Site hosting news, tutorials, tips, How Tos and more

Setting up a domain pointer


A domain pointer is an additional domain name that points to the root of your site.

So, for example, if you own and want it to point to your site, you can add as a domain pointer and anyone entering in a browser will see the website.

It’s easy to set up a domain pointer, just go to the Site Tools section of Control Panel and click on the “Domain Pointer” icon or link:


On the Domain Pointer page, click the “Add” button:


Enter the domain you want to add as a pointer in the “Domain Pointer” field.

Domain pointers do not get full email service, but you can set up aliases (forwarding addresses) for the domain pointer. To set up forwarding addresses, just check the “Enable Email Alias” box.

Click the “Create” button:


That’s all there is to it, the domain pointer is now set up.

About domain pointer name server records: The name servers for the new domain pointer have to be set to use the Winhost name servers:

How you make that change varies depending on where your domain is registered, so check with your domain registrar for details.

If your domain was registered through Winhost, your name servers should already be set and the domain pointer should start to work in a few minutes. If you have to change the name servers for the domain pointer, DNS propagation may take several hours.

About domain pointer email aliases: When domain pointer Email Alias service is activated, an MX (mail) record is added to the pointer domain’s DNS record. If the domain has a preexisting MX record, it will not be removed when you activate Domain Pointer Email Aliases.

So you must ensure that you remove any preexisting MX records through the Control Panel DNS Manager (or wherever you manage the DNS for the domain) to avoid possible conflicts with the Domain Pointer Email Alias service.

How domain pointer email aliases work: Domain pointer email aliases are forwarded to the corresponding email address of your primary email account. So if you set up the email address, that mailbox will also accept mail for

If the same message is sent to and you will receive two copies of the message in the mailbox.


You can disable domain pointer email aliasing in Control Panel. Go to Site Manager > Domain Pointer and click the “On [Turn Off]” link. You can activate domain pointer email aliasing the same way when it is disabled. On this page you can also delete the domain pointer completely:


How to Install Magento 2.1.2 on Winhost (IIS)

Magento is one of the leading e-commerce platforms available today with a market share of about 30% among the 30 most popular ones according to Wikipedia. I’ve tried playing around with it in the past, but I was never able to install it and configure it correctly on Windows until now.

Prompted by one of our customer’s request for help, I decided to investigate the problem further. Although Magento was never designed to be supported under IIS (even their developers say so), it is entirely possible to run it under IIS, and I will show you how (and cover some pitfalls you might encounter along the way).

Unfortunately, to get Magento running on Winhost, you’re going to need to install IIS and PHP (preferably version 7.0+) on your own machine and install it there first. That’s because you’ll need to run a command through their CLI (Command Line Interface) to deploy some static files (i.e. .css, .js, etc.) so that it will render correctly in a browser.

It took me weeks to figure out, but the CLI won’t process an argument correctly (i.e. it doesn’t think it exists) unless it thinks Magento has been installed already (i.e. you can’t just run the CLI after extracting the files from the .zip. You’ll need go through the browser setup wizard first.)

I’m afraid I won’t have time to go into details about how to install IIS and PHP on your machine because the process can be different for different versions of Windows, but there are plenty of guides out there on the Internet if you need help. You could even save yourself some time and trouble by using an all-in-one installer like EasyPHP Devserver.

Now, on to the tutorial.


Prerequisite Steps

First, you need to create a MySQL database through the Control Panel.

Click on the Sites tab.

sitesClick on the link to your domain name and then click on the MySQL icon.


Click the Add button and enter the values for Database Name, Database User, and Quota. Click the Create button to finish creating the database. Now click on the Manage link and record the connection information (Database Name, Database Server, Database User, and Database Password) on a piece of paper or a text editor such as Notepad.

Now go back to the Site Tools section of the Control Panel (where you clicked on the MySQL icon) and click on the PHP Version icon.


Set the PHP version to 7.0 – Beta in the drop-down box and click on the Update button.


