Upgrade PHP 5.6 to 7


PHP is a programming language that can run with Apache or Microsoft IIS and works with your server to execute the requests that make up your website. 88% of online sites run on, soon to be vulnerable PHP 5.X technology. At the close of this year, scheduled by Dec 31, 2018 security support will end for our dear old friend PHP 5.6, meaning bugs and security fixes will not be tended to and could lead to security vulnerabilities. 
Each PHP version gets supported actively for two years while the third year only get critical security updates. Luckily, the PHP gods had smiled upon us and extended the life for just a year longer than the typical PHP version before giving us the new year deadline. For all of you developers out there wanting to know exactly what is changing, here’s a helpful migration guide from PHP 5.6 to PHP 7.X.

While the last of PHP 5 closes out with PHP 5.6, this will inevitably leave websites utilizing PHP 5 vulnerable to attacks as well as poor performance. It has substantially reached its infamous End of Life (EOL) title. Switching to the newer PHP 7 versions is not only good for the security, but updating can ultimately save you money. Reducing the cost of doing business by avoiding software incompatibility and compliance issues. If an emotional headache isn’t enough to persuade developers to switch, the benefits will. Benchmarks show PHP 7.x has been tested to run three times faster than PHP5.6!

Let’s see:

  • Faster performance resulting in less memory usage
  • Three times faster page loads*
  • Better for heavy traffic sites
*Performance increase as benchmarked in a testing environment. Other developer’s website performance changes between PHP 5 and PHP 7 may vary.

If you are in a shared environment that manages the OS and framework, then your hosting provider should be sending out notifications of the upcoming change, their plan of action, and cut off dates. Our managed hosting products, such as Storm VPS, Cloud Sites or Managed WordPress, have support teams that can help you switch from PHP 5.X to PHP 7.X easily. Our Managed WordPress product has a compatibility checker built in & one click button to upgrade, yet another reason to love it!


While using WordPress to power your site you can check some vital aspects by going to the
WordPress plugin page and searching for the plugins that you use. Once you find the plugin or themes that you utilize, their spec pages will usually say what PHP version they employ. Also, check out the review tab for comments from users as this section gives useful information. This review tab is helpful for seeing if others have had issues with the plugin or theme and newer PHP versions. It is good practice to look up reviews and see what people have been saying about said plugin. If you don’t see any responses or it hasn’t rated well, then you will want to stray away from it. If you use custom plugins, check with your developer to see how they operate in new PHP versions. The WordPress Compatibility Plugin check will give you a list of plugins and themes that may not mesh well with PHP 7.X.

If you run a mission-critical site its best to do a compatibility checker because blindly upgrading could result in some parts of your page to not function. Checking PHP compatibility, as you would imagine, is a little more in depth but from research online, there is a compatibility checker for VPS servers that you can utilize by downloading the repo from GitHub.

It is worthwhile to note that some plugins may need a PHP module to be installed for the plugin to work. When upgrading the PHP version, you may also need to re-install the PHP module. Fortunately, our support team can assist with installing any PHP module you may need or give the best course of action if the PHP module is not available for your PHP version.

If you are using a Linux VPS the easiest way to check is to ssh into your server and run the following command via your terminal:

php --versionOutput: PHP 7.0.30 (cli) (built: Jun 26 2018 20:34:16)

cPanel:

Note
It’s important to make a backup of your site before migrating to PHP 7.X

Search php, select Multi PHP Manager, will show this screen to show which php version you are using. While on the PHP Version screen you can update the PHP version here by clicking on the check mark next to the domain and selecting the desired PHP version on the right drop down and click Apply.

Search For PHP and Click MulitPHP Manager Icon

Redirect to Https

Google just announced that starting July 2018 Chrome, their very popular web browser, will start alerting for all websites which are not using Secure Sockets Layer, or SSL encryption. This is huge. The ramifications of such an alert could be quite impactful to traffic, to websites, and especially for the average user. So, what does that mean for you? More importantly, what can you do about it? No worries! Liquid Web has you covered.

In today’s post, we’ll be detailing some of the finer points of SSL encryption including what it is, what it means, and how to employ it. Let’s get started!

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer, or SSL, is a means to encrypt traffic. That’s it! They’re no mystery, and there’s no reason to feel daunted by the technical term. The best part is that you’ve probably been making use of SSL encrypted traffic forever and haven’t even noticed it. If you’ve ever browsed to a website and noticed the prefix https:// or a little padlock in the browser bar, you’re using Secure Sockets Layer encryption.

Unencrypted: non-SSL

Insecure Site
Encrypted: Secure SSL
Secure Site

At a very high level, it’s referred to as a key-cert pair, and it’s super easy. The key file and certificate files are installed on your web server. Once installed your visitors browse to the https:// prefix and that’s it! Their traffic is encrypted end to end. If you’re unsure whether or not you’re currently using an SSL, there are some handy tools like  Why No Padock that can help identify your usage.

How does SSL work?

