So one of our guys tracked it down. It was a typo in the .htaccess file that we received from the customer.

You can trying using auditd to audit the file. sudo apt-get install auditd Running sudo auditctl -l by default show no rules Create a temporary rule to audit changes to index.php sudo auditctl -w /var/www/html/index.php -p rwxa # -p = read, write, execute, attributes Run sudo auditctl -l will show the rule that was created. Now run sudo ausearch -f index.php | more to show what's touching index.php or sudo tail -f /var/log/audit/audit.log | grep index.php.

What about using Ghost? I started with it before moving to Wordpress. It is completely markdown if I remember right. I liked it but didn't feel the plugin availability was there.

This is the SSL score. I assume this is why the A rating and not A+ But not much to do about that since it is Cloudflare that is terminating.

thanks. missed that

@JaredBusch yeah, it's annoying that WP-CLI struggles with that.

I've seen that a lot. When I import Drupal databases, I learnt to use its Backup and Migrate module instead, it works flawlessly. Downside is you need to do clean Drupal installation first, but that basically is just creating blank database and putting brick on enter key.

@JaredBusch said in WP-CLI and database users: @Pete-S said in WP-CLI and database users: @JaredBusch said in WP-CLI and database users: @Pete-S said in WP-CLI and database users: And when you use -e you should have it after user and password so the SQL commands you want to execute comes after the -e. That was a once off artifact of me doing it on this system after the root password has been set. OK, so maybe this then: sudo mysql -e "CREATE USER [email protected] IDENTIFIED by '$DB_PASS';" sudo mysql -e "GRANT ALL ON $DB_NAME.* TO [email protected];" sudo mysql -e "FLUSH PRIVILEGES;" right. Updating the guide. but half tempted to leave the single quotes everywhere it that causes no error in order to protect against spaces by others. Though I am using pwgen to to this. It's kind of f*cked up to have spaces in user names and passwords. Personally I don't use something unless it's specifically needed but either way works.

@Obsolesce said in Wordpress Theme Recommendations: @scottalanmiller said in Wordpress Theme Recommendations: @Obsolesce said in Wordpress Theme Recommendations: @Dashrender said in Wordpress Theme Recommendations: We use DIVI - but I'm not saying it's good or bad as I've never used another.. or WP plain. DIVI? Divi purports to be the most popular theme on WP. It's definitely popular and seems to do a lot and has decent licensing rules. But is pricey, too. Oh, I googled it and seen so many other things lol. I haven't heard of it before so I wasn't sure what I was looking for. it adds a ton to WP - including a wsyiwyg editor (if you want to use it), etc..

Turns out that there was a wildcard A record in DomainA2.com

@IRJ said in Remove Social Media Icons like Google+ from Flawless Wordpress Theme by Goodlayers: Maybe just dump that bad theme all together. I'd love to, but I just host the site and help out a little.

@IRJ You are passionate about computers, you love to write code. Well, what's more exciting than being able to create your own plugins. When you know that WordPress is today one of the most used CMS on the web, it would be really interesting to see how a plugin is made and to be able to create it yourself. [Check it here] (http://bit.ly/2KxPChJ)

We got it. Had to open the Nginx logs and noticed too many "posts" in the error log. Dug in and it was three ranges overseas all hitting with a "post timeout attack." It was a light DDoS where sessions were being opened and held causing nginx to wait on a timeout. This caused Apache to just increment forever. Once we blocked those ranges, the Apache thread count started to drop for the first time, and memory started to release. And the continuous flood of nginx error logs ceased. If you are looking at nginx error logs, this is what you look for: upstream timed out (110: Connection timed out) while reading response header from upstream, client: You can use this command to collect the offending IP addresses: grep "upstream timed out" error.log | cut -d' ' -f20 Then use your firewall to shut them down. We are all good now! Woot.

Well let's talk about fedora and updating killing a laptop lol....

@black3dynamite said in If Not WordPress, What's the Alternative: @scottalanmiller said in If Not WordPress, What's the Alternative: @360col said in If Not WordPress, What's the Alternative: Well if the site is not complex then something like Grav these days is much better IMHO I've been eyeing Grav for a while. It does look very interesting. ANy guesses as to pros and cons vs. WordPress? Beyond the obvious flat file vs database differences... Ever since discovering Wiki.js, I like the idea of using git for versioning backups and deployments. https://github.com/trilbymedia/grav-plugin-git-sync You can automate backups of the MariaDB, though. Not all that much different. Lighter, on big loads. GIT is actually a very heavy process. Great for tiny things, but bad for big ones.

@IRJ This would be a heck of a guide if you ever get the time to do it

@JaredBusch said in WordPress admin page redirecting to IP: Is the site URL correct in the settings Been there many times

@scottalanmiller Try with another separator instead of dash, just to make check if it's the dash or something else. Maybe just remove it altogether.

@Reid-Cooper said in Standard Plugins for WordPress Sites: Thanks guys. Seems like not too many people have plugins focused on performance. I'm surprised, seems like those things would be pretty common. When I go to my WP site, performance seems fine.

@JaredBusch said in Unable add plugins and themes to Wordpress: @EddieJennings said in Unable add plugins and themes to Wordpress: @JaredBusch said in Unable add plugins and themes to Wordpress: httpd_can_network_connect And setsebool -P httpd_can_network_connect on appears to be the answer . And has nothing to do with contexts True. That was a point of confusion.

YOu can also do a free test from Qualys https://www.qualys.com/free-services/ https://www.qualys.com/community-edition/

Our first sites are on it and others are updating today. So far, so good.

@scottalanmiller said in Traffic statistics for self-hosted WordPress: Check out Matomo I've also never been a huge GA fan. Will check this out.

I use wordpress with Wocommerce, integrates with paypal and stripe.

2012...ouch, scrap this one then....

@black3dynamite said in Wordpress Install - Page is trying to load unsafe script: @NashBrydges Change CustomLog /var/log/access.log combined to CustomLog /var/log/httpd/access.log combined Good catch. Thanks.

@bnrstnr said in WordPress behind NGINX Reverse Proxy issues: @scottalanmiller said in WordPress behind NGINX Reverse Proxy issues: https://mangolassi.it/topic/13062/install-a-basic-wordpress-site-with-wp-cli Doh, somehow I missed this. And this one.... https://mangolassi.it/topic/16084/installing-fedora-27-lamp-stack-plus-wordpress/

@brandon220 said in Using Vultr Apps for WordPress Hosting: I just loaded one to do some testing. Don't plan on using it for production. I may use Bluehost or Vultr on Fedora. My main reason was to get familiar with a theme and see if I like it. Then, I can destroy the instance and make it permanent and with the correct underlying OS. Works fine for that.