Author: Chief Editor

Posted on

Initial Server Setup with Ubuntu

ubuntu-server-setup

Introduction
As part of the initial setup for a brand-new Ubuntu server, you should carry out a few crucial configuration tasks. These changes will improve your server’s security and usability and lay a strong foundation for further activities.

Step 1 — Logging in as root

log in now as the root user using the following command (substitute the highlighted portion of the command with your server’s public IP address

ssh root@your_server_ip

Accept the warning about host authenticity if it appears. If you are using password authentication, provide your root password to log in.

The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are discouraged from using it on a regular basis. This is because the root account is able to make very destructive changes, even by accident.

The next step is setting up a new user account with reduced privileges for day-to-day use.

Step 2 — Creating a New User

Once you are logged in as root, you’ll be able to add the new user account. In the future, we’ll log in with this new account instead of root.

This example creates a new user called john, but you should replace that with a username that you like:

adduser john

You will be asked a few questions, starting with the account password.

Enter a strong password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit ENTER in any field you wish to skip.

Step 3 — Granting Administrative Privileges
Now we have a new user account with regular account privileges. However, we may sometimes need to do administrative tasks.

To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as superuser or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before the command.

To add these privileges to our new user, we need to add the user to the sudo group.

usermod -aG sudo john

Step 4 — Setting Up a Basic Firewall
Ubuntu servers can use the UFW firewall to make sure only connections to certain services are allowed. We can set up a basic firewall using this application.

Applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.

You can see this by typing:

ufw app list
Output
Available applications:
  OpenSSH

We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:

ufw allow OpenSSH

Afterwards, we can enable the firewall by typing:

ufw enable

Type y and press ENTER to proceed. You can see that SSH connections are still allowed by typing:

ufw status

As the firewall is currently blocking all connections except for SSH, if you install and configure additional services, you will need to adjust the firewall settings to allow traffic in.

Step 5 — Enabling External Access for Your Regular User

Now that we have a regular user for daily use, we need to make sure we can SSH into the account directly.

If you logged in to your root account using a password, then password authentication is enabled for SSH. You can SSH to your new user account by opening up a new terminal session and using SSH with your new username:

ssh john@your_server_ip

After entering your regular user’s password, you will be logged in. Remember, if you need to run a command with administrative privileges, type sudo before it like this:

sudo command_to_run

You will be prompted for your regular user password when using sudo for the first time each session (and periodically afterwards).

Posted on

How to connect to a remote MySQL database using Linux terminal

MySQL is an open-source relational database management system (RDBMS).

connect remote mysqlIn this article we will connect to remote MySQL database in the simple way. After you setup a user with proper access rights run the below commands.

$ mysql -u yourUser -p -h

Lets explanation the above command:

-u tells mysql what is your username

-p tells mysql you have a password and will prompt you to enter it after you press enter

-h tells mysql the hostname or IP address of your MySQL server

You can learn more form MySQL database documentation

Posted on

How to Install PyCharm on Ubuntu 18.04

In this article we will learn How to Install PyCharm on Ubuntu 18.04.

PyCharm is a Python IDE for Professional Developers. You can use Professional or Free Community version.

install pycharm on ubuntu 18.04

PyCharm Features

Intelligent Coding Assistance
PyCharm provides smart code completion, code inspections, on-the-fly error highlighting and quick-fixes, along with automated code refactorings and rich navigation capabilities.

Built-in Developer Tools
PyCharm’s huge collection of tools out of the box includes an integrated debugger and test runner; Python profiler; a built-in terminal; integration with major VCS and built-in database tools; remote development capabilities with remote interpreters; an integrated ssh terminal; and integration with Docker and Vagrant.

Web Development
In addition to Python, PyCharm provides first-class support for various Python web development frameworks, specific template languages, JavaScript, CoffeeScript, TypeScript, HTML/CSS, AngularJS, Node.js, and more.

