Bitnami WordPress Redirected from Applications/BitNami Wordpress Stack

     

    How-To Guides

    How to optimize a default Bitnami WordPress install

    Troubleshooting

    How to Upgrade Your Amazon Instance

    Migration from local installation to the cloud

     

    WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time. The project was started in 2003. Since then it has grown to be the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every day.

    Please, take a look to the Quick Start Guide to know the basic use of this Stack.

    How to start/stop the servers?

    Cloud Server

    Each Bitnami stack includes a control script that lets you easily stop, start and restart servers.

    The script is located at /opt/bitnami/ctlscript.sh. Call it without any arguments to restart all services:

    $ sudo /opt/bitnami/ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ sudo /opt/bitnami/ctlscript.sh restart mysql
    

    Virtual Machine

    Each Bitnami stack includes a control script that lets you easily stop, start and restart servers.

    The script is located at /opt/bitnami/ctlscript.sh. Call it without any arguments to restart all services:

    $ sudo /opt/bitnami/ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ sudo /opt/bitnami/ctlscript.sh restart mysql
    

    Native Installer

    You can use either the graphical manager tool or the command-line tool to start and stop the servers.

    Graphical Tool

    Bitnami stacks include a graphical tool to manage the servers easily (native installers only). Using this tool, you can start, stop and restart the servers and check the log files.

    manager-servers.png

     

     

     

     

     

     

     

     

     

     

    On Windows:

    • Double-click the "manager-windows.exe" file in your installation directory.  
    • You can also start the Manager tool using the Start Menu path Start -> Program Files -> Bitnami Stack -> Manager.

    On Linux and Mac OS X:

    • Double-click the "manager-osx" or "manager-linux-*" tool in your installation directory. 
    Command-line Tool

    Each Bitnami stack includes a control script that lets you easily stop, start and restart servers.

    The control script is only available for Linux and Mac OS X native installers. The script is located in your installation directory and named ctlscript.sh. Call it without any arguments to restart all services.

    On Linux:
    If your installation directory is /home/USER/wordpress-4.0.1-0, call the control script with the ‘start’ argument to start all servers. For example:

    $ cd /home/USER/wordpress-4.0.1-0
    $ ./ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ cd /home/USER/wordpress-4.0.1-0
    $ ./ctlscript.sh restart mysql
    

    On Mac OS X:
    If your installation directory is /Applications/wordpress-4.0.1-0, call the control script with the ‘start’ argument to start all servers. For example:

    $ cd /Applications/wordpress-4.0.1-0
    $ ./ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ cd /Applications/wordpress-4.0.1-0
    $ ./ctlscript.sh restart mysql
    

    Tabs end

    How to change the default URL to root?

    This approach describes how to configure your application to run in the root URL directly. Also, you will be able to modify the URL to a NEW_DOMAIN using the bnconfig tool. The details are described below.

    Automatic Approach

    This approach is based on the Bitnami Configuration Tool (bnconfig).

    Bitnami Cloud Hosting

    The best way to change your URL in BCH is to go to your application tab and modify it there. In the Bitnami Cloud Hosting console, select Servers, choose your server, Manage and go to the Applications tab. Press there the pencil next to the application which URL you want to modify and choose .

    Refer to this guide for more information.

    Cloud Images and Virtual Machines

    Moving the application to /

     If your application is running in "/wordpress" you can remove the prefix from the URL executing the following command:

    $ sudo /opt/bitnami/apps/wordpress/bnconfig --appurl /
    

    (use --help to check if that option is available for your application)

    Now you will be able to access to the application at http://YOUR_DOMAIN instead of http://YOUR_DOMAIN/wordpress.

