Following on from my previous post about securing Squirrelmail, I found that WordPress can be forced to use https for login and admin tasks quite easily. Just edit your wp-config.php file and add define('FORCE_SSL_LOGIN', true); or define('FORCE_SSL_ADMIN', true); somewhere before the warning at the end of the file. The former option will just use https to transmit your login details. The latter will force all access to the admin pages to be secured. According to the WordPress documentation, https can be slow, that’s why you might not want it to be enabled for the whole session.
You are currently browsing the archives for the WordPress category.
WordPress is updated every few months. That’s good. But it’s a nuisance to go through the manual update every time. WordPress can update itself via the web admin interface but it needs a few tweaks. Without these changes, you will see a form asking for details of an FTP server. These are not required, they are just a sign that the web update method didn’t work and that FTP is available as a fallback (presumably for shared hosting where FTP is the only way to upload files).
- The WordPress directory must be writable (or owned?) by the user running the webserver.
- The proxy server must be configured in
wp-config.php.
In our case we need:define('WP_PROXY_HOST', 'wwwcache.lancs.ac.uk'); define('WP_PROXY_PORT', '8080'); define('WP_USEPROXY','TRUE'); - I’ve changed the permissions so my user’s group can write all files and directories, and the SUID and SGID bits are set on all directories in the hope that if I create any files manually, they will have the right permissions and not break the updates. There may well be some security considerations which I’ve neglected.
By default the Akismet spam filter for WordPress won’t work behind a proxy because it needs to talk to the Akismet servers.
EDIT: The solution proposed below is now obsolete. WordPress 3.1 and greater provide configuration options for a web proxy. Unfortunately Akismet still doesn’t use these options so you still need to edit a file. Please follow the instructions from Tall Paul’s blog.
Just found this SyntaxHighlighter Evolved plugin for WordPress. Great for posting code in all sorts of languages. Lines can be numbered. The whole block can easily be copied and saved to a file for visitors who wish to try it out.
After installing WordPress I noticed the links weren’t working. To get permalinks (pretty links) to work with Apache you need to have mod_rewrite enabled and configured in a .htaccess file. WordPress can add the right lines but only if it has write access to the file. I did the following.
% cd blog % touch .htaccess % su % chgrp webfiles .htaccess % chmod 664 .htaccess
Then go back to the WordPress admin page, change and save the permalink options again. The .htaccess will be modified as required. This is all explained in the WordPress documentation.