Scientific Tools
PyCharm integrates with IPython Notebook, has an interactive Python console, and supports Anaconda as well as multiple scientific packages including Matplotlib and NumPy.

System requirements:

    • Any 64-bit Linux distribution with Gnome, KDE, or Unity
    • 4 GB RAM minimum, 8 GB RAM recommended
    • 1.5 GB hard disk space + at least 1 GB for caches
    • 1024×768 minimum screen resolution
    • Python 2.7, or Python 3.5 or newer

Watch this video to learn how to install PyCharm on Ubuntu

Update all your system packages:

sudo apt-get update
sudo apt-get upgrade

Method-1: Direct Download

Go to PyCharm link to download for Ubuntu 18.04

Installation Instructions:
1. Copy the pycharm-2019.3.tar.gz to the desired installation location
(make sure you have rw permissions for that directory)

2. Unpack the pycharm-2019.3.tar.gz file to an empty directory using the following command: tar -xzf pycharm-2019.3.tar.gz

Note: A new instance MUST NOT be extracted over an existing one. The target folder must be empty

3. Run pycharm.sh from the bin subdirectory

Method-2: Install with Command line

sudo snap install [pycharm-professional|pycharm-community] --classic

If you want to use free version:

sudo snap install pycharm-community --classic

Successful Installation Message:

pycharm-community 2019.3 from jetbrains installed

Method-3: Install from Ubuntu Software

Step -1: Open Ubuntu software.

Step-2: Search “PyCharm”

Step-3: Click on “Install”

install pycharm on ubuntu 18.04

Learn how to install Atom on Ubuntu 18.04

Posted on

How To Install and Configure the OpenLiteSpeed Web Server on Ubuntu 18.04

install openlitespeed server on ubuntu 18.04

In this article, we’ll learn how to install and configure OpenLiteSpeed on an Ubuntu 18.04 server.

install openlitespped server ubuntu 18OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise. OpenLiteSpeed contains all of the essential features found in LiteSpeed Enterprise, and represents our commitment to support the Open Source community. It features Apache-compatible rewrite rules, a built-in web-based administration interface, and customized PHP processing optimized for the server.

OpenLiteSpeed Features:

Event-Driven Architecture
Fewer processes, less overhead, and enormous scalability. Keep your existing hardware.

Understands Apache Rewrite Rules
OpenLiteSpeed is mod_rewrite compatible, with no new syntax to learn. Continue to use your existing rewrite rules.

Friendly Admin Interfaces
OLS comes with a built-in WebAdmin GUI. Control panel support is available with CyberPanel.

Built for Speed and Security
Features Anti-DDoS connection and bandwidth throttling, ModSecurity v3 integration, and more.

Intelligent Cache Acceleration
Built-in full-page cache module is highly-customizable and efficient for an exceptional user experience.

PageSpeed Optimization
Automatically implement Google’s PageSpeed optimization system with the mod_pagespeed module.

PHP LiteSpeed SAPI
Native SAPI for PHP allows external applications written in PHP to run up to 50% faster.

WordPress Acceleration
Experience a measurable performance boost with OpenLiteSpeed and LSCache for WordPress.

Step 1 – Installing OpenLiteSpeed on Ubuntu 18.04

OpenLiteSpeed provides a software repository we can use to download and install the server with Ubuntu’s standard apt command.

Update all your system packages:

sudo apt-get update
sudo apt-get upgrade

Download and add the developer’s software signing key:

$ wget -qO - https://rpms.litespeedtech.com/debian/lst_repo.gpg | sudo apt-key add -

Now we will add the repository information to our system:

$ sudo add-apt-repository 'deb http://rpms.litespeedtech.com/debian/ bionic main'

Install the OpenLiteSpeed server and its PHP processor using apt install:

$ sudo apt install openlitespeed lsphp73

Finally, create a soft link to the PHP processor we just installed. This directs the OpenLiteSpeed server to use the correct version:

$ sudo ln -sf /usr/local/lsws/lsphp73/bin/lsphp /usr/local/lsws/fcgi-bin/lsphp5

 

OpenLiteSpeed server is installed, we’ll secure it by updating the default admin account.