    Updating the IP or hostname

    Some applications require to update the IP/domain if the machine IP/domain changes. The bnconfig tool also has an option which updates the IP automatically during boot, called machine_hostname (use --help to check if that option is available for your application). Note that this tool changes the URL to http://NEW_DOMAIN/wordpress

    sudo /opt/bitnami/apps/wordpress/bnconfig --machine_hostname NEW_DOMAIN
    

    If you already moved your application to the root URL you should include both options at the same time.

    sudo /opt/bitnami/apps/wordpress/bnconfig --appurl / --machine_hostname NEW_DOMAIN
    

    If you have configured your machine to use an static domain name or IP, you should rename or remove the "/opt/bitnami/apps/wordpress/bnconfig" file.

    sudo mv /opt/bitnami/apps/wordpress/bnconfig /opt/bitnami/apps/wordpress/bnconfig.disabled
    

    Native Installer

    Remember to use your actual installation directory instead of installdir.

    Moving the application to /

    If your application is running in "/wordpress" you can remove the prefix from the URL executing the following command:

    On Linux,

    installdir/apps/wordpress/bnconfig --appurl /
    

    On Mac OS X, 

    installdir/apps/wordpress/bnconfig.app/Contents/MacOS/installbuilder.sh --appurl /
    

    On Windows,

    installdir/apps/wordpress/bnconfig.exe --appurl /
    

    (use --help to check if that option is available for your application)

    Now you will be able to access to the application at http://YOUR_DOMAIN instead of http://YOUR_DOMAIN/wordpress.

    Updating the IP or hostname

    Some applications require to update the IP/domain if the machine IP/domain changes. The bnconfig tool also has an option which updates the IP , called machine_hostname (use --help to check if that option is available for your application). Note that this tool changes the URL to http://NEW_DOMAIN/wordpress.

    installdir/apps/wordpress/bnconfig --machine_hostname NEW_DOMAIN
    

    If you already moved your application to the root URL you should include both options at the same time.

    installdir/apps/wordpress/bnconfig --appurl / --machine_hostname NEW_DOMAIN
    

    Tabs end

    Manual Approach

    If you want to change the default URL from http://your_domain/wordpress to http://your_domain, edit the installdir/apps/wordpress/conf/httpd-prefix.conf file so that it looks like the file below:

    DocumentRoot "/installdir/apps/wordpress/htdocs"
    # Alias /wordpress/ "/installdir/apps/wordpress/htdocs/"
    # Alias /wordpress "/installdir/apps/wordpress/htdocs"
    
    (...)
    
     
    Remember that you must substitute installdir with your actual installation directory (for native installers) or /opt/bitnami (for cloud images and virtual machines).

    Some applications also require additional changes in their configuration files or in their database.

    It is also necessary to modify the RewriteBase option to remove the "/wordpress" prefix in the /installdir/apps/wordpress/conf/httpd-app.conf and the /installdir/apps/wordpress/conf/htaccess.conf files:

    <Directory "...">
        ...
        RewriteBase /
        ...
    </Directory>
    

     

    And the same in the following lines of wp-config.php:

    define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/');                   
    define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/'); 

    Don't forget to restart apache after this changes have been done.

    How to change the URL to another suburi?

    If you want to change the default URL from http://your_domain/wordpress to http://your_domain/myblog, you should follow the steps below:

    • Modify /opt/bitnami/apps/wordpress/httpd-prefix.conf
    Alias /myblog/ "/installdir/apps/wordpress/htdocs/"
    Alias /myblog "/installdir/apps/wordpress/htdocs"
    
    (...)

    It is also necessary to modify the RewriteBase option to change the "/wordpress" prefix in the /installdir/apps/wordpress/conf/httpd-app.conf file:

    <Directory "...">
        ...
        RewriteBase /myblog
        ...
    </Directory>
    

     

    And the same in the following lines of wp-config.php:

    define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/myblog');                   
    define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/myblog'); 

    Don't forget to restart apache after this changes have been done.

    How to change the WordPress domain name?

    If you are using a WordPress version higher than 3.3.1-5 version, you only have to specify your domain name in the /opt/bitnami/apps/wordpress/htdocs/wp-config.php file (for cloud servers and virtual machines) and the installdir/apps/wordpress/htdocs/wp-config.php file (for native installers). You can replace the following lines with your domain name:

    define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/wordpress');                   
    define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/wordpress');    
    

    with

    define('WP_SITEURL', 'http://example.com/wordpress');                   
    define('WP_HOME', 'http://example.com/wordpress');    
    

    If you have previously removed the /wordpress prefix from the URL, do not specify it.

