Tag: TLS

cPanel tools you will use most often.

cPanel tools you will use most often.

Today on episode 25, Web Hosting Podcast. Some of the most common cPanel tools you will use after you signup. Did you know there is a app for cPanel access that also includes webmail? We will be going over installing, and then configuring the app which is available for both iOS and Android.

cPanel App for iOS and Android.

Go into your devices app store and search for cPanel. Go through the process of installing the app, like you would any other app.
Before you launch the newly installed cPanel app, you will need to have your cPanel login information. The items you will need are:
Domain: This is normally the website on your hosting account.
Username: This is the cPanel username, not your CMS username, that you use to login to cPanel.
Password: This is the cPanel password, not your CMS password, that you use to login to cPanel.

You will also want to have your email address and password if you want to setup access to your webmail account in the app.

Open the cPanel app that you previously installed.
You are now presented with a few options to add an account, don’t worry we will be going over all of the settings you need.

In the server information are three boxes, name, address, service.
In the name area, give this a unique name. This can be anything you would like to identify this connection.
In the address area, this is where you will put the login url you use to get into your cPanel account. This can possibly be your website url, or the server hostname. If one does not work try the other. Hopefully you were sent a welcome email when you signed up with this information.
In the service, change this to cPanel. Do not use WHM or Webmail.

Now in the authentication box do the following.
In the username box, put in your cPanel username.
In the password box, put in your cPanel password.
In the touchID, if your devices supports it I would highly recommend using it. This is the same as unlocking your iPhone with a fingerprint. If you do not use touchID, then you will be asked to enter your password every time you want to connect.

Once these are filled in, click on “CONNECT”. If everything went correctly, you should now have a setting that will connect, it should have logged you in. If not, check your settings and try again. Make sure you are using the correct username and password. As a diagnoses process, you can try logging into your cPanel account through a web browser first.

Once you are logged in, you can now do anything you would normally do from a web browser inside cPanel.

To setup webmail, click on the “+” icon to add another setup. Give this a unique name as well in the name field.
In the address area, enter the address to connect to your webmail. This too will often be the domain you use for your email.
In the service area, change this to webmail.
In the username field enter in your full email address. This is important, the full email address including the “@” is required.
In the password field enter in your password for your email address.
In the touchID, if your devices supports it I would highly recommend using it. This is the same as unlocking your iPhone with a fingerprint. If you do not use touchID, then you will be asked to enter your password every time you want to connect.

Once these are filled in, click on “CONNECT”. If everything went correctly, you should now have a setting that will connect, it should have logged you in. If not, check your settings and try again. Make sure you are using the correct username and password. As a diagnoses process, you can try logging into your webmail account through a web browser first.

You should now be presented with a few options, depending on your web hosting provider. In my app, I am able to choose between horde, roundcube and squirrelmail. Horde is the only one that seems to be mobile friendly. All of them do work but you will have to move around on the screen to see everything. Below these options, you are presented with the mail client automatic configuration scripts, mail client manual settings and the ability to email setup instructions to a specific email address for the account you logged in with.

Mail Client Automatic Configuration Scripts.
This is used if you are on a desktop client and do not seem to work on a iOS/Android device. It is best to just ignore these.

Mail Client Manual Settings.
These are provided to you so that you may manually setup your email client of choice. These are great instructions for the do it yourselfer. The instructions provide the username, incoming and outgoing mail server, and the ports needed.

Email Instructions.
This allows you to email the same settings from the manual settings to a specific email address. This is handy if you have a user that has a gmail or other email account already and you would like to provide them with specific email setup information for an account you have setup for them.

Why you would want to use the app.
The app is a handy and convenient way to be able to login to cPanel quickly. Using the fingerprint to be able to login means you only have to remember the password once, then use your fingerprint to login. Once into cPanel, you have full control of your cPanel account, just as if you were using a normal browser. This means you can use one click installers to add a website or setup a email address. Being able to access it from your phone, means you can access cPanel from anywhere you have cell coverage for internet or on the go. No longer do you need to race home and pull out a computer to make a change or add a domain. The ability to access webmail is just icing on the cake. If you can login to webmail on the desktop and don’t want to mess with setting up a email client, you can quickly get into webmail through this app and do your business.

In short, I think this is a wonderful addition to your cPanel hosting environment. In the past the app was pretty buggy. Since I have started using it over the last 4 months, I have had zero issues with it. I have used it to access webmail, cpanel, and even log into my wordpress install through installatron.

