Site hosting news, tutorials, tips, How Tos and more

How to create an FTP user that can only access a specific folder

banner-fotw

Sometimes you want to give someone FTP access to your site, but you don’t want them to have access to all of the site files. So we’re going to go through the steps to set up an FTP user that only has access to a directory that you specify.

no1The first thing we’re going to do is go to the Site Tools section of Control Panel and click on the “FTP Users” icon or link:

fotwftp-1

no2Click the “Add” button:

fotwftp-2

no3Enter a username (it will be appended to the primary FTP username, that format can’t be changed) and a password. Enter the directory name or click the “Browse” link to choose from directories on the server:

Note that entering the name of a directory that does not exist does not create that directory on the server. You must enter the name of an existing directory.

fotwftp-3

no4If you clicked the “Browse” link, select the directory (it will turn bold and the path will be automatically entered in the text field below) and click the “Select” button:

fotwftp-4

no5Make sure you leave the “Permissions” field set to “Read & Write,” since this user will be uploading files (the other option is “Read Only”). Click the “Create” button:

fotwftp-5

no6When the user is added you will see it listed in the FTP Users section. Here you have the option to update the user’s password, or delete the user. The username cannot be edited once the user is created.

fotwftp-6

no7The new user will log in to the same hostname as your existing user(s), but of course the username and password will be those that you just created.

fotwftp-7



Installing Jetpack for WordPress on Winhost

banner-fotw

Jetpack is one of the most popular plugins available for WordPress (with over 29 million downloads!), created by Automattic – the same people who made the WordPress app itself. It’s a Swiss Army knife for you site with over a dozen different functions all rolled into one plugin.

It includes essential tools like a website stats, subscriptions, social network sharing and a contact form. It will also hookup with WordPress.com to perform related posts and website uptime monitoring. And it’s free!

jetpack-logo

If you try to implement Jetpack on Winhost, it won’t work out of the box. By default, we filter requests to the xmlrpc.php file. WordPress.com will try to ping that file during the activation process and it will fail.

One of the reasons we block requests to the xmlrpc.php file is because of an exploit hackers can use to get your WordPress username and password. You can read about the exploit in this excellent Sucuri article.

If you don’t want to bother reading the article, in short, hackers can try thousands of username/password combinations with one request and try to brute force their way into your WordPress site.

But don’t worry, you can still get Jetpack to work by simply overriding our default request filtering. You just have to add this setting in your web.config file:

<configuration>
   <system.webServer>
      <security>
         <requestFiltering>
            <denyUrlSequences>
               <clear />
            </denyUrlSequences>
         </requestFiltering>
      </security>
   </system.webServer>
</configuration>

If you just have a WordPress site on our service, or if you used our App Installer to install WordPress, you might not have a web.config file on your site, so you’ll have to create one. Just follow these instructions:

  1. Open the Notepad application (or similar application) on your computer
  2. Paste the following into Notepad:
    <?xml version=”1.0″ encoding=”UTF-8″?>
    <configuration>
    <system.webServer>
    <security>
    <requestFiltering>
    <denyUrlSequences>
    <clear />
    </denyUrlSequences>
    </requestFiltering>
    </security>
    </system.webServer>
    </configuration>
  3. Save the file as web.config (not as a .txt file). If using Notepad, click File and Save As. In “Save as type”, select All Files (*.*). In “File name”, enter: web.config
  4. Click Save
  5. Upload the web.config file to your root folder through FTP

You should now be able to activate the Jetpack plugin. But before you go, there’s the pesky security issue! Your xmlrpc.php file is now susceptible to that security exploit, which may allow hackers to get your username and password. Let’s fix that!

SiteLock

The best way to prevent the xmlrpc.php brute force exploit is to get SiteLock with TrueShield CDN. You will need both SiteLock and TrueShield. TrueShield will block those suspicious requests trying to get your username and password, and protect your site from all sorts of other bad stuff not covered in this article. (If hackers were limited to just one exploit, our jobs would be so much easier!) We highly recommend getting SiteLock and TrueShield. It will block malicious bots, comment spammers, and likely make your site faster, too!

Another solution would be to use Jetpack’s own Protect function. You have Jetpack installed, now use it! Just activate the Protect feature in Jetpack in the Admin panel. The Jetpack team confirmed that it works.

Finally, though perhaps foremost: always use a strong password for your site! Please don’t use qwerty123 or pa$$w0rd.

Actually, do all three – get SiteLock with TrueShield, activated Jetpack Protect, and keep those passwords strong!



Don’t forget to vote

As if you could. 🙂

votedIt’s been what you might call a contentious election cycle here in the united states, but if there’s a positive spin to be put on the whole thing, it’s that we’ll likely see a large turnout at the polls. Maybe even record-breaking.

