SRG

SCSIraidGURU’s World

PHP page

One of the most important components for WordPress is PHP.  I recommend going on the latest version 7.3.  Below are easy to follow instructions for accomplishing it.

See the WordPress page for some other php fixes. 

See the http/2 section at bottom.

This will setup the repository for php to be on the latest version

sudo apt-get update && apt-get upgrade
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update

This is what I use to install PHP for WordPress.

This is how you activate your new PHP files.
sudo a2dismod php7.3
sudo a2enmod php7.4
sudo service apache2 restart

Old files installed for php
sudo apt install php7.3 libapache2-mod-php7.3 php7.3-common php7.3-mysql php7.3-gmp php7.3-curl php7.3-intl php7.3-mbstring php7.3-xmlrpc php7.3-gd php7.3-xml php7.3-cli php7.3-zip php7.3-bcmath php7.3-imagick

Which PHP files are on my server: You can use it to clean up older files you don’t need
dpkg -l | grep php | tee packages.txt

Purge old php files
sudo apt-get purge php7.3 php7.3-common

New Files installed for php
sudo apt install php7.4 libapache2-mod-php7.4 php7.4-common php7.4-mysql php7.4-gmp php7.4-curl php7.4-intl php7.4-mbstring php7.4-xmlrpc php7.4-gd php7.4-xml php7.4-cli php7.4-zip php7.4-bcmath php7.4-imagick php7.4-fpm

Site health will show PHP issues.  Elementor – System Info will show up your php version and configuration.

I have been working on better securing my web sites in WP.   I installed the Health Check plugin. 

It checked the php components and found a few missing. CURL, which I had installed so I refollowed these steps to verify it for php 7.3

  1. First Install CURL by typing sudo apt-get install curl

  2. Then Restart Apache by typing sudo service apache2 restart

  3. Then Install PHP7.4 CURL by typing sudo apt-get install php7.4-curl

  4. will prompt to install… type y or yes!

  5. Then Restart Apache by typing sudo service apache2 restart

  6. Done!  It now shows up in phpMyAdmin.

I have upgraded to the latest LAMP components that you are read about on Ubuntu pages.   I am on the latest version of WordPress.   This mainly affects my main webpage with videos of my children.  These files can be huge so I set the limits at 768MB.  Ubuntu server has 2 GB RAM available.

 /etc/php/7.4/fpm/php.ini
/etc/php/7.4/cli/php.ini
/etc/php/7.4/apache2/php.ini

upload_max_filesize = 768M
post_max_size =768M
memory_limit = 768M
max_execution_time = 360
enable in each php.ini file for bulk copy to work.
  mysqli
.allow_local_infile = On

Health Check said these two components were missing.  fpm had some errors too.

I ran the commands below in various order to fix fpm

sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php7.4-fpm


sudo apt purge libapache2-mod-php7.4 libapache2-mod-php
sudo apt install libapache2-mod-php7.4 libapache2-mod-php

After I fixed these errors, I ran update and dist-upgrade again to get the latest versions. 

WordPress 5.x works great with PHP 7.3 and above.   PHP 7.3 performance increases have been well documented. 

9.6.2019: Multiple Code Execution Flaws Found In PHP Programming Language

The PHP security team has addressed the vulnerabilities in the latest versions. So users and hosting providers are strongly recommended to upgrade their servers to the latest PHP version 7.3.9, 7.2.22, or 7.1.32.

Note: 7.4.6 as of 5.2020

Enabling http/2 for Apache2

mpm_prefork doesn't support http/2.  You need to disable php7.x first. 

sudo apt-get install php7.4-fpm
sudo a2dismod php7.4
sudo a2enconf php7.4-fpm
sudo a2enmod proxy_fcgi

sudo a2dismod mpm_prefork
sudo a2enmod mpm_event
sudo a2enmod http2
sudo systemctl restart apache2

 

phpMyAdmin

9.18.2019: Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

4.9.3 and newer has 2 factor authentication available now.

The configuration file now needs a secret passphrase (blowfish_secret).

phpMyAdmin blowfish secret generator

In /usr/share/phpMyAdmin rename config.sample.inc.php to config.inc.php.  Use the link above to generate the line of code to add to this file. Change this line with the code that link gives you. 

$cfg[‘blowfish_secret’] = ”; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

The $cfg[‘TempDir’] (./tmp/) is not accessible

create tmp under /usr/share/phpMyAdmin.   I use chmod 755 and chown www-data:www-data so Apache can use it.  I am not a big fan of 777 for it.

 phpMyAdmin Homepage

Many of the articles I read on MYSQL and MariaDB mentioned phpMyAdmin to create databases and users.   I have a notepad++ page filled with scripts to created WP databases and users.   I started off installing the base Ubuntu phpMyAdmin 4.5.4.   I added the repository for 4.6.    I went to their main site and downloaded the tar file for 4.9.4 because it fixed errors on the pages.   It was a manual install.  I just upgraded to 4.9.5 and rebooted. 

I tend to stay on LTS releases over cutting edge.

The phpMyAdmin team announces the release of versions 4.9.5 and 5.0.1.

As a reminder, version 4.x is in the LTS phase, where only security fixes and critical bug fixes are made. Users are suggested to migrate to version 5.

These releases address two issues, a problem with two-factor authentication that was introduced with the last releases, and a fix for an SQL injection vulnerability that was reported by CSW Research Labs https://twitter.com/cswcyberworks. This vulnerability is assigned PMASA-2020-1 and requires that the attacker have logged in through a valid MySQL account.

Known issue: the reported current release version may display incorrectly on the main page (for instance, “Version information: 5.0.1, latest stable version: 4.9.5”). This is expected to be fixed in the next routine bug fix release.

Downloads are available at phpmyadmin.net.

Happy new year, the phpMyAdmin team

You will find  

phpMyAdmin-4.9.5-english.tar.gz  on the list.  Right click and copy link.  You will get this

sudo wget https://files.phpmyadmin.net/phpMyAdmin/4.9.5/phpMyAdmin-4.9.5-english.tar.gz
sudo tar xvzf phpMyAdmin-4.9.5-english.tar.gz
sudo cp -avr ./phpMyAdmin-4.9.5-english/. /usr/share/phpmyadmin

I did a wget in the /usr/share/phpmyadmin folder.   The tar command will unzip it into its own folder.   cp -Rf the contents into the folder above it.    Restart Apache.  

phpMyAdmin allows me a tool to create databases and users with ease.   I created a sa account and gave root limited access.   I moved phpMyAdmin off port 80 to another port.   It required a few basic steps of creating a Sites-Available file and removing the mods-enable configuration.  Both WP servers are now on this port.  

The main screen of phpMyAdmin shows you the databases on the left.  The versions of Apache, MySQL (MariaDB), and php on the right.  It also shows you the version of phpMyAdmin running.

I decided to setup a new database to parse out the Firewall Syslogs.  I created a new page for the Fortinet 60E hardening to show the results of this database.  pMyAdmin allows for the easy creation of databases, tables and setting up the user for the database.   Once you setup a unique table field, you can even edit, create and delete rows of data. 

In order for LOAD DATA LOCAL INFILE to work in your php code you need a few config file changes:

modify php.ini files in these directories.
/etc/php/7.4/
apache2
/etc/php/7.4/cli
/etc/php/7.4/fpm

Under the [MySQLi] and [MySQL]

mysqli.allow_local_infile = On

 /etc/mysql/my.cnf

Under the [MySQLi] and [MySQL]

local-infile=1