Millions of WordPress sites have been left vulnerable by a scripting flaw found in two popular plugins, one of which is present in the default installation of the blogging platform, reports Computer World.The two plugins are JetPack and Twenty Fifteen, the first of which is a customization and performance tool, and the latter is a theme designed to allow infinite scrolling. Twenty Fifteen is installed into new WordPress sites as a default, multiplying the number of potential targets.
Read on, source: Millions of WordPress sites left vulnerable by plugin flaw
Read on, source: WordPress patches critical XSS vulnerability – Security – News – iTnews.com.au
So, today I had decided to try out TurnKey linux to run my wordpress instead of the traditional ubuntu + all the manual components to a simple, out of the box solution that could be run as a virtual machine with a readily prepped linux environment.
Getting the machine going is a breeze, a quick tutorial may be found here:
About 5 minutes – pretty straight forward to setup.
Seeing this blogpost is going to be hindsight for me and informative for you, I would also recommend using VMWare Workstation for the snapshots, I took one once I had a clean VM with all the patches and such.
If you have only been needing a clean install, you can stop reading here but if your are upgrading, the following steps will save you a bit of googling.
First of all you will need to export your original posts which can be found from your tools > export of your original worpress.org site.
Next up, we will assume you have already gotten your site up and running if you followed the guide above because you will need to re-import it into your new site. This you will do after logging into your new wp-admin. Below are a few considerations which should be tackled in the following order:
- Login – and create yourself a new user – this user will be used to take ownership of your posts in your NEW blog.
- When importing, WP will ask you to download a the WordPress importer; do it!
- Once imported you will need to alter your wp-config.php, please also note the location and how I modified it.
Turnkey offers a nice/lazy way of editing your config files. This can be found at https://wp-ip-address:12321 then navigate to your Tools then File manager.
Modify the following few fields withing the php file.
- Ok, we are halfway there. Now to change two fields into on your database, logon to your php myadmin using https://wp-ip-address:12321, select your wordpress database from your drag-down box. and open your wp_options table. Here you will need to change two fields; home AND site url to incorporate reflect your new site.
- Probably the most important issue I have faced is getting the <a href> of the pictures pointing towards the external facing site and not the internal ip address of the server. to address that, a little hunting around gave me the following SQL query I ran on the website instead of doing it manually.
You can tun the following update by clicking on SQL on your MyPHP:
UPDATE wp_posts set post_content=REPLACE(post_content, ‘192.168.2.225/’, ‘www.georgeene.com/’)
And – Voila and welcome to your new wordpress block running on next to no resources and is FAST given the apace + debian back-end.