Categories
Uncategorized

How to move WordPress to another Server

My friend’s 1 year free tier from AWS just expired. Instead of paying for the subscription, she ask if she can move her WordPress blog to my EC2 server.

I don’t get a lot of traffics on my server, thus hosting another WordPress should be fine.

Backing up WordPress

WordPress is basically a bunch of files and a database. Backing up all the files and database, transferring them to the new server, then we should be good.

Backup Database

WordPress recommend using phpMyAdmin to do this. But I decided to use mysqldump, which should be installed in Ubuntu LAMP server already.

# mysqldump Usage
mysqldump [OPTIONS] database [tables]
mysqldump [OPTIONS] --databases [OPTIONS] DB1 [DB2 DB3...]
mysqldump [OPTIONS] --all-databases [OPTIONS]

As you can see, you need to know your WordPress database name to back it up. My database name is just wordpress, so I ssh to my server and ran:

mysqldump wordpress > wordpress.sql

This creates a wordpress.sql file in the current working directory.

Backup WordPress Files

I installed my WordPress on /var/www/wordpress, so this is the folder I need to backup.

# Mind the dot at the end
tar -zcvf wordpress-backup.tar.gz -C /var/www/wordpress .

This will create a wordpress-backup.tar.gz file that contains all the WordPress file in the current working directory.

Download the Backups

To download the backup files, we need to use SFTP to connect to the EC2 instance. I used Cyberduck, it’s free and easy to use.

Since EC2 uses public key authentication, we need to check the Use Public Key Authentication checkbox at the bottom, then select your instance’s .pem file. Username should be ubuntu if you setup your EC2 using the Ubuntu 14.04 image.

cyberduck

After you connect, simply locate the wordpress.sql and wordpress.tar.gz file and download them to your computer.

Moving to New Server

Using Cyberduck and SFTP, connect to your new server and upload the 2 backup files. The procedure is very similar to how we download the backup files. Just change the server address and .pem file.

Then ssh to your new server.

Restore the Database

We will use mysql to restore the database, but before we do that, we need to create a new empty database.

Login to mysql using:

mysql -u root -p

You will be asked for your MySQL database password.

In the mysql command prompt, we then run:

# you should choose a better database name than wordpress2
CREATE DATABASE wordpress2;

This will be where we save the restored database.
Then we need to create a new user for the restored WordPress, so it can access this database.

# create a new user
CREATE USER [email protected] identified by 'password';

# give the new user access to wordpress2 database
GRANT ALL PRIVILEGES ON wordpress2.* TO [email protected];

# make sure the changes take effect
FLUSH PRIVILEGES;

# exit mysql prompt
exit;

Be sure to match your database name with the one you created in the previous step, and choose a better password.

Now we can restore the database using:

mysql wordpress2 < wordpress.sql

Restore the Files

First, uncompress the wordpress.tar.gz file we uploaded using:

tar -xvzf community_images.tar.gz

This will create the same folder in the current working directory as the one you compressed previously.

If this folder is not in the /var/www/ directory, use the mv command to move it there.

You should also run:

sudo chown -R www-data:www-data /var/www

In case the uncompressed folder has a different ownership.

Add a Virtual Host

Depends how your server is setup, you need to update your apache or Ngnix so it recognizes the newly added WordPress blog. I’m using apache, and this is what I did:

# cd to the vhost config directory
cd /etc/apache2/sites-available

# copy my wordpress's config file for the new wordpress
cp my-wordpress.conf new-wordpress.conf

# edit the new-wordpress.conf
vim new-wordpress.conf

I modified 4 rows in new-wordpress.conf:

// new-wordpress.conf

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName domain-of-my-friends-wordpress.com
    ServerAlias www.domain-of-my-friends-wordpress.com
    DocumentRoot /var/www/wordpress2
    ...

Then reload apache:

sudo service apache2 reload

Change DNS of the domain

You now need to update your DNS with the IP address of the new server. Depends on which domain registrar, you will use different tools. Simply updating the IP address value in the A record to the IP address of the new server should do the job.

