However, sometimes you may face some problems or errors and the WordPress theme can’t be installed. You don’t want to look for another theme again and this theme was perfect for your website. You are in luck – join us in this guide to help you fix the WordPress theme not installing problem on your website.

There are a few different ways that this problem can be solved, so please try and check each one. Odds are something here will fix your problem.

Your uploaded theme file exceeds the maximum file size

Let’s say you downloaded the theme that you want to install, and you navigate to Appearance -> Theme -> Add New Theme and you upload your theme.

Then you receive the following error message:

The uploaded file exceeds the upload_max_filesize directive in php.ini

Based on the error message, your PHP configuration resticts file uploads to a size that is smaller than the theme you tried to upload. Just like the error suggests, to fix the problem you’ll need to increase the upload_max_filesize value. Once that’s done, you can upload the theme, and it’ll likely work.

How to increase max file upload size for PHP in cPanel

If you have WHM & cPanel, you can log in to your cPanel account and click on “MultiPHP INI Editor” and select the WordPress domain in the Select Location drop-down menu. Then you can increase the “upload_max_filesize” value to be higher than the size of the WordPress theme that you are uploading. For example, if your theme is 50 megabytes in size, we recommend setting it to something like 75 megabytes.

How to increase max file upload size for PHP using php.ini

In case you don’t have WHM & cPanel, you should change the upload_max_filesize value in the php.ini file. You can find the php.ini file by creating a new file phpinfo.php in the DocumentRoot of your WordPress website with the following content inside.

<?php

phpinfo( );

?>

Then go ahead and save this file and navigate to https://your-domain.com/phpinfo.php in your favorite browser and you can find the location of the php.ini file in the section “Loaded Configuration File“.

Then open the php.ini file in the location where it is found and change upload_max_filesize from 25M for example to a larger number – one that is larger than the theme you want to upload. Save the file and exit. Restart your web server.

Also, make sure to delete the phpinfo.php file from your web server as revealing information about your environment invites attackers to find ways into your server through vulnerabilities.

Your PHP memory limit is too low

Another error that you may face is exhausting the memory with the following error message in your PHP log:

Fatal error: Allowed memory size of X bytes exhausted.

Same as in the previous example, you should increase the PHP memory limit from cPanel or by finding the php.ini file on your server and increasing the value for the “memory_limit” variable.

You can change the memory limit from cPanel by logging in to your cPanel account and navigating to the “MultiPHP INI Editor” and selecting the WordPress domain in the Select Location drop-down menu, then you can change the “memory_limit” value.

If you are not using cPanel you can find the php.ini file by creating a phpinfo.php file that will show you the php.ini location on your server. Then adjust your memory_limit variable from the default 128M to a larger number, such as 256M or 512M. Make sure to restart your web server.

“Installation Failed: Could Not Create Directory” Error

Two scenarios may cause this error. Your server has run out of disk space, or your cPanel or DirectAdmin account has reached the disk quota. In some extreme cases, if your server has too many files, you may reach the inodes limit on your server. Inodes are used to identify unique files and folders – it’s possible to run out of numbers even without running out of disk space.

To fix this error you should delete some old or unused files to free up some space/inodes, or upgrade your hosting plan.

Lack of permissions or ownership by the web server

Another problem that you can face is your directory or files might have incorrect permissions or ownership.

You can change the file and directory permissions of the WordPress directory using FTP or SFTP through your FTP client, such as FileZilla. This is a free application for Windows, macOS and Linux that lets you remotely connect to your server.

You can select the WordPress DocumentRoot, righ-click on it and select File permissions…

Then you can set 755 in the numeric value field > select recurse into subdirectories > apply to directories only and click ok.

Again you can repeat the same procedure right-click on the DocumentRoot, select File permissions… and set 644 in the numeric value field > select recurse into subdirectories > apply to files only and click ok.

To change the file permissions from your terminal you can navigate inside the WordPress website directory and run the following commands.

find . -type f -exec chmod 644 {} +
find . -type d -exec chmod 755 {} +

This will set the correct permissions for your WordPress files and directories.

You may also need to change the ownership of the files and directories to your web server’s user. Depending on what Linux distribution and web server you’re using, this user is named differently. It could be www-data, nginx, or apache to name a few.

To set the ownership of your WordPress installation, let’s say your WordPress is installed at the directory /var/www/html/wordpress/. To change the ownership of the entire WordPress installation to your web server user (in our example it is www-data), you can do that like so:

chown -R www-data:www-data /var/www/html/wordpress

With that, your web server should now be able to access all WordPress files and folders properly.

