Our Blog

We'll be blogging all things related to Hosting, Domains, Technology, Ireland and the Internet. Keeping you updated with developments here at Wupav. Warning, there may be the occasional rant.

July 18, 2016

20:08
by Admin

Important – Changes to Email, FTP and Database Access (PCI Compliance)

Wupav Hosting are committed to providing the latest software on our web servers for optimum performance and security. Today we emailed all our clients important information on changes to email, FTP and database access. It is essential that clients read the full information and take action.

To comply with PCI (payment card industry) requirements, which are important for hosting clients with e-commerce websites that process credit cards, we are making three significant changes to email access, FTP access and remote MySQL database access.

1) We are disabling plaintext authentication for email access (checking your email without encryption). It’s important all clients take steps to implement SSL/TLS (implicit encryption) or STARTTLS (explicit encryption) as soon as possible. All email access (POP3, IMAP, SMTP) will require an encrypted connection. Your connection to our email server will soon stop working if you do not implement these steps!

2) We are disabling plaintext authentication for FTP access (connecting to File Transfer Protocol without encryption).FTP access is normally used by a webmaster to upload/download files from a hosting account. It’s important your webmaster take steps to implement FTP-SSL (explicit TLS over FTP [FTPES]) as soon as possible. All FTP access will require an encrypted connection.

3) We are restricting incoming MySQL database connections. Access to MySQL port 3306 will only be permitted from remote IP addresses on our access list. Remote IPs must be granted access both in the cPanel hosting control panel and on our server firewall. Please email your requirements to our support team as soon as possible.

These requirements have been best practices for a number of years and many clients will already fulfill them, but they will now become compulsory. If you do not understand the technicalities of these changes, it’s important you discuss them with your IT manager, website developer or email our support helpdesk.

When is it happening?

The changes will take effect on THURSDAY 18 AUGUST 2016. We strongly encourage you to re-configure your email clients much earlier.

Checklist

1) Encrypted email access
We recommend all clients make a list of all email programs (MS Outlook, Thunderbird, Apple Mail etc) and also any email devices (iPhone, iPad, Android etc) and review their email configurations. This is particularly important for business clients who might have an office with lots of desktop computers, laptops and phones that need re-configured. Don’t forget the office scanner or photocopier! (if it sends email).

We have created a guide on how to check MS Outlook, Thunderbird, Apple and iPad/iPhone email applications: http://clients.wupavhosting.ie/knowledgebase/201204251/Plaintext-Authentication-Not-Allowed-when-checking-email.html

Your connection to our email server will soon stop working if you do not implement these steps!

2) Encrypted FTP access
Make sure your IT person or web developer knows about these changes so they can update their FTP client settings to use SSL/TLS. If they use an FTP client like FileZilla, they must make sure “Explicit TLS over FTP” is selected as the encryption type. “Plain FTP” will no longer work.

3) Restricted MySQL access
If you have computer software that requires an incoming connection to our MySQL database, it’s important your IP address has the correct access. Remote IPs must be granted access both in the cPanel hosting control panel and server firewall. It’s important all clients whose websites have remote incoming database connections discuss their requirements with our support team as soon as possible.

We’re gradually rolling out some changes and we’re making sure our web servers have the latest software for both security and ease of use. It’s important to keep your site up to date so please make sure you check your site after the update has been completed at the time above.

As always, any questions, get in touch via support ticket and our team will be happy to assist you.

July 1, 2016

15:11
by Admin

Wupav Hosting Acquired by Spiral Hosting

Wupav Hosting acquired by Spiral Hosting

Spiral Hosting Limited (www.spiralhosting.com), a leading Irish web hosting and domain registration provider today announced it has acquired Wupav Hosting (www.wupavhosting.ie).

Spiral Hosting specialises in cloud web hosting and is one of the largest registrars of Ireland’s .ie domain extension. Established in 2006, Spiral Hosting has offices in Belfast and Dublin. Spiral Hosting has grown into an international business, offering hosting solutions across four continents and selling in five currencies, with 24/7 technical support.

