There are times for security reasons when you might want to limit access to a specific file or directory by using a login and password. One reason to do this would be to protect your WordPress installation, by limiting access to the wp-login.php script. Adding the following to your webpage root .htaccess file will require login access to the wp-login script:
<FilesMatch "wp-login.php"> AuthType Basic AuthName "Secure Area" AuthUserFile "/home/example/.htpasswds/webpage/wp-admin/.htpasswd" require valid-user </FilesMatch>
Additionally you can protect all files within a specific directory by putting the .htaccess file in the directory (for example /wp-admin/ directory in the case of WordPress) you want to password protect with the following:
AuthType Basic AuthName "Secure Area" AuthUserFile "/home/example/.htpasswds/webpage/wp-admin/.htpasswd" require valid-user
You just put the above information into a “.htaccess” file and upload to your location of choice. To create the “.htpasswd” file with users and passwords, please use the following online utility: http://www.htaccesstools.com/htpasswd-generator/
(No Ratings Yet)
Loading...
There are times for security reasons when you might want to limit access to a specific file or directory by IP address. One reason to do this would be to protect your WordPress installation, by limiting access to the wp-login.php script. Adding the following to your webpage root .htaccess file and it will limit access to the wp-login script to a single IP address:
(ensuring you replace 100.100.100.101 with your own IP address)
<FilesMatch "^wp-login.php$"> Order Deny,Allow Allow from 100.100.100.101 Deny from all </FilesMatch>
Or to protect the administrator login page for Joomla instead of WordPress add:
<FilesMatch "^administrator/index.php$"> Order Deny,Allow Allow from 100.100.100.101 Deny from all </FilesMatch>
Additionally you can protect all files within a specific directory by putting the .htaccess file in the directory (for example /wp-admin/ directory in the case of WordPress) you want to protect with the following:
Order Deny,Allow Deny from all Allow from 100.100.100.100
100.100.100.101, 100.100.100.102
You can also accomplish the above by using rewrite rules inside the .htaccess file, for example:
Single IP address access
To allow access from a single IP address, replace 123\.123\.123\.123 with your own IP address:
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteRule ^(.*)$ - [R=403,L]Multiple IP address access
To allow access from multiple IP addresses, replace 123\.123\.123\.xxx with your own IP addresses:
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.121$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.122$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteRule ^(.*)$ - [R=403,L]If your IP address changes, or you have a very large amount of possible IPs you’re connecting from, you can protect your WordPress site by only allowing login requests coming directly from your domain name. Simply replace example\.com with your own domain name
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com[NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [F]
(No Ratings Yet)Loading...
What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. After that, check out the online manual. Our servers at Imageway have been heavily optimized to run PHP as quickly as possible.
We suggest before publishing your PHP website to our servers you create a local test environment where you can test your PHP website first. If you have a Windows desktop, then we suggest you use WampServer (https://www.wampserver.com/en/) or XAMPP (http://www.apachefriends.org). This software is a Windows PHP web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database. Alongside, PhpMyAdmin allows you to manage easily your databases. WampServer allows you to test your PHP project against various versions of PHP and MySQL very easily. If you are using Linux, Unix, or MAC X then we suggest you use XAMPP (http://www.apachefriends.org) for your PHP test environment.
If you install “WampServer” or “XAMPP” on Windows or Mac OS X, be sure to edit the MySQL database “my.ini” configuration file, and add (or change) this line:
lower_case_table_names=2
Once you edit the “my.ini” be sure to restart WampServer or XAMPP. This needs to be set before you create any databases for a project. The reason you need this set on Windows or Mac OS X is because we run Linux/Unix servers which are case-sensitive. We have our servers set to “lower_case_table_names=0”, which means MySQL will operate and create things in a case-sensitive way. Windows or Mac OS X (by default) is not case-sensitive, and you could run into issues when you convert projects created on Windows PHP/MySQL to PHP/Linux/Unix MySQL. The way to avoid this is to set “lower_case_table_names=2” on your test server. For more information please see: http://dev.mysql.com/doc/refman/5.5/en/identifier-case-sensitivity.html.
For writing your PHP code we suggest you use Netbeans (http://netbeans.org/), which is available for multiple operating systems. Netbeans is a complete IDE (integrated development environment) that allows you quickly and easily develop desktop, mobile, and web applications in various languages. For more information about NetBeans features for PHP check out: http://netbeans.org/features/php/index.html.
A software framework is a universal, reusable software platform to develop software applications, products and solutions. There are several PHP frameworks, but the one we suggest is CodeIgniter (https://ellislab.com/codeigniter). We suggest this framework because it is a simple framework to use, and has a small footprint (less overhead to slow down your program). The larger fuller frameworks can be slower because of the additional overhead (with the exception of the C based framework Phalcon).
