How to disable the WordPress plug-in via MySQL

To disable all WordPress plugins via MySQL, you must:

1) Be sure to make a backup copy of the database.

2) Open the phpMyAdmin or MySQL client from the terminal:

mysql -u USER -p

3) Execute the SQL query (if necessary, specify the correct prefix wp_):

UPDATE wp_options SET option_value = '' WHERE option_name = 'active_plugins';

After that, all plug-ins will be disabled and you can activate them again one by one in the admin panel.

You can also temporarily disable the plugin by renaming the directory with its files, the plugins are in the /wp-content/plugins/ directory.

How to Disable Plugin Updates in WordPress

You can disable the update of a particular or all WordPress plug-ins in several ways, I’ll describe several of them:

1) Disable the update of a particular plug-in by changing its version in the code, for example to 99.9, but do not forget to comment out its real version in case you need to update.

2) To disable updates to all plug-ins, add the following line to the wp-config.php configuration file:

define( 'DISALLOW_FILE_MODS', true );

To completely disable all updates:

define( 'AUTOMATIC_UPDATER_DISABLED', true );

3) Also, you can disable all updates by installing a special plug-in, for example Disable All WordPress Updates or Update Control and others.

How to configure SSL and HTTPS for WordPress

I recently set up SSL certificates on several WordPress sites.

The sites were hosted on a dedicated server under the control of Ubuntu, on this first thing I created a directory for certificates and switched to it:

sudo mkdir /etc/apache2/ssl
cd /etc/apache2/ssl

Enable the SSL module for Apache2 if it is not enabled:

sudo a2enmod ssl

Then I generated the certificate:

sudo openssl req -nodes -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com.key -out /etc/apache2/ssl/example.com.csr

In the process of generation, several questions had to be answered:
Country Name (2 letter code) [AU]: UA (code of the country)
State or Province Name (full name) [Some-State]: Sumy
Locality Name (eg, city) []: Romny
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Private person
Organizational Unit Name (eg, section) []: (empty or the name of the department)
Common Name (e.g. server FQDN or YOUR name) []: example.com (domain name, without http and https)
Email Address []: admin@example.com

You can also sign the generated certificate (this is the contents of example.com.csr) from some kind of domain registrar.
The procedure is cheap and after it is connected will not display a message that the certificate is not signed.

Since there are several sites, the configuration files for each of them are located in the directory /etc/apache2/sites-enabled/.
I’ll choose one of them and at the very end after the standard directive:

<VirtualHost *:80> ...</VirtualHost>

we will add one more, but with 443 port and we will specify ways to certificates:

<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/
        <Directory />
                Options -Indexes
                AllowOverride All
        </Directory>
        <Directory /var/www/example.com/>
                Options -Indexes
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example_com.key
SSLCertificateChainFile /etc/apache2/ssl/example_com.ca-bundle
ErrorLog /var/log/apache2/example_error-ssl.log
LogLevel warn
CustomLog /var/log/apache2/example_access-ssl.log combined
</VirtualHost>

After the changes, check the configuration and restart apache2:

sudo apachectl configtest 
sudo service apache2 restart

To be able to log in to WordPress and admin on HTTPS only in wp-config.php, uncomment the following parameters:

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

You can also change the address of the site from http:// to https:// in the admin panel, in the “Settings” – “General”.
In robots.txt we will specify the site address with https, for example:

Host: https://ixnfo.com

Also in sitemap.xml there should be links with https.
In search engines need to apply for re-indexing the site map, in Yandex.Webmaster submit an application to the “Move the site” by ticking the “Add HTTPS”.
In Google Search Console, you need to add the same site with https, it will be indexed separately from http.

Done, now the site can be opened by https.

See also my article – Redirecting requests to SSL

How to remove W3 Total Cache plugin from WordPress

To uninstall W3 Total Cache from WordPress, you need:

1) In the plugin menu, click the cache clear button.

2) Deactivate the plugin in the plugins menu and click “Delete”

3) In the root directory of the site, at the beginning of the wp-config.php file, if left, delete the lines:

/** Enable W3 Total Cache Edge Mode */
define('W3TC_EDGE_MODE', true); // Added by W3 Total Cache

/** Enable W3 Total Cache */
define('WP_CACHE', true); // Added by W3 Total Cache

4) As I noticed after the plug-in there are a lot of files, and on large sites there can be millions of files with cached data.
In the wp-content directory, delete the files, if any, advanced-cache.php, object-cache.php, w3tc-config and cache (here cached data).

Done.

Preventing attacks on WordPress xmlrpc.php and wp-login.php

I noticed once on some servers with WordPress sites a large number of calls to the file xmlrpc.php and wp-login.php

As it turned out, someone tried to pick up a password and gain access to the site, usually such things block Jetpack, limited access to the IP in the admin area of the web server, but for some reason, there was no protection.

To count the number of accesses to a file in the logs, you can use the command:

grep 'xmlrpc.php' /var/log/apache2/access.log | wc -l

By the way, the command above can be performed for example from the monitoring system Zabbix , draw a graph on the received data, and also notify of an increase in the number of hits.

Count the number for each IP and list the following:

grep 'xmlrpc.php' /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -r

Count the number for each IP and list for the wp-login.php file:

grep 'wp-login.php' /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -r
grep 'wp-login.php' /var/log/apache2/access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20

In the apache2 configuration or through the .htaccess file, you can restrict access to /wp-admin/ by IP, for example:

<Directory /var/www/site/wp-admin/>
  Options -Indexes
  AllowOverride All
  Order allow,deny
  allow from 127.0.0.1 192.168.11.25
</Directory>

Completely deny access to files like this:

<Files wp-login.php>
Order Deny,Allow
Deny from all
</Files>
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

If you use for example Jetpack, then it is better not to limit wp-login.php, as there can be errors when updating the plug-in and will affect its operation.
In this case, you can activate password protection in the Jetpack settings.

If Jetpack is not in use, you can install other plug-ins, for example, “WP Limit Login Attempts”, which displays captcha during authorization, and also blocks incorrect login attempts.
For example, the “Disable XML-RPC Pingback” plug-in can disable XML-RPC functions if they are not needed.

Also in the robots.txt file, you can prevent indexing by the search engines of these files:

User-agent: *
Disallow: /xmlrpc.php
Disallow: /wp-login.php

Eliminating duplicate headers on WordPress pages

Once asked to remove on the pages of one WordPress site repeated headlines.

After viewing the code, noticed that they are adding the plugin Yoast SEO, edited in its settings Titles & Metas – Yoast SEO line:

%%title%% %%page%% %%sep%% %%sitename%%

But it did not turn out very nicely, because the plugin sometimes missed the space after the hyphen, so I returned it as it was.

I fixed the error by commenting out the following line in the code of the active template (layout-head.php file):

// bloginfo( 'name' );

After that, the title of the pages was displayed correctly.

P.S. If you disable the Yoast SEO plugin, the above line will need to be uncommented back.
If the topic is not self-explanatory, then probably after the appearance and installation of its update, the layout-head.php file will return to the original state.

See also:
How to remove a repeating title in wordpress rss