How to Increase PHP File Upload Size Limit

Q. When you try to update the blog post in WordPress or any php application, you might notice that the application such as WordPress has a prohibitive maximum PHP file upload size. How to increase this limit in PHP ? In the below screenshot, i configured my PHP upload size to 50MB.

PHP file upload

A. If you own the virtual private server of dedicated web server, it is very easy to increase this parameter or option. The options can be set in php.ini configuration file, this configuration apply to all your applications. Many shared hosting server allows a maximum PHP file upload size is very low. This method may not work for most shared hosting because you do not give root access. If you plan to receive larger files, you should consider to purchase virtual private server (VPS) or dedicated server hardware.

What is default PHP File Upload Size (upload_max_filesize)?

The default values for PHP will restrict you to a maximum 2 MB upload file size.

Note : Below require you to access the server using root access from the linux server console. The steps has been tested on PHP 5.3 and PHP 5.4.

a) Login to your server via ssh connection.

b) Open php.ini file using vi editor :

# vi /etc/php.ini

There are two PHP configuration options that control the maximum PHP file upload size which are “upload_max_filesize” and “post_max_size”.

By default post_max_size = 8M and upload_max_filesize = 2M. You can update this value to the following :

c) Update this value from 8M to 60M :

post_max_size = 60M

d) Update this value from 2M to 50M :

upload_max_filesize = 50M

Note : Technically, post_max_size should always be greater than upload_max_file size . But for such a large number 150M you can safely make them the same size.

e) After you have made a changes, Then restart your web server to take effect of new PHP file upload size (e.g Apache or Nginx).

You can read more on these posts which explains PHP file upload article.

How to Setup Multiple WordPress Sites on Nginx

This article describes how to install and configure multiple WordPress sites on Nginx and the steps have been prepared based on CentOS 7.0 and Nginx 1.6.3. NGINX (pronounced Engine ex) is an open source high performance web servers and able to handle large number of concurrent connections. It has the lowest memory footprint if compared to the alternate web server, apache http server. Please follow the following steps to host multiple WordPress sites on Nginx. Please note that this configuration also tested working on RHEL 7 and Oracle Linux 7.

Steps to Setup Multiple WordPress Sites on Nginx

1. First, we need to set up directories for multi-sites the server blocks and additional WordPress configuration files :

# mkdir -p /etc/nginx/conf.d
# mkdir -p /etc/nginx/sites-available

2. Tell the main nginx.conf file to look for the new setup directories :

# vi /etc/nginx/nginx.conf

Add the following into the configuration file :

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/*.conf;
user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/*.conf;
}

3. Add new wordpress configuration file :

# vi /etc/nginx/conf.d/wordpress.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_send_timeout 300s;
    fastcgi_read_timeout 300s;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
}
# PLUGINS : Enable Rewrite Rules for SiteMap
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;

4. Add new common configuration file :

# vi /etc/nginx/conf.d/common.conf
# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port

listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
   #    expires max;
   add_header Pragma no-cache;
   add_header Cache-Control "public";
}

5. Create the document root for mutiple websites :

# mkdir -p /var/www/html/example-site1
# mkdir -p /var/www/html/example-site2

6. Add the server block configuration for example-site1.com :

# vi /etc/nginx/sites-available/example-site1.com.conf

Add lines as below :

server {
    listen     80;
    server_name example-site1.com;
    rewrite ^/(.*)$ http://www.example-site1.com/$1 permanent;
}

server {
        server_name www.example-site1.com;
        root /var/www/html/example-site1;
        access_log /var/log/nginx/example-site1.com.access.log;
        error_log /var/log/nginx/example-site1.com.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
}

7. Add the server block configuration for example-site2.com :

# vi /etc/nginx/sites-available/example-site2.com.conf

Add lines as below :

server {
    listen     80;
    server_name example-site2.com;
    rewrite ^/(.*)$ http://www.example-site2.com/$1 permanent;
}

server {
        server_name www.example-site2.com;
        root /var/www/html/example-site2;
        access_log /var/log/nginx/example-site2.com.access.log;
        error_log /var/log/nginx/example-site2.com.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
}

