We are releasing Release 202202 which includes the option to install Wordpress in an automated way as well as application updates and security improvements.
From this version of MaadiX you can now install Wordpress in an automated way. During the installation process you only need to indicate under which domain you want to install the website and choose a password to access the administration account.
In the installation process we have included some default settings which aim to reinforce security. Among them:
- Prevent php execution in wp-content/uploads.
- Prevent file editing from the admin interface.
- Fail2ban has been enabled for xml-rpc: the xmlrpc.php file is used by the Wordpress mobile application or a plugin such as Jetpack for remote or scheduled publishing of content.
However, this file is increasingly used in various attacks including brute force access attempts. In addition to the risk involved, these attacks are often the cause of slow website performance. With fail2ban, IPs that have made repeated requests (more than two in an hour) will be blocked so that they can no longer attempt to gain access, thus protecting system resources.
- Disable pingbacks and comments by default: these options are often left on even if they are not used. If needed you can activate them from the admin interface.
- Option to run the Wordpress process in its own Pool: this way each Wordpress will be isolated from the rest of the applications avoiding that the PhP scripts can access files outside the directory of the current site avoiding the propagation of possible malware.
Here is a brief explanation of what this configuration consists of.
This option is available for the Wordpress installation as well as for any other Php application you want to install manually.
It is about separating each application from the other by assigning it a different owner, thus limiting the possibility of an infected website compromising others.
By default, 3 Pools are activated so you can start using them immediately. However, from the control panel, you can add more Pools. The maximum number of Pools that can be created depends on the amount of memory available on the server.
Once created, the Pools can be assigned to the different domains that you have enabled from the control panel. It is advisable to assign only one domain for each Pool.
Here you can find more information : https://docs.maadix.net/php-fpm/
We have added the option to assign quota to the email accounts, limiting the disk usage that can reach each one.
The space used will be reflected both from Rainloop and from any other email client (Thunderbird, Oultook, etc).
Previously created accounts have no limitation activated.
In this MaadiX release Nextcloud is upgraded to version 24.0.2
Please contact us by writing an email to: contact [at] maadix [dot] net
PGP Key: 0xE5BB2110.asc
Fingerprint: EF80 C4FB CC27 7A3E 8D0B 0DD9 B48B 2A9B E5BB 2110