Wordpress

Infrastructure Secured with the Plesk 12 Security Core

Plesk12_overview-plesk-graphic-2014-0430Enhanced Security on All Levels.

The new Security Core in Plesk 12 combines ModSecurity and Fail2Ban with Outbound Antispam and ServerShield™ tools allowing you to deliver server-to-site security out of the box.
 

With the Plesk 12 Security Core on your servers you get:

  • Secure servers that protect against persistent attacks targeting known or newly discovered vulnerabilities
  • Increased uptime as malicious attacks against your servers are automatically blocked in real time
  • Cleaner IP addresses with outgoing spam protection preventing your servers from being blacklisted
  • Faster site performance and bandwidth savings with next generation CDN
SP_Plesk12_SecurityCore_graphic_653x258_EN_0fc2738462

All security components work together leading to a more reliable infrastructure.
 
About ServerShield™
Odin partnered with CloudFlare to build ServerShield™, a complete security solution that enables server administrators and websites owners to protect and speed up any website with just a few clicks.

ServerShield helps to block hackers, spammers, botnets, and DDoS attacks. In addition, it offers free and unlimited reputation monitoring by StopTheHacker.

End-customers also get CloudFlare’s next generation CDN, which brings content closer and faster to visitors where on average, a website on CloudFlare loads twice as fast and saves 60% of bandwidth. No configuration or setup is needed.

The WordPress Toolkit in Plesk 12 Makes Life Easier for Web Professionals

The WordPress Toolkit simplifies daily tasks required to manage and secure WordPress sites.

Save time on WordPress site and security management. Spend more time on your core business.

With Plesk 12 and the WordPress Toolkit, you will be able to:

  • Manage multiple WordPress installations, plugins, and themes from a single point of entry
  • Easily install, update, and remove WordPress, plus activate and remove plugins and themes
  • Securely install WordPress and harden any existing WordPress installation by applying the most common recommended security settings with rollback support

The WordPress Toolkit is included in both the Plesk Web Pro and Web Host editions. All Plesk 12 hosting plans include this essential WordPress service at no additional cost.

WordPress Installation Management.
Manage multiple WordPress installations, plugins, themes, updates, and upgrades from a single point of entry.

 

WordPress Security Management.
Scan WordPress installations to identify insecure settings and secure them in one click.

Unable to execute SQL: Table ‘./db/wp_comments’ is marked as crashed and should be repaired

How to Fix: Crashed MySQL Database

If your database is marked as crashed and needs to be repaired you may find it will not backup (or migrate) using mysqldump. In these instances you need to login to mysql and run the check/repair process. It’s very easy.

First, you need to authenticate to the mysql server. The example below is for Plesk servers:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow`

Let’s check the table and see the current status:

# mysql> check table db.wp_comments;
+-----------------------------------+-------+----------+-----------------------------------------------------------+
| Table | Op | Msg_type | Msg_text |
+-----------------------------------+-------+----------+-----------------------------------------------------------+
| db.wp_comments | check | warning | Table is marked as crashed |
| db.wp_comments | check | error | Size of datafile is: 26984448 Should be: 26985708 |
| db.wp_comments | check | error | Corrupt |
+-----------------------------------+-------+----------+-----------------------------------------------------------+
3 rows in set (0.00 sec)

Now we can see the problem, let’s run the REPAIR TABLE facility:

# mysql> repair table db.wp_comments;
+-----------------------------------+--------+----------+-------------------------------------------------------+
| Table | Op | Msg_type | Msg_text |
+-----------------------------------+--------+----------+-------------------------------------------------------+
| db.wp_comments | repair | info | Found block that points outside data file at 26984408 |
| db.wp_comments | repair | status | OK |
+-----------------------------------+--------+----------+-------------------------------------------------------+
2 rows in set (4.23 sec)

That’s now all fixed. Yes, it’s that easy! Let’s check the table again to be 100% sure:

# mysql> check table db.wp_comments;
+-----------------------------------+-------+----------+----------+
| Table | Op | Msg_type | Msg_text |
+-----------------------------------+-------+----------+----------+
| db.wp_comments | check | status | OK |
+-----------------------------------+-------+----------+----------+
1 row in set (0.05 sec)

You can now transfer your MySQL database, dump it or re-migrate it as required.

WordPress Services: Upgrade and Maintenance Services

wordpress-logo-updateWordPress Maintenance Service – Not comfortable upgrading your WordPress site? It is essential to run the latest WordPress. Let us do the work for you.

Why you need to upgrade your WordPress site

  • An outdated version of WordPress leaves your blog at risk of malicious hacker attacks.
  • When WordPress releases a maintenance and security release, it contains file changes and/or removal to fix vulnerabilities and bugs to help protect your site. These WordPress security updates are vital in hardening your WordPress site.
  • Major releases of WordPress contain the latest improvements and features and some security updates and bug fixes.
  • Outdated, obsolete, abandoned, and inactive WordPress plugins and themes pose security risks.

Our WordPress Security Experts will upgrade your WordPress site for you.

What’s included…

  • A working backup of your database and all website files saved to our external storage.
  • Conflict and compatibility check of your WordPress plugins and themes.
  • Manual removal of all obsolete and vulnerable WordPress core files.
  • Update of the latest WordPress core files.
  • Database upgrade to the latest stable WordPress version.
  • Manual update of your outdated WordPress plugins (Note: For premium plugins, we must have access to the latest version).
  • Removal of inactive, obsolete, and vulnerable WordPress plugins.
  • Manual upgrade of your current theme (Note: For premium plugins, we must have access to the latest version).
  • Manual upgrade of both WordPress default themes.
  • Removal of inactive WordPress themes.
  • We test of your updated site, plugins, and theme to ensure it’s functioning properly.

For peace of mind, let our experts do the work for you.

red_ordernow

Find all WordPress folders with 777 permissions

How to find all folders with 777 permissions


As the owner of a dedicated server provided shared hosting services, you will find that many of your clients will install applications such as WordPress. So far so good. However, once they start getting stuck with file and folder permissions, they generally go crazy and set everything to 777 in order to fix the problems. Great, they get their site working! Now begin your problems.

With these liberal file and folder permissions together with some not-so-well written plugins, it is only a matter of time before the hackers and crackers target these weak WordPress sites and start injecting all manner of redirects and mail spammers on your server.

Using ‘find’ to locate those weaknesses

So, here is a nifty solution to find all those weak WordPress installations. The following find will list all WordPress installations that contain folders with 777 permissions:

find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/"

Give this a whirl on your Plesk server and take a look at the list, navigate to each folder and tighten up the permissions as below:

cd /var/www/vhosts/dodgydomain.co.uk/httpdocs
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod 750 ../httpdocs

These permission changes eliminate all unnecessary 777 permissions.

Ok, let’s automate the whole process

What? You have lots of these? Then here is a nifty script to automate the process for you:

df=`find /var/www/vhosts/*/httpdocs/wp-content -perm 0777 -type d | grep -v "wp-content/" \
| sed "s/wp-content//g"`

for line in $df;
  do
    echo $line
    cd $line
    find $line -type d -exec chmod 755 {} \;
    find $line -type f -exec chmod 644 {} \;
    chmod 750 $line
  done

This makes things a little more difficult for any would-be injection attempts. If your directory structure is different to the standard Plesk structure simply modify the find command as required.