Live Blog

The original Live Blog is at https://wpguide.io/live-blog I will be migrating content over slowly.

Redis Memory Usage When Restarting

You might receive false positives from your monitor software (monit, netdata) about about redis taking up double the amount of memory it has been configured with. [EST Jan 9 14:25:01] warning : ‘redis-server’ total mem amount of 3.3 GB matches resource limit [total mem amount > 1.7 GB] Looking further reveals that two redis-server processes are spawned at some point. Digging further it looks like when Redis is saving to rdb it’s spawning a second process which stays alive enough for monit to complain. 311844:M 09 Jan 2023 14:25:00.019 * 10 changes in 300 seconds. Saving… 311844:M 09 Jan 2023…
Read More

Dealing with Redirect Loop or Wrong Site Redirect with Cloudflare

Introduction From time to time, you might find yourself in a place where you have added a new site to your server, and it’s stuck in a redirect loop or redirecting to another domain on your server. Cloudflare “SSL/TLS encryption mode” setting When adding a new domain to Cloudflare, it needs to generate an SSL Certificate and set a default method for how it will reach your new site. There is a setting for how Cloudflare will connect to your site, it’s the “SSL/TLS encryption mode” setting and will usually be set to Flexiable. As shown below Here’s the definition…
Read More

Google Cloud and Hetzner Connectivity Issues (GridPane Specifics)

Attention This article was written on 03-27-2024, the issue is now resolved. Why can’t Google Cloud reach my Hetzner Server? At this time it’s unknown, it has been suggested that this is related to a Google Cloud blacklist. It hasn’t been confirmed from Google Cloud specifically. What’s the actual issue? Traffic from Google Cloud fails to some Hetzner IP addresses fails, the following has been confirmed. Not all Hetzner IP’s are affected, only a select few within their 5.161.0.0/16 netblock. The issue was confirmed using Google Cloud network range 35.224.0.0/12 Traffic leaves Google Cloud and reaches Hetzner. Traffic from Hetzner…
Read More

Question – DNS CNAME’s, CNAME Flattening, and Cloudflare How does it work?

Question This question was on Facebook, and it’s needed a blog post 🙂 This is about CNAME flattening and references this Gridpane KB. https://gridpane.com/kb/dns-management-and-cnames/ This question is not GP specific so thought to try here instead of the GP forum. In the example given above, CNAME at the client DNS ultimately points to clientname.yourdomain.com. This makes sense and works. Now I want to set this up for a subdomain. To get a subdomain (ie.subdomain.clientdomain.com) to point to a GP server, is this the way to set things up? At client DNS, setup CNAME = subdomain and point it to clientname.yourdomain.com…
Read More

Get the size of a Single MySQL Database or All MySQL Database Sizes on a Server

Getting Single MySQL Database Size This is the command I use to get a single database size in MySQL: replace <DATABASE_NAME> with the database you wish to check. mysql -e “SELECT table_schema AS \”Database\”, ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS \”Size (MB)\” FROM information_schema.TABLES WHERE table_schema = \”<DATABASE_NAME>\” GROUP BY table_schema;” Getting Entire Server MySQL Database Size The following command will provide you with a list of databases and their sizes as well as a total. mysql -e ” SELECT * FROM ( SELECT table_schema AS ‘Database’, ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS ‘Size…
Read More

Stopping WordPress Comment Spam when using WP Discourse

Introduction When using the WP Discourse plugin on your WordPress site, you need to ensure that comments are enabled as the WP Discourse plugin will hook into all of the portions of the WordPress comment system. Unfortunately this causes the endpoint for comment posting wp-comments-post.php to still be active and accepting of requests, which bots will eventually use to try and post comments. Solutions 1 – WP Discourse There isn’t a solution within the WP Discourse plugin to block these requests. 2 – Code Snippet to Block wp-comments-post.php You can use the following code snippet to block the requests, I’ve…
Read More

