As we approach Christmas we’d like to take some time to introduce our free CDN feature that is officially launching on November 12th 2018. For a limited time, until the end of the year 2018 we’ll be giving out free CDN accounts with 10GB Bandwidth included!

You can have as many free CDN accounts as you’d like for as many sites as you’d like and each account will come by default with 10GB bandwidth included per month which is enough for the majority of the sites.

Our CDN works by caching your Javascript, your CSS and your images on our 34 and growing global datacenters which means that when a visitor loads your site those elements mentioned above will load from their closest datacenter so even though our servers are located in the US by adding our CDN onto your site if you have a visitor from Australia visiting your site the elements mentioned above will load from our Australian datacenter and so forth.

You will notice a performance improvement even if its in the milliseconds, depending on how much javascript, css and images your site has the performance improvement you will notice may be larger or smaller.

A lot of users may ask what the difference is with Cloudflare, the free version of Cloudflare by default does not offer any caching capabilities so you can use our CDN alongside Cloudflare with no issues!

We’ve taken this a step further and have fully integrated the setup of our new CDN with our members area where you can setup a new CDN account and purge the cache aswell which is a much needed function when you perform changes on your site.

You can order your free CDN account now by clicking here.

Before I continue with this post I should mention that all our servers do have very powerful firewalls in place including mod security, we’ve recently deployed over 60 new mod security rules on our servers however if the WordPress site itself is insecure no matter how secure the actual servers are the site will get compromised sooner or later – below we’ll supply some tips that will help you keep your sites secure.

1. Keeping your WordPress Core, Plugins, Themes up to date – this is probably the most important tip, the first step in securing your WordPress site is by keeping it fully up to date. What we usually recommend is setting aside an hour during your weekend and going through your sites and just click on the update button, if you have a lot of WordPress sites you can setup MainWP and add all your sites and with a push of a button you can update all your sites simultaneously.
2. Premium Plugins & Themes – unfortunately, the majority of the premium plugins & themes don’t have automatic update utilities, this means that when they release a new update WordPress won’t prompt you to update to the new version since they don’t have any automatic update utility in their software. What this means is that if you use premium plugins & themes you need to manually check updates on the sites of the developers – a large majority of the compromises occur due to outdated premium plugins and as such it is very important you make sure they are up to date.
3. The use of one-time plugins – a lot of times we install plugins that we’ll use once, for example, we install Duplicator to clone a site or we install a plugin to help optimize the database. Plugins that we install for this purpose should be removed as soon as we complete using them as that reduces the attack surface.
4. The use of Security plugins – this is very important, your first step as soon as you setup a new WordPress installation should be to install a Security plugin, We actively recommend WordFence despite the fact that it does cause an increased resource usage under some circumstances – it still is one of the best security plugins that currently exist. WordFence will also alert you if you are using any outdated plugins (note that it can’t know if a premium plugin is outdated or not) – following all actions WordFence suggests is also very important.
5. The use of outdated plugins – the majority of the hacking reports we’ve received recently we’ve noticed that there was at least one outdated plugin. Outdated plugin is any plugin that has not received an update in over 12 months, these plugins can contain serious vulnerabilities but since they are not actively been maintained it means there is no one to release fixes for vulnerabilities.
6. WordPress users – A lot of us fall into the trap of creating a new WordPress user with a password of ‘password123’ so that we can remember it, this, however, leaves a huge security hole. You should always use a strong 16-character password, you can use online tools to generate difficult passwords. Additionally, whenever you supply the password to any external party to troubleshoot any issue you should always reset the password as soon as they are done – it is even better that you create a separate account for the 3rd party to use which you then delete as soon as they are completed.
7. One site per cPanel – this only affects our cPanel servers, on cPanel you should always ensure you only one site per cPanel – having multiple WordPress sites in one single cPanel account just increases the attack surface for hackers and if one of the sites is hacked all the other sites will also be hacked. You can submit a ticket at any time to have us split your sites to separate cPanel accounts without any charge (this cannot be done on our Shared services as there is only access to one single cPanel account).

This concludes our tips for ensuring your sites don’t get hacked!

I hope that these tips prove useful to you. For any questions do feel free to leave a comment below and we’ll answer them as time permits!

• Logging into cPanel/WHM multiple times with an invalid username and/or password.
• Logging into your email account using an email client with invalid login details.
• Hitting one of our mod security rules.
• and many more…

We’ve completed the integration of a tool that will allow you to unlock your IP Address without any intervention needed from our team, you can now unblock your IP Address from within your client area under Support > Unblock IP or by clicking here.

If you experience any issues while using the feature as always do open a support ticket and we’ll investigate that for you further!

