The Register4Less.com Blog

If you are one of our customers that uses our Advanced Hosting Platform, you’ll be pleased to know Register4Less has now added PHP version 7.1.   PHP is one of the most popular programming languages used on the web today.  Sites like Facebook, WordPress, Twitter and Wikipedia all run using PHP.

The cPanel default (and native) version of PHP is 5.6.  Switching to version 7.1 should make your website load more quickly, thanks to the optimizations that have been made in 7.1.

To make the switch for your website, do the following:

• Log in on http://register4less.com for your domain that’s using the advanced hosting.
• Open up the cPanel (Paid Hosting > Manage Advanced Hosting)
• In the Software section, look for “Select PHP Version” and click the link or icon.
• You may want to note the current version you are using in case you need to revert if your website has problems with PHP 7.1.  It’s probably 5.6 though.
• From the drop down menu, select 7.1 and click the Set as Current button.
• Click on “Use Defaults” at the bottom of the page to use defaults PHP modules.

You’ll want to test your site to make sure everything is functioning correctly.  For WordPress sites, some plugins are not yet compatible with PHPp 7.1, so you may want to try 7.0 if things are not working correctly, or revert back to the version you took note of earlier.

This is part 1 of a 2 part post.

If you’re hosting a WordPress site/blog, chances are, you’re going to have to deal with spam comments being posted to your site.  WordPress is the most popular CMS (Content Management System) environment in use by developers, with over 25% of websites globally now running WordPress.  While it’s undeniably a powerful and flexible platform with which to build your site, it’s also the number 1 targeted platform for spammers.

Can’t I Just Ignore Spam?

Some people new to hosting sites will leave spam comments on their websites, thinking the appearance of comments & ping backs will look like their website is getting increased traffic and interest.  Reasons you don’t want to do this include:

• Bad links will hurt your search engine placement.  Google and other search engines are cracking down on bad links.  If your site is linking to known unrepeatable sources, you will likely see your SEO rankings decline.
• Spam on your website tells your visitors you’re not paying attention to your website.  Generally visitors to  your site will see spam comments for what they are.  This essentially tells your site visitors that you’re not keeping up with the management of your site’s content.
• Spam will slow down your website.  Spam creates unnecessary additional content for your website to load, and can grow quite quickly if not managed.  This will add time for every page to load on your website, and encourages visitors to abandon the page load and go elsewhere.
• Most Spam comments and trackbacks contain links.  More bad news for your site’s visitors.  Many of these links go back to virus/malware, which if followed, could lead to your visitor’s computer becoming infected, and possibly their computer/email account becoming compromised.

Now that you understand why it’s important to keep up maintenance of your website and keep comments & ping backs free from spam, let’s look at some approaches to help you accomplish this.

Automatically Filter Spam Using an Anti-Spam Plugin

By default, the anti-spam filter Akismet is installed and waiting for you to activate it.  To do so, simply log into your WordPress dashboard, click on Plugins, and activate for Akismet.  You will need to register with them to get the plugin running.  Akismet will trap spam and notify you by email when new comments are awaiting moderation.

Regularly Check and Approve/Decline Comments

A continuation of the first point, Akismet will trap comments posted to your site, and allow you to Approve, Trash, or mark comments as Spam.  Letting Akismet know a comment is spam also will help train its filter.  No spam filter is perfect, so sometimes Akismet will place a legitimate comment or pingback into the spam folder.  You should not just delete everything thats been tagged as spam, but go through to make sure legitimate comments get approved.

Disable Comments After a Period of Time

If you’re writing posts to your site, consider disabling comments to the posts after real comment traffic has settled down.  What this period will be will depend on your site and how active comments are given a post you’ve put up.

More coming next week.

We’ll post part two of this next week.  Until then….

Retail Advanced Hosting Plans

Register4Less.com offers two types of advanced hosting services.  Our regular hosting plans provide web only, email only, and combined web and email hosting on a per domain basis.  These are priced between $1.45/month for our entry level 50MB Agate web hosting plan to $11.95/month for our 25GB web, 100 email (200GB space for mail) Topaz Hosting plan.  All of these plans feature the cPanel (control panel) interface to manage email and web hosting features.  The Trendy Tools web builder is included with all web hosting plans, as is the ability to install WordPress, Joomla, Drupal, PHPbb, PHPList and other applications.

