Tag: wordpress
Fail2ban and wordpress
25/07/2014
If you use fail2ban on your server and you are running WordPress you could use this plugin:
https://wordpress.org/plugins/wp-fail2ban/
“WP fail2ban logs all login attempts, whether successful or not, to syslog using LOG_AUTH.”
So now when kiddies try to “hack” your login page, Fail2Ban will kick in and do its job.
wordpress.conf:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# Fail2Ban configuration file # # Author: Charles Lecklider # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = wordpress # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = |
WP fail2ban plugin:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
<?php /* Plugin Name: WP fail2ban Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/ Description: Write all login attempts to syslog for integration with fail2ban. Version: 1.2.1 Author: Charles Lecklider Author URI: https://charles.lecklider.org/ License: GPL2 */ /* Copyright 2012-13 Charles Lecklider (email : wordpress@charles.lecklider.org) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ add_action( 'wp_login', function($user_login, $user) { openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH); syslog(LOG_INFO,"Accepted password for $user_login from {$_SERVER['REMOTE_ADDR']}"); },10,2); add_action( 'wp_login_failed', function($username) { openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH); syslog(LOG_NOTICE,"Authentication failure for $username from {$_SERVER['REMOTE_ADDR']}"); }); |
Testing facebook intergration
14/11/2013
We all have different websites we like to post to.
Facebook, twitter, your own personal blog, the companies news page etc etc.
check
So now I try to connect this blog to facebook to see if thats working..
Redirect to my blog
29/07/2010
This blog was created in the directory /blog/ so we needed to ad a little piece of code to redirect browsers to this blog.
So instead of going to http://pieter.blinkenshell.org/blog/ you can also browse to http://pieter.blinkenshell.org to get on this blog.
Edit (when your on blinkenshell):
/public_html/index.html
and add:
<html><head><meta HTTP-EQUIV=”REFRESH” content=”0; url=http://[YOUR.USERNAME].blinkenshell.org/blog/”></head><body></body></html>
Sure there are many other way’s to do this..
Disable comments in WordPress
29/07/2010
Ofcourse you can disable the comments in the admin dashboard
Settings > Discussion >
[ ] Allow people to post comments on new articles
But on some themes it will still show up on your blog.
So I took a dive into my theme files:
/blog/wp-content/themes/[mytheme]
and took the comment text out of:
comments.php and index.php
Done