Tag: cPanel

cPanel tools you will use most often.

cPanel tools you will use most often.

Today on episode 25, Web Hosting Podcast. Some of the most common cPanel tools you will use after you signup. Did you know there is a app for cPanel access that also includes webmail? We will be going over installing, and then configuring the app which is available for both iOS and Android.

cPanel App for iOS and Android.

Go into your devices app store and search for cPanel. Go through the process of installing the app, like you would any other app.
Before you launch the newly installed cPanel app, you will need to have your cPanel login information. The items you will need are:
Domain: This is normally the website on your hosting account.
Username: This is the cPanel username, not your CMS username, that you use to login to cPanel.
Password: This is the cPanel password, not your CMS password, that you use to login to cPanel.

You will also want to have your email address and password if you want to setup access to your webmail account in the app.

Open the cPanel app that you previously installed.
You are now presented with a few options to add an account, don’t worry we will be going over all of the settings you need.

In the server information are three boxes, name, address, service.
In the name area, give this a unique name. This can be anything you would like to identify this connection.
In the address area, this is where you will put the login url you use to get into your cPanel account. This can possibly be your website url, or the server hostname. If one does not work try the other. Hopefully you were sent a welcome email when you signed up with this information.
In the service, change this to cPanel. Do not use WHM or Webmail.

Now in the authentication box do the following.
In the username box, put in your cPanel username.
In the password box, put in your cPanel password.
In the touchID, if your devices supports it I would highly recommend using it. This is the same as unlocking your iPhone with a fingerprint. If you do not use touchID, then you will be asked to enter your password every time you want to connect.

Once these are filled in, click on “CONNECT”. If everything went correctly, you should now have a setting that will connect, it should have logged you in. If not, check your settings and try again. Make sure you are using the correct username and password. As a diagnoses process, you can try logging into your cPanel account through a web browser first.

Once you are logged in, you can now do anything you would normally do from a web browser inside cPanel.

To setup webmail, click on the “+” icon to add another setup. Give this a unique name as well in the name field.
In the address area, enter the address to connect to your webmail. This too will often be the domain you use for your email.
In the service area, change this to webmail.
In the username field enter in your full email address. This is important, the full email address including the “@” is required.
In the password field enter in your password for your email address.
In the touchID, if your devices supports it I would highly recommend using it. This is the same as unlocking your iPhone with a fingerprint. If you do not use touchID, then you will be asked to enter your password every time you want to connect.

Once these are filled in, click on “CONNECT”. If everything went correctly, you should now have a setting that will connect, it should have logged you in. If not, check your settings and try again. Make sure you are using the correct username and password. As a diagnoses process, you can try logging into your webmail account through a web browser first.

You should now be presented with a few options, depending on your web hosting provider. In my app, I am able to choose between horde, roundcube and squirrelmail. Horde is the only one that seems to be mobile friendly. All of them do work but you will have to move around on the screen to see everything. Below these options, you are presented with the mail client automatic configuration scripts, mail client manual settings and the ability to email setup instructions to a specific email address for the account you logged in with.

Mail Client Automatic Configuration Scripts.
This is used if you are on a desktop client and do not seem to work on a iOS/Android device. It is best to just ignore these.

Mail Client Manual Settings.
These are provided to you so that you may manually setup your email client of choice. These are great instructions for the do it yourselfer. The instructions provide the username, incoming and outgoing mail server, and the ports needed.

Email Instructions.
This allows you to email the same settings from the manual settings to a specific email address. This is handy if you have a user that has a gmail or other email account already and you would like to provide them with specific email setup information for an account you have setup for them.

Why you would want to use the app.
The app is a handy and convenient way to be able to login to cPanel quickly. Using the fingerprint to be able to login means you only have to remember the password once, then use your fingerprint to login. Once into cPanel, you have full control of your cPanel account, just as if you were using a normal browser. This means you can use one click installers to add a website or setup a email address. Being able to access it from your phone, means you can access cPanel from anywhere you have cell coverage for internet or on the go. No longer do you need to race home and pull out a computer to make a change or add a domain. The ability to access webmail is just icing on the cake. If you can login to webmail on the desktop and don’t want to mess with setting up a email client, you can quickly get into webmail through this app and do your business.

In short, I think this is a wonderful addition to your cPanel hosting environment. In the past the app was pretty buggy. Since I have started using it over the last 4 months, I have had zero issues with it. I have used it to access webmail, cpanel, and even log into my wordpress install through installatron.

If you are a admin and manage your own cPanel server, this is also a handy tool. One additional option that we did not cover is the ability to login to WHM. WHM is the administration level control panel for the server itself. This is only used if you have root access to the server and only if you manage your own cPanel server. I can say it works wonderfully to access WHM and allows me to things when I am on the go in a pinch.

The most common cPanel tools you will use.
This is a list of just a few of the most used and common cPanel tools that I use and think you will use. Even if you have used these in the past, cPanel updates the features of these tools to add to the already expansive option list. If it has been a while since you looked at the full option list for these tools, I would recommend you take a moment to revisit them.