8. Check the nginx syntax :

# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

9. Restart Nginx service to apply for Multiple WordPress sites on Nginx configuration :

# sudo systemctl restart  nginx.service

Multiple WordPress sites on Nginx

Resource

How to Change the WordPress URLs in MySQL Database

Before this I have experienced issues in wordpress migration of servers moving from the test server with an unregistered domain URL (www.ehowstuff.local) to the new virtual private server (VPS) with a registered domain (www.ehowstuff.com). After struggling to do research on google, I found the steps below that save a lot of time.

Step 1 : Update ‘siteurl’ and ‘home’ :

Select the WordPress database :

mysql> use wordpressdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

Check current value for ‘siteurl’ and ‘home’ :

mysql> SELECT option_name, option_value FROM wp_options WHERE option_name IN ('siteurl', 'home');
+-------------+----------------------------+
| option_name | option_value               |
+-------------+----------------------------+
| home        | http://www.ehowstuff.local |
| siteurl     | http://www.ehowstuff.local |
+-------------+----------------------------+
2 rows in set (0.00 sec)

Update the value for ‘siteurl’ and ‘home’ :

mysql> UPDATE wp_options SET option_value = 'https://webhostinggeeks.com/howto' WHERE option_name IN ('siteurl', 'home');
Query OK, 2 rows affected (0.00 sec)
Rows matched: 2  Changed: 2  Warnings: 0

Check the updated value for ‘siteurl’ and ‘home’ :

mysql> SELECT option_name, option_value FROM wp_options WHERE option_name IN ('siteurl', 'home');

+-------------+--------------------------+
| option_name | option_value             |
+-------------+--------------------------+
| home        | https://webhostinggeeks.com/howto |
| siteurl     | https://webhostinggeeks.com/howto |
+-------------+--------------------------+
2 rows in set (0.00 sec)

Optionally you can use below query to achieve step 1:

mysql> UPDATE wp_options SET option_value = replace(option_value, 'http://www.ehowstuff.local', 'https://webhostinggeeks.com/howto') WHERE option_name = 'home' OR option_name = 'siteurl';

Step 2 : Update the guid value in wp_posts table :

mysql> UPDATE wp_posts SET guid = replace(guid, 'http://www.ehowstuff.local','https://webhostinggeeks.com/howto');

Step 3 : Update the post_content value in wp_posts table :

mysql> UPDATE wp_posts SET post_content = replace(post_content, 'http://www.ehowstuff.local', 'https://webhostinggeeks.com/howto');

Step 4 : Update the meta_value value in wp_postmeta table :

mysql> UPDATE wp_postmeta SET meta_value = replace(meta_value, 'http://www.ehowstuff.local', 'https://webhostinggeeks.com/howto');

wp-wall

How to Setup WordPress on Nginx, PHP-FPM and MySQL

WordPress website can be served using Apache or NGINX. Apache is the most popular Web server and most widely used for WordPress blogging platform. Apache is a great option and has served many of the world’s largest Web sites. Alternate web server for Apache is Nginx, pronounced “Engine X”. Nginx is an open source web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols. Many websites and the web developer have moved to NGINX because it’s scalable, low resources, can handle many users concurrency and good website performance. For largest and busiest website, i would suggest you to host you websites and blog on Virtual Private Server (VPS) or dedicated server and run NGINX as a web server. Assumed that MySQL has been prepared and configured for WordPress and was tested on CentOS 6.5.

1. Prepared Nginx Repository :

[root@vps ~]# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2. Install NGINX, PHP, php-fpm amd MySQL server :

[root@vps ~]# yum install nginx php php-cli php-mysql php-gd php-xml php-fpm mysql mysql-server -y

3. Open /etc/php.ini and set cgi.fix_pathinfo=0:

[root@vps ~]# vi /etc/php.ini
..
..
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=0
..
..

