Managed WordPress – Frequently Asked Questions

We have collected some of the most common questions that customers ask about our Managed WordPress Hosting platform and housed them in one place.

 

1. How Can I Access the File Manager?

You can access the File manager by following this article. It will show you where to obtain your FTP and SSH credentials to log in to the server.

https://help.liquidweb.com/s/article/Finding-Your-SFTP-SSH-Credentials-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

2. How Do I Make a Site Live?

Follow our helpful article on how to launch your site for the world to see!

https://help.liquidweb.com/s/article/Going-Live-with-Your-Site-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

If you are using Cloudflare for your DNS, please note that CloudFlare needs to be paused for the issuance of the SSL.

You can temporarily pause Cloudflare by:

 

1. Going to the Overview tab in the Cloudflare dashboard.
2. Expand the Advanced > section.
3. Click Pause.
4. Once the site is live you can Unpause Cloudflare.

 

Pausing Cloudflare will cause your origin IP address to be returned by Cloudflare’s nameservers, sending traffic directly to our servers rather than through Cloudflare’s reverse proxy.
Pausing Cloudflare will allow us to install the Let’s Encrypt SSL certificate on your Managed WordPress site. Once the site is live and has been renamed then you can resume Cloudflare.

3. How do I Make a Staging/Development Site?

Creating a staging/development site can help to create a site on a newer PHP technology or produce new content without making any changes to your production site. If you would like to create a staging/development site before you make any changes to your live site, you can follow the steps in this article:

https://help.liquidweb.com/s/article/Creating-a-Staging-Site-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

4. How do I Take the Staging/Development Site Live?

To make your staging site the live site you will need to use our Migrate to Liquid Web Managed WordPress plugin. The plugin will take your staging site and replace your current live site with the staging site. This will take a few minutes to complete; while your files are transferring, your site will be temporarily inaccessible. To limit the downtime, you will want to do this outside of peak hours.

https://help.liquidweb.com/s/article/Migrating-to-Liquid-Web-with-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

5. What is a Stencil and How Can I Use It?

A stencil will allow you to create a copy of any site you have and save it for another deployment without having to redo all the hard work you’ve put into customizing the site. Click on the following article to learn how to create a stencil site:

https://help.liquidweb.com/s/article/Creating-Stencil-Sites-in-Managed-WordPress-and-Managed-Woo-Commerce-Hosting

6. How Can I Increase My PHP Limits?

For an increase in PHP values, you will need to create a php.ini file. (Managed WordPress utilizes NGINX which does not read .htaccess files) To do so, you’ll first log in to your server with your SSH credentials. Once you are logged into the terminal you will type

cd /home/s#/html/

and replace s# with the user listed for the website.

In Managed WordPress you'll place the PHP values in the /html directory.

Type

vim .user.ini

press i for insert and then paste these values into the file:

# Begin PHP Memory Limit
php_value memory_limit = 128M
php_value post_max_size 64M
php_value upload_max_filesize 64M
php_value max_file_uploads 64M
php_value max_execution_time= 300M
php_value max_input_vars = 259200M
php_value max_input_time = 259200M
php_value max_input_vars 9999M
# End PHP Memory Limit

Type Esc, and type

:wq to save your edits and exit.

These values are just an example of what you can put — you can increase or decrease the values for what you feel is appropriate for your website.

7. Why Didn’t My Plugins Update?

If your plugins didn’t update, you will want to login to the Managed WordPress dashboard and make sure that plugin updates are enabled. If the updates are enabled and your plugins are still not updated, please contact your Managed WordPress support team.In Managed WordPress you can toggle on and off automatic updates.

8. I Migrated My Site, But I Only See the Default Install. What’s Going On?

This usually happens when the PHP version is set too high for your site. You can adjust PHP versions by going into in the Managed WordPress Dashboard and under SITE DETAILS.In Managed WordPress you'll select the PHP version of your choice.

9. What Cache Plugin Should I Use To Speed Up My Site?

We include caching, so none are really needed, but these three plugins are the most frequently used by our customers and have seen the best results.