Email Accounts
This is the place to manage your email accounts. From here you can create, delete, suspend among many other useful tasks. To create a email account, click on the Email Accounts button. Depending on your cPanel theme, things may be a little different from here. You should be presented with the option to create a email address, and have places for a name, domain, password and quota size. In the name area, enter what you would like the email address to be. If you have more than one domain on your account, a drop down will be available to you to select the domain you would like to use for the email account. In the password field, enter or generate a secure password. Please be sure not to use something like password123. The simplest thing is to use the generate button to create a password, then copy this to someplace secure. Yes, they are going to be difficult to remember and type out, but that is the whole point of a secure password. Password security is likely the most important thing you can do for yourself, so do not make this easy to guess. In the quota field, enter in a number in megabytes you would like to use or choose unlimited. The quota is used to prevent a single email account from using all of your disk space, which can happen. This is why I recommend not using unlimited, choose a value that you can live with and know that you can change this value to something higher if you hit the quota limit. You can uncheck the “Send welcome email” unless you really want to send this out. This is not needed if you are setting up a email account for yourself. At this point, hit the “Create Account” button to create your new email account.

  • Some additional things of note on this area. On the “Email Accounts” tab, you can do the following.
  • Access webmail – simple way to get to webmail.
  • Change quota value for the account.
  • Manage Suspension. This is useful if the account has been hacked or is sending spam. You can prevent sending, receiving and login individually or all three at the same time.
  • Change Password. This is where you would change the password for the email account.
  • Configure Devices. This allows you to view connection information for email clients like Outlook or thunderbird.
  • Delete. This is how you delete the email account.

Some things to consider when creating email accounts. Some hosting providers limit the number of email accounts you can create. Keep this in mind when creating email accounts. Keep an eye on the disk use for email accounts. This will add up faster than you might think and cause you to go over quota. If you whole cPanel account goes over the plans quota, then your site will stop working until the quota is either increased or lowered below the threshold. If you need to create email accounts and want those accounts to not contain a mailbox, a place for mail to be stored on disk, then use a forwarder.

Forwarders.
Email forwarders are a simple way to have a email address that do not store mail to disk, instead they accept the mail and then pass it onto another actual account. This is very handy if you are limited by the number email accounts you can create or just do not want a large number of email accounts to setup on your external devices. Nothing is worse than have to setup a bunch of email accounts and be checking them constantly. Instead setup a single email account that you will check, and then setup forwarders for all other email addresses you may want. You can even setup rules to put email in specific folders that are sent to forwarder addresses in your email client of choice. Forwarders are your friend. Just remember if you reply to a email that came from a forwarder, it will show as being sent from the actual email address and not the forwarder address.

Addon Domain.
This is where you add a new domain to your cPanel account. You will need to ensure the domain is registered and owned by you first. Do not add a domain that you do not own or control. To add a new domain click on the “Addon Domain” button. From here you are presented with a few options. In the “New Domain Name” field enter the domain name you want to add. Be sure to enter the exact name with the “.” and the tld. The subdomain option should be filled in for you after entering the domain name. This can be changed if you would like. This is used by cPanel and really should not be used by you directly. In the document root field, this too should be auto filled in. The is the location on disk, starting from your home directory, where your site files will be served from and where you will put your site files. This should not be located in your default, public_html, folder used for the primary account site files. The reason for this is simple, if one site is hacked then they are all going to be hacked. Keeping them in unique folders away from each other adds a little layer of security as well as making it easier to orgranize and backup. Another reason to do this is site indexing. If you have a site in public_html and then add another site in the same folder so it looks like public_html/site2 , you will then be able to browse the second site by going to the first site, adding a slash “/” and entering in the folder name for site2. Google will find this and index it along with your real website. Just keep things separated.

Aliases.
Aliases are like forwarders but for domains. For example if you have a .com domain, but also own the .net and .org versions but want the .org and .net to go to the .com site, then you want to use a alias. Make sure the domain is registered, then click on “Aliases”. From here enter in the domain you want to have pointed to your live web site. You will be able to change the redirection settings after you add the alias. You can always remove the alias and start over or point it to a new location too.

SSL/TLS Status – Access to AutoSSL
To access this, click on the “SSL/TLS Status” button. From here you can run the free AutoSSL certificate service provided by cPanel. Depending on your web hosting provider this may not be available for you to use. To generate a AutoSSL certificate for your domain, it must be added to your account using the Addon Domain feature or be the primary domain on your cPanel account. If you see your domain listed, you should be good to go. At this point, you can click on the “Run AutoSSL” button. This will generate the needed pieces to get you a free SSL certificate for your domain. Once you click the button your request is added to a queue and will take some time to get and install a valid certificate. Do not keep hitting this button, it will not do anything after the first click. If for some reason you do not see a new SSL certificate after a few hours, you may have to contact your hosting provider to see what may be wrong. Some common issues are Drupal .htaccess file does not permit AutoSSL access to the needed folder to validate the domain. If you are using Drupal, you may need to modify your .htaccess file to permit this to happen correctly. Another issue could be you already have a expired or valid paid SSL certificate installed, you must remove this certificate before running AutoSSL, it is not likely that it will replace a already installed SSL certificate valid or not. You can also exclude domains from AutoSSL, in the event that you have a purchased SSL certificate for your domain. You can also click on the “View Certificate” area to see the status of your installed ssl certificate. Things like expiration date, what domains it is valid for, uninstall the certificate along with a few other options.

Optimize Website
This is the ill fated name for gzip compression. Don’t ask me why it is named this, I have no clue. But this is used to enable gzip compression on your website files. Click on “Optimize Website”, then click on “Compress All Content” and then click “Update Settings”. If you have more questions on this useful option, please listen to Episode 1 WHPOD.