Step 2 – Configure OpenLiteSpeed & Setting the Admin Password

Configure the administrative password for OpenLiteSpeed web server. By default, the password is set to 123456, so we should change this immediately. We can do this by running a script provided by OpenLiteSpeed:

sudo /usr/local/lsws/admin/misc/admpass.sh

Provide a username for the administrative user as below:

Please specify the user name of administrator.
This is the user name required to login the administration Web interface.
 
User name [admin]: wpcademyadmin
 
Please specify the administrator's password. This is the password required to login the administration Web interface.
 
Password:
Retype password:

Administrator's username/password is updated successfully!

Step 3 – Accessing the OpenLiteSpeed Web Server

OpenLiteSpeed should have started automatically. We can verify this with the following command:

$ sudo /usr/local/lsws/bin/lswsctrl status

Output:

litespeed is running with PID 990.
sudo /usr/local/lsws/bin/lswsctrl start

Output:

[OK] litespeed: pid=5137.

We need to open up some ports on our firewall. Configure Firewall for Port Access. Add the firewall rules:

$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw allow 8088
$ sudo ufw allow 7080

ReloAd ufw to effect the changes:

sudo ufw reload

In your web browser, navigate to your server’s domain name or IP address, followed by :8088 to specify the port:

http://server_domain_or_IP:8088

Browser should load the default OpenLiteSpeed web page as seen below:
install openlitespeed ubuntu 18.04

To configure the administrative interface. Got to your web browser, using HTTPS, navigate to your server’s domain name or IP address followed by :7080 to specify the port:

https://server_domain_or_IP:7080

install openlitespeed ubuntu 18.04 and configure admin interface

Enter the admin logins you had created during the OpenLiteSpeed configuration. Once you correctly authenticate, you will be presented with the OpenLiteSpeed administration interface:

openlitespeed-admin-dashboard

Step 4 – Configuring the Port

In the list of listeners, click the “View/Edit” button for the Default listener:

litesped listeners summary port config

Click the edit button in the top-right corner of the “Address Settings” table to modify its values:
modify listener value port

On the next page, then click the floppy disk icon, Save.

change port 8088 to port 80

You’ll need to now open up port 80 on your firewall:

$ sudo ufw allow 80

The default web page should now be accessible in your browser on port 80 instead of port 8088.

Congratulations! You should have OpenLiteSpeed and PHP installed and running on an Ubuntu 18.04 server.

You are running Ubuntu 16.04 : Install OpenLiteSpeed on Ubuntu 16.04

Visit OpenLiteSpeed Official Website fore more details.

Posted on

How to Scan & Detect Malware in WordPress Themes – Easy Guide

scan and detect malware in wordpress theme

WordPress Themes are ready-made layouts created for WordPress — one of the most popular content management systems used for blogging, news websites and e-commerce projects. These templates are custom solutions for building an online resource from scratch or easily revamping an existing one.

Need To Make Sure That WordPress Theme Is Free From Malware? In this blog, we will help you scan your WordPress website theme for hidden malware or malicious code along-with best plugins you can use to scan your WordPress theme for potentially malicious code.

What is A Nulled WordPress Theme?

Nulled means Cracked or Hacked Version of a WordPress Theme. Basically,its a Premium WordPress Theme which is available for free (or illegally). These themes mostly come up with the back door hack for entering your website which loosens the website security and makes it prone to hacking.

Why WordPress Themes Are infected By Malware?

WordPress is featuring premium themes in its latest versions which are highly secure and malware insusceptible. Unfortunately when it comes to free themes, they are the most easily targeted preys for web attackers. The reason behind is that downloading a free theme from an unknown source or pirated websites may affect the security of your websites.

