Tag: Security

Smoothly Repair Database WordPress Inbuilt Function in 5 Min

Tuesday 8 September 01:02
Repair Database Easily on WordPress, With an Inbuilt Core Function,
Has your website been attacked with a Malicious code?

If yes, this small tutorial on Repairing Corrupt WordPress could help you get it back just in a matter of 5 minutes.

Just relax first. We have to do things step by step and get the site running back.

Understanding The Common Cause For WordPress Database Problem

First Lets understand how a WordPress plugin can destroy a live website and why you should not use any premium plugin that is not directly sold by the developer in one of my detailed posts here with the title as :

WordPress Premium Plugins Free or $5 Exposed not the right choice

The aim of the Attacker is on the SQL Database injection where all your queries get stored. A database contains important things like user passwords and credentials.

The effects could be felt with a sudden memory exhaust, or with a burst-able zone CPU usage over 100%,
thus bringing the website down and making the site owner helpless to login.

Another cause can be a non compatible plugin with your WordPress, a plugin that is recently installed and has some functions that conflict with your other active plugins.

Removing the Plugin Folder

The first thing you may do is, getting the plugins deleted that caused an attack or error you know that what recently you have installed.

To delete the same, you can remove the same with an FTP or SFTP access. If you use Lightsail, I have given a detailed post here on how to Connect Amazon Lightsail using SFTP.

On the terminal, you can always use the basic command. Here “Path” will be yours, You can remove the plugin folder with any size within seconds by this command.

Sudo rm -rf /your/folder/path

After the folder is removed next is to repairing the database.

Repairing Database WordPress Default Repair Functionality

WordPress has excellent code, repairing and debugging are the two essential database functions,

that are inbuilt in WordPress and are helpful for the Site Owners and developers to locate problems and resolve them,

so we will just put both in our configuration file.

First, we will open the Directory. You can do that with whatever, as per your hosting, I am more comfortable on the Terminal and SUDO editor.

so once inside the WordPress directory, its

sudo nano wp-config.php

Here are the two lines you need to add to the wp-config file :

You can just copy these two from here :

define('WP_ALLOW_REPAIR', true);
define( 'WP_DEBUG', true ) ;

Once done you can just use this URL by adding your domain like in the picture above the url is :

https://yourdomain.com/wp-admin/maint/repair.php

Now Click on the Repair Database option

Repairing WordPress Database

Once done it will ask you to delete the Code, from WP-CONFIG, so you can just comment the code like this to use the same in the future :

I also made Debug true as if any error prevails can be seen,

Next, once you use the same URL for repair it will show :

The Database is Repaired !

Cleaning Up Unused WordPress Tables With Garbage Collector Plugin

Plugins you install and delete, certainly leave back files on your server, that files are SQL Tables folders and settings.

For cleaning them completely you can go ahead and install this plugin called Plugins Garbage Collector (Database Cleanup) by Vladimir Garagulya,

This Plugin Helps with unused Database Tables For Cleaning Folders, you can do with FTP manually like FileZilla.

This Plugin is 100% Free to Download form the WordPress Repository

Just go to Tools > Database Cleanup

Select the Options to SCAN Hidden Tables also

Go ahead with the SCAN of the Database, this will show you within few seconds what tables are created that are unused.

Now just select these tables in the RED, and scroll down to an option DELETE, and done!

You only have to select the 2nd Column, the first selection Hides the Table.

Like in this picture here :

Click on delete it will delete the tables.

After this function, if you do not regularly try new plugins on your live site, delete the same plugin as it won’t be of any use.

Its always recommended using the plugins as less as possible as every plugin consumes scripts, CSS, queries, and eats up the server resources.

Once it deletes the same, you will get a confirmation like this.

After that, you can rescan the same to confirm the same.

If you are using a cloud server, VPS Hosting and want to connect your database on a local machine kindly read my post Connect Remotely AWS Lightsail MySQL Sequel Pro on macOS in 5min.

September 8, 2020
Getting an A+ SSL Rating on Nginx Apache Server
Saturday 8 August 15:18
Getting A+ SSL Rating on Apache

Getting an A+ SSL Rating on Lightsail is just a 5-minute task,

It’s only turning off old versions of SSL from your configuration file.

Getting a free SSL is well documented by the lightsail team here, in a 9 Step Tutorial, if you have not got an SSL please get one,

SSL improves your SEO, maintains trust for the visitor and is a must for any website in 2020.

After reading this post from Qualys, searching some more articles

I could make out that getting A+ SSL rating and not allowing the previous versions of SSL on a website or a blog is both good for your SEO Strategy and Security part.

So, here it is Get your site checked here on the Qualys Tool For SSL it’s Free!

Here is a screenshot of a test when I just started this blog and was continuously improving on its security, SEO, and everything I could do for achieving a simple, secure and a pro website.

Getting the same as an A+ was just a 5 minutes task, from start to finish on a lightsail hosted website, using apache server, with bitnami image of wordpress.

Here’s how I got this from B to A+

Just head over to your SSH Window and start with :

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Soon you are into editing the bitnami.conf file, so we have to just turn off the old versions of SSL

Find this line with “CTRL+W”, or whatever that line reads near SSL Protocol

SSLProtocol all -SSLv2 -SSLv3

Change the same to

SSLProtocol TLSv1.2

CTRL+O to write out and CTRL+X to Exit

Restart the Apache

sudo /opt/bitnami/ctlscript.sh restart

Getting A+ SSL Rating Nginx Server

sudo nano /etc/nginx/nginx.conf

Change the lines that start with #SSL Settings to Exactly the code below this would also add the session timeout and Strict Security Header :
```
    ##

    ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ##
```
Once done just restart your server with :

sudo service nginx reload && sudo service nginx restart

This gives A+ SSL Rating.

SSL is a must if you use AMP on your WordPress Blog. , Also here’s a collection of some website testing tools that I keep on updating.

HSTS Preload on NGINX Server
```
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
```
This gives you a HSTS Header on your site, if you use Nginx Server, Enrolling to HSTS list is good for your sites security, this enables browsers to understand that your site is only served on a secured connection.

You can enrol here for HSTS, First, you need to test on the same link then Enroll the domain.

HSTS Preload on APACHE Server

Mod Headers Looks Like :

First, enable mod headers in your httpd.conf file,

you can find in the /etc/apache2/httpd.conf :
```
LoadModule headers_module modules/mod_headers.so
```
then simply add the below line in your virtual host’s file.
```
<VirtualHost *:443>
...
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
...
</VirtualHost>
```
August 8, 2020