Author: Hal

Running WordPress on AWS – some experiences, problems and solutions

Hal

If you’ve found this post it’ll be because like me, you had issues setting up WordPress to run on AWS. However, it does work, and if you solve each of the issues one by one you’ll get to see WordPress running efficiently and well.

First off, some basics. I am using Linux, v 20.04. It has MySQL 8.0.22 and PHP 7.4.3. I updated to WordPress 5.6, and found a few things not running any more.

1 – plugins – some incompatibility, and requiring updates, but auto update didn’t work. Worse, WordPress asks for FTP settings so I can have it manage the process, and I am not about to install FTP onto the server.

2 – email sending used to be fine, but now no longer runs as it used to

3 – editing any text, anywhere was a problem – the changes could not be saved

4 – ReCaptcha not appearing on forms.

Auto Update

WordPress used to be painful to update. Years ago it involved logging on to your server, creating backups, copying files over the top of existing files and directories and hoping for the best. Nowadays it is a lot easier, and in the WordPress dashboard you should be able to simply click a button and get the updates.

However, when you do, you are presented with the WordPress FTP panel asking for a hostname, username and password, and giving you the option of FTP or SFTP. Neither worked at all for me, ever. And no chance of working on AWS either because of the use of PEM (or PPK) security files to actually log in to the server. WordPress has no way of handling those, so it simply won’t work. Fortunately, all you do is make a small edit to the wp-config.php file on your server and the FTP dialog disappears.

To get rid of this, you’ll need to edit your wp-confg.php file and add a simple line of code. Some people say add it at the bottom as the last line, but I found that didn’t work. Instead, I added it to be just above the database connection settings:

define(‘FS_METHOD’,’direct’);

In the latest WordPress versions, it’ll be about line 22 or 23. Add it in before you get the database definition statements and save the file.

When you next try to auto update you’ll see no FTP dialogue box.

What this addition does it tells WordPress to use a ‘direct’ method of writing to the server, and not use FTP. However, there may be a second issue for you when you do this.

File Ownership and Permissions

Whenever you move files onto a server, they are given certain attributes, and on Linux these will include who owns them, and who has permission to modify them. You may think of yourself as the owner, and you’d be right… but the server itself runs certain applications (such as your web server – probably Apache or NginX) and each of these is like you – they have a role on the server to do their job, so the server considers them also able to own and manipulate files.

The second thing to remember is that you as a user exist on the server in a ‘group’ which has certain privileges. Other users can exist in this group too, and the group has overall permissions. If you upload files, they also belong to the group and have the permissions afforded to the group. For example, let’s say your login to the server uses a name ‘Ubuntu’ – then the files belong to ‘Ubuntu’ and are in the group for ‘Ubuntu’. The problem is, the web server isn’t in that group, so can’t get to the files to do what WordPress needs. Whilst you can read and edit them because you are in that group, no-one else can. They may be able to read them, but writing changes? That is not going to be allowed.

So you have to make sure that WordPress has the ability to read and write to the files, but that the files are protected from malicious actions. Fortunately, it’s not too hard to achieve and there are many resources on the web telling you the exact file and directory permissions to use. However, you must ALSO grant the web server the right to use the files if you want WordPress (which uses the web server to do the work) to be able to update them.

In the world of Ubuntu, the Web Server is given a name and group called ‘www-data’.

You therefore need to change the owner and the group for each of your WordPress files and directories, and maintain the overall security using the file permissions. Don’t worry, you’ll still be able to access and edit them yourself if you need to, but mostly, you won’t have to.

Open up your terminal and connect to your server, and navigate to your WordPress installation. All of the files and folders within it need to be assigned to the www-data user:

chown -R www-data:www-data /var/www/html/wordpress

This literally means ‘CHange OWNership Recursively to be owned by www-data and in the group for www-data in the directory where WordPress lives. Note that the location I’ve shown in this example  (/var/www/html/wordpress) may not be the same on your server.

If you log in to your WordPress Dashboard after making these two changes (using a direct method of update and getting the permissions right) you should have the ability to auto update your WordPress site without resorting to logging in to the server directly. It can all be achieved from within your Dashboard, and that’s a lot simpler! If you do want to edit the files in the server directly, you’ll find you no longer own them, and so will need to log in as the root user or use the ‘Sudo’ command to access them.

Email Sending

It used to be quite simple to send email from WordPress on any other server except AWS, it just worked. However Amazon in their wisdom have prevented you sending email directly, because they have blocked port 25. This is the port that SMTP uses, and so mail cannot leave your server. It’s a great way to reduce the chance of AWS servers being used for Spam and Spam relays, but it’s a nuisance for those of us just wanting to host a site and have it send out alerts and messages. You have two options:

1 – contact Amazon from your console panel and ask them to lift Port 25 restrictions. They do listen, and are sympathetic, but not daft. You may wait a day or two before it is done, and when it is done they may apply other requirements.. such as using their Simple Email Service (SES) to ensure Spam and malicious emails are under control.

