HOWTO: Harden your WordPress wp-admin using password protection

Though wp-admin is already secured through login/password authentication, this post will examine to add an additional layer of security.

For the purpose of second layer security htpasswds file will be used.

Create htpasswds file

Use htpasswd command in Linux or OSX to create a htpasswd file. The command to execute  is as below

$ htpasswd -c .htpasswd mydemouser 
New password: 
Re-type new password: 
Adding password for user mydemouser

A file .htpasswd is created in the local directory

$ cat .htpasswd
mydemouser:$apr1$60sgQzdr$C.APpTFtRyjJfpcwQsJB/.

Changes on server hosting WordPress site

1. Copy the .htpasswd file to a directory that’s outside the wp-admin directory

Suggested Directory: /home10/mydemouser/.htpasswds/public_html/wp-admin/passwd/

Change the directory as per your site deployment.

2. Create a .htaccess file in ~/public_html/wp-admin directory and include following

 

AuthName "Restricted Access"
AuthUserFile /home10/mydemouser/.htpasswds/public_html/wp-admin/passwd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user mydemouser

3. Access wp-admin page and confirm an authentication popup window appear. If the page fails with too many redirects error then proceed with the next step.

Stop too many redirects error

4. Edit the .htaccess under ~/public_html and add the following line before WordPress rules start

ErrorDocument 401 default

That’s it – double layer authentication should now be active.

How to fix Admin Ajax issue

If the wp-admin is password protected then it will break the ajax functionality in the front-end ( if it is been used). To fix this issue follow the steps below

1. Edit the .htaccess file in ~/public_html/wp_admin folder and add the following code on the file.

<Files admin-ajax.php>
     Order allow,deny
     Allow from all
     Satisfy any
 </Files>

How to force HTTPS on your site

The installation of SSL certificate on a website allow access via HTTP and HTTPS. In this guide, a simple method to force HTTPS for the website instead of HTTP  is explained. Google recommend usage of HTTPS as encryption keep data transmission secure.

Prerequisite

  •   SSL Certificate ( which have been certified by CA authority)
  •   Control Panel access

Force HTTPS

  • Firstly find or create the .htaccess file, the redirection code will have to be entered on this file.
  • To force https add following lines in .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_POST}%{REQUEST_URI} [L,R=301]

 

HOWTO: Add Google Adsense to your WordPress site – Part 1

If you have reached this place, you probably know what Google Adsense does – monetize your website in-short.

Follow the steps below to link-up your adsense account to a wordpress page.

Create an Adsense Account

1. First step is to sign up for an Adsense account. You can either use your existing Gmail account or create a new account.

2. Within 24 hours you should receive an email which would state if first step of the review process is completed.  When this is done, you should be able to login Adsense website and retrieve your Ad Code.

3. Logon to Adsense webpage and click on My ads and then click on Ad units

4. Click on New ad unit, this will bring you to a new screen as below

Choose “Text & display ads”

5. You will be asked to provide Name for the Ad unit and the size, style, and colors.  Provide a name and go with default size for Ad size, and click on “Save and get code” to get your new Ad code

6. Your Ad code snippet would most likely look like this

<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- tuxNetworks-Demo -->
<ins class="adsbygoogle"
     style="display:block"
     data-ad-client="ca-pub-9999999999999999999"
     data-ad-slot="999999999999999"
     data-ad-format="auto"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>

7. This will be accessible from Ad units page.

 

 

My first post

After many years of thinking on what I should really be doing, I have finally decided to divert my time to blogging.  With a job that require me to work 14 hours a day – there is hardly any time left to do any other activity. End of the day it’s all about passion …. what you want to do.