Reseller Advanced Hosting Plans

Our reseller plan allows you to create your own hosting plans, so you can define what disc space is allocation for web and email hosting.  The reseller plans start at $24.95 for our Opal 50GB plan and go up to $79.95 for our Onyx 200GB plan.

With the reseller plan, you can sell web hosting plans directly to your customers, or if you have a lot of domains you want to set up, this allows you to host as many as you wish, provided of course that they fit within the space the plan you have selected allows.

Steps for setting up Reseller Hosting

When you purchase a retail hosting plan, the features this plan has are predefined.  With reseller hosting, you have the freedom of defining different packages you can sell to your customers or assign to your own domains, but you do first have to create these.

WHM vs cPanel

In addition to the cPanel interface to manage the hosting services for your domain, you will have an additional WHM (Web Host Manager) interface to use to manage the other domain you will be setting up to use your hosting service.  To connect to this, log into the domain under which you purchased the reseller hosting package (we’ll call this your reseller domain), and go to Paid Hosting > Web Hosting Manager (WHM).

Defining Packages

The first thing you will want to do once you’ve purchased a reseller hosting plan is to setup your packages.  With WHM open, on the left column click on Packages and then the icon for Add a Package.  You can at any time create, edit or delete a package.  A good example set of features for a hosting package are:

• Disk Quota (MB) – 1,000
• Monthly Bandwidth (MB) – unlimited
• Max FTP Accounts – 10
• Max Email Accounts – 10
• Max Email Lists – 10
• Max Databases – 10
• Max Sub Domains – unlimited
• Max Parked Domains – unlimited
• Max Add-on Domains – 0
• Maximum Hourly Email by Domain Relayed – unlimited
• Maximum percentage of failed or deferred messages a domain may send per hour – unlimited

Under Settings, you’ll want CGI Access selected, and the other options not.  Paper lantern is the recommended theme, and choose default for the Feature List.

Once you have completed your settings, make sure you click the blue Save Settings button.

Setting up DNS

When you are adding a domain to your hosting plan, you will need to make sure the DNS is set correctly.  This will have been done automatically for your reseller domain, so what we want to do is configure the domain your adding to have the same DNS setup as your reseller domain.

To do this, instead of typing in all of the settings in the custom DNS zone editor, you will use the DNS > Point Domain(s) to Zone function.  Once on this page, locate the domain you are adding and check the selection box next to it, and the find the Custom Zone box that has your reseller domain in it.  Click the Point to this Zone button in this custom zone box.  You can point more than one domain at a time.

Creating a New Account

Now that you have your packages created and DNS set, you’re ready to add the domain to WHM.  To do this, click on Account Functions, and then Create a New Account.

You will enter in the name of the domain, the username and password (twice), and an email address for the owner of the domain.  You will choose a package from a drop-down list, and should check the option Use the nameservers specified at the Domain’s Registrar.  Leave the Local Mail Exchanger option selected and click the blue Create buttons.

For your customer, they can then login to their cPAnel by entering in the name of their domain and append /cpanel or :2083

New Softaculous Default Settings

If you’re using our cPanel based hosting, the R4L team has made a change to the default settings for the software installation program Softaculous.

When installing WordPress, automatically now a security plugin called WordFence will be installed.  We are also changing the default settings when installing WordPress so that WordPress itself, plugins and themes will automatically stay updated.

WordFence

With over 10.7 million downloads, WordFence is the most downloaded WordPress security plugin, and reputedly the best security plugin.  WordFence will help you scan your site for malware/hacks, and help clean the site if problems are detected.

Updating Your Settings

 Basic Options:

• Where to email alerts: — Enter in your email address

Click the Save Changes button before advancing to the advanced options.

Advanced Options:

 Alerts:

These will depend on how many sites you manage, and how many users you have using your site.  For high volume applications, leave only Alert when an IP address is blocked, Alert when someone is locked out from login, and Alert me when someone with administrator access signs in checked.

