WordPress Tips

Here is some practical information that will help you make the most of your WordPress installation at Gandi.

500 Internal Server Error

This error is generally due to a problem with the code of your website. It usually appears as an all-white page. With WordPress, it is usually caused by a WordPress plugin or theme.

In order to determine what is causing the problem, go to your instance’s control panel, and examine the contents of the PHP error log: www-error.log

You will see errors like:

PHP Fatal error: Class 'WP_Customize_Section' not found in /srv/data/web/vhosts/www.exemple.tld/htdocs/wp-content/themes/easy-store/inc/customizer/es-custom-classes.php on line 341

Consequently, in order to regain access to your website, you will need to deactivate the theme or plugin that is causing the problem from the WordPress admin.

If, however, the WordPress admin is not available, you can still log into your instance using an sFTP client. Then, rename the plugin or theme directory that is causing the problem in order to deactivate it. These will be in the /htdocs/wp-content/themes or /htdocs/wp-content/plugins directories.

Mixed Content

If you activated https on your site, but there is no green padlock appearing in your browser’s address bar, it is possible that some elements of your website, such as images, are still being loaded using the http protocol.

To confirm this:

  1. use the Web Developer tool of your browser (pressing the F12 key for Firefox and Chrome will bring this up)
  2. a new window will open to display the tool,
  3. click “Console” and look at the results to find where the problem comes from.

Once you have found the links causing the problem, edit them so they use https and not http.

Note

You can use a special plugin, SSL Insecure Content Fixer, to help, if you have a lot of elements needing to be fixed.

Site Migration

We provide a test URL with every Simple Hosting instance. If you started working on your website at that address, but then want to switch the site to its definitive address later, there is a plug-in that you can use, called “Duplicator” to help you do this.

The role of this plugin is to update the address of your website in the WordPress admin and database.

XML-RPC

As a security measure, WordPress recommends the addition of the following Rewrite line in the .htaccess file located in your WordPress’ root directory (this would be in the htdocs directory).

RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

By doing this, all connection attempts targeting this file will be redirected, and so xmlrpc pingback attacks will be averted.

You can find more information about this at: https://www.trustwave.com/Resources/SpiderLabs-Blog/WordPress-XML-RPC-PingBack-Vulnerability-Analysis/

If you suspect you are being hit by such an attack, check your Apache access.log file and look for a large number of access requests to this file, in this form:

POST /xmlrpc.php HTTP/1.1" 200 56775 "-" "-"

Cache Plugins

Gandi’s Simple Hosting already makes use of a special cache system to increase performance. Consequently we recommend that you avoid using a WordPress cache plugin, as it would be counter productive, and would use up resources of your instance for no reason.

How to install wp-cli

You don’t have the rights in the Simple Hosting system’s directories, but you can use alias instead.

At first, you need your SSH console to be activated, and then connect to it.

Then, run the following commands :

$ cd /srv/data/home
$ wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
$ echo "alias wp='/srv/data/home/wp-cli.phar'" >> /srv/data/etc/bash/bashrc

Afterwards, press CTRL-D (to leave current session), then press ENTER (to open a new session). And test it:

$ wp --info