MySQL Database Wizard
The “MySQL Database Wizard” is used to manually create a MySQL database and user inside of cPanel. This is useful if you do not have a one click installer and you want to install a application that requires a MySQL database and a user, like wordpress. Click on “MySQL Database Wizard” button, this will present you with a area to create a database using a unique name. Enter in a name to call your new database. It will prepend your cPanel username followed by a underscore, then the new database name. Make sure this is a unique name as no two database names can match. Once you enter the name click the “Next Step” button. You will now need to create a new user to access this database. Just like the database, the username should be a unique name. Enter the name in the username field, it will prepend the cPanel username with a underscore, just like the database name. Now you need to enter a password. I highly recommend using the password generator and copying the password to a safe location for use later on. Now a database and user are created the next step in the wizard is the permissions the user has for the database. It is very common to just click on the “All Priveledges” button, this gives full read/write permissions for the chosen user to the chosen database. Now we just need to click on “Next Step” one last time. The database and user, with its permissions, are ready to be used.

Virus Scanner.
Depending on your hosting provider this may not be available. Click on “Virus Scanner”, now you are presented with a few options. Scan email, scan home directory, scan public web space and scan public ftp space. If you click on “Scan email”, cPanel will start scanning all of your email accounts for viruses that it has in its definition files. This is a great way to check all your email accounts for malicious viruses. If it finds a virus here, you can choose to quarantine it or delete the infected file. The “Scan Home Directory” is the other option that I recommend you do on a regular basis. If a virus is found in a file you will be given the same option to quarantine the file or delete it. If the file is part of a installed website, it might be best to make a note of the file and take a look at the file. Deleting the file could potentially break your website, so keep that in mind. If you do not have the ability to look at the file or have someone that can examine the file, then contact your web host and see if they can help you out. This might be something they would charge for, so keep that in mind. It is not something you want to ignore as you could be spreading a virus to your website visitors and google will eventually mark your site as unsafe. It is also possible, as well as very rare, that the scanner marks a file as a virus when it is not. This is a false positive result, it should still be investigated to determine the status of the file in question. I would recommend that you scan your whole home directory at least once a month and scan your email every other week.

Cron Jobs.
Cron jobs allow you to automate certain commands or scripts on your site. Cron jobs are useful if you have a website that needs to process something regularly. I often setup a cron for wordpress to run wp-cron.php instead of having wordpress take care of it. Click on “Cron Jobs”, this will present you with a few options and examples. The first entry area is for a email address, this is used to send the results of the command when it processes. This is not likely something you want to get. If you are having issues getting a cron to work, then you can enter a email address here to get the notification. Once the cron is working, I would recommend removing the email address and sending the output of the cron command to /dev/null (more on that in a moment). In the drop down called “Common Settings” is a list of common time settings. Since crons run at a specific time, this drop down allows you to choose quite a few of the most common times from every minute to once per year. Do not run cron scripts every minute, this is a bad thing to do. You have to give your script time to run and running something every minute can be a great way to cause scripts to overlap as well as get your hosting provider angry at you for using a lot of CPU. Just be aware of this when you setup your cron job. I like to use twice per hour or once per hour for my cron jobs unless I need something very specific. Now that you have picked your time, you have to enter the command you want to run. I am going to assume that the command you want to run is a php script, in reality this can be anything you want to run on a regular basis. In the command window we are going to first start by calling “php”, so type php then press the space bar. Now we need to tell php what script we want it to run. This is done by typing the full path on disk to the file we want to execute. This will likely be /home/cPanel_Account/filename.php. There should be a example command entry at the top of the page with a full path that includes your cPanel username. So after your php command enter in the path to your script. The final thing we want to do is to tell the script to send its results someplace, I like to use /dev/null, so the results just get deleted. If you do not do this step then you may start to see a lot of files show up in your cPanel home directory that will eventually fill up your disk space. This is because cron must do something with this output status, so do yourself a favor and use /dev/null. To tell cron to send the output to /dev/null , just add >/dev/null 2>&1 after the command path. Make sure to put a space after the command and before the output. Now click on the “Add New Cron Job” to add that entry to your crontab. Adding crons can be a bit overwhelming at first, and quite confusing. Do not be discouraged by all the info, cPanel will do a large majority of the setup for you. Just pick a time to run, add your command, make sure to send the output to either email or /dev/null. If you have issues, I would recommend contacting your web host to see if they can help you out.

File Manager.
The File Manager is just what it sounds like. If you have ever used a computer, then the file manager should feel familiar, just in a web browser. Click on the “File Manager” button and you will be presented with a whole new window with a lot of buttons and folders. On the left side is the directory structure of your home folder. From here you can choose to make new folders, or browse to current folders. The right window will show you what files are in the folder you have chosen on the left. You can select files, or folders, in the right pane that you may want to modify. For example, if you want to modify your .htaccess file for a given site. One gotcha is the fact that, by default, cPanel does not show hidden files. These are files that start with a “.” period. To enable viewing and modifying of hidden files/folder, click on the settings button located in the very top right. A new window will pop up, find the option for “show hidden files (dot files)” and put a check next to it and click save. You should now see all the hidden files and folders. Now you can browse to the .htaccess file you want to edit, select the file and click “edit”, a new window will open, make your change and then click “save changes”. Some other options you might use is “view”. This allows you to safely view the contents of a file without the possibility of accidentally changing the file. Copy is used to make a backup copy of the file. I would highly recommend creating a backup copy of a file before making a change, accidents do happen. Never delete any folders that you are not sure you can live without on the left pane. Some of these folders are created by cPanel for various reasons and applications. Deleting folders at random, or accidentally could result in your cPanel account needing to be restored or mail being deleted. You don’t want to run into issues, so use caution when in the file manager. Folders of note, public_html, is the location of your primary account domain. Any folder outside of this area with a name like a domain, will likely be a addon domain that was created. Any folder named “.well-known” is used for AutoSSL, do not delete these folders. The folder named mail, is where your email is stored. The folder named etc and var, is where cPanel stores some critical config files for your account. Public_ftp is the public ftp space, if you have one setup. I just want to stress, do not delete random folders and files, bad things will happen. If you start deleting stuff, make sure you have a full backup of your cPanel account just to be safe.

