Category Archives: Wordpress Environment Setup

Steps to follow in moving a WordPress website from one server to another

Moving a WordPress website from one server to another is quite an easy process but there are a few steps that need to be followed:

  1. In the existing website, go into the Admin area and in the Settings/General Settings area change the WordPress Address URL and Site Address URL to the address that it will be on the new site.  Save the changes, but don’t try to go back into the website because it won’t work.
  2. Using PHPMyAdmin or similar product, export all the database tables into SQL format and save the exported backup file down onto your local PC.  Make sure that you check the option to include the “DROP” commands.
  3. On the new server, install the base WordPress package.  Check that the default WordPress screen comes up.
  4. Using PHPMyAdmin go into the database on the new server that you have just created. Select the SQL tab at the top of the screen.  Open the SQL backup file that you just downloaded to your PC and copy everything in the file to the clipboard.  Paste all from the clipboard to the SQL tab in PHPMyAdmin and execute the SQL.  This will completely rebuild the tables in the database so that they are identical to the database on the old server.
  5. Using FTP (try Filezilla) copy the WP-CONTENTS directory and all sub-directories and files on the old server down to your PC.   Then copy the WP-CONTENTS directory and all sub-directories and files to the new server, overwriting the files that were there.
  6. Now, if the URL to the WordPress site is changing at all, you need to run three SQL statements in the new database. Copy and paste, one at a time, the following 4 strings of code into the Run SQL query box, replacing the words olddomain.com and newdomain.com with your domains, and strike Go. Each time you run a query you should get a green check indicating the database was successfully updated.
    • UPDATE wp_options SET option_value = replace(option_value, ‘http://www.olddomain.com’, ‘http://www.newdomain.com’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’;
    • UPDATE wp_posts SET guid = replace(guid, ‘http://www.olddomain.com’,’http://www.newdomain.com’);
    • UPDATE wp_posts SET post_content = replace(post_content, ‘http://www.olddomain.com’, ‘http://www.newdomain.com’);
    • UPDATE wp_postmeta SET meta_value = replace(meta_value, ‘http://www.olddomain.com’, ‘http://www.newdomain.com’);
    • When complete click on the Home icon and log out of phpMyAdmin.
  7. If you are changing hosting companies you will probably need to move your domain name.  Go to the company that you registered your domain name with and change the DNS servers to the DNS server provided by your new hosting company.  Once this is done it could take a little while for the change to filter through the internet so that your domain name will bring you to your new server, but it has been my experience that this has been happening in about half an hour of late.
  8. Once your domain is working and you can see your site setup on your new server, go in and check it out.  If you find that your permalinks are not working, go into the Permalinks screen in the Settings and resave the Permalinks option that you want to use.  I found that the setting in the Permalinks option selection was correct, I just needed to press the Save button to get it all working correctly.
  9. That should be it.

How do hackers workout the WordPress Admin user account?

I noticed recently after installing the Limit Login Attempt plugin (which is a great plugin) that hackers were continually trying to break the WordPress Admin account and they all seemed to know what the WordPress Admin username was, which bugged me.  I wasn’t just using “Admin”, which we all know is the default, I was using a custom Admin username which I thought was making it more secure.

What they were doing was executing the following:

https://mydomain.com/?author=1

which returns the Admin username in the URL.

The best way to stop this is to add the following in the .htaccess file in your website root directory, underneath what is generated by WordPress.

# Stop Author=1 hack
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]

WordPress Permissions Update Error

When trying to upgrade WordPress on one of my sites I kept on getting the following error:

“The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php”

I found the answer on the following page: http://aaronjholbrook.com/wordpress-permissions-update-error-resolved/

To fix the problem I ran the following two commands:

sudo find /path/to/site/ -type f -exec chmod 664 {} \;

sudo find /path/to/site/ -type d -exec chmod 775 {} \;

 

In addition, the user and group must be set what Apache is running under.  On my Ubuntu servers that is www-data:www-data and the command, run from the root of the website (usually the wordpress directory) is:

sudo chown -R www-data:www-data {.,}*

 

 

 

MySQL Crashes each day after adding an extra WordPress site

I have a small VPS with only 512K memory and I added another WordPress site to it. In theory it should have worked OK, there is not a huge amount of traffic on the server and there was enough disk, but I found that after adding the extra WordPress site MySQL would crash each day at around the same time.  On doing a lot of research I found the following fix works:

Use the following in [mysqld] section of your /etc/mysql/my.cnf configuration.

performance_schema = off
Source: http://serverfault.com/questions/564748/mysql-mariadb-crashes-frequently

 

UPDATE: The above fix seemed to work but after a couple of days MySQL crashed again.  The final solution that I found was to upgrade the VPS so that it had 1GB of memory rather than the 512MB that it had.

 

Using the Emergency Password Reset Script

This is an emergency script to use when you have forgotten the admin password to your WordPress website and all other methods of trying to reset it have failed.  I have copied this from: http://codex.wordpress.org/User:MichaelH/Orphaned_Plugins_needing_Adoption/Emergency so that we’ll have a copy of this useful tool, even if the originally page is removed.   Continue Reading

WordPress Updates not being found so that WordPress is never updated

One of my WordPress sites was stuck on version 4.0.1.  Wordpress is currently up to version 4.5.2 and the update function kept on telling me that the WordPress software was currently up to date.

After Googling a lot and reading a lot of posts from people having the same problem, one post finally gave the answer.  The Cpanel had modified three of the core files so that they didn’t work correctly anymore.  Following the solution in the post I downloaded the Wordfence Security plugin and ran a scan.  It came back and told me that three core files didn’t match the corresponding files in the source repository and gave me the option to download the original version from the source repository.  On restoring all three files from the source repository the update function is again working.

 

Disable WordPress Auto Updates

The new auto update feature that arrived in one of the recent releases of WordPress may seem like a good thing on the surface, but can cause terrible problems.  I recently had one of my websites completely destroyed because of the auto update that was applied.  Ask anyone who has been around IT for a while and they will tell you, the first thing that you should do before applying a software update is take a full backup of your files and your database before applying the update.  When you are using auto update it just does it for you and you don’t have the opportunity to take the backup first.  I would always recommend applying software updates to a test environment first, to make sure that it is not going to break anything, before applying it to your main production website.

Here is how you turn the auto updates off.  Go into your wp-config.php file in your website route directory and add the following lines down towards the bottom of the file, just before it says “That’s All. Stop Editing”:

/** Disable Auto Updates of the WordPress software */
define( 'AUTOMATIC_UPDATER_DISABLED', true );

WordPress Permalinks causing 403 Forbidden security problem when accessing all pages

I recently built this site on a little DigitalOcean.com “Droplet” server and went through the process of manually building a WordPress environment from scratch.  It was the first time that I have ever installed WordPress this way and on the whole it went very well.  Digital Ocean has published a number of excellent instructional “how-to” documents and the one I followed was “How to install WordPress on Ubuntu 14.04“.  The process went very smoothly right up to the point where I changed the Permalink setting so that the URL was build using the Page Name rather that the page number.  As soon as I did this the whole system locked up and I kept getting the “403 Forbidden” message no matter what I tried to do.

The problem came down to be the .htaccess file (which is a hidden file found in the root directory of the website) that is generated by WordPress when you make this Permalink change.  The generated .htaccess file is :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

The solution came down to adding an extra line of code in the .htaccess file so that the final file looked like:

<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Once I added the “Options +FollowSymlinks” line the 403 Forbidden problem went away.

Copyright © 2024 WordpressNotes.org.