2 – use a different SMTP relay which goes through a different route. There are many such services on the web and all you need to do is install a suitable WordPress plugin to allow you to bypass the built in functions and use your SMTP server such as Google, or any other mail service.

Look for ‘Easy WP SMTP’ as a plugin which gives you many options and the obvious ones for SMTP. Just put in the details required, and WordPress will route your mail out that way. Keep in mind that port 25 is not the only way to send mail, and different providers use alternatives, such as 587. This is fortunately not blocked by Amazon, and so email will once again ‘just work.

Text Editing

The latest version of WordPress continues with the ‘Gutenberg’ text editor, which when running well, works nicely. However, I had the problem of it not updating the text, and I miss the old ‘classic’ editor I’ve come to love. Luckily, you can restore the old editor, and get that retro feel, and at the same time fix the errors in Gutenberg.

It’s another plugin, this time called ‘Classic Editor’. Just install it, check the settings and enjoy text editing working once again.

ReCaptcha

If you have ever used WordPress before you’ll know how much of a target it is for security. It is so important to keep things under control, and that includes your forms and other places where users can write content on to your pages.

I use the Contact Forms 7 plugin which gives me a nice simple interface for creating any number of forms that I might need, and also now supports Captcha from Google. You’ve all seen these – small puzzles that you must solve before accessing or sending content – often involving traffic lights, or pictures of store fronts.

The problem was when I updated Contact Forms, the captcha just didn’t appear. In earlier versions it was completely removed, but the ability to use Captcha was reintroduced and it is worth using it to prevent a lot of problems with forms and content entry being taken over by bots. So I was dismayed to lose the captcha, and did a bit of investigating. there are two types of Captcha – v2 and v3. The latest version of Contact Forms uses v3 by default, and so you need to provide v3 credentials. Go to Google, sign up for a ReCaptcha account and add an entry for the domain you want to protect. Enter the secret key and public key Google gives you in the WordPress plugin and you are nearly done.

You also have to add the reCaptcha to your form layout.

You also need to make sure that the version of PHP that you are running has the right libraries to support it!

Let’s add the code to the form layout. Here is a simple example of a contact form using the ReCaptcha codes (WordPress short codes). Check the last but one line:

 

Note the codes in this version I am using

[captchac captcha-1] [captchar captcha-1]

This is calling two parts of PHP from your server in order to create the effect. Firstly, Captcha uses an image and secondly it needs you to type text. If you don’t add this into your form, then Captcha won’t show.

When it is added, the captcha appears under your form, as in the template layout.

 

 

 

By far the biggest issue for me was the file permissions and ownership, and once that had been done the auto-updates just worked. But also, the auto install of new plugins, removal of old ones, pretty much everything I want to achieve is possible from within WordPress now. No longer any need for me to log into the server and use the tools built in there, and this means keeping WordPress up-to-date will be easier, so there’s less of an excuse not to!

A brief word on security.

WordPress has long been the target of attacks on servers and is one of the main reasons for server slow down and other problems. It is such an issue that you need a robust security plan to be in place when you run WordPress. Fortunately, there are many plugins to help, and you will no doubt have fun reading reviews on them all, but I am much more relieved to see some significant improvements to security tools built right into WordPress and available to any administrator to see the issues and possibly to fix them too.

The WP Security tab is a huge step forward, in my opinion.

I am not a server administrator, and am not really familiar with of all the nasty things hackers can do, but at least there is some comfort from knowing I have better tools to help me now than I had when WordPress first came out all those years ago. I’ll keep using it for a while longer, I guess!

Happy ‘pressing!

Learning online for compliance training is gaining popularity in the Philippines. Here’s why..

Hal
For most people, going to a face to face event is the only way they are going to get access to training when at work. Normally this means a day off work, a travel across the city and an expense for food and drink. The thought of travelling across Metro Manila is enough to put some people off attending training already, let alone when the training is all about a compliance subject such as Anti-Money Laundering (AML) that would make most people sleepy within a few minutes!

 

Up until very recently, the only way you could get your AML training or AML certification was to attend a face to face event, or if you work in a large organisation, you might be lucky enough to get your very own compliance officer talk to you about changes to the law. In some rare cases your company might buy in a specialist AML training officer for the day and put you in the company training rooms togged you up to date with the latest AML regulations and requirements.Whichever way you look at it, AML certification costs are high, when you factor in the travel, training provider and loss of working time.All of that was how AML training was done in the Philippines, but thankfully it’s about to change.With the latest AML regulations there is a requirement that all covered persons are trained regularly. Since there are many thousands of covered persons, and not many AML trainers or subject matter experts, the Anti Money Laundering Commission (AMLC) has been busy finding online service providers, such as Framedia-inc, to develop online learning content for anti-money laundering.