Free plugins:
https://wordpress.org/plugins/cache-enabler/
https://wordpress.org/plugins/wp-super-cache/

Paid plugins:
https://wp-rocket.me/

An Overview of Managed WordPress

WordPress is open source software for building unique and powerful websites! It is quickly becoming the easiest and most popular way to create blogs, business sites, portfolios, forums, memberships, and e-commerce websites.

Liquid Web’s Managed WordPress Hosting is a complete solution for your web publishing needs. With pre-installed plugins, streamlined plugin updates, website staging area, nightly backups, iThemes sync, and customizable website stencils, it’s a must-have for any WordPress developer.

 

MWP Features

Let’s get right into it with a couple of Managed WordPress Hosting best features and ease of use!

 

 

Pre-installed Plugins:

Managed WordPress (MWP) comes with quite a few money saving, pre-installed plugins, curated for maximum performance:

Akismet
Akismet: The number one plugin for spam filtering on blogs and forum pages.  This indispensable plugin helps comment-heavy sites by preventing spam comments from being posted to your site. Akismet protects your website from being marked negatively thus helping your Google SEO standing. A free plan is included with every site as well as having the option to subscribe to their Plus and Enterprise plans.
Async JavaScript
Async JavaScriptWith a 4.5-star rating by its users, Async JavaScript increases site speed and search engine ranking by only loading javascript viewable by the user.
Autoptimize
Autoptimize: If speed is essential to your site then you can’t go wrong with the Auto Optimizer plugin. Autoptimize takes out the legwork of site optimization by aggregating, minifying and caching scripts. For the CSS and JavaScript programmer, it can inject CSS into your page header, async non-aggregated JavaScript, and minimize HTML.
BJ Lazy Load
BJ Lazy Load: This plugin comes in handy for sites with lots of images. The idea is only to load those videos/pictures that are viewable on the browser and not those below the screen view (or “fold” as it’s called) until the client scrolls down the page. Thus increasing site speed and performance by reducing the resources loaded at a given time.
iThemes Sync
Themes Sync: Ever wish you had a portal where you could update all your plugins and themes for multiple websites in one spot? Look no further then iThemes Sync.  iThemes Sync provides you with one central dashboard for all your WordPress admin tasks saving you time to focus on development.
TinyPNG
TinyPNG: Minimizes load times for your site by compressing your images, while still maintaining photo resolution. Compression increases site performance especially if you have a large number of images.

WP Forms Lite
WP Forms Lite: Easily create contact forms with intuitive tools that allow for drag and drop construction.

Liquid Web’s Managed WordPress staging site allows you to experiment with themes, plugins, or any variety of other changes you might want to make, all without affecting your live site! It works by creating a temporary clone of your site to test your changes, giving you a chance to get things exactly the way you want them before applying them to your live site. So feel free to test away!

Nightly backups of your sites are included in each plan. The backups allow you to roll back to an older version by clicking the restore option, or you can download a copy. No need to install an extra plugin or stress when a development error occurs.

Core updates help secure your site from hackers and malware by keeping your website up to date. Once available, the core WordPress plugin updates MWP are tested before being implemented on your site. If the plugin or update is compatible with your site, it will auto push the update to the live site. If the new update is not compatible, it will let you know via email allowing you time to inspect at your leisure.

The stencil feature is useful for developers who use the same themes and plugins across multiple sites. You can create as many stencils as you like with the click of a button! Click here for information about how you can set up your stencil.

Managed WordPress allows you to access your content via SSH and FTP. Once logged into SSH, Liquid Web’s Manage WordPress comes with WP-CLI pre-installed, so you can make simple commands from the command line to fine-tune users, plugins, and current themes settings.

Let your users know their information is safe! Managed WordPress includes free SSL for all sites on your server to help keep your sites secure.  With automatic SSLs you no longer have to purchase certificates for your websites!

Our managed WordPress product has a 24/7 operations team that manages routine server maintenance and monitors for DDoS attacks, so you don’t have to, leaving you free to develop your website’s content.

Experience a streamlined way managing your sites through Liquid Web’s Managed WordPress platform.