If you are a admin and manage your own cPanel server, this is also a handy tool. One additional option that we did not cover is the ability to login to WHM. WHM is the administration level control panel for the server itself. This is only used if you have root access to the server and only if you manage your own cPanel server. I can say it works wonderfully to access WHM and allows me to things when I am on the go in a pinch.

The most common cPanel tools you will use.
This is a list of just a few of the most used and common cPanel tools that I use and think you will use. Even if you have used these in the past, cPanel updates the features of these tools to add to the already expansive option list. If it has been a while since you looked at the full option list for these tools, I would recommend you take a moment to revisit them.

Email Accounts
This is the place to manage your email accounts. From here you can create, delete, suspend among many other useful tasks. To create a email account, click on the Email Accounts button. Depending on your cPanel theme, things may be a little different from here. You should be presented with the option to create a email address, and have places for a name, domain, password and quota size. In the name area, enter what you would like the email address to be. If you have more than one domain on your account, a drop down will be available to you to select the domain you would like to use for the email account. In the password field, enter or generate a secure password. Please be sure not to use something like password123. The simplest thing is to use the generate button to create a password, then copy this to someplace secure. Yes, they are going to be difficult to remember and type out, but that is the whole point of a secure password. Password security is likely the most important thing you can do for yourself, so do not make this easy to guess. In the quota field, enter in a number in megabytes you would like to use or choose unlimited. The quota is used to prevent a single email account from using all of your disk space, which can happen. This is why I recommend not using unlimited, choose a value that you can live with and know that you can change this value to something higher if you hit the quota limit. You can uncheck the “Send welcome email” unless you really want to send this out. This is not needed if you are setting up a email account for yourself. At this point, hit the “Create Account” button to create your new email account.

  • Some additional things of note on this area. On the “Email Accounts” tab, you can do the following.
  • Access webmail – simple way to get to webmail.
  • Change quota value for the account.
  • Manage Suspension. This is useful if the account has been hacked or is sending spam. You can prevent sending, receiving and login individually or all three at the same time.
  • Change Password. This is where you would change the password for the email account.
  • Configure Devices. This allows you to view connection information for email clients like Outlook or thunderbird.
  • Delete. This is how you delete the email account.

Some things to consider when creating email accounts. Some hosting providers limit the number of email accounts you can create. Keep this in mind when creating email accounts. Keep an eye on the disk use for email accounts. This will add up faster than you might think and cause you to go over quota. If you whole cPanel account goes over the plans quota, then your site will stop working until the quota is either increased or lowered below the threshold. If you need to create email accounts and want those accounts to not contain a mailbox, a place for mail to be stored on disk, then use a forwarder.

Forwarders.
Email forwarders are a simple way to have a email address that do not store mail to disk, instead they accept the mail and then pass it onto another actual account. This is very handy if you are limited by the number email accounts you can create or just do not want a large number of email accounts to setup on your external devices. Nothing is worse than have to setup a bunch of email accounts and be checking them constantly. Instead setup a single email account that you will check, and then setup forwarders for all other email addresses you may want. You can even setup rules to put email in specific folders that are sent to forwarder addresses in your email client of choice. Forwarders are your friend. Just remember if you reply to a email that came from a forwarder, it will show as being sent from the actual email address and not the forwarder address.

Addon Domain.
This is where you add a new domain to your cPanel account. You will need to ensure the domain is registered and owned by you first. Do not add a domain that you do not own or control. To add a new domain click on the “Addon Domain” button. From here you are presented with a few options. In the “New Domain Name” field enter the domain name you want to add. Be sure to enter the exact name with the “.” and the tld. The subdomain option should be filled in for you after entering the domain name. This can be changed if you would like. This is used by cPanel and really should not be used by you directly. In the document root field, this too should be auto filled in. The is the location on disk, starting from your home directory, where your site files will be served from and where you will put your site files. This should not be located in your default, public_html, folder used for the primary account site files. The reason for this is simple, if one site is hacked then they are all going to be hacked. Keeping them in unique folders away from each other adds a little layer of security as well as making it easier to orgranize and backup. Another reason to do this is site indexing. If you have a site in public_html and then add another site in the same folder so it looks like public_html/site2 , you will then be able to browse the second site by going to the first site, adding a slash “/” and entering in the folder name for site2. Google will find this and index it along with your real website. Just keep things separated.

