Category: WordPress

AWS Lightsail Bitnami Let’s Encrypt Certificate Renewal

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-bitnami-renew-ssl-certificate/

To renew your Let’s Encrypt certificate on a Bitnami LightSail WordPress instance:

  • SSH into the instance and follow these steps.
  • Review the reference listed above as a guide, before continuing.
  • Note: The steps below are used if the bncert-tool or Lego provided by Bitnami was used to request the certificate.
  • Replace <DOMAIN> with your domain name.
  • Replace <EMAIL> with your email address.
sudo grep -irl "$(openssl s_client -verify_quiet -showcerts -connect <DOMAIN>:443 2>/dev/null | sed -n '/BEGIN/,/END/{p;/END/q}' | head -n 3 | tail -n 2)" /opt/bitnami/letsencrypt /etc/letsencrypt

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt list

sudo /opt/bitnami/ctlscript.sh stop

sudo /opt/bitnami/letsencrypt/lego --tls --email="<EMAIL>" --domains="<DOMAIN>" --path="/opt/bitnami/letsencrypt" renew --days 90

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt list

sudo /opt/bitnami/ctlscript.sh start

Sneaky Hackers: How I Fixed the xmlrpc.php Problem

References:

Recently I noticed a flood of xmlrpc.php POSTs in my Apache access_log for a new WordPress site just deployed, using a Bitnami image on AWS Lightsail. Basically it was flooding the site a few times every second! Eventually it gets overloaded and shuts down Apache.

xmlrpc access log
xmlrpc access log

After doing a bit of research, aka… I checked Google, I learned this is a known problem. In a nutshell, hackers can use xmlrpc.php for botnets, brute force attacks, etc. Although there is some value with xmlrpc.php within WordPress (pingbacks, etc), I was not using that functionality.

I addressed the issue with the iThemes Security plugin. Easy to install and configure, it only took a few minutes to make the site much more secure, including two-factor authentication, brute-force login attempt lockout, etc.

iThemes Security
iThemes Security

For the xmlrpc issue, be sure to go into Settings -> Advanced -> API Access – XML-RPC – select Disable XML-RPC, and also for REST-API -> select Restricted Access.

Disable XML-RPC
Disable XML-RPC

Within only a couple days, the plugin has already locked out a few bad IPs attempting brute force attacks. No problems with the XMLRPC floods since, fingers crossed.

Setup WordPress on AWS Lightsail

This post will detail my notes from the steps I used for a new project to get WordPress up and running on AWS Lightsail.

References:

Purchase the Domain Name using Route53

Every great project must start with a new domain name… I will use AWS Route53.

  1. Log into the AWS Console.
  2. Navigate to the Route 53 service.
  3. Check for and Register domain.
  1. Find the perfect domain name, check availability, and purchase.
  2. It can take a bit for the request to be processed, up to 3 days, but normally it is fairly quick. Be sure to confirm the email, which validates your email address.
  3. Now that you have your new domain name, you are fully committed to completing the project!

Deploy the Lightsail Instance

  1. On the AWS console, navigate to the Lightsail service.
  2. Click Create Instance
  3. Select defaults platform: Linux/Unix, and blueprint: WordPress
    • This will install the WordPress Certified by Bitnami and Automattic 5.9.2-3 (at the time of this post) configuration.
  4. Change SSH key pair, or use the default suggested.
  5. Choose the instance plan. The smallest is sufficient for a lightly used site ($3.50 / month, 512 MB, 1 vCPU, 20 GB SSD, 1 TB Transfer).
  6. Identify your instance: Select an instance name
  7. Add any tags if desired.
  8. Click Create instance.

Create a Static IP

  1. Select the option to Add a Static IP, otherwise your public IP address will change when the instance is stopped / started.
  2. Attach the Static IP to your new instance.

Point Domain Name to the Static IP

  1. In Route 53, select the hosted zone for your new domain name.
  2. Click Create record.
    1. Record name – add a www prefix, for example, if desired.
    2. Record type – A record (default)
    3. Value – paste in the public IP address for your Elastic IP
    4. TTL seconds – 300 (default)
    5. Routing policy – Simple Routing (default)
    6. Click Create record.
  3. Create additional A records for other prefixes, for example: www or blog, if needed.
  4. It will take a moment for the records to propagate and become active.

