Protecting wp-admin and wp-login.php with nginx

Installing Better WP Security Plugin gives you a huge security to your site but nevertheless bots and all the junk online will keep bugging you and the WP security will block them (Still process)

I did some research and found the best way to block incoming junk is to keep your admin section quiet protected:

 

location ~ ^/(wp-login\.php){
auth_basic "Administrator Login";
auth_basic_user_file /home/nginx/domains/yourlocation/private/.htpasswd;
include /usr/local/nginx/conf/php.conf;
}
location /wp-admin {
location ~ ^/(wp-admin/admin-ajax\.php) {
include /usr/local/nginx/conf/php.conf;
}
location ~* /wp-admin/.*\.php$ {
auth_basic "Administrator Login";
auth_basic_user_file /home/nginx/domains/yourlocation/private/.htpasswd;
include /usr/local/nginx/conf/php.conf;
}
}

This configuration will allow you to keep your site clean from attempts.

If your security freak and you would like to allow only certain pages to be executed you can add this rule:

<br />location ~ .*\.(php|php4|php5|pl|py)?$ {<br />location ~ ^/(index\.php|wp-content/plugins/w3-total-cache/pub/minify\.php){<br />allow all;<br />include /usr/local/nginx/conf/php.conf;<br />break;<br />}<br />#deny all;<br />rewrite ^(.*)$ / redirect;<br />}<br />

Make sure to enable the pages you would need, some plugins will require more pages…
Protecting wp-admin and wp-login.php with nginx

How to install phpmyadmin on centos ,nginx and centmin

This example to install phpmyadmin with centos with centmin on nginx:

First lets create a virtual host:

cd /usr/local/src
./centmin.sh

#click on 2

phpmyadmin.example.com
cd /home/nginx/domains/phpmyadmin.example.com/public
wget -c http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.2.1/phpMyAdmin-3.5.2.1-english.tar.gz/download
tar xvfz phpMyAdmin-3.5.2.1-english.tar.gz
mv phpMyAdmin-3.5.2.1-english/* ./
cp config.sample.inc.php config.inc.php
nano config.inc.php
$cfg['Servers'][$i]['auth_type'] = ‘http‘;         # default is cookie

Dont forget to clean your server

rm -rf phpMyAdmin-3.5.2.1-english
rm -rf phpMyAdmin-3.5.2.1-english.tar.gz

How to install phpmyadmin on centos and nginx

Best practice to protect your site from DDoS for FREE

Best practice to protect your site from DDoS for FREE!

First of all DDoS is for wannabe hackers who want to bug you but at the end it does make a big damage to your site from downtown and irritation!

Are you under DDoS ATTACK? And you’re lost how to get yourself outside this situation?

The first things you do, go to https://www.cloudflare.com/sign-up make a new account for free and add your site on cloud flare.

Change your site DNS to cloud flare, hopefully your DSN is not cached for long time…
Login in your cloud flare click on:
-> Cloud Flare settings > Security settings > Basic protection level
Change it I’m under attack.
Next step contact your host provider and change the IP that was your site pointed to… (Do this after your protected fully by cloud flare, then change the IP on cloud flare.

Don’t forget to disable the direct subdomain with cloud flare as you don’t want your attackers to find your new real IP and if you have a mail server on the same server make sure to use reverse proxy for the mail server as well.

It’s guaranteed your website will run back without any issues.

If you have 20USD/month for the site you better make the Pro Plan on Cloud flare.

Here you can find more information about cloud flare plans: https://www.cloudflare.com/plans

Now why cloud flare will protect you?

Usually most of the companies that I worked with used to spend thousands of Euros on buying bigger firewall’s, load balancers and multiple servers to handle DDOS and better performance but at the end if DDoS has a point (IP) to hit the firewall wont handle the huge requests of UPD and TCP attacks…

With Cloud flare you can forget about UPD/TCP attacks, your real IP’s are protected from public as the first layer of your site will be on reverse proxy and no one will know what’s your real IP and with this layer you have to worry only on port 80 attacks, which are also handled by cloud flare awesome team and lots of requests will be blocked… cloud flare has big database that will block any potential bot or infected IP’s.

So UDP and TCP attacks are out of order for now, the port 80 attacks which are nasty but cloud flare is good to handle them as well.

Here is a print screen of the IP’s my site is resolving on:

Best practice to protect your site from DDoS

What other benefits you will receive with cloud flare?

This is an example about bandwidth saving with cloud flare:
Best practice to protect your site from DDoS

http://www.yourwwwdesign.com/2012/07/23/best-practice-to-protect-your-site-from-ddos-for-free/

 

Free PRTG network monitor, Why PRTG is the best!

Free PRTG network monitor, Why PRTG is the best!

As i work in a team that manages about 12 servers world wide we were always suffering to find out which server isnt functioning or which server is acting weird, we tried many smart monitoring that were given from some leasing and hosting companies but unfortunately all weren’t enough till my colleague Charles found PRTG online and we started playing with it!