Aliases.
Aliases are like forwarders but for domains. For example if you have a .com domain, but also own the .net and .org versions but want the .org and .net to go to the .com site, then you want to use a alias. Make sure the domain is registered, then click on “Aliases”. From here enter in the domain you want to have pointed to your live web site. You will be able to change the redirection settings after you add the alias. You can always remove the alias and start over or point it to a new location too.

SSL/TLS Status – Access to AutoSSL
To access this, click on the “SSL/TLS Status” button. From here you can run the free AutoSSL certificate service provided by cPanel. Depending on your web hosting provider this may not be available for you to use. To generate a AutoSSL certificate for your domain, it must be added to your account using the Addon Domain feature or be the primary domain on your cPanel account. If you see your domain listed, you should be good to go. At this point, you can click on the “Run AutoSSL” button. This will generate the needed pieces to get you a free SSL certificate for your domain. Once you click the button your request is added to a queue and will take some time to get and install a valid certificate. Do not keep hitting this button, it will not do anything after the first click. If for some reason you do not see a new SSL certificate after a few hours, you may have to contact your hosting provider to see what may be wrong. Some common issues are Drupal .htaccess file does not permit AutoSSL access to the needed folder to validate the domain. If you are using Drupal, you may need to modify your .htaccess file to permit this to happen correctly. Another issue could be you already have a expired or valid paid SSL certificate installed, you must remove this certificate before running AutoSSL, it is not likely that it will replace a already installed SSL certificate valid or not. You can also exclude domains from AutoSSL, in the event that you have a purchased SSL certificate for your domain. You can also click on the “View Certificate” area to see the status of your installed ssl certificate. Things like expiration date, what domains it is valid for, uninstall the certificate along with a few other options.

Optimize Website
This is the ill fated name for gzip compression. Don’t ask me why it is named this, I have no clue. But this is used to enable gzip compression on your website files. Click on “Optimize Website”, then click on “Compress All Content” and then click “Update Settings”. If you have more questions on this useful option, please listen to Episode 1 WHPOD.

MySQL Database Wizard
The “MySQL Database Wizard” is used to manually create a MySQL database and user inside of cPanel. This is useful if you do not have a one click installer and you want to install a application that requires a MySQL database and a user, like wordpress. Click on “MySQL Database Wizard” button, this will present you with a area to create a database using a unique name. Enter in a name to call your new database. It will prepend your cPanel username followed by a underscore, then the new database name. Make sure this is a unique name as no two database names can match. Once you enter the name click the “Next Step” button. You will now need to create a new user to access this database. Just like the database, the username should be a unique name. Enter the name in the username field, it will prepend the cPanel username with a underscore, just like the database name. Now you need to enter a password. I highly recommend using the password generator and copying the password to a safe location for use later on. Now a database and user are created the next step in the wizard is the permissions the user has for the database. It is very common to just click on the “All Priveledges” button, this gives full read/write permissions for the chosen user to the chosen database. Now we just need to click on “Next Step” one last time. The database and user, with its permissions, are ready to be used.

Virus Scanner.
Depending on your hosting provider this may not be available. Click on “Virus Scanner”, now you are presented with a few options. Scan email, scan home directory, scan public web space and scan public ftp space. If you click on “Scan email”, cPanel will start scanning all of your email accounts for viruses that it has in its definition files. This is a great way to check all your email accounts for malicious viruses. If it finds a virus here, you can choose to quarantine it or delete the infected file. The “Scan Home Directory” is the other option that I recommend you do on a regular basis. If a virus is found in a file you will be given the same option to quarantine the file or delete it. If the file is part of a installed website, it might be best to make a note of the file and take a look at the file. Deleting the file could potentially break your website, so keep that in mind. If you do not have the ability to look at the file or have someone that can examine the file, then contact your web host and see if they can help you out. This might be something they would charge for, so keep that in mind. It is not something you want to ignore as you could be spreading a virus to your website visitors and google will eventually mark your site as unsafe. It is also possible, as well as very rare, that the scanner marks a file as a virus when it is not. This is a false positive result, it should still be investigated to determine the status of the file in question. I would recommend that you scan your whole home directory at least once a month and scan your email every other week.