    How to create a full backup of WordPress?

    Backup

    Bitnami stacks are self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.

    Cloud Server

    Follow these steps:

    • Change to the directory in which you wish to save your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
      
    • Create a compressed file with the stack contents.
      $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami
    • Restart all servers.
      $ sudo /opt/bitnami/ctlscript.sh start

    You should now download or transfer the application-backup.tar.gz file to a safe location.

    Virtual Machine

    Follow these steps:

    • Change to the directory in which you wish to save your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
    • Create a compressed file with the stack contents.
      $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami
    • Restart all servers.
      $ sudo /opt/bitnami/ctlscript.sh start
      

    You should now download or transfer the application-backup.tar.gz file to a safe location.

    Native Installer (Windows)

    Follow these steps:

    • Stop all servers using the shortcuts in the Start Menu or the graphical manager tool.
    • Create a compressed file with the stack contents. You can use a graphical tool like 7-Zip or WinZip.
    • Stop all servers using the shortcuts in the Start Menu or the graphical manager tool.

    You should now download or transfer the application-backup.zip file to a safe location.

    Native Installer (Linux and Mac OS X)

    Follow these steps:

    • Change to the directory in which you wish to save your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo installdir/ctlscript.sh stop
      
    • Create a compressed file with the stack contents.
      $ sudo tar -pczvf application-backup.tar.gz installdir
      
    • Restart all servers.
      $ sudo installdir/ctlscript.sh start
      

    You should now download or transfer the application-backup.tar.gz file to a safe location.

    Tabs end

    Restore

    Bitnami stacks are self-contained, so to restore a stack, you only need to uncompress the backup file in the same location. It is important to use the same path that was used when the stack was originally installed.

    Cloud Server

    Follow these steps:

    • Change to the directory containing your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
    • Rename the current directory to save it.
      $ sudo mv /opt/bitnami /opt/bitnamiBackup
    • Uncompress the backup file to the original directory.
      $ sudo tar -pxzvf application-backup.tar.gz -C /
    • Start all servers.
      $ sudo /opt/bitnami/ctlscript.sh start
      

    Virtual Machine

    Follow these steps:

    • Change to the directory containing your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
    • Rename the current directory to save it.
      $ sudo mv /opt/bitnami /opt/bitnamiBackup
    • Uncompress the backup file to the original directory.
      $ sudo tar -pxzvf application-backup.tar.gz -C /
    • Start all servers.
      $ sudo /opt/bitnami/ctlscript.sh start
      

    Native Installer (Windows)

    Follow these steps:

    • Uncompress the backup file to the original directory.
    • Install services by launching a new command prompt and executing the following commands. Administrator privileges are required.
      $ cd installdir
      $ serviceinstall.bat INSTALL
      

    You can now start or stop servers using the graphical manager tool.

    Native Installer (Linux and Mac OS X)

    Follow these steps:

    • Change to the directory containing your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
      
    • Rename the current directory to save it.
      $ sudo mv installdir installdirBackup
    • Uncompress the backup file to the original directory.
      $ sudo tar -pxzvf application-backup.tar.gz -C /
      
    • Start all servers.
      $ sudo installdir/ctlscript.sh start
      

    Tabs end

    IMPORTANT: When restoring, remember to maintain the original permissions for the files and folders. For example, if you originally installed the stack as 'root', make sure that the restored files are owned by 'root'.


    If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.

    How to upgrade WordPress?

    It is strongly recommended to create a backup before starting the update process. If you have important data, create and try to restore a backup to ensure that everything works properly.

    There are two different ways to upgrade your application.

    • You can upgrade the application and all stack components, such as PHP, Ruby, MySQL and Apache.
    • You can upgrade the application only without modifying any other stack components.
      • Use the links provided in the application page on the wiki.

    In the Wordpress case, you can update Wordpress easily from the Administration panel.

