Managed WordPress – Frequently Asked Questions

Posted on by Sean John Hoyle
Category: Common Fixes, Managed WordPress, Products | Tags: , , , ,

We have collected some of the most common questions that customers ask about our Managed WordPress Hosting platform and housed them in one place.

 

1. How Can I Access the File Manager?

You can access the File manager by following this article. It will show you where to obtain your FTP and SSH credentials to log in to the server.

https://help.liquidweb.com/s/article/Finding-Your-SFTP-SSH-Credentials-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

2. How Do I Make a Site Live?

Follow our helpful article on how to launch your site for the world to see!

https://help.liquidweb.com/s/article/Going-Live-with-Your-Site-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

If you are using Cloudflare for your DNS, please note that CloudFlare needs to be paused for the issuance of the SSL.

You can temporarily pause Cloudflare by:

 

1. Going to the Overview tab in the Cloudflare dashboard.
2. Expand the Advanced > section.
3. Click Pause.
4. Once the site is live you can Unpause Cloudflare.

 

Pausing Cloudflare will cause your origin IP address to be returned by Cloudflare’s nameservers, sending traffic directly to our servers rather than through Cloudflare’s reverse proxy.
Pausing Cloudflare will allow us to install the Let’s Encrypt SSL certificate on your Managed WordPress site. Once the site is live and has been renamed then you can resume Cloudflare.

3. How do I Make a Staging/Development Site?

Creating a staging/development site can help to create a site on a newer PHP technology or produce new content without making any changes to your production site. If you would like to create a staging/development site before you make any changes to your live site, you can follow the steps in this article:

https://help.liquidweb.com/s/article/Creating-a-Staging-Site-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

4. How do I Take the Staging/Development Site Live?

To make your staging site the live site you will need to use our Migrate to Liquid Web Managed WordPress plugin. The plugin will take your staging site and replace your current live site with the staging site. This will take a few minutes to complete; while your files are transferring, your site will be temporarily inaccessible. To limit the downtime, you will want to do this outside of peak hours.

https://help.liquidweb.com/s/article/Migrating-to-Liquid-Web-with-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

5. What is a Stencil and How Can I Use It?

A stencil will allow you to create a copy of any site you have and save it for another deployment without having to redo all the hard work you’ve put into customizing the site. Click on the following article to learn how to create a stencil site:

https://help.liquidweb.com/s/article/Creating-Stencil-Sites-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

6. How Can I Increase My PHP Limits?

For an increase in PHP values, you will need to create a php.ini file. (Managed WordPress utilizes NGINX which does not read .htaccess files) To do so, you’ll first log in to your server with your SSH credentials. Once you are logged into the terminal you will type

cd /home/s#/html/

and replace s# with the user listed for the website.

In Managed WordPress you'll place the PHP values in the /html directory.

Type

vim .user.ini

press i for insert and then paste these values into the file:

# Begin PHP Memory Limit
php_value memory_limit = 128M
php_value post_max_size 64M
php_value upload_max_filesize 64M
php_value max_file_uploads 64M
php_value max_execution_time= 300M
php_value max_input_vars = 259200M
php_value max_input_time = 259200M
php_value max_input_vars 9999M
# End PHP Memory Limit

Type Esc, and type

:wq to save your edits and exit.

These values are just an example of what you can put — you can increase or decrease the values for what you feel is appropriate for your website.

7. Why Didn’t My Plugins Update?

If your plugins didn’t update, you will want to login to the Managed WordPress dashboard and make sure that plugin updates are enabled. If the updates are enabled and your plugins are still not updated, please contact your Managed WordPress support team.In Managed WordPress you can toggle on and off automatic updates.

8. I Migrated My Site, But I Only See the Default Install. What’s Going On?

This usually happens when the PHP version is set too high for your site. You can adjust PHP versions by going into in the Managed WordPress Dashboard and under SITE DETAILS.In Managed WordPress you'll select the PHP version of your choice.

9. What Cache Plugin Should I Use To Speed Up My Site?

We include caching, so none are really needed, but these three plugins are the most frequently used by our customers and have seen the best results.

