WP AutoShield®: One-Click WordPress Security from cPFence: Page 6 - Enhance Control Panel

WP AutoShield®: One-Click WordPress Security from cPFence

cPFence

xyzulu

I second this, great tool! The paid version also offers a bulk run feature across multiple hosts.

pratik_asabe

xyzulu We are using termius pro for years! hands down great tool!

babylon

pratik_asabe me too i got it from my university for free. GREAT VALUE!

elcapitanph

cPFence Thank you all good now I just replace Bitninjan thanks

cPFence

elcapitanph Thank you all good now I just replace Bitninjan thanks

Welcome aboard! Don’t forget to activate WP-AutoShield and Owl AutoMySQL for optimal one-click protection and load stability.

cpfence --wp-autoshield-on
cpfence --owl-automysql-on

rdbf

cPFence

Does this assume root can login over SSH?

cPFence

rdbf

Yes, a passwordless SSH login setup is required. If you’re using a custom username, let the tool generate the server list from the database first, then manually edit it to replace the username:

nano ~/enhance_servers.txt

rdbf

cPFence

So if I disabled root via SSH, but use the same 'admin' username everywhere with passwordless SSH, with passwordless sudo, it will work too? That would be great.

cPFence

rdbf

Yes, it will work. Just edit the list using:

nano ~/enhance_servers.txt

Replace the username with your preferred one. If you're on the main CP, it can generate the IPs automatically for you. If not, you can manually add them, one per line.

admin@192.168.1.1
admin@192.168.1.2
admin@192.168.1.3

rdbf

cPFence

Just to add, the ssh key still needs to be generated as root (not with sudo) when running the cpfence command with root, otherwise you need to mess around with ssh-add. And also, logging in using the admin account, the session on the control panel (local) will still ask for the admin account password. Anyways, experienced linux admins would have either known this, or made it work in no time. The feature is advertised for experienced users, so fair enough.

slimx

cPFence Introducing Owl AutoMySQL®: One-Click MySQL Resource Limits from cPFence

Owl AutoMySQL automates the monitoring and management of abusive MySQL users, solving a major pain point for shared hosting servers with high user volumes. It ensures optimal server performance by preventing resource abuse, all without manual intervention.

One-Click Activation:
Activate with a single command: cpfence --owl-automysql-on
Owl AutoMySQL will begin 24/7 smart monitoring and management instantly.

Customizable Exclusions:
Exclude specific websites or priority clients by adding them to your configuration file: /opt/cpfence/config.conf.

How does this actually "prevent the resource abuse" exactly?
I have one client for example their site uses MySQL heavily They have 200,000 products (with variations), so the CPU usage is always quite high. Is OWL AUTOMYSQL going to effect this site? I don't want the site to crash out...

cPFence WordPress Bulk Management:
Gone are the days of relying on tools like MainWP or InfiniteWP to bulk manage your WordPress sites. With cPFence, you can now handle it all seamlessly with server-wide commands:
cpfence --bulk-install-wp-plugin: Search and install any WordPress plugin using a name, ZIP file path, or URL to ZIP server-wide.
cpfence --bulk-uninstall-wp-plugin: Deactivate and uninstall any WordPress plugin server-wide using the plugin slug.

This is EXCELLENT! Thank you!

cPFence New server migration with hundreds of sites? Ensure they’re clean and reset to a secure state with ease:
cpfence --bulk-force-wp-core-files: Force restore WordPress core files to default server-wide (for experienced system administrators only).

With this feature, does this just "re-install wordpress minus the config file and wp-content"?

xyzulu

I was the same till i saw MobaXterm, it's just "WOW".

cPFence

slimx This is EXCELLENT! Thank you!

You are welcome!

slimx How does this actually "prevent the resource abuse" exactly?
I have one client for example their site uses MySQL heavily They have 200,000 products (with variations), so the CPU usage is always quite high. Is OWL AUTOMYSQL going to effect this site? I don't want the site to crash out...

It simply monitors MySQL for long-running queries (default: 30+ seconds, but this can be adjusted in the config file) and terminates those queries along with the scripts generating them. Anyone managing WordPress hosting without CloudLinux will likely encounter this issue , WordPress is full of poorly optimized plugins and themes that often generate resource-hogging queries.

If you have a client who legitimately needs queries running longer than 30 seconds, you have two options: either add them to the exclude list or move them off the shared hosting environment. Realistically, any website requiring such long queries isn’t a good fit for shared hosting anyway. That’s why hosting companies that choose not to use CloudLinux, like HostGator, implement their own automatic in-house solutions with restrictions similar to Owl AutoMySQL on all servers.

slimx With this feature, does this just "re-install wordpress minus the config file and wp-content"?

Yes, all content is left intact, only the core WordPress files are auto-downloaded and replaced. This is an effective way to instantly clean any infections in the core files, especially if you’re dealing with a large number of websites migrated from another company. It’s always a good practice to use this tool.

However, keep in mind that some clients may have made unwise edits to core files. While modifying core files is not recommended and rarely occurs, it could happen in the shared hosting environment, as you are likely aware.

