-
Bash script to bulk-ban IP addresses found by WordFence (using csf, geoiplookup)
We currently use the excellent WordFence plugin on almost all of the WordPress installations we host. Once a week or so, WordFence will email a list of IP addresses it’s detected that are attacking a given site — i.e. they’re trying to brute-force something on the server, guess passwords, take advantage of possible software vulnerabilities.…
-
Using GeoIP.dat and Apache on cPanel / WHM to block 75,000+ attacks on wp-login.php in one day
After yet another brute-force attack on our servers hosting WordPress sites today I finally decided it was time to take some drastic action. There are a number of different approaches you can take, this is what I did to block literally over 75,000 attacks against wp-login.php today. Step 1: Install the GeoIP database and Apache module Step…
-
WordPress 3.1 is released!
We have 82 installations of WordPress on our servers and are excited for the new release of WordPress 3.1. There are a bunch of neat new features, but probably the thing that most of our clients will notice first is that there is a new admin bar that will show up for them. Should be…
-
WordPress 3.0.2 released (security update)
WordPress 3.0.2 has just been released. Announcement here: http://wordpress.org/news/2010/11/wordpress-3-0-2/ This is a security release, so you should definitely upgrade your installations of WordPress! Link to share this: https://gabrielserafini.com/blog/2010/11/30/wordpress-3-0-2-released-security-update/
-
Fix for Twitter Tools open_basedir error
If you’re like me you’ve been using the excellent Twitter Tools plugin for WordPress for a while now. Recently a client noticed that there was a sporadic error being shown that was similar to this: Warning: require_once() [function.require-once]: open_basedir restriction in effect. File(twitteroauth.php) is not within the allowed path(s): (/home/fern:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/fern/public_html/wp-content/plugins/twitter-tools/twitter-tools.php on line 1516…
-
How to locate your php.ini file
When you need to know where the php.ini configuration file is on your server, here is a handy way to find it: php -i | grep php.ini Give it a try. Link to share this: https://gabrielserafini.com/blog/2010/07/15/how-to-locate-your-php-ini-file/
-
How to Unix tip: Find and remove files older than a certain time period
If you find a directory such as /tmp/ filling up with old and uneeded files, here’s a quick tip for finding and removing what you don’t need anymore. Note that the delete function WILL remove everything it finds, so please understand exactly what it is you are doing here before running that command. Command to…
-
WordPress 2.9.1 is now out
We’ll be upgrading most of our clients to the latest version of WordPress 2.9.1 now that they’ve resolved a number of the issues we were seeing with the 2.9 release. Good job guys on getting a quick fix out! Link to share this: https://gabrielserafini.com/blog/2010/01/05/wordpress-2-9-1-is-now-out/
-
How to fix 301 error when importing blog posts including images from a WordPress.com blog into a new WordPress.org blog
The current import script (as of WordPress 2.8.6) is broken when it comes to successfully importing images from WordPress.com. The error you see is something like Remote file error: Remote file returned error response 301 Moved Permanently Fixing this involves adding a couple of lines to a core WordPress file. Hopefully a future version of…
-
Is WordPress automatic install / upgrade compatible with a SVN deployment of WordPress?
Question: Is the built-in WordPress automatic install / upgrade process compatible with a SVN deployment of WordPress? Short answer: Yes. Ever since WordPress came out with the automatic upgrade functionality in 2.7 I’ve hesitated to use it since the majority of our client installs are deployed using Subversion (svn) and I wasn’t sure how it…