Free plugins:
https://wordpress.org/plugins/cache-enabler/
https://wordpress.org/plugins/wp-super-cache/

Paid plugins:
https://wp-rocket.me/

Change Primary Domain in WHM

Posted on by Joel Parks
Category: Common Fixes | Tags: , , , , , ,

If you use multiple aliases ( previously called parked domains) within a cPanel account, you may find yourself wanting to change the main domain used for the cPanel account containing these domains. Changing the primary domain is desirable for multiple reasons and many times occurs when the site in use switches from one TLD to another (i.e., .net to .com). You may desire to change this if the name of your company or site changes. It can also occur when a domain is no longer used, or when the domain is removed from an account. Sometimes the wrong site name was set to be the primary domain, to begin with (we all make mistakes, right?). Whatever the reason for changing the primary domain, the change is relatively simple to make. However, it does make some potentially significant changes on the account that could create the need for additional changes for site functionality, so it is best to understand what these changes are before making this decision wholeheartedly.

Email & DNS

This change will modify multiple factors of the domain including (if you so choose) the cPanel username (which is usually not advised), the FTP username and MySQL users. Making this change will delete any custom DNS records if you are using custom nameservers setup within WHM and hosting your DNS. If using custom nameservers be sure to go into the DNS editor and take a screenshot of your DNS for the domain or copy the records to a text document before making this change. An additional effect is that all e-mail accounts change to reflect the new domain, for example changing the primary domain from yourdomain.com to newdomain.com will change admin@yourdomain.com to admin@newdomain.com. You may then need to update the e-mail address and username (for both incoming and outgoing servers within your e-mail client) on any devices that e-mail account is set up on.

Aliases

If you already added an alias ( a parked domain which shares content) or addon domain (which has its content apart from the main domain), you need to remove it first. Meaning you may need to save the content and site data for addon domains elsewhere on the server until after this change. You will also want to remove any subdomains of your primary domain name before you can change it as well. The following can be used as a basic guide to remove these as the process for each is the same:

Log into cPanel: yourdomain.com/cpanel
Navigate to and click on ‘Aliases’ (this may be listed as parked domains on older versions of WHM) (or you could locate subdomains or addon domains)
Locate the alias you want to be removed and click remove.

SSL Certificates

If you have an SSL certificate applied to this account, you will end up revoking the SSL installed for the current primary domain by removing it. In these cases a new SSL is necessary. If you are using AutoSSL, you may need to re-run to ensure all sites have an SSL installed appropriately. If you have purchased an SSL, you will need to order a new SSL for the new domain name.

Changing the primary domain may require modifying the siteurl if you are using WordPress and this could break the installation until you change the URL.

Hostname

Often changing the primary domain is confused with the hostname of the server, these are separate changes. However, for clarity, this does not change the hostname of the server (your server name) and does not change the name of the server within your manage.liquidweb.com account either. Changing the primary domain will only change data related to the cPanel account and its associated user. While most changes are made within the cPanel account for the user, this change can not be made within the cPanel account for the domain. Changing the primary domain is done via WHM which requires root level access.

Backups

Before making any significant changes on your server, its advised to have the ability to revert in case of mistakes. Create a full website backup via cPanel for the account you want to modify. You can find instructions on how to do this here.

Ensure that you have available backups for the domain within the backup restoration area in WHM. These will be available if you already have backups configured within WHM. If you use alternate means to back up your accounts, ensure you have available backups before making this change.

To change the primary domain, you will need to do this within WHM.

  1. You can access WHM by using the servers IP followed by the port 2087, or if DNS is set up for the hostname, you can access WHM by using the hostname/whm. Another method is to use a domain name on the server followed by /whm:Examples:
    • 192.168.1.1:2087 (replace the IP with your servers IP)
    • https://hostname.com/whm
    • https://domainname.com/whm
  2. To change the primary domain login to WHM using the root user and root password:To change the primary domain log in to WHM using root.
  3. After logging the top right of your window is a search bar (you may need to expand this menu). Access List Accounts via the search bar and click on the link it displays.Find the primary domain in WHM by searching for "List Accounts".
  4. Find the user you want to modify by typing in the name of the account in the new search bar that opens. Then click the + symbol next to the user:In the WHM account click the "modify account" button to change the primary domain.
  5. Finally, click the Modify Account button:The 'modify account' button changes the primary domain in WHM.
  6. Change the Primary Domain to the domain you want in its place:WHM screen indicates where to change the primary domain.
  7. Decide if you’re going to adjust options. You could decide to modify the databases associated with the domain to include new prefixes, for example, changing the Username.
Note:
If you are not familiar with what these changes mean. It’s highly recommended NOT to change the cPanel username. Since the username is tied to the database name, you may get database errors when altering. Changing the username requires further site coding and configuration by your developer. Your WordPress or CMS configuration file will need to be updated if the username is changed creating new database names.