 

Framedia-inc are the first online provider to be accredited by AMLC, and have been through a very detailed and rigorous process to ensure their AML courses, presentations and videos are at the right quality and cover the right topics. Whilst AML training provided directly by AMLC is free, the online version is not, and there is a cost for the AML certification. The good news is the fees are low enough to be very tempting, and well within the budgets normally spent on AML training for employees. Whereas your board of directors may want to go through their AML training in the comfort of some swanky hotel, complete with food and drinks supplied, that’s not the way the rest of us will have to do it. For the normal staff member, going to any compliance training event is hard work, but not if it is online, and not if you can get your AML certification using your mobile phone!

 

Those clever people at Framedia-inc have not only designed and built interactive training modules which meet the strict requirements of AMLC, but they’ve done it in a way that means you can do your AML training from your phone, laptop or desktop computer. All of your progress is stored online, so complete a module during your morning commute by using your phone, do another on your work computer, and then finish another one using your laptop in the comfort of your own home!

That’s right, AML training can be done at times and places to suit you, and you do not have to travel half way across Metro Manila to get it done, either. Of course, if you wanted to, you could – but you could do a few modules during your commuting time (assuming you’re not the one driving, of course!)

 

There are very few anti money laundering courses online and the ones you’ll see are from companies based outside of the Philippines. Framedia-inc are a Philippine based company and the first one to get through the strict accreditation set out by AMLC. This means AML training can be done in the Philippines, to the standards set by the AMLC regulations and achieved in the comfort of your own home if you wish. It’s not free, but it’s not too expensive either.

 

AML training online with Framedia-inc costs start from 1500 peso for a single user, with discounts available for bulk purchases. You can get to the shop by visiting certified.ph and buying either the single user AML CFT training or the multi-user AML training course.

 

The sheer ease of organising your own training at times and places to suit you, with the added bonus of using any internet enabled device is a sure way to please your customers. Anti money laundering policy and procedures is a fairly dry topic, but made into online learning modules by Framedia-Inc they are both fun and informative. The interactive modules use a lot of specialist video so there is not a lot of reading to be done, but you’ll then sit an anti money laundering questionnaire for each of the modules, leading to your final AML certification. Your certificate is security coded so that it is only you that can claim it as yours. No amount of copying it will help – this AML certificate is protected, and can be checked at any time by a compliance officer or auditor.

Where before you only had to physically turn up to a training event to be guaranteed of getting your certificate, AMLC have set about making sure you also need to pass a relatively simple AML exam, or series of short exams, to gain your certificate. This is a really good thing, and means anyone getting their training will need to meet a minimum standard, making it far more reliable for employers to know who has been trained and at what level. Setting the standard for AML training is a key priority for AMLC, and the future looks to be even filled with even more rigorous approaches to training and certification will be adopted. It’s best to get it done online now, whilst it’s still new and relatively easy, and avoid the congested Manila traffic by doing so!

AML Online Training, Affiliate Program Up And Running, Become An Affiliate

Hal


The exciting thing about setting up new systems is you get to set up new ideas, too. And on this occasion, it’s the Anti-Money Laundering program in the Philippines, which we’ve been working on since April 2019.

It’s going well – we have become the first accredited online provider for AML training online, and we work closely with the Anti-Money Laundering Commission to get the content of the training to match perfectly with their face to face training.

Now we have also set up an affiliate program and we are inviting people to participate. However, there is a catch – you need to be actively working with the kind of businesses that need to be certified in AML within the Philippines! You don’t have to be employed by such a business (although it won’t hurt if you are), but i order to maximise your chances as an affiliate for anti-money laundering training you really ought to be able to refer people who will need to be certified. The online training is comprehensive and anyone successfully completing the course is awarded a certificate, fully accredited by AMLC themselves!

Affiliates earn a generous commission if they can refer people to the AML online training in reasonable numbers, and that’s why we only want people who have the networks into the target businesses to take part in this. For more information on taking part, please complete the application form online, and we will review your details.

 

Magical Mangosteens

Hal

 Today, after a pretty rough night spent mostly awake and mostly inconvenienced, I am not eating very much at all. I’ve decided to go on a bit of a detox for a day. Yes, those far more informed than I can wax lyrical about how bad that is for your body, but to be brutally honest, I no longer care. Anything I consume at the moment stays approximately 15 seconds before making a reappearance… so it is time to do two things:

1 – change my water filter cartridge
2 -eat things that only give you a really healthy benefit.

