free wildcard SSL certificate

This is an EASY,  NO HASSLE, FREE way to get your site SSL protected and working through HTTPS. It is accomplished by using a free wildcard SSL certificate

  • Enable Flexible SSL for the domain in CloudFlare
  • Disable Lockdown plugin
  • Install CloudFlare Flexible SSL plugin on the site (it has to be this exact plugin)
  • Install WP Force SSL plugin on the site
  • Change the URLs in the Settings -> General area of the site

Making free wildcard SSL certificate work with a WordPress site

Make sure these are followed exactly as they are described above and the correct plugins are installed. If not followed properly your site might get into a redirect loop and some database tweaking will be needed.

 

[SOLVED][lsapi:error] Backend error on sending request(GET /wp-login.php HTTP/1.1); uri(/index.php) content-length(0) (lsphp is killed?): Unexpected LS header with data. Data len is 162

Sometimes you might encounter lsapi Unexpected LS header with data error.

This is part of lsapi processing and can be fixed in the following ways:

  • open /etc/httpd/conf/extra/mod_lsapi.conf or
    /usr/local/apache/conf/conf.d/lsapi.conf (on Cpanel servers)
  •  add this line:
    lsapi_backend_accept_notify On
  • Restart Apache:
    service httpd restart

After this the error will be gone.

 

Securing WordPress site

Prevent .php files from being executed from

wp-includes and wp-content/uploads directories

Sometime malicious php files can end up in those two directories and then a spamming script can execute them to run the other scripts that will send out spam through your site. Protect these directories by adding .htaccess files to both with the following content.

Options -Indexes
<Files *.php>
deny from all
</Files>

 

 

Unblock your IP from your billing account

This is a very handy feature if your IP got blocked due to incorrectly typed in password.

Log in to your billing account at https://billing.2by2host.com. You will see the Unblock IP widget at the top left corner:

Unblock IP widget

Click on it. It will open up and display your automatically-detected IP address:

Unblock IP info

Select your domain and click the Unblock button.

This will remove your IP from the firewall and you will be able to access your services again!

 

Disabled PHP functions

As an increased security measure it’s a good idea to have the following functions disabled in your php.ini file:

show_source – Prints out or returns a syntax highlighted version of the code contained in filename using the colors defined in the built-in syntax highlighter for PHP.

system – Execute an external program and display the output

shell_exec – Execute command via shell and return the complete output as a string

passthru – Execute an external program and display raw output

exec – Execute an external program

popen – Opens process file pointer

proc_open – Execute a command and open file pointers for input/output

These are potentially unsafe functions that malicious scripts can take advantage of. More information about PHP functions can be found here.

Here’s an easy-to-paste string for your php.in file: show_source,system,shell_exec,passthru,exec,popen,proc_open

FTPs connecting to your site securily

Use a secure FTP connection

FTPs stands for File Transfer Protocol Secure. In our implementation both user name and password will be encrypted using SSL certificate.

When you connect to your site the same way you’ve always done before you will see the following prompt.

FTPs prompt

Make sure to accept it and you can also check the “Always trust certificate in future sessions” option to prevent from seeing this prompt again.

Cleaning your site from spam and viruses

Cleaning your WordPress site from viruses and malware

0 – Back everything up first
1 – Clean everything up completely in your home directory. Remove files and directories. that you don’t recognize
2 – Change FTP and Woprdress login passwords
3 – Set up a traffic relay through secure proxy
4 – Keep automatic updates running for WordPress, plugins and themes
5 – Enable Apache mod security
6 – Prevent script execution from the uploads directory

 

FTP access

How to access web sites through FTP

In most cases we relay the main domain and www subdomain through CloudFlare service. For example if your domain is MyDomain.com that and www.MyDomain.com will be “protected” relayed though the CloudFlare service. Which means if you ping it you will get the CloudFlare’s IP address. Therefore, if you try connecting to those from your FTP client you will not be connecting to your site but instead to an IP address at CloudFlare. This will not work at all!

Option I

When we create a DNS zone we always add the FTP A record that maps it directly to your site’s IP address. For example the correct host name for the example domain would be ftp.mydomain.com This will ensure that the CloudFlare service is bypassed and the connection is made directly to the site’s IP address.

Option II

Another way to connect is either by the server name (find out from your hosting provider) or directly by IP address of the site.  All these are true for when the site is not protected by CloudFlare.

If the domain name is not relayed through CloudFlare service then connection by domain name will work as well as using Option II.

Domains

Each site starts with a domain name. Domain names are registered through ICANN organization and are regulated by the same authority. Most companies are re-sellers but some that focus on domains names became registrars themselves and therefore can charge lower yearly fees. It normally costs them only about 25 cents and most like Godaddy pass that fee directly to the customer plus the mark-up.

Domain lookup:

When troubleshooting domain issues it’s important to be able to look up some information about that domain. This tool is great and can be used to get detailed information about each domain. Domains get either pointed to the name servers of domain registrar or the web hosting provider. There are some cases where domains can be pointed to services that specialize in DNS records and traffic. Like in our case we use CloudFlare to mange DNS entries, channel the traffic, save bandwidth and protect against denial of service attacks.

A domain look-up will reveal two pieces of information:

a – The domain registrar

b – The name servers

These are needed to gain access to the domain itself (domain registrar) and at the same time find out where the DNS zone (records that map host names to IP addresses) is located. Knowing these it will be very easy to manage both. We prefer all our customers to point their domains to the name servers we specify. This way we can flawlessly manage them from a single location.