Transferring Your Hosting Towards us.

untitled

There could be multiple reasons for businesses to migrate to a new web hosting service provider. The reasons vary from low disk space to poor customer service or frequent breakdowns of the server.

Switching to a new web hosting provider may look overwhelming. However, in reality it’s not so. This article highlights important points in this regard.

Choosing a new web hosting provider
You need to consider various aspects when choosing a new web hosting service provider. These include the operating system (OS), the bandwidth and disk space requirements, the uptime and customer service.

Uptime
Uptime is important because when your website is down, visitors/customers at your site might be annoyed and this may impair your site’s credibility. In actual dollar terms, you may end up losing hundreds or even thousands. The new service could claim to provide 100% uptime, which is less likely. Ensure to verify the claims.

Further, check when they execute scheduled maintenance – during peak hours or during non-peak hours. If they do it at peak hours, your business is likely to lose substantial traffic and revenue.

Bandwidth and disk space:
The bandwidth and the disk space provided by the new web hosting service provider are important because the former affects the speed and the latter gives the data storage space. Check if the new service provider offers a higher bandwidth and disk space at the same cost. If they don’t, then we suggest you to execute a cost-benefit analysis for the two aspects. This is likely to help you take a sensible decision.

The type of operating system (OS)
While migrating from one web hosting service provider to another, it is better to stick to the same OS as the one you are using (Windows or Linux) because it’ll make migration easier.

Unless you have a very good reason, do not change the OS. If you are planning to opt for a new OS, you need to check for whether that OS is being offered by the new web hosting service provider.

In addition, your site needs a database such as MySQL or Access. While MySQL is compatible with both Linux as well as Windows, Access is compatible only with Windows. It’s therefore sensible to take a look at these points when you migrate to a new OS.

Customer service
Good customer service is crucial while choosing a new web hosting service provider. Check if customer service is available around the clock and seven days a week. They should be using phone calls, SMS, or live chat. These options ensure faster communication. You could visit the web hosting service provider’s website to check the credibility of the service provider.

What after moving on a web hosting service provider ?

Back-up your website
Switching to a new web hosting service provider involves making sure your site is safe from potential hazards like loss of files including HTML files, images, application, scripts, plugins, and so on. You should secure them by taking a backup in a separate computer. You could do this by using an FTP to download all the files.
DNS changes and propagation
Your transfer to the new web hosting service provider is not complete until you update your DNS and submit it to the new service provider. Until then, your new service provider might assign you a temporary IP address. With this IP address, you could check if the website is functional. You should ensure your domain name is changed as you need. For this, you need to communicate with the domain registrar. They would advise how to change. If your domain registrar has inbuilt tools, the job will be easy for you.

Configure email:
After migration of your site to the new web hosting service provider, make sure to recheck the configuration of your email. Not doing so may lead to failure of the email service.
Check internal links:
Once the transfer process is complete, check internal links using link checking tools. Ensure all links work as they did before the transition. In addition, check for log files and errors and troubleshoot the issues.

Cancel the old account:
After you close all the process involved in the transition, you need to close the account with your former web hosting service provider. It’s sensible to keep the account live for a week as a backup option until you are sure that the transition happened accurately.

Test new website:
After migration, it’s important to recheck in detail if your site is working perfectly. Especially, check for the look and the features of internal web pages including forms, apps, plugins, etc.

Let your visitors know while you are in the transition
Make sure to leave a message on your web page requesting your audience to bear with patience while your site will have downtime during the transition. It’ll give an impression that you’re concerned for the trouble caused to your audience. It’ll also help enhance the credibility of your site.

Moving to a new web hosting service provider is tricky. It involves multiple things like your business’s website, profits and managing the transition. However, the transition could be made smooth provided you plan properly and execute efficiently.

Dedicated Server Security Audit

secure-server

 

Security is of paramount importance on today’s internet. We pay special attention to each server’s security to provide peace of mind for our clients. All WebHostingWorld servers undergo a ten point security inspection when they are deployed.

Point 1: Check kernel version.The Linux kernel is the core system program of every Linux system.. We always check your kernel version to make sure there are no known exploitable vulnerabilities. If any kernel vulnerabilities are discovered, we will update it immediately and contact you to schedule a reboot.

Point 2: Check PHP settings. There are several PHP settings that we recommend be disabled on servers that do not require them.

