Category Archives: Wordpress

Fixing 404 Errors on WordPress with Let’s Encrypt

Since my SSL cert was nearing expiration, I thought it would be a good idea to give Let’s Encrypt (free SSL certs!) a try.

Let’s Encrypt has a helper app called certbot that will configure Apache for you automatically. The really nice thing about certbot is that it will also (via crontab) renew your cert and configure Apache to use the new cert. This is useful, since Let’s Encrypt certs expire every 90 days.

To use certbot effectively, you need an Apache configuration that’s setup the way your distro expects. Mine was not (I hand ported the configs from Ubuntu), so I figured it was a good time to reinstall Apache with the default configs, then run certbot (official instructions here: https://certbot.eff.org/ ).

This initially seemed to work great, but I quickly noticed all of my subpages returned 404 errors. WordPress works best when you allow it to configure a .htaccess file to do URL rewrites. Allowing URL rewrites via .htaccess requires some additional configuration in your ssl.conf file.

sudo nano /etc/httpd/conf.d/ssl.conf

Add the following just before </VirtualHost> at the very end of your config.

<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

Thanks to Mike McMurray who posted the instructions at: https://mike.mcmurray.co.nz/2017/01/08/wordpress-permalink-404-with-https/

 

Fix: Unable to Auto-Update WordPress 7.1-7.2

When attempting to upgrade WordPress 7.1 to 7.2 I received the following error:

The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

A little Binging around and I found the solution here:
https://aaronjholbrook.com/wordpress-permissions-update-error-resolved/

Just in case that site goes down, here’s what to do:

SSH into your web server and run the following 3 commands:

Reset the permissions of all files to 664:

find /path/to/site/ -type f -exec chmod 664 {} \;

Reset permissions of directories to 775:

find /path/to/site/ -type d -exec chmod 775 {} \;

Reset the group to the apache group

chgrp -R apache /path/to/site/

WordPress Auto Update Soup-to-Nuts

This took a couple days of Binging and hacking, but I finally got WordPress to auto-update on Centos 7 with SSL and without disabling SELinux.

Update 1: I should note, this is for self-hosted WordPress users.

(Anything in brackets [] is up to you to choose)

WordPress 4.4 requires FTP access to the server in order to update its self.

vsFTPd with SSL

To keep things secure, I’ve setup vsftpd with chroots (to prevent ftp accounts from going outside of where they should be) and SSL.

Install vsfptd

sudo yum install vsftpd

Edit the configuration file

sudo nano /etc/vsftpd/vsftpd.conf

The following options should already be in your config file and can just be changed:

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES

The rest should be added to the bottom of the config file.
I’m assuming you already have an SSL cert you are using for your website. You can use this cert for vsftpd as well.

# Keep non-chroot listed users jailed
allow_writeable_chroot=YES

#SSL
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/pki/tls/certs/[your ssl cert].crt
rsa_private_key_file=/etc/pki/tls/private/[your ssl cert key].key

Now you can enable and start the FTP server

sudo systemctl enable vsftp
sudo systemctl start vsftp

Next, create a user that will be used for FTP.
It’s important to set the home directory with the “-d” option to where your website files are. I’m assuming the default /var/www/html.

sudo adduser -d /var/www/html [ftp-user]

Set a password for the user. Make sure to choose something secure!

sudo passwd [ftp-user]

Add the user to the apache group, so that it will have write access to /var/www/html/*

sudo gpasswd -a [ftp-user] apache

Make sure that apache has read/write to the WordPress files

sudo chown apache:apache /var/www/html/*
sudo chmod -R g+w /var/www/html/*

SELinux

To the best of my knowledge, these are the SELinux commands necessary for both the vsftpd as well as for Apache to FTP into the server and update itself.

SELinux booleans to enable the functionality we need

setsebool -P ftp_home_dir=on
setsebool -P ftpd_full_access=on
setsebool -P httpd_can_network_connect=on
setsebool -P httpd_can_connect_ftp=on

SELinux needs to be told that Apache has permission to write the files in /var/www/html and its subfolders

sudo chcon -R -v -t httpd_sys_rw_content_t /var/www/html

Let’s test the FTP server to make sure you can connect

First, install the lftp client

sudo yum install lftp

Connect to the FTP server

lftp -d -u [ftp-user] -e 'set ftp:ssl-force true' 127.0.0.1

Run

ls

and make sure you get a directory listing. If not, you’ll need to use the debug data printed to troubleshoot further (I sure did, I hope you won’t).

Assuming that works, the last step is to set edit wp-config.php with the FTP server settings

sudo nano /var/www/wp-config.php

Under the database settings, add a section:

/*** FTP login settings ***/
define("FTP_HOST", "127.0.0.1");
define("FTP_USER", "[ftp-user]");
define("FTP_PASS", "[ftp-user-password]");

It may not be necessary, but I like to restart Apache just to be sure

sudo systemctl restart httpd

Finally, log into WordPress and try to update something simple, like a theme or plugin. It should work!