Liquid Web Sales and Tax FAQ

Someone doing taxes

What is HIPAA compliant hosting?

You may have seen HIPAA compliance appear  in your search for a secure web hosting provider, but what exactly is a HIPAA server? What is HIPAA, for that matter? You may also be wondering if you  need to be using a HIPAA compliant server? These are all great questions!We first need to start with the term HIPAA, as it’s quite a vital piece to understanding when a HIPAA compliant server is necessary.

hipaa compliance hosting

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (more commonly called HIPAA) mandated necessary protocols be defined and followed when handling Personal Health Information (PHI). PHI records are any form of medical record that contains information which can identify an individual person. The purpose of HIPAA is to ensure the integrity and confidentiality of the sensitive data within these kinds of records. The 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) modified HIPAA to include electronic Personal Health Information (ePHI). Also, sometimes called Electronic Medical Records (EMR).

What is a HIPAA server?

A HIPAA compliant server is one that follows the guidelines defined by HIPAA to prevent medical record information data breaches. ePHI data breaches can be detrimental to individual or entity reputations and result in severe legal consequences.  In part 164 of the Code of Federal Regulations (CFR) within HIPAA, it specifies: 

Paragraph 164.308(a)(1)(i) Standard: Security Management Practices—Implement policies and procedures to prevent, detect, contain, and correct security violations.

HIPAA mandates that entities handling PHI data adopt and invoke their own set of policies to protect the integrity and confidentiality of these records. It’s up to the individual entities to determine how to approach these aspects of protecting the data. The following is a list of sample policies that address these requirements and would constitute a valid HIPAA server:

  • Physical Data Storage Security: Any media or servers which contain ePHI data, must be secured from unauthorized physical access. This often includes using locked cages or cabinets.
  • Physical Data Destruction Security: Destruction of ePHI data, is usually peer-reviewed and logged by a chain of custody certificates that explicitly state how the data was destroyed.
  • Data Access Security: Maintaining remote and physical access control lists and chain of custody logging to ensure every time the data is accessed, it’s by an authorized and documented individual.
  • Data Integrity Security: This generally takes on the form of action logging, in addition to chain of custody logging. Any form of action done to the data must be documented and logged.
  • Data Transfer Security: When transmitting data over network interfaces, the connection must be encrypted end-to-end to insure security.
  • Data Breach Reporting: Anytime there is a breach of HIPAA policies, the breach and potential impact of the breach must be documented, logged and reported immediately.

When do I need a HIPAA server?

A HIPAA compliant server is necessary only when storing, transferring, reading, displaying or otherwise accessing any form of data that contains individually identifiable Health Information. Anonymous medical data is not subject to HIPAA or HITECH and is not required to be secured in the same way. In general, if you’re not in the Health Industry, there is no need for a HIPAA compliant server. The CFR part 160.103 specifically defines Health Information as:

Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:

(1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.hipaa compliance hosting

How can Liquid Web help?

Liquid Web has you covered! We have designed a robust suite of HIPAA-compliant, fully managed hosting solutions. We take care of all the necessary policy enforcement and documentation with the day to day systems administration of your HIPAA servers. Our support staff is fully armed with the required knowledge to enforce our HIPAA procedures. You can rest assured that we will handle any necessary HIPAA related actions when working on one of your HIPAA servers. You can see a full list of these policies, how we enact them, and our HIPAA compliant offerings here: HIPAA Compliant Data Centers & Solutions. You can even chat with a HIPAA Specialist right away to answer any looming questions you may still have.

 

Configuring NGINX for Managed WordPress

Running a WordPress site can be incredibly simple and used right out of the box, but you may need to customize or add specific files in order to get the most out of your site. Our Managed WordPress customers can include custom NGINX configurations for individual sites because we know that adding simple redirects or adjusting browser cache settings are actions that many of our Managed WordPress users do on a regular basis. Read on to learn how you can use this functionality for your own site.

On the Managed WordPress platform, custom configuration files are read from the NGINX folder within the site’s home directory. Any file ending with .conf will be read into NGINX on reload or restart, so a file called ~/nginx/user.conf.sample is provided as a placeholder.

While you can create and edit these files, it is necessary that you reach out to our Managed WordPress Support team to reload the NGINX configuration. This will allow us to test the file configuration and confirm that there are no errors or warnings. Because your site performance and uptime is important, the Managed WordPress support team will manually review files to check for potentially irregular and harmful configurations.

Although the primary use of this feature is for configuring redirects at the NGINX level. you may also set custom browser cache expiration times for static files. Any configurations beyond those described below are considered beyond scope support.