    How to install a plugin on WordPress?

    You can install any plugin or theme from the Wordpress administration panel.

    • If you are using the Installer, it is necessary to specify your FTP credentials.
    • For Virtual Appliances and AMIs FTP is pre-configured and you do not have to specify them.
    • If you are using the Native Stack, you can install plugins, themes or updates if you select "development" mode during the installation. If you selected "production" mode it is necessary to install a FTP server in your machine to be able to install modules from the admin panel.

     

    NOTE: If you find issues while installing, using or updating a Wordpress plugin please check out the Wordpress Plugins Troubleshooting section.

    How to install all-in-one WP migration plugin?

    The following steps assume that:
    • You are using the Bitnami WordPress Stack (not the WordPress Multisite Stack) and
    • You are able to log in to the WordPress dashboard by visiting http://[your-domain-name]/wp-login.php

    1. Log in to your WordPress dashboard.
    2. Select the "Plugins -> Installed Plugins" option.
    3. Find the plugin named "All-in-One WP Migration" and select "Activate" to activate it.

    image1.png
     

    NOTE: If you are using a version of the Bitnami WordPress Stack lower than v4.0, the "All-in-One WP Migration" plugin is not pre-installed. You must manually install the plugin first following these instructions.

    The plugin will now be installed. Select the "Site Migration" option in the WordPress menu to export or import your WordPress blog (instructions).

    In some cases, the "Site Migration" page might display the error message shown below:

    image2.png

    In this case, a permissions change is required. Log in to the server console (instructions) and run the commands below before exporting or importing your WordPress blog. Remember that for native installers, you must replace /opt/bitnami in the commands below with the path to your WordPress installation directory.

    $ sudo chgrp daemon /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/all-in-one-wp-migration/storage
    $ sudo chmod 775 /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/all-in-one-wp-migration/storage
    

    How to install WP-DBManager?

    If you install WP-DBManager you will need to create the backup-bd in your wp-content directory. To do it, you must connect to your machine through SSH, and run this command:

    mkdir /opt/bitnami/apps/wordpress/htdocs/wp-content/backup-db
    sudo chmod 775 /opt/bitnami/apps/wordpress/htdocs/wp-content/backup-db
    sudo chown bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/wp-content/backup-db

    Once you have done it, you must add the htaccess example provided by the plugin into the htaccess.conf file and you must create an empty .htaccess file in the backup-db directory to pass the plugins checks. To do it, run the commands below:

    echo '<Directory "/opt/bitnami/apps/wordpress/htdocs/wp-content/backup-db">' >> /opt/bitnami/apps/wordpress/conf/htaccess.conf
    cat /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/wp-dbmanager/htaccess.txt >> /opt/bitnami/apps/wordpress/conf/htaccess.conf
    echo '</Directory>' >> /opt/bitnami/apps/wordpress/conf/htaccess.conf
    touch /opt/bitnami/apps/wordpress/htdocs/wp-content/backup-db/.htaccess

     

    Finally, once you activated the plugin in your Wordpress dashboard, you must ensure that in the plugin DB Option the mysql and mysqldum paths are correct.

    mysql path:

    /opt/bitnami/mysql/bin/mysql

    mysqldump path:

    /opt/bitnami/mysql/bin/mysqldump

    How to detect malicious software on your WordPress installation?

    You could install the Wordfence Security plugin via the admin panel and run a scan of your Wordpress installation. To do so please follow the next steps:

    1. Log in to your WordPress dashboard.
    2. Select the "Plugins -> Add New" option.
    3. Type "wordfence" on the serch box
    4. Install the Wordfence Security plugin by clicking on "Install Now

      Screen Shot 2016-01-12 at 17.57.06.png

    5. Click on "Activate plugin"
    6. A new entry should have been added to your left menu:

      Screen Shot 2016-01-12 at 17.50.11.png

    7. You can now go to the "Wordfence" section on your left menu and click on "Start a Wordfence Scan"
    8. Wait until the scan ends.