The more technical portions revolve around an encryption algorithm and are a little specific for the average user. At its base, an encryption key and certificate are installed on your web server, as we mentioned earlier. This key is comprised of details about the website. Nothing scary, though! It’s just enough to ensure the site is who it claims to be. Details such as the domain name, the company’s name, the company’s business address; that kind of thing. You know, aspects you’d like to know about a legitimate company with whom you’re choosing to do business and, as a business owner, are proud to announce to the public.

Finally, that information is submitted to a known certificate authority who’ll encrypt the data into the key-cert pair we talked about already. You’ll install the key-cert pair on your server. Then, whenever someone tries to access https on your site, their browser will receive that public cert and compare it to public records for your domain. The browser will verify that your business is legitimate, –because it is!– and will use that certificate to encrypt all the data that’s passed between them and your web server.

This means, whenever there is data moving between them and you, if any bad guys try to inspect or steal it, all they’ll get is a bunch of garbled junk. Your data and your clients’ data are both safe and secure!

Liquid Web has a detailed step by step instruction on server setup at our Knowledge BaseOnce you have an SSL installed on your site, your clients still have two means by which to connect to your site. The HTTP method, which is unencrypted, and the HTTPS method, which is encrypted by your new SSL. The choice is usually denoted by how your clients or your referral traffic structures their link.

Redirecting to Https

Note
This process assumes you’ve already installed an SSL on your site.

The process is referred to as “Forcing SSL Redirection.” Ultimately, you’ll use code to make sure, whenever someone goes to HTTP, their traffic is directed over to HTTPS. Click on the tabs below to learn how the different ways to implement SSL onto your site.

cPanelWordpress.htaccessPlesk
If you’re using cPanel, you’ll need to access your cPanel account and navigate to the “Redirects” menu from the “Domains” group.

You’ll notice the Wild Card Redirect check box. This is a unique function that forces all links to HTTPS, not just the primary domain. I’m very much a fan of this option as it ensures all links will be directed to the SSL secured version which has you covered if someone links to a specific page of your site and not the home page.

Click “ADD” and you’re done!

No need to use cPanel, Plesk or the command line with the very popular Content Management Software, WordPress! Editing can be done straight from the WordPress Admin interface. Log into your WordPress Admin interface navigate to the Settings menu. From there you can simply set your WordPress and Site Address to use the https:// prefix, like so:

Wordpress Admin Section in Settings

Easy Peasy! One last test to make sure you’re using your SSL will show that you are! You could use an SSL checker like SSLShopper, or clear your cache on your browser and reload! See our article on how to clear your browser cache if you are having trouble.

You should be able to see the little green padlock in the browser bar that gives your clients that warm, fuzzy feeling. Even better, the upcoming alert from Google Chrome about unencrypted traffic is no longer a worry.

More advanced users who aren’t using a control panel can use some simple rules in their .htaccess file.

From the command line, navigate to the document root of your domain and use your favorite editor to open or create your .htaccess file. Then add the following lines:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%(REQUEST_URI) [L,R=301]

Here’s an output of mine:

Example of Redirection Code

The method is very similar for Plesk: Log into your Plesk interface and navigate to the “Hosting Settings” for your domain:

Locating Hosting Settings in Plesk

From the Security subheading of the Hosting Settings, check the SSL/TLS support and Permanent 301 redirect checkboxes. Also, make sure you select the correct certificate. Lastly, click the “Apply” button and you’re done!

Redirection Settings Within Plesk

Mixed Content (Insecure Content)

There is one last part. SSLs are installed on your server. So they can only encrypt and protect objects that are on your server. This means, if you happen to be linking to off-server content, like Facebook posts, YouTube links, or images or other content from some else’s sites, you have to make sure they’re using an SSL too. If they’re not, you’re technically hosting insecure content on that page and Chrome will alert your clients as such (characterized by having https but not the green lock). If you’re unsure about the content on your site, you can use a site like Why No Padlock to check. It’ll give you a nice readout and will list any issues with unencrypted content under the “Mixed Content” heading in the report.

Luckily, big names like YouTube and Facebook are already on board and use SSLs. But there are still a lot of sites on the internet who do not. It’s up to you to help the internet’s security and be diligent in our pursuit to be good net-citizens together.

You’re now familiar with SSLs, Forced SSL Redirection and the upcoming Google Chrome alert. As always, if ever you need help or have issues, our Knowledge Base is here for you to peruse and our Helpful Support Humans are happy to help.

 

Addressing WordPress 4.9.4 Update and Vulnerabilities

If you run WordPress sites you likely know it is critical to make sure that your software is up to date. In fact, you may have automatic updates enabled, so your site updates as soon as WordPress updates are available.  If you are running WordPress sites on a Liquid Web product such as our Storm VPS or Dedicated servers, please read on. This article contains critical information for you regarding WordPress 4.9.4 updates and action is required.

Note:

For customers on our Managed WordPress or Managed WooCommerce Hosting platforms, we’ll make sure your WordPress install is automatically updated; you do not need to take any action.