An example of simple redirects:

# Simple redirect to an individual page
location /example-redirect-123 {
add_header X-Redirect-By "Yoast SEO Premium";
return 301 /example-redirect;
}

# Rewrite all urls under an old path to a new path
location /category/old-category {
rewrite ^/category/old-category/(.*)$ /category/new-category/$1 permanent;
}

An example of adjusting browser cache settings:

# Reduces js and css cache times to a single day instead of the MWP default of 1 year.
location ~* \.(?:css|js)$ {
expires 24h;
access_log off;
add_header Cache-Control "public";
}

If you are looking to block access to a specific directory, you can complete this request by using the following command:

rewrite ^/wp-content/private_directory/(.*) /last;

Where “private_directory” is the directory you wish to block access to.

Configuring NGINX

  1. Log into the site via SSH.:ssh/sftp credential section in Managed WordPress portal highlighted
  2. Navigate to the NGINX directory located in the home directory.
    s150@default:~$ pwd
    /home/s150
    s150@default:~$ cd nginx
    s150@default:~ngingx$ ls
    user.conf.sample
    s150@default:~/nginx$
  3. Next, create a file ending in .conf:
    s150@default:~/nginx$ touch redirects.conf
    s150@default:~ngingx$ ls
    redirects.conf user.conf.sample
    s150@default:~/nginx$

    In this example, we are using redirects.conf, but you can name it anything you’d like, just make sure you remember the file name.
  4. Then modify the file with the configuration changes:
    s150@default:~/nginx$ vi redirects.conf
    s150@default:~ngingx$ cat redirects.conf
    # Limited to directives valid in the server block context
    # All files ending in '.conf' in this directory will be loaded
    # Please contact support to have them reload the nginx config files
    # for changes to go into effect.# Configure redirects
    #
    loacation /example-redirect-123 {
    add_header X-Redirect-By "Yoast SEO Premium";
    return 301 /example-redirect;
    }
    s150@default:~/nginx$
  5. Lastly, contact support to request review and reload of the config. You can easily reach our Managed WordPress support team by opening a chat or ticket through your Managed WordPress portal, or by calling our team at 1(833)845-4527 or 1(517)322-0434.

Addressing WordPress 4.9.4 Update and Vulnerabilities

If you run WordPress sites you likely know it is critical to make sure that your software is up to date. In fact, you may have automatic updates enabled, so your site updates as soon as WordPress updates are available.  If you are running WordPress sites on a Liquid Web product such as our Storm VPS or Dedicated servers, please read on. This article contains critical information for you regarding WordPress 4.9.4 updates and action is required.

Note:

For customers on our Managed WordPress or Managed WooCommerce Hosting platforms, we’ll make sure your WordPress install is automatically updated; you do not need to take any action.

WordPress 4.9.4 is now available and addresses a bug in 4.9.3, which will cause automatic updates from WordPress 4.9.3 to fail. This means your site needs to be manually updated to 4.9.4.

Fortunately, updating your WordPress install is pretty simple (We do suggest that you take a site backup before updating, as with any software update.)

  1. Log into your WordPress admin page (www.yourdomain.com/wp-admin). Once logged in you should see a prompt in the WordPress dashboard, as shown below:wordpress admin dashboard update section
  2. Click on the Please update now text, which will take you to the WordPress Updates page. You can also click on DashboardUpdates, where you will be taken to the same WordPress Updates Page.wordpress update home page, click update now
  3. Click the Update Now button. The WordPress update will run, and after it completes, you’ll see the page below:wordpress 4.9.4 updated successfully

As always, our Helpful Human Support team is standing by to assist you with any questions or concerns, just open a chat, ticket, or call us and we’ll be ready. You can also find more information about this maintenance release on the WordPress.org site.

An Introduction to Managing a Linux Server with systemd

Systemd is is an init system used by several common Linux Distributions which has gained popularity since 2015. A Linux init system is the first process or daemon started on a system after the initial boot process, and manages services, daemons, and other system processes. Systemd is comprised of unit files that contain the initialization instructions for the daemons which it controls. While many portions of a system can be managed with systemd, this article will focus on managing services. Continue reading “An Introduction to Managing a Linux Server with systemd”

What is a LAMP stack?

The LAMP stack is the foundation for Linux hosted websites is the Linux, Apache, MySQL and PHP (LAMP) software stack.

The Four Layers of a LAMP Stack

Linux based web servers consist of four software components. These components, arranged in layers supporting one another, make up the software stack. Websites and Web Applications run on top of this underlying stack. The common software components that make up a traditional LAMP stack are:

  • Linux: The operating system (OS) makes up our first layer. Linux sets the foundation for the stack model. All other layers run on top of this layer.
  • Apache: The second layer consists of web server software, typically Apache Web Server. This layer resides on top of the Linux layer. Web servers are responsible for translating from web browsers to their correct website.
  • MySQL: Our third layer is where databases live. MySQL stores details that can be queried by scripting to construct a website. MySQL usually sits on top of the Linux layer alongside Apache/layer 2. In high end configurations, MySQL can be off loaded to a separate host server.
  • PHP: Sitting on top of them all is our fourth and final layer. The scripting layer consists of PHP and/or other similar web programming languages. Websites and Web Applications run within this layer.

