commandline wordfence (wf-cli)

There is a commandline version of the wordfence plugin. You can use this to automate or script scanning your websites for malware. The output is just files which seem to be malware. You can then pass that list to the RM (remove) command. This is what I did. mkdir /scripts cd /scripts apt install python3.10 git clone sudo python /scripts/wordfence-cli/ scan /var/www/html/ I then took that list of files and gave them to the "rm" command. When it runs for the first time it will ask you to provide a "key" to it. You get that from wordfence's website.

how to use wp-cli

There is a commandline version of the admin tools, called wp-cli, that you can install. However it does not let you run as "root", you have to turn into the web user to run it. Instruction manual here: Here are some example commands: Force a theme update: sudo -u www-data -i -- wp theme update theme_name --path="/var/www/html/" Install a plugin (force update): sudo -u www-data -i -- wp   plugin install akismet --force --path="/var/www/html/" Bulk install plugins: cd /var/www/html/wp-content/ for i in `/bin/ls plugins` ; do (   sudo -u www-data -i -- wp   plugin install $i   --force --path="/var/www/html/" ) ; done Bulk enable or disable plugins: cd /var/www/html/wp-content/ for i in `/bin/ls plugins` ; do (   sudo -u www-data -i -- wp   plugin toggle $i   --force --path="/var/www/html/" ) ; done Reinstall the entire site: sudo -u www

Downloading an entire wordpress site if you do not have access to the back end

It's quite tricky to download a wordpress site in bulk. Here's how I do it. Install SiteSucker (Mac app). Enter the website URL in the   Web URL   field. Under the  Settings   menu, choose  Factory Defaults   and then choose  Edit Settings… . In the Settings window, check the  Suppress Login Dialog   under the  General   tab. Check the  Include Supporting Files   box under the  Options   tab under the   Advanced   tab. Click the   OK   button. Click the  Download  button.

Elementor-based website loses its styles or the CSS stops working

If your wordpress site uses Elementor for layouts and suddenly the CSS stops working, look under Elementor -> Tools -> Regenerate CSS More detail here:

forcing deactivating of plugins via mysql

 In the WordPress database, you find there's a table called wp_options inside that table is an option called active_plugins . You can see it by typing: mysql> describe wp_options; This will show the following structure: +--------------+-----------------+------+-----+---------+----------------+ | Field        | Type            | Null | Key | Default | Extra          | +--------------+-----------------+------+-----+---------+----------------+ | option_id    | bigint unsigned | NO   | PRI | NULL    | auto_increment | | option_name  | varchar(191)    | NO   | UNI |         |                | | option_value | longtext        | NO   |     | NULL    |                | | autoload     | varchar(20)     | NO   | MUL | yes     |                | +--------------+-----------------+------+-----+---------+----------------+ The relevant option is called active_plugins , so to see its content, type: mysql> select * from wp_options where option_name = "active_plugins"; This will retu

turning on debug mode

Turn debug mode on edit your wp-config.php file and find define('WP_DEBUG', false); change to define('WP_DEBUG', true); General causes of bugs 1. Dodgy plugins/templates. Remove them all and add them back one at a time. Same for themes 2. Config errors. Replace the config.php file with the template and reinstate it. Obviously copy/paste the login details for the database out before you do that, so when you recreate it, it asks for them again. 3. Code incompatibilities . You have some old code somewhere (e.g. an old php file) which was not upgraded and is now incompatible with the new php in the new issue of wordpress/plugin/template etc 4. Permission errors.  chmod -R 755 /var/www/mysite chown -R www-data:www-data /var/www/mysite assuming your installation is located in /var/www/mysite. On a single-site server it will be /var/www/html "There has been a critical error on your website" = problem 3 above, usually.

Securing wordpress

 Wordpress is very vulnerable to attacks. I suggest the following four steps. 1. Install Sucuri plugin 2. Install Wordfence plugin 3. Install IQ block country and block all countries except your own unless you need to have customers from overseas.  4. Delete the wp-login.php file (or rather, keep a copy of it somewhere else), and put it into the folder when you need to login, but when you don't need to login, delete it. There are plugins that hide the login, which you can also use, but I find that quite often they don't work. I've been locked out of my own site many times from those plugins, hence the crude approach of just deleting the login script.