After making this change, you may find that you want to keep the old e-mail addresses used by the old primary domain. If this is the case, the fix is simple. Park the old domain on the new one via an alias and create new e-mail accounts under the old domain name within CPanel’s e-mail accounts section. This way you can still use your existing e-mail accounts and also change the primary domain.

You have successfully changed the primary domain for this account! Our Support Teams are filled with talented admins with an intimate knowledge of multiple web hosting technologies, especially those discussed in this article. If you are Fully Managed VPS customer and you are uncomfortable with performing the outlined steps, we are a phone call, chat or ticket away from assisting you with this process

Troubleshooting: Cron Jobs

Posted on by Mark Cunningham
Category: Common Fixes | Tags: , , , , , , , ,

Cron is a service for Linux servers that automatically executes scheduled commands. A cron job can be a series of shell commands, scripts, or other programs. Cron tasks or jobs can perform a variety of functions and once ran can send out an e-mail message to inform you of its completion or errors. If you receive an error, there are many ways to troubleshoot the cron task.  Use this article for troubleshooting assistance or a tutorial on the basics of cron jobs. If you would like to learn more about creating a cron job check out our Knowledge Base tutorials on the subject.

Checking Configurations with Crontab

From the command line, you can review the scheduled cron jobs by listing the crontab for the user. This command outputs the contents of the user’s crontab to the terminal.

As the user you can run:
crontab -l

As root, you can see any user’s crontab, by specifying the username.
crontab -l -u username

You can find some detailed information about how to format the cron jobs in the /etc/crontab file.  Below is the example within that file.  Each asterisk can be replaced with a number or to its corresponding field.  Or you can leave the asterisk in place to represent all possible numbers for that position.  For example, if left with all asterisk this means that the cron job will run every minute, all the time.

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed

 

Altering the E-mail Address of a Cron

Once initiated, a cron sends a notification to an email address, set within the MAILTO line of the crontab.

MAILTO="user@domain.com"

To edit the crontab, you can run the following commands as the user:

crontab -e

Or if logged in as root, you can type in the username for any of your users to see a scheduled task that they have created.

crontab -e -u usernameThese open the crontab of the user in the default editor. Typically the vim or nano command will open the file. Be aware that this similar to opening any other text file where you’ll save before closing.

The MAILTO line indicates where the execution status of a cron should be sent. The sending address will typically be the cron task creator’s username along with the server’s hostname. So an email’s sender address would follow this syntax, unixuser@serverhostname.com. If you don’t see an email right away, it may be a good idea to check your spam box.

Silenced Crons

Sometimes cron jobs are configured to either produce no output or have its output silenced, even if set with a MAILTO address. If you see a cron job listed with any of the following on end, it is a sign that the cron has output has been silenced. These send any output to the null device (the black hole on a Linux server). In cases like this, you’ll need to remove the line from the cron job script to generate an output.

&> /dev/null

2>&1 /dev/nullSome cron jobs are disabled entirely. These will have a “#” in front of the command, resulting ignored lines when executed. Remove the “#” to re-activate the cron job.

Verifying the Crond Service

Once you’ve confirmed the correct settings, it’s time to verify that the cron system is enabled and running. The three following commands can each be used to verify if the crond (the cron service) is running.

/etc/init.d/crond status

service crond status

systemctl status crond

After running any of the above commands, if you find the crond service is not running, you can start it with one of the following.

/etc/init.d/crond start

service crond start

systemctl start crond

/var/log/cron

Once you know that the cron is enabled, not silenced, and crond is running, then it’s time to check the cron log, located in the path of /var/log/cron.

cat /var/log/cron

Example Output:

Oct 2 23:45:01 host CROND[3957]: (root) CMD (/usr/local/lp/apps/kernelupdate/lp-kernelupdate.pl > /dev/null 2>&1)
Oct 2 23:50:01 host CROND[4143]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Oct 2 23:50:01 host CROND[4144]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)In the log, you will see if, when and what user ran the cron. If initiated, you’ll see the date and time of execution followed by brackets of the individual cron number. This timestamp does not confirm that the script ran normally or at all, it only signifies when the cron system last ran the task. Beyond that, you may need to investigate the cron script itself or application-level configurations and their respective logs to ensure the code is executing correctly.

Other Cron Services

This article is merely an overview of the main crond service as there many other cron tasks services. The anacron system is a commonly used cron service that configures daily or hourly jobs, and can even be set to run at reboot. The logs for these kinds of tasks are within /var/log/cron, and are not executed by crond.

Other scheduled tasks, although also referred to as cron jobs, are not executed from the crond system. These cron jobs are often configured within the code or configuration of a website. To determine if executed, you’ll need to investigate other configurations and logs that the cron script interacts with.