IDNS deceptive practices, IGTV is now live, cPanel now supports git.

IDNS deceptive practices, IGTV is now live, cPanel now supports git.

Today on episode 22 of Web Hosting Podcast. iDNS misdirection, this is a public service announcement for the alleged service provided by iDNS. This company may send out actual mail to you in an attempt to trick you into renewing your domain name with them. IGTV (Instagram TV) is now live, did you even notice? cPanel now supports git.

IDNS

IDNS is a company that sends out actual mail when your domain is close to renewal. IDNS, or Internet Domain Name Service, sounds pretty official and the letter looks even more official. However this is not a bill and is an attempt to trick you into moving your domain to their registry. This letter looks so official that it has tricked many people into sending them money. IDNS, sends out these letters in an attempt to trick you into paying their exorbitant fees for domain renewals. A standard domain renewal from a legitimate company is averaging $10 for a .com, however IDNS tries to get you to pay $45 for each domain. This is then compounded by a fee if you want to move away from IDNS. I think we will start to see fewer of these letters since the GDPR is in place and effectively hides some of the required information IDNS needs for these mailings. If you get one of these letters be sure to send it to the shredder.  Here is what these letters look like.

IDNS-Deception
IDNS-Deception

Git on cPanel

cPanel 72 now allows you to host git repositories as part of your cPanel account. This is great news for those of us that need to use git to share and track files.
From cPanels documentation page.
The Git™ Version Control feature allows you to easily host Git repositories on your cPanel account. You can use Git to maintain any set of files (for example, a website’s files and assets, a software development project, or simple text files). Here is a link to cPanel documentation.  We will likely discuss Git in a future podcast episode in more detail.

IGTV

IGTV is part of Instagram or Facebooks attempt to bring video to the social media giants platforms. This is very different than the current use of Instagram stories which are only limited to 15 seconds and expires after 24 hours. IGTV allows users to upload videos up to 10 minutes or 1 hour for verified users and these do not expire after 24 hours. This medium, in my opinion, is very different than having a youtube channel. IGTV is really trying to go after the “In Real Life (IRL)” moments, where youtube is more of a “produced” format. That is not to say you can’t do produced video on IGTV, it is just not as easy of a workflow. IGTV and Instagram in general is for a cell phone viewing audiences where the viewing device is vertical. Being mobile first is Instagrams strong suit. As it is mobile views account for over half of the current watched content online and is expected to grow to 78% by 2021.

Why is IGTV important for you or your business?

I was very doubtful about IGTV at first. I watched some videos from people I follow and watched some information on IGTV on youtube. It took me a while to see the potential and understand what all the excitement was for this platform. The vertical format is very hard for me to get use to, I do prefer the tabloid viewing option of youtube. However, putting all of the issues I have aside I think this is a great platform for businesses or personal. Almost everyone is going to have a cell phone and that is all you need to get started. This makes the starting cost nothing, granted you can do the same thing with youtube but I think most people expect a higher quality video on youtube. Starting up a IGTV channel is super simple. Just go to instagram.com, login and click on the IGTV button, then click on the “get started” button. From here you have to create and setup your channel. This is just like setting up a youtube channel. Once this is done you can start uploading your content. Make sure your video is in the vertical format. You can also make a custom thumbnail for your video, along with a title and description when you upload.

Currently Instagram has reached the 1 billion monthly active user total. That is billion with a b, per month. Put that in perspective. If you are able to reach 1% of 1% of those users, that is 100,000 new customers for your business. Since this platform is very new, you can get ahead of your competition by putting out great content. Here are some ideas you could try.

Video about you and your business. Make sure to include any social media links, website links, etc..
Micro vlog. Instagram is perfect for doing a small micro sized vlog series. You could show behind the scenes elements of your business.
Public Service announcements. These could be short snippets about product awareness or new items you are offering on your storefron.
Flash sales. Test your Instagram reach by having a flash sale only through Instagram.

These are just samples of ideas, but I think you get the idea. I am planning on using IGTV for podcast promotion and public service announcements for security and product updates. So follow me on Instagram so you can get notifications of new videos.

IGTV Specs and info:

PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.

PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.

Today on episode 21 Web Hosting Podcast. PCI (Payment Card Industry) changes that have come into affect. These changes make a dramatic shift to the encryption standard that you may not be aware of. If you are on a older operating system, and even some new ones, you may be left out in the cold and unable to get email or see your website. Chrome 68 is coming this month and if your site is not using https, then your visitors will start to see a “not secure” message. Moving your site to https should not break your budget with free SSL (AutoSSL) by cPanel.

What is PCI DSS (Payment Card Industry Data Security Standard)?
Payment Card Industry Data Security Standard applies to companies of any size that accept credit card payments online. If you accept credit cards as a form of payment for anything online, then you need to host your data securely with a PCI Compliant hosting provider. This is not the same as accepting PayPal payments on your website. This is strictly for credit card payment processing. Normally this is done through a payment gateway like authorize.net or others.

