lanew's picture

Hello experts.

Just installed Turnkey Linux using Virtual Box.  Activated the Profile Builder plugin.

My purpose in using the Profile Builder plugin was to enable a Register/Login page.  I had done the same on a local installation on my Windows laptop.

On my laptop's local installation, I can see the login page showing both a Register and Lost Your Password link.  However, on the Turnkey Linux VM, all I see is the Lost Your Password link.

Any guidance on what I might need to do to fix the login page would be greatly appreciated.

FYI, the shortcode for the Register page is [wppb-register] & login page shows [wppb-login], so it seems like the Profile Builder plugin is appropriately activated.

Appreciate your guidance.

Forum: 
Jeremy Davis's picture

Ok, so I just create a new VM myself. I installed all the updates on firstboot and then logged into the webUI. WordPress itself didn't need an update, but I updated the themes and the pre-installed anti-spam plugin.

Then using the webUI still, I searched for "profile builder" and found "User Registration & User Profile – Profile Builder". I installed that and activated it. Then I went into the "Profile Builder" page (there was a link in the left hand bar, but I'm pretty sure it just redirected me there when I clicked "Activate" - I should have taken more notice...

Then on that page, there was a button that said something like "Enable Form Page". I clicked that and I was redirected to the WP "Pages" page, but only "Edit Profile", "Login" and "Register" are showing (if I click the Pages" link in the left hand menu, I see those pages, plus "Privacy Policy" and "Sample Page").

I went into "Login" and fiddled around a little and clicked the "Update" button in the top right. I then went to "Permalinks" (in the left hand menu, under "Settings") and set URLs to "Post Names". I went back to "Pages" >> "Login" and set the slug to 'login'. I now have a log in page at http://192.168.1.120/login.

TBH, I'm not really that familiar with WordPress, but it appears to be working on TurnKey for me?! If I misunderstand something and and there isa detail I'm missing, please let me know and Ill try again.

lanew's picture

I was looking through WordPress Settings->General, I found a checkbox "Membership: Anyone can register".

With this checkbox enabled, I can now see the Register link on the login page.  Probably if I were to look at the wpbb-login.php code I would find a test on that property...

 

Jeremy Davis's picture

Glad you worked it out and we're all good.

Please post back if you have any other questions or feedback.

lanew's picture

Thanks for your guidance! I'm an old Unix guy (AT&T Bell Labs and all) but haven't worked on Unix for a long time, so am unsure about the structure of a Linux (navigating the file system has been a bit of a challenge).

I am not sure what I need to modify to have an HTTPS-only access to WordPress.  Is there already a self-signed certificate installed or do I need ot create one?

Is it sufficient to just use a WordPress plugin like Really Simple SSL & configure it? Or do I need to do something else to the HTTPD conf (for example to add a Redirect for any requests that come in on the HTTP port)?

Thanks for your guidance.

Jeremy Davis's picture

For the redirect, you'll need to adjust Apache config (i.e. so plain HTTP is redirected to HTTPS). The default Apache config can be found at /etc/apache2/sites-available/wordpress.conf. Look for the section for port 80 (default plain HTTP port). It should look like this:

<VirtualHost *:80>
    UseCanonicalName Off
    ServerAdmin  webmaster@localhost
    DocumentRoot /var/www/wordpress
</VirtualHost>

And add this snippet:

    RewriteEngine On
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

So the complete port 80 section should now look like this:

<VirtualHost *:80>
    UseCanonicalName Off
    ServerAdmin  webmaster@localhost
    DocumentRoot /var/www/wordpress
    RewriteEngine On
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

Then restart Apache and it should now redirect plan HTTP to HTTPS.

systemctl restart apache2

Re the certificate itself, all of our appliances generate a fresh, unique self signed certificate on firstboot. As you're likely aware, they're perfectly secure. However anyone can produce a self signed cert and claim to be anyone they want so can also be easily spoofed. As such they can't really be trusted, so web browsers assume that they're unsafe. To work around this, you can get a free "proper" HTTPS certificate (i.e. signed by a trusted Certificate Authority) from Let's Encrypt. Via our Confconsole tool, we provide a Let's Encrypt plugin. So long as you have DNS set up for your domain, then that should "just work".

lanew's picture

Thank you, Jeremy.

I will try the Let's Encrypt plugin.

Add new comment