Before we continue with this feature spotlight we’re looking on your feedback on whether you’d like to see automatic WordPress updates to the WordPress Core and Plugins implemented to our shared & reseller services, this is something we’ve been considering for a long time now and we’d like to see your feedback! Please provide your vote in the poll below.

In this feature spotlight we’ll concentrate on our Shared and Reseller hosting services and all the behind-the-scene features that are available with all of our packages by default (feature spotlights for the rest of our services will be published in the next weeks). This is just part 1, we’re going to be doing additional parts as we add even more features to our infrastructure. We’re sure you may not know of all the features included in our packages so we’re hoping this helps with further insight!

1. Backups, a critical issue is backups – all of our shared and reseller hosting services get backed up once a day and we keep 30 days worth of backups at all times. Ofcourse this doesn’t mean you shouldn’t take your own backups, we always recommend keeping your own backups aswell stored on your local computer or at a popular file hosting service. A lot of users have been asking us over time, what type of backups we keep – we keep a backup of your whole cPanel account including your emails, files and databases and all accounts get backed up unrelated of size or amount of files, all accounts are backed up including the really small accounts and the really huge accounts. The backups are performed to remote servers and are available at any time to us.
2. No inode limits – When we created our packages we created them with one thing in mind, to be able to provide a stable service – none of our packages have any Inode limits – the disk space you have been assigned with is your’s to use up to the last byte and we don’t have any Inode limits nor limits on what you can and can’t store on our servers as long as its legal.
3. LetsEncrypt enabled by default – All of our shared and reseller packages have LetsEncrypt enabled by default, LetsEncrypt SSL certificates are installed automatically within 24 hours after you’ve pointed your site to our nameservers – if you point your site to  our nameservers before you add your domain to our servers you may even get an SSL instantly generated and installed!
4. SSH / SFTP access – All of our packages come by default with SSH & SFTP access enabled, this is a feature recently enabled due to many requests but also as we want to set SFTP as the standard over FTP, SFTP stands for Secure FTP. SFTP is a lot more secure and stable than FTP and works over one specific port instead of FTP that works over thousands of ports which sometimes causes issues with local firewalls and some ISP’s. To connect over SFTP instead of FTP you just need to enter your host as sftp://SERVERIP or sftp://domain.com – this will connect over SFTP so you can benefit additional security and a lot more stable.
5. Two factor authentication – All of our packages come with the ability to enable Two factor Authentication in cPanel, this provides additional security to your cPanel account. Two factor Authentication can be enabled from within your cPanel under Security
6. Ioncube by default – You heard right! Ioncube is enabled by default on all of our shared and hosting packages. Ioncube at the time of writing is available for PHP 5.4, 5.5, 5.6, 7.0. PHP 7.1 does not support Ioncube at this time.
7. Multiple PHP versions – We are proud to include 5 different PHP versions for you to choose from (PHP 5.4, 5.5, 5.6, 7.0 & 7.1). You can change the PHP version of your site directly from within your cPanel under Software > MultiPHP Manager
8. Increased PHP limits by default – Our servers are optimized in such a way that we are able by default to offer increased PHP limits. Our max_execution_time is set to 3600 and our memory_limit is by default set to 512Mb. Most other hosts would require you to perform additional changes, we set these by default on all shared and reseller accounts. Additionally, you can even increase these limits even higher through our easy to use interface available in your cPanel under Software > MultiPHP INI Editor.
9. Sessions – cPanel clears all sessions every 24 minutes, we understand how inconvenient that is – think about working on your site and going to lunch and coming back to continue your work only to find out that you’ve lost your work because the session expired and you’ve been logged out! We deal with this by increasing the validity of sessions to 24 hours instead.
10. Mod Security – Like many other hosts we also use Mod security on our servers however we have it configured in a way that only blocks hack attempts and doesn’t block you from making changes to your site – there are sometimes some false positives though however, we will gladly add an exception for the rule you are hitting. If you don’t particular like Mod security you can also disable it through your cPanel under Security > Mod security. Mod security helps prevent a lot of hacking attempts and since its implementation, we’ve seen an over 80% decrease of hack attacks particularly on WordPress sites.
11. Antivirus enabled by default – We include Clam Antivirus on all cPanel’s, with the Antivirus you can quickly perform a virus scan on your account. We also perform our own malware and virus scans both in realtime mode aswell as every 24 hours.
12. Our client area integrated with cPanel – Probably not as much of an important feature as the ones we’ve described above but our client area is fully integrated into cPanel to allow for quick access to your client area.
13. Softaculous included – All of our packages include Softaculous with hundreds of apps ready to be installed with just a few clicks.
14. Sitebuilder included – Did you know that we also include a simple Sitebuilder with all of our packages? with our Sitebuilder you can easily and quickly design simple sites or landing pages. Our Sitebuilder is available through your cPanel under Domains > Site Publisher
15. CloudLinux – A lot of our competitors use CloudLinux, we don’t use CloudLinux and we’re proud to not use it! CloudLinux artificially limits sites and slows them down causing errors and downtime – we don’t use CloudLinux as our experienced System Administrators monitor servers proactively and reactively and we have no need to artificially slow down sites.
16. PHP-FPM – We like being in front of all our competitors as such all of our servers use PHP-FPM already! this is a relatively new feature however the stability and speed are second to none!
17. Latest cPanel – always! we always use the latest cPanel version available and we keep our servers up to date at all times!
18. Pure SSD – All of our servers run with Pure SSD drives, we don’t use any mechanical drives, Pure SSD drives are the future and we’re happy to be part of the future. Pure SSD allows for better speeds in comparison with mechanical drives.
19. Only 150 sites per server – We’ve constructed our service in such a way that we can have 150 sites per server, we don’t cram thousands of sites on our sites like some of our competitors – we only host up to 150 sites per server which makes sure you experience the best speed and stability possible!