      Screen Shot 2016-01-12 at 17.56.15.png

    How to configure the email settings of WordPress?

    You can install or enable the "WP Mail SMTP" from the WordPress administration page. Once you installed it you can configure the SMTP settings of your email provider in the Settings panel. For instance, you can use a GMail account settings to send emails from the Wordpress application.

    • If you are using the Native Stack or Bitnami Cloud Hosting, you can configure the email settings during the WordPress deployment.

    How to translate WordPress to my language?

    Bitnami WordPress Stack has already installed English and Spanish translations currently and we will work for adding more languages.

    If you want to change the Wordpress language, you can do it either manually or using the WordPress Admin Panel:

    Change language using WordPress Admin Panel
    1. Login into the WordPress Admin Panel
    2. Click on the Settings->General tab located in the menu on the left
    3. Scroll down until "Site Language" and select the one you prefer

    Screen Shot 2016-05-13 at 10.36.59 AM.png

    Change language manually
    1. Download the translation files for your language from http://codex.wordpress.org/WordPress_in_Your_Language
    2. Once you have downloaded the files, you have to get the .po and .mo files and copy them into the installdir/apps/wordpress/wp-content/languages folder.
    3. Edit the installdir/apps/wordpress/htdocs/wp-config.php file and edit the following line specifying your language code. For example: define('WPLANG', 'es_ES');
    4. Restart the Apache server and that's all.

    How to edit the WordPress files?

    For security reasons,  WordPress files are not editable from the WordPress application itself. If you are using a Virtual Machine or a Cloud Image, we would suggest to use a FTP client to edit the files remotely.

    Another option is to change the permissions to be able to edit from the WordPress application temporary. Note that this configuration is not secure so please revert it after editing the files temporarily:

    $ sudo chown daemon:daemon /opt/bitnami/apps/wordpress/htdocs
    

    To revert this change you can run the following command:

    $ sudo chown bitnami:daemon /opt/bitnami/apps/wordpress/htdocs
    

    How to enable SSL?

    You can see how to configure Apache to enable SSL connections at How to enable SSL to access through https?

    How to debug WordPress errors?

    Cloud Server

    Once Apache starts, it will create two log files at /opt/bitnami/apache2/logs/access_log and /opt/bitnami/apache2/logs/error_log respectively. On Amazon Linux and Red Hat Enterprise cloud images, the log files are created at /var/log/httpd/access_log and /var/log/httpd/error_log instead.

    • The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.
    • The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.
      If no error is found, you will see a message similar to:
    Syntax OK
    /installdir/ctlscript.sh : httpd started
    

    Virtual Machine

    Once Apache starts, it will create two log files at /opt/bitnami/apache2/logs/access_log and /opt/bitnami/apache2/logs/error_log respectively.

    • The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.
    • The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.
      If no error is found, you will see a message similar to:
    Syntax OK
    /installdir/ctlscript.sh : httpd started
    

    Native Installer

    Once Apache starts, it will create two log files at installdir/apache2/logs/access_log and installdir/apache2/logs/error_log respectively.

    • The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.
    • The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.
      If no error is found, you will see a message similar to:
    Syntax OK
    /installdir/ctlscript.sh : httpd started
    

    Cloud Server

    The main MySQL log file is created at /opt/bitnami/mysql/data/mysqld.log.

    Virtual Machine

    The main MySQL log file is created at /opt/bitnami/mysql/data/mysqld.log.

    Native Installer

    The main MySQL log file is created at installdir/mysql/data/mysqld.log.

    How to reset the WordPress admin password from the command line?

    It is possible to reset the password from the command line. You can use the command below to reset the administrator password: 

    mysql -u root -p -D bitnami_wordpress -e 'UPDATE wp_users SET user_pass=MD5("'NEWPASSWORD'") WHERE ID='1';'

    How to increase the allowed size of the uploaded files?

    You can modify the following option in the php.ini file to increase the allowed size for uploads:

    ; Maximum size of POST data that PHP will accept.
    post_max_size = 16M
    
    ...
    