 

How to enable SSH in Linkstation – LS-X1.0TLJ

1. Download acp_commander.jar ( google around to find the JAR)
2. Assuming the IP on your linkstation is 10.0.1.60 you have to run the following commands
3. _ADMIN_PASSWORD_ is same password that you user on linkstation HTTP/HTTPS URL with admin id.
4. _ROOT_PASSWORD_ provide a new root password

java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.10 -pw _ADMIN_PASSWORD_ -c "ls /"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "(echo _ROOT_PASSWORD_;echo _ROOT_PASSWORD_)|passwd"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "sed -i 's/UsePAM yes/UsePAM no/g' /etc/sshd_config"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/sshd_config"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "/etc/init.d/sshd.sh restart"

SAX 2048 byte issue on Java XML parsing

SAX parser code has an issue for files or messages of greater than 2048 bytes. Parser only reads in 2048 bytes at a time which could lead to an error if the 2048-byte split the data element.

The solution to this is to introduce a temporary variable on the callback method. Here is code snippet.

public void startElement(String uri, String localName, String qName,
Attributes attributes) throws SAXException {

public void startElement (String uri, String localName, String qName, Attributes attr) throws SAXException{

     value = new StringBuffer();     if(qName.equalsIgnoreCase(“clientDets”)) {          ncstClient = new NcstClient();          ncstClient.setType(attributes.getValue(“type”));     }}

public void characters(char[] ch, int start, int length) throws SAXException {     value.append(new String(ch, start, length));}

Configure NTP to Synchronize the system clock: Centos 6

Login as root. Type the following command

[root@homeserver]# yum install ntp

Type on the ntpd service

[root@homeserver]# chkconfig ntpd on

Synchronize the system clock with 0.pool.ntp.org server:

[root@homeserver]# ntpdate pool.ntp.org

Start daemon process:

[root@homeserver]# /etc/init.d/ntpd restart

Install GD Library For PHP5 On CentOS 6

Note: this article only applies if your current PHP version has been installed by yum. If you custom compiled it from source, this will not work.

Verify PHP as installed by yum

An easy task, using yum. First step, see if it’s already installed.

[root@homeserver]# rpm -qa | grep php
php-common-5.1.6-15.el5
php-cli-5.1.6-15.el5
php-5.1.6-15.el5
php-pdo-5.1.6-15.el5
php-mysql-5.1.6-15.el5

Install the GD library using yum

If the GD Library isn’t present in that list, it wasn’t installed on the server yet. Install it using yum.

[root@homeserver]# yum install php-gd
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
epel/metalink                                                                                                                 | 5.0 kB     00:00     
 * base: ftp.iij.ad.jp
 * epel: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
base                                                                                                                          | 3.7 kB     00:00     
extras                                                                                                                        | 3.5 kB     00:00     
updates                                                                                                                       | 3.5 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-gd.x86_64 0:5.3.3-3.el6_2.8 will be installed
--> Processing Dependency: libpng12.so.0(PNG12_0)(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libpng12.so.0()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libjpeg.so.62()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libfreetype.so.6()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libXpm.so.4()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libX11.so.6()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Running transaction check
---> Package freetype.x86_64 0:2.3.11-6.el6_2.9 will be installed
---> Package libX11.x86_64 0:1.3-2.el6 will be installed
--> Processing Dependency: libX11-common = 1.3-2.el6 for package: libX11-1.3-2.el6.x86_64
--> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.3-2.el6.x86_64
---> Package libXpm.x86_64 0:3.5.8-2.el6 will be installed
---> Package libjpeg.x86_64 0:6b-46.el6 will be installed
---> Package libpng.x86_64 2:1.2.49-1.el6_2 will be installed
--> Running transaction check
---> Package libX11-common.noarch 0:1.3-2.el6 will be installed
---> Package libxcb.x86_64 0:1.5-1.el6 will be installed
--> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.5-1.el6.x86_64
--> Running transaction check
---> Package libXau.x86_64 0:1.0.5-1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved

=====================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================
Installing:
php-gd x86_64 5.3.3-3.el6_2.8 updates 104 k
Installing for dependencies:
freetype x86_64 2.3.11-6.el6_2.9 updates 359 k
libX11 x86_64 1.3-2.el6 base 582 k
libX11-common noarch 1.3-2.el6 base 188 k
libXau x86_64 1.0.5-1.el6 base 22 k
libXpm x86_64 3.5.8-2.el6 base 59 k
libjpeg x86_64 6b-46.el6 base 134 k
libpng x86_64 2:1.2.49-1.el6_2 updates 182 k
libxcb x86_64 1.5-1.el6 base 100 k