This concludes our first part of our new Feature Spotlight series, we add new features all the time to our services and continue to enhance our servers to continue offering the best hosting services! There’s also probably lots of other features we forgot to include in this post so we’re likely going to be publishing part 2 quite soon.

Order your next shared hosting from Hosixy and experience the Hosixy difference!

I’m sure that this blog post will sound familiar to a lot of you that have experienced this issue and will hopefully help so that the number of cases where people experience this issue is reduced.

A lot of our members sometimes will register a new domain and point the nameservers of the domain to Cloudflare but we may delay adding it to our Cloudflare account or sometimes we may even have it set with our domain registrar that all new domains we register should point automatically to our Cloudflare nameserver set.

A member submitted a ticket recently saying that he registered a number of domains in the last weeks and a few where surprisingly loading sites and they definitely were not his own sites. Over the past year we have received a number of tickets describing the same issue.

In basic what occurs is that users with malicious intentions monitor new domain registrations and they monitor domains that are pointed to Cloudflare but not yet added in any Cloudflare account. (note: anyone can monitor new domain registrations, there are many companies providing this is a service)

When a domain is pointed to a set of Cloudflare nameservers but the the domain is not added in any Cloudflare account it basically means that anyone with a Cloudflare account can add the domain to their own Cloudflare account and Cloudflare will re-point the domain automatically internally to their own set of nameservers.

Users with malicious intent monitor that and they will automatically add them into their own Cloudflare accounts and benefit from free domains without the domain owner necessarily knowing about it since they wouldn’t be notified in any way that this is occurring – not only are these users benefiting from free domains but they could cause a permanent damage to the domain name as these users will 99% of the times host fraudulent sites – most domain registrars monitor this and will suspend the domain, not only this but you could receive a permanent penalty by Google and other search engines since they will see that the site is hosting a fraudulent site which in a SEO point of view its bad.

This same thing can happen with any hosting provider that has their own DNS servers, for example if a domain is pointed to our nameservers but the domain isn’t added in a hosting account – any customer with malicious intentions using our services can add the domain in their account.

How do I know if i’m affected?

That is a good question and a very important one!

Lets assume I purchased a domain mynewdomain.com on November 30th 2016 and I pointed the domain to my set of Cloudflare nameservers:

jack.ns.cloudflare.com
jill.ns.cloudflare.com

So up to now the only action I took was to register the domain and point it to my Cloudflare nameservers, I haven’t added the site on my server yet.

The first way you can understand that something is going wrong is when you try to load this newly registered site and it loads some site that you don’t own and is completely unrelated to you.

In this case my first step would be to go to a DNS checker such as http://leafdns.com – I would type my domain name in the field on that page and click on the “Go” button. It will then load the results of the DNS check we executed

Now have a look at what the parent nameservers and local nameservers sections are reporting, the nameservers in both of those sections should match up so in our case they should both report:

jack.ns.cloudflare.com
jill.ns.cloudflare.com

If the local nameservers section is reporting a different set of nameservers then it means that a user with malicious intentions has added the domain in their own Cloudflare account and is taking advantage of it to host his fraudulent site.

The Resolution

The resolution for this issue is to point the nameservers back to the default DNS of your domain registrar so that it shows their default parking page and wait 2-3 days (usually I personally recommend 7 days) so that Cloudflare detects that the nameservers no longer points to them and automatically removes the domain from the Cloudflare account it was added at and then you would point the domain back to your own Cloudflare nameservers and add it to your Cloudflare account.

I actually usually recommend either pointing the the domain to your set of Cloudflare nameservers and then immediately adding the domain in your Cloudflare account once you are ready to build the site or even better if possible first adding the domain in your Cloudflare account and then pointing the domain to your set of Cloudflare nameservers.

I hope that this has been useful for you! For any questions do feel free to leave a comment and i’ll answer them!