4. Set date.timezone in /etc/php.ini :

[Date]
; Defines the default timezone used by the date functions
; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone
date.timezone = "Asia/Kuala_Lumpur"

5. This server configuration was setup for PHP-FPM use a UNIX Socket.

[root@vps ~]# vim /etc/php-fpm.d/www.conf

Specify .sock path :

..
listen = /var/run/php-fpm.sock
..

Change user to run php-fpm :

..
user = nginx
..
..
group = nginx
..

6. Backup NGINX config file :

[root@vps ~]# cp -p /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

7. Create sites-available folder under /etc/nginx :

[root@vps ~]# mkdir /etc/nginx/sites-available

8. Adjust NGINX Worker Processes & Connections. NGINX workers equal the number of processors :

Check Number CPU on your VPS server :

[root@vps ~]# lscpu | grep '^CPU(s)'
CPU(s):                1

or

[root@vps ~]# cat /proc/cpuinfo | grep processor
processor       : 0
..
worker_processes  1;
..
..
worker_connections  1024;
..

Configure nginx.conf as below :

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;
    gzip_types text/css text/x-component application/x-javascript application/javascript  text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

    
    include /etc/nginx/sites-available/*.conf;
}

9. Create common.conf and wordpress.conf under /etc/nginx/conf.d/ folder :

[root@vps ~]# vim /etc/nginx/conf.d/common.conf
[root@vps ~]# vim /etc/nginx/conf.d/wordpress.conf
[root@vps ~]# vim /etc/nginx/conf.d/common.conf

Add the following :

# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;

Explanation :

listen 80; 

-Specifies the listening port of the server.

index index.php index.html index.htm;

-Specifies the default file to serve (WordPress index.php). For HTML sites, please include index.html & index.htm;.

location = /robots.txt {allow all;} 

-Allows the access to robots.txt

Create wordpress.conf :

[root@vps ~]# vim /etc/nginx/conf.d/wordpress.conf

Add the following :

# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

Explanation :

try_files $uri $uri/ /index.php?q=$uri&$args 

-rewrite rule required to allow you to choose your custom permalink structure on WordPress.

location ~* /(?:uploads|files)/.*\.php$ {deny all;} 

-this will prevent malicious code from being uploaded and executed from the WordPress media directory.

location ~ \.php$ {...}

-since WordPress is a php site, we need to tell NGINX how to a pass our php scripts to PHP5.

try_files $uri =404; 

-this is a security rule, you only want to either serve a determined php file or go to a 404 error.

10. Create a virtual server under /etc/nginx/sites-available/ directory :

[root@vps ~]# vi /etc/nginx/sites-available/ehowstuff.local.conf

Assumed that you want to configure a WordPress site with www.ehowstuff.local domain, please setup as below :

server {
    server_name ehowstuff.local;
    rewrite ^/(.*)$ http://www.ehowstuff.local/$1 permanent;
}

server {
        server_name www.ehowstuff.local;
        root /var/www/html/wordpress;
        access_log /var/log/nginx/www.ehowstuff.local.access.log;
        error_log /var/log/nginx/www.ehowstuff.local.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
}

Please change the following for virtual server ehowstuff.local.conf :

server_name: Define the server block for the URL.
root: Where you keep your website file
access log & error log: Paths for your logs

11. Start php-fpm and nginx :

[root@vps ~]# /etc/init.d/php-fpm start
Starting php-fpm:                                          [  OK  ]
[root@vps ~]# /etc/init.d/nginx start
Starting nginx:                                            [  OK  ]

12. Make php-fpm and nginx start at boot :

[root@vps ~]# chkconfig php-fpm on
[root@vps ~]# chkconfig nginx on

13. Verify that the required port already present.

[root@vps ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1042/rpcbind
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      3174/nginx
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1096/sshd
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      3394/mysqld
tcp        0      0 :::111                      :::*                        LISTEN      1042/rpcbind
tcp        0      0 :::22                       :::*                        LISTEN      1096/sshd
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1042/rpcbind
udp        0      0 0.0.0.0:793                 0.0.0.0:*                               1042/rpcbind
udp        0      0 :::111                      :::*                                    1042/rpcbind
udp        0      0 :::793                      :::*                                    1042/rpcbind

