使用Bash下载并在wordpress wp-config.php中插入salt字符串

时间:2011-06-03 22:50:57

标签: wordpress bash sed

如何使用Bash脚本从wordpress中插入wp-contet.php等文件的特定点(行或字符串)中的变量$ SALT 的内容?

SALT=$(curl -L https://api.wordpress.org/secret-key/1.1/salt/)

10 个答案:

答案 0 :(得分:15)

我不是解析bash中的文本文件的专家,但你应该删除定义你从wordpress salt下载的东西的行,然后在最后插入变量...类似于:

#!/bin/sh

SALT=$(curl -L https://api.wordpress.org/secret-key/1.1/salt/)
STRING='put your unique phrase here'
printf '%s\n' "g/$STRING/d" a "$SALT" . w | ed -s wp-config.php

好的,现在它已修复了...它应该找到盐应该去的地方,它将用从https://api.wordpress.org/secret-key/1.1/salt/

中检索到的信息替换它

答案 1 :(得分:5)

此版本定义了新密钥(如果不存在),并且还替换了现有密钥:

#!/bin/bash
find . -name wp-config.php -print | while read line
do 
    curl http://api.wordpress.org/secret-key/1.1/salt/ > wp_keys.txt
    sed -i.bak -e '/put your unique phrase here/d' -e \
    '/AUTH_KEY/d' -e '/SECURE_AUTH_KEY/d' -e '/LOGGED_IN_KEY/d' -e '/NONCE_KEY/d' -e \
    '/AUTH_SALT/d' -e '/SECURE_AUTH_SALT/d' -e '/LOGGED_IN_SALT/d' -e '/NONCE_SALT/d' $line
    cat wp_keys.txt >> $line
    rm wp_keys.txt
done

答案 2 :(得分:1)

使用sed怎么样?

cat wp-config.php | sed 's/old_string/new_string/g' > wp-config.php

答案 3 :(得分:1)

我想我得到了这个!它只是一个bash脚本,它只使用命令提示符下通常可用的命令,并且除了创建数据库外,它确实是 - 所有 - (假设httpd是你的web用户)。你走了。

#!/bin/bash

# wordpress latest auto-install script, by alienation 24 jan 2013. run as root.
# usage: ~/wp-install alien /hsphere/local/home/alien/nettrip.org alien_wpdbname alien_wpdbusername p@sSw0rd
# ( wp-install shell-user folder db-name db-user-name db-user-pw )

# download wordpress to temporary area
cd /tmp
rm -rf tmpwp
mkdir tmpwp
cd tmpwp
wget http://wordpress.org/latest.tar.gz
tar -xvzpf latest.tar.gz

# copy wordpress to where it will live, and go there, removing index placeholder if there is one
mv wordpress/* $2
cd $2
rm index.html

# create config from sample, replacing salt example lines with a real salt from online generator
grep -A 1 -B 50 'since 2.6.0' wp-config-sample.php > wp-config.php
wget -O - https://api.wordpress.org/secret-key/1.1/salt/ >> wp-config.php
grep -A 50 -B 3 'Table prefix' wp-config-sample.php >> wp-config.php

# put the appropriate db info in place of placeholders in our new config file
replace 'database_name_here' $3 -- wp-config.php
replace 'username_here' $4 -- wp-config.php
replace 'password_here' $5 -- wp-config.php

# change file ownership and permissions according to ideal at http://codex.wordpress.org/Hardening_WordPress#File_Permissions
touch .htaccess
chown $1:httpd .htaccess
chown -R $1:httpd *
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod -R 770 wp-content
chmod -R g-w wp-admin wp-includes wp-content/plugins
chmod g+w .htaccess

# thats it!
echo ALL DONE

答案 4 :(得分:1)

如果您有csplit可用,则可以在盐定义的任一侧拆分原始的wp-config.php文件,下载新的盐,然后重新组合。这使得PHP define()语句保持在wp-config.php中的相同位置,而不是将它们移动到文件中的其他位置:

# Download new salts
curl "https://api.wordpress.org/secret-key/1.1/salt/" -o salts

# Split wp-config.php into 3 on the first and last definition statements
csplit wp-config.php '/AUTH_KEY/' '/NONCE_SALT/+1'

# Recombine the first part, the new salts and the last part
cat xx00 salts xx02 > wp-config.php

# Tidy up
rm salts xx00 xx01 xx02

答案 5 :(得分:1)

我为此构建了一个简单的CLI。试试看。它被称为[WP-Salts-Update-CLI][1]