PCI DSS (Payment Card Industry Data Security Standard) changes for this year.
Primary change of interest happened on June 30th, 2018. This change made old and outdated forms of SSL/TLS no longer secure by standard. What this means is a higher level of encryption is now required if you are doing any form of credit card processing. This change has the potential to block out users on old outdated operating systems. It will also have the potential to disrupt your email workflow if you are not up to date on your email application. All forms of connections should be using a minimum of TLS 1.2. This means http(s), email, and ftp(s) have to be using TLS 1.2 to make a connection.

How this may directly affect you and your customers.
TLS 1.2 is a pretty old standard (2008), with TLS 1.3 on its way. However, some operating systems do not support TLS 1.2. This includes computers, tablets and phones. If you are currently not using a updated operating system, then you may not be able to send or receive email through your PCI compliant host. This is the most typical scenario I have seen. Most browsers have supported TLS 1.2 for a number of years. However, it has only been recently that IOS, for example, has supported TLS 1.2 in their own mail app.

What to do if you can’t get email or visit your site anymore.
Ensure you are running the most recent version of your operating system of choice. This means upgrade to Windows 10 or the latest Apple OS X. Simply updating Windows 7 to its latest release is not advised. You really need to run the latest operating system version. This also goes for any tablets or phones you may have. Once the latest version is installed you will likely not have any problems. For supported browsers for TLS 1.2, Firefox, Edge and Chrome support the latest TLS standard. For email clients, mail.app (on latest version of OS X 10.13) thunderbird and windows 10 mail.

Chrome 68 will start showing “Not Secure” for sites using http:// this month.
This should come as no surprise to anyone that develops sites or owns their own site. For the past 2 years google has been warning people that this day was coming (queue ominous music!). Google has even said your SEO ranking will suffer if you are not using https:// on your sites. If you are still some of the minor few that have not moved to https for your site, do not delay any longer. Web Hosting Podcast has discussed in many episodes how to use a free SSL certificate if you are on cPanel called AutoSSL. This is a SSL certificate process that is 100% free and will allow you to move to a more secure https. Gone are the days of having to purchase a SSL certificate every year, there really is no reason to not be using https for your site today. For more information on AutoSSL listen to these previous Web Hosting Podcast episodes.

Here, here and here

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Useful website tools to use for your website.

https://www.ssllabs.com/
This is a useful site to check your site for proper ssl settings. You will get a grade once the report is done. An “A” is the best, while a “B” would be acceptable, you should really try and get the “A” grade. I would also recommend when you do your test that you click on the check box that says “Do not show the results on the board”, unless you have a perfect score you want to show off.

https://haveibeenpwned.com/
This site is useful to check if the email you use for logins has been seen on hacked lists. It is also very useful to check the security of passwords you use for logins.

https://www.whatismyip.com/ – list your current IP address

http://www.whatsmyip.org/ – Not to be confused with the .com version of the site. Many useful tools from gzip testing, to password generation. Not as useful as it once was since it does not seem to handle https based websites. But the DNS tools and password generator is quite useful.

https://checkgzipcompression.com – another tool for checking to ensure your site is using gzip compression. This one works with https based sites.

Speed test – google and http://www.speedtest.net/

https://slack.com – Team focused chat with many useful options.

Moving a site to ssl with installatron one click installer. This assumes you are using cPanel with autossl enabled.

1. Test your site to ensure you have a ssl certificate installed. This can be done by going to https://yourdomain. If you your site loads with no errors you can proceed. Some common issues you may run into, site is not fully secure and ssl mismatch. You may need to resolve these errors before you proceed.

2. Inside of your cPanel account, create a new subdomain using the subdomain tool. You will need to wait for the server to generate and install the free SSL certificate for this subdomain. You can test this just like step 1 above.

3. From inside of installatron, clone the live site to the new subdomain, but make sure to select the https version of the subdomain. This should only take a few minutes depending on the site size. This will create a complete copy of your site and move it to the subdomain you created. You can now test the site and fix any issues you may have by going to the subdomain https site. For example, https://subdomain.yourdomain

4. Once things look good on the subdomain, you can go into installaron and clone the site back to the live site but use https version in the drop down.

5. Once the live site is cloned back to https, test again. Things should have been resolved when you used the subdomain, but there may be some lingering links or code that may need to be changed.

At this point your site should be using a valid SSL certificate. If you are uncomfortable doing these steps you may want to contact your developer or your hosting company to see if they can help you out. I would also recommend that you have a full backup of your site before proceeding with anything that is going to change your site. This would include installing plugins, updating core site files, etc… A backup is a simple way to ensure you have a way to get back to a known working state.

Please understand that you use these instructions at your own risk.  I do not acceptable responsibility for anything you do to your website.

SEO Search Engine Optimization with Megan Ferrell

SEO Search Engine Optimization with Megan Ferrell

SEO, Search Engine Optimization

Listen as I get schooled by Megan Ferrell of websites503.com about SEO, Search Engine Optimization. Megan gives the listener some great tips and advice on how to improve your SEO ranking. Listeners of the podcast may remember Megan from episode 4 , where we discussed 10 website security tips.

Some of the questions and topics we cover on this episode are.

What is SEO?
Process to start doing SEO on your website?
Getting ranked by google and other search engines?
Some of the tools that are needed to achieve this?

  • google webmaster tools
  • google analytics
  • sitemap file
  • same tools for other search engines like Bing.

Are other search engines important? Bing, DuckDuckGo, etc..?
Is a social media presence important to SEO?
Does site speed play into SEO?
3 things that anyone could do right now to increase their SEO presence?

Some useful links.

Official Google webmasters blog
Google webmaster youtube
Google Analytics
Google Webmaster Search Console

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

What is the difference between a Backup and a Archive?