If you want a software versioning and revision control system, then we currently offer “Subversion”. Subversion can be setup on your existing Imageway hosting account by contacting us. We will setup the server software for you, so you will have the ability to connect and access your own running Subversion server. If you have a Windows desktop, then we suggest using TortoiseSVN (http://tortoisesvn.tigris.org/) to interact with the subversion server. If you want a good paid solution that works with multiple operating systems, then we suggest looking at SmartSVN (http://www.smartsvn.com/). In addition, Adobe Dreamweaver has built in Subversion support. For more information about using subversion with Dreamweaver, check out: http://helpx.adobe.com/dreamweaver/kb/subversion-resources-dreamweaver-cs4-cs5.html.
Lastly, do not forget to program using good PHP security practices. A good website to start with is HERE.
All of the above will help you get started with creating PHP applications. Our servers have been heavily optimized for PHP and MySQL through various methods. So once your application has been developed and tested locally, you can upload all the data to our servers so it will be available on the Internet for everyone to use.
(No Ratings Yet)Loading...
Magento is a very popular eCommerce application. It offers a great deal of customization and abilities from initial install. Here are a few suggestions for optimizing a Magento installation.
In your .htaccess file for Magento you will find a section of text starting with the line, <IfModule mod_deflate.c> and ending at </IfModule>
This section of code can be used to turn on Apache’s mod_deflate module, which provides compression for text, css, and javascript. You will want to uncomment (remove the # symbol) multiple lines so that it looks like this:
<IfModule mod_deflate.c># Insert filter on all content
SetOutputFilter DEFLATE
# Insert filter on selected content types only
AddOutputFilterByType DEFLATE text/html text/plain text/xml
text/css text/javascript
# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don’t compress images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
Note: Some of the lines were word-wrapped by the web browser. You may want to copy and paste to make sure everything is on the correct lines.
First-time visitors to your page have to make several HTTP requests. By using the “Expires” header you make the components of the requests cacheable. This avoids unnecessary HTTP requests on subsequent page views.
You want to find the area of the .htaccess file that starts with <IfModule mod_expires.c> and ends with the first </IfModule> you see after it, and make it look like this:
<IfModule mod_expires.c>ExpiresActive On
ExpiresDefault “access plus 1 year”
</IfModule>
Note: Some of the lines were word-wrapped by the web browser. You may want to copy and paste to make sure everything is on the correct lines.
This particular tweak will reduce the number of HTTP requests on your eCommerce site. If you are using a Magento version prior to 1.4.x, the free extension Fooman_Speedster can be used, if you are running a later version of Magento follow this:
The model Magento uses to store customer and product data results in longer than average SQL queries and more reads. Enabling the Flat Catalog option for Categories and Products will merge product data into one table, therefore improving performance.
One of the main issues with Magento sites running slowly, is a database that has become large and difficult to use for sending/retrieving data from.
Here are a few tips for reducing the size of your Magento database.
NOTE: Please be sure to backup your database before performing any of the following changes.
There are several tables used by Magento for logging. While logging is very important regarding knowing what has and is going on with your store, the logs can become large very quickly, so regularly maintenance can be of great assistance.
Here are the tables for logging:
log_customer
log_visitor
log_visitor_info
log_url
log_url_info
log_quote
report_viewed_product_index
report_compared_product_index
report_event
catalog_compare_item
Magento provides a shell utility that can be configured using Cron or run manually to clean the database logs.
Manually
Log into your account via SSH and cd to the Magento root directory then type:
php -f shell/log.php clean
You can use the -days switch to specify how many days back to save
Cron
This is an example only:
php -f /home/path/to/magento/shell/log.php
Note: The above line is on one line and may have been word-wrapped by the web browser. You may want to copy and paste to make sure everything is on one line.
Using phpMyAdmin offers more flexibility and efficiency when working with databases.
log_customer
log_quote
log_summary
log_summary_type
log_url
log_url_info
log_visitor
log_visitor_info
log_visitor_online
You will want to perform this database log cleaning on a regular basis. Utilizing the cron job option will ensure it is done without the need to perform any manual tasks. You will want to be sure you have properly setup this cron.
(No Ratings Yet)Loading...
You can manage your databases by utilizing our web based online database tool at: https://database.imageway.com
(No Ratings Yet)Loading...
Yes, you can block visitors per their IP address or redirect them based on their country. Countries will have a specific IP address range (or country code), and you can use that information to block or redirect all or some of their traffic. There are more than one way to do this:
The preferred and fastest method for checking against the country the visitor is coming from is to use GeoIP if your web server supports it. The Imageway web server does support the use of GeoIP. Here are some example scenarios that can be added to your .htaccess file:
# Redirect one country RewriteEngine on RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CA$ RewriteRule ^(.*)$ http://www.canada.com$1 [L] # Redirect multiple countries to a single page RewriteEngine on RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CA|US|MX)$ RewriteRule ^(.*)$ http://www.northamerica.com$1 [L] # Redirect multiple countries to a single page if they don’t match RewriteEngine on RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(CA|US|MX)$ RewriteRule ^(.*)$ http://www.website.com/not-allowed [L] |
Visit https://dev.maxmind.com/geoip/legacy/codes/iso3166/ for a listing of country codes.
