Went through the apache logs on my web-server and saw some access requests to my phpmyadmin page.
It’s probably a good idea to restrict access to this web based sql admin interface (in case there is an exploit I don’t want somebody to use it on this).
How to make phpmyadmin a bit more secure
sudo vi /etc/phpmyadmin/apache.conf
sudo nano /etc/phpmyadmin/apache.conf
Under “Alias /phpmyadmin /usr/share/phpmyadmin”
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0.0/24
This will let your vm access the /phpmyadmin part and also anything with an IP on the 192.168.0.0/24 network.
Also, up there in the alias where it first says /phpmyadmin – change this to something else like “Alias /youcannotguessthis /usr/share/phpmyadmin” and it will be a lot harder for automatic scanners to find it.
If your webhost is running in php safemode then you may run into some issues, for example you cannot do the upgrade of WP automagically via the admin interface and neither can you upgrade plugins manually, which is a hazzle.
I went from 3.0.4 to 3.1
and from 3.1 to 3.1.3
and from 3.1.3 to 3.2
The way I do it is like this:
Download your blog ( in my case /blog) to your local machine.
Make a backup of your mysql database ( via phpmyadmin in my case ). Good idea is to delete spam comments before you do this, saves a few bytes.
Download and extract the latest wordpress on your local machine.
In the directory where you extracted the new wordpress files, remove the directories that you are supposed to keep (mentioned in red text in the guide/link above and in #6 below).
Copy over the files from your blog that you are supposed to keep, get them from where you downloaded the new files to your local machine.
In my case the things I needed to copy were: wp-config.php, the folders under wp-content – and their content, .htaccess
The rest did not apply to me, as I did not have the cache, wp-images, plugins/widget and not using special language or special robots.txt
On your web-host, rename the folder of your blog (I have mine under /blog)
Upload the new directory from your local machine (the new one where you have copied in the things you needed to keep).
Surf to /wp-admin
Click upgrade db
Take this opportunity to update some plugins if you have that are out of date.
I did not have to alter my permalinks, the setting was the same (%postname%) and the links are still working.
If you do run into problems this way, check out the forums for some assistance.
There are things you can use to make this a lot faster.
For example maybe a lot of files aren’t different between the versions.
If you don’t do backup or maybe if you don’t upload the whole new directory that will save you lots of time.
Some ftp-clients (flashfxp for example) have what’s called a skip-list where you can specify that files with the exact same size should not be over-written but skipped.
– What I did last time was to just download 3.2. Extract the archive. Remove the wp-content. Upload and overwrite the files on the web host. Tada. Not so complicated at all :)
Surf to http://ip/phpmyadmin and log on to the mysql db – does it work? yay!
Create drupal db – see INSTALL.mysql.txt – basically this just tells you to create a database and a user. It asks you to do this via manual SQL queries, but we have phpmyadmin so we just have to; 1. click on databases and create a new one. 2. after that, click on privileges and create a new user. 3 just type in username and password, leave the rest for default.
Copy extracted files to your www directory. Beware of rights, use chmod and possibly chown. /var/www/ is the default directory.
Surf to http://ip/drupal (where install.php is)
Then it complains that it doesn’t have access. Because I had to set chmod 777 on the ‘sites’ directory under /drupal.
Then I need to copy a file and make it writeable, just doing what the script tells me to.
Configure the database settings.
Now you can remove write access permissions on the sites/default directory and sites/default/settings.php
Put in contact and admin accounts stuff.
Done! Wow, that was easy :)
So much to do in there!
I will have to get back about this in another post :)