How to Display processlist in MySQL

MySQL databases are great database in internet. It’s commonly used in WordPress and Drupal blog. When you are monitoring the performance of a WordPress or Drupal blog, do not forget to monitor the MySQL queries using existing tools including mytop, mtop and also running a SHOW PROCESSLIST from the mysql client command line. It will show all the queries are running and how long they take. The command SHOW PROCESSLIST actually shows you which threads are running in realtime. You can also can get this information from the mysqladmin processlist command and from the INFORMATION_SCHEMA PROCESSLIST table. If you have the PROCESS privilege, you can see all threads. Otherwise, you can see only your own threads. However, if you really need to investigate or monitor overall website performance issue, please also look at other aspects of the system such memory and swapping as well as CPU utilization.

Here is an example of SHOW PROCESSLIST output:

show processlist;
mysql> show processlist;
+----+---------------+-------------------+-------------+---------+------+-------+------------------+
| Id | User          | Host              | db          | Command | Time | State | Info             |
+----+---------------+-------------------+-------------+---------+------+-------+------------------+
| 23 | root          | localhost         | NULL        | Query   |    0 | NULL  | show processlist |
| 46 | wordpressuser | 192.168.0.5:38876 | wordpressdb | Sleep   |   69 |       | NULL             |
| 51 | root          | localhost         | wordpressdb | Sleep   |   34 |       | NULL             |
+----+---------------+-------------------+-------------+---------+------+-------+------------------+
3 rows in set (0.00 sec)

Alternately you can run as below :

mysql> SHOW PROCESSLIST\G
*************************** 1. row ***************************
     Id: 23
   User: root
   Host: localhost
     db: NULL
Command: Query
   Time: 0
  State: NULL
   Info: SHOW PROCESSLIST
*************************** 2. row ***************************
     Id: 46
   User: wordpressuser
   Host: 192.168.0.5:38876
     db: wordpressdb
Command: Sleep
   Time: 73
  State:
   Info: NULL
*************************** 3. row ***************************
     Id: 51
   User: root
   Host: localhost
     db: wordpressdb
Command: Sleep
   Time: 38
  State:
   Info: NULL
3 rows in set (0.00 sec)

You have an option to run processlist in mysqladmin command. Below example show processlist every two second :

mysqladmin -u root -p -i 2 processlist

Example :

[root@mysql-server ~]# mysqladmin -u root -p -i 2 processlist
Enter password:
+----+------+-----------+----+---------+------+-------+------------------+
| Id | User | Host      | db | Command | Time | State | Info             |
+----+------+-----------+----+---------+------+-------+------------------+
| 6  | root | localhost |    | Query   | 0    |       | show processlist |
+----+------+-----------+----+---------+------+-------+------------------+

+----+------+-----------+----+---------+------+-------+------------------+
| Id | User | Host      | db | Command | Time | State | Info             |
+----+------+-----------+----+---------+------+-------+------------------+
| 6  | root | localhost |    | Query   | 0    |       | show processlist |
+----+------+-----------+----+---------+------+-------+------------------+

+----+------+-----------+----+---------+------+-------+------------------+
| Id | User | Host      | db | Command | Time | State | Info             |
+----+------+-----------+----+---------+------+-------+------------------+
| 6  | root | localhost |    | Query   | 0    |       | show processlist |
+----+------+-----------+----+---------+------+-------+------------------+

+----+------+-----------+----+---------+------+-------+------------------+
| Id | User | Host      | db | Command | Time | State | Info             |
+----+------+-----------+----+---------+------+-------+------------------+
| 6  | root | localhost |    | Query   | 0    |       | show processlist |
+----+------+-----------+----+---------+------+-------+------------------+

