Category Archives: wordpress

Frequent Subscriber Wipes

For any of you who are familiar with WordPress, you probably are aware of the regular cleanup that is required to keep a blog healthy. I opened up the ability to allow subscribers, however it’s obvious that most, if not all of them are bots or spam. I will be regularly wiping the users listed as “Subscribers”, but if you are not a bot and actually want to keep a subscription that does not get wiped, please send me a email at admin@thelogicalgeek.com.

 

Spam Login Accounts

If you are a human reading this, I appreciate you checking out my blog. Also, if you have registered for an account on the site, and it was deleted, please accept my apologies. Every few weeks I have to delete around a hundred or so spambot email accounts from various domains. I have plugins to attempt to foil these idiots, but of course it’s not foolproof. If you have attempted to create a legitimate account to comment on posts and it was deleted, please send me a message and I can watch out for your account.

It’s sad that such a thing is necessary, but it’s the world we live in.

Duo Security on WordPress and Linux

Some time ago I created a free Duo Security account to help protect my VPS. It was relatively simple to configure pam in Linux to use the Duo two factor authentication, so now anytime anyone successfully authenticates with a valid username and password, I get a notification on my phone (both Android and iOS versions available) asking me to confirm or reject the logon. While this seems like a hassle, after looking at the ssh denies (the thousands that I get per day) I felt much more relaxed about the security of my VPS.

Shortly after configuring it on Linux, I also realized there is a WordPress plugin, so now anytime anyone logs into my WordPress account successfully, I get one of the notifications. Since my phone is always nearby, it hasn’t proven to be cumbersome in any way yet. In fact, knowing that even if my WordPress account is hacked and the offenders manage to successfully capture my username and password (don’t use the default username!) they still will not likely to be able to get in. No system is foolproof, but this certainly is a grand step past just password authentication.

If you’re not familiar with two factor authentication, Wikipedia has a writeup (granted not a fantastic one) that should explain the basics.

When the famous heardbleed and OpenSSL vulnerabilities were made public, Duo released updates almost immediately. Great customer service for a great product.

Fixing a Permalink problem in WordPress

I wanted to post this because I saw quite a few people having the problem that I was having. I managed to find one thing that caused my problem, as opposed to disabling this plugin or that plugin, none of which I had installed.

The problem:
When changing the default permalink configuration from ?p=5 to /2013/05/my-cool-post, all of a sudden the links to both the posts themselves and to the comment buttons were giving 404 errors. After much searching.

Supporting Evidence:
Some people reported having multiple sites hosted in the same wordpress account or hosting account, but only having this problem with 1 site. This tells me that it is specific to the site, not the hosting provider, or even WordPress. That’s what led me to the solution.

The solution:
While perusing through the httpd.conf file on my system, I was looking at the following:

<Directory />
    Options Indexes FollowSymLinks Includes +ExecCGI
    AllowOverride None
</Directory>

Notice that “AllowOverride None” is set, which basically disables mod_rewrite (an apache module necessary for WordPress to be able to rewrite your urls — ie use Permalinks). I changed this to “All”, and restarted httpd, but still had the same issue.

Finally I went through and searched for “Directory”, and there are quite a few of them in there, but then I found another stanza:

<Directory "/var/www/html">

With quite a few comments inside of it. (That’s why I didn’t notice it the first time around.) Inside that Directory stanza, was this:

AllowOverride None

This one was overriding the “/” directive earlier, so as soon as I changed this from “None” to “All”, and restarted httpd, my links worked perfectly afterward.

I hope this helps you guys, it seems to be a chronic problem in WordPress.