As with all cron services, automated jobs can be manipulated to execute numerous daily tasks, so you don’t have to. Cron tasks can occasionally go awry even without altering them or years, but knowing where to look is half the battle in troubleshooting a cron job.

 

Remote Desktop Troubleshooting

Posted on by David Richards
Category: Common Fixes | Tags: , , , , , , , ,

Remote Desktop Protocol (or RDP) is the most common method of gaining administrative access to a Windows server. RDP is available on all versions of Windows server and a client (called Remote Desktop Connection) is included with all versions of Windows desktop operating systems. Clients are also available for Macintosh operating systems from Microsoft in the iTunes store and for Linux desktops with applications like FreeRDP. Connecting to your server via RDP allows you full control of the server desktop environment, just as if you were sitting in front of the server’s monitor and keyboard. Depending on your permissions and settings, you can copy and delete files, change file permissions or settings, and even print documents from the server.

Pre-Flight Check

Using Remote Desktop Protocol to manage a Windows server generally requires a few basic settings and information about the server.

  • First, the Remote Desktop Service must be running on the server to which you would like to connect (RDP uses port 3389 by default).
  • Second, you need to know the IP address of the server.  
  • Third, you must have a username and password that is allowed to connect to the server remotely (often, this is the primary administrator account, but can also be a secondary account set up specifically for remote access purposes).
  • Finally, the Windows firewall (and any other hardware or software firewalls) needs to be configured to allow Remote Connections from your location.

 

Once you have all of the correct settings enabled, IP address and user account details, you can connect RDP to your server! Just launch the RDP client, enter the IP address of the server and the user credentials, and log in to the server using what looks like the standard Windows desktop environment.

Image of Remote Desktop Connection

As helpful as the Remote Desktop Protocol can be when it comes to managing your Windows server, there are also times when the connection fails, which can be very frustrating as the error message is generally not very helpful (often just the window shown below).         

RDP Connection Error Pop Up

 

The error shown above means that for some reason, your client was unable to make a connection to the Windows server via the Remote Desktop Protocol. When you are experiencing connectivity issues, there are many items that you can check to try to resolve the problem.

 

  1. Ensure you can reach the server via ICMP (or Ping). Most desktop operating systems will allow you to send small bits of information to the computer to verify connectivity and connection speeds. Generally, you just need to open a terminal window (on a Windows desktop, press the Window key, then type cmd and press enter) and enter the following command: ping IP or ping domain.tld. Normally, you’ll receive an output that is similar:Ping Results
  2. This output shows the pings were successful to the destination and took between 50 ms and 150 ms to complete. These pings indicate a successful connection to the server as desired (at least over ICMP). If the output for the command shows a failure to respond, we know there is some network interference.
  3. If the ping test fails (indicated by repeating asterisks), check your internet connectivity to guarantee that you can reach other resources on the internet. If not, you may need to contact your local service provider to restore your internet access.
  4. Reaching other internet sites but not your server indicates your server is refusing connections from your IP address (due to security software or firewall settings). You may need to contact your hosting company to verify there is not an IP address blocked by your server. You can find your current public IP address by going to http://ip.liquidweb.com.
  5. Can you ping your server, but still can’t connect over RDP? It is likely an issue with the RDP service or your firewall. You’ll need to contact your hosting company to get assistance with the service or firewall.

Firewall Issues

Best practices in configuring a firewall is to allow the least amount of access necessary for the various connections to the server. Limiting the connections to a particular service like RDP is called “scoping” the access for that service. If your configured Windows firewall scopes traffic on RDP, it’s possible that a user may not be able to connect due to their IP address not being included in the rule. Access to the server via RDP from one user but another user is not, check the firewall; their IP address may not be included in the allowed list of IPs for Remote Desktop Access.

  1. Log in to the server, click on the Windows icon, and type Windows Firewall into the search bar.Firewall Settings
  2. Click on Windows Firewall with Advanced Security.
  3. Click on Inbound Rules
  4. Scroll down to find a rule labeled RDP (or using port 3389).
  5. Double-click on the rule, then click the Scope tab.Scope Tab
  6. Make sure the user’s current IP address is included in the list of allowed Remote IPs.

If you are unable to connect to the server from your location, contact your hosting company for help in checking the firewall rule for RDP access.

User Connectivity Problems

Can you connect to RDP using the administrator account, but one or more of the other accounts cannot? There may be a problem with the user account permissions.

