Blog

WordPress: Error establishing a database connection

Are you running your own web server in the cloud?

I hope you have some monitoring setup to get email alerts when it's offline 😀 

Yesterday, I knew something was wrong, after visiting my website around 18:00 C.E.T. to check a link, the Chrome browser started returning "Site can't be reached". I assumed it was WordPress running auto-updates, as there had been some recently. Later around 20:00 in the evening the website was reachable and I made some changes. Then, this morning this...

 

I've been running my own web server on AWS for a while now, so I know it's time to log back into the server. Of course, the connection doesn't work, because my IP has changed which means it's also time to update the AWS security group.

Click edit!

Now the SSH connection works, which reveals all...

Reboot required...

but first you might want to run a couple of commands like

sudo apt-get update

sudo apt-get upgrade

and only then

sudo reboot

The dashboard also tells an interesting story (note times are not C.E.T.).

Sometimes the AWS monitoring dashboard can be very handy to have. Here we just see that the T2 burst compute balances went down significantly. If I had an online shop running here I would be panicking.

You'll see in the top right IOPS, I find this statistic interesting in that it shows how efficient the server is running. Have a look at the difference between my Ubuntu v16 and v18 servers. 

Here is how I added IOPS to my dashboard; get the read and write bytes, then divide them 300 (the data is coming at 5-minute intervals). 

Protection from the eye Blog

Protecting your WordPress site from Internet Scum

I've been running my web server and WordPress site nearly a couple of years now. My goto plugins for protection are:

Antispam Bee - Which allows me to leave blogs open for comments, in case someone would ever want to ask something or start a discussion. However, I've found I only seem to get SPAM bots. Having to check all the messages is a pain, so I've also changed the WordPress settings to automatically close comments on articles older than 10 days. 

Shield - If the term "hackers" means anything to you, then this is "the security plugin" you need to have. Just look at the number of attempts to access my site.

30k login blocks and 3k IP bans

Recently the login attempts seemed to have been spiralling upwards. With this many automated attempts, you can't feel safe, and I've been thinking for a while, it's only a matter of time until they find a zero-day vulnerability.

So, this week I decided to block my wp-admin folder where the admin area of WordPress is, this is using the Apache web servers basic authentication with the .htaccess file. What I didn't realise, is that there are some functions there which are needed by other parts of my site such as the booking system. Thankfully, someone was kind enough to inform me about the problem 😉

When I googled this, I found plenty of sites with blogs titled "Don’t Use a Password Protection on wp-admin Folder". I thought it was possible after finding some solutions like this:-

AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/clouded.ch/html/.htpasswd
Require valid-user
<Files admin-ajax.php>
  Order allow,deny
  Allow from all
  Satisfy any
</Files>
<Files admin-post.php>
  Order allow,deny
  Allow from all
  Satisfy any
</Files>
<Files "\.(css|gif|png|js)$">
  Order allow,deny
  Allow from all
  Satisfy any
</Files>

DO NOT USE THE ABOVE .htaccess FILE

I used it for some time, only then to discover newsletter popups were not working. 

Good luck with protecting your sites...