WilliamD's picture

How do I know what this login is?  The configuration process only asks me to set the password for the wordpress account, but not the "login".  When I quit the configuration console, I am asked for my login, which I have no idea what it is.  Help.

Jeremy Davis's picture

By the sounds of it you are trying to log into the console!? FWIW all the login credentials for each appliance are documented on each appliance page. Although it's not specified, the SSH login is essentially a remote console login. E.g. on the WordPress appliance page it says:

Credentials (passwords set at first boot):

Webmin, SSH, MySQL, phpMyAdmin: username root
Wordpress: username admin

Jeremy Davis's picture

As you are probably aware, security is not an "on/off" type arrangement and you always need to make compromises. When the TurnKey Linux appliance was first developed (many years ago, prior to WordPress supporting 'live' upgrades) the file permissions were set to maximise security (at the cost of user-friendliness; but easily worked around via the commandline).

But as WordPress has evolved, the 'user friendliness' cost imposed by the choice of security settings has risen. In some respects it could be argued what started as a security plus has actually become a security minus. Whilst the risk of a compromised WordPress install hijacking the whole server is reduced; the chance of an out-of-date WordPress install getting hacked in the first place is increased...

The new (not yet released v14.0) version of our WordPress appliance reworks the permissions to allow easy in place upgrades. It does come with the 'price-tag' or reduced overall server security but users will find it easier to keep WordPress up to date so the risk of WordPress being compromised are less (so long as the user actually applies the updates!).

But to get to the point, there is an extensive post covering how one might go about "fixing" the security settings of the current appliance (including a lively debate about the pros and cons). Have a look here. This post specifically covers the steps to take to enable browser based upgrades.

Add new comment