  1. Make certain the user is a member of the Remote Desktop Users group. Log in to the server with the administrator account, then go to the Local Users and Groups control panel (Open Administrative Tools, then open Computer Management).Local Users and Groups
  2. Navigate to the Remote Desktop Users group and verify that the user is a member of the group. If they are not a member of the group, add them as a member of the group.
    remote desktop users group
  3. Go to the username under the Users tab. Make sure that the user account is not locked out. Accounts can get locked out due to too many attempts to log in with an incorrect password (either by the user or by a brute force attack on the server).
    account lockout screen
  4. Double check the firewall for the IP address of the user and add to the scope of the RDP rule.

No Available Connections/Sessions

By default, Windows server only allows two users to connect via RDP simultaneously. If both sessions are already in use, you will receive an error indicating that no additional users are allowed to connect at this time. Too Many Users Error

To resolve this issue, you will need to wait until one of the other users logs out or you’ll require to purchase additional RDP user licenses from your hosting provider (assuming that you regularly need access for more than two users at a time).

Failed login attempts during a brute force attack can sometimes take up RDP licenses, even though the session isn’t connecting. If you are experiencing unavailable sessions even when no one is logged in to the server, it’s possibly the result of a malicious login. The best remedy for this situation is to scope the firewall rule to prevent access attempts from unauthorized IP addresses.

Data Encryption Errors

If you are using an out of date Remote Desktop Client or are connecting to an older Windows server, you may receive an error that there is a problem with the TLS settings for the connection. Generally, you can resolve this issue by updating your RDP client software on your workstation. It may also be possible to set the client to ignore these errors, but that could leave your workstation and your server vulnerable to malicious attacks.

Sudden Disconnection

If you are using RDP and suddenly lose the connection, the issue is almost always related to your internet connection. Check to make sure that you can stay connected to other services (like running a ping command in the background). If you are not losing internet connectivity, it’s possible that the server is running out of memory or the RDP service may be experiencing an active attacked in a brute force attack. If you’ve confirmed that your internet connection is stable, contact your hosting company to make sure that the server is not the cause of the lost connection.

Slow Connection Issues

If the connection between your location and your server is slow your Remote Desktop Session may not function as smoothly as you would like. However, you may be able to adjust the Desktop Environment settings of the connection before you connect to simplify and speed up the connection.

  1. Open the Remote Desktop Client application (these directions are for the Windows built-in client, but most RDP clients have similar settings available).
  2. Click on the Experience tab to see the various items you can choose to enable or disable to improve your connection speeds. Change the drop-down to select a specific connection speed or select/deselect the various items to optimize performance.Remote Desktop Connection Settings

         

Windows 10 Update Issues

Oddly enough, Microsoft updates often cause problems with RDP connectivity. As recent as April 2018, an update on both the server operating system and the Windows 10 desktop operating system caused connectivity issues for many users. Generally, the best policy is to update both the server and workstation, as connectivity issues most often arise when the two systems are not on the same update cycle. You may be able to resolve a new connectivity issue by removing a recent Windows update (either on the server or the desktop). Many users also reported that disabling the Printer option from the local resources setting resolved the most recent connectivity issue.         

Local Resources

 

While RDP is a great tool for managing your Windows server, connectivity issues can be frustrating. By working through the possible causes of the connection problem, you will generally be able to get reconnected and working again in no time!

Create a Robots.txt File

Posted on by Echo Diaz
Category: Common Fixes | Tags: , , , , ,

A web robot’s primary job is to scan websites and pages for information; they work tirelessly to collect data on behalf of search engines and other applications. For some, there is good reason to keep pages away from search engines.  Whether you want to fine-tune access to your site or want to work on a development site without showing up Google results, once implemented the robots.txt file lets web crawlers know which parts they can collect information.

Create a Robots.txt File

As being one of the first aspects analyzed by crawlers, the robots.txt file can be implemented on a page(s) or an entire site to discourage search engines from showing details about your site. Through this article, we will be providing insight into how to use the robots.txt file as well as syntax needed to keep these bots at bay.

User-agent: *
Disallow: /

 

Let’s break down the code below “user-agent” pertains to the web crawlers and the * sign means all web crawlers. Consequently, the first line grabs attention by saying “Listen up all web crawlers!” We move onto our second line which lets the web crawler know its direction. The forward slash (/) stops the bots from searching all the pages on your site. You can also discourage information collected for one specific page, in this case, it is a map of our building layout. Since the design of our building does not need to searchable, with the command below, I can tell all bots to leave out the index of the buildinglayout.png photo, while keeping it viewable to any guest that want to view.