A third thing is to drink something to rehydrate myself… my poor and ageing body needs to recover!

So it is that I happened to have some Mangosteens in my refrigerator. I bought them not knowing what they were, and vowing to try them. Tropical fruits can be a bit hit and miss for me, so I was a little anxious and had thought to leave them a while. But then last night happened.

In reading about Mangosteens, most of the scientific evidence is completely inconclusive “not enough work has been done to verify the claims made about this food”… you know the sort of thing – totally non-committal, basically consigning it as a fad and whilst experiments in lab animals (seriously? They still do that?) have shown remarkable results it has to be pointed out that it wasn’t a simple fresh piece of fruit they used, but a highly concentrated version of it.

The anecdotal evidence, however, is compelling to say the least. Mangosteens, the leaves, the bark from the tree they grow on, the roots… all have considerable local folklore attached to them about what they can and cannot do. From helping with dysentery and diarrhoea to actively fighting bowel cancers, fast healing of wounds and so on… naturally, once you read these claims you are slightly cynical. But, given my state this morning, it’s a case of ‘any port in a storm’!

The edible part of the mangosteen is inside the rather fibrous outer shell. When you cut around the middle, you can pull the shell off easily, and reveal a small set of segments – like an orange has got… only these are white. The larger segments will have ‘stones’ in them, about the size of a stone inside a plum or perhaps a bit larger. These are the seeds for the plant. All you do is simply take a teaspoon and spoon out the segments and pop them into your mouth. And I have to say, they are simply delicious!

They have a citrus like tang, but a unique flavour – not unlike an orange, but certainly not the same. The ‘stones’ are easily dealt with – take the flesh off them with your teeth, and spit out the ‘pip’… It’s rather bitter in flavour so I wouldn’t recommend crunching it. The flesh, however, is simply wonderful! These native fruits of SE Asia (where I am as I write this) are so good! You could probably add them to a smoothie, blend with strawberries or even oranges, plus a banana and you’ll get a brilliant flavour. I cannot overstate this – they are delicious, and should be on your dinner tables as part of a fruit desert.

Now for the left over parts, the husky shell- you can simply cut them into smaller pieces and boil in a pan with water enough to cover them. the water will go a deep reddish-purple colour, and within a few minutes you’ve got a delicious drink. Add a spoon of honey (the shells can be a bit bitter) and use that for your morning brew.

Apparently, locals here in the Philippines cut into very small pieces and dry the shells first – naturally hot sunny days help with that – and then use that as ‘tea leaves’. They store for ages, and make a refreshing and healthy alternative to tea, coffee or other hot drinks. I’m game to try it!

Having eaten one, the taste is so good, I’ve eaten two more. Within the hour my gastric issues have settled down. This is not a scientific test, but all I can say is, given the choice of a difficult time with some tablets to help me, or a few mangosteens, I prefer to have the mangosteens. Try them!

You’ll be glad you did.

Live currency exchange rates in Apple Numbers

Hal

For a while now I’ve been looking for a simple way to have a spreadsheet look up a lie currency exchange rate. The various solutions offered included writing scripts to go and get the live values… but try as I might I couldn’t get Apple Numbers to work with this. As a result, I’ve been manually looking up the current rate and typing it manually into a cell that all other cells reference. It works, but it’s a bit manual and clunky.

It turns out I had the solution all along – it’s built in to Numbers, but isn’t obvious (at least not to me!)

All you do is click into a cell and enter a formula, so just choose your cell and type the ‘=’ sign to bring up the formula entry. Now type CURRENCY

(yes, it’s really that obvious)

There are three components to enter – the currency you want to convert from, the currency you wnat to convert to, and the price of that currency. The last part is what you will get dynamically.

Firstly, you need to know the currency codes for your conversion. For example, if you want to know how many US dollars there are to one GB Pound, you’d need to know the currency code for Sterling is GBP and for the dollar is USD. These are the first two things to type, and you have to add quote marks around both:

CURRENCY(“GBP”,”USD”,0)

The third thing is the zero at the end. This forces Apple Numbers to look up the current price. In the formula editor you can see a drop down list of possible values to use instead of zero, such as the name, or the current change in rate.. or the highs, lows and so on.

What you should get back, after a very slight pause when you enter the formula, is the cell showing you the current exchange rate (At the time of writing, this returned $1.31)

This is a really useful feature if you are trading in different currencies and need to do some basic calculations. Keep in mind that whilst this looks up the live rate, it is not the rate a bank will offer you! Use it as a guide… if you want to check it, go to https://xe.com and see what they say there. It’ll be pretty close!