Installing and Configuring Magento on Your Local Machine

After you have setup IIS and PHP on your local machine, download the source code from Magento’s website.

Extract the contents using a decompression program such as WinZip or 7-Zip. Now, open up the file DbValiditor.php which is in .\setup\src\Magento\Setup\Validator in a text editor and edit line 106.

Change it from:

return $this->checkDatabaseName($connection, $dbName) && $this->checkDatabasePrivileges($connection, $dbName);


return $this->checkDatabaseName($connection, $dbName); //&& $this->checkDatabasePrivileges($connection, $dbName);

Basically, you want to comment out the database privileges validation check, or you will encounter this error when you get to Step 2 of the installation wizard:

Database user does not have enough privileges. Please make sure SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER privileges are granted to table ‘mysql_#####_magento’.

You get this error because some permissions cannot be granted to you in a shared hosting environment (e.g. CREATE DATABASE).

Add a site to IIS, move the extracted files to new site that you created, and then launch the site in a browser. If everything has been installed and configured correctly, it will start a wizard, and you should get a screen like the one below.

installwizardClick on the Agree and Setup Magento button to continue.


Step 1: Readiness Check

Click on the Start Readiness Check button to make sure everything is configured correctly (e.g. you might need to enable some PHP extensions before you can continue). Click on the Next button if everything checks out.


Step 2: Add a Database

On this page, fill out the fields with the connection string information to your Winhost database that you recorded earlier. Click on the Next button to proceed.


Step 3: Web Configuration

On this page, you can change the default Magento Admin Access directory. You should definitely change the Your Store Address field to that of your domain name and uncheck Apache Rewrites. Click on the Next button to continue.


Step 4: Customize Your Store

There’s nothing on this page that needs to be changed, so you’re welcome to customize Magento further if you want before clicking on the Next button.


Step 5: Create Admin Account

Page is self-explanatory. Click on the Next button when you’re done.


Step 6: Install

Like the page says, you’re ready. Click on the Install Now button.



Once the installation has completed, you should see a screenshot like the one below.


Edit your php.ini file and make sure your memory limit is set to at least 256 MB. The following is the line you should look for with the correct markup:

memory_limit = "256M"

This should prevent the error below from being thrown when executing the next step. (I had mine set at 128 MB when I encountered the error.)

Check for more info on how to handle out of memory errors.


Now open up the command prompt with Run as administrator and navigate to Magento’s bin directory and type in the following command:

php magento setup:static-content:deploy

This will deploy the necessary files to the \pub\static directory that will render Magento’s UI correctly. If it’s successfully, you should get the following message:

New version of deployed files: 1476659614


If you encounter the error I mentioned earlier, you could also try running the command again (this also worked for me). You just need to make sure each section says “Successful”, and it ends with “New version of deployed files”, otherwise, you may have some further troubleshooting to do.

Create a web.config file with the following markup and place it in the root of the Magento installation:

<?xml version="1.0" encoding="UTF-8"?>
        <rule name="Imported Rule 1" stopProcessing="true">
          <match url=".*" ignoreCase="false" />
            <add input="{URL}" pattern="^/(media|skin|js)/" ignoreCase="false" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
          <action type="Rewrite" url="index.php" />

This is required so you can access the Admin Interface.

Upload all the files to your Winhost account. Now, enter the URL of your domain in a browser. You see a screen like the one below.


And if you try to access the Admin Interface, you should get a sign in screen that looks like this.


After signing in, the dashboard should look like this.


That’s it! Magento is ready to go. Since I’m not a Magento expert/developer, I can’t comment further, but from the documentation I read, it looks like you might need to execute this command:

php magento setup:static-content:deploy

Every time you change something (code, plug-in, theme, etc.). I recommend doing the development work on your local machine first, testing it, and then re-deploy all the files again to the server to make updates.

