Archive for the ‘WordPress’ Category
-
8 ways to get PrimaryBlogger help and support
1. The PrimaryBlogger community forum is by far the best place to ask any question, it’s full of enthusiastic PrimaryBlogger users.
2. Your favorite search engine.
3. Looking for a plugin? Try the wordpress plugin codex.
3. Looking for a theme? Try the wordpress theme codex.
5. Looking for plugin support? Try the WordPress community.
6. Want to speak to someone from the PrimaryBlogger or Primary Technology team? Try our live online chat!
7. Email our support desk.
8. Call our support team, this is the last case because we take a while to answer the phones! -
WordPress Varnish Cache Config / VCL
What is this for non-technical folks?
WordPress sucks at delivering the same content over and over again, actually, I should rephrase that, wordpress rocks 99% of the time but if you serve a page over and over again it will quickly exhaust your servers resource which will mean wordpress will go slow. Varnish Cache speeds up WordPress by serving pages from memory instead of doinmagicg a bunch of hard work.
Why should I use this VCL?
I have done a number of different VCLs that can be used with varnish and wordpress but this is the final revision for now. It is designed for Varnish 2 but should work on 3 with no to very little modifications, I have tweaked this VCL over a few years and I’m finally happy with it.
Features:
- Supports multiple back-ends
- Supports round-robin
- Supports Purging using the Varnish WordPress plugin
- Supports logged in users
- Supports password protected pages
- Supports Mobile devices
- Provides long client side caching
- Forwards the correct client IP to the web daemon.
- Doesn’t cache 404s, 503, 500 etc.
- Doesn’t cache wp-admin, login, preview, signup
- Caches static objects such as images
- Supports Multisite
- Includes debug/log messages.
- Really clean code, proper tabbing etc.
Requirements
Varnish, WordPress, The Varnish WordPress plugin installed and working, mod_rpaf installed in apache or an nginx equivalent.
Why have I made this?
I was going to make a VCL generator but then I remembered most people will use this VCL as a point of reference and I’m lazy, let’s face it, being lazy is the biggest factor in me backing out of making a generator. The varnish configs I have done before have been overly verbose for what they did and rewriting them and cleaning them up means this config is much easier to understand and modify. Adding logging means that you can easily use varnishlog to debug any problems you have.
What isn’t included?
I didn’t include Custom error messages in this VCL. It’s not because I’m lazy, it’s because custom error messages put a lot of cruft into the VCL and if you want custom error messages you should see this article.
Let me at it!
// Defining our backends backend myFirstServer { .host = "myFirstServer.mclear.co.uk"; .port = "8080"; .probe = { .url = "/index.html"; .interval = 5s; .timeout = 1 s; .window = 5; .threshold = 3; } .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; } backend mySecondServer { .host = "mySecondServer.mclear.co.uk"; .port = "8080"; .probe = { .url = "/index.html"; .interval = 5s; .timeout = 1 s; .window = 5; .threshold = 3; } .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; } // Defining our cluster including end points for purge director cluster round-robin { {.backend = myFirstServer;} {.backend = mySecondServer;} } // End points for purge requests acl purge { "myFirstServer.mclear.co.uk"; "mySecondServer.mclear.co.uk"; } sub vcl_fetch{ // When fetching images we can set a long caching marker that we can access later if (req.request == "GET" && req.url ~ "\.(jpg|jpeg|gif|ico|css|js|png)$") { set beresp.http.magicmarker = "1"; } // Don't cache mobile requests if (req.http.X-Device == "mobile"){set beresp.ttl = 0s;log "Not caching mobile requests";} // Don't cache error pages if (beresp.status == 404 || beresp.status == 503 || beresp.status >= 500){ set beresp.ttl = 0s; } // Some debug code for why objects are/aren't cachable // Varnish determined the object was not cacheable if (!beresp.cacheable) { set beresp.http.X-Cacheable = "NO:Not Cacheable"; // You don't wish to cache content for logged in users } elsif (req.http.Cookie ~ "(UserID|_session)") { set beresp.http.X-Cacheable = "NO:Got Session"; log "It appears a session is in process so we have returned pass"; return(pass); // You are respecting the Cache-Control=private header from the backend } elsif (beresp.http.Cache-Control ~ "private") { set beresp.http.X-Cacheable = "NO:Cache-Control=private"; log "It appears this is private so we have returned pass"; return(pass); // You are extending the lifetime of the object artificially } elsif (beresp.ttl < 1s) { set beresp.ttl = 5s; set beresp.grace = 5s; set beresp.http.X-Cacheable = "YES:FORCED"; // Varnish determined the object was cacheable } else { set beresp.http.X-Cacheable = "YES"; } } sub vcl_recv { set req.http.X-Forwarded-For = client.ip; // Set the client IP set req.backend cluster; // Set the backend to the cluster call device_detection; // Check for a mobile device // Purge WordPress requests for purge if (req.request == "PURGE") { if (!client.ip ~ purge) { error 405 "Not allowed."; } purge("req.url == " req.url " && req.http.host == " req.http.host); error 200 "Purged."; } // Cache static objects such as images if (req.request == "GET" && req.url ~ "\.