If group dynamics have taught us anything, it’s that a large enough group of people will usually make the right decision. Whatever “right” happens to be for the group at any given moment in time.

Whoever you’re voting for, it’s always an honor and a privilege to participate in a peaceful transfer of power. It isn’t something that everyone in the world gets to enjoy, so be sure to take advantage of it.

Even if a two party system leaves a little something to be desired…

 



Setting up the SpamExperts Email Filtering Service

banner-fotw

The SmarterMail system that is set up for your email by default has an array of spam fighting tools available, but admittedly, the settings can be a bit complicated to work with.

Many of you asked us to make a more user-friendly anti-spam option available, but to keep the cost low. So we partnered with SpamExperts to provide high level spam filtering services that are easy to manage and really affordable.

The SpamExperts service receives email addressed to your domain, filters it, then sends it along to the mail servers here at Winhost. The service is distributed across multiple servers all over the world, so it’s fast and reliable.

We’re going to cover the steps necessary to activate SpamExperts for your domain, which, for our purposes here, we’ll assume is hosted at Winhost (though you can set up SpamExperts service for domains hosted elsewhere too).

no1The first thing we’re going to do is go to the SpamExperts section of Control Panel and click the “Order New Spam Experts” button.

fotw-spam-experts-1

no2Next choose a domain from the dropdown menu (you can also enter a domain hosted elsewhere), choose a billing period and hit the “Continue” button.

fotw-spam-experts-2

no3The next page shows the current email server(s) for the domain you selected. Make note of any entries in the box. If you ever cancel the Spam Experts service in the future, you will have to update your DNS MX records to point back to these server(s).

Click the “continue” button.

fotw-spam-experts-3

no4If everything looks good on the billing page, hit the “Submit My Order” button.

fotw-spam-experts-4

no5Reload the SpamExperts page and click the “Manage” link.

fotw-spam-experts-5

no6In order for Spam Experts to begin filtering your email, the DNS MX records for your domain have to be updated. If your domain is hosted here, all you have to do to update your MX records is click the “Yes, update my DNS records” link.

If you are setting up SpamExperts for a domain that isn’t hosted at Winhost, this page gives you the MX settings for the domain. You’ll have to go to where the domain is managed to update the MX records.

fotw-spam-experts-6

That’s all there is to it. Your email is now set up to route through the SpamExperts system. Remember, the DNS change may take a few hours to propagate, so you may continue to see spam in your inbox until that happens.

We’ve found that the default SpamExperts settings will stop the vast majority of spam. But if you want to do further tweaking you can access the SpamExperts portal, which contains a number of very powerful tools. Use of the SpamExperts portal is beyond the scope of this article, but you can see the domain-level documentation here and the user-level documentation here.



How to order PCI scanning service

banner-fotw

Did you know you could order Payment Card Industry (PCI) scanning service from your Winhost Control Panel?

If you accept credit card payments – or plan to in the future – you will have to have regular PCI scans of your site and a review of your data handling procedures. The SiteLock PCI service can make that process much easier.

To use the SiteLock PCI scanning service, you have to first open a SiteLock Basic account. The PCI scanning will be a child service of the SiteLock Basic account. The SiteLock account comes with a bunch of great non-PCI features, so you can definitely benefit from both services.

To get started you can click on the PCI Scan tab in Control Panel:
fotwpci-1
Or go straight to the SiteLock page. Select the domain you wish to apply SiteLock to, then hit the “Continue” button:
fotwpci-2
Choose which SiteLock plan you want to use. Basic is the minimum that’s needed for the PCI service, but the other SiteLock plans have benefits you may want to take advantage of:
fotwpci-3
After selecting your plan, click the “Skip Adding TrueShield Plan” link on the next page:
fotwpci-4
(We’re skipping TrueShield in the interest of keeping this focused on the PCI scanning service, but TrueShield is also a very useful service, and you can read more about it here.)

The next page will display a summary of your SiteLock order. Click the “Submit My Order” button:
fotwpci-5
The next step is adding the PCI scanning service to your SiteLock account. Go back to the SiteLock tab and click the “Add” link in the PCI column:
fotwpci-6
The next page will display a summary of your PCI scanning service order. Click the “Submit My Order” button:
fotwpci-7
When PCI service is activated, you can access the SiteLock dashboard from the SiteLock tab in Control Panel:
fotwpci-8
SiteLock will also send you an email that includes their phone number, if you should need to call them during any part of the PCI verification/scanning process. This article covers the account set up only, the actual PCI scanning and verification process is a bit more complicated than we can get in to here. But you’ll find plenty of information on how to proceed in the SiteLock portal.