Incompatible plugins

Sometimes plugin compatibility may be the issue when you are installing a new theme. It may cause a conflict and you won’t be able to install the new theme. This is especially possible if your theme depends on some plugins to function properly. You can test this by installing some WordPress plugin compatibility checker or disabling all the plugins one by one to check which plugin is causing the issue.

Some of the themes may have requirements that you can check before installing. This may include incompatibility with certain plugins, which PHP versions and WordPress versions can be used.

Parse or Syntax Error with your theme

Another problem that you might encounter when installing a new WordPress theme is when you try to install some custom theme in WordPress, and you receive a syntax error. It’ll usually say something about “parse error” and “syntax error”. In this case, there’s a code issue within the theme itself. You should contact the theme developer or check the theme code for any syntax errors in the code.

What about child themes?

Installing child themes works in the same way as installing parent themes. You just need to ensure you keep the parent theme of your child theme installed. If you see any errors with the child theme but not with the parent theme, it’s possible that it is a permissions issue, in which case you can scroll up and try to fix your permissions again.

Conclusion

By trying each of these solutions, you shouldn’t have any issues with themes not installing on WordPress. If you still have trouble, however, get in touch with our managed server support team and we’ll make sure your themes can be installed, or we’ll at the very least tell you exactly why it’s not possible to install your theme.

The post How to Fix Themes Not Installing on WordPress appeared first on LinuxHostSupport.

In this article, we will configure a WordPress site to block these attacks. It’s important to note that there are varied ways an attacker can initiate the malicious activity ranging from simple scanning of the website to more advanced exploitation techniques. Our goal is to block IP addresses that are failing login attempts to the site and the ability to manually add IP address to be blocked.

What is an IP address?

In a network, computers or devices communicate and identify themselves by a numerical format like for example 172.31.100.16 which is 4 dotted decimal notation. Each field separated by a period and can be between 0 – 255. IP stands for Internet Protocol which is one of the many protocols the Internet is made of. However, we don’t have to explain in much detail about the IP address but you can check out Wikipedia’s article for more info about IP address – https://en.wikipedia.org/wiki/IP_address. Just remember that each request that hits your website.

IP Address Blocking using a Plugin

There are a lot of WordPress plugins available to choose from that can address our need. In this case, we’ll use Wordfence Security plugin – https://wordpress.org/plugins/wordfence/.

Wordfence is more than just a Firewall but also includes basic malware scanning that helps you find malicious files and the ability to remove them from your site. However, the more in-depth malware scanning is only available in premium version. In this guide, we will use the free version of Wordfence which will be enough to achieve our goal – to block IP addresses.

Installing Wordfence Plugin

To install the plugin, login into your WordPress admin dashboard and head to Plugins section. On the search bar, search for Wordfence. Once installed, you would be to see Wordfence in one the sidebar menus:

At this point, you can now block specific IPs by going into Wordfence > Firewall > Select Blocking tab, click on IP Address under Block Type, put the IP address and the reason for blocking this IP.

The process described here is to manually block the IP that you have known to block. The Premium version takes this step even further by monitoring in real-time known malicious IP addresses and automatically blocks those IPs without taking action on your part. However, the basic free version is enough in most cases.

Using some sort of security plugin like Wordfence to do the work of protecting  the site can most likely introduce performance issues. This especially true if you have several plugins installed alongside Wordfence. Although, this can vary from one site to another and depending on the amount of system resources your server hosting the site. To put it in perspective, it is way better to have at least one security plugin than no security at all.

Block IP using htaccess

Another way of blocking IP address is through .htaccess file. Yes, there is a dot in the first character of the filename. This is because .htaccess file is a hidden file in Linux and Linux assumes all files or directories with a period or dot as the first character as hidden files or directories.  WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. The .htaccess file can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionalities.

To start blocking IPs, we will now create an empty .htaccess file. In order for Apache to read this file, the location of this file must be on the path where the web root is located. Typically, using control panel such as cPanel this is located in /home/<cpanel_user>/public_html directory.

You can create a .htaccess file using any text editor such as Notepad, Sublime, TextPad or command line editors like vim or nano. The .htaccess file may already exist either by during installation or generated by a plugin. In most Wordpres  sites, the content of .htaccess file may contain basic configuration as shown below:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

The directives above are to make links posts and pages on WordPres site work. Without the appropriate directives, you may likely encounter page not found error or 404 error.