Such themes are poorly coded and lead to create unauthorized access to websites through loopholes. An unknown source of theme may be created by a hacker who tweaks it for their own profits. There are several reasons behind the exploitation of such themes.

Some of the common reasons are:

  • ​To get a back link from the blog posts on your websites
  • For redirecting your website to spam links
  • To add adverts.
  • To create a backdoor to your website

Look For Presence Of Malicious Code in WordPress Themes

Before discussing the steps to How to Detect Malicious Code or Malware on WordPress Themes, let us hammer out the locations where the malicious code is generally inserted by the hackers. The two common locations on target of smart hackers are the footer.php file and the style.css file.

Apart from this, you should manually check all the files within the theme. The WordPress themes might include some basic files for its functioning. But, if you find additional files that are called without the .php function then your themes are injected with serious malware.

Signs that suspect your WordPress themes are infected with malicious content:

  1. Google Warning Messages: Your website will be displayed with a malware warning message with either an entirely blocked website or partially blocked website.
  2. WordPress White Screen of Death: When your website suddenly starts showing white screen of death, it means that your site is probably exploited with malware infection.
  1. .htaccess pirate: If your .htaccess file is corrupted, it keep redirecting your website to other spam links which you can’t understand.
  2. Popups: When there are several popup ads running on your website start redirecting towards malicious links or other popups if you tend to close, this means your website is a victim of malware exploitation.

Detect Malicious code in  WordPress Themes?

Performing a Google search is a good way to check if there’s a malicious code in a particular WordPress theme. If someone out there has found a malicious code in a theme they got from the same location, such a person must have sounded out a warning to others.

Initial step in discovering hidden malware or malicious code in your WordPress theme is to check if the files contained in the theme are all required

  • Scan WordPress Theme before Installation

The most frequent technique to detect malware on your installed themes is to scan your entire website. This will scan all the files on your website. You can do so in several ways:

  • Ask Google:

Google Safe Browsing is a tool that alerts the webmasters when their websites are compromised with unsafe content or malicious files.  You can use this tool to diagnose your website for surreptitious malware and resolve it.

https://www.google.com/safebrowsing/diagnostic?site=

Insert your website url in the above mentioned link and press ENTER. For example –

https://www.google.com/safebrowsing/diagnostic?site=example.com

When you press ENTER, it will provide you the Safe Browsing status of the website with the unsafe content found on your website.

  • Search Files

Make a cross file search for eval. If you find this one then the author (or someone who ripped it) has something to hide. Read more about eval(base64_decode hack.

 

  • Tools & Scanners to Detect Malware and Malicious in WordPress Themes

You can also use free malware scanners for scanning your website. A short overview of such scanners:

  • PCRisk: It is a free online tool that can be utilized to can any website for malicious codes, vulnerability exploits, infected files and other suspicious activities.
  • SiteGuarding.Com: Another popular online tool to check your website for malware and security issues.
  • After downloading the plugin or theme, The first thing you should do is to check for virus, trojans and other worms using Virus Total.

scan wp theme with virus total

  • WP Hacked Help: A free online wordpress malware scanner tool. You can scan your website for potential malware with this tool.

 

WordPress Theme Checker Plugins To Detect Malicious Code

Sometimes people download free themes from anywhere other the author’s page. The themes installed this way are poorly coded which makes it easier for hackers to insert back links to their websites.

Another effective way to deal with malicious code disguised in your free WordPress themes is to install best plugins that are designed for this purpose only.

 

​1. Theme Authenticity Checker (TAC)

tac plugin for wp theme check

TAC scans the source files of all the WordPress themes installed on your website. It takes you to the particular theme, the line number and a small piece of the distrusted code​ where the suspected malware is found. You can analyze the code and hence, easily​ remove the malware. To download this plugin, click here.