If you don’t accept credit card payments, the SiteLock service can still protect your site from hackers, vulnerabilities, spam, spyware and viruses. It can scan your site daily to detect threats, and also offers TrueShield service that can protect your website from malicious traffic while speeding it up with a Content Delivery Network (CDN)



Setting up a domain pointer

banner-fotw

A domain pointer is an additional domain name that points to the root of your site.

So, for example, if you own domain.net and want it to point to your domain.com site, you can add domain.net as a domain pointer and anyone entering domain.net in a browser will see the domain.com website.

It’s easy to set up a domain pointer, just go to the Site Tools section of Control Panel and click on the “Domain Pointer” icon or link:

fotwpointer-1

On the Domain Pointer page, click the “Add” button:

fotwpointer-2

Enter the domain you want to add as a pointer in the “Domain Pointer” field.

Domain pointers do not get full email service, but you can set up aliases (forwarding addresses) for the domain pointer. To set up forwarding addresses, just check the “Enable Email Alias” box.

Click the “Create” button:

fotwpointer-3

That’s all there is to it, the domain pointer is now set up.

About domain pointer name server records: The name servers for the new domain pointer have to be set to use the Winhost name servers:

ns1.winhost.com
ns2.winhost.com
ns3.winhost.com

How you make that change varies depending on where your domain is registered, so check with your domain registrar for details.

If your domain was registered through Winhost, your name servers should already be set and the domain pointer should start to work in a few minutes. If you have to change the name servers for the domain pointer, DNS propagation may take several hours.

About domain pointer email aliases: When domain pointer Email Alias service is activated, an MX (mail) record is added to the pointer domain’s DNS record. If the domain has a preexisting MX record, it will not be removed when you activate Domain Pointer Email Aliases.

So you must ensure that you remove any preexisting MX records through the Control Panel DNS Manager (or wherever you manage the DNS for the domain) to avoid possible conflicts with the Domain Pointer Email Alias service.

How domain pointer email aliases work: Domain pointer email aliases are forwarded to the corresponding email address of your primary email account. So if you set up the email address [email protected], that mailbox will also accept mail for [email protected].

If the same message is sent to [email protected] and [email protected] you will receive two copies of the message in the [email protected] mailbox.

 

You can disable domain pointer email aliasing in Control Panel. Go to Site Manager > Domain Pointer and click the “On [Turn Off]” link. You can activate domain pointer email aliasing the same way when it is disabled. On this page you can also delete the domain pointer completely:

fotwpointer-4



How to Install Magento 2.1.2 on Winhost (IIS)

Magento is one of the leading e-commerce platforms available today with a market share of about 30% among the 30 most popular ones according to Wikipedia. I’ve tried playing around with it in the past, but I was never able to install it and configure it correctly on Windows until now.

Prompted by one of our customer’s request for help, I decided to investigate the problem further. Although Magento was never designed to be supported under IIS (even their developers say so), it is entirely possible to run it under IIS, and I will show you how (and cover some pitfalls you might encounter along the way).

Unfortunately, to get Magento running on Winhost, you’re going to need to install IIS and PHP (preferably version 7.0+) on your own machine and install it there first. That’s because you’ll need to run a command through their CLI (Command Line Interface) to deploy some static files (i.e. .css, .js, etc.) so that it will render correctly in a browser.

It took me weeks to figure out, but the CLI won’t process an argument correctly (i.e. it doesn’t think it exists) unless it thinks Magento has been installed already (i.e. you can’t just run the CLI after extracting the files from the .zip. You’ll need go through the browser setup wizard first.)

I’m afraid I won’t have time to go into details about how to install IIS and PHP on your machine because the process can be different for different versions of Windows, but there are plenty of guides out there on the Internet if you need help. You could even save yourself some time and trouble by using an all-in-one installer like EasyPHP Devserver.

Now, on to the tutorial.

 

Prerequisite Steps

First, you need to create a MySQL database through the Control Panel.

Click on the Sites tab.

sitesClick on the link to your domain name and then click on the MySQL icon.

mysql

Click the Add button and enter the values for Database Name, Database User, and Quota. Click the Create button to finish creating the database. Now click on the Manage link and record the connection information (Database Name, Database Server, Database User, and Database Password) on a piece of paper or a text editor such as Notepad.

Now go back to the Site Tools section of the Control Panel (where you clicked on the MySQL icon) and click on the PHP Version icon.

php

Set the PHP version to 7.0 – Beta in the drop-down box and click on the Update button.

 

Installing and Configuring Magento on Your Local Machine

After you have setup IIS and PHP on your local machine, download the source code from Magento’s website.

Extract the contents using a decompression program such as WinZip or 7-Zip. Now, open up the file DbValiditor.php which is in .\setup\src\Magento\Setup\Validator in a text editor and edit line 106.