Cron Jobs.
Cron jobs allow you to automate certain commands or scripts on your site. Cron jobs are useful if you have a website that needs to process something regularly. I often setup a cron for wordpress to run wp-cron.php instead of having wordpress take care of it. Click on “Cron Jobs”, this will present you with a few options and examples. The first entry area is for a email address, this is used to send the results of the command when it processes. This is not likely something you want to get. If you are having issues getting a cron to work, then you can enter a email address here to get the notification. Once the cron is working, I would recommend removing the email address and sending the output of the cron command to /dev/null (more on that in a moment). In the drop down called “Common Settings” is a list of common time settings. Since crons run at a specific time, this drop down allows you to choose quite a few of the most common times from every minute to once per year. Do not run cron scripts every minute, this is a bad thing to do. You have to give your script time to run and running something every minute can be a great way to cause scripts to overlap as well as get your hosting provider angry at you for using a lot of CPU. Just be aware of this when you setup your cron job. I like to use twice per hour or once per hour for my cron jobs unless I need something very specific. Now that you have picked your time, you have to enter the command you want to run. I am going to assume that the command you want to run is a php script, in reality this can be anything you want to run on a regular basis. In the command window we are going to first start by calling “php”, so type php then press the space bar. Now we need to tell php what script we want it to run. This is done by typing the full path on disk to the file we want to execute. This will likely be /home/cPanel_Account/filename.php. There should be a example command entry at the top of the page with a full path that includes your cPanel username. So after your php command enter in the path to your script. The final thing we want to do is to tell the script to send its results someplace, I like to use /dev/null, so the results just get deleted. If you do not do this step then you may start to see a lot of files show up in your cPanel home directory that will eventually fill up your disk space. This is because cron must do something with this output status, so do yourself a favor and use /dev/null. To tell cron to send the output to /dev/null , just add >/dev/null 2>&1 after the command path. Make sure to put a space after the command and before the output. Now click on the “Add New Cron Job” to add that entry to your crontab. Adding crons can be a bit overwhelming at first, and quite confusing. Do not be discouraged by all the info, cPanel will do a large majority of the setup for you. Just pick a time to run, add your command, make sure to send the output to either email or /dev/null. If you have issues, I would recommend contacting your web host to see if they can help you out.

File Manager.
The File Manager is just what it sounds like. If you have ever used a computer, then the file manager should feel familiar, just in a web browser. Click on the “File Manager” button and you will be presented with a whole new window with a lot of buttons and folders. On the left side is the directory structure of your home folder. From here you can choose to make new folders, or browse to current folders. The right window will show you what files are in the folder you have chosen on the left. You can select files, or folders, in the right pane that you may want to modify. For example, if you want to modify your .htaccess file for a given site. One gotcha is the fact that, by default, cPanel does not show hidden files. These are files that start with a “.” period. To enable viewing and modifying of hidden files/folder, click on the settings button located in the very top right. A new window will pop up, find the option for “show hidden files (dot files)” and put a check next to it and click save. You should now see all the hidden files and folders. Now you can browse to the .htaccess file you want to edit, select the file and click “edit”, a new window will open, make your change and then click “save changes”. Some other options you might use is “view”. This allows you to safely view the contents of a file without the possibility of accidentally changing the file. Copy is used to make a backup copy of the file. I would highly recommend creating a backup copy of a file before making a change, accidents do happen. Never delete any folders that you are not sure you can live without on the left pane. Some of these folders are created by cPanel for various reasons and applications. Deleting folders at random, or accidentally could result in your cPanel account needing to be restored or mail being deleted. You don’t want to run into issues, so use caution when in the file manager. Folders of note, public_html, is the location of your primary account domain. Any folder outside of this area with a name like a domain, will likely be a addon domain that was created. Any folder named “.well-known” is used for AutoSSL, do not delete these folders. The folder named mail, is where your email is stored. The folder named etc and var, is where cPanel stores some critical config files for your account. Public_ftp is the public ftp space, if you have one setup. I just want to stress, do not delete random folders and files, bad things will happen. If you start deleting stuff, make sure you have a full backup of your cPanel account just to be safe.

PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.

PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.

Today on episode 21 Web Hosting Podcast. PCI (Payment Card Industry) changes that have come into affect. These changes make a dramatic shift to the encryption standard that you may not be aware of. If you are on a older operating system, and even some new ones, you may be left out in the cold and unable to get email or see your website. Chrome 68 is coming this month and if your site is not using https, then your visitors will start to see a “not secure” message. Moving your site to https should not break your budget with free SSL (AutoSSL) by cPanel.