    ; Maximum allowed size for uploaded files.
    upload_max_filesize = 16M
    

    If you have enabled PHP-FPM (enabled by default in Cloud Images and VMs) you need to restart PHP-FPM running the following command:

    sudo /opt/bitnami/ctlscript.sh restart php-fpm
    

    Note: For native installers replace /opt/bitnami with your current installation directory.

    Otherwise, you need to restart the Apache server:

    sudo YOUR_INSTALLATION_DIRECTORY/ctlscript.sh restart apache

    XML-RPC and Pingback

    A pingback is a special type of comment that is created when you link to another blog post and it is a functionality of the WordPress XML-RPC module.

    Since Bitnami WordPress Stack 4.4.2-3the pingback feature in XML-RPC module has been disabledOther XML-RPC features continue working as before so you can still publish content in your WordPress blog/website from Web clients or smartphone apps.

    In order to enable it again, edit the WordPress configuration file (located at /opt/bitnami/apps/wordpress/htdocs/wp-config.php) and remove the last two filters related to XML-RCP and pingback. Specifically these lines:

    //  Disable pingback.ping xmlrpc method to prevent WordPress from participating in DDoS attacks
    //  More info at: https://wiki.bitnami.com/Applications/Bitnami_Wordpress#XMLRPC_and_Pingback
    
    // remove x-pingback HTTP header
    add_filter('wp_headers', function($headers) {
        unset($headers['X-Pingback']);
        return $headers;
    });
    // disable pingbacks
    add_filter( 'xmlrpc_methods', function( $methods ) {
            unset( $methods['pingback.ping'] );
            return $methods;
    });
    
    Why Bitnami disables pingback functionality and what have it to do with XML-RCP?
    WordPress implements an interface to use the XML-RPC protocol. This allows features like remote publishing from Web clients, smartphone apps and more. You can find more info in the WordPress Codex XMLRCP Page.

    The XML-RPC feature of WordPress is known to be susceptible to two types of attacks:

    If most of the entries in your logs come from the same IP address, it's likely your site is either under a brute force amplification attack or being used to launch a pingback attack towards a different site. If the entries come from different IP addresses, your site is probably the victim of a pingback attack.

    Please keep in mind that none of these attacks are related to a security issue, but are the result of abusing pingbacks and the XML-RPC mechanism.
     

    The DDoS attack became more popular after WordPress version 3.5 was released with the pingback feature enabled by default.
    Current countermeasures:

    Since Bitnami WordPress Stack 4.4, the brute force amplification attack is no longer exploitable, although a common brute force attack is still possible.
    Since Bitnami WordPress Stack 4.4.2-3, the pingback feature has been disabled. This means a malicious agent won't be able to use your Wordpress to perform DDoS attacks on other instances.
    We also ship the Jetpack plugin, which can help protect a site against Brute Force attacks thanks to the Protect module. You can find more information at Jetpack website. The plugin is inactive by default, you should enable it using the WordPress admin panel.

    Even with these actions, you will still be vulnerable to common brute force attacks using the XML-RCP module.

    Apart from these, there are at least two more countermeasures you can apply, although each one has their own drawbacks:

    • Enable mod_security: ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server. Bitnami stacks already ship the mod_security2 module installed in Apache but it is not enabled by default. To enable this module follow the instructions at our Apache component wiki page.
    • Disable XML-RPC: It will avoid both types of attacks but smartphone apps, remote publishing and some plugins won't work. You can find more information at this blog post about disabling XML-RPC in WordPress.
    • Block the offending IP addresses: This should be considered a fragile, short-term solution. You can find the procedure for Bitnami Cloud Hosting instances here.

     

    How to disable the WordPress wp-cron.php?

    The wp-cron.php script will run once a user visits your site. If you get a lot of traffic, this could be a problem. This cron task is really necessary when you make updates in the blog. You can move this cron script to a system cron task to help in lowering your resource usage on the server.