See the Result

Wait for your DNS to update, then enter the domain in your browser. You should see the same WordPress site like nothing have changed!

Categories
Tutorial

WordPress xmlrpc.php attack

Recently, one of my WordPress website has been attacked by thousands of request to the xmlrpc.php file. The attacks came from multiple ip address. Here is my apache access log(/var/apache2/access.log):

62.141.35.242 - - [15/May/2016:21:05:38 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
188.120.41.8 - - [15/May/2016:21:05:44 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:39 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
188.120.41.8 - - [15/May/2016:21:05:54 +0800] "POST /xmlrpc.php HTTP/1.1" 200 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
188.120.41.8 - - [15/May/2016:21:05:35 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:39 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:41 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:37 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:39 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:43 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"

These attacks come and go, and they had took down my site several times over the last few months. I did some google and found out that this kind of attack has been around for a while. It attempts to use the xmlrpc.php file to brute force WordPress logins.

Solution

Block IPs with ufw

Most ubuntu server has ufw installed, it can be used to block specific ip address from accessing the server.

I run the following command(reference) to get a list of attacker’s ip addresses:

$ grep xmlrpc /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -rn | head

// results
6039 62.141.35.242
1566 154.16.63.40
1411 188.120.41.8
 248 195.2.252.132

Those numbers in front of IPs are the number of times each ip requested the xmlrpc.php file.

Then for each of the IP address, I used the following command to block them using ufw:

sudo ufw deny from 62.141.35.242 // replace with your attacker's ip address

I then ran the list attacker command a few more times after I blocked all IPs. Unfortunately, the access count is still increasing. There seems to be a problem with iptables on Ubuntu, but I couldn’t find a solution. So I tried another method to deal with these attacks.

Modifying Apache Virtual Host Config

Which is adding the following:

<VirtualHost>
…    
    <files xmlrpc.php>
      order allow,deny
      deny from all
    </files>
</VirtualHost>

to your WordPress apache virtual host config file.
My config file is the standard

/etc/apache2/sites-available/000-default.conf

Modifying this file will not block the attacker’s request, but reduce the amount of resources the request consumes on your server.

After I reload the apache with

sudo services apache2 restart

I was able to access my WordPress website again.

Categories
Uncategorized

Typora – minimalistic markdown editor review

A little review to my favourite Markdown editor, Typora.

I read about Markdown 3 years ago when I was starting this blog. I was looking at the “Markdown Support” option in JetPack, a plugin of WordPress. I wondered what Markdown is and investigated it. No too long until I found its origin along with the Apple-centric blog.

Markdown allows you to write using an easy-to-read, easy-to-write plain text format

I enjoyed writing using Markdown since I discovered it, and I have always been looking for a better Markdown editor. I have tried Mou, MacDown, Byword and many more, but I have yet to find one that I truly love.

Until few months ago, I found Typora.

Typora is a truly minimalistic Markdown Editor. Not like the other editors, Typora doesn’t separate the markdown syntax from the live preview, the two are combined into one editor. As you type, your markdown syntax will be transformed to the actual preview, like a WYSIWYG editor.

Typora offers many other power features that let you take more advantage in using markdown. The one I use the most is the Table feature. Just fill in the row and column size in the popup window, and Typora will generate the table as you wanted. So you don’t need to bother with the crazy table syntax.

Markdown Syntax of table...

Markdown | Less | Pretty
--- | --- | ---
*Still* | `renders` | **nicely**
1 | 2 | 3

Table

Another feature I use all the time is the Table of Content. As the name suggested, it generates a ToC for you base on your current writing. Obviously, clicking on the links will direct you to the corresponding section.

Table of Content Feature

Last but not least, my favourite function, Themes! Typora uses CSS to theme it’s editor and all the built-in themes are all so beautiful, I am not even kidding.

Typora is currently on beta, and it’s free during beta! So give it a try and tell me what you think!