Sal Aguilar's Bilingual Adventures in IT

computers are easier to deal with than people

Clearing CloudProxy cache via PHP — October 18, 2016

Clearing CloudProxy cache via PHP


For those who are not familiar let me explain what CloudProxy is. CloudProxy is the Web Application Firewall & Caching service from my employer, Sucuri.net. This service is setup at the DNS level and helps filtering all the HTTP requests that get to your website and speeding the performance a the same time.

Below is a simple graphic to explains how it works:

sucuri-cloudproxy-how-it-works
A brief explanation on how Sucuri’s CloudProxy works

How can I clear CloudProxy Cache?

It’s simple there are two ways:

  • Via CloudProxy‘s dashboard on Sucuri’s website
  • Using the API

Clearing the cache via the dashboard

Just follow this steps:

  1. Login to your account via https://login.sucuri.net
  2. Then go to CloudProxy (check your left menu) or simply type this: https://waf.sucuri.net on your browser address bar.
  3. Once on the CloudProxy Dashboard, click on settings and select the website you want to clear the cache for.
  4. Once there click on Performance, and then simply on the button to clear the cache. And in less than 2 minutes the cache will be trashed from all the CDN servers.

You can also check their tutorial on their Knowledge Base: CloudProxy – Clearing Cache

This is convenient when you are not making that many changes into your website. However if you are pushing changes everyday or building an webapp, then you need something easier.

Clearing the cache via PHP

I am currently building a web app with some friends and we faced the issue that after deploying each change, I needed to login to my account and clear the cache manually. This becomes tediously when you are committing changes several times a day 5 days a week. So I had to come up with a simple solution to get the job done.

That is why I turned to CloudProxy’s API, which offers me the ability to clear the cache by calling a simple string. You can see the basic code  below:

<?php
/**
 * Simple Script in PHP to clear sucuri's cloudproxy cache via php 
 * 
 * Author: Salvador Aguilar
 * Email: sal.aguilar81@gmail.com
 * Web: salrocks.com
 */
$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => 'https://waf.sucuri.net/api?v2',
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => array(
        // this is the Sucuri CloudProxy API key for this website
        k => 'your-cloudproxy-api-key-goes-here',
        // this is the Sucuri CloudProxy API secret for this website
        s => 'your-cloudproxy-api-secret-goes-here',
        // this is the Sucuri CloudProxy API action for this website
        a => 'clear_cache'
    )
));
// Send the request & save response to $resp
$resp = curl_exec($curl);
echo '<pre>' . $resp . '</re>';
// Close request to clear up some resources
curl_close($curl);

https://gist.github.com/riper81/2f070c485f8172364bf4efd7a30f2b2c.js

That is the initial version of the script, if you want other features or to fork it you can get it from GitHub: https://github.com/riper81/clear_cache_cloudproxy_php 

What’s next?

Once you have the file, you simply put it on your website root and you edit with the proper values from your Sucuri account and then simply run it via a web browser or command line and you cache will be cleared.

I added this script into my deployment script so I can update from my git repo and then clear the cache from Sucuri. Making things easy for us 🙂

If you have an idea, hit me up!

Advertisements
5 MUST HAVE Plugins for WordPress on Shared Hosting plans — April 16, 2015

5 MUST HAVE Plugins for WordPress on Shared Hosting plans


I’m back 🙂

This time I have over 7 months working for Site5.com. I have been able to interact with probably more than 1 thousand customers and helped them on their issues. Most of them have no HTML or Security expertise and are regular folks like you and me trying to get on the digital stairwell of the world wide web.

But when they install WordPress they forget about having to do some maintenance to it. Having a website whether is WordPress, Drupal, Joomla or any other CMS, requires some admin work as well. Having a website is like having a vehicle, it needs tuning, maintenance and gasoline, and off course you CAN NOT OVERLOAD the weight it can carry or you will take it down.

The same thing applies to WordPress, bugs are discovered, there are several Botnets that daily scan across the internet for websites running wordpress and then attempt thousands and thousands of login attempts where via wp-config.php or the gruesome xmlrpc.php. These are called BRUTE FORCE ATTACKS. Sucuri, a leading security provider, published a report on the XMLRPC attacks that you can read here.

So for all of you WordPress users I am writing this article from my perspective as a technical support specialist.

BulletProof Security

BulletProof Security

Just like your computer, your WordPress also needs a firewall service, and BulletProof Security from AIT-pro is just that. It works as a protection to disable unauthorized access and to block those script kiddies trying to brute force their way into your site. It implements security controls like:

  • .htaccess rules generation, to block IPs that have failed to login to wp-admin more than 3 times. Once the plugin detects an IP with several failed attempts, it adds it the .htaccess file so your Apache can block access to this particular offender.
  • It also logs and checks for HTTP errors, that why you might have someone trying crawl thru your website or scan for vulnerabilities; so you can also block them from snooping around.
  • It also creates backup databases and can even email them and schedule the generation and deletion of old backups.

This plugin has both a FREE version and a PRO (paid) version which you can see here.

Similar plugins or services: WordPress FirewallSucuri WordPress Security Plugin & Wordfence Security

Disable XML-RPC

As I stated previously one of the most recent ways to take down WordPress sites are done using the XML-RPC procedure. But you can simply download this plugin to disable that feature, then go to your wordpress admin console >> plugins and then enable the Disable XML-RPC plugin. And you are done!

You can validate that XML-RPC is disabled on the following web tool:: http://xmlrpc.eritreo.it/

Similar plugins or services: Remove XMLRPC Pingback Ping

W3 Total Cache

Every single time you load a page from a WordPress based site, it does several queries to the database and process the PHP into plain HTML, all of that uses resources. And when you are using a shared hosting account, chances are that you have limited resources and you can get limited whether on CPU, Memory or PHP Process like we do on Site5.

The cache layer is a very important one, because it reduces the usage of CPU, Memory and queries to MySQL. The plugin create a static copy of your site, so instead of having wordpress to perform the same task over and over again, it creates a cache of the files and contents and set a expiration or TTL time on that, which will tell the script to try to fetch a new copy of the site every given time.

Download it here

Similar plugins or services: WP Super Cache & CloudFlare.

WP Cron Control

Let me first start explaining that on the Linux world, a CRON is a scheduled task that runs every certain tab depending on the scheduling setup by a person.

This plugin allows you to take control over the execution of cron jobs. It’s mainly useful for sites that either don’t get enough comments to ensure a frequent execution of wp-cron or for sites where the execution of cron via regular methods can cause race conditions resulting in multiple execution of wp-cron at the same time. It can also help when you run into posts that missed their schedule.

Download it here.

Similar plugins and services: WP Control & Advanced Cron Manager

Google XML Sitemaps

Use this plugin to submit your WordPress site to Google’s Webmaster tools. This plugin will generate a special XML sitemap which will help search engines like Google, Bing, Yahoo and Ask.com to better index your blog.

With such a sitemap, it’s much easier for the crawlers to see the complete structure of your site and retrieve it more efficiently. The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.

Download it here.

And there you go folks, this is what I recommend folks to use on their site as basic pillars on which to build your awesome website. Hit me up if you have any comments or need some guidance, I’d be happy to lend you a hand.

Please don’t forget to share this article on your social media and other websites 🙂

%d bloggers like this: