; cPanel-generated php ini directives, do not edit ; Manual editing of this file may result in unexpected behavior. ; To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) ; For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
; cPanel-generated php ini directives, do not edit ; Manual editing of this file may result in unexpected behavior. ; To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) ; For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
This is very important because when your file will be infected you may not clean all infected code, so in this situation you can restore your files
Disable File Edit
WordPress has built in code editor under Appearance menu which allows you to edit your theme and plugin files from your WordPress admin area. You should disable it. You can add code in wp-config.php files
Add below code to WordPress functions.php. This code contains the WordPress action & filter hook and the corresponding callback function. The callback contains code for restricting number of invalid login attempts.
function check_attempted_login( $user, $username, $password ) {
if ( get_transient( 'attempted_login' ) ) {
$datas = get_transient( 'attempted_login' );
if ( $datas['tried'] >= 3 ) {
$until = get_option( '_transient_timeout_' . 'attempted_login' );
$time = time_to_go( $until );
return new WP_Error( 'too_many_tried', sprintf( __( '<strong>ERROR</strong>: You have reached authentication limit, you will be able to try again in %1$s.' ) , $time ) );
}
}
return $user;
}
add_filter( 'authenticate', 'check_attempted_login', 30, 3 );
function login_failed( $username ) {
if ( get_transient( 'attempted_login' ) ) {
$datas = get_transient( 'attempted_login' );
$datas['tried']++;
if ( $datas['tried'] <= 3 )
set_transient( 'attempted_login', $datas , 300 );
} else {
$datas = array(
'tried' => 1
);
set_transient( 'attempted_login', $datas , 300 );
}
}
add_action( 'wp_login_failed', 'login_failed', 10, 1 );
function time_to_go($timestamp)
{
// converting the mysql timestamp to php time
$periods = array(
"second",
"minute",
"hour",
"day",
"week",
"month",
"year"
);
$lengths = array(
"60",
"60",
"24",
"7",
"4.35",
"12"
);
$current_timestamp = time();
$difference = abs($current_timestamp - $timestamp);
for ($i = 0; $difference >= $lengths[$i] && $i < count($lengths) - 1; $i ++) {
$difference /= $lengths[$i];
}
$difference = round($difference);
if (isset($difference)) {
if ($difference != 1)
$periods[$i] .= "s";
$output = "$difference $periods[$i]";
return $output;
}
}
Change Default Admin username if any. If not you are not able to delete user, make him subscriber.
Change WordPress Database wp_ Prefix
We can change it tow ways. One is Plugin Installation and custom SQL mode.
We can change it both custom more or with SQL command. The steps given below –
Step 1 – Change all table prefix in wp-config.php. Edit below prefix from File Manager
$table_prefix = ‘wp_’;
Change as
$table_prefix = ‘wprmg_’;
Now Save the file
Step 2 – Change all table prefix in database
Click on database name > Select all table start with wp_ ; > Click With selected to open drop down > With selected > Type in wp_ in the From-field, and type wprmg_ in To-field, wprmg_ > Click Continue for change
Step 3 – Replace all references into the old prefix
WordPress still contain to the old table prefix. To all changing the prefix, you need to replace these with new prefix.
Now go to SQL command in phpmyadmin and copy and paste the following commands
update NEWPREFIX_usermeta set meta_key = 'NEWPREFIX_capabilities' where meta_key = 'OLDPREFIX_capabilities';
update NEWPREFIX_usermeta set meta_key = 'NEWPREFIX_user_level' where meta_key = 'OLDPREFIX_user_level';
update NEWPREFIX_usermeta set meta_key = 'NEWPREFIX_autosave_draft_ids' where meta_key = 'OLDPREFIX_autosave_draft_ids';
update NEWPREFIX_options set option_name = 'NEWPREFIX_user_roles' where option_name = 'OLDPREFIX_user_roles';
Replace OLDPREFIX and NEWPREFIX, with your own old and new prefix. Like in the example below, where we replace wp_ with david_:
update david_usermeta set meta_key = 'david_capabilities' where meta_key = 'wp_capabilities'; update david_usermeta set meta_key = 'david_user_level' where meta_key = 'wp_user_level'; update david_usermeta set meta_key = 'david_autosave_draft_ids' where meta_key = 'wp_autosave_draft_ids'; update david_options set option_name = 'david_user_roles' where option_name = 'wp_user_roles';
Click on Go to run the commands and complete the change.