How to switch the primary domain for your account


There may come a time when you want to change the domain name for your Winhost site. If you ever find yourself in that position, you’re in luck, because we made sure that change is easy, quick and painless.

In the Site Tools section of Control Panel, click on the “Change Domain” icon or link.


Enter the domain into the “New Domain Name” field on the next page. Do not enter “www” into that field! If you do, your DNS will be set up incorrectly and the new domain won’t work.

Hit the green “Change” button to finish.


That was easy, right?

But as all the text on that page suggests, there are some things to watch out for when you change the domain.

The number one thing to be aware of is if you are switching the primary domain to a domain that is currently being used as a domain pointer, you have to delete the domain pointer before making the domain name change. If you don’t delete the pointer, the name change will fail.

Also something that’s essential but easy to forget – the name servers for the new domain have to be set to use the Winhost name servers:

How you make that change varies depending on where your domain is registered, so check with your domain registrar for details (if your new primary domain was previously a domain pointer, or was registered through Winhost, your name servers should already point to Winhost).

php 7 is here

php7We’ve added php 7 to the mix, it’s available to use now.

We’ve also updated the 5.3, 5.4, 5.5 and 5.6 php versions to the latest (and in some cases final) builds.

You might notice that we’ve labeled php 7 as “beta,” and that’s because it’s still pretty new and there are a lot of known compatibility issues with older code or applications. But if you’re bold and adventurous type, it’s there for you.

To change the php version for your site, log in to the Site Tools section of Control Panel, and click on the PHP Version icon.


Use the handy dropdown to select the version, click the “Update” button, and you’re done.


Enabling raw logs for your site


Every Winhost account includes traditional website statistics, but there are occasions where you may need to see the raw server logs for your site. Luckily it’s easy to get your logs, here’s how to do it.

In the Site Tools section of Control Panel, click on the Raw Logs icon.


In the dropdown, select “Enabled,” and click the “Update” button.


Your raw log files won’t appear immediately, but they will be available within 24 hours and updated nightly thereafter. The log files are compressed into a .zip archive. To download the logs, log in via FTP and go to the /httplog directory.

Note that the log file directory is a hidden directory so it will not be visible when you log in via FTP. After logging into your root directory you have to use the change directory function in your FTP client to change to the log file directory. You have to use your default FTP username to access the /httplog folder. You will not be able to access the hidden /httplog directory using an additional FTP user that you’ve created.

Log files more than 30 days old will be automatically deleted.

Let’s (not) Encrypt. But let’s not ignore https either.

There is a lot of talk around using https “everywhere” these days, even on websites that do not do any financial transactions or accept user data input. Google already uses https as a factor in search results (though it’s a very small factor, and not universally used in results everywhere in the world). But they have made it clear that their intention is to expand the use of https as a search results ranking factor next year.

All of which has a lot of people who may have never considered using an SSL certificate before looking in to making the move to SSL/https. The main barrier for a lot of people isn’t the technical issues around implementing an SSL certificate, but rather the price. SSL certificates cost money. Some of them (like those with “Extended Validation” – which give you the green “padlock” icon in most browsers) cost a considerable amount of money.

A group of security-minded people thought there should be a free alternative, so they got together and the open source Let’s Encrypt project was started (by the Internet Security Research Group, with support from the Electronic Frontier Foundation, the Mozilla Foundation, Akamai, and Cisco Systems). Let’s Encrypt is now up and running, issuing free SSL certificates to anyone who wants one.

Pretty great, right? Well, yes and no.


For instance, if you want one of those Extended Validation certificates, you can’t get it from Let’s Encrypt. Organization Validation, Extended Validation and wildcard certificates are not available. Let’s Encrypt does not verify sites, so if you want a security “seal” to put on your site or order form, you can’t get it from Let’s Encrypt.

That’s right, Let’s Encrypt does not verify sites, which means hackers are building malicious sites using Let’s Encrypt certificates because they’re free and the bad guys can remain anonymous. Wait a minute, though – isn’t validation the whole reason for a security certificate in the first place? And what will become of the Let’s Encrypt certificates if their system becomes overrun with malware and phishing sites?