The syntax or format to block IP in .htaccess file is very straightforward and simple. It does not require you to be an expert programmer to be able to do this. You can add the directive on top of the .htaccess file like the following:

This directive will deny all access, regardless of an IP address including your IP.

deny from all

Or block the specific IP address

deny from 123.45.67.89

You can also block access from all except from certain IP addresses. This can be useful in situations where you want the site to be accessible only to specific IPs.

order allow,deny
allow from 172.16.32.156
allow from 136.47.111.2
deny from all

The above directives tells the Apache Web Server to deny access from all IPs except from 172.16.32.156 and 136.47.111.2. You can add any number of allow or deny lines for each IP. Visitors who’s IP is blocked will see the message:

'403 Forbidden'

You can modify the message above but it is beyond the scope of this article.

That’s it.

You should have an idea by now whether to choose using a plugin or by using .htaccess file to restrict IP addresses on your WordPress site.

Of course you don’t have to do any of this, if you use one of our Linux server management services, in which case you can simply ask our expert Linux admins to do this for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post,  please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to Block IP Addresses in WordPress appeared first on LinuxHostSupport.

WordPress has a limit for uploading images, videos, and other files. It’s a similar story for your PHP memory limit, which helps you run plugins and scripts. You can quickly check your WordPress upload file limit in  your WordPress installation if you navigate to WP Admin -> Media -> Add New. You will see the current max upload size on the bottom as shown in the screenshot.

By default, maximum upload size in WordPress ranges from 2MB to 200MB depending on the settings of your web hosting provider is giving by default.

Basically, there are four ways to increase the maximum file upload size in WordPress. Read on to find out how you can increase the WordPress upload limit

1. Update your php.ini file

In most cases if you are on a shared host, you will not see a php.ini file in your directory. If you do not see one, then create a file called php.ini and upload it in the root folder. In that file add the following code:

upload_max_filesize = 64M
post_max_size = 64M
max_execution_time = 300

2. Update your .htaccess file

If your web server is using Apache and PHP is set as an Apache module, then you can add a few lines of code in your WordPress .htaccess file to increase the max upload size in WordPress:

php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300

3. Edit your theme’s Functions.php file

One way to increase maximum file upload size in WordPress is to modify the theme functions file. Just add the following code in the theme function’s file and your upload limit will increase.

@ini_set( 'upload_max_size' , '64M' );
@ini_set( 'post_max_size', '64M');
@ini_set( 'max_execution_time', '300' );

4. Edit the wp-config.php file

If the first three methods haven’t increased your maximum file upload size, another way to increase the upload limit in WordPress is to add the following line to wp-config.php file:

define('WP_MEMORY_LIMIT', '64M');

By finishing this tutorial you have learned how to increase the maximum upload file size in WordPress. You will be able to upload bigger files from now on.

The above methods are tried and tested by many users across the internet. However, if these methods to increase the maximum file upload size in WordPress do not work for you, simply ask your hosting provider to increase the file size upload limit on your WordPress installation and they’ll surely help you out.

Of course you don’t have to do any of this if you use one of our Hosting Support Services, in which case you can simply ask our expert Linux admins to increase the Maximum File Upload Size in WordPress for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to Increase the WordPress Upload Limit appeared first on LinuxHostSupport.

mysql_secure_installation

Set your MySQL ‘root’ password before executing the script below. If for some reason you don’t remember your MySQL password, then you can easily reset your MySQL ‘root’ password as described here.

NOTE: Keep in mind that you need to have a domain name registered and pointing to your server’s IP address before installing WordPress, or else this script will not work.

This is the script, you will need to open up your favorite text editor, copy and paste this script into your editor, and save it with a name of your choice.

#!/bin/bash
#Install WordPress on a CentOS 7 VPS

#Set variables and create database

clear
echo -n "Enter your MySQL root password: "
read -s rootpass
echo ""
read -p "Database name: " dbname
read -p "Database username: " dbuser
read -p "Enter a password for user $dbuser: " userpass
mysql -uroot -p$rootpass <<MYSQL_SCRIPT
CREATE DATABASE $dbname CHARACTER SET utf8 COLLATE utf8_general_ci;
DELETE FROM mysql.user WHERE user='$dbuser' AND host = 'localhost';
FLUSH PRIVILEGES;
CREATE USER $dbuser@localhost;
GRANT ALL PRIVILEGES ON $dbname.* TO $dbuser@localhost IDENTIFIED BY '$userpass';
FLUSH PRIVILEGES;
MYSQL_SCRIPT
echo "Database created. Starting installation!"
sleep 2

