WordPress Toolkit Deluxe Available To All Accounts

WordPress Toolkit Deluxe is now a standard hosting feature for all paying hosting accounts at Web Hosting Magic.

WordPress Toolkit is an all-in-one WordPress management solution for WordPress® installations.

better WordPress hosting with WordPress Toolkit Deluxe

WordPress Toolkit makes working with WordPress easier even if you have 1000 of them installed.

With WordPress Toolkit Deluxe, you get:

  • feature-rich & hassle-free management of WP websites, with plugin & theme set management.
  • staging and cloning functionality make experimenting and testing updates easier than ever.
  • advanced security features such as smart updates to ensure the safety of your websites.

To use WordPress Toolkit, visit the Domain section of your cPanel.

If you are unable to see WordPress Toolkit, use the search field in cPanel to look for it.

As recommended before, do not use Softaculous WordPress Manager at the same time with WordPress Toolkit.

Elect to go with one: Softaculous WordPress Manager or WordPress Toolkit Manager.

We hope that this will make your WordPress hosting experience even better.

If you are not a customer yet, please visit our web hosting plans at ⁣dashboard.webhostingmagic.com/store/web-hosting-packages to gain access to a better WordPress hosting with WordPress Toolkit Deluxe.

How To Turn On ModPagespeed For Your Domain

mod_pagespeed, a Google web server module that automatically optimizes and boosts your site performance is now available to all web hosting accounts.

Web Hosting Magic mod_pagespeed web hosting


While it is available to be used, customers have to explicitly enable it on their domains and websites to start reaping its benefits.

Before enabling mod_pagespeed for any domain, we highly recommend that you double-check to ensure that it has a valid SSL/TLS certificate (which by the way is FREE to all web hosting accounts).


How To Turn On ModPagespeed For Your Website

To enable mod_pagespeed on your domain:

Log in to cPanel

Select File Manager from the Files section.

Select the .htaccess file and click on Edit

If the file is not visible, configure File Manager to show hidden files.

how to enable htaccess file in cPanel

If you are still unable to see a .htaccess file after toggling File Manager to show hidden files, then you need to manually create one.

Once you have opened your .htaccess file, add the following to the rule found at https://cdn.ordercloudserver.com/announcements/modpagespeed-on.txt to the file.

Save to close the file then visit the website to make sure that everything is OK.


How To Check To See If ModPageSpeed Working

You can easily verify it works either by:

  • reviewing the response headers via your favorite browser's Developer Tools
  • checking for the headers using the curl command:
    curl -v --silent https://example.com/ 2>&1 | grep pagespeed
  • viewing your web page source code and looking for instances of "x-mod-pagespeed "
  • or using third-party tools such as https://securityheaders.com or https://www.sureoak.com/seo-tools/http-headers-checker to check the header and look for ModPagespeed.

ModPagespeed comes with standard core filters that are configured to be safe for most websites.

If you are adding additional filters, we assume that you understand the risk.

We highly recommend that you try everything out in a development environment before enabling mod_pagespeed on a live website.

If you discover after enabling mod_pagespeed that your website is having issues, please disable mod_pagespeed.

If you are not a customer yet, please visit our web hosting plans at ⁣dashboard.webhostingmagic.com/store/web-hosting-packages to gain access to a better web hosting service with mod_pagespeed.

How To Optimize Your PHP Website Using PHP X-Ray

The Web Hosting Magic team is happy to announce that our PHP optimization tool called PHP X-Ray has exited beta testing and is now available to customers.

You know that feeling you get when you have done everything you could to optimize your PHP website performance, and still, nothing seems to work.

As a good webmaster, you have gone through the code, done everything you could, and even reinstall the CMS software.

You just can't seem to nail the cause of the sluggish-performing website which can be because of:

  • poorly-coded plugins & theme
  • slow database queries
  • poorly-written code functionality
  • external calls
  • slow APIs
  • and even possibly spikes in website traffic.

The fact is that without a dedicated tracing tool that easily plugs into your CMS and analyzes the site to help you identify the root cause, resolving this might be like shooting in the wind and hoping something will stick.

Enter PHP X-Ray.

PHP X-Ray (located in the Software section) is a tool you can use to monitor and diagnose performance in content management systems (CMS) applications such as WordPress, Joomla, or Drupal easily without affecting uptime.

So instead of tediously combing through web application code and plugins, you can scan your website, identify performance bottlenecks in case of a slow website and resolve them swiftly.

How To Find Your Slow Website Issue Using PHP X-Ray

For accounts or hosting packages with PHP X-Ray enabled, all you need to do is to:

  1. Log in to your cPanel and scroll down to Software.
  2. Click on PHP X-Ray and when the page loads, create a tracing task. If you are unable to see the tool in Jupiter, please change your theme to paper_lantern.
  3. Specify the site URLs or domains that have performance issues by selecting the domain from the drop-down list. To specify URL or wildcard, end-users should use the input field next to the domain. Please note that the URL option should be a valid URL of the domain that exists on your current hosting account. The field supports wildcard matching. Click How to use special characters to learn more about wildcard matching.
  4. Click Run, then visit the site and perform an action.

For instance, you can submit a form on the site to perform a POST request, which will trigger PHP X-Ray data collection.

Now return to the tracing dashboard to review feedback.

You will see the task in the list of tracing tasks.

PHP X-Ray will sort requests by order of the slowest requests at the top so that you can prioritize issues.

View the Details page to get additional information about the performance issue and feedback on the root cause.

Let's say that a WordPress plugin is using extensive resources for the request, you will find the details on this page.

All you have to do is to disable the plugin in the CMS administrative dashboard.

Revisit the site, and performance should improve.

The Details page in the trace dashboard should also show no performance issues.

We hope that this will help you optimize your website without the need to spend a fortune on doing just that.

Not yet a customer yet?

Get one of our budget-friendly web hosting packages at www.webhostingmagic.com/pricing.html

Behold Jupiter, Our New cPanel Theme

We are delighted to introduce you to our new cPanel theme that is designed to improve the cPanel interface for both new/experienced users and cPanel more user-friendly.

The name is called Jupiter and if you log in to your cPanel, switch to the new theme, you will notice on the side-pane that it now has two main pages: the Tools page and the Solutions page.

The Tools Page lists cPanel’s applications and grouped them into categories. Like in Paper Lantern, you can click on and drag these groups to arrange them in any order. On the right sidebar, the General Information and Statistics panels display website and server information at a glance.

The Solutions Page is created with first-time cPanel users in mind. It is designed to guide you on how to use cPanel effectively and efficiently. Experienced users may also find this page to be a valuable source of information.

On the Solution page, the top twenty questions asked by our users are listed.

Clicking on any of these questions will take you to our public documentation to help you find a solution to your issue.

If you don’t see the problem you are experiencing, we have also included links to our documentation at https://dashboard.webhostingmagic.com/knowledgebase.

The Main Menu allows you to easily switch between these two pages.

While Jupiter is now the default for all newly-created accounts, customers with existing accounts can choose the one you are most comfortable with or switch between these two modern user interfaces.

Note: Before proceeding with the theme switch, please note that some plugins that we provide haven't been configured to work with the new Jupiter theme. If you are unable to see or use the JetBackup, Softaculous, etc after switching to Jupiter, please switch back to Paper_Lantern/Glass to use them.

In the Paper Lantern theme – From the cPanel interface, select your theme in the General Information panel from the drop-down menu:

cPanel Paper_Lantern Theme

In the Jupiter theme – From the Tools page in the cPanel Interface, select your theme in the General Information panel from the drop-down menu:

cPanel Jupiter Theme

We hope that you will find Jupiter as useful as we believe you would and have a great weekend!

Google & Facebook Accounts Login Enabled

Google & Facebook Logins

We often see situations where customers forget their log-in credentials and have to use the password reset over and over again.

To help address this issue, we have enabled the Facebook & Google Sign-In integration for faster sign-up and automatic sign-in.

Having said that, there is very important to point out.

The billing console also grants you (and anyone with your credentials) access to your servers, payment methods, billing/email/ticket history, etc.

If your Google account or Facebook account is compromised and you have not enabled two-factor authentication on your Web Hosting Magic account(s), the intruder will gain access to your data.

Before using this log-in feature, please do visit your security settings page and enable 2FA.

That way, if anyone should ever gain access to your Google or Facebook account(s) and attempt to login to your Web Hosting Magic, they will be stopped stone-cold since they won't be able to complete the authentication process.


How To Login With Google or Facebook

There are two ways to associate Google, Facebook, or Twitter with your account and use it for subsequent logins.

Option 1:

  1. Visit https://dashboard.webhostingmagic.com/login
  2. Select either Google or Facebook to log in.

You will see a notice such as:

Link Initiated!

Please ensure that you have completed the initial account registration before attempting to associate either of these services with your existing Web Hosting Magic account. You just need to do this once.

Once this has been done, you can log in with either Google or Facebook the next time you visit.

You can also log out and log in with them.

Option 2:

  1. Log in with your existing account with email and password
  2. Visit https://dashboard.webhostingmagic.com/user/security and then link your Google or Facebook accounts.

Next time you visit, you can then either of these to log in.

If you receive an error message when attempting to sign in with these, please use your normal sign-in credentials and do let us know via www.webhostingmagic.com/feedback.html about the issue so we can get it sorted out.

Changes Made To Our Branding Color Logo and Images

Web Hosting Magic Design Team

Conventional wisdom dictates that a business shouldn't change its logo or branding identity once set.

We totally agree ... as long as you are a conventional company.

Antoine de Saint-Exupéry once said that "perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away."

We are on a quest to find perfection even when its meaning keeps evolving technologically because we believe that there is always something to be improved on.

The alternative is staleness and it is something we really want to avoid as much as possible.

 

Our web dev design team recently made changes to our branding: colors, images, logo, etc and these can be seen when you visit our service/social websites.

While the previous ones are OK-ish, we think that these changes closely reflect our services especially as we seek to differentiate ourselves from an over-crowded market.

 

We hope you like it. If you don't, please do let us know by visiting www.webhostingmagic.com/feedback.html


Please visit our website at https://www.webhostingmagic.com/ and/or the billing system at https://dashboard.webhostingmagic.com/ to see the changes.

For a better experience, please do clear your browser cache when visiting.

Announcing Our New Server Status Page


Routine system maintenance (to keep the machine hale & hearty), unplanned outages (gremlins) do happen.

When this pops up, you want to know about it.

Not only to help you plan, but we believe that this also will keep you abreast of any existing issues.

As part of a long-standing effort to be proactive and transparent, we have created a public status page to inform customers of network maintenance and/or real-time server issues.

The page is located at https://status.webhostingmagic.com/


Statuspage Bot Dancing


When you visit the page, scroll down and you can see options to:

  • subscribe to receive emails
  • subscribe to receive desktop notifications

Unlike the page at dashboard.webhostingmagic.com/serverstatus.php which requires logging in to view current status, no login required for this public-facing page.

It is important to note though that not all systems will be available on this page.

We hope this helps and of course, will be looking forward to your suggestions & feedback.

Thanks.


bbPress Security Vulnerability Fixed With 2.6.5


If you are using the popular WordPress plugin bbPress, please do update the plugin and install the latest version as versions from 2.6.0 to 2.6.4 contain a serious vulnerability.

Many of our customers often uses bbPress to create online forums on their WordPress-powered websites.

The discovered vulnerability allows unauthenticated normal users to escalate their privileges and become an administrator or moderator.


When the intruder gain access as an administrator,  he or she can add/remove posts, topics, and entire forum sections. 

He or she can manage the website settings, including internal spam protection.

And this obviously can lead to data loss, or the disclosure of sensitive information contained in a forum’s private sections.


The vulnerability is caused by flawed callback function bbp_user_add_role_on_register which handles the register_new_user event creates the vulnerability every time a new user is registered.

This file is located at bbpress/includes/users/signups.php.

bbp_user_add_role_on_register blindly and without validation uses the information passed through the bbp-forums-role POST operation. 

With these privileges, attackers can gain access to protected data and do whatever they want on the forum.


Our security rules has been updated to prevent bbPress users from exploiting the vulnerability, while at the same time avoiding false positives.

Please do update at once as the bbp_user_add_role_on_register issue has been fixed with version 2.6.5 now available on production systems.

It now includes a validation logic that ensures only an administrator can grant users such privileges.

When granting such privileges, remember the principle of least privilege which states "that a subject should be given only those privileges needed for it to complete its task".

If a subject does not need an access right, the subject should not have that right.

Further, the function of the subject (as opposed to its identity) should control the assignment of rights. If a specific action requires that a subject's access rights be augmented, those extra rights should be relinquished immediately upon completion of the action.

Web Application-Specific Firewall Released

To maximize Web Application Firewall effectiveness (cover as many attacks as possible), yet minimize “false-positives” for them, our WAF is been automated to be more accurate.

This web application firewall auto-configurator generates a set of rules on a per-domain basis, taking into consideration the content management system (WordPress, Joomla, etc)), that you install on the website.  

It works in the background scanning domains for the installed CMS each day.

And once it is done, it completely rebuilds the configuration based on the detected software. 

The main benefits of this feature is a complete reduce in false-positive hits caused by rules designed for applications that aren’t installed on the web site.


For now, this feature is limited to customers in Portland, Oregon using the hostname: west.cpanel.


Malware Scan on Demand Now Available In Your cPanel

Over the past several months, we have been inundated with the feature request from our enterprise customers for a way to enable scan action in cPanel so developers could run a scan at any time on their own. 

Today, we happy that as part of our test case, customers using in the Oregon region using the hostname: west.cpanel now have access to this option.

Configurable options to enable/disable the Scan action in the UI.

  • Extended real-time scan folder list
  • Enhanced coverage of the real-time scanner, including a user’s home directory, and everything it encloses.

Please note that this is still a beta feature.

So while extensive testing has been done, do let us know if you run into any issue that may have been caused by using this feature.

Customers wishing to take advantage of this may request migration from an existing region to Oregon.

Show Previous EntriesShow Previous Entries