How to Block or Allow Specific Ports by Country in the CSF Firewall

In addition to being able to manage traffic from a specific country or a list of countries, CSF allows you to manage access by country to specific ports. This can be useful if you need to ensure that a particular service is available globally (such as your web server on port 80) but want to restrict international access to services such as WHM/cPanel, SSH, or FTP.

You should note that all of the limitations on country-level filtering outlined in Part Two: How to Block Traffic by County in the CSF Firewall apply here as well. Specifically, some ISPs use non-geographic IP addresses, some web services and cloud-based tools may use servers outside the country the companies are based in, and proxy services and virtual private networks easily can mask a visitor’s actual geographic location.

Taken together, that means that some unwanted traffic could get through, and some desired traffic could be blocked under certain circumstances.

Note: At least one of ConfigServer’s servers is in Germany; blocking that country could prevent CSF from being able to update and display an error on the ConfigServer Security&Firewall page in WHM.

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your managed cPanel server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

If you have not already done so, back up the current firewall configuration before making any changes.

In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options, then click on the Firewall Configuration button to open the configuration file.

Blocking Access to Specific Ports by Country

Restricting access by port to IP addresses originating in a specific country or countries can be an effective way to help minimize the negative performance impact that country-level blocking can bring.

That’s because the smaller the CIDR (Classless Inter-Domain Routing) range against which each IP making an incoming request is checked, and the fewer requests on that port (SSH on port 22 and FTP on port 21 are likely to see far less traffic than the website itself on port 80), the fewer the resources the firewall checks should require.

In this case, only incoming traffic on the specified port or ports will checked against the CIDR range(s) for the blocked country code(s).

If you wish to deny access to several countries or wish to allow access to a port for only a single country, a better option may be to instead allow access only to that country. Feel free to skip ahead to Allow access to specific ports by country below to learn how to do that.

In this example, we’re blocking access to the standard FTP port, 21, to IP addresses originating in Belgium.

Step #1: Specify the Country or Countries to be Denied

  1. Scroll down to the Country Code Lists and Settings section and add the country code to CC_DENY_PORTS. Multiple countries can be comma separated with no spaces in between, and you can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
  2. List the port that will be blocked in the specified country in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields.

Here we’ve specified that traffic originating from Belgium is not allowed to connect on the standard FTP port, 21:Blocking port access by country

Step #2: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

By defining a country in CC_DENY_PORTS and a port in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields, we’ve ensured that the port will remain open to any visitor with valid credentials so long as their IP address does not originate from the specified country.

Allowing Access to Specific Ports by Country

Just as you can deny incoming traffic by port to a specific country or countries, you also can choose to allowing incoming traffic by port to only a specific country or countries. Generally, this should be a better option than attempting to deny port access to a long list of countries because the firewall be working with a smaller CIDR range against which each incoming request must be checked.

To limit the ability to connect on a specific port or ports to visitors with IP addresses originating in a specific country or countries, you must:

  • close the ports in the firewall
  • define the country code allowed to connect on those blocked ports
  • specify the blocked ports to be opened for the specified country

In this example, we’re restricting access to the standard FTP port, 21, to IP addresses based in Germany.

Step #1: Close the Ports in the Firewall

On the Firewall Configuration page, scroll down to the IPv4 Port Settings section, and remove the desired port number from the TCP_IN and UDP_IN (if present) fields.
Here, we’ve removed port 21 from the allowed incoming IPV4 ports, effectively blocking external access to the port:

Remove the port from TCP_IN

Step #2: Specify the Country or Countries to be Allowed

Scroll down to the Country Code Lists and Settings section and add the country code to CC_ALLOW_PORTS.

Here we’ve specified that traffic originating from Germany is allowed to connect on ports which have been otherwise closed in the firewall (we’ll define the specific ports for this allow in the next step):

Allowing a country access to specified ports
Multiple countries can be comma separated with no spaces in between, and you can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.

Step #3: Specify the Closed Ports to be Allowed to the Designated Country

Just below the CC_ALLOW_PORTS field, you’ll see CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP.

We’ll add the port to open to the country (or countries) specified in CC_ALLOW_PORTS here, in this case, port 21:

SPecify which ports to open to designated countries

Step #4: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

Now that we’ve closed the standard FTP port in the firewall’s IPV4 Port Settings, no visitor will be able connect to port 21 unless their IP address originates from Germany. At the same time, the setting applies only to port 21 and any visitor, regardless of geographic location, still can view the website or connect to any port open in the firewall.