Connect to your Instance

  1. Connect to your instance using ssh with the key saved earlier, or use the console to connect. The user name is bitnami. The example below is connecting from a linux bash shell.
chmod 400 your-lightsail-key.pem
ssh -i your-lightsail-key.pem bitnami@your-static-ip
  1. When first logging in, a message was displayed that locales were not installed.
sudo apt-get install locales-all

Set up Encryption

We will be using Let’s Encrypt to serve your website using HTTPS.

sudo /opt/bintami/bncert-tool

Adjustments to wp-config.php

sudo vi /opt/bitnami/wp-config.php

#Change the WP_SITEURL and WP_HOME to reflect your domain name with https.

Adjustments to php.ini

sudo vi /opt/bitnami/php/etc/php.ini

# Change the:
# upload_max_filesize = 150M
# post_max_size = 150M

# Increase (if desired...
# I left it at the default 30 without any issue so far)
# max_execution_time = 300

Get the bitnami user password

cd
cat bitnami_application_password

Sign in to your site

  1. Open a browser tab to your domain-name, you should now connect to your site, and see the WordPress login screen.
  2. Login using the username: user, password: bitnami_application_password obtained above.

Create a Snapshot of your site

  1. Return to the AWS Lightsail console
  2. Select the new instance
  3. Select the Snapshots tab.
  4. Click + Create snapshot, provide a name, click Create.
  5. While in the snapshots page, slide the switch to enable Automatic snapshots, if desired.

Complete WordPress Configuration

  1. Return to your website on your browser.
  2. If desired, add a new username with Administration rights, login with it to continue your work (the bitnami provided user can then be removed).
  3. Complete the WordPress configuration as normal. For example, configure themes, pages, posts, appearance, etc.

Good luck! I found the references at the top of this post to be helpful.

Quick PHP Variable Substitution Example

Here is a quick example of PHP variable substitution:

<?php echo 2 + 2;
  $myname = 'Perry';
?>
		
<h1>This page is all about <?php echo $myname ?></h1>
<?php echo 5 * 5 ?>
<h2>All About <?php echo $myname ?></h2>

The above code snippet assigns ‘Perry’ to the variable $myname, and then uses that variable in the h1 and h2 heading lines.

Adding a Search Icon to your WordPress Menu

Ivory Search Plugin
Ivory Search Plugin

For a simple way to add a search button to your WordPress menu, use the Ivory Search plugin. It provides all sorts of controls, including the “Sliding” option which I selected.

Here’s a great article on adding search, and the options to do so either through a plugin or custom PHP code.

Easy Changing the Favicon Icon in WordPress

The site favicon can be easily changed in WordPress. The favicon is the site icon shown in the browser tab, bookmarks, etc.

Create a Favicon

The favicon should be a PNG file, which is a 512 x 512 size for WordPress. You can create this using software such as Photoshop, or if you are looking for something simple, use a Favicon Generator. With favicon.io, which I used, it is very easy.

  1. Go to their website.
  2. Select the Text -> ICO option (the second one… they also do image and emoji).
  3. Type in your text, select font, colors, size, etc. until you get it the way you like.
  1. Download the zip file, extract the zip.
  2. They provide output in a number of sizes, for WordPress the file android-chrome-512×512.png will work well.

Install the Favicon

On my version of WordPress this procedure worked.

  1. Select Dashboard -> Appearance -> Customize -> Site Identity
  2. At the bottom of the menu on the left, there is an option to upload the icon, or change it.
  3. Upload the 512×512 sized icon from above.
  4. Click Publish. Should be all set!

A helpful blog article on this can be found from wordpress.com here, however I did find that the menu location for the upload was different with my site’s theme and version.

WordPress Site Migration Issue with Max Upload Size

I ran into an issue when attempting to migrate a WordPress site from local to a new AWS Lightsail instance using the popular All-in-One WP Migration plugin.

Normally this plugin works great… use it to perform the usual Export and then Upload / Import it onto the new site. This time, not so much.

Continue reading “WordPress Site Migration Issue with Max Upload Size”

Displaying a Caption on a Featured Image in WordPress

Some themes in WordPress do not display the caption on the Featured Image.

This can be easily added with the FSM Custom Featured Image Caption plugin.

Continue reading “Displaying a Caption on a Featured Image in WordPress”