Transaction Summary
=====================================================================================================================================================
Install 9 Package(s)

Total download size: 1.7 M
Installed size: 5.9 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 1.7 M
(1/9): freetype-2.3.11-6.el6_2.9.x86_64.rpm | 359 kB 00:00
(2/9): libX11-1.3-2.el6.x86_64.rpm | 582 kB 00:00
(3/9): libX11-common-1.3-2.el6.noarch.rpm | 188 kB 00:00
(4/9): libXau-1.0.5-1.el6.x86_64.rpm | 22 kB 00:00
(5/9): libXpm-3.5.8-2.el6.x86_64.rpm | 59 kB 00:00
(6/9): libjpeg-6b-46.el6.x86_64.rpm | 134 kB 00:00
(7/9): libpng-1.2.49-1.el6_2.x86_64.rpm | 182 kB 00:00
(8/9): libxcb-1.5-1.el6.x86_64.rpm | 100 kB 00:00
(9/9): php-gd-5.3.3-3.el6_2.8.x86_64.rpm | 104 kB 00:00
--------------------------------------------------------------------
Total 736 kB/s | 1.7 MB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 2:libpng-1.2.49-1.el6_2.x86_64 1/9
Installing : libX11-common-1.3-2.el6.noarch 2/9
Installing : libXau-1.0.5-1.el6.x86_64 3/9
Installing : libxcb-1.5-1.el6.x86_64 4/9
Installing : libX11-1.3-2.el6.x86_64 5/9
Installing : libXpm-3.5.8-2.el6.x86_64 6/9
Installing : libjpeg-6b-46.el6.x86_64 7/9
Installing : freetype-2.3.11-6.el6_2.9.x86_64 8/9
Installing : php-gd-5.3.3-3.el6_2.8.x86_64 9/9
Installed:
php-gd.x86_64 0:5.3.3-3.el6_2.8

Dependency Installed:
freetype.x86_64 0:2.3.11-6.el6_2.9
libX11.x86_64 0:1.3-2.el6
libX11-common.noarch 0:1.3-2.el6
libXau.x86_64 0:1.0.5-1.el6
libXpm.x86_64 0:3.5.8-2.el6
libjpeg.x86_64 0:6b-46.el6
libpng.x86_64 2:1.2.49-1.el6_2
libxcb.x86_64 0:1.5-1.el6

Complete!


Easy going, isn’t it?

Restart Lighttpd

Restart your lighted, and you’re ready to rock.

[root@srv]# service httpd restart
Stopping lighttpd:                                            [  OK ]
Starting lighttpd:                                            [  OK ]

Installing SSH2 extension for PHP on Centos 6

Installing the SSH2 PHP extension on CentOS is actually pretty simple. Although it isn’t available as a straight yum install, it boils down to a few short steps.
Firstly, we’re going to install the dependencies:

yum install gcc php-devel php-pear libssh2 libssh2-devel

These will allow us to build the SSH2 extension using pecl.

pecl install -f ssh2

After running that command, it should stop at a line like:

WARNING: channel "pecl.php.net" has updated its protocols, use "pecl channel-update pecl.php.net" to update
downloading ssh2-0.11.3.tgz ...
Starting to download ssh2-0.11.3.tgz (23,062 bytes)
........done: 23,062 bytes
5 source files, building
running: phpize
Configuring for:
PHP Api Version:         20090626
Zend Module Api No:      20090626
Zend Extension Api No:   220090626
libssh2 prefix? [autodetect] :

All you have to do is hit Enter and it should detect the proper path. Once the install is completed, you just have to tell PHP to load the extension when it boots.

touch /etc/php.d/ssh2.ini
echo extension=ssh2.so > /etc/php.d/ssh2.ini

Now restart your webserver and test to see if the changes took effect.

/etc/init.d/lighttpd restart
php -m | grep ssh2

You should get a line returned with ‘ssh2′.