear your browser’s cache to visit your new URL.
Changing the domain name within WordPress is simple enough but sometimes code within an nginx.conf or .htaccess file can also direct a site back to the old domain name. It should also be noted that sometimes a plugin, theme or database can be referenced or hardcoded to read an old domain name. For either problem, the Velvet Blue’s plugin or WP-CLI’s search and replace command cater to the issue. Our Managed WordPress platform performs name changes automatically from our control panel, as well as core updates. Check out how our Managed WordPress product can streamline your work.
Let’s face it. At some point, while running your WordPress site, you will run into issues and errors and may ultimately have to ask yourself…
AMP for WP -Accelerated Mobile Pages allows your site to be faster for mobile visitors. Along with last week’s report, the AMP plugin has also been added to the list exploited. The AMP for WP plugin was reported on October 20, 2018, by its developers. Luckily, the newest version, 0.9.97.20, of this plugin has patched for their known security flaws. This exploit has the means of putting 100,000+ users at potential risk, so its best to check if you are utilizing this plugin. In this tutorial, we will be checking if you use this plugin. Along with updating, we will also show you how to check if your site for compromises.
In the vein of the WP GDPR plugin exploit, the AMP hack allows code vulnerability to make site-wide changes. Bots scan for sites using the AMP plugin and use an XSS security bug to create a new user that has admin-like privileges. The vulnerable versions’ (below 0.9.97.20) code didn’t cross check to see if registered users had the permissions to perform some actions. With administrative like privileges a hacker can hide their code within your WordPress files to use to take over your website. Additionally, they can upload files, update plugins, read files, and inject posts.
By logging into your WordPress backend you can easily see if you are subject to this exploit.
Step 1: Enter the WordPress backend by going to yourdomain.com/wp-login.php in your browser.
Step 2: Login with your WordPress username and password and navigate to Plugins and click on Installed Plugins on the left-hand side of your screen.
Step 3: Scroll down through any installed plugins to see if you have Accelerated Mobile Pages within your list, followed by its version. Any version below 0.9.97.20 is still vulnerable and you’ll have to perform a few actions to protect yourself.
Note: It’s recommended to backup your website before pushing any updates.
Step 1: Follow the steps above in the section “Identify If You Use AMP for WP” to login and locate your Plugins menu.
Step 2: Locate Accelerated Mobile Pages. If you are running an outdated version you’ll see a message providing you a link to update. Click “update now” to automatically update to the latest version.
A site hack is possible even without noticing any visual differences to your site. For a closer inspection below are some of the characteristics of the AMP exploit.
If have identified your site is compromised from above characteristics, you’ll want to remedy it immediately since other sites on the same server can potentially be affected.
As time goes by, more plugins will give way to more vulnerabilities but there are some proactive steps to ensure your site’s security. For insight into ways of protecting your WordPress site look into our article on the subject, The Best Ways to Protect Your WordPress Site.
As of November 9, 2018, the WP GDPR Compliance plugin has been exploited by hackers. This plugin aids e-commerce site owners in compliance with European privacy standards. Since the very nature of GDPR is to protect the personal data and privacy of EU citizens, it should be tended to as soon as possible to avoid a costly cleanup. WP GDPR Compliance is also known for working in conjunction with many forms including Contact Form 7, Gravity Forms, and WordPress Comments.
The main characteristic of this hack is the addition of new users, users with admin privileges. These administrative users have full access to your WordPress site. With Admin users a hacker can alter your site without your knowledge, including making rouge pages or selling your visitor’s information.
This article shows WP GDPR users how to:
If you are familiar with how to log in to your WordPress backend you can easily see if you are using this plugin.
Step 1: Enter the WordPress backend by going to yourdomain.com/wp-login.php in your browser.
Step 2: Login with your WordPress username and password and navigate to Plugins and click on Installed Plugins on the left-hand side of your screen.
Step 3: Scroll down through any installed plugins to see if WP GDPR Compliance is within your list. On this screen, you’ll be able to see the version of the plugin to the right of the plugin name. Any version less than 1.4.3 is vulnerable and should be updated.
Although this is a severe exploit, it is easy to patch and protect yourself by performing a simple update.
Step 1: Follow the steps above in the section “How to Identify if you use the WP GDPR plugin” to login and locate your Plugins menu.
Step 2: Afterwards, find WP GDPR Compliance, if you are running an outdated version you’ll see a message letting you know you can update. Selecting the “update now” link will automatically upgrade to the newest version.
There is a couple of routes for identifying this hack, listed below, but you can also use the Wordfence Security Scanner or our read our blog article on the subject of exploitation.
Indicators of Compromise include the following characteristics:
If you deduced your site is compromised from previously mentioned characteristics, then you’ll want to remedy it immediately since other sites on the same server can be affected.
Editing a website’s code is often needed to update a site, but doing this to the live website could create downtime and other unwanted effects. Instead, its ideal to create an environment especially for developing new ideas. In this tutorial, we will explore creating a development site specifically for CentOS servers.