Wupav Hosting was established in 2012 and specialises in providing cPanel web hosting and domain registration services from offices in central Dublin.

Peter Armstrong, director of the Irish HSP explained: “We’re delighted to have acquired Wupav Hosting. We’re seeing persistent growth in the Irish hosting market and we’re confident this will continue. We’ve recently launched an investment of €250k in our hosting infrastructure. Wupav Hosting clients will benefit from new web servers, competitive pricing and friendly personal support available online and now by phone.” (+353 1 657 1821)

May 13, 2016

11:11
by Daniel

April 20, 2016

22:18
by Daniel

Spring Clean your website

Since its Spring, I thought I’d outline some steps to take to ‘spring clean’ your website. A decluttered hosting account will allow us to solve issues much quicker and can help simplify your life as a website administrator. These are just four methods we suggest you take a look at. Depending on your website this could take a matter of minutes to several hours (or longer!)

Check your DNS Settings

Run a check for your website on intodns.com. This checks the DNS configuration and alerts you of any issues with it. Incorrect DNS settings can be a cause of increased loading times, website instability and downtime. We published a blog post about intodns and how to fix the most common issues back in January. If the check displays any issues, have a look at the post to see how to fix the issue. If you are still having issues, contact us and we’ll be happy to help.

Analyse your Website Speed

GTmetrix offers a great free website speed check. The tool will tell you your PageSpeed (Google) and YSlow (Yahoo) score. It will also tell you what you can do t0 improve the loading speed of your website. The most common causes for slow website loading speeds in my experience is loading too much javascript that delays the parsing of the website and not serving scaled photos/images. There was one case where a website had 5 icons for their navigation bar. Each icon was displayed as 12px x 12px on the webpage but was stored as a 1000px x 1000px image. Simply resizing the image made a noticeable difference in loading times. Slow loading websites are a huge turn off to potential customers and can affect your search engine ranking. There is no point having a flashy website if it is slow to load.  Don’t forget we offer a Website Optimisation package to help ensure your website is running as fast as possible.

Ensure all scripts are updated

At the risk of sounding like a broken record, please check to ensure all scripts are updated. WordPress 4.5 was launched last week and we suggest all WordPress users to update to the latest version. It is not just WordPress websites that need to be updated periodically. If you run any script on your websites, please take a couple of minutes to check it is the latest version. If you installed the script via Softaculous, simply log into your cPanel, scroll down to Softaculous and you will see a notification if any scripts need updating. If you see a banner saying There a X Update(s) available, click the link and you will be bought to the page where you can upgrade them.

Script needs update

If you didn’t install the script via Softaculous, you will need to check whether the script needs updating manually. The way this is done depends between scripts. For example, WordPress will advise you when you are logged into the admin panel that an update is available and other scripts offer a similar feature. If you are unsure if your website is running the latest version get in touch and we can help.

Once you have made sure the script is updated, next you should check all plugins/extensions/addons are updated. Again, this varies depending on the script and WordPress will notify you when you log in of any plugins that have an update available. It is just as important to keep plugins updated and it seems to be overlooked more frequently.

Tidy up everything

A general tidy up and declutter of your website can make a huge difference to how quickly issues are resolved. This requires a more in-depth knowledge of how your website works and most website owners who simply installed WordPress through Softaculous can skip this step with the exception of removing unused plugins/scripts. Remove anything that you no longer use. Old WordPress installations, databases, email addresses, ftp accounts and files. There was one customer who had an issue with their WordPress installation only for us to find out there were 10 WordPress installations on their account, all for the same domain name, all using different databases, being redirected by .htaccess rules and redirects. The hardest part was working out which files and databases were being used and which were surplus. A pet peeve of mine is seeing a website full of index.php, index.php.backup, index.php1, index.php.newbackup, index.php.newestbackup, etc. While taking a backup before editing a file is always a good idea. Ideally you should take a full backup and download it to a local machine or if you are doing a small edit, copy the file, do the edits and test. Once the you’re sure the edits worked, delete the copied file.

