Did you know you could order Payment Card Industry (PCI) scanning service from your Winhost Control Panel?
If you accept credit card payments – or plan to in the future – you will have to have regular PCI scans of your site and a review of your data handling procedures. The SiteLock PCI service can make that process much easier.
To use the SiteLock PCI scanning service, you have to first open a SiteLock Basic account. The PCI scanning will be a child service of the SiteLock Basic account. The SiteLock account comes with a bunch of great non-PCI features, so you can definitely benefit from both services.
To get started you can click on the PCI Scan tab in Control Panel:
Or go straight to the SiteLock page. Select the domain you wish to apply SiteLock to, then hit the “Continue” button:
Choose which SiteLock plan you want to use. Basic is the minimum that’s needed for the PCI service, but the other SiteLock plans have benefits you may want to take advantage of:
After selecting your plan, click the “Skip Adding TrueShield Plan” link on the next page:
(We’re skipping TrueShield in the interest of keeping this focused on the PCI scanning service, but TrueShield is also a very useful service, and you can read more about it here.)
The next page will display a summary of your SiteLock order. Click the “Submit My Order” button:
The next step is adding the PCI scanning service to your SiteLock account. Go back to the SiteLock tab and click the “Add” link in the PCI column:
The next page will display a summary of your PCI scanning service order. Click the “Submit My Order” button:
When PCI service is activated, you can access the SiteLock dashboard from the SiteLock tab in Control Panel:
SiteLock will also send you an email that includes their phone number, if you should need to call them during any part of the PCI verification/scanning process. This article covers the account set up only, the actual PCI scanning and verification process is a bit more complicated than we can get in to here. But you’ll find plenty of information on how to proceed in the SiteLock portal.
If you don’t accept credit card payments, the SiteLock service can still protect your site from hackers, vulnerabilities, spam, spyware and viruses. It can scan your site daily to detect threats, and also offers TrueShield service that can protect your website from malicious traffic while speeding it up with a Content Delivery Network (CDN)
A domain pointer is an additional domain name that points to the root of your site.
So, for example, if you own domain.net and want it to point to your domain.com site, you can add domain.net as a domain pointer and anyone entering domain.net in a browser will see the domain.com website.
It’s easy to set up a domain pointer, just go to the Site Tools section of Control Panel and click on the “Domain Pointer” icon or link:
On the Domain Pointer page, click the “Add” button:
Enter the domain you want to add as a pointer in the “Domain Pointer” field.
Domain pointers do not get full email service, but you can set up aliases (forwarding addresses) for the domain pointer. To set up forwarding addresses, just check the “Enable Email Alias” box.
Click the “Create” button:
That’s all there is to it, the domain pointer is now set up.
About domain pointer name server records: The name servers for the new domain pointer have to be set to use the Winhost name servers:
ns1.winhost.com
ns2.winhost.com
ns3.winhost.com
How you make that change varies depending on where your domain is registered, so check with your domain registrar for details.
If your domain was registered through Winhost, your name servers should already be set and the domain pointer should start to work in a few minutes. If you have to change the name servers for the domain pointer, DNS propagation may take several hours.
About domain pointer email aliases: When domain pointer Email Alias service is activated, an MX (mail) record is added to the pointer domain’s DNS record. If the domain has a preexisting MX record, it will not be removed when you activate Domain Pointer Email Aliases.
So you must ensure that you remove any preexisting MX records through the Control Panel DNS Manager (or wherever you manage the DNS for the domain) to avoid possible conflicts with the Domain Pointer Email Alias service.
How domain pointer email aliases work: Domain pointer email aliases are forwarded to the corresponding email address of your primary email account. So if you set up the email address [email protected], that mailbox will also accept mail for [email protected].
If the same message is sent to [email protected] and [email protected] you will receive two copies of the message in the [email protected] mailbox.
You can disable domain pointer email aliasing in Control Panel. Go to Site Manager > Domain Pointer and click the “On [Turn Off]” link. You can activate domain pointer email aliasing the same way when it is disabled. On this page you can also delete the domain pointer completely:
Magento is one of the leading e-commerce platforms available today with a market share of about 30% among the 30 most popular ones according to Wikipedia. I’ve tried playing around with it in the past, but I was never able to install it and configure it correctly on Windows until now.
Prompted by one of our customer’s request for help, I decided to investigate the problem further. Although Magento was never designed to be supported under IIS (even their developers say so), it is entirely possible to run it under IIS, and I will show you how (and cover some pitfalls you might encounter along the way).
Unfortunately, to get Magento running on Winhost, you’re going to need to install IIS and PHP (preferably version 7.0+) on your own machine and install it there first. That’s because you’ll need to run a command through their CLI (Command Line Interface) to deploy some static files (i.e. .css, .js, etc.) so that it will render correctly in a browser.