User-agent: *
Disallow: /buildinglayout.png

 

Contrary, if you would like for all search engines to collect information on all the pages in your site you can leave the Disallow section blank.

User-agent: *
Disallow:

 

There are many types of web crawlers (aka user-agents) that can be specified. Below is a chart of the most popular web crawlers followed by as their associations. Furthermore, you can also instruct these bots to index a certain page by using Allow, as shown in the example below. You can implement these web crawlers within your robots.txt file like so:

User-agent:Googlebot
Allow: /parkinglotmap.png
Disallow: /buildinglayout.png

User-agent and their Association
Mostly, sites don’t automatically come with a robots.txt file (and isn’t required) so you can create one using a text editor and upload the file to your root directory or any other directory.  Luckily, if you use the popular CMS, WordPress and its helpful SEO plugin Yoast, you’ll see a section within the admin window to create a robots.txt file.

Robots.txt File In WordPress

Yoeast SEO Tool Section

 

After logging into your WordPress backend (yourdomain.com/wp-login.php) locate the SEO section and select Tools. After clicking on the file editor link, you see a page that looks similar to the code used in the first of our article.

Wordpress Robots.txt File

 

Our example keeps web bots from WordPress login page, including wp-includes directory while still allowing users and bots to see other pages of our site. Take note of the necessary ending slashes after the directory (but not needed when disallowing pages). After editing select the “save changes to robots.txt” button to activate the robots.txt file.

 

 

Upgrade PHP 5.6 to 7

Posted on by Echo Diaz | Updated:
Category: Common Fixes | Tags: , , , , , , , , ,


PHP is a programming language that can run with Apache or Microsoft IIS and works with your server to execute the requests that make up your website. 88% of online sites run on, soon to be vulnerable PHP 5.X technology. At the close of this year, scheduled by Dec 31, 2018 security support will end for our dear old friend PHP 5.6, meaning bugs and security fixes will not be tended to and could lead to security vulnerabilities. Each PHP version gets supported actively for two years while the third year only gets critical security updates. Luckily, the PHP gods had smiled upon us and extended the life for just a year longer than the typical PHP version before giving us the new year deadline. For all of you developers out there wanting to know exactly what is changing, here’s a helpful migration guide from PHP 5.6 to PHP 7.X.

While the last of PHP 5 closes out with PHP 5.6, this will inevitably leave websites utilizing PHP 5 vulnerable to attacks as well as poor performance. It has substantially reached its infamous End of Life (EOL) title. Switching to the newer PHP 7 versions is not only good for the security, but updating can ultimately save you money. Reducing the cost of doing business by avoiding software incompatibility and compliance issues. If an emotional headache isn’t enough to persuade developers to switch, the benefits will. Benchmarks show PHP 7.x has been tested to run three times faster than PHP5.6!

Let’s see:

  • Faster performance resulting in less memory usage
  • Three times faster page loads*
  • Better for heavy traffic sites
*Performance increase as benchmarked in a testing environment. Other developer’s website performance changes between PHP 5 and PHP 7 may vary.

If you are in a shared environment that manages the OS and framework, then your hosting provider should be sending out notifications of the upcoming change, their plan of action, and cut off dates. Our managed hosting products, such as Storm VPS, Cloud Sites or Managed WordPress, have support teams that can help you switch from PHP 5.X to PHP 7.X easily. Our Managed WordPress product has a compatibility checker built in & one click button to upgrade, yet another reason to love it!


While using WordPress to power your site you can check some vital aspects by going to the WordPress plugin page and searching for the plugins that you use. Once you find the plugin or themes that you utilize, their spec pages will usually say what PHP version they employ. Also, check out the review tab for comments from users as this section gives useful information. This review tab is helpful for seeing if others have had issues with the plugin or theme and newer PHP versions. It is good practice to look up reviews and see what people have been saying about said plugin. If you don’t see any responses or it hasn’t rated well, then you will want to stray away from it. If you use custom plugins, check with your developer to see how they operate in new PHP versions. The WordPress Compatibility Plugin check will give you a list of plugins and themes that may not mesh well with PHP 7.X.

If you run a mission-critical site its best to do a compatibility checker because blindly upgrading could result in some parts of your page to not function. Checking PHP compatibility, as you would imagine, is a little more in depth but from research online, there is a compatibility checker for VPS servers that you can utilize by downloading the repo from GitHub.

It is worthwhile to note that some plugins may need a PHP module to be installed for the plugin to work. When upgrading the PHP version, you may also need to re-install the PHP module. Fortunately, our support team can assist with installing any PHP module you may need or give the best course of action if the PHP module is not available for your PHP version.