#Download, install, and configuration of WordPress

read -p "Enter your server's public IP address: " address
read -r -p "Enter your WordPress URL [e.g. mydomain.com]: " wordurl
mkdir -p /var/www/html/$wordurl
cd /tmp/
wget -q http://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz -C /var/www/html/
rm -f /tmp/latest.tar.gz
mv /var/www/html/wordpress /var/www/html/$wordurl
cd /var/www/html/$wordurl
sed -e "s/database_name_here/"$dbname"/" -e "s/username_here/"$dbuser"/" -e "s/password_here/"$userpass"/" wp-config-sample.php > wp-config.php
chown apache: -R /var/www/html/$wordurl

#Create a Virtual Host

echo "

<VirtualHost $address:80>
 ServerName www.$wordurl
 DocumentRoot "/var/www/html/$wordurl"
 DirectoryIndex index.php
 Options FollowSymLinks
 ErrorLog logs/$wordurl-error_log
 CustomLog logs/$wordurl-access_log common
</VirtualHost>

" >> /etc/httpd/conf/httpd.conf

#Create .htaccess file

echo "

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

" >> /var/www/html/$wordurl/.htaccess

systemctl restart httpd

echo "Continue your installation at http://www.$wordurl/wp-admin/install.php"

#End of script

Once you have saved this file, now you will need to make this executable by running this command:

chmod +x <name of your file>

Now that you have made your file executable, you can now execute your script and install WordPress:

./<name of your file>

The script will then ask you for information to create a MySQL database for your WordPress installation, after which it then downloads, installs, and configures your installation to work with your database. Finally, it creates a virtual host with which your WordPress installation will be served to a web browser. Altogether, this should take no more than a few minutes to set up and run.

Now that you have successfully installed WordPress on your server, the last thing you’ll need to do is to navigate to http://<yourwebsitehere>.com/wp-admin/install.php and finish configuring your WordPress installation.

Of course, you don’t have to do any of this if you use one of our Linux Host Support services, in which case you can simply ask our expert Linux admins to install this for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, please share it with your friends on the social networks using the buttons below, or simply leave a comment. Thanks.

The post How to install WordPress on a CentOS 7 VPS in less than 2 minutes appeared first on LinuxHostSupport.

WordPress Files

First, we will make a backup of all of your WordPress site files.

To do so, you need to log in to your VPS via SSH.

Once logged in, you will need to navigate to your WordPress root directory. Depending on your server configuration this can be at a different location, for example, /var/www/html/wordpress/.

Your WordPress site consists of the following:

• the WordPress core installation files (stored in the wp-admin directory).
• the WordPress Themes and Plugins (stored in the wp-content directory).
• libraries and third-party components (stored in the wp-includes directory).
• Images and Files
• JavaScript and PHP scripts
• Additional files and static web pages

All of these together will generate your WordPress site, so it would be best to backup all of these files and directories.

It is usually enough to only copy your wp-content directory, as the contents of wp-admin and wp-includes are usually never modified, and you can always retrieve them from the original WordPress installer.

But, just so you can have a full working copy of our site, it would be a good idea to make a backup of all the WordPress files together.

So, if your WordPress root directory is located in /var/www/html/wordpress/, you can do this with the following command:

tar -cpzf wp-backup.tar.gz /var/www/html/wordpress/

This will create an archive file of all the WordPress files which generate your website.

WordPress Database

Your WordPress files alone are not enough if we want a complete backup of your website. All the information of your website, including your posts, comments, site configurations, user accounts and so on, is stored in your database.

You can make a full backup of your WordPress database with the following command:

mysqldump -u wp_user -p wp_database > wp_database_backup.sql

where “wp_user” is the name of the user of your WordPress database, and “wp_database” is the name of your database.

If you are not sure of the user, database name and password, you can find that information in the wp-config.php file inside your WordPress directory.

With this, you now have everything you need to successfully restore your WordPress site.

After you have successfully made a backup of both your WordPress files and database you can easily transfer them to your local computer via FTP or the other way around when you need to restore your website.

Of course, if you are one of our Linux Host Support customers, you don’t have to do any of this, simply ask our admins, sit back and relax. Our admins will make a backup of your WordPress site for you immediately.

PS. If you liked this post, on How to install Monica on Ubuntu 16.04, please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.

The post How to backup a WordPress site on your VPS appeared first on LinuxHostSupport.

