Tag: lsws

Block xmlrpc.php and hide wp-login.php server-wide on OpenLiteSpeed

November 21, 2025 | by admin | Leave a Comment

Rack of running 1U servers in a data center, multi-color network cables

Every WordPress site running with default config is being hammered right now by brute-force scripts hitting xmlrpc.php and wp-login.php. If you run multiple sites on a single OpenLiteSpeed (LSWS) box, dropping a per-site .htaccess rule on each one is …

Security, Tutorials, WordPress

Block PHP execution in wp-content/uploads on OpenLiteSpeed: the right .htaccess snippet

November 27, 2024 | by admin | Leave a Comment

Computer monitor displaying terminal output: system metrics, file listings, and kernel error messages — typical sysadmin view (photo: Tima Miroshnichenko)

wp-content/uploads/ is the most predictable target on a WordPress install. It’s writable by the web server (so any compromise that gets a file uploaded lands here), it’s almost never inspected by malware scanners with the same vigilance as wp-includes/, …

Security, Sysadmin, Tutorials

Hide the OpenLiteSpeed admin panel: bind 7080 to 127.0.0.1 + reach it via SSH tunnel

November 4, 2024 | by admin | Leave a Comment

Linux ls -la output showing /bin, /boot, /etc, /home, /lib, /sbin and other root directories — typical first view after SSHing into a server (photo: Pixabay / Pexels)

OpenLiteSpeed’s admin panel runs on port 7080 by default and binds to *. That means anyone with your server’s IP can hit https://your-ip:7080/ and reach the admin login form. The form has authentication, sure — but having a login …

Sysadmin, Tutorials

Per-vhost PHP versions in OpenLiteSpeed: keep one site on 7.4 while everything else moves to 8.2

May 17, 2024 | by admin | Leave a Comment

Close-up of PHP source code displaying version_compare("5.2", PHP_VERSION) check and require_once includes — typical PHP version handling code (photo: Pixabay / Pexels)

Modernizing the PHP runtime on a multi-tenant LSWS box is rarely an “all sites at once” affair. Some sites are on a custom theme that uses PHP 4-style class constructors. Some have a plugin still calling create_function(), removed in …