A backup is for short term recovery. This means a backup is likely a more current snapshot in time. Often a backup will be done daily/weekly/monthly. You should be able to restore your site from any of these backups. But what happens if the backup is corrupt, or your site is hacked and has been hacked for a while? This is where a Archive comes in. A archive, to me, is a snapshot in time of your site that you are comfortable and capable of starting from.

Example: You have a site or a blog, you do a weekly and monthly backup. You find out that it has been hacked and has hundreds of files that contain malicious code. You can spend all of your time, and possibly a large amount of money cleaning the site up. Or you could restore from a backup, but what if your backup also contains the hacked code? Maybe your site has been hacked for more than a month. Now those backups will likely not do you much good or save you time and ultimately money. A archive is what you will need to restore from. A snapshot in time, where you know your site is clean and functional and can also be rebuilt from. It is a starting point that you are comfortable with. it may not be a ideal situation to have to do, but at least you know you can do it. The alternative is to possibly spend hundreds of hours and maybe thousands of dollars with a developer or systems administrator cleaning up your now hacked site. It is possible that starting from the archive will be the quickest and safest path. If you do decide to restore from a archive, and it is because of a hack, be sure that you update everything and if possible determine how the hack originated. It would not hurt to change passwords and follow standard procedures for dealing with a hack, see episode 7 Web Hosting Podcast.

Backups in cPanel are created using a .tar.gz file format.

What is a .tar.gz file?
The .tar in the filename stands for Tape Archive. The .gz is a compression method known as GZIP. These can be opened with standard Windows, Mac and Linux applications. The first thing it will do is unzip the file, or decompress it. This will then leave a .tar file. This can then be extracted to get the contents of the full archive.

Generating a full backup through cPanel will generate a .tar.gz file in your chosen destination. To do this, login to cPanel and search for backup. This will show you either, backup or backup wizard. If you want a step by step process, use the wizard. If you want specific files then choose backup. They both will ultimately give you the same thing. If you choose to create your backup file in your home directory, be aware that this could take your account over quota and start breaking things rather quickly. Other options for backup destinations are FTP and SCP. You can also choose to download a current near line backup, which will download to the Downloads folder set by your web browser. If you plan to make a archive, be sure to generate a new full backup of your entire home directory. This will include mysql databases, email and your website directories.

Other things that are good to do at the start or end of a year?

Verify your whois data is current. This should be done regularly and is required by domain owners. Whois data is maintained through the company you registered the domain with.

Determine if there are domains that you no longer wish to keep before they are renewed. I find myself over the year purchasing domains for ideas I may have. Some of these ideas never see the light of day and become abandoned. This is a good time to determine if you wish to proceed with keeping these domains and websites going. This can save you a bit of money if you no longer wish to keep them going.

Do you have specific things you do to bring in the New Year for your website? I would love to hear what they are and discuss them on a future podcast episode. Contact me through the contact form.

In our quick tip, autoresponders for email.

Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

Virus/Malware/Ransomware/etc….Covering the differences and how they might affect you.

Definitions resourced from Comodo

 

Differences between them all.

  • Malware – Malware is software written specifically to infect the target host system. Subcategories of Malware include.
  • Virus – Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
  • Adware – Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
  • Spyware – This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggersmay be installed intentionally in a organization to monitor activities of employees.
  • Worms – This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
  • Trojan – Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
  • Ransomware – Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop up warning that your have been locked out of your computer and that you can access only after paying the cyber criminal. The cyber criminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.

 

Checking for a virus in your hosting environment.

 

Cpanel virus scan – uses clamav as the scanner.

Login to your cPanel account and look or search for “Virus Scanner”. Click on the image to open. You should now be presented with a series of radial check boxes.

  • Scan Mail – this is used to scan your email folders only.
  • Scan entire home directory – this is used to scan your cPanel home directory, including web/ftp/email spaces.
  • Scan public web space – this is used to scan only your web site locations on disk in your home directory.
  • Scan public FTP space – this is used to scan your FTP location on disk in your home directory.

I like to use “Scan Entire Home Directory” so it will scan everything. This could take a while to complete initially. Select this option and click on the “Scan Now” button. The Virus scanner will now start scanning your entire home directory for infected files. If it finds an infected file, you will be presented with 3 options for every file listed as infected.

3 options when it finds a virus.

  • quarantine – this will move the files selected in a quarantine folder in your home directory called quarantine_clamavconnector.
  • remove/delete – this permanently deletes the file with no hope of recovery. Be aware that you could possibly break your site if a core file is deleted using this option.
  • ignore – this will ignore the selected file. This allows you to manually remove the file or replace it through another means.

You can scroll to the bottom of the found virus list to use the “Select All” button for each of the above.

Gotchas I ran into during my testing.

Clamav was able to identify viruses on disk effectively, where external scanners could not see them at all. I chose to use sucuri site scan, to try and find these infected files. It was not able to. This leaves me to believe that unless the hacked/virus infected files are coded as part of your site (example in your footer.php), external scans will never see them. It is still a good idea to have external scans, but doing a regular scan at the host level that can see your actual files is still required. I highly recommend Clamav and CXS (Configserver eXploit Scanner) CXS ties into a database of php exploits as well as clamav and can scan your entire cPanel account for exploits that external scanners can not see.  CXS can also tell you what is outdated in your chosen CMS.  This is great for finding forgotten and possibly dead websites in your hosting account.

Dealing with a hacked website.