It took me weeks to figure out, but the CLI won’t process an argument correctly (i.e. it doesn’t think it exists) unless it thinks Magento has been installed already (i.e. you can’t just run the CLI after extracting the files from the .zip. You’ll need go through the browser setup wizard first.)
I’m afraid I won’t have time to go into details about how to install IIS and PHP on your machine because the process can be different for different versions of Windows, but there are plenty of guides out there on the Internet if you need help. You could even save yourself some time and trouble by using an all-in-one installer like EasyPHP Devserver.
Now, on to the tutorial.
First, you need to create a MySQL database through the Control Panel.
Click on the Sites tab.
Click on the link to your domain name and then click on the MySQL icon.
Click the Add button and enter the values for Database Name, Database User, and Quota. Click the Create button to finish creating the database. Now click on the Manage link and record the connection information (Database Name, Database Server, Database User, and Database Password) on a piece of paper or a text editor such as Notepad.
Now go back to the Site Tools section of the Control Panel (where you clicked on the MySQL icon) and click on the PHP Version icon.
Set the PHP version to 7.0 – Beta in the drop-down box and click on the Update button.
After you have setup IIS and PHP on your local machine, download the source code from Magento’s website.
Extract the contents using a decompression program such as WinZip or 7-Zip. Now, open up the file DbValiditor.php which is in .\setup\src\Magento\Setup\Validator in a text editor and edit line 106.
Change it from:
return $this->checkDatabaseName($connection, $dbName) && $this->checkDatabasePrivileges($connection, $dbName);
To:
return $this->checkDatabaseName($connection, $dbName); //&& $this->checkDatabasePrivileges($connection, $dbName);
Basically, you want to comment out the database privileges validation check, or you will encounter this error when you get to Step 2 of the installation wizard:
Database user does not have enough privileges. Please make sure SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER privileges are granted to table ‘mysql_#####_magento’.
You get this error because some permissions cannot be granted to you in a shared hosting environment (e.g. CREATE DATABASE).
Add a site to IIS, move the extracted files to new site that you created, and then launch the site in a browser. If everything has been installed and configured correctly, it will start a wizard, and you should get a screen like the one below.
Click on the Agree and Setup Magento button to continue.
Click on the Start Readiness Check button to make sure everything is configured correctly (e.g. you might need to enable some PHP extensions before you can continue). Click on the Next button if everything checks out.
On this page, fill out the fields with the connection string information to your Winhost database that you recorded earlier. Click on the Next button to proceed.
On this page, you can change the default Magento Admin Access directory. You should definitely change the Your Store Address field to that of your domain name and uncheck Apache Rewrites. Click on the Next button to continue.
There’s nothing on this page that needs to be changed, so you’re welcome to customize Magento further if you want before clicking on the Next button.
Page is self-explanatory. Click on the Next button when you’re done.
Like the page says, you’re ready. Click on the Install Now button.
Once the installation has completed, you should see a screenshot like the one below.
Edit your php.ini file and make sure your memory limit is set to at least 256 MB. The following is the line you should look for with the correct markup:
memory_limit = "256M"
This should prevent the error below from being thrown when executing the next step. (I had mine set at 128 MB when I encountered the error.)
Check https://getcomposer.org/doc/articles/troubleshooting.md#memory-limit-errors for more info on how to handle out of memory errors.
Now open up the command prompt with Run as administrator and navigate to Magento’s bin directory and type in the following command:
php magento setup:static-content:deploy
This will deploy the necessary files to the \pub\static directory that will render Magento’s UI correctly. If it’s successfully, you should get the following message:
New version of deployed files: 1476659614
If you encounter the error I mentioned earlier, you could also try running the command again (this also worked for me). You just need to make sure each section says “Successful”, and it ends with “New version of deployed files”, otherwise, you may have some further troubleshooting to do.
Create a web.config file with the following markup and place it in the root of the Magento installation:
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <rule name="Imported Rule 1" stopProcessing="true"> <match url=".*" ignoreCase="false" /> <conditions> <add input="{URL}" pattern="^/(media|skin|js)/" ignoreCase="false" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> </conditions> <action type="Rewrite" url="index.php" /> </rule> </rules> </rewrite> </system.webServer> </configuration>
This is required so you can access the Admin Interface.
Upload all the files to your Winhost account. Now, enter the URL of your domain in a browser. You see a screen like the one below.
And if you try to access the Admin Interface, you should get a sign in screen that looks like this.
After signing in, the dashboard should look like this.
That’s it! Magento is ready to go. Since I’m not a Magento expert/developer, I can’t comment further, but from the documentation I read, it looks like you might need to execute this command:
php magento setup:static-content:deploy
Every time you change something (code, plug-in, theme, etc.). I recommend doing the development work on your local machine first, testing it, and then re-deploy all the files again to the server to make updates.
There may come a time when you want to change the domain name for your Winhost site. If you ever find yourself in that position, you’re in luck, because we made sure that change is easy, quick and painless.