 

These are just 4 ideas and this is a topic I could write about for hours on end. I’m a strong believer of keeping your hosting account decluttered and updated. Doing so makes troubleshooting a lot easier, both for yourself and us.

April 11, 2016

14:42
by Daniel

Protecting your WordPress website

WordPress powers over 74 million websites worldwide. This phenomenal popularity unfortunately makes it a prime target for hackers and there is a well known brute force attack that has been occurring over the last couple of years. This attack is where networks of computers flood servers with requests to wp-login.php trying combinations of username and passwords. At the peak we were seeing thousands of requests per second. Unfortunately, each request runs an MySQL query and slowly the server grinds to a halt.

There are a few different ways that website owners can secure their WordPress installation which we will outline below. We have also taken the step of protecting all wp-login.php pages. When you first access wp-login.php in a session you will be greeted with a form saying: Authentication Required and a request for the username and password. This username and password has been sent to all Wupav Hosting customers. It is also available from within our Help Desk once you are logged in. Once you have entered in this username and password you will be then redirected to the WordPress login page. It is possible to change the username and password for your account by following the steps listed below under ‘Password Protect WordPress Admin Panel’. We also now temporarily block IP addresses for 6 minutes if they enter in the wrong username and passwords 5 times in a row. If this occurs to your IP address you can either wait the 6 minutes or use our self unblocking tool.

 

Ensure your WordPress installation is updated

While this won’t necessarily help with the brute force attack we strongly recommend customers keep all scripts such as WordPress, Joomla, Magento updated to the latest version. Doing so ensures you are running the safest version. As part of our AUP customers agreed to keeping their websites updated. We reserve the right to suspend accounts running out of date scripts if we feel it compromises the security of the server.

Password Protect WordPress Admin Panel

All WordPress admin panels hosted on Wupav Hosting shared servers are now password protected by default by a generic username and password that is shared amongst all our customers. It is possible to change this username and password for your account to increase security. This is completed by editing an .htaccess file and adding a .htpasswd file. You can find instructions on how to do this in our Help Desk Article.

Limit Access to WordPress Admin Panel by IP

Another method to secure the wp-login page is to limit access by IP address. This is a great method however it does have its downsides. Most internet providers offer dynamic IP addresses. This means each time you use your internet connection you may be using a different IP address. In this instance, limiting access to your WordPress panel by IP isn’t ideal as each time your IP address changes, you will need to edit the settings. However, if you have a static IP address from your internet provider I’d strongly recommend implementing this. You can find instructions on how to do this in our Help Desk Article.

 

February 29, 2016

19:53
by Daniel

Protect your identity with ID Protect!

When you register a domain name you are required to enter in a name, address, email and phone for the person registering the domain. The information required depends on the TLD (or ending) of the domain name. com domains require the information listed above while ie domains require you to prove your eligibility for the domain name and supply supporting documentation. There are also differences in what information is made publicly available between the TLDs.  Each registry has a WHOIS which is publicly available and returns the information regarding a domain name.

The ie WHOIS returns just the name and nic-handle for the registrant and admin contact of the domain name. The com WHOIS displays the name, address, email and phone of the registrant. It is required by ICANN that all domain names have valid information for WHOIS search.

You can protect your identity and personal information from spammers and data-miners by purchasing ID Protect. ID Protect costs €8 per year and is available for the following TLDS: .com, .net, .org, .info, .biz, .biz, .pro, .cc, .me, .asia, .cm

Without ID protect your name, address, email and phone are available to be harvested by spammers. With ID Protect your details will look similar to:

Whois Privacy Protection Service
Whois Agent
PMB 368, 14150 NE 20th St. – F1
C/O johnsmithprod.com
Bellevue, WA 98007
United States
(425) 274-0657
gmvjcxkxh@whoisprivacyprotect.com

ID Protect can be purchased when you first register the domain name. Alternatively, you can add ID Protect to existing domain names by following the steps below:

  1. Log into your Wupav Hosting Client Area
  2. Select ‘Domains’ -> ‘My Domains’
  3. Select the domain you wish to add ID Protect to
  4. On the left hand side under ‘Manage’ select ‘Addons’
  5. Select ‘Buy now for €8’ under ID Protect and continue the checkout process

Why not buy ID Protect today and protect your personal information!