What is PCI DSS (Payment Card Industry Data Security Standard)?
Payment Card Industry Data Security Standard applies to companies of any size that accept credit card payments online. If you accept credit cards as a form of payment for anything online, then you need to host your data securely with a PCI Compliant hosting provider. This is not the same as accepting PayPal payments on your website. This is strictly for credit card payment processing. Normally this is done through a payment gateway like authorize.net or others.

PCI DSS (Payment Card Industry Data Security Standard) changes for this year.
Primary change of interest happened on June 30th, 2018. This change made old and outdated forms of SSL/TLS no longer secure by standard. What this means is a higher level of encryption is now required if you are doing any form of credit card processing. This change has the potential to block out users on old outdated operating systems. It will also have the potential to disrupt your email workflow if you are not up to date on your email application. All forms of connections should be using a minimum of TLS 1.2. This means http(s), email, and ftp(s) have to be using TLS 1.2 to make a connection.

How this may directly affect you and your customers.
TLS 1.2 is a pretty old standard (2008), with TLS 1.3 on its way. However, some operating systems do not support TLS 1.2. This includes computers, tablets and phones. If you are currently not using a updated operating system, then you may not be able to send or receive email through your PCI compliant host. This is the most typical scenario I have seen. Most browsers have supported TLS 1.2 for a number of years. However, it has only been recently that IOS, for example, has supported TLS 1.2 in their own mail app.

What to do if you can’t get email or visit your site anymore.
Ensure you are running the most recent version of your operating system of choice. This means upgrade to Windows 10 or the latest Apple OS X. Simply updating Windows 7 to its latest release is not advised. You really need to run the latest operating system version. This also goes for any tablets or phones you may have. Once the latest version is installed you will likely not have any problems. For supported browsers for TLS 1.2, Firefox, Edge and Chrome support the latest TLS standard. For email clients, mail.app (on latest version of OS X 10.13) thunderbird and windows 10 mail.

Chrome 68 will start showing “Not Secure” for sites using http:// this month.
This should come as no surprise to anyone that develops sites or owns their own site. For the past 2 years google has been warning people that this day was coming (queue ominous music!). Google has even said your SEO ranking will suffer if you are not using https:// on your sites. If you are still some of the minor few that have not moved to https for your site, do not delay any longer. Web Hosting Podcast has discussed in many episodes how to use a free SSL certificate if you are on cPanel called AutoSSL. This is a SSL certificate process that is 100% free and will allow you to move to a more secure https. Gone are the days of having to purchase a SSL certificate every year, there really is no reason to not be using https for your site today. For more information on AutoSSL listen to these previous Web Hosting Podcast episodes.

Here, here and here

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Useful website tools to use for your website.

https://www.ssllabs.com/
This is a useful site to check your site for proper ssl settings. You will get a grade once the report is done. An “A” is the best, while a “B” would be acceptable, you should really try and get the “A” grade. I would also recommend when you do your test that you click on the check box that says “Do not show the results on the board”, unless you have a perfect score you want to show off.

https://haveibeenpwned.com/
This site is useful to check if the email you use for logins has been seen on hacked lists. It is also very useful to check the security of passwords you use for logins.

https://www.whatismyip.com/ – list your current IP address

http://www.whatsmyip.org/ – Not to be confused with the .com version of the site. Many useful tools from gzip testing, to password generation. Not as useful as it once was since it does not seem to handle https based websites. But the DNS tools and password generator is quite useful.

https://checkgzipcompression.com – another tool for checking to ensure your site is using gzip compression. This one works with https based sites.

Speed test – google and http://www.speedtest.net/

https://slack.com – Team focused chat with many useful options.

Moving a site to ssl with installatron one click installer. This assumes you are using cPanel with autossl enabled.

1. Test your site to ensure you have a ssl certificate installed. This can be done by going to https://yourdomain. If you your site loads with no errors you can proceed. Some common issues you may run into, site is not fully secure and ssl mismatch. You may need to resolve these errors before you proceed.

2. Inside of your cPanel account, create a new subdomain using the subdomain tool. You will need to wait for the server to generate and install the free SSL certificate for this subdomain. You can test this just like step 1 above.