  1. Do not panic and stay calm.
  2. Take site offline.
  3. Change passwords (cPanel, ftp, email accounts, mysql, all of them).
  4. Diagnose/Scan – Either do this yourself or find/hire someone to do this. Some hosts can scan your hosting account to determine how bad the hack is and possibly how it was done.
  5. Remove hack – File restore, edit/clean files, clean database.
  6. Scan site again to ensure site is clean.
  7. Scan local computers used to maintain and access site to ensure they are not compromised or contain malware.
  8. Update site to be current.
  9. If you are on the google/firefox not safe list, you will need to get site delisted.
  10. If you did a clean restore your site, be sure to change the site password again. Often a restore will revert the password back to what it was previously which could have been compromised.
  11. Update everything!!
  12. Scan for virus and vulnerabilities again.
  13. If all clean, preform a final clean backup and archive it someplace safe.
  14. Get setup on a regular site security scan. This can be something as simple as sucuri or a host provided CXS (Configserver eXploit Scan). Maybe they have something else that they can do for you regularly, I would recommend checking with your own hosting provider to see what options they may have.

New 30 second tip from Megan Ferrell of websites503.com

If you would like to present your own 30 Second Tip, please use the contact page.

3 Free WordPress Managed Solutions

3 Free WordPress Managed Solutions

Minimum options needed for hosting and hosting further explained.

  • Space (disk space) Small plans normally start at about 10G of disk space. Roughly 200 hours of music per month.
  • Bandwidth (network connections) Small plans normally accommodate up to 10,000 unique visitors per month.
  • SSL free or paid option.
  • A way to upload, add or modify files to your hosting space such as SFTP.
  • Instructions for getting into your hosting space.
  • Documentation – Online self service documentation that you can follow. Think Knowledgebase.
  • Support – helpful and knowledgeable support that will NOT charge you for simple things. Does not need to be phone based!?
  • One click installer. Click here to listen to a previous episode about one click installers.
  • A way to serve your files.
  • A script processor – php, ruby, python, perl…etc. customer preference.
  • Database and databse connecticity -mysql/postgresql/oracle/mongo.
  • Security mechanism Firewall or other intrusion detection system.
  • Backups at least weekly – although the user should also have their own backups.

Not on the list

  • Email – use google, wibble, outlook for hosted email.
  • DNS services including domain registration.

Goes without saying

  • Way to add domain to your hosting account.
  • Way to add domain aliases; this might be known to some people as parked domains.

 

WordPress managed soloutions

What is managed WordPress?

A complete service package where all technical aspects of running WordPress is provided by your chosen host. This style of web hosting does and should cost more than web hosting that does not provide these services.

This includes:

  • Security
  • Speed
  • WordPress Updates
  • Daily Backups
  • Premium support – this is handled by WordPress experts with lots of experience.

This is why the typical managed WordPress hosting plan is much more expensive than standard hosting.

Companies that do managed WordPress hosting

 

What is WordPress hosting?

WordPress specific hosting, not to be confused with managed WordPress hosting, is specialized shared hosting with optimizations specific for WordPress sites. These changes often improve site speed and response.

Why/How is this different than regular hosting?

Managed WordPress hosting, WordPress hosting and shared hosting are all different and very specific to the needs of the customer.  Shared hosting, the lowest level and most basic hosting is setup so there are many accounts on a single server.  These shared servers will be serving many different websites, this makes it hard to optimize for a single application.  WordPress shared hosting, or WordPress Hosting, is a shared server optimized specifically for WordPress web sites.  Managed WordPress is all the benefits of a optimized server experience without having to also worry about updates, security, speed and support.  These are handled for you as part of the hosting package.

How is this relevant?

Do it yourself managed programs you can use on your WordPress site.

All 3 add a plugin for remote management of

  • core updates
  • plugin updates
  • theme updates
  • And more features below.

 

Infinite WP

Infinite WP (IWP) is a self hosted free or paid product, although version 3 is suppose to provide for a managed install version (SAAS). The free version installs as a plugin that then installs a command interface where you can add your site to be managed, as well as others. It provides a simple backup and updater. The paid version includes a reported $2888 worth of add ons. This is all self hosted and you are responsible for updating and securing your install of infinite WP. The biggest drawback to Infinite WP is the support. For the free version, good luck getting any response. Even their website lists 96 hours for a response for free tier, and for the enterprise tier it can be 12 hours. This is just not acceptable if you are paying for this product.

Ease of Use rating from beginner to advanced? 

This is more advanced than I would like.  You have to not only manage your WordPress install, which is fine, but you also have to manage the install of Infinite WP.  Installing the command interface could be problematic and if you have problems, good luck getting a reply back from support.

WP Remote

WP Remote is operated as part of maek.it, which is a full service client management portal.  This is ideal for designers/developers or agencies that want one place to go for everything from invoicing to hosting.  Features of WP Remote include.

  • One click deploy.
  • Simple Hosting (not sure what they mean by “simple”, they also advertise FTP but no SFTP or FTPS 🙁 ).
  • Unlimited WordPress management.
  • Invoices.
  • CRM.
  • Domain Management.
  • Track sales & leads.

Ease of Use rating from beginner to advanced?

This is more simple than Infinite WP, but the interface may be quite confusing.  Only thing to install is the control plugin which is quite simple to do.  More options than a simple WordPress management interface.  If you want to generate invoices, track sales leads and let Maek.it handle your hosting then this might be for you.

Manage WP

Mange WP is owned by GoDaddy which also owns Sucuri .
This is a cloud based software as a service application and Manage WP handles updates and security for the product. There is nothing the end user needs to install or manage except the control plugin. This is installed into your WordPress website. Manage WP is free for unlimited sites and certain addons are free. Premium addons are very reasonable at $1-$2 /mo. each, and you can purchase group bundles for multiple site activations. This means you can spend as little or as much as you need. I prefer this to having to pay $35/mo. for all of it. By only charging me for what I want/need it becomes very easy to turn on a few things that interest me or my customers.

