Tag Archives: wordpress

Get the right IP

Get the right IP

Was currently taking part in moving a WordPress site with a single webserver into a AWS Virtual Private cloud using an ELB to loadbalance multiple webservers.  Ran into an issue where IPs were not being grabbed properly and provided to the WordPress control panel for comment moderation.  I have already enabled the X-FORWARDED-FOR header in apache and wanted WordPress to capture this rather than the VPC IPs.

 

https://www.benjaminwiedmann.net/wordpress-behind-reverse-proxy-fix-wrong-ip-insert-x-forwarded-for-ip.html

Placing the following in my wp-config.php made it possible to get the real IP via this header so we can better moderate without requiring registration.  It’s a hack, but it’s a useful one.

// ** bw 2012-08-12 wordpress reverse proxy x-forwarded-for ip fix ** //
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  $xffaddrs = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
  $_SERVER['REMOTE_ADDR'] = $xffaddrs[0];
 }
Advertisements
Tagged , ,

why i am looking forward to using git more.

today i had to upgrade a wordpress blog with changes from an outside developer.  my current place of employment doesn’t really use much in the way of revision control and automated deployment.

here’s how the changes went today:

outside developer let’s me know that they have completed changes in their development environment via basecamp.

i send a tarball of the docroot along with a dump of the SQL db to basecamp.

they apply their changes to the docroot and db, upload them to basecamp.

download these new files to my local computer, then scp them to the server.  

i backup the old docroot and db, then rsync the changes from the tarballed docroot.  then i drop and reimport the new db.

that’s a lot of steps to be honest, if we used a centralized repository we could have really simplified this to the developer pushing their committed changes along with a db dump.  i could have pulled the changes with git and then imported the database.

i probably should have demanded some form of revision and deployment method earlier in the process, but to be honest i was not part of the contractual discussions between the developer (which also acts as a marketing company) and my employer.  that’s where the third wall sometimes has to be respected.  there are decisions at times that are made that are outside of the scope of what the sysadmin can do simply because project managers cannot think deeply enough about how to easily implement a new piece of code their developers create.

 

Tagged , , , , , ,

wordfence

securing wordpress is getting more and more important lately.  finding a decent plugin that monitors your posts, codex and versions of software is pretty helpful.  i found http://www.wordfence.com around the time i first got heavily involved with wordpress administration.

so today i got an emailed error from wordfence about one of my posts:

* Post contains a suspected malware URL: Blah blah blah I am not saying what the real post is called.

So let’s log in and see what the software says, it’s right there in the wordpress admin dashboard.

This post contains a suspected malware URL listed on Google’s list of malware sites. The URL is: http://blahblahblahnottellin.blah – More info available a Google Safe Browsing Page.

ok so the post itself is fine, but whomever we are linking to probably got something injected, or at the least has a page on the url that google no likey.

i am going to review the google page, then probably reach out to the third party provider and tell them to clean their crap up.

another cool aspect of wordfence is the live traffic scanning.  if you see a remote user being naughty (probably a bot) you can ban it right from the wordfence area in wordpress.

Tagged , ,
Advertisements