As a warning, this is advanced technical work. It’s possible to make mistakes and cause downtime on your live domain. If you are not 100% confident, it may be a good idea to hire a system admin or developer to copy the domain for you.
Step 1: Continue on to back up the cPanel account, just in case you have any issues while creating your development environment:
/scripts/pkgacct [username] --backup /home/temp/
Step 2: After creating a backup, you will create a copy the database of the main domain, otherwise known as the primary domain.
mysqldump [database_name] > /home/temp/backup.[database_name].sql
Step 3: Create the new dev domain in WHM. This domain name will be a subdomain of the primary domain. Creating a subdomain is one of the first steps in designing your development environment. We prefer to use, dev.[domain].com, the same domain name but with “dev” in front of it for clarity. Do be sure to note all the information, like the username and password. If you are not familiar with how to create a new account, see the following tutorial.
Step 4: Once you’ve created the subdomain within your cPanel you’ll copy the files from the main document root to the newly created dev document root. The document root is the location where your website’s files.
Use the following command to find the document root for either domain. Replace “exampledomain.com” with the primary and development domains for determining the location of document root for each.
whmapi1 domainuserdata domain=[exampledomain.com] | grep -i documentroot
Step 5: After locating the document roots we will copy the files from the primary domain over to the development environment. Insert the document roots into this next command.
rsync -avh /document/root/of/the/primary/domain/ /document/root/of/the/new/dev/domain
Step 6: Next you will need to state the correct ownership of the dev domain’s files and directories, as the previous username will be in place. The ‘dev_username’ will be the given/chosen when you created the new account. The following command will change the ownership for you.
chown -R [dev_username]: /home/[dev_username]
Step 7: After changing file ownership, create a new database and database user for the dev domain. Be sure to notate this information including the password set. Our documentation on the creating a new database will walk you through this necessary process.
Step 8: Once you’ve created the new database its user, you can start copying the original database into the newly created database.
mysql [new_database_name] < /home/temp/backup.[database_name].sql
Step 9: Copying over the database is the bulk of the work, but you’ll still need to edit the configuration files for your domain. Typically, some files need to access the database and will accomplish this via the database user and password. The file that contains these credentials needs to be updated to have the database, database user, and password you created in step 8 of this tutorial. If unsure of the location of these files talking with a developer may be helpful. If you are working with a WordPress site, you can continue onto the next section. Otherwise, if you have updated your dev configuration files with your new database info continue onto step 10.
Step 10: To complete this tutorial you have two choices: add an A record to your DNS view your dev site online or edit your local hosts file to view solely on your computer. For our Liquid Web customers feel free to contact The Most Helpful Humans™ with questions you may have in setting up a development environment.
Often we want to edit our domain’s code, but on a production website, this can be dangerous. Making changes to the production site would not only allow all of the Internet to see unfinished changes but could also cause errors to display. As a workaround, we’ll create a testing domain or “dev” domain to work out any bugs and changes to the site.
As a warning, this is advanced technical work. It’s possible to make mistakes and cause downtime on your live domain. If you are not 100% confident, it may be a good idea to hire a system admin or developer to copy the domain for you.
Continue reading “Setup a Development Environment in Ubuntu”
Liquid Web is here to support your migration needs into our Managed WooCommerce Hosting platform. Whether you are migrating from an external or internal source, our in-house team of migration experts transforms the data migration process into a simple task. To ensure the smoothest and best possible data transfer, we have a quick overview and a few points for your consideration.
Our first step includes taking a copy of your live site (known as the origin site) and migrating it over to our Managed WooCommerce Hosting platform. Rest assured, when performing the migration, the only changes made to the site will be to assist in the movement. Within this timeframe, it is advised to avoid making changes or updates to the site as it will extend the migration timeline and could result in data loss. Changes and updates are included but not limited to themes, designs, contents, products, blog posts or WordPress versions. The initial sync process should result in no downtime for your live site. Once the initial sync is complete, our Migration Specialists perform a series of basic tests to the site. During this time, our team will send information on ways to test out your new site to ensure that all aspects have carried over correctly and are in working order. Before going live, it is essential to take the time to thoroughly review your site and if at any point you do find a discrepancy our specialist is there to assist. The third and most exciting step is the push to go live. We will coordinate the best date and time for the final sync of your site. This last sync will ensure the latest data on orders, products, and customers transfers to your new server. Upon completion of the final sync, you will be asked to update the staging domain’s name and DNS record. With a little DNS propagation time, you will begin to see the new site populate!
With the updating of DNS and the site name, you are now entirely done with the migration process. In subsequent steps, we will create a ticket with our Product Team to connect your store to our partnered applications, Glew and Jilt. Credentials to these valued applications will be sent out in an email, after which, our product team can suggest performance optimization methods to get the most out of your eCommerce store.
Knowing the details behind the migration process aligns us with our next step in creating a migration request from your Liquid Web control panel! Once completed, our Migration Specialists will be in touch to schedule the migration and answer any questions you may have.