1. Update the system and install necessary packages.

apt -y update && sudo apt -y upgrade
sudo apt install apt-transport-https lsb-release ca-certificates wget

2. Install MariaDB 10.1

sudo apt-get install mariadb-server

When the installation complete, run the following command to secure your installation:

mysql_secure_installation

Next, we need to create a database for our WordPress instance.

mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE wpdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wpdb.* TO 'wpuser'@'localhost' IDENTIFIED BY 'wpuser_passwd';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

3. Install and configure PHP 7.1

PHP 7.1 is not available via the default Debian repositories, so we will add the “packages.sury.org/php” repository, update the system and install the PHP 7.1 packages.

sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt update

To install the latest version of PHP 7.1 and all necessary modules, run:

sudo apt install php7.1-common  php7.1-readline php7.1-fpm php7.1-cli php7.1-gd php7.1-mysql php7.1-mcrypt php7.1-curl php7.1-mbstring php7.1-opcache php7.1-json 

Change few default PHP settings:

sudo sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/7.1/fpm/php.ini
sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 128M/" /etc/php/7.1/fpm/php.ini
sudo sed -i "s/zlib.output_compression = .*/zlib.output_compression = on/" /etc/php/7.1/fpm/php.ini
sudo sed -i "s/max_execution_time = .*/max_execution_time = 18000/" /etc/php/7.1/fpm/php.ini

PHP-FPM process manager has three choices: Static, Dynamic and Ondemand. The default setting for the process manager is “dynamic”, we will change it to “ondemand”.
Rename the default FPM  pool configuration file and create a new one:

sudo mv /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/www.conf.org
sudo nano /etc/php/7.1/fpm/pool.d/www.conf

[www]
user = www-data
group = www-data
listen = /run/php/php7.1-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
pm.max_requests = 200
chdir = /

Restart PHP-FPM:

sudo systemctl restart php7.1-fpm 

4. Install and configure Nginx

Install Nginx from the official Debian repositories:

sudo apt -y install nginx

Create a new Nginx server block with the following content:

nano /etc/nginx/sites-available/example.com

server {
  server_name example.com;
  listen 80;
  root /var/www/html/example.com;
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;
  index index.php;

  location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
  }

  location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
    access_log off;
    expires max;
  }

  location ~ /\.ht {
    deny  all;
  }

  location ~ \.php$ {
    fastcgi_index index.php;
    fastcgi_keep_conn on;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }
}

Activate the server block by creating a symlink:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com

Test the Nginx configuration and restart the server by running the following commands:

sudo nginx -t
sudo systemctl restart nginx

5. Install WordPress

Create a new directory for your WordPress site:

sudo mkdir -p /var/www/html/example.com

Download and extract the WordPress package:

wget -q -O - http://wordpress.org/latest.tar.gz | sudo tar -xzf - --strip 1 -C /var/www/html/example.com

Set the correct permissions:

sudo chown www-data: -R /var/www/html/example.com

Finally, run the WordPress installation script by accessing the URL in your web browser of choice. http://example.com/, enter the details for the database we created earlier in this post and create your WordPress admin user.

Of course, you don’t have to Install WordPress with PHP 7.1 and Nginx on Debian 9 if you use one of our WordPress Maintenance Services, in which case you can simply ask our expert Linux admins to Install WordPress with PHP 7.1 and Nginx on Debian 9 for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on How to Install WordPress with PHP 7.1 and Nginx on Debian 9, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to Install WordPress with PHP 7.1 and Nginx on Debian 9 appeared first on LinuxHostSupport.

What is XML-RPC attack?

XML-RPC is a remote procedure call that uses XML for encoding and HTTP for transport. WordPress is using XML-RPC for information exchange between clients on the network.
Using this functionality, the attacker can send thousands of brute-force attacks against your WordPress site in a very short time period.
The attacker will try to log in using the xmlrpc.php script with random username/password combinations many times per minute, thus affecting the brute-force attack on your WordPress site.
Another problem is that xmlrpc.php also allows the attacker to guess hundreds of password combinations using only several HTTP requests. This would also lead to a very high database load.
This could also bring your site down, displaying the “Error establishing database connection” error.

How to block XML-RPC attack?

There are several ways to block XML-RPC attacks.

1. Install one of many WordPress plugins that deal with XML-RPC

You can find a lot of plugins that do that. Like the ones on this page.