(jpg|jpeg|gif|ico|css|js|png)$") { unset req.http.cookie; log "request is for a file such as jpg jpeg etc so dropping cookie"; return(lookup) } // Cache any dynamic content if (req.url !~ "wp-(login|admin|signup)" && req.url !~ "preview" || req.url ~ "admin-ajax.php"){ log "Request is not for login, admin, preview, sign up or admin-ajax so don't cache it"; if (req.http.Cookie !~ "wordpress_logged_in "){ log "User is not logged in"; if (req.http.Cookie !~ "wp-postpass"){ log "Post is not password protected"; unset req.http.cookie; return(lookup); } } } } } sub vcl_deliver { if (resp.http.magicmarker) { log "Magicmarker set so setting our own client side caching"; unset resp.http.magicmarker; set resp.http.Cache-Control = "max-age=648000"; set resp.http.Expires = "Thu, 01 May 2014 00:10:22 GMT"; set resp.http.Last-Modified = "Mon, 25 Apr 2011 01:00:00 GMT"; set resp.http.Age = "647"; } } sub device_detection { // Default to thinking it's a PC set req.http.X-Device = "pc"; // Add all possible agent strings - These are the most popular agent strings log "Checking for mobile device"; if (req.http.User-Agent ~ "iP(hone|od)" || req.http.User-Agent ~ "Android" || req.http.User-Agent ~ "Symbian" || req.http.User-Agent ~ "^BlackBerry" || req.http.User-Agent ~ "^SonyEricsson" || req.http.User-Agent ~ "^Nokia" || req.http.User-Agent ~ "^SAMSUNG" || req.http.User-Agent ~ "^LG" || req.http.User-Agent ~ "webOS") { log "Mobile device detected"; log req.http.cookie; log "Following req.url"; log req.url; if (req.url !~ "wptouch_view=normal"){ log "wptouch_switch_toggle is not set"; set req.http.X-Device = "mobile"; } else{ log "this should not be redirecting to mobile"; log "wp touch view is set to normal so we shouldn't be setting a device type other thna PC"; set req.http.X-Device = "pc"; error 750 req.http.host; } } // These are some more obscure agent strings if (req.http.User-Agent ~ "^PalmSource"){ set req.http.X-Device = "mobile"; } }What do I need to change?
Search and replace myFirstServer and mySecondServer with your server names adding new backends where required. Make sure new backends are added to the round-robin cluster and the purge list.
Once you are happy with your VCL save it in as /etc/varnish/default.vcl (remember to make a backup of your original file) and restart Varnish. Any problems try to debug yourself but if you are stuck just give me a shout, I will be happy to help!
-
How to install mod_rpaf Varnish WordPress Ubuntu
And the geekiest title of the week goes to me…
Add this line to your varnish VCL in sub_recv:
set req.http.X-Forwarded-For = client.ip;
Grab mod_rpaf:
wget http://ftp.de.debian.org/debian/pool/main/liba/libapache2-mod-rpaf/libapache2-mod-rpaf_0.6-1_amd64.deb
Install mod_rpaf
dpkg -i libapache2-mod-rpaf_0.6-1_amd64.deb
Enable mod_rpaf:
a2enmod rpaf
Your rpaf config (/etc/apache2/mods-enabled/rpaf.conf) should look awesome like this:
<IfModule mod_rpaf.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 123.123.123.123 10.0.0.2 127.0.0.1 RPAFheader HTTP_X_FORWARDED_FOR </IfModule>
Note: RPAFproxy_ips is the ips of your varnish cache servers. Varnish is awesome.
Reload varnish and Apache the cool way.
/etc/init.d/varnish reload /etc/init.d/apache reload
Test it by looking at your remote_addr variable:
print_r($_SERVER);
-
WordPress Timthumb vulnerability
I don’t usually blog about vulnerabilities but Timthumb is being exploited all over the place. First off, don’t panic. Your site is probably vulnerable but fixing it is easy. Simply download the timthumb scanner plugin, upload it and then scan your site. Once completed it will patch your site for you and you can get back to work Related articles
- Save Your WordPress Site With the Timthumb Vulnerability Scanner and 1-Click Upgrade (pressography.com)
- TimThumb security issue with WordPress (blacknight.com)
- TimThumb.php Vulnerability Not Only Affecting Themes – Plugins too (vslider) (sucuri.net)
- TimThumb Updated To Version 2 (michele.me)
- [WordPress] Timthumb Vulnerability Scanner Plugin Checks & Fixes Vulnerable Timthumb script (shoutmeloud.com)
-
Primary Blogger upgrades
The PrimaryBlogger upgrades have been successful, you should hopefully notice a speed improvement when logged into your blog’s dashboard.
Enjoy