WP-Salts-Update-CLI

WPSUCLI从WP API下载新的盐,并将其替换为服务器上每个站点的wp-config.php文件中的盐。

⚡️安装

打开命令行终端(我更喜欢iTerm2)并运行以下命令。

bash sudo wget -qO wpsucli https://git.io/vykgu && sudo chmod +x ./wpsucli && sudo install ./wpsucli /usr/local/bin/wpsucli

此命令将执行以下操作:

  • 使用sudo权限
  • 使用wget下载WPSUCLI并将其重命名为wpsucli
  • 制作wpsucli可执行文件
  • 在/ usr / local / bin /文件夹中安装wpsucli

用法

只需运行wpsucli,它就会更新服务器或PC上每个wp-config.php文件的salt。

答案 6 :(得分:0)

我遇到了同样的问题。这是我写的用于替换从WordPress下载的盐和密钥的脚本。如果需要,您可以随时使用它来替换它们。我把它作为sudo运行,脚本测试它。如果您使用可以下载到该目录并对wp-config.php文件进行更新的帐户,则可以删除该部分脚本。

#!/bin/sh
# update-WordPress-Salts: Updates WordPress Salts
# written by Wayne Woodward 2017

if [ $# -lt 1 ]; then
    echo "Usage: update-WordPress-Salts directory"
    exit
fi

if [ "$(whoami)" != "root" ]; then
  echo "Please run as root (sudo)"
  exit
fi

WPPATH=$1

# Update the salts in the config file

# Download salts from WordPress and save them locally
curl http://api.wordpress.org/secret-key/1.1/salt/ > /var/www/$WPPATH/wp-keys.txt

# Iterate through each "Saltname" and append 1 to it
# For a couple names that may match twice like "AUTH_KEY" adds extra 1s to the end
# But that is OK as when this deletes the lines, it uses the same matching pattern
# (Smarter people may fix this)
for SALTNAME in AUTH_KEY SECURE_AUTH_KEY LOGGED_IN_KEY NONCE_KEY AUTH_SALT SECURE_AUTH_SALT LOGGED_IN_SALT NONCE_SALT
do
   sed -i -e "s/$SALTNAME/${SALTNAME}1/g" /var/www/$WPPATH/wp-config.php
done

# Find the line that has the updated AUTH_KEY1 name
# This is so we can insert the file in the same area
line=$(sed -n '/AUTH_KEY1/{=;q}' /var/www/$WPPATH/wp-config.php)

# Insert the file from the WordPress API that we saved into the configuration
sed -i -e "${line}r /var/www/$WPPATH/wp-keys.txt" /var/www/$WPPATH/wp-config.php

# Itererate through the old keys and remove them from the file
for SALTNAME in AUTH_KEY SECURE_AUTH_KEY LOGGED_IN_KEY NONCE_KEY AUTH_SALT SECURE_AUTH_SALT LOGGED_IN_SALT NONCE_SALT
do
   sed -i -e "/${SALTNAME}1/d" /var/www/$WPPATH/wp-config.php
done

# Delete the file downloaded from Wordpress
rm /var/www/$WPPATH/wp-keys.txt

答案 7 :(得分:0)

这是我提出的在我的Ubuntu服务器上运行的bash脚本。我修改了上面的例子。

它有点蛮力,因为它只会替换当前所需的8个密钥,并且每次都要求服务器返回完全相同的长度密钥。该脚本适用于我的用例,所以我想我会分享它。

CONFIG_FILE=wp-config.php
SALT=$(curl -L https://api.wordpress.org/secret-key/1.1/salt/)
SRC="define('AUTH_KEY'"; DST=$(echo $SALT|cat|grep -o define\(\'AUTH_KEY\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE
SRC="define('SECURE_AUTH_KEY'"; DST=$(echo $SALT|cat|grep -o define\(\'SECURE_AUTH_KEY\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE
SRC="define('LOGGED_IN_KEY'"; DST=$(echo $SALT|cat|grep -o define\(\'LOGGED_IN_KEY\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE
SRC="define('NONCE_KEY'"; DST=$(echo $SALT|cat|grep -o define\(\'NONCE_KEY\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE
SRC="define('AUTH_SALT'"; DST=$(echo $SALT|cat|grep -o define\(\'AUTH_SALT\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE
SRC="define('SECURE_AUTH_SALT'"; DST=$(echo $SALT|cat|grep -o define\(\'SECURE_AUTH_SALT\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE
SRC="define('LOGGED_IN_SALT'"; DST=$(echo $SALT|cat|grep -o define\(\'LOGGED_IN_SALT\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE
SRC="define('NONCE_SALT'"; DST=$(echo $SALT|cat|grep -o define\(\'NONCE_SALT\'.\\{70\\}); sed -i "/$SRC/c$DST" $CONFIG_FILE