2. Block all xmlrpc.php requests in WordPress

If you’re running on an Apache web server, you can do that by inserting the following code in the .htaccess file in your WordPress website’s document root:

< Files xmlrpc.php >
order deny,allow
deny from all
< /Files >

3. Block xmlrpc.php in the Apache/Nginx configuration file

If you’re using Apache, do that by inserting the following code in your Apache configuration file:

< VirtualHost >
----------
< files xmlrpc.php >
order allow,deny
deny from all
< /files >
< /VirtualHost >

If you’re using Nginx, block xmlrpc.php by inserting the following code in your Nginx configuration file:

server {
-----------
location /xmlrpc.php {
deny all;
}
}

How to search for and find XML-RPC attacks in different Linux distributions?

On CentOS with Apache:

# grep xmlrpc /var/logs/httpd/access.log

On Ubuntu with Apache:

# grep xmlrpc /var/logs/apache2/access.log

For a server with Nginx:

# grep xmlrpc /var/logs/nginx/access.log

For a server with cPanel:

# grep xmlrpc /home/username/logs/access.log

If your WordPress site is under attack, the result of the previous commands would be similar to the following:

“POST /xmlrpc.php HTTP/1.0” 200 674 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”

Of course, you don’t have to do any of this if you use one of our Server Security Patches and Updates Services, in which case you can simply ask our expert Linux admins to secure WordPress and prevent XML-RPC attacks for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, please share it with your friends on the social networks using the buttons on the left or simply leave a comment below. Thanks.

The post How to Prevent XML-RPC Attacks on your WordPress site appeared first on LinuxHostSupport.

Here, we’ll share with you the 3 most common reasons due to which your WordPress site is displaying the 403 Forbidden Error and their fixes.

403 Forbidden Error Caused by a WordPress Plugin

First thing to do is to deactivate all WordPress plugins temporarily including security plugins that have been installed on your site. If this step stops this problem, it means one of the plugins is causing this error. Then, you can figure out which plugin was causing the error by activating one plugin at a time until you get that 403 error again.

Our recommendation is to use as few plugins as possible. There may be some incompatibilities when using multiple plugins and you get a higher chance of a security breach when you have more active plugins.

403 Forbidden Error That is Caused by File Permissions

Incorrect file permissions can cause a 403 forbidden error on your WordPress site. It also makes the web server think that you actually don’t have the permission to access those files that you are trying to reach. If the above solution doesn’t solve the 403 forbidden error on your WordPress website then incorrect file permissions is the next thing to check.

If you want to resolve this issue, connect to your WordPress site using an FTP client. Navigate to the root folder where all WordPress files are located. Make sure that all the folders on your WordPress site have a permission of 744 or 755 and all the files should have permissions of 644 or 640. After implementing this solution, the 403 forbidden error should be gone if that was the issue in the first place.

403 Forbidden Error Caused by Corrupt .htaccess File

Most often the error 403 is caused by a corrupt .htaccess file on your WordPress server. To be honest, repairing this file is quite easy.

First, please connect to your website using an (s)FTP client or use the file manager in your control panel (if you have one).

Next, locate the .htaccess file which is inside the root folder of your WordPress site. Remember that the .htaccess file is one of the system files so if you are accessing through a control panel, please enable the “show hidden files” option.

If you are accessing through some (s)FTP software you’ll need to download the .htaccess file on your computer so that you have a fresh backup of it and edit it there. After that, you need to delete the file from your server.

Try accessing your website once you are done with the editing. If 403 forbidden error is resolved and is not showing on your site then this means that your .htaccess file was corrupt and responsible for the problem that you had.

You can generate a fresh .htaccess file from your WordPress admin area – just go to Settings » Permalinks page. Simply click on the Save Changes button that is found at the bottom of the page and WordPress will generate new and fresh .htaccess file.

Conclusion

As you can see, the 403 Forbidden error is really nothing to be scared of but it will cause you some pain. Chances are that if you ever run across this issue you can fix it as simple as this and also with the help of our tutorial here.

If you are running a WordPress site and run into 403 Forbidden Error than this is what you need to do:

• Check your plugins.
• Check your user privileges.
• Check your .htaccess file.

If you still can’t fix your 403 forbidden error on your WordPres site, contact us and we’ll fix the error for you.

Of course, you don’t have to do any of this if you use one of our Service Configuration and Optimization Services, in which case you can simply ask our expert Linux admins to fix the 403 Forbidden Error for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to Fix 403 Forbidden Error in WordPress appeared first on LinuxHostSupport.

