Live Blog

The original Live Blog is at https://wpguide.io/live-blog I will be migrating content over slowly.

Question – DNS CNAME’s, CNAME Flattening, and Cloudflare How does it work?

Question This question was on Facebook, and it’s needed a blog post 🙂 This is about CNAME flattening and references this Gridpane KB. https://gridpane.com/kb/dns-management-and-cnames/ This question is not GP specific so thought to try here instead of the GP forum. In the example given above, CNAME at the client DNS ultimately points to clientname.yourdomain.com. This makes sense and works. Now I want to set this up for a subdomain. To get a subdomain (ie.subdomain.clientdomain.com) to point to a GP server, is this the way to set things up? At client DNS, setup CNAME = subdomain and point it to clientname.yourdomain.com…
Read More

Get the size of a Single MySQL Database or All MySQL Database Sizes on a Server

Getting Single MySQL Database Size This is the command I use to get a single database size in MySQL: replace <DATABASE_NAME> with the database you wish to check. mysql -e “SELECT table_schema AS \”Database\”, ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS \”Size (MB)\” FROM information_schema.TABLES WHERE table_schema = \”<DATABASE_NAME>\” GROUP BY table_schema;” Getting Entire Server MySQL Database Size The following command will provide you with a list of databases and their sizes as well as a total. mysql -e ” SELECT * FROM ( SELECT table_schema AS ‘Database’, ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS ‘Size…
Read More

Stopping WordPress Comment Spam when using WP Discourse

Introduction When using the WP Discourse plugin on your WordPress site, you need to ensure that comments are enabled as the WP Discourse plugin will hook into all of the portions of the WordPress comment system. Unfortunately this causes the endpoint for comment posting wp-comments-post.php to still be active and accepting of requests, which bots will eventually use to try and post comments. Solutions 1 – WP Discourse There isn’t a solution within the WP Discourse plugin to block these requests. 2 – Code Snippet to Block wp-comments-post.php You can use the following code snippet to block the requests, I’ve…
Read More

rtCamp Nginx Helper Plugin Security Vulnerability

Introduction If you haven’t heard already, the Nginx Helper Plugin by rtCamp has an unpublished security vulnerability. Here’s the listing from patchstack. Patchstack Report WordPress Nginx Helper pluginpatchstack.com There is an issue currently on the Github repository owned by rtCamp Great Plugin! Please issue a security fix! · Issue #315 · rtCamp/nginx-helper · GitHubhttps://patchstack.com/database/vulnerability/nginx-helper/wordpress-nginx-helper-plugin-2-2-3-sensitive-data-exposure-vulnerabilitygithub.com Hopefully it get’s patched soon. Update #1 After talking with Oliver Sid, he had the following to say. During this time the report had been taken down. It looks like it was disputed by rtCamp and therefore a decision was made to remove it. It was…
Read More

Using Cloudflare Proxied SSL Certificates without using the GridPane Cloudflare Integration and Generating Self Signed Certificates

Introduction This article tackles using Cloudflare Proxied SSL Certificates with GridPane when not using the GridPane Cloudflare integration for automatically generating SSL Certificates using Lets Encrypt. If you’re having issues with SSL the using the Why No Padlock website is super helpful. Why No Padlock?Why No Padlock? – Why is my SSL web page insecure? Find the culprit!whynopadlock.com Understanding SSL Certificates and Server Configurations What are Self-Signed SSL Certificates and are they Secure? Self-signed SSL certificates and those issued by a trusted Certificate Authority (CA) are technically similar in terms of their creation and function. The key difference lies in…
Read More

Cyberpanel Security Issue – Default Password During Setup

Introduction There was a post on Facebook that was brought to my attention. The user was seeing a high cpu load on his server from a process that wasn’t a normal process name, it was concluded that their server had been hacked and was now either attack other websites or mining crypto. The user had installed Cyberpanel and choose the default password method during the setup, and most likely an automated scan found their Cyberpanel instance on port 7080 and was able to login using the default login. Why are default passwords a problem? Well, CISA says that hardware and…
Read More