Next Steps

See Part Five: Basic DDoS Mitigation with CSF

How to Allow Traffic by Country in the CSF Firewall

One of the most-requested features on cPanel servers is the ability to manage and filter traffic at a country level. With the ConfigServer Firewall (CSF) plugin in WebHost Manager, you can do exactly that.

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your managed cPanel server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Blocking traffic by country code carries significant overhead, due to the fact that the country-level CIDR ranges can be quite large and the IP address behind each incoming request must be checked against the block list.
One alternative is to instead specifically allow traffic by country code. This approach can minimize the performance hit by country-level filtering whenever traffic from several countries needs to be blocked, or traffic from only one geographic area should be allowed.
If you have not already done so, back up the current firewall configuration (Part One: How to Back up and Restore the Firewall Configuration) before making any changes.

Step #1: Open Firewall Configuration in WHM

  1. In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.
  2. Click on the Firewall Configuration button to open the configuration file.

Step #2: Allow traffic by country code

  1. On the Firewall Configuration page, scroll down to the Country Code Lists and Settings section.

    Use CC_Allow_Filter to restrict access to a specific country or list of countries.

  2. CC_ALLOW_FILTER accepts two-letter country codes, such as “US” for the United States of America, “GB” for Great Britain, and “DE” for Germany.
  • Multiple countries can be comma separated with no spaces in between, such as “US,GB,DE” to deny access to the US, Great Britain, and Germany.
  • You can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.

Note that CSF has two separate “Allow” sections:

  • CC_ALLOW actually opens the firewall to all traffic on all ports from the listed countries, bypassing any port and protocol rules in place. It should not be used.
  • CC_ALLOW_FILTER allows only traffic from the specified country or countries, but respects the port and packet rules elsewhere in the firewall configuration. This is the preferred method for allowing traffic by country code.

Step #3: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

Next Steps

See Part Four: How to Block or Allow Specific Ports by Country in the CSF Firewall
 

How to Block Traffic by Country in the CSF Firewall

One of the most-requested features on cPanel servers is the ability to manage and filter traffic at a country level. With the ConfigServer Firewall (CSF) plugin in WebHost Manager, you can do exactly that.

Country-level filtering in CSF uses the Maxmind GeoLite Country database to obtain CIDR (Classless Inter-Domain Routing) ranges for specific countries. Each CIDR range covers all the IP addresses assigned to that country.

There are a number of reasons why a server administrator may wish to block traffic from a specific country, with reducing bandwidth, minimizing exposure to security risks, and ensuring that a site’s content is viewable only in geographic locations where it is permitted among the most common. However, there are several important factors to consider before choosing to filter traffic at the country level:

  • A small percentage of unwanted traffic still may get through, and a small percentage of desired traffic could be blocked, because:
    • the CIDR range lists used for country-level blocks are not 100 percent accurate.
    • some Internet Service Providers and web services use non-geographic IP addresses for their clients.
    • proxy services and virtual private networks can be used to mask a visitor’s true geographic location.
  • Country-level filtering applies only to incoming connections. Outbound traffic is not affected.
  • Using country-level filtering will negatively impact performance and you will notice slower response times on your websites. This is due to the sheer size of the CIDR range lists (the list for the U.S. is 621K in plain text and contains more than 37,000 entries) and the fact that the firewall must check each incoming IP address against the chosen list(s).

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

If you have not already done so, back up the current firewall configuration before making any changes.

Step #1: Open the Firewall Plugin in WHM

  1. In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.
  2. Click on the Firewall Configuration button to open the configuration file.
    Edit the CSF configuration file

Step #2: Deny Access by Country Code

CSF does not recommend the use of country-level blocks on any VPS or small server unless the CIDR range for the chosen country is very small. The use of a large-range country block on a small server or VPS could slow the server to the point that it becomes inaccessible.

If you’re using a VPS or have any question as to whether your server has the resources to effectively implement a country-level block, you may find it more practical to allow or deny traffic by country code to specific ports, which we cover in Parts Three and Four.