Ease of Use rating from beginner to advanced?

This is super simple to install.  The only thing to install is the control plugin which is quite simple to do and I think anyone can/could do it.  The interface is very user friendly and easy to understand.  The notices, billing, and alerts are very clear to see and understand.  The only downside to Manage WP is that the basic backups do not allow you to download them or push them to another location.  They maintain the backups for you on their S3 drive.  Paying $2/mo. is the only way to get your backups sent to another location or be able to download them.  Other than that, there are many wonderful and free features that I use everyday.

Free with Manage WP:

  • Backup
  • Sucuri security checks
  • Performance check
  • Client reports
  • Google Analytics
  • Maintenance mode
  • Code snippets
  • 2-factor authentication
  • 1-click login
  • Manage comments
  • Manage plugins and themes
  • Vulnerability updates
  • Collaborate

Many paid options increase the functionality of the free options. For example, $2/mo extra will give you cloud backup destinations with scheduling, or you can use the free basic backup. Or for $1/mo. enable the SEO monitor feature to track the SEO of your site.

Listeners of the Web Hosting Podcast have been given a wonderful bonus, if you want to try Manage WP. You can use the code WHPOD and you will get $10 added to your account to try any of the paid features. This means you can get SEO monitoring for 10 months.

 

10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on https://webhostingpodcast.com/contact

 

10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via zoom.us to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.

Web hosting one click installers, David Anderson of Canvas Host talks domains

Web hosting one click installers, David Anderson of Canvas Host talks domains

Web Hosting Podcast episode 3


News / security

WordPress plugin with 200,000 installs has a backdoor – Display Widgets version 2.6.1 and 2.6.3
https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-200-000-installations/

ransom-ware outbreak

Company agrees to pay $1 million in bitcoin to unlock 157 web servers.
https://www.bleepingcomputer.com/news/security/south-korean-web-hosting-provider-pays-1-million-in-ransomware-demand/

CloudFlare now includes apps June 27th – https://blog.cloudflare.com/cloudflare-apps-2/
Some of the great apps on cloudflare I have found.
– social icons – add social icons automatically to your site
– tweet this – highlight and tweet text
– Facebook comments – Facebook Comments app lets people comment on content on your site using their Facebook account.
– Facebook Like – Add a Facebook Like button to your site to build your social media presence.
– Pinterest – Let your visitors share your content and increase your social presence with Pinterest buttons!
– google maps – quickly add a map to your page.
– spotify, soundcloud, trebble – add music playlists to your site.
– ecommerce apps for paypal
– fun stuff – particles and browser blast.
– check out all the apps here.

One click installers

What are one click installers?
One click installers allow you to “install” a range of popular software from a library of applications for use. These can include wordpress, joomla, drupal and many others depending on your host and possibly the hosting plan you select at signup.

The 3 major one click installers used for hosting.
fantastico -https://netenberg.com/
softaculous – https://www.softaculous.com/
installatron – http://installatron.com/

All have panel integration (cpanel, plesk, etc..)

All allow you to install the most current version of popular software including.
wordpress
drupal
joomla
magento

Why I like installatron over the others.

– Ease of use, hands down installatron is easiest to use.
– clone a site and move a site to another location – very easy to do.
– remote backup including dropbox integration.
– automatic install of security plugins (wordpress specific in this case) during the one click install.
– automatic update with backup and rollback ; this is huge. Installatron will automatically backup, then attempt to update each piece that needs a update. If a update fails it will roll back to the backup file. It sends emails out regarding the status of the updates and if they were successful or not.
– schedule of backups and retention. This only backs up the installed application and not your entire cPanel or control panel account. This allows your site to be portable and easy to restore in the event something happens to your site.
– Easily login to your wordpress site from inside of cPanel.
– Easily reset your wordpress login credentials, this includes the password.
– Install two factor authentication on creation of wordpress site, or later on. This can be enabled by default.
– Limit failed login attempts, by default.
– You can import current installs into installatron so that it can manage it for you. This is very handy to help manage automated updates and backups.

Follow this blog post to see how to import your current install of wordpress into installatron. Keeping your WordPress Website Updated | Enrolling in an Automatic Updater

 

Domain registration with David Anderson of Canvas Host

Topics covered with David from Canvas Host.
– What is a domain registrar.
– Buying a new domain.
– Price change after one year – this is very common to see a $1.99 or lower, intro price and then have a much higher price renewal after the first year. Could be much much higher.
– Domain transfer to new registrar – unlock domain, generate epp code, send epp code to new registrar. Watch the transfer fee, will renew for 1 year.
– Grace periods – 0 – 45 days after it expires. Just the cost to renew.
– Redemption – after 45 days. This costs a lot more money + renewal. Fee varies on registrar.
– Pending deletion after 80 days, which then anyone can register after released. This is cheaper than paying redemption fees, but could cost you your domain.
– Loosing a domain by lapsing and entering delete state.
– Contact information must be current on domain registration so that you can be reached. DO NOT USE bogus/false info!!
– Private registration – $7.50 per year, can vary by registrar, some TLDs are free for private registration. For exmaple, *.uk. Some domains can’t have private registration, .us for example.
– Warning about domain registry of america letter and the scam. Domain slamming. https://en.m.wikipedia.org/wiki/Domain_name_scams

If you have show topic suggestions, recommendations or want to be on the show follow this link