Searching the internet, we found a unique solution for blocking countries and regions via IP addresses with some PHP coding.
Visit http://timtrott.co.uk/block-website-access-country for more details about this method, including example code.
Another way to do it is to block IP ranges in the .htaccess file for your site.
For a current list of IP addresses by country, please visit http://www.countryipblocks.net/
On the resulting page, click the “.htaccess deny” link for the desired country. This is the exact code you should paste in your .htaccess file. Usually the .htaccess can be put in your top level webpage/ folder so it can protect all your subdirectory paths.
This method is not the preferred method for countries with large IP ranges since if your .htaccess file is very large and takes too long for our web server to load, then it will be skipped. The preferred method would be to use the GeoIP example above since it keeps the .htaccess very small, and uses a internal memory database for lookup.
To block multiple IP addresses, list them one per line by editing your .htaccess file, for example:
|
You can also block an entire IP block/range. Here we will not specify the last octet in the .htaccess file.
|
This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range.
Instead of using numeric addresses, domain names (and subdomain names) can be used to ban users.
|
It bans users with a remote hostname ending in isp_name.com. This would stop all users connected to the internet via isp_name.com from viewing your site.
If you only want to allow certain IPs to connect to your website, you can set an option for deny from all, which will deny everyone.
This must be done by coding your .htaccess file as follows:
deny from all
allow from 70.24.291.52
allow from 216.130.49.223 #my houseUsing .htaccess to block an entire range or name is likely to lock out innocent users. Use with caution.
(2 votes, average: 5.00 out of 5)Loading...Joomla is a popular CMS that is highly extensible and customizable. Here are some steps to optimize your Joomla installation, and reduce the CPU consumption of this script.
These steps are not guaranteed fixes to bring a site to normal CPU consumption, but they will drastically reduce the amount of CPU consumed by a Joomla installation. If there are any questions about this, please don’t hesitate to contact support.
(No Ratings Yet)Loading...
What is mod_rewrite? Mod Rewrite allows you to change the URL that everyone sees when they visit your domain or a specific address. Just add the code to your .htaccess file (typically the one inside webpage/).
Please remember we do not offer support to code this, nor do we promise to make your code work. Some of these codes work in combination, and some do not.
EXAMPLES
Guides to dot-htaccess coding:
javascriptkit.com
apache.org
modrewrite.com
Great resource for mod rewrite lessons.
Great resource for mod rewrite examples.
(No Ratings Yet)Loading...
When a search engine crawls (visits) your website, the first thing it looks for is your robots.txt file. This file tells search engines what they should and should not index (save and make available as search results to the public). It also may indicate the location of your XML sitemap. The search engine then sends its “bot” or “robot” or “spider” to crawl your site as directed in the robots.txt file (or not send it, if you said they could not).
Google’s bot is called Googlebot, and Microsoft Bing’s bot is called Bingbot. Many other search engines, like Excite, Lycos, Alexa and Ask Jeeves also have their own bots. Most bots are from search engines, although sometimes other sites send out bots for various reasons. For example, some sites may ask you to put code on your website to verify you own that website, and then they send a bot to see if you put the code on your site.
Read Google’s official stance on the robots.txt file.
The robots.txt file belongs in your document root folder. The document root folder name we use for our hosting is “webpage/”.
You can simply create a blank file and name it robots.txt. This will reduce site errors and allow all search engines to rank anything they want.
If you want to stop bots from visiting you site and stop search engines from ranking you, use this code:
#Code to not allow any search engines!
User-agent: *
Disallow: /You can also prevent robots from crawling parts of your site, while allowing them to crawl other sections. The following example would request search engines and robots not to crawl the cgi-bin folder, the tmp folder, and the junk folder and everything in those folders on your website.
# Blocks robots from specific folders / directories
User-agent: *
Disallow: /cgi-bin/
Disallow: /tmp/
Disallow: /junk/
In the above example, http://www.yoursitesdomain.com/junk/index.html would be one of the URLs blocked, but http://www.yoursitesdomain.com/index.html and http://www.yoursitesdomain.com/someotherfolder/ would be crawlable.
View more robots.txt codes here.
Read about changing Google’s crawl rate.
(No Ratings Yet)Loading...
WordPress is currently one of the most popular blogging/CMS applications. Here are some ideas for optimizing WordPress and reducing the CPU consumption of this PHP script.
These changes are not guaranteed fixes, but do provide a starting ground for correcting high load issues on WordPress sites. If there are any questions about this, don’t hesitate to contact support.
(No Ratings Yet)Loading...All rights reserved. Copyright © 2000-2024 Imageway, LLC.