  1. On the Firewall Configuration page, scroll down to the Country Code Lists and Settings section.
    ccallowdeny1
  2. Use the CC_DENY field to block by country code:
    • The CC_DENY field accepts two-letter country codes, such as “US” for the United States of America, “GB” for Great Britain, and “DE” for Germany.
    • Multiple countries can be comma separated with no spaces in between, such as “US,GB,DE” to deny access to the US, Great Britain, and Germany.
    • You may find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
    • Do NOT use the CC_ALLOW field to allow traffic by country code. CC_ALLOW opens the firewall to all traffic on all ports from the listed countries, bypassing any port and protocol rules in place.
Note: At least one of ConfigServer’s servers is in Germany; blocking that country could prevent CSF from being able to update and display an error on the ConfigServer Security&Firewall page in WHM.

Step #3: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.
    Restart csf and lfd for new settings to take effect

Next Steps

See Part Three: How to Allow Traffic by Country in the CSF Firewall
 

How to Back up and Restore the CSF Firewall Configuration

Prior to making direct edits to the firewall configuration file or changing advanced firewall settings in WHM, a backup of the current configuration should be taken so that the settings can quickly and easily be reverted if needed.

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

How to Back up the Firewall Configuration

Step #1:

In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.

Open the Firewall Configuration in WHM

Step #2: Open and Back up the Profile

  1. Scroll down to the csf – ConfigServer Firewall section and click the Firewall Profiles button.
  2. On the Firewall Profiles page, scroll down to the Backup csf.conf section, enter a name to identify the backup and click the Create Backup button.
    Back up the Firewall Configuration
  3. The next screen will show you the location of the backup file, which you’ll want to note in case you need to restore.
    CSF backup creation

How to Restore a Saved Configuration

Step #1: Open the Firewall Plugin in WHM

In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.

Step #2: Open and Restore the Saved Backup

  1. Scroll down to the csf – ConfigServer Firewall section and click the Firewall Profiles button.
  2. On the Firewall Profiles page, scroll down to the Restore Backup Of csf.conf section and click on the name of the desired backup.
    Select CSF config backup to restore
  3. Click the Restore Backup button.
  4. On the next screen, click the Restart csf+lfd button to restart the firewall with the settings from the backup file.
    Backup restored

Next Steps

Now that you’re familiar with backing up and restoring a firewall configuration file, you’re ready to explore some of CSF’s advanced features.
See Part Two: How to Block by Country in the CSF Firewall.

How To Restore WordPress Optimized Template Backups

Pre-Flight Check

  • This article applies specifically to Liquid Web’s WordPress Optimized Template servers.
  • Restoring a site from backup will completely overwrite all of its existing content (both the files and the database). If you are not completely certain that the existing files will no longer be needed, you may wish to back up the database and download the database backup and site files locally using SFTP with a client such as FileZilla.

WordPress Optimized Template sites installed via the Sites tab in Manage automatically are backed up each day, with the server retaining the 10 most recent backups. You can easily restore any site from an available backup in the Sites dashboard in Manage.

Step #1: Open the site in the Sites dashboard

Click on the [+] next to the domain name to expand the window, then select the desired restore point from the Automatic Backups section.

Select A Restore Point

Step #2: Restore the Site

  1. After clicking on the radio button next to the desired restore point, click the Restore button to restore the site. A confirmation window will pop up to remind you that you will be overwriting the existing site with the contents of the backup. Any changes made to the site since the chosen backup was made (comments, posts, etc.) will be completely overwritten and can not be recovered. If you wish to proceed with restoring the site, click the Restore WordPress Domain button.
    If you are not completely certain that the existing files will no longer be needed, you may wish to back up the database and download the database backup and site files locally using SFTP with a client such as FileZilla.

    Confirm the Restore

  2. The restoration process will begin, and you will see a banner at the top of the page alerting you that the process is under way. The time it will take to complete depends entirely on the size of the site directory and database.Restore Complete

 

Using WP-CLI With Your WordPress Optimized Template Site

Using the Command Line Tools

Liquid Web’s WordPress Optimized Template servers come with a pre-installed set of command-line tools designed to simplify common site maintenance tasks. WP-CLI (WordPress Command Line Interface) can be accessed via SSH, and allows you to do nearly anything that can be done from within the WordPress admin interface.

Among many other things, WP-CLI can be used to:

  • create and modify users and their roles
  • install and activate or deactivate plugins
  • perform basic database maintenance tasks
  • manage cron jobs
  • manage rewrite rules

For the full list of commands, visit the official documentation.