WordPress 4.9.4 is now available and addresses a bug in 4.9.3, which will cause automatic updates from WordPress 4.9.3 to fail. This means your site needs to be manually updated to 4.9.4.

Fortunately, updating your WordPress install is pretty simple (We do suggest that you take a site backup before updating, as with any software update.)

  1. Log into your WordPress admin page (www.yourdomain.com/wp-admin). Once logged in you should see a prompt in the WordPress dashboard, as shown below:wordpress admin dashboard update section
  2. Click on the Please update now text, which will take you to the WordPress Updates page. You can also click on DashboardUpdates, where you will be taken to the same WordPress Updates Page.wordpress update home page, click update now
  3. Click the Update Now button. The WordPress update will run, and after it completes, you’ll see the page below:wordpress 4.9.4 updated successfully

As always, our Helpful Human Support team is standing by to assist you with any questions or concerns, just open a chat, ticket, or call us and we’ll be ready. You can also find more information about this maintenance release on the WordPress.org site.

Importing your web store into WooCommerce

Do you run a web store on Shopify (or BigCommerce) and wish you had more control over things? Maybe you wish you had more Payment options on your shop, more Staff accounts, or a more straight forward shop building experience. No matter what the cause, moving to a WooCommerce based shop can give you more control and flexibility over your store. Migrating your store can be a huge headache though, so how do you get that job done?

How can I migrate an existing e-commerce store from Shopify or BigCommerce over to WooCommerce?

Moving platforms can be a frustrating and scary experience. After all, if your web store is down you’re probably not making any money. So getting it done right the first time is just a little important. Thankfully if you are moving from Shopify or BigCommerce that process can be simple.

Both Shopify and BigCommerce have export options that allow you to export products, orders, and customers to CSV files. You can then use these CSV files to rebuild your store in WooCommerce. Export files from Shopify, or BigCommerce, can be imported into your WooCommerce store using the WP All Import plugin.

Create a direct ‘Add to Cart’ link for Products in WooCommerce

If you run a blog and a store all on the same WordPress instance, chances are you are going to talk about products you sell in your blog posts. So how can you make it really easy for your visitors to add products you blog about directly to their cart? You can create a URL that you can use in your posts. Continue reading “Create a direct ‘Add to Cart’ link for Products in WooCommerce”

Setting custom related products in WooCommerce

In one of our last articles on WooCommerce we covered how to turn off the related products section. Along a similar line of thought what if you want to customize this area instead of disable it? In this article we’ll show how you can control the related products that show in this section of your product pages!

By default WooCommerce allows you to have related products by categories. But what if you want to specify specific products to be related to other products? What do you do? The good news is there’s a free way to make this happen.

How can I set specific related products?

Custom Related Products for WooCommerce is a free plugin available in the WordPress.org plugin repo. You can download this directly from your site and activate it with a few clicks. Once installed and active you should see a new Related Products field in your products Linked Products tab.

With the plugin activated you can now begin manually setting related products for your shop items. Once you type three letters the text field will provide a drop down to select the products you’d like to show up.

Using this text field select all the products you’d like to show up as related. Once you’ve selected the products you can save, or update, the product to commit the changes. It’s really that easy to manage once you have the plugin installed.

TAKEAWAY

Running your own eCommerce store can be a very fulfilling experience, setting up and customizing that store can be another story. Picking the right eCommerce solution and hosting platform is a big deal though. If you go with a less common solution you’re gonna have less knowledge resources when it comes to customizing your store.

When you choose WooCommerce, you’re choosing a store platform that powers 42% of all eCommerce stores. That’s kinda a big deal – it means that if you want to try something custom, someone else may have a solution already. With such a huge, and active, community there’s no doubt WooCommerce is a great choice. When paired with a great host choosing WooCommerce becomes a no-brainer.

Control number of products per page in WooCommerce

A common question that comes up after someone gets their WooCommerce store setup is about customization. Setting up your store and getting the products loaded in is just part of running any webstore. One of the biggest benefits to WooCommerce is the opportunity for customization.

In the coming posts on WooCommerce we’ll explore some basic customization tasks that come up. Starting with a simple one, say you wanted to adjust the number of products that are shown per page in your shop. Continue reading “Control number of products per page in WooCommerce”

Accessing man pages on Ubuntu 16.04 LTS

Having access to man pages on your server is a pretty essential asset to be familiar with. If you’re not familiar with man pages they are documentation provided with software packages on Unix systems. They provide a sort of manual for applications, services and system resources. You can learn more about man pages in our introductory article. By default on Ubuntu based servers this command is not provided, since it’s a great tool to have access to this article will help you get them setup.

Continue reading “Accessing man pages on Ubuntu 16.04 LTS”

Enable Root Login via SSH

By default SSH comes configured in a way that disables root user logins. This is done as a security precaution and means that you cannot directly login as the root user over SSH. However you can usually get around the need for root ssh login by using the sudo command. In some cases though it’s just more convenient to get directly logged in as root.

Continue reading “Enable Root Login via SSH”