Firewall Rules:

• Check Immediately block fake Google crawlers.  It provides false traffic numbers.
• 404’s that exceed 2 per minute, choose throttle it
• How long is an IP address blocked when it breaks a rule, choose the maximum 1 month

 Login Security Options:

• Choose Force admins and publishers to use strong passwords
• Lock out after how many login failures, default is 5, recommend 2 or 3
• Lock out after how many forgot password attempts, default is 5, recommend 2
• Amount of time a user is locked out, set to 60 days
• Immediately block the IP of users who try to sign in as these usernames, set admin

Of course, your admin username must not be “admin”.  These settings help protect against brute force attacks

Part 2

Hide the Username from the Author Archive URL

Or better yet, don’t make public posts from your admin account at all.  If your admin name is published with posts or comments that you make on your site, this will be visible to hackers as well.  This is like having your admin username be “admin”.

Another way an attacker can potentially gain access to your username is via the author archive pages on your site.

By default WordPress will create an author archive under the URL http://yoursite.com/author/myblogs, using your username myblogs.  This is essentially the same security hole as described in last weeks post having the admin username be “admin”.

This is less than ideal, for the same reasons explained above for the “admin” username, so it’s a good idea to hide this by changing the user_nicename entry in your database, as described here.

Disable file editing via the dashboard

In a default WordPress installation, you can go to Appearance > Editor and edit any of your theme files in the dashboard.  If a hacker has cracked your WordPress login, they will have access to these files, and upload whatever files or scripts that they wish.

To disable this method of file editing, add the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

Use a Security Plugin

As well as all of the measures above, there are many plugins you can use to strengthen your site’s security and reduce the chance of being hacked.

Here are a handful of popular options:

• http://wordpress.org/plugins/better-wp-security/ – offers a wide range of security features.
• http://wordpress.org/plugins/bulletproof-security/ – protects your site via .htaccess.
• http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ – adds a firewall to your site.
• http://wordpress.org/plugins/sucuri-scanner/ – scans your site for malware etc.
• http://wordpress.org/plugins/wordfence/ – full-featured security plugin.
• http://wordpress.org/plugins/websitedefender-wordpress-security/ – comprehensive security tool.
• http://wordpress.org/plugins/exploit-scanner/ – searches your database for any suspicious code.

Change the wp_ Table Prefix

By default, each table in the WordPress database begins with wp_. Just like the other default features already mentioned, if you leave it as is, it makes it easier for hackers to infiltrate your site and database tables since the table names are the same across most WordPress installs.

Changing this to something more customized and memorable to you means it will be less accessible to hackers.

There are many plugins that can change the table prefix to something else you choose and here are some of the most popular ones:

https://wordpress.org/support/topic/secure-wordpress-change-table-prefix-after-installation

Check Your File Permissions

If you’re hosting your site on a Linux or Unix server (all of our servers are Linux), files have permissions for owners, groups, and all users.  Permissions are grated for files to be readable, writable and executable.  If your file permissions on important files and directories are too open, almost anyone could have access to these files on the server.

The WordPress Codex has a great guide that explains file permissions in-depth.

Limit Access to Important Pages

Your admin dashboard and login page are among the most important pages since they can grant access to your entire site. Limiting access to these pages means you and your users will be the only ones that will be able to access your site, keep you all a little safer.

Click here to learn how you can limit access to a specific IP address.

Part 1 of 2.

More and more of our customers are opting to use WordPress to build and maintain their websites.  WordPress is an excellent Content Management System (CMS), and now is used for approximately 20% of websites out there.

With WordPress being so popular, it has become a target platform for hackers and spammers to attack WordPress sites.  The platform is mature and secure, however there are steps every developer should take to help protect their websites from these people.  Some are just common sense, and some involve adding additional plugins to your website.

While the following recommendations will largely apply to any CMS platform like Joomla & Drupal, in our examples here, we’ll be focussing on the Web’s number one CMS platform, WordPress. (more…)

Register4Less.com’s new FTP gateway allows you to connect to all of your sites using a common configuration.  The new FTP gateway that makes publishing your website work in the same fashion whether you are using one of our advanced hosting plans or the free 10MB hosting we provide with your domain registration.

In the past, if you upgraded from the 10MB service to one of the advanced hosting plans, we would migrate your website over to the new AHS server, but you needed to create an FTP account on the server if you wished to publish using FTP.  Now however, you can connect to our FTP server on ftp://ftp.R4L.com, and the server will check which type of hosting plan your domain has and on which server, and then connect you to the right place.

(more…)