WP-CLI always should be run as the site owner, and always should be run from within the site’s installation directory. For the following examples, I have connected to the server via SSH using the WordPress admin credentials for examplewordpresssite.com, verified my current working directory with the command “pwd”, and then changed directory into the site’s document root with the command “cd”, running “pwd” once again to confirm that I am in the document root.

[examplesiteuser@wphost]# pwd
/home/examplesiteuser/
[examplesiteuser@wphost]# cd public_html
[examplesiteuser@wphost ~/public_html]# pwd
/home/examplesiteuser/public_html

Create a New User and Assign a Role

In this example, we’re going to create a new user named “sample”, assign them the role of Editor on the site, and email them their credentials (a randomly-generated password will be assigned automatically, and the email is sent to their specified address with a link to reset it.):

wp user create sample sample@examplewordpresssite.com --role=editor --send-email

Breaking down this command:

  • wp invokes WP-CLI
  • user create creates the new user
  • sample is the name we chose for the new user
  • sample@examplewordpresssite.com is the new user’s email address
  • –role=editor assigns the role of Editor to the new user
  • –send-email instructs WordPress to email the user’s credentials, and a link to change their password, to the new user’s email address

Install and Activate a Plugin

Here we’re going to download, install, and activate the Meta Slider plugin from wordpress.org.

While we know the name of the plugin, the plugin’s actual file name may be different, so we first will run a search to find out, using the command:

[examplesiteuser@wphost ~/public_html]# wp plugin search metaslider

Running that command tells us that the plugin’s name is “ml-slider”:

[examplesiteuser@wphost ~/public_html]# wp plugin search metaslider
Success: Showing 4 of 4 plugins.
+----------------------------+----------------------------+--------+
| name | slug | rating |
+----------------------------+----------------------------+--------+
| Meta Slider | ml-slider | 96 |
| ThreeWP Broadcast | threewp-broadcast | 94 |
| EWWW Image Optimizer | ewww-image-optimizer | 90 |
| EWWW Image Optimizer Cloud | ewww-image-optimizer-cloud | 90 |
+----------------------------+----------------------------+--------+
[examplesiteuser@wphost ~/public_html]#

Now that we know the file name of the Meta Slider plugin, we can download, install and activate ml-slider with the following command:

wp plugin install ml-slider --activate

Running that code generates the following output:

[examplesiteuser@wphost ~/public_html]# wp plugin install ml-slider --activate
Installing Meta Slider (3.3.6)
Downloading install package from https://downloads.wordpress.org/plugin/ml-slider.3.3.6.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'ml-slider'...
Success: Plugin 'ml-slider' activated.
[examplesiteuser@wphost ~/public_html]#

The “Success” messages tell us that ml-slider was installed and activated.

Database Operations

WP-CLI has a number of basic database management features built right in.

Back Up A Database

One particularly useful WP-CLI command allows you to easily back up the WordPress database:

wp db export

Running that command will export the site’s database to an sql file in the current working directory. If you do not specify a name for the file, the exported database file will be the database name with a “.sql” extension, and any existing file with that name will be overwritten. Because we are backing up the database and don’t want this file to overwrite any previous versions, we will be specifying a file name (which must end in .sql).

[examplesiteuser@wphost ~/public_html]# wp db export mydatabase_01042016.sql
Success: Exported to mydatabase_01042016.sql

You always should back up the WordPress database prior to making any significant changes. It takes only a moment and ensures that you will have a restore point in case your changes don’t quite go as planned.

Restore A Database

You can quickly restore a database from an sql file with:

wp db import

Simply supply the file name of the database to restore, and the specified sql file will overwrite the existing database:

[examplesiteuser@wphost ~/public_html]# wp db import mydatabase_01042016.sql
Success: Imported from mydatabase_01042016.sql

Note that importing a database will completely overwrite the existing database. Do not import a database unless you are certain that you have no further use for the existing database or its contents. If in doubt, back up the current version with a unique file name before restoring.

Search and Replace in the Database

WP-CLI includes an advanced search and replace that can be used for delicate operations on database tables. This feature commonly is used to update references to the site name when taking a development site into production.

In this example, we’re going to change the name of the user we created earlier, “sample”, to “example” using the command “wp search-replace”. Note that we’ve already backed up the database above using “wp db export”.

