This is a universal OpenStack Object Storage WordPress Plugin in Alpha version which uses a command line to execute Python Client commands. It is universal because whoever supports the official Python Clients can use it. It is Alpha for only one reason – the shell needs a bit tweak to limit the level of privilege. It has higher privilege than we need. It uses many libraries which are used to create Web Shell.
OpenStack Object Storage WordPress Plugin (Alpha) : Whats Inside
OpenStack Object Storage WordPress Plugin adds a Web Shell to the instance running WordPress to upload the objects to a container and run all OpenStack Python Client Commands without the need of SSH to run the Python clients. It is compatible with All OpenStack installations except setups which do not support Python Client Tools. So we can upload the objects to a container published as CDN. We can set real cronjob and avoid WordPress cron in future.
We do not need the OpenStack PHP library – it is allowing to use the Python Clients. This is an Alpha release. This is release bears no credit as it is for testing the vulnerabilities. All credits will be given. This does not uses the OpenStack PHP library. This uses OpenStack Python Clients. This is not for the newbies. Mnimum idea about shell, OpenStack etc. is needed. It is a beautiful way to invite hacking attempts if used by a noob who has ssh access.Advertisement
OpenStack Object Storage WordPress Plugin (Alpha) : How to Install it RIGHTLY
USE a TAGGED Version of this WordPress Plugin from our GitHub repo and normally install like a WordPress Plugin.
SSH to the instance. Rename the dot file
index.php and chgrp it rightly. You need to uncomment the user and password in index.php file, use tight username-password combo using vim or nano to activate the functions :
//$USER = 'dev';
//$PASSWORD = 'dev';
$USER = 'stongusername987654321';
$PASSWORD = '123456strongpassworg7890';
The console will be located at
You need to install Python Swift Client on the instance but no need to configure the bash profile file. To run
swift list command, you need to run command with this format :
swift --os-auth-url https://region-b.geo-1.identity.hpcloudsvc.com:35357/v2.0/ --os-tenant-name tenant --os-username user --os-password password list
https://region-b.geo-1.identity.hpcloudsvc.com:35357/v2.0/ is for HP Cloud. Change the tenant, user, password to real values. Other docs will match with Official doc –
OpenStack Object Storage WordPress Plugin (Alpha) : WHY IT IS ALPHA?
WordPress has a Plugin editor located at
domain.tld/wp-admin/plugin-editor.php ; WE SUGGEST TO COMMENT OUT THE USER AND PASSWORD TO MAKE THE SHELL UNUSABLE AT
your-domain.tld/wp-content/plugins/WordPress-HP-Cloud-CDN-Plugin-0.9/index.php WHEN YOU ARE NOT USING.
Sadly, it has a higher privilage now. You can factually run
apt-get update like commands! We will limit the access level to OpenStack specific commands only. Your code contribution is welcome. It is very easy to use Plugin for the sysadmins.
Yes, it is too dirty way. But basically universal plugin does not exist for OpenStack. We can not use the shell from all devices.