How to Secure your MySQL On VPS or Dedicated Server

Running a WordPress on a Virtual private Server or dedicated server is not an easy as running a WordPress on shared hosting server. There are a few things need to install and configure. Basically you will need web server(Apache, Nginx or Lighttpd) and database server(MySQL). The most popular database for WordPress platform is MySQL. Installation of the MySQL is very easy, but most of the webmaster will facing difficulties on the configuration part. Therefore i have prepared the article that will cover configuring and securing your MySQL on Virtual private Server(VPS) or on dedicated server. MySQL database is actually the brain of your website or blog. It will store all the configuration information, the posts, comments, login information, user information and etc. This article assumed that you already installed the MySQL server on your VPS or dedicated server and then you may proceed to configure and harden it as below :

1. Run pre-install mysql script, mysql_secure_installation. This will do the following :

a) Set the root password ensures that nobody can log into the MySQL root user without the proper authorization.
b) Remove anonymous users
c) Remove test database and access to it
d) Normally, root should only be allowed to connect from ‘localhost’. Disallow root login remotely if you want. However i prefer to disallow it later

[root@mysql-server ~]# /usr/bin/mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

2. List of MySQL users, make sure all users have password :

mysql> SELECT User,Host,Password FROM mysql.user;
+---------------+-------------+-------------------------------------------+
| User          | Host        | Password                                  |
+---------------+-------------+-------------------------------------------+
| root          | localhost   | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root          | mysql       | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root          | 127.0.0.1   | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| wordpressuser | 192.168.0.5 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
+---------------+-------------+-------------------------------------------+
4 rows in set (0.00 sec)

3. Set a strong password for the MySQL root account and also existing user account :

Existing user account :

mysql> select Host,User,Password from user;
+-------------+---------------+-------------------------------------------+
| Host        | User          | Password                                  |
+-------------+---------------+-------------------------------------------+
| localhost   | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| mysql       | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| 127.0.0.1   | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| 192.168.0.5 | wordpressuser | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
+-------------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

Set new strong password :

mysql> set password for 'root'@'localhost'=password('newstrongpassword');
mysql> set password for 'root'@'127.0.0.1'=password('newstrongpassword');
mysql> set password for 'wordpressuser'@'192.168.0.5'=password('newstrongpassword');

4. Make sure logging such as general_log, slow_query_log and log-error has been enabled in mysql :

[root@mysql-server ~]# vim /etc/my.cnf
[mysqld]
..
..
..
general_log_file=/var/log/mysql/mysqld.log
general_log=1
slow_query_log_file=/var/log/mysql/mysqld.slow.log
slow_query_log=1

[mysqld_safe]
log-error=/var/log/mysql/mysqld.error.log
...
..

Create folder for mysql log and change the folder owner to mysql:

[root@mysql-server ~]# chown -R mysql:mysql /var/log/mysql

Verify the logs :

[root@mysql-server ~]# ll /var/log/mysql
total 12
-rw-r----- 1 mysql mysql 3547 Apr  7 16:57 mysqld.error.log
-rw-rw---- 1 mysql mysql  373 Apr  7 16:58 mysqld.log
-rw-rw---- 1 mysql mysql  174 Apr  7 16:57 mysqld.slow.log

This Will help administrators to monitor critical events and helps in troubleshooting.

Reference : http://dev.mysql.com/doc/refman/5.7/en/server-logs.html

Once you have done above configuration, make sure yo restart the mysqld service :

[root@mysql-server ~]# service mysqld restart
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

Note : This configuration and hardening practice is very basic, you can fine tune your database based on your expected security level and also you can implement host iptables, physical firewall protection and operating system hardening in order to protect the MySQL server. You may refer to “Securing and Hardening Linux Dedicated Server

How to Install WordPress on Remote MySQL

WordPress is an open source content management system (CMS) and popular blogging platform in the world based on PHP and MySQL platform. WordPress can be install on multiple way, either using dedicated server, virtual private server(VPS) or the cheapest way is running on shared hosting. When come to decision to run the wordpress on dedicated server or on VPS, the next question would be whether to run a web service and database service on single or multiple server. We have an option to combine it or to split it. For high performance wordpress website, i would suggest you to run web server(Apache, NGINX, Lighttpd) and database server (MySQL) on different server. Below steps should provide the basic steps how you can setup the wordpress on remote MySQL.