3. From inside of installatron, clone the live site to the new subdomain, but make sure to select the https version of the subdomain. This should only take a few minutes depending on the site size. This will create a complete copy of your site and move it to the subdomain you created. You can now test the site and fix any issues you may have by going to the subdomain https site. For example, https://subdomain.yourdomain

4. Once things look good on the subdomain, you can go into installaron and clone the site back to the live site but use https version in the drop down.

5. Once the live site is cloned back to https, test again. Things should have been resolved when you used the subdomain, but there may be some lingering links or code that may need to be changed.

At this point your site should be using a valid SSL certificate. If you are uncomfortable doing these steps you may want to contact your developer or your hosting company to see if they can help you out. I would also recommend that you have a full backup of your site before proceeding with anything that is going to change your site. This would include installing plugins, updating core site files, etc… A backup is a simple way to ensure you have a way to get back to a known working state.

Please understand that you use these instructions at your own risk.  I do not acceptable responsibility for anything you do to your website.

Commonly used web hosting terminology.

Commonly used web hosting terminology.

I discuss some of the more basic web hosting terminology used.  This is the link I used for the glossary of terms.

This episode may be a little basic for some listeners, but I want to make sure that everyone knows the terminology and language that we talk about. My hope is to bring some listeners up to speed that may be confused by some of the terminology used in hosting. Again, this episode may not be fore everyone.

Additional information you should know:
Google will be marking all sites that DO NOT use https, ie http, as not secure starting in July 2018.  This will happen with chrome 68. If you are not using https on your website, you have a limited time to get this going. What this means is users to your site will start to see a “not secure” icon in the title bar.  This has the potential to scare away your users/customers.  If you are currently not using https, your SEO is most certainly being affected, this is another reason you really should be using HTTPS.

Gutenberg is coming to WordPress 5.0 are you ready?  For those of you that may not know, gutenberg is the new editor that is coming out in wordpress 5.0.  There is a current test release you can install through a plugin.  I would not recommend doing this on a live site, it is still quite beta and breaks a lot of things.  It is coming though, so if you have a test site I would recommend installing it there and take it for a spin. More info on WordPress and gutenberg can be found here.

This podcast now has a facebook page.

10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on https://webhostingpodcast.com/contact

 

10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via zoom.us to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.

Free SSL/TLS for your web site, Caching options for your web site

Free SSL/TLS for your web site, Caching options for your web site

SSL/tls

What is ssl and tls. – https://en.wikipedia.org/wiki/Transport_Layer_Security
Auto ssl in cpanel – https://blog.cpanel.com/autossl/
Other free SSL sites – Lets encrypt https://letsencrypt.org/
Google will penalize page rankings if SSL is not used as well as mark pages without HTTPS as non-secure.

Caching

In episode one we discussed gzip compression and using cache control headers (expires and headers) to improve website speed.
Now we are going to take it a little farther and discuss more caching options for your site.

A web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met.[1] A web cache system can refer either to an appliance, or to a computer program.

Source wikipedia -https://en.wikipedia.org/wiki/Web_cache

2 WordPress specific caching plugins that I have used.

w3 total cache – https://wordpress.org/plugins/w3-total-cache/
wp super cache – https://wordpress.org/plugins/wp-super-cache/

Common features of both.

– PHP caching.
– Compress pages.
– Don’t cache pages for known users.
– Cache rebuild.
– CDN support.
– Extra homepage checks.

Cloud flare -https://www.cloudflare.com/

Cloud Flare is software as a service cache.

Free plan has many options and features that you will want to use.

– Auto Minify
– Page Rules – custom define patterns for your site. for exmaple lock down wp-admin with custom rules.
– apps – add your google analytics code to every page automatically, even error pages. – https://www.cloudflare.com/apps/
– force ssl and version of ssl, even if you don’t have a ssl cert a free one can be provided
– spdy or http2 integration.
– allow for ipv6 to be used
– access rules, define rules based on IP or Country to use a captcha to see your site.
– AMP (accelerated mobile pages) automatically
– scrape shield – email obfuscation, hotlink protection.
– Always online – if your service provider has a issue, a static version of your site will still be online for pages that have been visited and are sitting in cache.

If your web hosting provider is a cloud flare partner, then you may have immediate access right now to cloud flare inside of cPanel. It is quick and easy to get setup.

If you have show topic suggestions, recommendations or want to be on the show follow this link