Archive

Tag: openlitespeed

How to enable full/advanced WordFence protection on OpenLiteSpeed

Website security is always a fundamental and important part of any website especially WordPress. Today we will see how to enable full/advanced Wordfence protection on OpenLiteSpeed.

If you are using LiteSpeed Enterprise you don’t need to do anything as it is fully Apache compatible so Wordfence full protection will work out of the box. So you can stop now and enjoy your coffee.

However, if you are using OpenLiteSpeed then go ahead, make sure to use OpenLiteSpeed with CyberPanel, and ease your life.

What is WordFence?

Wordfence is one of the most popular WordPress scanner and firewalls. Wordfence comes in both free and premium versions. Wordfence has enough features to secure your websites like endpoint firewall, malware scanner, malicious IP addresses detection, 2FA, and all. In short, Wordfence is the most comprehensive WordPress security solution available. Wordfence is enough to secure your site.

Why do we need to configure OpenLiteSpeed for full Wordfence protection?

Setting up WordFence is a bit tricky in the case of OpenliteSpeed. With OpenLiteSpeed, you have to do some manual settings. In this article, we will discuss how to configure Wordfence with OpenliteSpeed to enable advanced firewall options.

Enable full Wordfence protection on OpenLiteSpeed:

  1. Install Wordfence on your WordPress site.
  2. Edit Vhost Configuration for Wordfence.
  3. Enable full Wordfence protection with CyberPanel.

Install Wordfence on your WordPress site:

The installation of Wordfence on your WordPress site is just like the installation on any plugin. Follow along the steps to install Wordfence.

Setp 1: Install Wordfence Plugin:

To install WordFence on your WordPress site first log in to your admin dashboard:

Go Plugins->add New

advanced wordfence protection on openlitespeed

Now search Wordfence in the search bar, You will receive the results for Wordfence select the first one (The one with the Wordfence logo) and Click install.

image 64

Setp 2: Setup Wordfence Plugin:

Once installation is done click Activate to activate the plugin:

image 65

After activation, they will ask you for an email address where they sent you emails regarding your website. Provide your email, click yes if you want to receive emails, check the box for agreement and press continue.

image 67

If you have a premium version enter the key here otherwise click on thanks and use the free version.

image 68

Now your Wordfence is installed and good to go. You can see the Wordfence on the left menu. When you click that you will see a notice to configure full/extended Wordfence protection.

image 69

Once you click the configuration a prompt appears that asks to download the .htaccess file. Click on download and press continue.

image 70

In the case of LiteSpeed Ent. configuration is done out of the box but in the case of OpenLiteSpeed, we’ve to perform some additional steps that we will discuss below. I found an official video guide for you to install Wordfence you can check that also.

Edit Vhost Configuration for Wordfence:

For OpenLiteSpeed you have to configure the Wordfence to enable Advanced WordPress Protection. Without setting these configurations to OpenLiteSpeed you can see that there is the Basic WordPress Protection.

image 71

To enable the advanced protection you have to access the OpenliteSpeed web server dashboard by navigating https://<your_ip>:7080. In the OpenLiteSpeed web, server Dashboard go to the VHost -> General

image 72

Go the end of page you will find the php.ini overwrite click the edit button.

image 73

add this to php.ini overwrite

php_value auto_prepend_file /path/to/wordfence-waf.php

Most Common path if you created site from cyberpanel

php_value auto_prepend_file /home/example.com/public_html/wordfence-waf.php

If you added the domain with CyberPanel then first you have to find the path of the wordfence-waf.php file. After adding this graceful restart the OpenLiteSpeed with this server did not get the changes.

image 74

Once done go back to your WordPress site and check the firewall you can see the Extended Protection level there.

image 75

Instead of doing this from the OpenLiteSpeed, you can install CyberPanel on your OpenLiteSpeed server, and then there is an easy way to do this. I will describe that in the next step.

Enable advanced firewall with CyberPanel.

When you have the CyberPanel installed on your server to manage your site you can follow the guide stated above but in this part of the article, I will tell you a simple way to do this using CyberPanel. To enable an extended or advanced level of protection using CyberPanel, you have to log in to CyberPanel using your credentials.

From you CyberPanel Dashboard go to the Websites ->list websites

image 76

You can see all of your websites there Click on the Manage button. To open the website dashboard.

image 77

Once the manage Dashboard for the web site is opened go to the configuration part and click the VHost

image 78

Go to the php.ini section

image 79

Add the following line to enable the extended protection.

php_value auto_prepend_file /home/example.com/public_html/wordfence-waf.php

Now your extended protection is enabled .

image 81

Follow US on Facebook / Twitter  for update.

How to set custom/extra headers for OpenLiteSpeed while using CyberPanel

Custom/Extra Header can be used for many proposes like:

  1. Content Security policy
  2. Referrer policy
  3. HSTS (Strict-Transport-Security)
  4. Content-type options

If you are using the LiteSpeed Enterprise server you can add Extra headers to your htaccess file and the server will add it automatically just like you used to do with Apache as it is fully Apache Compatible.

However, if you are using OpenLiteSpeed it has to be done via OpenLiteSpeed WebAdmin or by adding it to vHost configuration for the website via CyberPanel.

Table of Contents

  1. Log in to CyberPanel
  2. Open the website Manager
  3. vHost Configuration
  4. Verify Headers.

Here are the steps to add a custom or extra header via vHost configuration from CyberPanel.

1. Log in to your CyberPanel Server

Visit https://<IP Address->:8090

Enter credentials to log in.

2. Open the website manager:

     2.1 Click on the website and then click on the list websites.

Click on website and then click on list websites

      2.2 Click on the manage button in front of your desired website.

Click on mange button in front of your desired website.

3. vHost Configuration :

   

      3.1 Click the vHost conf from the website manager.

Click the vHost conf from the configurations portion in website manager.

      3.2 Find the block name “context” if it is found add extraHeaders value in it like “extraHeaders Access-Control-Allow-Origin *”.

      3.3 If “context ” block not found in vhost conf file Add the following before the rewrite { } portion.

context / {

extraHeaders Access-Control-Allow-Origin *

}

extraHeader

You can add the value of extraHeaders according to your requirement. 

4. How to verify extraHeaders configuration:

To verify extraHeaders configuration follow the steps:

    4.1 Open Network tab:

        1. Vist your website in any browser and open developer tools.

        2. In developer tools click on Networks tab

Open network tab

         3. Click on the file with your domain name. like(abc.xyz)

Screenshot 9

         4. Go to Network Tab and check headers for any request. You should the extra header you added in vHost conf.

Verify vhost configuration

How to set HSTS (Strict-Transport-Security) in custom the header:

HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

To set HSTS in custom Header follow the steps:

             => Follow the 1,2 and 3 steps stated above to open the vHost conf file.

             => Add the following before the rewrite { } portion.

context / {

extraHeaders Strict-Transport-Security: max-age=15552000; includeSubDomains; preload;

}

 1. The age parameter tells the browser how long this rule must be cached.
 2. The includeSubDomains should only be added if you want to apply HSTS to subdomains too.
 3. The preload parameter is used for inclusion in Google Chrome’s preload list.

Read More: HOW TO CHANGE TIMEZONE ON LINUX SERVER

Follow US on Facebook / Twitter  for update.