server1 = 192.168.0.5 = Apache server
server2 = 192.168.0.6 = Remote MySQL server

1. Login as a root on server1 then download latest wordpress file and extract the file :

[root@server1 html]# cd /var/www/html
[root@server1 html]# wget http://wordpress.org/latest.tar.gz
[root@server1 html]# tar xzvf latest.tar.gz

2. Login to server2, create the database for the wordpress :

[root@server2 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database wordpressdb;
Query OK, 1 row affected (0.00 sec)

mysql> create user 'wordpressuser'@'192.168.0.5' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on wordpressdb.* to 'wordpressuser'@'192.168.0.5';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'wordpressuser'@'192.168.0.5';
+------------------------------------------------------------------------------------------------------------------------+
| Grants for wordpressuser@192.168.0.5                                                                                   |
+------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpressuser'@'192.168.0.5' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT ALL PRIVILEGES ON `wordpressdb`.* TO 'wordpressuser'@'192.168.0.5'                                               |
+------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

3. Once step 2 above has been done, login again to server1, test the connectivity to database server :

[root@server1 html]# mysql -u wordpressuser -p -h 192.168.0.6
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
| worpressdb         |
+--------------------+
3 rows in set (0.00 sec)

4. Still on server1, copy the config.php file :

[root@server1 ~]# cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php

5. Modify the config.php file and enter the database informations and remote mysql server details :

[root@server1 ~]# vi /var/www/html/wordpress/wp-config.php
define('DB_NAME', 'wordpressdb');

/** MySQL database username */
define('DB_USER', 'wordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'password');

/** MySQL hostname */
define('DB_HOST', '192.168.0.6');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

6. To install, navigate the browser to http://servername/wordpress/.

http://192.168.0.5/wordpress/

How to Install WordPress on CentOS 6.4

wordpressWordPress is free web blogging software and open source content management system (CMS) which based on PHP and MySQL platform. You can run and install WorPress on shared Web hosting service, on virtual private server (VPS) or if you need high performance WordPress blog which can serve many concurrent users at a time, you can choose dedicated server for it. This post covers the steps how to install WordPress on linux CentOS 6.4. It was assumed that this CentOS 6.4 already installed with PHP, apache and MySQL server.

1. Login as a root, download latest wordpress file :

[root@centos64 ~]# wget http://wordpress.org/latest.tar.gz

2. Once downloaded, move yje wordpress file to document root on your web server.

[root@centos64 ~]# mv latest.tar.gz /var/www/html/

3. Enter document’s root directory and extract the wordpress file :

[root@centos64 ~]# cd /var/www/html/
[root@centos64 html]# tar xvzf latest.tar.gz

4. Make wordpress folder readable :

[root@centos64 ~]# chmod 755 /var/www/html/wordpress

5. Create Database name “newwordpress” :

mysql> CREATE DATABASE newwordpress;
Query OK, 1 row affected (0.08 sec)

6. Create user “newwordpressuser” with password “newwordpresspassword” :

mysql> CREATE USER 'newwordpressuser'@'localhost' IDENTIFIED BY 'newwordpresspassword';
Query OK, 0 rows affected (0.07 sec)

7. Grant all privileges to “newwordpress” to user “newwordpressuser” from localhost access :

mysql> GRANT ALL PRIVILEGES ON newwordpress.* to newwordpressuser@localhost;
Query OK, 0 rows affected (0.00 sec)

8. Verify the granted access for user “newwordpressuser” :

mysql> SHOW GRANTS FOR 'newwordpressuser'@'localhost';
+-------------------------------------------------------------------------------------------------------------------------+
| Grants for newwordpressuser@localhost                                                                                   |
+-------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'newwordpressuser'@'localhost' IDENTIFIED BY PASSWORD '*2E824B82B9B162C4283AA039118AD4C5248380DA' |
| GRANT ALL PRIVILEGES ON `newwordpress`.* TO 'newwordpressuser'@'localhost'                                              |
+-------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql>

9. Display the created database :

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| newwordpress       |
+--------------------+
3 rows in set (0.00 sec)