 

The Best Ways to Secure WordPress

On our Managed WordPress hosting platform, we strive to ensure security with regularly scheduled patches and updates. By utilizing our intrusion prevention software, we mitigate malicious activity and block repeated failed logins for your WordPress admin portal. Furthermore, our web-application firewall, restricts unneeded ports along with custom rules to help protect you on the application level. We take care of the administration work so you can spend more time securing your site. Below our Managed WordPress admins share tested (and trusted) implementations to keep your site locked up tight.

WordPress Security Plugins

iThemes Security

The iThemes Security plugin is a fantastic addition to enhance your security, and it is easy to install.  By adding an extra layer of protection, below is a list of security features that iThemes Security Pro provides.

Click To See iThemes Security Features
    • Banned Users – Allows you to completely ban hosts and user agents from your site
    • Network Brute Force Protection – Banning users who have tried to break into other sites from breaking into yours. The network protection will automatically report the IP addresses of failed login attempts to iThemes
    • SSL – This feature redirects all http traffic to https
    • Strong Password Enforcement – Force users to use strong passwords as rated by the WordPress password meter
    • System Tweaks:
      • Disable Directory Browsing
      • Filter Suspicious Query Strings in the URL
      • Remove File Writing Permissions – Prevents scripts and users from being able to write to the wp-config.php file and .htaccess file
      • Disable PHP in Uploads – Disable PHP execution in the uploads directory. This blocks requests to maliciously uploaded PHP files in the uploads directory.
      • Disable PHP in Plugins – Disable PHP execution in the plugins directory. This blocks requests to PHP files inside plugin directories that can be exploited directly.
    • Change WordPress Salts – Use WordPress Salts to encrypt any passwords saved within WordPress, this adds an extra layer in password protection. Check this box and then save settings to change your WordPress Salts.

Salt Encryption Settings

  • WordPress Tweaks:
    • Comment Spam– Reduce Comment Spam
    • XML– RPC feature allows external services to access and modify content on the site. Common example of services that make use of XML-RPC are the Jetpack plugin, the WordPress mobile app, and pingbacks. If the site does not use a service that requires XML-RPC, select the “Disable XML-RPC” setting as “disabling XML-RPC” which prevents attackers from using the feature to attack the site. Disable Pingbacks – This feature only disables pingbacks. Other XML-RPC features will work as normal. Select this setting if you require features such as Jetpack or the WordPress Mobile app.
    • Block XML– RPC requests that contain multiple login attempts.
    • Restricted Access– Restrict access to most REST API data. This means that most requests will require a logged in user or a user with specific privileges, blocking public requests for potentially private data.
    • Force Unique Nickname– This forces users to choose a unique nickname when updating their profile or creating a new account which prevents bots and attackers from easily harvesting user’s login usernames from the code on author pages. Note this does not automatically update existing users; it will affect author feed urls if used.
    • Protect Against Tabnapping– Alter target=”_blank” links to protect against tabnapping. Enabling this feature helps protect visitors to this site (including logged in users) from phishing attacks launched by a linked site.
    • Login with Email Address or Username– By default, WordPress allows users to log in using either an email address or username. This setting allows you to restrict logins to only accept email addresses or usernames.

To install, login to your WordPress dashboard, click on “Plugins” on the left. Click on “Add New” and use the search box to find “iThemes Security (formerly Better WP Security)”. Click on “Install Now”, and then activate the plugin.  On the left bar, click on “Security” and iThemes will start a security check on your site.  Additionally, you can click on Security > Settings on the left to enable any security features that fit your website.

WordFence

Wordfence Security – Firewall & Malware Scan plugin – Wordfence includes an endpoint firewall and malware scanner.  One of the key features is their threat defense feed arms that are supplied with the newest firewall rules, malware signatures and malicious IP addresses to keep your website safe.  Click on the Wordfence subtitle to jump to installation and setup instructions.