And because we’re changing a username, we’ll also specify that we want only to include the wp_users and wp_usermeta tables in the search and replace, so that the word “sample” doesn’t get replaced with “example” in posts or anywhere else it may crop up:

wp search-replace 'sample' 'example' wp_users wp_usermeta

Breaking down that command:

  • wp invokes WP-CLI
  • search-replace searches for the specified string and replaces it in the specified tables
  • ’sample’ is the string we’re searching for (the old text). The search string needs to be enclosed in quotes.
  • ’example’ is the string we’re replacing the old text with. The string needs to be enclosed in quotes.
  • wp_users wp_usermeta are the specific tables to which we are restricting the search and replace. You can list as many table names as necessary, separating them with a space. If no table name is specified, the search and replace will be performed on the entire database. Performing a search and replace on the entire database is a potentially dangerous operation and should be done only if you are absolutely certain of the results and even then, only after backing up the existing database with a unique name.

 

Note: Do not attempt to run a search and replace (or any other database-altering procedure) without first backing up the database with a unique file name. Even the simplest search and replace has the potential to cause a great deal of damage, or even take the site down (consider the result if we had replaced the word “sample” with “example” in every table in the database for a product sample giveaway site). Always manually take a database backup with a unique file name before running search-replace.

Manage Cron Jobs

WP-CLI can be used to display scheduled cron jobs, run them manually, or even add new ones.

For instance:

wp cron event list

returns a list of all scheduled WordPress crons.

You also may choose to run a listed WordPress cron immediately:

wp cron event run wp_scheduled_delete

executes the wp_scheduled_delete cron event right away, instead of at its normally scheduled time.

Manage Rewrite Rules

WP-CLI gives you the ability to see current rewrite rules as well as change the rewrite structure:

wp rewrite list

displays all current rules.

You also can change the rewrite structure using default WordPress variables. To make your rewrites display the month number first, followed by the year and the name of the post, you would use:

wp rewrite structure '/%monthnum%/%year%/%postname%'

Multisite WordPress Installations

Nearly all the WP-CLI commands can be used the same way on multisite installs as well, so long as you specify the site in the command. This is done by specifying the URL (in the format: –url=domainname.com) in the command.

For example, the command to list scheduled crons for examplewordpresssite.com on multisite would become:

wp cron event list --url=examplewordpresssite.com

Get Involved!

There is a great deal more that can be accomplished with WP-CLI, including the ability to write your own commands and share them with the WP-CLI community.

To get started, check out the Github page and the list of current community commands.

How To Connect To Your WordPress Optimized Template Site Using SFTP

Pre-Flight Check

  • SSH File Transfer Protocol (SFTP) is the most secure way to upload files to your WordPress Optimized Template site.
  • This article is intended specifically for connecting to a WordPress Optimized Template site using the free, cross-platform FTP client FileZilla, but the connection details should apply to any FTP client.

Step #1: Enter the Connection Details

  1. FTP/SFTP connection details are included in the “Welcome to your new WordPress site” email that was automatically sent to you upon adding the site in the Sites section of your Manage dashboard. In case you don’t have that handy, you will use:
    • Host: The domain name or IP address of the site
    • Username: The WordPress admin username created when adding the site
    • Password: The password you assigned to the WordPress admin user when adding the site
    • Port: 22 (Port 21 can be used for a standard FTP connection, but it is not recommended. SFTP should be used for maximum security. All connection details other than the port number are the same either way.)
  2. In FileZilla, enter the host, username, password, and port into the Quick Connect toolbar and press the Quickconnect button.FileZilla QuickConnect

Continue reading “How To Connect To Your WordPress Optimized Template Site Using SFTP”

Adding Sites To Your WordPress Optimized Template Server

Pre-Flight Check

  • This article applies specifically to Liquid Web’s Managed WordPress servers.
    We will be adding a WordPress site directly through the Manage interface, the preferred method for WordPress Optimized Template servers.

Step #1: Open the Server Dashboard

  1. Log into your Manage dashboard and click the [+] button to the left of your WordPress Optimized Template server’s name to expand the dashboard.Open the Dashboard
  2. Click on the Sites button in your dashboard to launch the WordPress Sites view.Click on Sites

