WordPress mage battles cloned site phantoms

🌒 Prologue: Ghosts in the Machine

He stood at the edge of the stack—where systems blur and logs whisper. A clone had been summoned in haste. A snapshot, duplicated by machine hands. The site appeared functional, but the arcane user felt it: something was wrong.

A whisper in the root. A ripple in the systemctl.
And then it struck.

Error establishing a database connection

The mage’s eyes glinted—amber, reflective, trained to read between daemons. This was not a crash. It was a possession.

He invoked his terminal.

ssh root@instance

The battle began.

🧟 Act I: The Phantom in the /srv

The front-end wore a mask of stability. Pages loaded. The login screen smiled.

But /wp-admin collapsed into void. Admin access had been severed by something older than plugins and newer than ignorance.

He dug. Beneath /var/www/examplesite.com, no anomaly.
But his instincts pulled him deeper—into /srv.

And there it was.

/srv/www/wordpress

The shadow of an old install. The wp-config.php held forbidden truths:

define('DB_USER', 'wordpress');

This credential had long since died. Yet, in the MySQL daemon:

journalctl -xe | grep wordpress

The error pulsed.

Access denied for user 'wordpress'@'localhost'

“This is no configuration,” he muttered.
“This is necromancy.”

He banished it:

rm -rf /srv/www/wordpress

But as any magus knows: shadows flee to deeper places.

🧱 Act II: The Forked VirtualHost

He turned to the guardians of the web gate—Apache.

He summoned their map:

apache2ctl -S

And found it.

*:443 default-ssl.conf → /srv/www/wordpress

A forgotten vhost was still routing encrypted traffic to the phantom directory. Even with the corpse gone, the gate remained open.

He tore it out:

a2dissite default-ssl.conf
nano /etc/apache2/sites-available/default-ssl.conf

He rewrote the glyph:

DocumentRoot /var/www/examplesite.com

And reactivated the guardian:

a2ensite default-ssl.conf
systemctl reload apache2

🧠 Act III: The Amnesia of the Root User

The database still existed. But the admin—his name, his password—lost in the echo of the clone.

The mage turned to WP-CLI. The blade that cuts deeper than cPanel.

wp user list --allow-root

There it was: admin.

He reached through the interface:

wp user update admin --user_pass="UltraSecure123!" --allow-root

And the gates creaked open once more.

🧙 Act IV: The Rewrite Curse

The login opened. But behind it—chaos.
The dashboard flickered. Pages 404’d like broken runes.

He looked for .htaccess.

“Gone.”

He rewove it by hand:

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Saved and sealed:

chown www-data:www-data .htaccess
chmod 644 .htaccess

The structure stabilized.

🌐 Act V: The Mirror Behind the Cloud

But still, the world outside saw lies.

The mage pinged the domain:

curl -I https://examplesite.com

And the mirror replied: Cloudflare.

A distortion layer. Obsidian glass.

He bypassed it with raw vision:

curl -I http://localhost
curl -I http://YOUR.IP.ADDRESS

Only then did he see truth.
Only then did he issue the DNS nullification spell.

🕷️ Act VI: The Cron Trap

Just as calm returned, the daemon pulsed again.

He checked MariaDB’s heartbeat:

SELECT * FROM mysql.general_log WHERE argument LIKE '%wordpress%';

The access attempt returned.

Another clone. Another timeline.

He hunted deeper:

find / -name wp-config.php

/opt/legacy/wp-config.php
/home/backup/wp-config-snapshot.php

The old installs had linked to a database called wordpress_db_old.

Even dead, they screamed.

Then he found the dark ritual:

/etc/cron.daily/ghost_update.sh

A silent call to the long-buried DB.
A ritual, recurring. Unnoticed.

He severed it:

rm /etc/cron.daily/ghost_update.sh

And the log fell silent.

🔐 Act VII: DNS of the Damned

Requests still came for the false realms:

http://preview.examplesite.com/wp-cron.php

He searched the vhost directory:

grep ServerAlias /etc/apache2/sites-available/*

One line responded: ServerAlias *.examplesite.com

Wildcard bindings—chaos in its purest Apache form.

He removed it:

a2dissite preview.conf
rm /etc/apache2/sites-available/preview.conf
systemctl reload apache2

🕯 Epilogue: The Mage’s Archive

He set the hostname:

hostnamectl set-hostname tower.examplesite.com

He sealed the system:

ufw enable
ufw allow 80
ufw allow 443
ufw deny from any to port 3306

He prepared the runes for resurrection:

tar -czf /root/gold-image-backup.tar.gz /var/www /etc/apache2 /etc/mysql /var/lib/mysql

He created a recovery spell:

wp user create technomancer [email protected] --role=administrator --user_pass="Resurrect!2025" --allow-root

🛡️ The Server Breathes Clean

Apache answered with a true 200 OK.
MariaDB no longer wept.
Cloudflare obeyed.
The ghost clone was gone.

🕳️ Postlude: The Mage’s Checklist

Before any clone wakes:

✅ apache2ctl -S → only correct hosts
✅ purge /srv, /opt, /home
✅ WP-CLI access restored
✅ .htaccess restored
✅ certs bound
✅ cron cleaned
✅ vhost ghosts exorcised
✅ Cloudflare set to grey
✅ Firewall shaped
✅ Recovery script written

He turned from the screen.

The code lay dormant, but stable.

He was no sysadmin. He was something else.

A guardian of state. A keeper of truth.

A mage.