Monitoring CPU Steal using Monit

Why is monitoring CPU Steal important? What is CPU Steal? CPU steal time refers to the proportion of time that a virtual CPU on a cloud server is forced to wait for a physical CPU to become available for processing. This metric is significant in understanding the performance of virtual environments. There are two instances where CPU Steal will occur, when there is an unbalanced overcommit ratio and when a noisy neighbours instance occurs. What is an overcommit ratio? The “overcommit ratio” is a concept that refers to the practice of allocating more virtual resources than the actual physical resources…
Read More

Using Visual Studio Code Remote SSH with GridPane’s Chroot SSH System User

Introduction When using GridPane, you have the option of using sftp or SSH with your websites system user. A system user can hold one or multiple websites including staging sites. Once ssh enabled, you’re put into what is called a chrooted shell, with limited access to the system and commands. This becomes problematic if you want to use Visual Studio code and Remote SSH This live blog will go through the process of trying to get it to work, fingers crossed. Install some Packages cd /home/systemuser cp /usr/bin/{date,uname,flock,sleep,scp} .
Read More

Updating WordPress Page Error “Updating Failed. The response is not a Valid JSON Response”

WordPress Error “Not a Valid JSON Response” The “Updating Failed. The response is not a Valid JSON Response” error from within the WordPress Guttenberg Editor could be the result of a number of issues. If you do some googling, there’s lots of information and ideas on how to rectify the error. PHP Composer and Wrong PHP Version In the case I had, the issue was related to a custom WordPress theme using composer and requiring PHP 8.x but the site infact operating on PHP 7.4 Simple fix, change the PHP version to PHP 8.x on the sites hosting control panel.
Read More

Fixing Multisite Error “Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”

The following error sometimes presents itself when trying to login to the subsite of a WordPress multisite. ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress. Add the following to your wp-config.php or user-configs.php if you’re on GridPane define(‘ADMIN_COOKIE_PATH’, ‘/’); define(‘COOKIE_DOMAIN’, ”); define(‘COOKIEPATH’, ”); define(‘SITECOOKIEPATH’, ”); Some people have reported that the following will also work define( ‘COOKIE_DOMAIN’, $_SERVER[‘HTTP_HOST’] );
Read More

Vultr vs Hetzner | Faster Cores or More Cores?

Until now I have been provisioning VultrHF servers, as Ubuntu 22 wasn’t available yet on custom servers, but now they are, so I was curious about Hetzner servers. I wanted to know how much server I could get for around $6.1 vCPU/1GB VultrHF is $6/month2vCPU/2GB Hetzner CPX11 costs €4,35 per month. Disclaimer: I am a total load testing n00b. I did a loader.io 1 test for both websites and the differences were quite big. Double the number of response counts, half the avarage load time for Hetzner. So, is this due to double the RAM? Double the CPU count?Are more (Hetzner) cores better…
Read More

Converting an Existing WordPress Site into a Static Site and Hosting it for Free

Any advice on the best, most secure way to put a WP website into “cold storage”? I have a client (an online magazine with lots and lots of posts/media) who is going to stop publishing new content, perhaps forever, definitely for the foreseeable future. But they want to keep the site around. Two Questions 1) Do you know of a great way to entirely convert a WP site to HTML, that is, keep the site up but remove WordPress entirely? I’ve used HTTrack a few times (a scraper) but was wondering if there’s an even better solution. I don’t think…
Read More

WP Time Capsule, Woo Credits, Ultimate Dashboard

WP Time Capsule Backup Reporting and Alerts Right now, there is an issue with how backup failures are reported. You get a single email when they fail, but not when they start working again nor do you get a report every week on the overall account status. To me, this isn’t really acceptable, there should be more monitoring for backups. They’re important. API There is no API and no plan for an API. This also makes it impossible to monitor your own backups. WooCredits I’ve been working on a project trying to get a credits system setup with WooCommerce subscriptions.…
Read More

Moving from WP Engine to GridPane, Don’t want to use Cloudflare, what’s an alternative?