rtCamp Nginx Helper Plugin Security Vulnerability

Introduction If you haven’t heard already, the Nginx Helper Plugin by rtCamp has an unpublished security vulnerability. Here’s the listing from patchstack. Patchstack Report WordPress Nginx Helper pluginpatchstack.com There is an issue currently on the Github repository owned by rtCamp Great Plugin! Please issue a security fix! · Issue #315 · rtCamp/nginx-helper · GitHubhttps://patchstack.com/database/vulnerability/nginx-helper/wordpress-nginx-helper-plugin-2-2-3-sensitive-data-exposure-vulnerabilitygithub.com Hopefully it get’s patched soon. Update #1 After talking with Oliver Sid, he had the following to say. During this time the report had been taken down. It looks like it was disputed by rtCamp and therefore a decision was made to remove it. It was…
Read More

Using Cloudflare Proxied SSL Certificates without using the GridPane Cloudflare Integration and Generating Self Signed Certificates

Introduction This article tackles using Cloudflare Proxied SSL Certificates with GridPane when not using the GridPane Cloudflare integration for automatically generating SSL Certificates using Lets Encrypt. If you’re having issues with SSL the using the Why No Padlock website is super helpful. Why No Padlock?Why No Padlock? – Why is my SSL web page insecure? Find the culprit!whynopadlock.com Understanding SSL Certificates and Server Configurations What are Self-Signed SSL Certificates and are they Secure? Self-signed SSL certificates and those issued by a trusted Certificate Authority (CA) are technically similar in terms of their creation and function. The key difference lies in…
Read More

Cyberpanel Security Issue – Default Password During Setup

Introduction There was a post on Facebook that was brought to my attention. The user was seeing a high cpu load on his server from a process that wasn’t a normal process name, it was concluded that their server had been hacked and was now either attack other websites or mining crypto. The user had installed Cyberpanel and choose the default password method during the setup, and most likely an automated scan found their Cyberpanel instance on port 7080 and was able to login using the default login. Why are default passwords a problem? Well, CISA says that hardware and…
Read More

Monitoring CPU Steal using Monit

Why is monitoring CPU Steal important? What is CPU Steal? CPU steal time refers to the proportion of time that a virtual CPU on a cloud server is forced to wait for a physical CPU to become available for processing. This metric is significant in understanding the performance of virtual environments. There are two instances where CPU Steal will occur, when there is an unbalanced overcommit ratio and when a noisy neighbours instance occurs. What is an overcommit ratio? The “overcommit ratio” is a concept that refers to the practice of allocating more virtual resources than the actual physical resources…
Read More

Using Visual Studio Code Remote SSH with GridPane’s Chroot SSH System User

Introduction When using GridPane, you have the option of using sftp or SSH with your websites system user. A system user can hold one or multiple websites including staging sites. Once ssh enabled, you’re put into what is called a chrooted shell, with limited access to the system and commands. This becomes problematic if you want to use Visual Studio code and Remote SSH This live blog will go through the process of trying to get it to work, fingers crossed. Install some Packages cd /home/systemuser cp /usr/bin/{date,uname,flock,sleep,scp} .
Read More

Updating WordPress Page Error “Updating Failed. The response is not a Valid JSON Response”

WordPress Error “Not a Valid JSON Response” The “Updating Failed. The response is not a Valid JSON Response” error from within the WordPress Guttenberg Editor could be the result of a number of issues. If you do some googling, there’s lots of information and ideas on how to rectify the error. PHP Composer and Wrong PHP Version In the case I had, the issue was related to a custom WordPress theme using composer and requiring PHP 8.x but the site infact operating on PHP 7.4 Simple fix, change the PHP version to PHP 8.x on the sites hosting control panel.
Read More

Fixing Multisite Error “Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”

The following error sometimes presents itself when trying to login to the subsite of a WordPress multisite. ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress. Add the following to your wp-config.php or user-configs.php if you’re on GridPane define(‘ADMIN_COOKIE_PATH’, ‘/’); define(‘COOKIE_DOMAIN’, ”); define(‘COOKIEPATH’, ”); define(‘SITECOOKIEPATH’, ”); Some people have reported that the following will also work define( ‘COOKIE_DOMAIN’, $_SERVER[‘HTTP_HOST’] );
Read More

Vultr vs Hetzner | Faster Cores or More Cores?