Change Default Login URL Without Plugin
Process 1: WordPress default URL: /wp-login.php or /wp-admin
At first go to public_html
Then take backup wp-login.php file
Then rename wp-login.phpinto any namen like mashiur.php
Then open file mashiur.php in any editor like notepad++
Then Replace all wp-login.php into mashiur.php (Generally 12 file will replace)
Finally it is done. Now go to your new URL and login
Process 2: Add the following code to your .htaccess file to change the name of your login URL: 01 RewriteRule ^mynewlogin$ http://www.yoursite.com/wp-login.php [NC,L]
Process 3: Plugin Installation
Prevent PHP direct execution on sensitive directories
Directories such as “wp-content” and “wp-includes” are generally not intended to be accessed by any user, consider hardening them via Sucuri Security -> Settings -> Hardening.
Disable SSH Access
By default it may open. 99% hacker try to login with SSH console. So must disable it
Configure Brute Force Protection
You can protect from WordPress Plugin, cPanel, WHM, VPS, even form dedicated server control panel
Jetpack Security :
User Free feature of Jetpack plugin to protect brute force attack
cPhulk Brute Force Protection Configure
Disable XML-RPC in WordPress
domain.com/xmlrpc.php XML-RPC file is required to jetpack to work. Without the xmlrpc, Jetpack will not work.
1 Click Staging
Safely test changes to your website before you roll them out to visitors without breaking your site. Staging gives you confidence to test changes before you publish without worry. It creates a copy of your site in a “sandbox” environment where you can experiment & preview changes without it affecting . When you’re ready, push your changes to your live site with a simple click!
You’ll see a link and login information abccom.stage.site
When you go here, you’ll be asked for user name / password. Its provided on the same staging tab
The staging site should be a replication of your live site.You can then login to the staging wp-admin and make the changes there
Remember, your changes in the staging will not affect the live site.If you like the changes you made on the staging site and want to push to the live site, you can request that on the staging tab
(M) Sucuri Security – Auditing, Malware Scanner and Security Hardening
(N) Titan Anti-spam & Security
(O) WP Activity Log
(P) Anti-Malware Security and Brute-Force Firewall
(Q) Hide My WP Ghost – Security Plugin
Free Features
Block spam comments
Brute force attacks to hack password
Brute force attacks to identify account name
Two-factor authentication (2FA)
CAPTCHA stops bots from logging in
Google reCAPTCHA for against spammers.
Limit Login attempt
Custom Login URL
WordPress.com powered login & 2FA for extra protection
Back up your site automatically and restore
Set a maximum password age and force users to choose a new password
Security Protection for WordPress login form
Security Protection for WordPress backend
Uptime / downtime monitoring
Checks core files, themes and plugins for malware
Activity log and Alert to admin for file editing
Repair files that have changed by overwriting them with a pristine, original version.
Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content
Block logins for administrators using known compromised passwords.
Firewall identifies & blocks malicious traffic
Blocks requests that include malicious code & content.
Temporary Privilege Access permissoin
Login masking – change the location of WordPress’s default login area Login lockout – failed login attempts lockout 404 Detection – automated block of bot IPs Geolocation IP lockout – block users based on location and country (IP blocking) WordPress Security Firewall – block or whitelist IPs Disable trackbacks and pingbacks – spam prevention Change default database prefix – they won’t find this Disable file editor – if they get in, they won’t get far Prevent PHP execution – because it’s daaaangerous Permit or restrict access by White IP Access list and Black IP Access List with a single IP, IP range or subnet. Cerber anti-spam engine for protecting contact and registration forms. Protects wp-login.php, wp-signup.php and wp-register.php from attacks. Hides wp-admin (dashboard) if a visitor isn’t logged in. Immediately blocks an intruder IP when attempting to log in with non-existent or prohibited username. Restrict user registration or login with a username matching REGEX patterns. Block access to XML-RPC (block access to XML-RPC including Pingbacks and Trackbacks).
Presentation on Domain & Hosting Server Management
Slide 1
Introduction
For RMG Sector all company should have their own Hosting Server. In a survey, it is found most of the organisation does not have their own Hosting Server. IT department of this company are busy only with hardware and software services
Slide 2
Domain Purchase
Purchase from direct service holder. e.g. Godaddy, Bluehost, Site5 etc.
Avoid purchase for local service holder
Slide 3
Domain Security
Add domain privacy
Add 2-step authentication
Secure Domain information by activating anti-virus software
Keep your domain contact information up to date with your register
Set a reminder for avoiding your registration expiring
Set registry lock service to prevent anyone to transfer your domain
Avoid a phishing attack because hackers can email claiming to be your registrar
SSL certification installation and enable DNSSEC for extra protection
Slide 4
Hosting Purchase
Shared Hosting (cPanel)
Reseller Hosting (WHM)
WordPress Shared Hosting
WordPress Managed Hosting
Woo commerce Managed Hosting
VPS Hosting Plans
Dedicated Server Hosting
Slide 5
Shared Hosting (Single cPanel) Management
There are different types of shared hosting offer by hosting service provider
Multiple Web sites hosted on the same server/cPanel as addon domain/subdomian
Maintenance & security handled by hosting provider
Slide 6
Reseller Hosting (WHM)
WHM means Web Host manager. It includes below featues
Can create multiple cPnael
Backup facility
SSH Access
Slide 7
WordPress Shared Hosting
It is similar to Shared Hosting. It includes below features-
WordPress Package Installed by Hosting Provider
Fast SSD Storage
Free SSL Certificate
1 Website
Slide 8
WordPress Managed Hosting
WordPress Managed Hosting is completely configured and managed by hosting provider. It includes below features-
Built for ~100k Monthly Visitors
Unlimited Email
30GB SSD Storage
Unmetered Bandwidth
Click Staging
SSL Certificate Pre-Installed
On-Demand + Daily Backups
24/7 WordPress Support
Jetpack Free Pre-Installed
Slide 9
Woo Commerce Managed Hosting
Woo commerce Managed Hosting also managed by hosting provider. It include below features
1 WordPress website only
Managed by hosting service provider
Slide 10
Pricing Comparison
Type
Shared Basic
Shared Adv.