First! Its really easy to install!!

You just download it from http://www.paessler.com/prtg

Get your 10 sensors free license

Rock and Roll… the inhalation can take up to 5 minutes and you will have a ready software that can check everything on your server or PC…

As for us because we are more interested in web application health, we installed http sensors to websites and we monitor when an server is not responding we receive an email, push notification for your android http://www.notifymyandroid.com/

PRTG Installation video:

Are you a developer and need to monitor your sites?

As developers or freelancers we always get a call from clients my site is DOWN!!! and we are like huh!!

With PRTG we will know faster then a client if the website is not responding anymore, in my case i installed a PRTG on my home network on a windows Virtual machine and used the 10 free licenses to monitor some of my key websites, if the website is not responding to http health i know which site is down and ill contact the hosting company or go on the server to check whats going on!

Wait it gets better!! if you have your own server hosted or dedicated machine…  we all know sometimes IIS has memory leaks and if the server is old and IIS is acting up sometimes you can install PRTG on the server create a trigger job with IISReset (as batch)! if the memory/CPU reach some high levels why not try restarting IIS first? and checking the logs after to figure out whats going on…!

You can also create batch files that can do jobs for you for each scenario on your server, its cool FREE! and fun! enjoy the game

You can also check life demo on: https://prtg.paessler.com/index.htm

Regards,

Gabriel & Charles

www.yourwwwdesign.com/2012/06/10/why-prtg-is-the-best/

 

How to create a wordpress in command line?

How to create a wordpress in command line on centmin with centos6 & nginx & mariadb

This is for wordpress with centmin, if you want to install centmin please follow up this tutorial: http://www.yourwwwdesign.com/2012/05/02/how-to-install-centmin-on-centos6/

Add Domain host

cd /usr/local/src
./centmin.sh

Click on 2
yourdomain.com

vhost for yourdomain.com created successfully
vhost conf file for yourdomain.com created: /usr/local/nginx/conf/conf.d/yourdomain.com.conf
upload files to /home/nginx/domains/yourdomain.com/public
vhost log files directory is /home/nginx/domains/yourdomain.com/log

Add those lines if you want to use the WordPress Permalink

nano /usr/local/nginx/conf/conf.d/yourdomain.com.conf

Add in locations:

# WordPress single blog rules.
# Designed to be included in any server {} block.

# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Directives to send expires headers and turn off 404 error logging.
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}



Download wordpress into public directory

wget -c http://wordpress.org/latest.zip
unzip latest.zip
rm -rf latest.zip
mv wordpress/* ./
rm -rf wordpress

Add MYSQL Database and user

mysql -u root -p
CREATE DATABASE yourdatabase;

CREATE USER 'youruser'@'localhost' IDENTIFIED BY 'yourpassword';
GRANT USAGE ON yourdatabase.* to youruser@localhost IDENTIFIED BY 'yourpassword';
GRANT ALL ON yourdatabase.* to youruser@localhost;

Configure wordpress

go to your domain for example:

http://www.yourdomain.com/

follow the WordPress installation after install don’t forget to add this plugin:

After WordPress Installation nginx Compatibility plugin:

http://wordpress.org/extend/plugins/nginx-compatibility/

Resource: http://centminmod.com/download.html

How to install centmin on Centos6?

Why to install centmin on centos6?

Are you experimenting a cloud? do you want super fast performance with little ram resources?

EASY!

# install centmin #

  1. nginx
  2. php-fpm
  3. mariadb
  4. APC cache, memcache and XCache(NB: you cant use XCache with APC cache) I prefer the APC cache WHY? simply it will be adopted in php6 (http://davidwalsh.name/php6)
cd /usr/local/src
wget http://centminmod.com/download/centmin-v1.2.3-eva2000.06.zip

unzip centmin-v1.2.3-eva2000.06.zip
cd centmin-v1.2.3mod
chmod +x centmin.sh

yum -y install bc wget

./centmin.sh

Click on 1 and start the instalation...

Ok cool Now we have a nice menu… but lets fix a bit the configurations!

You can find more info here:
http://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/

#If you have more then one Proccessors on the server

set ngnix to work on all processes

cat /proc/cpuinfo

check worker processors

nano /usr/local/nginx/conf/nginx.conf

put it on how many processors it has
restart ngnix

/etc/init.d/nginx restart

#you better run php update and nginx update on the server to do so:
cd /usr/local/src/centmin-v1.2.3mod
./centmin.sh

4).  Nginx Upgrade

And

5).  PHP Upgrade

Note:
After php upgrade you need to reinstall the memcached server.
10). Memcached Server Re-install

How to install centmin on Centos6?

It's amazing what you can get with open source!

Optimization WordPress Plugins & Solutions by W3 EDGE