    Disable the wp-cron in /installdir/apps/wordpress/htdocs/wp-config.php file. It is important the location, you can add it just before the database settings.

    define('DISABLE_WP_CRON', true);
    

    Then add the cron task process in the system. For example, this cron task will run the wp-cron.php process every hour. You can add it using the following command:

    $ sudo crontab -e
    0 * * * * su daemon -s /bin/sh -c "cd /opt/bitnami/apps/wordpress/htdocs; /opt/bitnami/php/bin/php -q wp-cron.php"
    

    How to install several WordPress modules on the same stack?

    It is really easy to install more than one WordPress module on a Bitnami stack. You just need to download it from our site (https://bitnami.com/stack/lamp/modules in the case you are using Linux), and install it using --wordpress_instance_name newblogname option. Here is an example about the steps in VMs and AMIs (which use Linux as OS).

    First of all you have to Download the module, and then run the download file with a special parameter. Please have in mind that this takes into consideration that you already have a running stack that includes php, apache and MySQL. During the installation process you will be requested the installation directory of this stack.

    On GNU/Linux:

    chmod a+x bitnami-wordpress-VERSION-module-linux-x64-installer.run
    ./bitnami-wordpress-VERSION-module-linux-x64-installer.run --wordpress_instance_name newblogname
    

    On Windows:

    ./bitnami-wordpress-VERSION-module-windows-installer.exe --wordpress_instance_name newblogname

    On MAC:

    hdiutil mount bitnami-wordpress-VERSION-module-osx-x86_64-installer.dmg
    /Volumes/WordPress\ Module\ VERSION/BitNami\ WordPress\ Module.app/Contents/MacOS/installbuilder.sh --wordpress_instance_name newblogname

    Once you have the module installed, you will be able to access it through http://YOURDOMAIN/newblogname

    In Bitnami Cloud Hosting, the capability to have more than one WordPress module is enabled. You can do it easily following the steps in this guide

    http://wiki.bitnami.com/Bitnami_Cloud_Hosting/Applications#Adding_several_instances_of_the_same_application

    This information is for normal WordPress. If you are looking for information about WordPress Multisites, please follow this link http://wiki.bitnami.com/Applications/Bitnami_WordPress_Multisite

    How to enable CORS in Wordpress

    You just need to edit your WordPress configuration file for Apache (installationdirectory/apps/wordpress/conf/httpd-app.conf) and add the following line inside the Directory directive

    ...
    <Directory installationdirectory/apps/wordpress/htdocs/>
    ...
    Header set Access-Control-Allow-Origin "*"
    ...
    </Directory>
    

    You also can also enable other methods or headers for other directories (e.g installationdirectory/apps/wordpress/htdocs/wp-admin):

    ...
    <Directory installationdirectory/apps/wordpress/htdocs/wp-admin>
    ...
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, OPTIONS, POST"
    Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type, accept"
    ...
    </Directory>
    

    If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. By default, only the server where the application is hosted is allowed (see installationdirectory/apps/wordpress/htdocs/wp-includes/http.php) . For other request methods, you will receive a return value.

     

    How to configure WordPress for cloud storage on Amazon S3?

    NOTE: Before following the steps in this guide, ensure that you have an Amazon Web Services account with (optionally) an IAM user account and the corresponding AWS access key and secret key. You should also install and activate the Amazon Web Services plugin and the Amazon S3 and CloudFront plugin in your WordPress blog (instructions).

    To configure Amazon S3 storage for your WordPress blog, follow these steps:

    • Log in to your server console.
    • Open the file /opt/bitnami/apps/wordpress/htdocs/wp-config.php (for cloud servers and virtual machines) or installdir/apps/wordpress/htdocs/wp-config.php (for native installers) in a text editor and add the following lines to the file, after the initial <?php PHP tag:
      define( 'AWS_ACCESS_KEY_ID', 'XXXX');
      define( 'AWS_SECRET_ACCESS_KEY', 'XXXX');
      

      Remember to replace the XXXX placeholder in the above lines with your actual AWS access key and secret key.

      wordpress-s3-1.png

    • Save the file.