Change it from:

return $this->checkDatabaseName($connection, $dbName) && $this->checkDatabasePrivileges($connection, $dbName);

To:

return $this->checkDatabaseName($connection, $dbName); //&& $this->checkDatabasePrivileges($connection, $dbName);

Basically, you want to comment out the database privileges validation check, or you will encounter this error when you get to Step 2 of the installation wizard:

Database user does not have enough privileges. Please make sure SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER privileges are granted to table ‘mysql_#####_magento’.

You get this error because some permissions cannot be granted to you in a shared hosting environment (e.g. CREATE DATABASE).

Add a site to IIS, move the extracted files to new site that you created, and then launch the site in a browser. If everything has been installed and configured correctly, it will start a wizard, and you should get a screen like the one below.

installwizardClick on the Agree and Setup Magento button to continue.

 

Step 1: Readiness Check

Click on the Start Readiness Check button to make sure everything is configured correctly (e.g. you might need to enable some PHP extensions before you can continue). Click on the Next button if everything checks out.

step1

Step 2: Add a Database

On this page, fill out the fields with the connection string information to your Winhost database that you recorded earlier. Click on the Next button to proceed.

step2

Step 3: Web Configuration

On this page, you can change the default Magento Admin Access directory. You should definitely change the Your Store Address field to that of your domain name and uncheck Apache Rewrites. Click on the Next button to continue.

step3

Step 4: Customize Your Store

There’s nothing on this page that needs to be changed, so you’re welcome to customize Magento further if you want before clicking on the Next button.

step4

Step 5: Create Admin Account

Page is self-explanatory. Click on the Next button when you’re done.

step5

Step 6: Install

Like the page says, you’re ready. Click on the Install Now button.

step6

Success

Once the installation has completed, you should see a screenshot like the one below.

success

Edit your php.ini file and make sure your memory limit is set to at least 256 MB. The following is the line you should look for with the correct markup:

memory_limit = "256M"

This should prevent the error below from being thrown when executing the next step. (I had mine set at 128 MB when I encountered the error.)

Check https://getcomposer.org/doc/articles/troubleshooting.md#memory-limit-errors for more info on how to handle out of memory errors.

memoryerror

Now open up the command prompt with Run as administrator and navigate to Magento’s bin directory and type in the following command:

php magento setup:static-content:deploy

This will deploy the necessary files to the \pub\static directory that will render Magento’s UI correctly. If it’s successfully, you should get the following message:

New version of deployed files: 1476659614

clisuccess

If you encounter the error I mentioned earlier, you could also try running the command again (this also worked for me). You just need to make sure each section says “Successful”, and it ends with “New version of deployed files”, otherwise, you may have some further troubleshooting to do.

Create a web.config file with the following markup and place it in the root of the Magento installation:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Imported Rule 1" stopProcessing="true">
          <match url=".*" ignoreCase="false" />
          <conditions>
            <add input="{URL}" pattern="^/(media|skin|js)/" ignoreCase="false" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
          </conditions>
          <action type="Rewrite" url="index.php" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

This is required so you can access the Admin Interface.

Upload all the files to your Winhost account. Now, enter the URL of your domain in a browser. You see a screen like the one below.

lumatheme

And if you try to access the Admin Interface, you should get a sign in screen that looks like this.

adminsignin

After signing in, the dashboard should look like this.

dashboard

That’s it! Magento is ready to go. Since I’m not a Magento expert/developer, I can’t comment further, but from the documentation I read, it looks like you might need to execute this command:

php magento setup:static-content:deploy

Every time you change something (code, plug-in, theme, etc.). I recommend doing the development work on your local machine first, testing it, and then re-deploy all the files again to the server to make updates.



How to switch the primary domain for your account

banner-fotw

There may come a time when you want to change the domain name for your Winhost site. If you ever find yourself in that position, you’re in luck, because we made sure that change is easy, quick and painless.

In the Site Tools section of Control Panel, click on the “Change Domain” icon or link.

fotwchange-domain-1

Enter the domain into the “New Domain Name” field on the next page. Do not enter “www” into that field! If you do, your DNS will be set up incorrectly and the new domain won’t work.

Hit the green “Change” button to finish.

fotwchange-domain-2

That was easy, right?

But as all the text on that page suggests, there are some things to watch out for when you change the domain.

The number one thing to be aware of is if you are switching the primary domain to a domain that is currently being used as a domain pointer, you have to delete the domain pointer before making the domain name change. If you don’t delete the pointer, the name change will fail.

Also something that’s essential but easy to forget – the name servers for the new domain have to be set to use the Winhost name servers:

ns1.winhost.com
ns2.winhost.com
ns3.winhost.com

How you make that change varies depending on where your domain is registered, so check with your domain registrar for details (if your new primary domain was previously a domain pointer, or was registered through Winhost, your name servers should already point to Winhost).