WP Managed Basic
WP Managed Adv
WP Managed WooCom
VPS Basic
VPS Ad
Dedi cated
IP
X
X
X
X
X
1
2
4
Core
X
X
X
X
X
2
2
12
RAM GB
X
X
X
X
X
2
4
16
HDD GB
30
30
40
80
120
30
50
2TB
Bandwidth
10Gb
50Gb
Unlim
Unlim
Unlim
2TB
Unlim
Hit at a Time
60
60
Unlim
Unlim
Unlim
5K
5K
Unlim
Monthly Visitors
100K
100K
150K
500K
1M
Unlim
Unlim
Unlim
Domain
1
Unlim
1
1
Unlim
Unlim
Unlim
Unlim
SSL
Free
Free
Free
Free
Free
Free
Free
Free
CDN
Free
Free
Free
Free
Free
Free
Free
Free
Managed
Easy
Easy
Easy
Easy
Easy
Hard
Hard
Hard
Pricing/M
$3
$15
$10
$20
$72
$20
$80
$280
Question: What is the server status
Answer: I see the site’s using DreamPress Pro which comes with 4GB of RAM/Memory and 120GB of disk. There have been over 95.000 requests to the site today but the site has not run out of memory which is a good sign. Currently, there are 2.5GB of available memory so that’s a good sign too. (dp)
Slide 11
WordPress Managed vs Dedicated
Comparison Between WordPress Managed and Dedicated Server
Services
Managed WordPress
VPS/Dedicated Server
Hosting Server
$72
$200
Jetpack Professional
Free
$30/m
Automated Daily Backups
Free
$15/m
On-Demand Backups & 1-Click Restore
Free
Ticket Support
1-Click Staging
Free
X
Malware Scan & Removal
Free
$20/m
Speed Optimization
Free
Senior Admin Required
WordPress Support & Serveries
Free (24/7)
Senior Programmer Required (Office Hour)
Storefront Theme
Free Setup
Setup by Customer
WooCommerce
Free Setup
Setup by Customer
1-Click Staging
Free
X
SSL Support
Free Setup
Setup by Customer
CDN Support
Free Setup
Setup by Customer
Root Access
Dashboard Only
Root Access Full
No of Website
1
Unlimited
FAQ
Question: What is our shaerd server configuration. Can u help me. I mean memory, disk space, CPU, Core, IP etc
Answer: Sure, I see that you have a shared Choice Plus account, you can host unlimited email accounts, unlimited websites with unmetered Storage space. You have a shared hosting account where a single physical server hosts multiple sites. Many users utilize the resources on a single server. Users each get a section of a server in which they can host their website files
Question: What s are the advantages if we upgrade into VPS
Answer: VPS is a Private server, and you will get more resources in a VPS account (b)
Question: How much memory / RAM , we are using in shared hosting?
Answer: No Specific limit in memory / RAM in shared account System resources are shared on customers on the server, and each gets a percentage of everything from RAM and CPU (b)
Question: What is the bandwidth limit in shared Plus package?
Answer: There is no limit is Shared accounts (b)
Question: How many customers are using this server?
Answer: Shared servers can hosts hundreds (100) of users (b)
Question: How many visitors/ per month can handle by our existing shared hosting
Answer: It will be 8000 per day and 200000 visitors per month (b)
Answer: Your hosting plan is Suitable for ~100,000 Visits (s)
Question: how to measure it?
Answer: You can check the statistics from your cPanel–>Awstats (s)
Backup
Name Cheap Backup: Thanks for waiting patiently. AutoBackup does not take your disk storage. The backups are created on the server side according to the following schema: 6 daily backups, 3 weekly backups, 5 monthly backups, Once a new one is generated, the previous one is removed., We create server backups for some types of hosting services in case they meet the following requirements: 1) no more than 25 GB of disk space usage; 2) contain no more than 200,000 inodes.
Question: One of my database is very large, so SSH command is recommended for backup. It is only possible from your end. I need your help to make the database backup. After completing backup I will download it via Filezila
Question: One of my database is very large which is more than 1.2 Gb, so I can not take backup from my end. It is only possible from your end. I need your help to create backup in cPanel. Please tell me backup location as I can download it via Filezila
Answer: Okay. You can do the down load via the FTP client filezilla. let me know which website database back up you wish to have now?
How can I take backup this type of large database myself?
You can try with the SSH commands on your way.
Question: How many visitors can access at a time in existing hosting?
Answer: Not more than 60 or 80 at a given time,If so Website will go down (b)
Question: What is the next level upgradation, e.g. WHM/ VPS/ Dedicated etc ?