CloudFlare

You can create an account with CloudFlare to help protect your websites from various attacks including DDoS mitigation, customer Cloudflare helps mitigate DDoS attacks, prevent customer data breaches, and block malicious bot abuse. Cloudflare DNS is DDoS protection for domain resolution. It sits behind the same 15 Tbps network that protects over 7 million Internet properties from denial-of-service attacks.  Cloudflare DNS also comes with built-in load-balancing, automatic failover, rate-limiting, and filtering. Cloudflare also offers DNSSEC to add a layer of trust on top of DNS by providing authentication.

Web Application Firewall (WAF)

Web application firewall (WAF) rulesets – Available on all of Cloudflare’s paid plans, the WAF has built-in rulesets, including rules that mitigate WordPress specific threats and vulnerabilities. Additional features: automatic cache purge, and header rewrite to prevent a redirect loop when Cloudflare’s Universal SSL is enabled.  You can change Cloudflare’s settings from within the plugin itself without needing to navigate to the cloudflare.com dashboard. The available settings to change are: cache purge, security level, Always Online, and image optimization.

Sucuri

As an auditing, malware scanner, and security hardening plugin, it’s a security suite that works well with your existing website’s  security. This plugin offers a great set of security features such as Security Activity Auditing, File Integrity Monitoring, Remote Malware Scanning, Blacklist Monitoring, Effective Security Hardening, Post-Hack Security Actions, Security Notifications, and Website Firewall (premium).

General Security Recommendations

We are living in an age where security needs to be updated at all times. Passwords is one of those crucial security mechanisms that needs to be updated at least every 30 to 60 days. The recommendation for each password complexity is to be at least 15 characters containing a combination of uppercase letters, lowercase letters, numbers, and symbols. The passwords should not contain dictionary words, usernames, personal information, or letter sequences. The passwords should not be reused in a given year.

Along with having secured passwords, your computer should also be protected.  Attackers can exploit computers that have outdated operating systems using worms, malware, Trojans, and viruses. You will need to make sure your computer has the latest security patches and fixes.  All browsers should be the latest versions. Do not install any software or browser plugins from any untrusted parties.  Install reputable anti-virus software and conduct regularly malware scans on your computer.

The most common source for malicious injections are vulnerabilities in CMS software, plugins, themes and other commonly used third party code. We recommend taking measures to update all CMS software, plugins and themes used to the latest versions available from their respective vendors. This would help limit the chance of future infections occurring.

Registering your website with Google Webmaster Tools will tell you the health of your website. Change the Default “admin” username.  Since usernames make up half of login credentials, having the username “admin” made it easier for hackers to do brute-force attacks.

Final Thoughts

Being at the top of your game on security is worthwhile to avoid paying expensive fees to clean up a hacked site, especially since there are many free security options at your disposal. Take a stroll through our Managed WordPress product page and discover how we can take the guesswork out of security. Along with a 24/7 support team at your fingertips, our Managed WordPress platform automatically updates plugins to reduce your site’s vulnerability to malware.

Configuring NGINX for Managed WordPress

Running a WordPress site can be incredibly simple and used right out of the box, but you may need to customize or add specific files in order to get the most out of your site. Our Managed WordPress customers can include custom NGINX configurations for individual sites because we know that adding simple redirects or adjusting browser cache settings are actions that many of our Managed WordPress users do on a regular basis. Read on to learn how you can use this functionality for your own site.

On the Managed WordPress platform, custom configuration files are read from the NGINX folder within the site’s home directory. Any file ending with .conf will be read into NGINX on reload or restart, so a file called ~/nginx/user.conf.sample is provided as a placeholder.

While you can create and edit these files, it is necessary that you reach out to our Managed WordPress Support team to reload the NGINX configuration. This will allow us to test the file configuration and confirm that there are no errors or warnings. Because your site performance and uptime is important, the Managed WordPress support team will manually review files to check for potentially irregular and harmful configurations.

Although the primary use of this feature is for configuring redirects at the NGINX level. you may also set custom browser cache expiration times for static files. Any configurations beyond those described below are considered beyond scope support.