2. Quttera Web Malware Scanner​

quttera web malware scanner for wordpress

This plugin is specialised in detecting hidden malware, viruses malicious codes, spam links, blacklisting status and much more. So, you can use this tool to scan your website for free by installing this plugin. Quttera​ offers different malware cleanup plans for websites. To check these plans, you can visit the website.

​3. BulletProof Security:

BulletProof Security is one of the best wordpress security plugins of 2018, it comes with a number of salient features for WordPress security protection. This plugin has MS Malware scanner to scan each and every file present on your WordPress website. It also offers .htaccess Website Security Protection (Firewalls). Other features are login security. database backups, anti-spam and regular monitoring of website for website protection.

4. Anti-Malware​:

gotmls plugin for wp theme

Anti Malware is one of he popular plugins used to scan and detect malware from WordPress websites. Free version of WordPress offers detection of malware whereas you can also choose premium version for additional features. A premium Anti Malware plugin checks the website for brute-force attacks and DDos Attacks. You can get it here for free.

Best Tips To Make Sure That WordPress Theme is Safe.

  • Never download any free theme from other than author’s website. It can make your website vulnerable.
  • Scan your website regularly with reputable WP scanner.  It checks your website for WordPress infections like Malicious Redirects, Malware Injections, Backdoors, Google Blacklisting. We start cleaning up your website once your request is submitted.
  • Use Tools to Check Your Themes such as Themecheck.infoTheme Check & Exploit Scanner
  • Keep backup of your website at hand.
  • Make sure you have a highly secure hosting service.
  • Always use the latest version of WordPress.
  • Keep the plugins and themes up-to-date with the latest versions.
Posted on

WordPress Editor Keyboard Shortcuts

In the WordPress visual editor you can use a combination of keys to do things that normally need a mouse, trackpad or other input device. Rather than reaching for your mouse to click on the toolbar, you can use the following keyboard shortcuts:

Windows and Linux use “Ctrl + letter”, Mac uses “Command (⌘) + letter”.

Contents

1 Editor Shortcuts
1.1 Ctrl + key
1.2 Alt + Shift + key
1.3 Formatting Shortcuts
2 Keyboard Shortcuts for Comments
2.1 Activating Keyboard Shortcuts
2.2 The Meaning of Selected
2.3 Using Keyboard Shortcuts to Navigate Comments
2.4 Using Keyboard Shortcuts to Perform Actions on Comments
2.5 Bulk Actions

Ctrl + key

Letter Action
c Copy
v Paste
a Select all
x Cut
z Undo
y Redo
b Bold
i Italic
u Underline
k Insert/edit link

Alt + Shift + key

The following shortcuts use a different key combination: Windows/Linux: “Alt + Shift (⇧) + letter”. Mac: “Ctrl + Option (alt ⌥) + letter”. (Macs running any WordPress version below 4.2 use “Alt + Shift (⇧) + letter”).

Letter Action
n Check Spelling (This requires a plugin.)
l Align Left
j Justify Text
c Align Center
d Strikethrough
r Align Right
u • List
a Insert link
o 1. List
s Remove link
q Quote
m Insert Image
w Distraction Free Writing mode
t Insert More Tag
p Insert Page Break tag
h Help
x Add/remove code tag
1 Heading 1
2 Heading 2
3 Heading 3
4 Heading 4
5 Heading 5
6 Heading 6
9 Address

Formatting Shortcuts

Formatting Shortcuts while using visual editor (Since Version 4.3)

Letter Action
* Start an unordered list
Start an unordered list
1. Start an ordered list
1) Start an ordered list
## H2
### H3
#### H4
##### H5
###### H6
> transform text into blockquote
horizontal line
`..` transform text into code block

Keyboard Shortcuts for Comments

Beginning with WordPress Version 2.7, the ability to use keyboard shortcuts to browse and moderate comments was introduced. These keyboard shortcuts are designed to save time by allowing you to rapidly navigate and perform actions on comments. If your blog gets a large number of comments, you will find these shortcuts especially useful.