February 4, 2016

23:29
by Daniel

Easy Script Installation with Softaculous

We often get asked whether our hosting plans support WordPress. The answer is yes, all our hosting plans including shared hosting support WordPress without issues. In fact, we estimate over 60% off our shared hosting plans run a WordPress site!

To install WordPress, you must download the ZIP from WordPress.org, then upload it to our servers, unzip the files, create a database & user and finally follow the WordPress installation guide at {yourdomain}.  This can take around 15 – 20 minutes to complete. However, there is a better way. All our servers run softaculous. Softaculous automates the installation process and allows you to install hundreds of scripts, including WordPress easily. We have created a help desk article about installing WordPress with softaculous.

It’s not just WordPress that Softaculous allows you to install easily. There are over 380 scripts split into 24 categories that can be installed without having to download files, create databases and uploading the files to our server. Allowing you to spend more time using the scripts and less time installing them.

Another great feature of Softaculous is that it can auto-upgrade scripts. Once a new version of the script such as WordPress is released, your website will be upgraded automatically. This saves time & effort and ensure the site is always running the latest and greatest version.

No matter what time of website you are looking to set up, the chances are Softaculous has a script that can help. Setting up a new blog? Why not try WordPress, OpenBlog or Ghost? Want to launch a new forum? phpBB, Vanilla and SMF can all help. Creating the new Wikipedia? PMWiki, WikkaWiki could be for you. Looking to take on the might of eBay, u-Action and WeBid allows you to launch a auction site easily. Hoping to run surveys and polls to get customer feedback? Why not try Advanced Poll, LimeSurvey or Easy Poll? All installed within minutes free of charge. It is amazing the range of free, easy to use software that is out there to be used. Why not take a look around Softaculous, it is located under the Software section of your cPanel account. Who knows which script might inspire you!

 

January 30, 2016

23:58
by Daniel

Four types of websites that need an SSL Cert

SSL or Secured Socket Layer is the standard of establishing a secured encrypted connection between the web server and browser. To use this standard with your website you are required to have an SSL certificate installed on your site. Wupav sells a range of SSL certs from the basic RapidSSL costing €17.50 per year to Symantec Secure at €475 per year. When you have an SSL installed on the site, the data is encrypted before being transferred to the visitor’s browser where it is then decrypted and vice versa.  This quick blog post aims to outline some of the most common types of websites that need to have an SSL installed.

eCommerce Sites

Starting off with the most obvious type of site that should always have an SSL installed – ecommerce sites. Customers expect to see the padlock when making a purchase online and many will not complete a transaction if it is absent. We often hear “I don’t need an SSL cert as I use PayPal for payment” – even though the customer is redirected to PayPal to enter in their credit card details often they will enter their name, address, phone and other personal information on your site before being transferred over to PayPal to enter their credit card information. If you are serious about your customers security, you need to install an SSL cert – doing so will increase customer trust and in turn increase sales.

Forums

One of the things the internet has allowed us to do is communicate and discuss with people locate on the far side of the planet and a great way to do this is through internet forums. Whether it is a small niche forum or a mainstream popular forum like boards.ie, to create a thread or post a reply, the user must log in. This normally involves entering in either a username or email and password. Without an SSL cert installed this information could be intercepted and read by a third party. While you could argue if someones password for a niche forum site was hacked it’s not the end of the world, many users use the same password among different websites. I’m sure the user won’t be pleased to hear their password and email was intercepted as the website owner didn’t want to spend €17.50 a year to secure the traffic!

WordPress/Joomla Sites

Recent reports show that WordPress powers 25% off all websites and Joomla powers a further 2.8%. With the hundreds of add-ons available to both it is possible to run almost any type of website on the base frameworks. The most basic blogs hosted on WordPress, with the comments functionality turned off, might have no user interaction. Surely this type of site doesn’t need an SSL cert? It is easy to overlook the admin panel. Every time an admin goes to edit the page they enter in their username and password. I would guess at least 50% of WordPress users use their WordPress admin password on at least one other website – while I have no statistics to back this claim up, I am pretty confident in it. Should a third party intercept traffic going to your WordPress admin panel they may all of a sudden have access to your email, FaceBook and PayPal accounts.