Step #2: Add A Site

  1. To add a site, click the Install a WordPress Site button, fill out the requested information, and then click Add Site to add the new site.Add a Site
    • Domain Name is the domain name you want to add to the server. If the domain name is using Liquid Web nameservers, a free SSL certificate will be ordered and installed on the domain, and WordPress will be configured to use the https protocol on the site. If the domain name is pointed elsewhere, an SSL can be added later.
    • Username is the WordPress admin user. The username specified here will be used to log into both WordPress and the site’s cPanel account. It must be 16 characters or fewer.
    • Email is the contact information for the site.
    • Password is the credential which will be used to log into both WordPress and cPanel. It should be a strong password, and can contain upper- and lower-case letters, numbers, and basic special characters such as underscores.
    • Verify Password requires you to enter the password again, and will alert you if it does not match what was entered on the Password field.
    • Automatic Updates allows you to choose between automatically updating WordPress itself (Core), WordPress and its plugins (Core and Plugins), or disabling automatic updates altogether (None). It is recommended to at least enable automatic updates for WordPress itself.
  2. The site now will be listed in your Sites dashboard, where you can change update preferences or install a free standard SSL on the domain.

Step #3: Review Settings

Once you return to the Sites dashboard in Manage, you’ll now see your new WordPress site listed in the WordPress Sites section. Click on the [+] next to the domain name to expand the view and configure options for the site.

Review Settings

    • Automatic Updates: You can choose to have the WordPress core or the WordPress core and all plugins updated automatically, or you can disable update Automatic Updates altogether. Simply click the Update button after making any changes to the selected option.
    • Automatic Backups: The WordPress installation automatically will be backed up on a daily basis, and 10 of the daily backups will be retained. Beginning on the 11th day, the oldest backup automatically will be deleted when a new one is created. You will see a list of each backup listed under Automatic Backups once the first backup has been taken.
    • Install Free Signed SSL: Automatic SSL installation is possible only when the site’s domain name is registered and pointed to Liquid Web’s nameservers. If the domain is new or using other nameservers, you can click Install Free Signed SSL to get an SSL certificate for the domain ordered and installed at no charge.
Note that WordPress Optimized Template Hosting includes a free standard domain SSL certificate covering the domain name of each WordPress site you add to the server. The server itself is protected by a self-signed SSL certificate to encrypt cPanel, mail, and ftp connections. If you would like to purchase a third-party verified SSL certificate to cover core services on your server, you can find instructions for ordering and installing an SSL certificate for your hostname at Install an SSL certificate on a Domain using cPanel, and you’ll find a guide to installing the certificate at Installing Service SSLs in cPanel. Should you need any assistance purchasing or installing an SSL certificate for the hostname, please feel free to contact a Heroic Support® technician.
    • Delete WordPress Site: The Delete WordPress Site button will completely remove the site and its associated cPanel account, and all data associated with the site immediately will be removed from the server. That data will not be recoverable, so it’s imperative that you confirm that you have a local backup of the site files before deleting any site.
Any local backups taken would be stored on the server; these types of backups would be deleted along with the rest of the files in the account if you were to delete the site. It is recommended that any such backups be downloaded to your local computer before you delete a site. Storm® backups, if you elected to configure them during server setup or enabled them later via the Backup tab in your Manage dashboard, do contain a full image of the server and would not be deleted by removing the account; however, restoring an individual file or site from a full-server backup is not a drag-and-drop process and can require significantly more time than restoring from a local backup.

Step #4: Access Your New Site

Once you’ve added the site, an email will automatically be sent to the address on file for your account. The “Welcome to your new WordPress site” email contains:

  • the WordPress site’s login URL
  • the site’s IP address (for adding or updating the domain’s DNS record)
  • instructions for obtaining your free SSL certificate (if it was not able to be installed automatically)
  • SFTP connection information

Once you have made any necessary DNS changes and they have had time to propagate, you should see a standard WordPress installation at the site’s URL. You then can log in and start working with your WordPress Optimized Template site.

How To Deploy A WordPress Optimized Template Server

Step #1: Create the Server

  1. If you’re not already a Liquid Web customer, you’ll want to start from our Managed WordPress product page, and select a plan that meets your needs. If you have an existing Liquid Web account, log into Manage and click the Create button in the top left, then click on Managed WordPress.Create menu
  2. The Create a Managed WordPress Server page allows you to select your server options, with a sidebar reflecting the monthly and estimated prorated costs. The totals will update as you make your selections.Create Server
    • Choose Server Type allows you to select your zone, server size and image.
    • Bandwidth allows you to configure your outgoing bandwidth options. 5 TB of monthly transfer is included at no extra charge, and incoming bandwidth is free.
    • Daily Backups allows you to configure automated Storm® backup options, from $0.12 per GB per month. The Pay per Gig option allows you to specify how many daily backups to retain at that price, and the Quota Pricing option allows you to purchase a set amount of space for backups, retaining as many backups as can fit in that space and rotating them out as needed. Note that backups are not retained more than 90 days, regardless of the amount of space purchased.