Activating Keyboard Shortcuts

Keyboard shortcuts are enabled on a per-user setting, and can be turned on by visiting the Profile panel in Administration > Users > Your Profile. Check the Keyboard Shortcuts checkbox to enable keyboard shortcuts for comment moderation.

Please note, the keyboard shortcuts are designed to use both hands, simultaneously, on a QWERTY style keyboard layout.

The Meaning of Selected

The keyboard shortcuts are used for navigation and for actions. For any action to affect a comment, that comment must be first selected. The comment that is considered selected is indicated with a light-blue background. By default, no comment is selected, so, you will need to press either the letter j key, or letter k key, to start navigating.

Using Keyboard Shortcuts to Navigate Comments

Navigating comments is accomplished with the j and k keys. When you first visit the Comments page, no comments is selected, so, first press the letter j, or the letter k, to select the first comment. After that, just press the letter j to move the select to the next comment.

  • Pressing j moves the current selection (light-blue background) down.
  • Pressing k moves the current selection (light-blue background) up.

Note that if you come to the bottom of a page of comments and press j again, you will be taken to the next page and the first comment of that next page will be selected. Likewise, pressing k at the top of a comment page will zoom you to the previous page, selecting the comment at the bottom of that previous page. This makes it very easy to navigate through a long list of comments to perform the necessary actions.

Using Keyboard Shortcuts to Perform Actions on Comments

For one of these actions to affect a comment, make sure the comment is first selected (see above).

  • Pressing a approves the currently selected comment.
  • Pressing s marks the current comment as spam.
  • Pressing d moves the comment to the trash (WordPress 2.9) or deletes the current comment.
  • Pressing z restores the current comment from the trash or activates the Undo when that row is selected.
  • Pressing u unapproves the currently selected comment, placing it back into moderation.
  • Pressing r initiates an inline reply to the current comment (you can press Esc to cancel the reply).
  • Pressing q activates “Quick Edit” which allows for rapid inline editing of the current comment.
  • Pressing e navigates to the edit screen for the current comment.

Bulk Actions

You can also perform an action on multiple comments at once. First, you’ll need to select the comments for the bulk action, using the x key to check the checkbox for the currently selected comment. Shift-x can be used to toggle the checkboxes, inverting their state. Once you have some comments checked:

  • Pressing Shift-a approves the checked comments.
  • Pressing Shift-s marks the checked comments as spam.
  • Pressing Shift-d deletes the checked comments.
  • Pressing Shift-u unapproves the checked comments.
  • Pressing Shift-t moves the checked comments to the Trash.
  • Pressing Shift-z restores the checked comments from the Trash.
Posted on

How to set correct file permission for your WordPress website

file permission wordpress

There a number of ways to accomplish this change. There are also a number of variations to these permissions that include changing them to be more restrictive. These however are the default recommendations. Check with your host before making permissions changes as they can have adverse affects on the performance and availability of your site.

Avoid having any file or directory set to 777. The default permission scheme should be:

Folders – 750
Files – 640

understanding file permission in wp

When you setup WP you (the webserver) may need write access to the files. So the access rights may need to be loose.

chown www-data:www-data  -R * # Let Apache be owner
find . -type d -exec chmod 755 {} \;  # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \;  # Change file permissions rw-r--r--

After the setup you should tighten the access rights, according to Hardening WordPress all files except for wp-content should be writable by your user account only. wp-content must be writable by www-data too.


chown :  -R * # Let your useraccount be owner
chown www-data:www-data wp-content # Let apache be owner of wp-content

Maybe you want to change the contents in wp-content later on. In this case you could

  • Temporarily change to the user to www-data with su,
  • Give wp-content group write access 775 and join the group www-data or
  • Give your user the access rights to the folder using ACLs.

Whatever you do, make sure the files have rw permissions for www-data.

For a detailed explanation of unix file permissions, see File system permissions – on Wikipedia