    Next:

    • Log in to your WordPress blog as an administrator.
    • Select the "AWS -> S3 and Cloudfront" menu item.
    • On the resulting page, create a new S3 bucket to store your WordPress media files by entering a unique bucket name and hitting the "Create" button. You can also choose an existing bucket if you prefer.

      wordpress-s3-2.png

    • Once the bucket has been created, you'll be transferred to a page where you can configure plugin behaviour. Ensure that the "Copy Files to S3" and "Rewrite File URLs" options are turned on. Other settings can be left at their default values or modified per your preference.

      wordpress-s3-3.png

    • Click "Save Changes" to save your settings.

    You can now add pages and posts to WordPress as normal. When you add a media file using the WordPress editor or media library, your media file will be uploaded to both the WordPress blog and the chosen S3 bucket.

    The Amazon S3 and CloudFront plugin will automatically rewrite URLs so that the media is served from S3 instead of from your WordPress host. In the screenshot below, refer to the browser status bar, which shows the S3 bucket URL for the image.

    wordpress-s3-4.png

    How to transfer the WordPress database to Amazon Web Services?

    Refer to this guide for detailed instructions on transferring your WordPress database to Amazon RDS

    Multisite Support

    You can now find a Bitnami WordPress Multisite Stack already configured at http://bitnami.com/stack/wordpress. If you are using it, check the configuration guide at /Applications/Bitnami_WordPress_Multisite.
     
    If you are using the standard Bitnami Wordpress Stack check this if you want to manually enable multisite feature.

    Comments

    You must login to post a comment.

    Attach file

    Attachments

    FileSizeDateAttached by 
     image1.png
    No description
    7.48 kB07:58, 9 Feb 2015vikramActions
     image2.png
    No description
    56.67 kB07:55, 9 Feb 2015vikramActions
     result.png
    No description
    44.08 kB07:28, 16 Jun 2011josueActions
     Screen Shot 2014-10-23 at 3.16.45 PM.png
    Codeable Ad Small
    54.25 kB22:46, 24 Oct 2014adnanActions
     Screen Shot 2014-10-24 at 3.43.48 PM.png
    Codeable ad
    22 kB22:44, 24 Oct 2014adnanActions
     Screen Shot 2016-01-12 at 17.50.11.png
    No description
    323.55 kB16:59, 12 Jan 2016tomasActions
     Screen Shot 2016-01-12 at 17.56.15.png
    No description
    112.97 kB17:01, 12 Jan 2016tomasActions
     Screen Shot 2016-01-12 at 17.57.06.png
    No description
    83.32 kB16:57, 12 Jan 2016tomasActions
    Screen Shot 2016-05-13 at 10.36.59 AM.png
    No description
    215.88 kB08:48, 13 May 2016jorgeActions
     Screenshot-1.png
    No description
    135.35 kB11:30, 16 Jun 2011josueActions
     step 04.png
    No description
    163.08 kB07:28, 16 Jun 2011josueActions
     step 05.png
    No description
    138.3 kB07:28, 16 Jun 2011josueActions
     Step 1.png
    No description
    18.62 kB07:28, 16 Jun 2011josueActions
     step 2.png
    No description
    51.02 kB07:28, 16 Jun 2011josueActions
     step 7.png
    No description
    7.9 kB07:28, 16 Jun 2011josueActions
     wordpress-s3-1.png
    No description
    120.67 kB13:15, 7 Jul 2015vikramActions
     wordpress-s3-2.png
    No description
    116.75 kB13:16, 7 Jul 2015vikramActions
     wordpress-s3-3.png
    No description
    116.75 kB13:16, 7 Jul 2015vikramActions
     wordpress-s3-4.png
    No description
    282.16 kB13:17, 7 Jul 2015vikramActions
     wordpress_ftp.png
    wordpress_ftp
    23.86 kB13:09, 6 Oct 2011AdminActions
     wordpress_smtp.png
    wordpress_smtp
    34.74 kB13:29, 6 Oct 2011AdminActions
     wp-mig.png
    No description
    31.64 kB08:53, 24 Sep 2014davidasceActions