答案 8 :(得分:0)

我尝试了接受的解决方案:

#!/bin/sh
SALT=$(curl -L https://api.wordpress.org/secret-key/1.1/salt/)
STRING='put your unique phrase here'
printf '%s\n' "g/$STRING/d" a "$SALT" . w | ed -s wp-config.php

但是由于某些原因它不能完美运行,因此每次使用时都会导致SALTS在wp-config.php文件中“下移” 1行...如果要进行更改,这不是理想的选择SALTS会像每周,每月一样自动以cron为例...

对我来说,更好的解决方案是创建一个在脚本中调用的小函数。 此函数创建一个包含SALTS的文件(最后将其删除),删除包含其中一个SALTS的每一行,然后仅插入文件中包含的SALTS来代替初始SALTS。 效果很好。

fct_update_salts() {
    # Requires website name as target

    curl http://api.wordpress.org/secret-key/1.1/salt/ > ~/SALTS.txt

    var_initial_path1=`pwd`
    cd ~ #going to home directory

    # This scripts eliminates successively all SALT entries, replaces the last one by XXX as a marker, places SALTS.txt, below XXX and deletes XXX
    sudo sed -i "/SECURE_AUTH_KEY/d" $1/wp-config.php
    sudo sed -i "/LOGGED_IN_KEY/d" $1/wp-config.php
    sudo sed -i "/NONCE_KEY/d" $1/wp-config.php
    sudo sed -i "/AUTH_SALT/d" $1/wp-config.php
    sudo sed -i "/SECURE_AUTH_SALT/d" $1/wp-config.php
    sudo sed -i "/LOGGED_IN_SALT/d" $1/wp-config.php
    sudo sed -i "/NONCE_SALT/d" $1/wp-config.php
    sudo sed -i "/AUTH_KEY/cXXX" $1/wp-config.php
    sudo sed -i '/XXX/r SALTS.txt' $1/wp-config.php
    sudo sed -i "/XXX/d" $1/wp-config.php
    echo "SALTS REPLACED BY:"
    echo "====================="
    cat ~/SALTS.txt
    sudo rm -rf ~/SALTS.txt
    cd $var_initial_path1
}

该函数将在脚本中这样调用:

# Reset SALTS
fct_update_salts $SITE_PATH

$ SITE_PATH =“ / var / www / html / YOUR_WEBSITE”或任何适合您的路径。

答案 9 :(得分:0)

许多答案都依赖于文件中出现的短语'put your unique phrase here',因此当您第一次更改盐后,它们将不起作用。也有一些删除旧定义,并在末尾附加新定义。尽管这确实可行,但是在注释记录完定义之后,将定义保留在期望的位置会很好。我的解决方案解决了这些问题。

我对sed,perl和regex进行了一些尝试,但是盐和配置文件的其余部分中有一些特殊字符,这些字符容易使事情搞砸。我最终使用grep在文档中搜索用于打开和关闭salt定义块的唯一注释结构,该结构具有以下格式:

/**#@+
 <comment documentation>
 */
<salt definitions>

/**#@-*/

请注意,如果删除或更改了该注释结构,它将不再起作用。这是脚本:

#!/bin/bash -e

# Set Default Settings:
file='wp-config.php'

# set up temporary files with automatic removal:
trap "rm -f $file_start $file_end $salt" 0 1 2 3 15
file_start=$(mktemp) || exit 1
file_end=$(mktemp) || exit 1
salt=$(mktemp) || exit 1

function find_line {
# returns the first line number in the file which contains the text
# program exits if text is not found
# $1 : text to search for
# $2 : file in which to search
# $3 (optional) : line at which to start the search
line=$(tail -n +${3:-1} $2 | grep -nm 1 $1 | cut -f1 -d:)
[ -z "$line" ] && exit 1
echo $(($line + ${3:-1} - 1))
}

line=$(find_line "/**#@+" "$file")
line=$(find_line "\*/" "$file" "$line")
head -n $line $file > $file_start
line=$(find_line "/**#@-\*/" "$file" "$line")
tail -n +$line $file > $file_end
curl -Ls https://api.wordpress.org/secret-key/1.1/salt/ > $salt
(cat $file_start $salt; echo; cat $file_end) > $file

exit 0

包含单个星号(例如"*/""/**#@-*/")的字符串要扩展到目录列表,因此这就是为什么这些星号被转义的原因。

相关问题
最新问题