  • “allow_url_fopen”. This setting allows PHP to treat any URL as if it were a file. This poses a security risk for certain PHP applications that do not correctly sanitize include and fopen statements. Most applications do not require “allow_url_fopen” and we strongly recommend that this be disabled (especially for servers running PHP4).
  • “allow_url_include”. This setting was introduced in PHP5.2. Having “allow_url_include” disabled can allow PHP5.2 users to safely enable “allow_url_fopen” if it is needed by an application. Almost no PHP applications require that “allow_url_include” be enabled. For this reason we recommend that “allow_url_include” always be disabled.
  • “register_globals”. This setting allows global PHP variables to be set at runtime through a URL. Having it enabled could allow attackers to modify arbitrary PHP variables. This can lead to SQL injections, arbitrary code execution, and other exploits for vulnerable PHP applications. We generally recommend that “register_globals” be disabled.
  • In addition to these three PHP settings, we also recommend that certain vulnerable PHP functions be disabled. In doing so, the effectiveness of PHP shells and other PHP based malware is reduced. The list of functions that we generally recommend that users disable is as follows:
    dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid

Point 3: Check apache mod_security ruleset. Apache mod_security is a software firewall which scans incoming HTTP requests for known exploits. We maintain an internal ruleset for many known exploits. We always check to ensure that the latest ruleset is installed on a server prior to its deployment. Optionally, we can configure your server to daily update its ruleset to ensure that your server is always using our latest ruleset.

Point 4: Check CSF/LFD configuration. CSF/LFD is a software firewall suite which supports automated brute force detection and prevention, process tracking, SYN flood protection, and a wide range of other automated security features. We install and configure CSF/LFD on all our standard Linux servers by default.

Point 5: Check system binaries. We audit your server’s system binary package versions (such as BIND, apache, udev, etc.) to ensure that they are up to date and not vulnerable to any known exploits.

Point 6: Configuration partition mounting options. We change configuration on partitions to lessen risk of filesystem-based attacks, as well as reduce I/O overhead.

Point 7: Disable typically un-needed services. We disable services that are not commonly used to ensure to help ensure the security of the server.

Point 8: Deploy an initial security-focused configurations. We deploy initial security-focused configurations for MySQL, Exim, Cpanel, FTP, SSH, PHP.

Point 9: RKHunter. RKhunter is a program designed to scan your server for known rootkits and detected modified system binaries. We install RKHunter and initialize its state database.

Point 10: BusyBox. We install BusyBox and take steps to ensure its availability even if someone would chmod/chown recursively on /, whether accidentally or not.

 

How To Manage The Raw Access Logs from plesk panel

Access Log Browser

To access the Log Browser, go to Websites and Domains > Logs. You will be presented with a list of messages gathered from the logs. By default, the Log Browser displays messages present in the monitored logs at the moment of opening. If you want to refresh the list with messages added after opening the Log Browser, click Refresh. Alternatively, if you want to have new messages continuously added to the list, click Start real-time updates.

1To select the logs from which you want to view messages, click the Arrow_down icon, and select the desired logs from the menu.

Manage Log Files

To view all the messages in a log, go to Websites and Domains > Logs > click the  icon > Manage log files. The list of all tracked log files will be displayed.

2

Here you can click a log file name to view the file content directly in the Log Browser. You can click theIcon_Viewicon next to a log file to open it for viewing in a separate window, or theIcon_downloadicon to download it.

To save disk space, you can enable log rotation that is automatic compressing and/or deleting outdated website log files. To set up log rotation, go to Websites and Domains > Logs > click the  icon > Manage log files > Log Rotation.

You can delete log files that have been rotated (log files that have not yet been rotated cannot be removed).

Add a Custom Log File

You can add any custom log file from you web site directory to track its changes in the Log Browser. To do this, click the Add Custom Log button on the Manage Log Files page. The tree with your web site folders will be displayed. Select the file that you want to add to the Log Browser and click OK.

Note: Only plain text files can be selected. In order to be properly displayed, your custom log file should have timestamps for each log entry, otherwise it will not be parsed correctly.

3

As a result, the selected log file will be displayed in the list of managed log files.

4

If you no longer want to monitor this custom log file, click theStop_tracking_iconicon next to it. This does not remove the file from your file system, but simply removes the file from the list of files available in the Log Browser.