10. Copy and rename wp-config-sample.php to wp-config.php:

[root@centos64 ~]# cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php

11. Modify the wp-config.php :

[root@centos64 ~]# vi /var/www/html/wordpress/wp-config.php

12. Change below database details such as database’ name, database’ username, database’ password nand database’ hostname.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'newwordpress');

/** MySQL database username */
define('DB_USER', 'newwordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'newwordpresspassword');

/** MySQL hostname */
define('DB_HOST', 'localhost');

13. To install, navigate the browser to http://servername/wordpress/.
http://192.168.2.64/wordpress/
1
14. To login, navigate the browser to http://servername/wordpress/wp-login.php :

How to Install WordPress Blog on Fedora 16

In this post, i will share with you on how to install WordPress blog on Fedora 16 server. WordPress is an open-source blogging platform. It’s a free blogging tool and content management system (CMS) based on PHP and MySQL. Follow this howto guides to install the WordPress on Fedora 16. This post assumed that apache and mysql has been setup on this server. If not, proceed to the following Apache and MySQL installation howto :

1. Login as a root and download latest wordpress file :

[root@fedora16 ~]# wget http://wordpress.org/latest.tar.gz

Enter documentroot “/var/www/html”

[root@fedora16 ~]# cd /var/www/html
[root@fedora16 blog]# pwd
/var/www/html

2. Extract the lates.tar.gz files to current directory. In this post, i will extract wordpress file into documentroot “/var/www/html” :

[root@fedora16 html]# tar xvzf /root/latest.tar.gz

3. Rename extracted wordpress to blog for easier and better naming :

[root@fedora16 html]# mv wordpress blog

4. Now it’s turn to create wordpress database. Login to your mySQl database ;

[root@fedora16 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.5.14 MySQL Community Server (GPL)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

5. Create Database name “wordpressdb” :

mysql> CREATE DATABASE wordpressdb;
Query OK, 1 row affected (0.07 sec)

6. Create user “wordpressuser” with password “wordpresspassword” :

mysql> CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspassword';
Query OK, 0 rows affected (0.00 sec)

7. Grant all privileges to “wordpressdb” to user ” wordpressuser” from localhost access :

mysql> GRANT ALL PRIVILEGES ON wordpressdb.* to wordpressuser@localhost;
Query OK, 0 rows affected (0.00 sec)

8. Check and verify the granted access for user “wordpressuser” :

mysql> SHOW GRANTS FOR 'wordpressuser'@'localhost';
+----------------------------------------------------------------------------------------------------------------------+
| Grants for wordpressuser@localhost                                                                                   |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpressuser'@'localhost' IDENTIFIED BY PASSWORD '*E62D3F829F44A91CC231C76347712772B3B9DABC' |
| GRANT ALL PRIVILEGES ON `wordpressdb`.* TO 'wordpressuser'@'localhost'                                               |
+----------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql>

9. For better security, make wordpress folder readable only from browser :

[root@fedora16 ~]# chmod 755 /var/www/html/blog/

10. Go to your web server terminal or ssh to web server. Copy and rename wp-config-sample.php to wp-config.php:

[root@fedora16 ~]# cp /var/www/html/blog/wp-config-sample.php /var/www/html/blog/wp-config.php

11. Modify the wp-config.php:

[root@fedora16 ~]# vi /var/www/html/blog/wp-config.php

12. Change below line to above:

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpressdb');

/** MySQL database username */
define('DB_USER', 'wordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'wordpresspassword');

13. To configure wordpress, navigate the browser to http://servername/blog/

wordpress

14. Please complete the form Click “Install WordPress”

Site Title : Blog Title
Username : Prefered username
Password, twice : Your password
Your E-mail : Your Email

wordpress

15. To login, navigate the browser to http://servername/blog/wp-login.php

How to Install Disqus on WordPress

Disqus is a world favorite comment system and discussion platform that improves discussion on websites or blogs and connects conversations across the web. It is free to register and you can install more that one websites in one account. In this post, i will share on how to install Disqus on WordPress blog.

