Jump to content

SSL and Wordpress


esn024

Recommended Posts

23 hours ago, Krydos said:

Yep, that donation counts for the Plesk transfer. You've moved from #960 to #1. You should have received an email with a link that allows you to move to Plesk. Let us know if you didn't get the email, or if you have any questions.

Thanks, I think it got moved over. The FTP connection works. I can sign in to Plesk. However, if I go to https://www.thebrooksreflections.com/ now, it still shows a "Security Risk" message. If I click "ignore" and continue, it goes to a page that says "Error establishing a database connection".  And if I go to https://thebrooksreflections.heliohost.org/, it goes to a page that says "This is the wrong folder."

Link to comment
Share on other sites

Your SSL certificate got issued for thebrooksreflections.com but not for wwwthebrooksreflections.com. I reissued the SSL certificate for you so it will cover both. You could have done this yourself by going to Websites & Domains > thebrooksreflections.com > SSL/TLS Certificates > Reissue Certificate and then checked the box next to www.

The reason your Wordpress stopped working is because you were using esn024 as your MySQL user. On cPanel if you used your username you could access all of your databases will full access. Plesk is a little more secure, and you have to actually grant permission to each database.

What I recommend doing is creating a MySQL user named 'esn024_wp' or something like that and granting that new user access to just the Wordpress database. Make sure you update the wp-config.php file to match the new user and password.

It's actually pretty insecure and bad practice to use a MySQL user that has full access to all of your databases for something like this. Wordpress is the most easily hacked software you can possibly install, and if someone gets a hold of the password that can access all of your databases on the whole account they can do that much more damage and not be contained to just Wordpress.

If you can't figure out how to create a MySQL user and grant them access to your database let us know and we can help some more.

Link to comment
Share on other sites

1 hour ago, Krydos said:

 

Thank you very much for the very helpful reply, I did as you suggested and got it working. I also looked logged in to Wordpress for the first time in many months, and Holy Batman, nearly 4000 spam comments! Funny how my other site, that I coded myself in PHP, gets NO spam comments or accounts at all despite having only a very simple "real person checker", while this WordPress one just got absolutely flooded.

Maybe I should just rewrite the whole thing on my own... on the other hand, it feels a bit like defeat - I've read that WordPress CAN be made secure...

Link to comment
Share on other sites

Wordpress gets attacked because it's so widely used. Spambots and even dedicated cybercrime groups exist that specialize in attacking WP. Spam comments are just an annoyance considering it's extremely common for a WP site to get hacked and replaced with phishing content.

WP can't really be made secure in any sensible manner just due to how badly it's written. They find new security holes all the time. Keeping it updated and not using dubious extensions makes a big difference, but even then it's not uncommon to see it suddenly get hacked out of the blue. Security extensions can also help, but some of those are famous for bloating it to the point where it causes high load and has 30+ second load times.

Link to comment
Share on other sites

Well i'm glad that WP has been removed from my account. Would not like that replaced or give some phishing content. I wonder why still peoples use WP?

Link to comment
Share on other sites

It's easy to use, has been around forever, and has tons of integrations and extensions available for it...the same reasons it's widely used are also the reasons it should not be used. The code base is ancient, a lot of those extensions have backdoors or are abandoned and have unfixed security issues, and it's easy to use it to do nearly anything...including phish.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...