MainWP WordFence extension overview

What is the MainWP WordFence extension

The MainWP WordFence extension allows you to scan your child sites for security issues, monitor live traffic and to manage Wordfence settings across your network and all from your Dashboard!

Price: $39

Overview

It is created to scan easily all child sites for malware, security issues and monitor live traffic. You can scan all sites with one button, see results in the MainWP Dashboard, block or unblock users or set scheduled scans. MainWP WordFence is intuitive and very easy to use. It requires the WordFence plugin being installed on the child site.

In combination with MainWP Sucuri and MainWP Vulnerability Checker extensions it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.

MainWP Vulnerability Checker Extension overview

What is MainWP Vulnerability Checker Extension

MainWP Vulnerability Checker extension uses WPScan Vulnerability Database API to bring you information about vulnerable plugins and themes on your Child Sites so you can act accordingly.

Price: Free

What is WPScan

WPScan is a black box WordPress vulnerability scanner.

It is a linux script, created by Sucuri to check WordPress for vulnerabilities. It has it’s own database with known security issues. The script is very powerful and allows you to:

  • Enumerate all users
  • Enumerate all themes
  • Enumerate all plugins
  • Check all themes against the database of vulnerabilities
  • Check all plugins against the database of vulnerabilities

Overview

MainWP Vulnerability Checker extension works the same way. It checks all installed themes and plugins (and their versions) and compares them to the entries in wpvulndb. If it finds one, it will notify you in the dashboard. You can check a single site or perform bulk scan.

You can avoid the security issues that this extension is looking for by keeping everything up to date, but if manage a large amount of sites, this task becomes easier said than done.

Anyone can check any plugin or theme for known vulnerabilities because the wpvulndb database is open. Researchers are disclosing these issues after the vulnerabilities have been patched. It is a good place for research if you check whether a plugin had many vulnerabilities in the past and how quickly they have been patched. Unfortunately the database has been used by attackers who have found outdated plugin or theme and are looking for known way to compromise the site.

Resources on WordPress MainWP Vulnerability Checker Extension overview MainWP Vulnerability Checker
Security issue in one of the plugins

MainWP Vulnerability Checker gives you another point of view of your sites. In combination with MainWP Sucuri extension and MainWP WordFence it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.

MainWP Sucuri extension overview

What is MainWP Sucuri extension

The MainWP Sucuri Extension uses Sucuri’s proprietary SiteCheck Tool to scan your sites. SiteCheck provides web-based malware scanning of your web sites using the latest in fingerprinting technology. It gives you a quick way to determine if your web applications are out of date, exploited with malware, or even blacklisted by popular search engines all directly from your MainWP Dashboard!

MainWp Sucuri is really easy to use. It adds SECURITY SCAN tab to each site’s Dashboard.

Price: Free

What it can do

MainWp Sucuri helps you scan your sites for security issues and offers you a quick way to fix them. According to it’s creators, it can:

Scan For:

  • Malware
  • Malicious javascript
  • Malicious iframes
  • Drive-By Downloads
  • Anomaly detection
  • IE-only attacks
  • Suspicious redirections
  • Blackhat SEO Spam
  • Spam

Also Check For

  • Web Server Details
  • List of Scanned URLs
  • List of Javascripts Included
  • List of iFrames Included
  • List of External Javascripts Included

The scan results tells you also if there are some other issues like directory browsing, accessible readme.html etc. It scans for things, attackers check in the fingerprinting stage of an attack and helps you hide them.

In combination with MainWP Vulnerability Checker and  MainWP WordFence  it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.

Issues

This extension is really good, but it has some problems that need to be fixed. One of the is the false positives. If the scan find readme.html file in the root directory, Sucuri flags it as an issue even if the file is not accessibe (returns 403 Forbidden). Similar thing is happening with the directory browsing results.

 

 

MainWP branding extension overview

What is MainWP Branding

MainWP Branding extensions allows you to brand your child plugin. You can modify the way MainWp Child plugin and make it look like your company’s.

Price: $69

Overview

This extension is easy to setup and use, but it offers a nice way to brand your support business. Here is what you can do with it:

  • Change the name, author, description etc of the MianWP Child plugin so it looks like your own.
  • Hide some of the settings, so the inexperienced customers want be able to brake something
  • WordPress branding – Customize login, favicon, dasboard widgets etc
  • Add a quick contact support button in top admin bar or admin menu

MainWP advanced uptime monitor extension overview

What is Advanced Uptime Monitor?

MainWP Advanced Uptime Monitor is an extension that works with the Uptime Robot service that checks your websites sites every 5 minutes, 24 hours a day, 7 days a week. In the case your site is not loading, it makes few more checks in next 3 minutes to make sure that site is down. If the site is still down, it will notify you immediately.

Price: free

Prerequisits

In order to use this extension, you will need a couple of things:

Overview

This extension is simple to setup and use and is really helpful for monitoring large amount of sites uptime. It displays data in the MainWP dashboard and notifies you by email for any changes in a site’s status as well as the code it returns. This gives you the ability to react quickly and fix any issues causing downtime.

Limitations

The only limitations come from Uptime robot. Their Free Plan allows you to monitor 50 sites. If you need to watch more, you have to upgrade to Pro Plan which gives you the flexibility to pay according to the amount of sites you have. The maximum is 500 and it costs $29.90. The Pro Plans include sms notifications

Override WooCommerce templates with a plugin

WooCommerce Templates

WooCommerce has templates for everything including emails and provides developers an easy way override them.

This template can be overridden by copying it to yourtheme/woocommerce/archive-product.php.

This is very useful when you build a custom or a child theme and you want to modify the way WooCommerce looks according to your needs.

But in some cases you  need to do this with a plugin.

When to use a plugin

Let’ look at some real life scenarios.

  • You don’t have ftp, ssh or any access to the site files.
  • Maybe you don’t have child theme and you don’t want to loose changes when you update the parent theme.
  • You want to build a plugin which needs to modify WooCommerce.

How to do it

To override WooCommerce templates wit a plugin, we can use the ‘wc_get_template’ filter. It takes a few arguments, but we will need only 2.
$located – the path to the new template file
$template_name  – the name (and directory) of the template we are overriding.
Let’s override 2 templates – the archive product and new order email.

Code explanation

We created a ‘templates’ directory in our plugin containing the files re-wp-archive-product.php and re-wp-new-order.php.
$template_name returns the name of the WC template. In this case archive-product.php which is located in woocommerce/templates and admin-new-order.php which is in woocommerce/templates/emails. As a result, WooCommerce loads them from our custom directory.

Renewing (an expired?) Let’s Encrypt SSL certificate with Easy Engine

The routine is expected to be as follows:

Right? Well, yes, if your environment is up-to-date.  Result of the last command should be like:

Renewing SSl cert for https://re-wp.com
Reload : nginx [OK]
SUCCESS: Certificate was successfully renewed For https://re-wp.com
Your cert will expire within 89 days.
Expiration DATE: Tue Sep 12 08:23:00 UTC 2017

You might come up to this problem, though:

Renewing SSl cert for https://re-wp.com
ERROR : Cannot RENEW SSL cert !
Your current cert already EXPIRED !
Check logs for reason tail /var/log/ee/ee.log & Try Again!!!

Let’s have a look at the logs then! Do you find there a line, stating like setuptools pkg_resources pip wheel failed with error code 1 ?

If so, then here is what you have to try:

  1. Check if this solved the issues. Some people were happy to find it as a sole solution of the problem:
  2. If that didn’t help, maybe this:
  3. Here comes the long shot (which helped me personally):

Running the command for renewing the certificate should work just fine this time.