Even if you don’t care about any of those things, the Let’s Encrypt certificates have a major convenience drawback, because the certificates are only valid for 90 days. That means that every three months you have to request a new Let’s Encrypt certificate and install it on the server, and that process is no fun. Especially on Windows servers (like those at Winhost), since there is not any server-side automation available.

But increasing security is never a bad thing. And don’t forget, Google is going to look more favorably on https sites very soon, so an SSL certificate should be on your to-do list, no matter what kind of site you run. If you want to use Let’s Encrypt on your Winhost site, you certainly can. We support it. We don’t recommend  it – for the reasons we just mentioned – but if you’re up for going through the process every 90 days, you can.

But if you’re more of a set-it-and-forget it type, we offer a full range of SSL certificates, starting at as little as $39 a year. You can register a certificate for two years as well, meaning it’s not something you have to think about every 90 days, or even every year. If you want to secure your site (and don’t want to see your Google ranking drop) you may want to get yourself an SSL certificate soon.

Disabling php for your site


php is such a popular and widely used scripting language that sometimes it seems as if it’s always been part of website development. It hasn’t, of course, but it’s wide use in many popular third party “canned apps,” and the fact that a lot of people continue to use very old versions, makes it a prime target for hackers.

So if you don’t use php in your site, or an application that is php based, you may want to disable php as a preventative security measure. The bad guys can’t exploit something that’s not there, right?

The good news is disabling php is easy and you can do it in about 30 seconds. Here’s how:

In the Site Tools section of Control Panel, click on PHP Version.


In the dropdown, select “None,” and click the “Update” button.


And that’s all there is to it.

See, maybe even less than 30 seconds. 😉

For what it’s worth, php isn’t inherently less secure than any other web technology. It’s popularity is what makes it a frequent target. But it’s certainly possible to safely run any php application, even those third part applications that are the favorite targets of hackers. We’ll be posting more security-related articles in the future.

If you want to take a look at other security measures that are available right now, check the website.

Finally, if you run a WordPress blog – one of the hackers favorite targets – and are concerned about security but don’t necessarily have the time or inclination to tackle all the details, we offer a WordPress Hardening Service that buttons up your WP installation and lets you carry on with your life worry-free. Well, at least you won’t have to worry about WordPress. Log in to the Support Portal and open up a tech support ticket, they can give you all the details.

Upcoming domain registration changes


As if everything related to domain name registration and maintenance wasn’t already screwy enough, there is a new change on the horizon that promises to make updating your domain names even screwier.

After December 1, 2016, when you change the first name, last name, contact email or organization field for your domain, it will trigger something called the “trade process.” Without going into too much technical detail, what that means is those previously minor ownership information changes will now be treated the same way a domain transfer is treated.

The problem with that is now the domain owner will have to approve those changes via two separate – but similar – emails. That’s because the “current” and “previous” owner – which are the same person in this case – need to explicitly approve the change, or it will not be made.

So if you update your name or the name of your organization, you’ll have to approve that change in two emails. If you update the email address associated with a domain name, you’ll have to approve that change at the old and the new email address. You can probably already see some potential problems, can’t you.


So why are these changes happening? Well, ICANN started reviewing the transfer process almost 10 years ago, when potential issues with the existing transfer policies were identified. So they began looking at “special provisions” for change of registrant during a transfer in order to prevent domain hijacking.

Which sounds like a good thing, but now, a decade later, what we ended up with is a process that may make it slightly more difficult to hijack a domain, but definitely makes a lot of day-to-day maintenance tasks more difficult and confusing.

Every registrar has some leeway in how they implement the changes, so we’re not sure yet exactly how it’s going to work for domains registered through Winhost. We’ll do everything we can to keep the confusion to a minimum, and we’ll post an update here when we have more information on how things shake out.