1. Before you install disqus, your wordpress comment platform will look like below :
disqus

2.Go to disqus.com. Please register if you don’t have free account. You can proceed to login if you have an account on disqus.com.
disqus

3. Click Dashboard then press “+Add” :
disqus

4. Register your blog to use Disqus. Click continue to proceed :
disqus

5. Click Continue if you select default setting :
disqus

6. Select ” WordPress” :
disqus

7. Now it’s time to install the disqus plugin into your wordpress blog :
disqus

8. Login to your wordpress blog dashboard. Download the plugin name “Disqus comment system”. Activate the plugin :
disqus

9. After you have activated the disqus plugin, you may proceed to configure it :
disqus

10. continue to configure disqus :
disqus

11. Select a website that you want to configure disqus comment system :
disqus

12. Now you blog has been installed and configured with disqus.
disqus

13. Start to export your comments :
disqus

14. Please wait while it’s processing.. :
disqus

15. Your wordpress comments has been exported to disqus platform :
disqus

16. Your new blog comment will be more advance and interesting by using disqus comments system :
disqus

How to Install WordPress Blog on Linux CentOS 6 / RHEL 6

How to Install WordPress Blog on LinuxThis article will explain the steps on how to install WordPress blog on Linux CentOS 6, Redhat Enterprise Linux 6 (RHEL 6) and Oracle Linux 6. WordPress is an open-source blogging platform. It’s a free blogging tool and content management system (CMS) based on PHP and MySQL. Follow this howto guides to install the WordPress on RHEL 6. This post assumed that apache and mysql has been setup on this server. If not, proceed to the following Apache and MySQL installation howto :

How to Install Apache Httpd Server on RHEL 6
How to Install MySQL Server on RHEL 6

Steps to Install WordPress Blog on Linux

1. Make sure you are on the DocumentRoot directory where you will put the wordpress files :

[root@rhel6 html]# pwd
/var/www/html

2. Download the WordPress :

[root@rhel6 html]# wget http://wordpress.org/latest.tar.gz

3. Extract the lates.tar.gz files :

[root@rhel6 html]# tar xzvf latest.tar.gz

4. Proceed to create the database for WordPress. On your server, try to create a new (empty) MySQL database for WordPress (For example, you can call it “wpdb”. If your the newbie, you can follow this basic steps to create a new database and assign a user and it’s permission :

[root@rhel6 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.47 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE wpdb;
Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wppassword';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON wpdb.* to wpuser@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW GRANTS FOR 'wpuser'@'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for wpuser@localhost                                                                                   |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wpuser'@'localhost' IDENTIFIED BY PASSWORD '*977FDAC11B3F74324912DA4F9D489A3E6D59B281' |
| GRANT ALL PRIVILEGES ON `wpdb`.* TO 'wpuser'@'localhost'                                                      |
+---------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

5. Make wordpress folder writable, otherwise you will not able to create config.php during the installation :

[root@rhel6 ~]# chmod o+wx /var/www/html/wordpress/

6. Run the installation script on your server. Go to the following address in your web browser :

http://serveripaddress/wordpress

7. Click “Create Configuration File” :
WordPress
8. Click “Let’s Go!” :
Wordpress
9. Enter “Database Name“, “User Name” and “Password“. Click “Submit” to proceed :
Wordpress
10. Click “Run the Install” to proceed :
Wordpress
11. Provide the blog information. You can change it later :
Wordpress
12. WordPress has been successfully installed on your RHEL 6 server :
Wordpress

13. For security reason, remove the writable access to wordpress root folder :

[root@rhel6 ~]# chmod o-wx /var/www/html/wordpress/

14. Assigned the secure permission for wordpress root folder. 755 means read and execute access for everyone and also write access for the owner of the file.

[root@rhel6 ~]# chmod 755 /var/www/html/wordpress/

15. As a blog administrator, you can login to the wordpress dashboard using this URL:
http://serveripaddress/wordpress/wp-login.php

Normal usercan access the blog using the following URL :
http://serveripaddress/wordpress/