I think I understand where you’re coming from. 1. You had no downtime with your current provider WP Engine and you want to replicate this same setup. 2. Your primary concern is replicating their firewall/load balancer setup. As you believe, this is what helped with uptime. 3. You don’t want to use Cloudflare. 4. You believe that bot traffic and targeted WordPress attacks being blocked helped keep your site online. Do you have a monitoring system in place? If you don’t, set one up that is multi-location. This should be your means of calculating your 99% uptime. You might be…
Read More

Cold, Warm and Hard Reboots with Virtual Instances (Vultr Example)

“Please keep in mind restarting your VPS instance through the portal is essential for making necessary adjustments to its definition on the hardware host node. This step becomes imperative when tasks such as unblocking SMTP, adding extra IPs, or engaging in similar activities.It’s important to note that restarting via the portal initiates a cold reboot, akin to turning off and on a computer. In contrast, restarting via the operating system only reboots the OS itself. To address the current issue, we kindly request that you perform a restart of this VPS instance via your control panel at http://my.vultr.com. Introduction Someone was…
Read More

AppSumo: Email Delivery – Self-Hosted Enterprise-Grade Email Platform

Introduction Thanks to Alexander van Aken for shooting me a message on Facebook about EmailDelivery.com, which is a Self-Hosted Enterprise Grade Email Platform for sending email campaigns. What is EmailDelivery.com? Appsumo sums it up perfectly. Now you can send emails using your own IPs for free, with unlimited delivery over multiple Email Service Providers (ESPs) and Mail Transfer Agents (MTAs). You can route email for optimal deliverability using sophisticated load balancing to improve your sender reputation. Set throttles for daily or hourly sending limits, automate IP warmups, and customize delivery for each customer using your ESP. Plus, you’ll be able to integrate with…
Read More

Bulk Create Discourse Threads from WordPress Posts

This site started using WordPress comments, then I moved the comments to Disqus, and then on to Discourse. Unfortunately, there is no bulk way to create topics for each WordPress post that existed before implementing the WordPress Discourse plugin. I found this thread on the Discourse forum. What I ended up doing was using the WP cli tool as follows $wp post update 396 398 402 {several more here} –tags_input=discourseBefore this I retrieved a list of row ID’s from the wp_posts table that had post_status = ‘publish’ and post_type = post I gave that list to the wp post command…
Read More

WordPress header.php, ACF the_field() and PHP 8.1 results in Uncaught Error: Call to undefined function get_field()

This was a strange one after moving from PHP 7.4 to PHP 8.0. and PHP 8.1 I ran into an issue where the Advanced Custom Fields plugin function the_field() resulted in the following error. Uncaught Error: Call to undefined function get_field() in /var/www/wp-content/themes/theme/header.php:146 The get_field() was in header.php and, as such, should be working, but I realized that perhaps the plugin isn’t loaded at this stage. So, I added the following to the top of the header.php file. // Include acf.php include_once(ABSPATH.’wp-content/plugins/advanced-custom-fields-pro/acf.php’); And the error went away! The get_field was defined due to the Advanced Custom Fields plugin being included.…
Read More

Caching Issues with Nginx/OLS and Dynamic Page Content (Gravity Forms)

Introduction This article was generated due to a Facebook post about Gravity Forms Stripe integration not functioning due to Nginx/OLS Cache. I’ve found that for Gravity Forms + Stripe credit card processing forms to work right I need to exclude that page from Redis caching following these instructions: https://gridpane.com/kb/exclude-a-page-from-server-caching/ But I sometimes forget! And then the form often spins and spins on submission and clients and customers are unhappy. Does anyone have any suggestions for how to streamline this process? Some kind of code that says, IF there a GF form on this page with Stripe fields THEN automatically block from…
Read More

Siteground and Cloudflare Captcha Redirect Loop

Introduction I was browsing Facebook one day and had some mentions on a post about Cloudflare, Siteground and a redirect issue. Here’s the post. Solution – Disable Siteground AI Firewall When you’re using Siteground, they have their firewall on all sites they host. It makes sense as to why you would not have something in place to stop resource-wasting attacks? The problem comes when you already have a service doing something similar or different, such as Cloudflare. The issue wasn’t repeatable; it only happened after a specific amount of time, and then disabling and re-enabling Cloudflare fixed the issue. After…
Read More
1 2