Until now I have been provisioning VultrHF servers, as Ubuntu 22 wasn’t available yet on custom servers, but now they are, so I was curious about Hetzner servers. I wanted to know how much server I could get for around $6.1 vCPU/1GB VultrHF is $6/month2vCPU/2GB Hetzner CPX11 costs €4,35 per month. Disclaimer: I am a total load testing n00b. I did a loader.io 1 test for both websites and the differences were quite big. Double the number of response counts, half the avarage load time for Hetzner. So, is this due to double the RAM? Double the CPU count?Are more (Hetzner) cores better…
Read More

Converting an Existing WordPress Site into a Static Site and Hosting it for Free

Any advice on the best, most secure way to put a WP website into “cold storage”? I have a client (an online magazine with lots and lots of posts/media) who is going to stop publishing new content, perhaps forever, definitely for the foreseeable future. But they want to keep the site around. Two Questions 1) Do you know of a great way to entirely convert a WP site to HTML, that is, keep the site up but remove WordPress entirely? I’ve used HTTrack a few times (a scraper) but was wondering if there’s an even better solution. I don’t think…
Read More

WP Time Capsule, Woo Credits, Ultimate Dashboard

WP Time Capsule Backup Reporting and Alerts Right now, there is an issue with how backup failures are reported. You get a single email when they fail, but not when they start working again nor do you get a report every week on the overall account status. To me, this isn’t really acceptable, there should be more monitoring for backups. They’re important. API There is no API and no plan for an API. This also makes it impossible to monitor your own backups. WooCredits I’ve been working on a project trying to get a credits system setup with WooCommerce subscriptions.…
Read More

Moving from WP Engine to GridPane, Don’t want to use Cloudflare, what’s an alternative?

I think I understand where you’re coming from. 1. You had no downtime with your current provider WP Engine and you want to replicate this same setup. 2. Your primary concern is replicating their firewall/load balancer setup. As you believe, this is what helped with uptime. 3. You don’t want to use Cloudflare. 4. You believe that bot traffic and targeted WordPress attacks being blocked helped keep your site online. Do you have a monitoring system in place? If you don’t, set one up that is multi-location. This should be your means of calculating your 99% uptime. You might be…
Read More

Cold, Warm and Hard Reboots with Virtual Instances (Vultr Example)

“Please keep in mind restarting your VPS instance through the portal is essential for making necessary adjustments to its definition on the hardware host node. This step becomes imperative when tasks such as unblocking SMTP, adding extra IPs, or engaging in similar activities.It’s important to note that restarting via the portal initiates a cold reboot, akin to turning off and on a computer. In contrast, restarting via the operating system only reboots the OS itself. To address the current issue, we kindly request that you perform a restart of this VPS instance via your control panel at http://my.vultr.com. Introduction Someone was…
Read More

AppSumo: Email Delivery – Self-Hosted Enterprise-Grade Email Platform

Introduction Thanks to Alexander van Aken for shooting me a message on Facebook about EmailDelivery.com, which is a Self-Hosted Enterprise Grade Email Platform for sending email campaigns. What is EmailDelivery.com? Appsumo sums it up perfectly. Now you can send emails using your own IPs for free, with unlimited delivery over multiple Email Service Providers (ESPs) and Mail Transfer Agents (MTAs). You can route email for optimal deliverability using sophisticated load balancing to improve your sender reputation. Set throttles for daily or hourly sending limits, automate IP warmups, and customize delivery for each customer using your ESP. Plus, you’ll be able to integrate with…
Read More

Bulk Create Discourse Threads from WordPress Posts

This site started using WordPress comments, then I moved the comments to Disqus, and then on to Discourse. Unfortunately, there is no bulk way to create topics for each WordPress post that existed before implementing the WordPress Discourse plugin. I found this thread on the Discourse forum. What I ended up doing was using the WP cli tool as follows $wp post update 396 398 402 {several more here} –tags_input=discourseBefore this I retrieved a list of row ID’s from the wp_posts table that had post_status = ‘publish’ and post_type = post I gave that list to the wp post command…
Read More
1 2