If you are using a Linux VPS the easiest way to check is to ssh into your server and run the following command via your terminal:

php --versionOutput: PHP 7.0.30 (cli) (built: Jun 26 2018 20:34:16)

cPanel:

Note
It’s important to make a backup of your site before migrating to PHP 7.X

Search php, select Multi PHP Manager, will show this screen to show which php version you are using. While on the PHP Version screen you can update the PHP version here by clicking on the check mark next to the domain and selecting the desired PHP version on the right drop down and click Apply.

Search For PHP and Click MulitPHP Manager Icon

Redirect to HTTPS

Posted on by Jerry Vasquez | Updated:
Category: Common Fixes | Tags: , , , , , ,

Google just announced that starting July 2018 Chrome, their very popular web browser, will start alerting for all websites which are not using Secure Sockets Layer, or SSL encryption. This is huge. The ramifications of such an alert could be quite impactful to traffic, to websites, and especially for the average user. So, what does that mean for you? More importantly, what can you do about it? No worries! Liquid Web has you covered.

In today’s post, we’ll be detailing some of the finer points of SSL encryption including what it is, what it means, and how to employ it. Let’s get started!

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer, or SSL, is a means to encrypt traffic. That’s it! They’re no mystery, and there’s no reason to feel daunted by the technical term. The best part is that you’ve probably been making use of SSL encrypted traffic forever and haven’t even noticed it. If you’ve ever browsed to a website and noticed the prefix https:// or a little padlock in the browser bar, you’re using Secure Sockets Layer encryption.

Unencrypted: non-SSL

Insecure Site
Encrypted: Secure SSL
Secure Site

At a very high level, it’s referred to as a key-cert pair, and it’s super easy. The key file and certificate files are installed on your web server. Once installed your visitors browse to the https:// prefix and that’s it! Their traffic is encrypted end to end. If you’re unsure whether or not you’re currently using an SSL, there are some handy tools like  Why No Padock that can help identify your usage.

How does SSL work?

The more technical portions revolve around an encryption algorithm and are a little specific for the average user. At its base, an encryption key and certificate are installed on your web server, as we mentioned earlier. This key is comprised of details about the website. Nothing scary, though! It’s just enough to ensure the site is who it claims to be. Details such as the domain name, the company’s name, the company’s business address; that kind of thing. You know, aspects you’d like to know about a legitimate company with whom you’re choosing to do business and, as a business owner, are proud to announce to the public.

Finally, that information is submitted to a known certificate authority who’ll encrypt the data into the key-cert pair we talked about already. You’ll install the key-cert pair on your server. Then, whenever someone tries to access https on your site, their browser will receive that public cert and compare it to public records for your domain. The browser will verify that your business is legitimate, –because it is!– and will use that certificate to encrypt all the data that’s passed between them and your web server.

This means, whenever there is data moving between them and you, if any bad guys try to inspect or steal it, all they’ll get is a bunch of garbled junk. Your data and your clients’ data are both safe and secure!

Liquid Web has a detailed step by step instruction on server setup at our Knowledge BaseOnce you have an SSL installed on your site, your clients still have two means by which to connect to your site. The HTTP method, which is unencrypted, and the HTTPS method, which is encrypted by your new SSL. The choice is usually denoted by how your clients or your referral traffic structures their link.

Redirecting to HTTPS

Note
This process assumes you’ve already installed an SSL on your site.

The process is referred to as “Forcing SSL Redirection.” Ultimately, you’ll use code to make sure, whenever someone goes to HTTP, their traffic is directed over to HTTPS. Click on the tabs below to learn how the different ways to implement SSL onto your site.

cPanelWordpress.htaccessPlesk
If you’re using cPanel, you’ll need to access your cPanel account and navigate to the “Redirects” menu from the “Domains” group.

You’ll notice the Wild Card Redirect check box. This is a unique function that forces all links to HTTPS, not just the primary domain. I’m very much a fan of this option as it ensures all links will be directed to the SSL secured version which has you covered if someone links to a specific page of your site and not the home page.

Click “ADD” and you’re done!

No need to use cPanel, Plesk or the command line with the very popular Content Management Software, WordPress! Editing can be done straight from the WordPress Admin interface. Log into your WordPress Admin interface navigate to the Settings menu. From there you can simply set your WordPress and Site Address to use the https:// prefix, like so:

Wordpress Admin Section in Settings

Easy Peasy! One last test to make sure you’re using your SSL will show that you are! You could use an SSL checker like SSLShopper, or clear your cache on your browser and reload! See our article on how to clear your browser cache if you are having trouble.