An example of simple redirects:

# Simple redirect to an individual page
location /example-redirect-123 {
add_header X-Redirect-By "Yoast SEO Premium";
return 301 /example-redirect;
}

# Rewrite all urls under an old path to a new path
location /category/old-category {
rewrite ^/category/old-category/(.*)$ /category/new-category/$1 permanent;
}

An example of adjusting browser cache settings:

# Reduces js and css cache times to a single day instead of the MWP default of 1 year.
location ~* \.(?:css|js)$ {
expires 24h;
access_log off;
add_header Cache-Control "public";
}

If you are looking to block access to a specific directory, you can complete this request by using the following command:

rewrite ^/wp-content/private_directory/(.*) /last;

Where “private_directory” is the directory you wish to block access to.

Configuring NGINX

  1. Log into the site via SSH.:ssh/sftp credential section in Managed WordPress portal highlighted
  2. Navigate to the NGINX directory located in the home directory.
    s150@default:~$ pwd
    /home/s150
    s150@default:~$ cd nginx
    s150@default:~ngingx$ ls
    user.conf.sample
    s150@default:~/nginx$
  3. Next, create a file ending in .conf:
    s150@default:~/nginx$ touch redirects.conf
    s150@default:~ngingx$ ls
    redirects.conf user.conf.sample
    s150@default:~/nginx$

    In this example, we are using redirects.conf, but you can name it anything you’d like, just make sure you remember the file name.
  4. Then modify the file with the configuration changes:
    s150@default:~/nginx$ vi redirects.conf
    s150@default:~ngingx$ cat redirects.conf
    # Limited to directives valid in the server block context
    # All files ending in '.conf' in this directory will be loaded
    # Please contact support to have them reload the nginx config files
    # for changes to go into effect.# Configure redirects
    #
    loacation /example-redirect-123 {
    add_header X-Redirect-By "Yoast SEO Premium";
    return 301 /example-redirect;
    }
    s150@default:~/nginx$
  5. Lastly, contact support to request review and reload of the config. You can easily reach our Managed WordPress support team by opening a chat or ticket through your Managed WordPress portal, or by calling our team at 1(833)845-4527 or 1(517)322-0434.

Featured Video: How to Add a Site to Liquid Web’s Managed WordPress

In this Knowledge Base article we feature a tutorial video provided by AJ Morris, our Managed WordPress product manager. In this video AJ will show us how simple it is to set up a site in your Managed WordPress Portal.

Whether you’re building a site from scratch or migrating one over, this will be a great place to start. Continue reading “Featured Video: How to Add a Site to Liquid Web’s Managed WordPress”

Navigating Your Settings Page in Managed WordPress Portal

The Settings page for Managed WordPress Portal gives you access to change your profile and billing information, changing the timezone for your dashboard, and the ability to view your passphrase for authenticating your account when contacting our Heroic support team. Continue reading “Navigating Your Settings Page in Managed WordPress Portal”

Using Bulk Optimization in Managed WordPress Portal

One of the biggest reasons for poor web page performance, are images being added to sites that are far larger than needed. Managed WordPress Portal partnered with TinyPNG to provide a solution for site slowness due to over-sized photos. The Compress JPEG & PNG images plugin from TinyPNG is included in your hosting package, free of charge. This plugin allows you to be proactive and solve the technical burden of getting your site to load up quickly.

Continue reading “Using Bulk Optimization in Managed WordPress Portal”

Using Cloudflare with Your Managed WordPress Portal

If you have enabled Cloudflare for a site in your Managed WordPress Portal, you may run into an issue where you are unable to update the domain name. When you attempt to change the domain name to the one you want visible to the customer, an error message will show in your site dashboard. Continue reading “Using Cloudflare with Your Managed WordPress Portal”

Using the Visual Comparison Tool in Managed WordPress Portal

Managed WordPress Portal provides you an easy way to view the visual changes to your website when you update plugins. With the Visual Comparison Tool, your Managed WordPress Portal will create a staging site, update your plugins and give you the ability to see what changes (if any) the plugin update made to your site before it goes live. If there are no visual changes to the site, your plugins will automatically update on the live site. Continue reading “Using the Visual Comparison Tool in Managed WordPress Portal”