In the Site Tools section of Control Panel, click on the “Change Domain” icon or link.
Enter the domain into the “New Domain Name” field on the next page. Do not enter “www” into that field! If you do, your DNS will be set up incorrectly and the new domain won’t work.
Hit the green “Change” button to finish.
That was easy, right?
But as all the text on that page suggests, there are some things to watch out for when you change the domain.
The number one thing to be aware of is if you are switching the primary domain to a domain that is currently being used as a domain pointer, you have to delete the domain pointer before making the domain name change. If you don’t delete the pointer, the name change will fail.
Also something that’s essential but easy to forget – the name servers for the new domain have to be set to use the Winhost name servers:
ns1.winhost.com
ns2.winhost.com
ns3.winhost.com
How you make that change varies depending on where your domain is registered, so check with your domain registrar for details (if your new primary domain was previously a domain pointer, or was registered through Winhost, your name servers should already point to Winhost).
We’ve added php 7 to the mix, it’s available to use now.
We’ve also updated the 5.3, 5.4, 5.5 and 5.6 php versions to the latest (and in some cases final) builds.
You might notice that we’ve labeled php 7 as “beta,” and that’s because it’s still pretty new and there are a lot of known compatibility issues with older code or applications. But if you’re bold and adventurous type, it’s there for you.
To change the php version for your site, log in to the Site Tools section of Control Panel, and click on the PHP Version icon.
Use the handy dropdown to select the version, click the “Update” button, and you’re done.
Every Winhost account includes traditional website statistics, but there are occasions where you may need to see the raw server logs for your site. Luckily it’s easy to get your logs, here’s how to do it.
In the Site Tools section of Control Panel, click on the Raw Logs icon.
In the dropdown, select “Enabled,” and click the “Update” button.
Your raw log files won’t appear immediately, but they will be available within 24 hours and updated nightly thereafter. The log files are compressed into a .zip archive. To download the logs, log in via FTP and go to the /httplog directory.
Note that the log file directory is a hidden directory so it will not be visible when you log in via FTP. After logging into your root directory you have to use the change directory function in your FTP client to change to the log file directory. You have to use your default FTP username to access the /httplog folder. You will not be able to access the hidden /httplog directory using an additional FTP user that you’ve created.
Log files more than 30 days old will be automatically deleted.
There is a lot of talk around using https “everywhere” these days, even on websites that do not do any financial transactions or accept user data input. Google already uses https as a factor in search results (though it’s a small factor, and not universally used in results everywhere in the world). But they have made it clear that their intention is to expand the use of https as a search results ranking factor next year.
All of which has a lot of people who may have never considered using an SSL certificate before looking in to making the move to SSL/https. The main barrier for a lot of people isn’t the technical issues around implementing an SSL certificate, but rather the price. SSL certificates cost money. Some of them (like those with “Extended Validation”) cost a considerable amount of money.
A group of security-minded people thought there should be a free alternative, so they got together and the open source Let’s Encrypt project was started (by the Internet Security Research Group, with support from the Electronic Frontier Foundation, the Mozilla Foundation, Akamai, and Cisco Systems). Let’s Encrypt is now up and running, issuing free SSL certificates to anyone who wants one.
Pretty great, right? Well, yes and no.
For instance, if you want one of those Extended Validation certificates, you can’t get it from Let’s Encrypt. Organization Validation, Extended Validation and wildcard certificates are not available. Let’s Encrypt does not verify sites, so if you want a security “seal” to put on your site or order form, you can’t get it from Let’s Encrypt.
That’s right, Let’s Encrypt does not verify sites, which means hackers are building malicious sites using Let’s Encrypt certificates because they’re free and the bad guys can remain anonymous. Wait a minute, though – isn’t validation the whole reason for a security certificate in the first place? And what will become of the Let’s Encrypt certificates if their system becomes overrun with malware and phishing sites?
Even if you don’t care about any of those things, the Let’s Encrypt certificates have a major convenience drawback, because the certificates are only valid for 90 days. That means that every three months you have to request a new Let’s Encrypt certificate and install it on the server, and that process is no fun. Especially on Windows servers (like those at Winhost), since there is not any server-side automation available.
But increasing security is never a bad thing. And don’t forget, Google is going to look more favorably on https sites very soon, so an SSL certificate should be on your to-do list, no matter what kind of site you run. If you want to use Let’s Encrypt on your Winhost site, you certainly can. We support it. We don’t recommend it – for the reasons we just mentioned – but if you’re up for going through the process every 90 days, you can.
But if you’re more of a set-it-and-forget it type, we offer a full range of SSL certificates, starting at as little as $39 a year. You can register a certificate for two years as well, meaning it’s not something you have to think about every 90 days, or even every year. If you want to secure your site (and don’t want to see your Google ranking drop) you may want to get yourself an SSL certificate soon.