What is browser caching?

When you, as a user, visit a webpage for the first time then your browser will store a copy of the static files like images, CSS, java scripts and favicon locally on your computer. This basically means that your computer will not download those files again when you visit that website. The webpage at the end will load faster and this is called browser caching.

How to leverage browser caching?

First, you’ll need to disable the ETag header because this tutorial will teach you how to use Expires. The ETag technology is slow and full of problems.

Add the lines below to your .htaccess file:

Header unset Pragma
FileETag None
Header unset ETag

Additionally, add the lines below and you’ll start to enable Leverage Browser Caching

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</IfModule>
## EXPIRES CACHING ##

This code, your main static files (images, PDFs, CSS, JS, etc.) will be cached on your visitor’s computer in order to produce faster loading of your webpage in the future.

Compress Components

If you compress things then you will always end up making them smaller and hence load faster, so implementing some form of compression on your components is a must have. This optimization step might not work if your server does not have either mod_deflate or mod_gzip installed as part of Apache.

<FilesMatch "\\.(js|css|html|htm|php|xml)$">
SetOutputFilter DEFLATE
</FilesMatch>

<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>

Bonus tip that we want to share with you:

You can leverage browser caching with the W3 Total Cache Plugin. If you don’t already have it installed, you can do so for free on your WordPress site.

After you install the W3 Total Cache Plugin, simply head over to your WordPress Dashboard » Performance » General Settings and Enable “Browser cache“

After that, go to Performance >> Browser Cache. Apply the following settings.

Browser Cache – General Settings

• Enable “Set Last-Modified header”
• Enable “Set expires header”
• Enable “Set cache control header”
• Disable “Set entity tag (eTag)”
• Enable “Set W3 Total Cache header”
• Enable “HTTP (gzip) compression”
• Disable “Prevent caching of objects after settings change”
• Disable “Do not process 404 errors for static objects“

Browser Cache – CSS & JS

• Enable “Set Last-Modified header”
• Enable “Set expires header”
• Expires header lifetime – 31536000 seconds (1 year)
• Enable “Set cache control header”
• Cache Control Policy: cache with max-age
• Disable “Set entity tag (eTag)”
• Enable “Set W3 Total Cache header”
• Enable “HTTP (gzip) compression”
• Disable “Prevent caching of objects after settings change “
• Disable “Disable cookies for static files “

Browser Cache – HTML and XML

• Enable “Set Last-Modified header”
• Enable “Set expires header”
• Expires header lifetime – 3600 seconds (1 hour)
• Enable “Set cache control header”
• Cache Control Policy: cache with max-age
• Disable “Set entity tag (eTag)”
• Enable “Set W3 Total Cache header”
• Enable “HTTP (gzip) compression”

Browser Cache – Media and other files

• Enable “Set Last-Modified header”
• Enable “Set expires header”
• Expires header lifetime – 31536000 seconds (1 year)
• Enable “Set cache control header”
• Cache Control Policy – cache with max-age
• Disable “Set the entity tag (eTag)”
• Enable “Set W3 Total Cache header”
• Enable “HTTP (gzip) compression”
• Disable “Prevent caching of objects after settings change”
• Disable “Disable cookies for static files”

That’s it all you need to do. Run the page speed test again and see the results. You will see your PageSpeed Score will be improved and your website will load much faster than before.

Of course, you don’t have to do any of this if you use one of our Service Configuration & Optimization services, in which case you can simply ask our expert Linux admins to speed up WordPress and leverage browser caching for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to Leverage Browser Caching in WordPress appeared first on LinuxHostSupport.

• PHP version 7 or higher with the GD graphics library version 2.0.x+ and MySQLi PHP extensions enabled, with memory_limit PHP variable set to 64 MB or higher (128 MB or higher is preferred)
• Apache or nginx web server;
• MySQL version 5.6 or higher or MariaDB version 10.0 or higher.

Let’s start with the installation.