    Hostname and Password

    • Hostname and Password allows you to choose the server name and a root password for the server.
      • The server’s hostname should be a subdomain of a domain name you control. Once the server is created, you will need to add a DNS “A” record pointing to the hostname; that will need to be done at the domain’s registrar and created in the main domain’s DNS zone file. In this case, we would need to add an A record for wphost.example.com to example.com’s authoritative DNS zone file once the server is created and an IP is assigned to it.
      • Please select only a strong password. It can contain upper- and lower-case letters, numbers, and special characters. If you choose, you also can set up access with an SSH key previously stored in your Manage dashboard.
    • IP Addresses lets you choose any additional IP addresses for the server. One is included, and additional IP addresses (up to the number shown next to Available Slots Remaining) can be added now at a cost of $1 per month per additional IP address. If you have an IP pool associated with your account in the zone you chose, you also can add addresses from the pool. If you need more IP addresses than the IP Addresses section will allow, they will need to be requested via support ticket after the server has been created.
    • Once you have reviewed your choices, verified the estimated monthly and pro-rated costs, and read the billing terms at the bottom of the page, click the Create Server button.
    • You will be presented with a popup window to confirm your selection.

    Confirm selection

    • Clicking the Create Server button here will create the server and charge the card on file.

    Notification

    • You will be returned to your Manage dashboard, where you can monitor the server’s creation.

    Server Creating

    • Once complete, you will see the server’s status listed as Running in your Manage dashboard. You’ll also receive an email following activation which contains the server name, IP address, and login credentials for the server. While you will add WordPress sites directly from your Manage Dashboard, each WordPress site also has access to its own cPanel for the configuration and management of email, databases, cron jobs, statistics, and more.The Create a Managed WordPress Server page allows you to select your server options, with a sidebar reflecting the monthly and estimated prorated costs. The totals will update as you make your selections.

Step #2: Configure DNS Records

Once the server is deployed, you will want to ensure that DNS has been properly configured for the hostname you selected.
If you have not already done so, you may wish to follow our guides to add a DNS record for the hostname and set up Reverse DNS.

Note that WordPress Optimized Template Hosting includes a free standard domain SSL certificate covering the domain name of each WordPress site you add to the server. The server itself is protected by a self-signed SSL certificate to encrypt cPanel, mail, and ftp connections. As such, you may need to accept the security certificate when connecting via cPanel or using secure email. If you would prefer to use a third-party verified SSL certificate to cover core services on your server, you can find instructions for purchasing and installing an SSL certificate for your hostname at Install an SSL certificate on a Domain using cPanel, and you’ll find a guide to installing the certificate at Installing Service SSLs in cPanel. Should you need any assistance, please feel free to contact a Heroic Support® technician who can assist with obtaining and installing an SSL from the vendor of your choice.

 

Getting Started With WordPress Optimized Template

Liquid Web’s Managed WordPress product is a complete WordPress hosting solution, optimized for maximum performance and blazing speed, backed by our Heroic Support®. Liquid Web WordPress Optimized Template servers are designed from the ground up to provide:

Exceptional performance

  • 100% SSD storage to maximize disk I/O
  • HipHop Virtual Machine (HHVM) for unparalleled php execution speeds
  • Memcached to fully leverage caching
  • mod_pagespeed to automatically apply web performance best practices to your Apache installation

Optimal Security

  • Isolated server environments
  • Automated daily backups
  • Automatic WordPress core & plugin updates (configurable)
  • Free domain SSL certificates for each site

Total Control

  • WP-CLI for full control of your sites without the need to log into WordPress itself
  • SSH and SFTP access, plus cPanel for each WordPress site you create
  • Multisite WordPress available on any site
  • Convenient dashboard for deploying new WordPress sites in seconds

Heroic Support®

  • Our Heroic Support® technicians are here 24/7/365 to answer any questions and offer help whenever you need it.
  • Around-the-clock, proactive service monitoring means we start working on any potential issues the moment they are spotted.
  • Most migrations to WordPress Optimized Template are free of charge (some limitations may apply).

This series is designed to serve as a starting point for ordering, deploying, configuring, connecting to and managing your WordPress Optimized Template server. If you need assistance or have any questions, do not hesitate to contact us.