We can visualize the LAMP stack like so:

Applying what you’ve learned

Understanding the four software layers of a LAMP stack aids the troubleshooting process. It allows us to see how each layer relies on one another. For instance; when a disk drive gets full, which is a Linux layer issue. This will also affect all other layers in the model. This is because those other layers rest on top of the affected layer. Likewise, when the MySQL database goes offline. We can expect to see PHP related problems due to their relationship. When we know which layer is exhibiting problems. We know which configuration files to examine for solutions.

Some Alternatives

The four traditional layers of a LAMP stack consist of free and open-source products. Linux, Apache, MySQL and PHP are the cornerstone of a free, non-proprietary LAMP stack. There are several variants of the four stack model as well. These variants use alternative software replacing one or more of the traditional components. Some examples of these alternatives are:

  • WAMP: Windows, Apache, MySQL & PHP
  • WISA: Windows, IIS, SQL & ASP.net
  • MAMP: MacOS, Apache, MySQL & PHP

You can explore these alternative software stacks in greater depth using online resource. The LAMP stack Wiki is a great place to start:

How can we help?

The LAMP stack is an industry standard and is included in all of our Core-Managed and Fully Managed Linux based servers. Our support teams work hand in hand with the LAMP stack on a daily basis. You can rest assured we are at your disposal should you have questions or concerns. To learn more you can browse our latest product offerings.

What is the Liquid Web iThemes Bundle

In a recent press release from our Blog we announced that Liquid Web has acquired iThemes – a leader in WordPress plugin development. Needless to say, this is an exiting time. Another important step in our commitment to make WordPress hosting easier than ever.

Since 2016 we’ve actually had a partnership with iThemes to bundle Sync Pro into our WordPress platform. Moving forward we will expand this integration by adding BackupBuddy and iThemes Security. With this this awesome news we also have an awesome deal for our non-platform WordPress users.

The Liquid Web iThemes bundle

For our WordPress customers hosting on a traditional solutions we now offer an exclusive Liquid Web iThemes bundle. Through this bundle, for the first time ever, you can purchase the core iThemes plugins in a single package. With this offer you have access to iThemes Sync Pro, BackupBuddy and Security Pro for one low price. Check out our bundle product page to learn more about the exclusive offer.

Getting Support for iThemes Products

iThemes will remain an independent business unit of the Liquid Web family. This means that going forward we will continue providing support for these products under the iThemes brand. If you are seeking support for an iThemes plugin you can find documentation in their Help Center. And you can contact the iThemes Support team after logging into their Member Access Panel.

Official Plugin Documentation:

How To Install WordPress, Drupal, and Joomla On Cloud Sites with One-Click

Our Cloud Sites platform is a cut above the rest with its One-Click Installer we take the pain out of creating websites allowing you to focus on building out your website. Whether your CMS of choice is WordPress, Drupal, or Joomla – our Cloud Sites platform has streamlined the process of spinning up a new site. Setting up a new site is complicated – from adding administrators, uploading files and databases. We simplify all that complexity with our smooth-running installer. Our One-Click Installer quickly uploads & configures core files, getting your site up with speed and ease has never been easier.

Installing WordPress, Drupal or Joomla on Cloud Sites using our One-Click Installer

To begin the process you will need to be logged into your Cloud Sites control panel. Once you’ve logged in you will be able to begin the process. If you do not have a Cloud Sites account you can order one from our Cloud Sites product page.

  1. Create a Website: From your Cloud Sites Control Panel find and click the “Create Website” button.
  2. Choose Your CMS: Select the drop box next to application to install the latest version of your chosen CMS.
  3. Configurations: Fill in details of the site and click “Create New Application”. Three simple steps later, you have yourself a new site with time to spare.

And it’s just that simple – setting up a new website and CMS has never been so easy. No more having to build server infrastructure and no more installing the CMS software by hand. Our Cloud Sites platform will manage all of that for you, all you have to do is fill in a few blanks and hit “Create New Application” and you’ll be on your way. If you’re a current Cloud Sites customer give our rebuilt one-click CMS installer a try.

If you’re not a Cloud Sites customer yet, then never managing servers again is just $150/mo away. Our One-Click Installer is one of the many features offered within the Cloud Sites platform. Check out other ways to simplify your web hosting needs at our Cloud Sites product page. Once you sign up you’ll be ready to start immediately and getting your new site setup is just a few clicks away!

Customize the WooCommerce Thank You page

Have you ever wanted to provide product specific information right after a customer checks out? Or, what about customizing the title of the thank you page? Well we’ve thought about that too. So we built a plugin that allows you to set a global and product specific thank you pages. Continue reading “Customize the WooCommerce Thank You page”

Show Featured Products for Empty Search Results in WooCommerce

It can happen. And it’s embarrassing. A visitor searches your site for a product and whatever their search terms are, no products are found. Instead of a missed opportunity to convert that visitor into a paying customer, consider showing them some products that might be of interest to them. Continue reading “Show Featured Products for Empty Search Results in WooCommerce”