Update OS packages:

Make sure your package list and the OS packages are up to date by running the following commands:

sudo apt-get update
sudo apt-get upgrade

To install the latest nginx version on your virtual server from the official nginx repository, edit the ‘/etc/apt/sources.list’ file:

sudo vi /etc/apt/sources.list

Add the following lines to it:

deb http://nginx.org/packages/ubuntu/ xenial nginx
deb-src http://nginx.org/packages/ubuntu/ xenial nginx

Add the nginx GPG key:

wget http://nginx.org/packages/keys/nginx_signing.key
cat nginx_signing.key | apt-key add -

Stop the Apache service and remove it:

sudo service apache2 stop
sudo apt-get remove apache2

Install nginx on your virtual server using the following commands:

sudo apt-get update
sudo apt-get install nginx

Configure the nginx service to automatically start on boot:

sudo /lib/systemd/systemd-sysv-install enable nginx

Install PHP and enable required PHP modules:

sudo apt-get install php7.0-common php7.0-curl php7.0-fpm php7.0-gd php7.0-imap php7.0-json php7.0-mbstring php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-xml php7.0-mcrypt php7.0-zip
sudo phpenmod mcrypt
sudo phpenmod imap

Then, start with the WordPress installation procedure.

Download WordPress

Get the latest version of WordPress available at https://wordpress.org/download. Download it to a directory of your virtual server and extract it using the following commands:

cd /opt/
wget https://wordpress.org/latest.zip
unzip latest.zip -d /var/www/html/

Create a new nginx configuration file and add the following virtual block for your domain name:

vi /etc/nginx/sites-available/your-domain.com.conf

Add the following lines:

server {
listen 80;
server_name your-domain.com www.your-domain.com;

root /var/www/html/wordpress;
index index.php index.html;
access_log /var/log/nginx/your-domain.com-access.log;
error_log /var/log/nginx/your-domain.com-error.log;
charset en_us.UTF-8;

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}

location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

Then, edit the main nginx configuration file (/etc/nginx/nginx.conf) and add the following line before the end of the http block:

include /etc/nginx/sites-enabled/*.conf

Activate the new nginx block by creating a symbolic link between the sites-available directory and the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/your-domain.com.conf /etc/nginx/sites-enabled/your-domain.com.conf

Do not forget to replace your-domain.com with your actual domain name. Then, delete the ‘default’ nginx configuration file:

rm /etc/nginx/sites-enabled/default

Open the ‘/etc/php/7.0/fpm/pool.d/www.conf’ PHP configuration file and change the ‘listen’ variable:

change:

listen = /run/php/php7.0-fpm.sock

to

listen = 127.0.0.1:9000

Edit the ‘/etc/php/7.0/fpm/php.ini’ PHP configuration file:

vi /etc/php/7.0/fpm/php.ini

Add/modify the following settings:

max_execution_time = 300
max_input_time = 300
memory_limit = -1
post_max_size = 64M
upload_max_filesize = 64M

The web server user (www-data) needs to be able to write to files and directories inside the ‘/var/www/html/wordpress’ directory, so it can easily be accomplished by executing the following command:

sudo chown www-data:www-data -R /var/www/html/wordpress/

Test the nginx configuration:

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If the test is successful, restart php7.0-fpm and Nginx services for the changes to take effect:

sudo service php7.0-fpm restart
sudo service nginx restart

Create new MySQL user and database:

WordPress requires a database to work as this is where data is saved, so create a new MySQL database on your server:

mysql -u root -p
mysql> SET GLOBAL sql_mode='';
mysql> CREATE DATABASE wpdb;
mysql> CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'y0ur-pAssW0RD';
mysql> GRANT ALL PRIVILEGES ON wpdb.* TO 'wpuser'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> quit

Copy the WordPress sample config file (wp-config-sample.php):

cd /var/www/html/wordpress/
cp wp-config-sample.php wp-config.php

Set up the MySQL database information:

vi wp-config.php

define('DB_NAME', 'wpdb');
define('DB_USER', 'wpuser');
define('DB_PASSWORD', 'y0ur-pAssW0RD');

Do not forget to replace ‘y0ur-pAssW0RD’ with a strong password.

To install WordPress, open http://your-domain.com using a web browser and follow the easy instructions: select a language, create an administrator user account, enter your email address and click ‘Install WordPress’.

Log in to the WordPress administrator backend, go to plugins, search for ‘W3 Total Cache’ and install the W3 Total Cache plugin. Then, install a theme and other plugins of your choice, and configure WordPress according to your needs.

That is it. The WordPress installation is now complete.

Of course, you don’t have to do any of this if you use our Software Installation Service, in which case you can simply ask our expert Linux admins to install and configure WordPress with nginx, install W3 total cache plugin etc. for you. They are available 24×7 and will take care of your request immediately

PS. If you liked this post please share it with your friends on the social networks using the buttons below or simply leave a comment. Thanks.

The post How to Install WordPress with Nginx and W3 Total Cache on Ubuntu 16.04 appeared first on LinuxHostSupport.