WP AutoShield®: One-Click WordPress Security from cPFence
xyzulu We are using termius pro for years! hands down great tool!
pratik_asabe me too i got it from my university for free. GREAT VALUE!
cPFence Thank you all good now I just replace Bitninjan thanks
Yes, it will work. Just edit the list using:
nano ~/enhance_servers.txtReplace the username with your preferred one. If you're on the main CP, it can generate the IPs automatically for you. If not, you can manually add them, one per line.
admin@192.168.1.1
admin@192.168.1.2
admin@192.168.1.3elcapitanph Thank you all good now I just replace Bitninjan thanks
Welcome aboard! Don’t forget to activate WP-AutoShield and Owl AutoMySQL for optimal one-click protection and load stability.
cpfence --wp-autoshield-on
cpfence --owl-automysql-on- Edited
Just to add, the ssh key still needs to be generated as root (not with sudo) when running the cpfence command with root, otherwise you need to mess around with ssh-add. And also, logging in using the admin account, the session on the control panel (local) will still ask for the admin account password. Anyways, experienced linux admins would have either known this, or made it work in no time. The feature is advertised for experienced users, so fair enough.
cPFence Introducing Owl AutoMySQL®: One-Click MySQL Resource Limits from cPFence
Owl AutoMySQL automates the monitoring and management of abusive MySQL users, solving a major pain point for shared hosting servers with high user volumes. It ensures optimal server performance by preventing resource abuse, all without manual intervention.
One-Click Activation:
Activate with a single command: cpfence --owl-automysql-on
Owl AutoMySQL will begin 24/7 smart monitoring and management instantly.Customizable Exclusions:
Exclude specific websites or priority clients by adding them to your configuration file: /opt/cpfence/config.conf.
How does this actually "prevent the resource abuse" exactly?
I have one client for example their site uses MySQL heavily They have 200,000 products (with variations), so the CPU usage is always quite high. Is OWL AUTOMYSQL going to effect this site? I don't want the site to crash out...
cPFence WordPress Bulk Management:
Gone are the days of relying on tools like MainWP or InfiniteWP to bulk manage your WordPress sites. With cPFence, you can now handle it all seamlessly with server-wide commands:
cpfence --bulk-install-wp-plugin: Search and install any WordPress plugin using a name, ZIP file path, or URL to ZIP server-wide.
cpfence --bulk-uninstall-wp-plugin: Deactivate and uninstall any WordPress plugin server-wide using the plugin slug.
This is EXCELLENT! Thank you!
cPFence New server migration with hundreds of sites? Ensure they’re clean and reset to a secure state with ease:
cpfence --bulk-force-wp-core-files: Force restore WordPress core files to default server-wide (for experienced system administrators only).
With this feature, does this just "re-install wordpress minus the config file and wp-content"?
I was the same till i saw MobaXterm, it's just "WOW".
xyzulu This was my choice for a long time too, but on MacOS it has the habit of wiping the entire host/keychain list if you're running out of disk storage.
cPFence Regarding --bulk-install-ls-plugin, I'd love to use this to install LiteSpeed Cache, but I'm sure we have some caching plugins installed (including paid versions) that members will balk at having removed. Then specific object cache plugins such as Redis Object Cache will need removed as well. I'm trying to think of all the problems we'll encounter with this.
Would be nice if we could somehow target only WP installs without any caching plugins to start with.
I would also like to install https://wordpress.org/plugins/heartbeat-control/ and tune it, so I'll have to figure out how to do that with wp-cli.
slimx This is EXCELLENT! Thank you!
You are welcome!
slimx How does this actually "prevent the resource abuse" exactly?
I have one client for example their site uses MySQL heavily They have 200,000 products (with variations), so the CPU usage is always quite high. Is OWL AUTOMYSQL going to effect this site? I don't want the site to crash out...
It simply monitors MySQL for long-running queries (default: 30+ seconds, but this can be adjusted in the config file) and terminates those queries along with the scripts generating them. Anyone managing WordPress hosting without CloudLinux will likely encounter this issue , WordPress is full of poorly optimized plugins and themes that often generate resource-hogging queries.