MediaServe

xyzulu This was my choice for a long time too, but on MacOS it has the habit of wiping the entire host/keychain list if you're running out of disk storage.

MediaServe

cPFence Regarding --bulk-install-ls-plugin, I'd love to use this to install LiteSpeed Cache, but I'm sure we have some caching plugins installed (including paid versions) that members will balk at having removed. Then specific object cache plugins such as Redis Object Cache will need removed as well. I'm trying to think of all the problems we'll encounter with this.

Would be nice if we could somehow target only WP installs without any caching plugins to start with.

I would also like to install https://wordpress.org/plugins/heartbeat-control/ and tune it, so I'll have to figure out how to do that with wp-cli.

MediaServe

MediaServe Further clarification...if we want to target WP installs without any caching activated, it might be nice to provide an argument that takes the plugins that are cache plugins. Something like:

cpfence --bulk-install-ls-plugin --litespeed-cache --bypass-activated-plugins wp-rocket|wp-total-cache|w3-total-cache (and the like)

cPFence

MediaServe Regarding --bulk-install-ls-plugin, I'd love to use this to install LiteSpeed Cache, but I'm sure we have some caching plugins installed (including paid versions) that members will balk at having removed. Then specific object cache plugins such as Redis Object Cache will need removed as well. I'm trying to think of all the problems we'll encounter with this.

Would be nice if we could somehow target only WP installs without any caching plugins to start with.

I would also like to install https://wordpress.org/plugins/heartbeat-control/ and tune it, so I'll have to figure out how to do that with wp-cli.

For us, we always remove any other cache plugins during client migrations, but I understand this approach might not work for all companies. Targeting only sites without existing cache plugins is tricky since there are countless cache plugins, each working differently. We may improve the helper tool to better handle this in the future. In the meantime, you can try this :

# Step 1: Find all matching paths and save them to '/tmp/sites_likely_with_cache.txt'
awk -F, '{print $1 "/.htaccess"}' /var/log/cpfenceav/wp-sites-list.txt | \
xargs grep -l -E 'WP Rocket|W3TC|LITESPEED|WP Super Cache|Cache Enabler|Comet Cache|Breeze|Hummingbird Cache|Swift Performance|Autoptimize|Hyper Cache|WP Fastest Cache|Powered Cache|Cachify|Simple Cache|Advanced Cache' | \
sed 's|/.htaccess||' > /tmp/sites_likely_with_cache.txt

# Step 2: Remove matching paths from the original list and save as '/tmp/sites_without_cache.txt'
grep -vFf /tmp/sites_likely_with_cache.txt /var/log/cpfenceav/wp-sites-list.txt > /tmp/sites_without_cache.txt

This identifies sites likely using cache plugins and creates separate lists. Once you’re happy with the results, replace /var/log/cpfenceav/wp-sites-list.txt with /tmp/sites_without_cache.txt before running the bulk tool. Don't worry about the list, it will be generated again automatically during the next WP-AutoShield run at 6:10 AM.

For Heartbeat Control or other plugins, you can bulk install them using:

cpfence --bulk-install-wp-plugin heartbeat-control

We’re also working on a helper tool to bulk configure heartbeat settings in LiteSpeed Cache >> Toolbox >> Heartbeat Control. It’s already in beta, but we’re fine-tuning it to work seamlessly for most companies. If you have preferred settings, please share them , they’ll help us release the tool faster.

Hope this helps!

MediaServe

cPFence Thanks!

Regarding the heartbeat control, we recommend members to disable the frontend completely and set the other two to 120 FWIW.

MediaServe

cPFence I seems to be having problems With LiteSpeed Cache + Redis.

I have a script the generates WP sites without caching, and then I:

cpfence --bulk-install-ls-plugin
cpfence --bulk-configure-ls-plugin

Which should enable Redis in Enhance if I'm reading this correctly.

cpfence --bulk-configure-ls-plugin Configure the LiteSpeed plugin with advanced presets and Redis enabled server-wide.

I can visit a website that has LS Cache installed and configured but Redis is not enabled (by the script per the output.) So I figured I'd run:

cpfence --bulk-enable-ls-redis

That doesn't enable Redis in the panel either. So are these commands just configuring the LS Object Cache for Redis but not actually enabling Redis in the panel?

twest

xyzulu thanks for the tip, just got Termius setup today and I love it! The sync with mobile is awesome too!

MediaServe

cPFence I think this original post is missing plugin slugs. For example:

cpfence --bulk-install-ls-plugin: Install the LiteSpeed plugin on all WordPress sites server-wide.
cpfence --bulk-configure-ls-plugin: Configure the LiteSpeed plugin with Advanced presets and

cPFence

MediaServe

No, those two tools don’t require slugs or plugin names; they are specifically preconfigured for the LiteSpeed plugin only.

A slug is only needed for the bulk uninstall plugin tool. (The bulk install tool is smart enough to handle both names and slugs. It will search the WordPress repository for you, display the results, and give you the option to confirm or exit.)

« Previous Page Next Page »