Skip to content

111 Recipes

Recources for CSS Grid

Published ·In Resources

How to block xmlrpc.php globally in Apache 2.4 with exceptions for specific sites

Published ·UPD ·In Recipes

This snippet for Apache 2.4 forbids access to xmlrpc.php by default and then adds exceptions for specific sites. The sites that get an exception are specified using the Directory directive.

# Forbid access to xmlrpc.php globally at server level
<Files "xmlrpc.php">
  Require all denied
</Files>

# Add exception for a site that needs XML-RPC
<Directory "/web/site-1/public">
  <Files "xmlrpc.php">
    Require all granted
  </Files>
</Directory>

# Add exception for a second site that needs XML-RPC
<Directory "/web/site-2/public">
  <Files "xmlrpc.php">
    Require all granted
  </Files>
</Directory>

Documentation: httpd.apache.org/docs/2.4/mod/core

WordPress CLI commands

Published ·UPD ·In Recipes

A selection of WP-CLI commands

Command Comment
$ sudo -u USERNAME -- wp COMMAND Runs COMMAND as user USERNAME
$ sudo wp cli update Updates WP-CLI itself
$ wp core update --version=VERSION --force Downgrades WordPress to specified VERSION (e.g., 5.0.2)
$ wp db cli Opens a MySQL console using credentials from wp-config.php
$ wp db export --add-drop-table Exports database adding DROP TABLE before each CREATE
$ wp media image-size Lists registered image sizes
$ wp media import *.png Adds all PNG files in current directory to the media library
$ wp media regenerate Regenerates thumbnails for one or more attachments
$ wp plugin list --status=active Lists all active plugins
$ wp plugin list --status=inactive Lists all inactive plugins
$ wp post delete 99 Deletes (to bin) post with ID 99
$ wp post delete $(wp post list --cat=9 --format=ids) Deletes (to bin) all posts in category with ID 9
$ wp post delete $(wp post list --post_status=trash --format=ids) Deletes all posts from the trash
$ wp post update $(wp post list --author=1 --format=ids) --post_author=2 Trasfers all entries by user with ID 1 to user with ID 2
$ wp post-type list Lists registered post types
$ wp search-replace 'a' 'b' --skip-columns=guid Replaces a with b in database skipping the guid column
$ wp term list category Lists categories
$ wp user list --orderby=ID Lists users ordered by ID

All available WP-CLI commands and subcommands: developer.wordpress.org/cli/commands

How to block HTTP/1.* requests to wp-login.php in Apache 2.4

Published ·UPD ·In Recipes
<Files "wp-login.php">
  <If "%{SERVER_PROTOCOL} == 'HTTP/1.1' || %{SERVER_PROTOCOL} == 'HTTP/1.0'">
    Require all denied
  </If>
</Files>

Blocking HTTP/1.0 and HTTP/1.1 requests to wp-login.php can be useful under two conditions:

  1. Pages are served via HTTP/2 (exclusively or preferentially)
  2. People are expected to log in via browsers that support HTTP/2: caniuse.com/#feat=http2

Custom error response

The rule above will of course block people with older browsers (for example, users of Internet Explorer on systems older than Windows 10). A custom error response can help in this case. Note that, in order to appear in Internet Explorer, the response must be at least 512 bytes.

How to add a custom response error to the rule:

<Files "wp-login.php">
  <If "%{SERVER_PROTOCOL} == 'HTTP/1.1' || %{SERVER_PROTOCOL} == 'HTTP/1.0'">
    Require all denied
    ErrorDocument 403 "\
      Forbidden: Logging in requires a newer browser.\
      <!--\
        PADDING FOR INTERNET EXPLORER\
        The purpose of this comment is to\
        increase the size of the response to at least 512 bytes.\
        By default Internet Explorer shows its own friendly message\
        if the response is smaller than 512 bytes.\
      -->\
    "
  </If>
</Files>

Debian manpages

Published ·UPD ·In Resources

Changelog

  • 2021-10-01. Added apt(8)
  • 2021-09-28. Added update-rc.d(8)
  • 2021-06-15. Added rg(1).
  • 2020-09-18. Added add-apt-repository(1).
  • 2020-08-23. Added autojump(1).
  • 2020-08-13. Added truncate(1).