If you have a client who legitimately needs queries running longer than 30 seconds, you have two options: either add them to the exclude list or move them off the shared hosting environment. Realistically, any website requiring such long queries isn’t a good fit for shared hosting anyway. That’s why hosting companies that choose not to use CloudLinux, like HostGator, implement their own automatic in-house solutions with restrictions similar to Owl AutoMySQL on all servers.
slimx With this feature, does this just "re-install wordpress minus the config file and wp-content"?
Yes, all content is left intact, only the core WordPress files are auto-downloaded and replaced. This is an effective way to instantly clean any infections in the core files, especially if you’re dealing with a large number of websites migrated from another company. It’s always a good practice to use this tool.
However, keep in mind that some clients may have made unwise edits to core files. While modifying core files is not recommended and rarely occurs, it could happen in the shared hosting environment, as you are likely aware.
- Edited
MediaServe Further clarification...if we want to target WP installs without any caching activated, it might be nice to provide an argument that takes the plugins that are cache plugins. Something like:
cpfence --bulk-install-ls-plugin --litespeed-cache --bypass-activated-plugins wp-rocket|wp-total-cache|w3-total-cache (and the like)
MediaServe Regarding --bulk-install-ls-plugin, I'd love to use this to install LiteSpeed Cache, but I'm sure we have some caching plugins installed (including paid versions) that members will balk at having removed. Then specific object cache plugins such as Redis Object Cache will need removed as well. I'm trying to think of all the problems we'll encounter with this.
Would be nice if we could somehow target only WP installs without any caching plugins to start with.
I would also like to install https://wordpress.org/plugins/heartbeat-control/ and tune it, so I'll have to figure out how to do that with wp-cli.
For us, we always remove any other cache plugins during client migrations, but I understand this approach might not work for all companies. Targeting only sites without existing cache plugins is tricky since there are countless cache plugins, each working differently. We may improve the helper tool to better handle this in the future. In the meantime, you can try this :
# Step 1: Find all matching paths and save them to '/tmp/sites_likely_with_cache.txt'
awk -F, '{print $1 "/.htaccess"}' /var/log/cpfenceav/wp-sites-list.txt | \
xargs grep -l -E 'WP Rocket|W3TC|LITESPEED|WP Super Cache|Cache Enabler|Comet Cache|Breeze|Hummingbird Cache|Swift Performance|Autoptimize|Hyper Cache|WP Fastest Cache|Powered Cache|Cachify|Simple Cache|Advanced Cache' | \
sed 's|/.htaccess||' > /tmp/sites_likely_with_cache.txt
# Step 2: Remove matching paths from the original list and save as '/tmp/sites_without_cache.txt'
grep -vFf /tmp/sites_likely_with_cache.txt /var/log/cpfenceav/wp-sites-list.txt > /tmp/sites_without_cache.txtThis identifies sites likely using cache plugins and creates separate lists. Once you’re happy with the results, replace /var/log/cpfenceav/wp-sites-list.txt with /tmp/sites_without_cache.txt before running the bulk tool. Don't worry about the list, it will be generated again automatically during the next WP-AutoShield run at 6:10 AM.
For Heartbeat Control or other plugins, you can bulk install them using:
cpfence --bulk-install-wp-plugin heartbeat-controlWe’re also working on a helper tool to bulk configure heartbeat settings in LiteSpeed Cache >> Toolbox >> Heartbeat Control. It’s already in beta, but we’re fine-tuning it to work seamlessly for most companies. If you have preferred settings, please share them , they’ll help us release the tool faster.
Hope this helps!
- Edited
cPFence Thanks!
Regarding the heartbeat control, we recommend members to disable the frontend completely and set the other two to 120 FWIW.
cPFence I think this original post is missing plugin slugs. For example:
cpfence --bulk-install-ls-plugin: Install the LiteSpeed plugin on all WordPress sites server-wide.
cpfence --bulk-configure-ls-plugin: Configure the LiteSpeed plugin with Advanced presets and
No, those two tools don’t require slugs or plugin names; they are specifically preconfigured for the LiteSpeed plugin only.
A slug is only needed for the bulk uninstall plugin tool. (The bulk install tool is smart enough to handle both names and slugs. It will search the WordPress repository for you, display the results, and give you the option to confirm or exit.)