Contact Us Forms

A lot of businesses websites might be informational only. They will display recent news, an about us page and other information pages with no interactive features such as log in page or comments functionality. The only page that does involve interaction is the contact us page. A small form collecting name, email address and the message to be sent to the website owner. Some would argue that this page doesn’t really need an SSL cert unless maybe the message would be private for example a doctor’s contact us page. I would argue that it should be encrypted. Customers will not appreciate if their email addresses are intercepted and harvested for spamming. For the sake of €17.50 per year it will increase customer trust and reduce the risk of visitor’s data being intercepted.

 

There is one basic rule that we recommend website owners follow: if you collect any information from customers or enter in any password on the site the site should have an SSL installed.

After reading this you might be wondering why all traffic isn’t encrypted and sent over https. The reason is that encryption is resource intensive and it slows down loading speeds. Data must be encrypted, transferred then decrypted on the other side. While this small reduction in performance is a more than acceptable trade-off for securing personal information, encrypting pages with no personal information would be overkill.

We are offering 10% off all SSL certs until the 1st February by entering the code secure during check. Purchase your SSL today.

January 27, 2016

1:03
by Daniel

New commission rates for Wupav Affiliates!

We have changed the earning rate for Wupav Affiliates. Previously, all referred sales received 10% commission, however, now the this rate varies depending on the product. You will still continue to earn commission for renewals -for example referring a customer who pays for their hosting monthly, you will receive a monthly commission for as long as they remain a Wupav Customer.

Our affiliate program is a great way to earn extra money. There are plenty of ways to refer customers.  Whether its a small link on your websites footer, a blog post, email signature or banner advertising, the options are limitless. Referring a customer who signs up to a platinum shared hosting account and pays annually generates €25 commission for each year!

We pay out commission earnings by either Bank Transfer, PayPal or Wupav Credit to be used towards any service sold on Wupav Hosting.

The rate of commission varies depending on the product.

Shared Hosting
Bronze – 20%
Silver – 20%
Gold – 25%
Platinum – 25%

Reseller Hosting
All reseller accounts – 15%

VPS
All VPS accounts – 10%

Dedicated Servers
All dedicated servers – 5%

Domain Names
All domain names – 5%

SSL Certificates
All SSL certificates – 10%

January 19, 2016

23:18
by Daniel

JetServer BackUpManager is here!

You may have noticed a new section which appeared in your cPanel accounts over the week called JetServer BackUpManager. We have decided to move from the built in cPanel backup system to JetServer as it is a more powerful system that is less server intensive. It allows us to store backups for longer and reduces server load massively.

JetServer uses incremental backup techniques. The first backup is a full backup and thus takes a long time to complete. After this, each backup is an incremental backup. Only the difference between the two days are saved and hard linked. So instead of every day a full backup of each cPanel account being made and transferred to storage only the changed files are noted and transferred.

Daily backup is enabled for all cPanel shared hosting accounts. Backups are taken at off-peak times between 1am-4am and are stored for 14 days. The backups include all files, databases, emails, SSL certs, crons and DNS zones. You can view available backups for your account by logging into your cPanel and under JetServer BackUpManager select the type of backup you are interested in.

Restoring Files
Have you overwritten a file and need to revert back to an older version? To do this, you can log into your cPanel account and under JetServer BackUpManager select “File Backups”. This will then display a list of days where backups are available. Select the most recent date when you know the file was working and browse to the correct directory. Check the checkbox beside the filename you wish to restore and select “Restore Select Files”. It’s that easy!

We will be updating our Help Desk in the coming weeks with more entries on how to use the new backup systems. At the moment only 3 days of backups are available but this will change to 14 in the next 2 weeks. We hope you find it useful!