You can also open a text file in the Log Browser directly from the File Manager, using the Open in Log Browser option.

5

When you open a log file from the File Manager in the Log Browser, it is not yet added to the list of logs viewed in the Log Browser on a permanent basis. To add the file to the Log Browser, click the Add to Log Browser as Custom file button.

6

HTTP Error – WordPress Media Upload/Image Upload

At least few of the WordPress users might be familiar with this error “HTTP Error ” on WordPress admin area while uploading Images to Media library. It’s a known issue and I am going to give you the simplest way to resolve this error.Http-error-wp

This usually gets fixed by increasing upload limit in php.ini which has to be uploaded in wp-admin folder.

If that does not help then it can be easily fixed by switching the default image editor to GD. For this, we will have to create a plugin manually from your cPanel and enable it from WordPress admin area. The steps are as follows; Go to your “plugin” folder of your wordpress installation through your cPanel FileManager or FTP. “yourdomain.in/wp-content/plugins/“ Create a folder “default-to-gd“ Get into the folder and create a file called “default-to-gd.php” inside the folder. Paste the following lines of codes into the file and “Save” it. The following codes will set GD as your default Image Editor instead of Imagemagick.

==============================

<?php
/*
Plugin Name: Default to GD
Plugin URI: http://wordpress.org/extend/plugins/default-to-gd
Description: Sets GD as default WP_Image_Editor class.
Author: Mike Schroder
Version: 1.0
Author URI: http://www.getsource.net/
*/
function ms_image_editor_default_to_gd( $editors ) {
$gd_editor = ‘WP_Image_Editor_GD’;
$editors = array_diff( $editors, array( $gd_editor ) );
array_unshift( $editors, $gd_editor );
return $editors;
}
add_filter( ‘wp_image_editors’, ‘ms_image_editor_default_to_gd’ );

==============================

5. We have created the required files for the Plugin and now login to your WordPress admin area and Go to “Plugins Or Manage Plugins“.

You should see a plugin called “Default to GD” that we have created from File Manager just now. Click on “Activate the Plugin” and activate it.

Your default image editor has now been changed to GD once you activated the plugin perfectly. Try uploading your Images to your Media now, it should work.

How to Protect Your WordPress

As many users are probably aware, WordPress is one of the premier open source blog software available on the internet. It has gone far beyond the standard weblog and is now an excellent foundation for just about any type of website. However, the internet itself is fraught with inherent dangers which leave users open to attack by unscrupulous hackers.wordpress protect

It must be understood that it is impossible to prevent every attack, but there are many steps that can be taken to protect WordPress users and their websites. WordPress users have found the software to be highly configurable with an excellent support community available. Because of these features, users can expect considerable levels of security by adhering to the following recommendations outlined below.

How Your WordPress Blog is Affected

In the past, the goal of web hackers was simply to disable websites. These criminals, however, discovered that taking a website down did not produce any benefits. Today, their new mode of attack is to hijack websites for their own gain. WordPress hackers accomplish this primarily through link injection. They hack into the user’s web files and insert lines of code that attach unwanted links to practically every web page. The two primary negative effects of link injection are:

Time and resources involved in cleaning up the attack

Decrease of search engine page rank

WordPress users invest a significant amount of time, energy, and financial resources to set-up and maintain their blog. A blog may be used to generate substantial income for the WordPress user. Page rank is affected when search engines notice excessive links and flag a website. When search engine page rank is adversely impacted by an unwanted link injection, a user may face lost web traffic and, in turn, income.

How to Protect Your WordPress Blog

The goal of protecting a WordPress blog is to prevent outsiders from accessing a user’s web files. By taking the following measures, users can be proactive in the fight against hackers.

Standard Blog Maintenance 

An essential component of proper blog maintenance is to make certain that plugins and themes come from a trusted source. The best way to ensure this is to choose only those found in the WordPress.org plugins and themes directories.

Additionally, regular updates of plugins, themes, and the WordPress installation are also necessary for effective blog maintenance. These updates repair bugs and security vulnerabilities that have been discovered in the programs. It is best to update plugins and themes before updating the installation as compatibility issues may arise otherwise.

WordPress users should be aware that it is extremely important to backup the entire installation on a regular basis. Users should make themselves familiar with the process of restoring backup data in order to minimize down time if a problem occurs. The ideal backup system will be off the primary server and include redundancy.