You should be able to see the little green padlock in the browser bar that gives your clients that warm, fuzzy feeling. Even better, the upcoming alert from Google Chrome about unencrypted traffic is no longer a worry.

More advanced users who aren’t using a control panel can use some simple rules in their .htaccess file.

From the command line, navigate to the document root of your domain and use your favorite editor to open or create your .htaccess file. Then add the following lines:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Here’s an output of mine:

Example of Redirection Code

The method is very similar for Plesk: Log into your Plesk interface and navigate to the “Hosting Settings” for your domain:

Locating Hosting Settings in Plesk

From the Security subheading of the Hosting Settings, check the SSL/TLS support and Permanent 301 redirect checkboxes. Also, make sure you select the correct certificate. Lastly, click the “Apply” button and you’re done!

Redirection Settings Within Plesk

Mixed Content (Insecure Content)

There is one last part. SSLs are installed on your server. So they can only encrypt and protect objects that are on your server. This means, if you happen to be linking to off-server content, like Facebook posts, YouTube links, or images or other content from some else’s sites, you have to make sure they’re using an SSL too. If they’re not, you’re technically hosting insecure content on that page and Chrome will alert your clients as such (characterized by having https but not the green lock). If you’re unsure about the content on your site, you can use a site like Why No Padlock to check. It’ll give you a nice readout and will list any issues with unencrypted content under the “Mixed Content” heading in the report.

Luckily, big names like YouTube and Facebook are already on board and use SSLs. But there are still a lot of sites on the internet who do not. It’s up to you to help the internet’s security and be diligent in our pursuit to be good net-citizens together.

You’re now familiar with SSLs, Forced SSL Redirection and the upcoming Google Chrome alert. As always, if ever you need help or have issues, our Knowledge Base is here for you to peruse and our Helpful Support Humans are happy to help.

 

Addressing WordPress 4.9.4 Update and Vulnerabilities

Posted on by Libby White | Updated:
Category: Common Fixes, Featured Articles | Tags: ,

If you run WordPress sites you likely know it is critical to make sure that your software is up to date. In fact, you may have automatic updates enabled, so your site updates as soon as WordPress updates are available.  If you are running WordPress sites on a Liquid Web product such as our Storm VPS or Dedicated servers, please read on. This article contains critical information for you regarding WordPress 4.9.4 updates and action is required.

Note:

For customers on our Managed WordPress or Managed WooCommerce Hosting platforms, we’ll make sure your WordPress install is automatically updated; you do not need to take any action.

WordPress 4.9.4 is now available and addresses a bug in 4.9.3, which will cause automatic updates from WordPress 4.9.3 to fail. This means your site needs to be manually updated to 4.9.4.

Fortunately, updating your WordPress install is pretty simple (We do suggest that you take a site backup before updating, as with any software update.)

  1. Log into your WordPress admin page (www.yourdomain.com/wp-admin). Once logged in you should see a prompt in the WordPress dashboard, as shown below:wordpress admin dashboard update section
  2. Click on the Please update now text, which will take you to the WordPress Updates page. You can also click on DashboardUpdates, where you will be taken to the same WordPress Updates Page.wordpress update home page, click update now
  3. Click the Update Now button. The WordPress update will run, and after it completes, you’ll see the page below:wordpress 4.9.4 updated successfully

As always, our Helpful Human Support team is standing by to assist you with any questions or concerns, just open a chat, ticket, or call us and we’ll be ready. You can also find more information about this maintenance release on the WordPress.org site.

Importing your web store into WooCommerce

Posted on by Dan Pock
Category: Common Fixes, Other | Tags: , ,

Do you run a web store on Shopify (or BigCommerce) and wish you had more control over things? Maybe you wish you had more Payment options on your shop, more Staff accounts, or a more straight forward shop building experience. No matter what the cause, moving to a WooCommerce based shop can give you more control and flexibility over your store. Migrating your store can be a huge headache though, so how do you get that job done?

How can I migrate an existing e-commerce store from Shopify or BigCommerce over to WooCommerce?

Moving platforms can be a frustrating and scary experience. After all, if your web store is down you’re probably not making any money. So getting it done right the first time is just a little important. Thankfully if you are moving from Shopify or BigCommerce that process can be simple.

Both Shopify and BigCommerce have export options that allow you to export products, orders, and customers to CSV files. You can then use these CSV files to rebuild your store in WooCommerce. Export files from Shopify, or BigCommerce, can be imported into your WooCommerce store using the WP All Import plugin.