Answer: It is not possible to upgrade this account to a VPS or Dedicated server. You can signup with a VPS/dedicated account depending on your requirement’s (b)
WHM – Web Host Manager (Multiple cPanel) Management
Basic WebHost Manager Setup Security Center Clusters Remote Access Key
Folder Permission
Please make sure to set the folder permission to 755 and file to 644
You can update it from your end through your cpanel>> File manager
Folder permission should be 755 and file should be 644
Account Information
List Accounts
List Parked Domains
List Subdomains
List Suspended Accounts
Show Accounts Over Quota
View Bandwidth Usage
Account Functions
Account Functions
Create a New Account
Force Password Change
Limit Bandwidth Usage
Manage Account Suspension
Modify an Account
Password Modification
Quota Modification
Skeleton Directory
Terminate Accounts
Web Template Editor
Packages
Add a Package
Delete a Package
Edit a Package
Feature Manager
DNS Functions
Add a DNS Zone
Delete a DNS Zone
Edit DNS Zone
Edit Zone Templates
Park a Domain
Reset a DNS Zone
Set Zone Time To Live (TTL)
FAQ
Question: Last query,In our current shared hosting we got some basic feature and software that is configured by u, is not it?
Answer: Yes, that is correct (s)
Question: What is our WHM shared server configuration. Can u help me. I mean memory, disk space, hosting configuration etc
Answer: I checked the account is a shared hosting account and the disk space on each cPanel is 25 – 30 Gb (s)
Question: How much memory / RAM , we are using in shared hosting?
Answer: Here are the details on the shared server : Dual Xeon E5-2630 64GB RAM 2TB HDD RAID 10 1Gbps Uplink . However please note that since the resources on the account are shared, the hosting account has a disk space limit of 25 – 30 GB (s)
Question: How many customer are using this server?
Answer: Unfortunately, the number of customers on the shared server cannot be provided (s)
Question: What is the next level upgradation?
Answer: Since you are currently hosted with the shared server, if you wish you may signup for the VPS services (s)
Question: First I want to clear with 25-30gb. Is it single cPanel maximum space?
Answer: Yes, that is correct. The maximum disk space allotted on a single cPanel on the shared hosting account is 25 – 30 gb (s)
Question: If I create 10 cPanel’s , Can I occupied around 300 Gb? 10×30 = 300?
Answer: You may create 10 cPanel accounts on your hosting and use the 300GB however if the accounts are breaching any of the shared resource usage policy the account will be suspended by the admins (s)
Question: You are managing our shared hosting. Currently you are managing our shared server. is not it
Answer: Yes, we are managing the server as well as the issue related with the servers (s)
Question: Currently we are running around 7/8 cPanel in your WHM shared server. IF upgrade who will transfer files /database
Answer: Thank you for elaborating, the migration of the accounts from the shared to VPS service will be done from our end, free of cost (s)
Question: Second point, Can I install additional software in VPS
Answer: Yes, definitely, however, we will not provide support with the software end issues (s)
Question: I have copy and paste auto.sql file in directory path /auto.com/shop.sql. I have created a new database named code_shop and a new user named code_shop. Please import /auto.com/shop.sql in my created database named code_shop
Question: auto.com is currently running on another hosting provider. They have provided us WP Managed hosting. Anyway I want to run auto.com in parallel and separate website as code.com. As a result I have configured and copied all files and database into code.com website. Unfortunately code.com is not running. In addition, I have replaced all old URL https://auto.com as http://code.com before importing.
PHP Management
Question: How can I update PHP version in Cpanel?
Answer: On in advanced. Check for tool named multi php manager > Click on it. >Select your domain name from drop down > You will see list of domain names > Check mark your domain name > Then on top right you will see PHP version > Click on drop down and select the one you wish The latest is 7.3 > Yes sub-domains. if you wish you can manually change sub-domain php version later > Click Apply
How to Point a Subdomain from a hosting to another hosting
The domain hadisquran.com is using WordPress nameservers. As you wish to point only the subdomain abr.hadisquran.com to your hosting here, you may update the A record for the subdomain to your hosting IP value: 198.54.115.3.