Password Security 

A strong password is one of the first lines of defense against hacker attacks. A strong password may be defined as a password that is not easily guessed and contains both numbers and letters. The most secure passwords are random strings of letters and numbers, which may require the WordPress user to store this password in a secure location. There are internet sites that generate these random strong passwords at no charge.

To further maximize password security, WordPress has included the option of using secret keys. A secret key is a hashing salt that adds random elements to the user’s Key.

Creating a Secure User Name

The default administrator account for WordPress installations is given the user name “admin.” Most hackers are aware of this, and as a result, have half of the information necessary to access a user’s data. The only other piece of information hackers need is the user’s password. To protect a user’s account, this username should be changed to something unique. This can be accomplished in one of two ways depending on the user’s familiarity with MySQL.

Those familiar with MySQL can use a frontend program like phpMyAdmin or the following command: UPDATE wp_user_login=’new user’ WHERE user_login=’admin’.

For those that are unfamiliar with MySQL, the following steps should be taken:

Create a new user with a unique username

Assign an account to admin role

Log out and then log back in using the new user account

Delete the admin account

Recommended Security Plugins

There are several plugins available to WordPress users that can assist with blog security. The following are recommended security plugins for WordPress users:

WP Security Scan

This plugin searches the user’s installation for weaknesses that enable hackers to gain access to the user’s files. It also suggests the actions that will correct these weaknesses. The WP Security Scan may be initiated occasionally and need not be active at all times.

WordPress Exploit Scanner

By scanning a user’s files for evidence of a hacker intrusion, WordPress Exploit Scanner can alert the user to problem areas. Similar to the WP Security Scan, this plugin may be initiated occasionally and does not need to be active at all times.

WordPress File Monitor

This plugin constantly monitors a user’s files and alerts the user to any changes that are made. The user should be able to easily identify changes that are the result of attacks by hackers. To work effectively, WordPress File Monitor should remain activated at all times.

Login Lockdown

Limiting the number of times a login may be attempted, this plugin prevents hackers from guessing a user’s password through multiple efforts. The lockdown time can be set to the user’s personal preference. The Login Lockdown feature should be activated at all times.

Folder Permissions

Another method by which hacker attacks can be thwarted is to make sure the user’s folder permissions are set properly. Many blog hosts allow folder permissions to be set through the control panel. If not, stand alone ftp programs offer users the ability to change these permissions. A good rule of thumb for folder permissions is to set files at 644 and folder at 755. This should provide most plugins and themes the access they require. If the user finds that there are folder access problems, permissions may be increased as needed.

Change WordPress Table Prefix

The default installation of WordPress sets the database tables with the prefix wp_. This is another bit of information that hackers know well. Database files may be hidden by making the table prefix unique. This is accomplished by changing the wp-config.php file. Prior to installing WordPress on the user’s server, the wp-config.php should be changed. Changing existing tables can be quite complicated if these adjustments do not occur before WordPress installation.

.htaccess Lockout

While this method of security can become somewhat tricky, it is very effective at preventing a hacker attack. The goal is to specify the IP address or range of IP addresses that can access the administration section of WordPress. To do this, create a .htaccess file in the wp-admin directory on the user’s WordPress web hosting account. The file should contain the following information:

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName ‘Access Control’

AuthType Basic

order deny,allow

deny from all

#IP address to Whitelist

allow from xxx.xxx.xxx.xxx

Users may specify as many IP addresses as they like, and change the IP addresses easily. There is a drawback to this type of security measure, however. If there are many computers accessing the administration portion of WordPress, there will be many IP addresses to coordinate. For some users, this could present a substantial difficulty.

Force SSL Encryption

WordPress users can force their installation to use SSL encryption at the login or administration pages. This can be accomplished by modifying the wp-config.php file. In the file, add the following lines:

For the login in page – define(‘FORCE_SSL_LOGIN’, true);

For the administration page – define(‘FORCE_SSL_ADMIN’, true);

In order to use this security function, users must ensure that their server is set-up and configured for SSL encryption.

You Can Protect Yourself From Attack

The threats of hacker attacks on a WordPress blog are real, but there are ways to prevent nuisances such as these. With diligent maintenance and judicious preventative steps, a user can head off all but the most virulent hacks. Following the aforementioned recommendations will provide a high level of security for any WordPress user.