WP AutoShield®: One-Click WordPress Security from cPFence

cPFence · 12 Jan

Thanks for the feedback! cPFence sends an update notification with every new release, including a link to the changelog page that provides quick insights and best practices for newly added features. If you’re not receiving those emails, we recommend switching to SMTP using the following command:

cpfence --enable-cpfence-smtp

This should ensure you stay up to date with all the latest updates and improvements.

bgeek · 12 Jan

cPFence Cool! Thank you very much! Will change to SMTP soon.

Another question is, is there a way to update all the servers at once? Currently I'm running every command on each server one by one, not too bad, but it would be much better if one change on the CP could be passed to every cluster server automatically.

MediaServe · 12 Jan

bgeek I've started using https://servercat.app/ for SSH. It's not the greatest client (can't seem to configure any sort of keepalive, and the dialog even when you submit exit are unnecessary) but it has some features in terms of docker visuals and submitting commands easily to an Enhance cluster of servers. Only available for MacOS/iOS though.

bgeek · 12 Jan

MediaServe Thank you buddy! I've tried servercat once. Didn't last long as it was a bit buggy at that time.

I was actually expecting something like, if I do an cPFence upgrade on the CP, it can pass the upgrade command to every server in the cluster. Then, I realized this could be a bit risky.

cPFence · 13 Jan

bgeek

You’re welcome! We’re actively working on a feature to enable bulk commands across the entire cluster. It’s already being used in-house by our team, and we’re in the process of implementing it into cPFence for everyone. Stay tuned!

elcapitanph · 13 Jan

Hi CPfense this is diffrence from the topic can I use like this cpfence --blacklist-country CN,IN,TW or do i need really add it one by one ?

cPFence · 13 Jan

elcapitanph

Currently, you’ll need to add them one by one.

Note: This will completely bypass IPDB protection for the specified countries.

cPFence · 13 Jan

Version 3.3.21 (14th January 2025)

Added

Introducing cPFence MultiRun Tool for Bulk Server Management
- Designed for experienced system administrators, the MultiRun Tool enables you to execute commands across all servers in your Enhance cluster effortlessly. Say goodbye to tedious individual server management and hello to true cluster-wide efficiency.

Key Highlights:

Effortless Cluster Management: Automatically fetch server IPs and set up a synchronized Tmux session to run commands across all servers in one go.
Collaborative Real-Time Monitoring: Share sessions with your team for collaborative bulk operations and monitor commands as they execute cluster-wide.
Flexible and Versatile: Supports any Linux commands, from WordPress management to system-level tasks.

Getting Started:

Ensure passwordless SSH login is enabled across all servers for seamless functionality.
Run the command cpfence --multirun to launch the tool.
Attach to the Tmux session with tmux attach to begin executing commands cluster-wide.

Note: This tool is extremely powerful and is intended for experienced administrators. Misuse can result in unintended consequences across all servers. Proceed with extreme caution.

Read the full guide on setting up and using the MultiRun Tool:
Simplify Cluster Management with cPFence Bulk Tools + MultiRun.

xyzulu · 14 Jan

MediaServe I've started using https://servercat.app/ for SSH

Termius is my goto. I've used it for about 10 years now I think.

cPFence · 14 Jan

xyzulu

I second this, great tool! The paid version also offers a bulk run feature across multiple hosts.

pratik_asabe · 14 Jan

xyzulu We are using termius pro for years! hands down great tool!

babylon · 14 Jan

pratik_asabe me too i got it from my university for free. GREAT VALUE!

elcapitanph · 14 Jan

cPFence Thank you all good now I just replace Bitninjan thanks

rdbf · 14 Jan

cPFence

Does this assume root can login over SSH?

cPFence · 14 Jan

rdbf

Yes, a passwordless SSH login setup is required. If you’re using a custom username, let the tool generate the server list from the database first, then manually edit it to replace the username:

nano ~/enhance_servers.txt

rdbf · 14 Jan

cPFence

So if I disabled root via SSH, but use the same 'admin' username everywhere with passwordless SSH, with passwordless sudo, it will work too? That would be great.

cPFence · 14 Jan

rdbf

Yes, it will work. Just edit the list using:

nano ~/enhance_servers.txt

Replace the username with your preferred one. If you're on the main CP, it can generate the IPs automatically for you. If not, you can manually add them, one per line.

admin@192.168.1.1
admin@192.168.1.2
admin@192.168.1.3

cPFence · 14 Jan

elcapitanph Thank you all good now I just replace Bitninjan thanks

Welcome aboard! Don’t forget to activate WP-AutoShield and Owl AutoMySQL for optimal one-click protection and load stability.

cpfence --wp-autoshield-on
cpfence --owl-automysql-on

rdbf · 14 Jan

cPFence

Just to add, the ssh key still needs to be generated as root (not with sudo) when running the cpfence command with root, otherwise you need to mess around with ssh-add. And also, logging in using the admin account, the session on the control panel (local) will still ask for the admin account password. Anyways, experienced linux admins would have either known this, or made it work in no time. The feature is advertised for experienced users, so fair enough.

slimx · 14 Jan

cPFence Introducing Owl AutoMySQL®: One-Click MySQL Resource Limits from cPFence

Owl AutoMySQL automates the monitoring and management of abusive MySQL users, solving a major pain point for shared hosting servers with high user volumes. It ensures optimal server performance by preventing resource abuse, all without manual intervention.

One-Click Activation:
Activate with a single command: cpfence --owl-automysql-on
Owl AutoMySQL will begin 24/7 smart monitoring and management instantly.

Customizable Exclusions:
Exclude specific websites or priority clients by adding them to your configuration file: /opt/cpfence/config.conf.

How does this actually "prevent the resource abuse" exactly?
I have one client for example their site uses MySQL heavily They have 200,000 products (with variations), so the CPU usage is always quite high. Is OWL AUTOMYSQL going to effect this site? I don't want the site to crash out...

cPFence WordPress Bulk Management:
Gone are the days of relying on tools like MainWP or InfiniteWP to bulk manage your WordPress sites. With cPFence, you can now handle it all seamlessly with server-wide commands:
cpfence --bulk-install-wp-plugin: Search and install any WordPress plugin using a name, ZIP file path, or URL to ZIP server-wide.
cpfence --bulk-uninstall-wp-plugin: Deactivate and uninstall any WordPress plugin server-wide using the plugin slug.

This is EXCELLENT! Thank you!

cPFence New server migration with hundreds of sites? Ensure they’re clean and reset to a secure state with ease:
cpfence --bulk-force-wp-core-files: Force restore WordPress core files to default server-wide (for experienced system administrators only).

With this feature, does this just "re-install wordpress minus the config file and wp-content"?

xyzulu

I was the same till i saw MobaXterm, it's just "WOW".