Webhosting Blog by Webhost.UK.Net

Setup WordPress Security Plugin Wordfence

How to Install and setup the Wordfence Security plugin in WordPress.

First thing you need to do is install and activate the Wordfence Security plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Setting up the Wordfence Security plugin is very simple, but there are a few areas you really wanna make sure are running, like the Firewall.

Click on Wordfence on the left-hand admin panel and select the Dashboard option. This will pull up the main settings page of the plugin. All of the information you need to see is on this page including the last scan, malware blocked, IP addresses blocked, etc.

The most important part of this security plugin is the Firewall. It will prevent most malicious activity on your website. This is a PHP based application level firewall.

The Wordfence firewall offers two levels of protection. The basic level which is enabled by default allows the Wordfence firewall to run as a WordPress plugin.

This means, that the firewall will load with rest of your WordPress plugins. This can protect you from several threats, but it will miss out on threats that are designed to trigger before WordPress themes and plugins are loaded.

The second level of protection is called extended protection. It allows Wordfence to run before WordPress core, plugins, and themes. This offers a much better protection against more advanced security threats. Click on the Firewall option to access its settings page.

Click on the Optimize the Wordfence Firewall button. It will run a test to determine the best setting to use. You may pick your own setting, but I would recommend following Wordfence’s recommendation.

You may pick your own setting, but I would recommend following Wordfence’s recommendation. Click on the Continue button once you have made your selection.

Click on the Download .htaccess button. This will allow Wordfence to run before your core WordPress files. This adds an extra layer of protection because a firewall cannot protect these files making them vulnerable to hackers. Click on the Continue button once you have the file downloaded.

You will also notice a Learning Mode button. When you first install Wordfence, it attempts to learn how you and your users interact with the website to make sure that it doesn’t block legitimate visitors. After a week it will automatically switch to Enabled and Protecting mode.

To scan your website at any time, click on the Scan option.

Click on the Start a Wordfence Scan button. The free version comes with a default automatic 24-hour scan. If you upgrade to the premium version you can set your own schedule and much more. Once the scan is complete you will see a full list of problems it has found.

The scan will look for changes in file sizes in the official WordPress core and plugin files.

It will also look inside the files to check for suspicious code, backdoors, malicious URLs, and known patterns of infections.

Typically these scans need a lot of server resources to run. Wordfence does an excellent job of running the scans as efficiently as possible. The time it takes to complete a scan will depend on how much data you have, and the server resources available.

You will be able to see the progress of the scan in the yellow boxes on the scan page. Most of this information will be technical. However, you don’t need to worry about the technical stuff.

Once the scan is finished, Wordfence will show you the results.

It will notify you if it found any suspicious code, infections, malware, or corrupted files on your website. It will also recommend actions you can take to fix those issues.

There are many other sections to be aware of. You can view the live traffic feed by clicking on the Live Traffic option. Wordfence Live Traffic shows you what is happening on your site in real-time, including user logins, hack attempts, and requests that were blocked by the Wordfence Firewall. You can choose to log security-related traffic only or all traffic.

Traffic is logged directly on the server, which means it includes visits that don’t execute JavaScript. Google and other JavaScript-based analytics packages typically only show visits from browsers that are operated by a human, while Live Traffic can show visits from crawlers like Google and Bing.

Here you can see the list of IPs requesting different pages on your website.

This will show you how well Wordfence is defending your website. The Blocking option will allow you to see who is being blocked and allow you to manually enter an IP address to be blocked.

If you have the premium version you can also block entire countries from accessing your website. Explore these sections to see everything they offer.

Click on the Options option. This will allow you to tweak the Advanced settings that can be found by scrolling down the page.

These settings are all up to you, but should all be considered when setting this plugin up.

Congratulations, you have successfully installed and set up the Wordfence Security plugin. You can change your settings and scan your website at any time. Remember there are many features that are exclusive to the premium version of Wordfence and you can upgrade at any time, but the free version will be able to guard your website without any issues.

Install Wordfence Plugin

Installing Wordfence is Both Quick and Simple

With little more than the click of a few buttons, you will have Wordfence up, running and proactively securing your WP site. Once Wordfence is active, it will begin your first security scan and cleanup. You will be able to quash any current threats and begin to prevent future site breaches, too.

Get started with Enterprise-Class Security now, You can install Wordfence with these four best-practice steps:

Sign into your own WordPress website. You’ll usually go to something like www.example.com/wp-admin/ and sign-in

2. Replace example.com with
your own website’s URL

3. Now that you’re signed in and ready to administer your own site, go to Plugins, Add New and do a search for ‘wordfence’ without quotes

5. Click the “Install Now” link and
Wordfence will be installed

When you decide to upgrade to the best WordPress Security
out there, simply upgrade to Wordfence Premium.

Install and Configure Django on a Linux Shared Hosting

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.

Ridiculously fast – Django was designed to help developers take applications from concept to completion as quickly as possible.
Fully loaded – Django includes dozens of extras you can use to handle common Web development tasks. Django takes care of user authentication, content administration, site maps, RSS feeds, and many more tasks — right out of the box.
Reassuringly secure – Django takes security seriously and helps developers avoid many common security mistakes, such as SQL injection, cross-site scripting, cross-site request forgery and clickjacking. Its user authentication system provides a secure way to manage user accounts and passwords.
Exceedingly scalable – Some of the busiest sites on the planet use Django’s ability to quickly and flexibly scale to meet the heaviest traffic demands.
Incredibly versatile – Companies, organizations and governments have used Django to build all sorts of things — from content management systems to social networks to scientific computing platforms.

You will have a functioning Django site on your account that:

Loads a static homepage for the domain.
Loads the Django administration interface.
Uses a SQLite database.

Create A Python Application In cPanel

The Setup Python App feature allows you to deploy Python applications on your cPanel while running the Apache web server.

You can check the functionality by visiting the cPanel, Setup Python App.

On the next page, you will be able to Create Application and check existing Web applications.

After clicking Create Application you will be presented with the app creation menu:

If you wish to create a new Python application, you must specify the Python version, fill in the Application root, and the Application URL. Then click Create.

Optionally, you can also set up Application startup file, Application Entry point and Passenger log file.

As soon as the environment is set, you can upload your application files to the application root directory.

When the application is created, you will be able to see the next page:

At the very start, you have the command necessary to enter your virtual environment. This is useful when you need to manually execute some commands either via SSH or with the terminal menu in cPanel.

To be able to do this, you need to enable Shell access as in this guide.

How to Configure the Django project

1) Login to cPanel.

2) You can see the option Terminal under the “ADVANCED” menu. Click the option to open the terminal.

3) If you are accessing the terminal for the first time, a screen will appear with a warning message. Please click on the button proceed.

4) This interface provides command line access to your account on the server. You can now manage the account using CLI

5) Use the command you noted in the above step to activate the virtual environment. For example:

# source /home/username/virtualenv/myapp/3.6/bin/activate

You need to replace username with your cPanel username

The command prompt now starts with (myapp:3.6) to indicate that you are working in the myapp virtual environment with Python 3.6. All of the following commands in this article assume that you are working in the Python virtual environment.

6) Type the below command to install Django:

# cd ~pip

# install django==2.1.8

You can verify the version of Django installed, with the following command:

# django-admin --version

7) Type the below command for creating a Django project:

# django-admin startproject myapp ~/myapp

8) To create directories for the static project files, type the following commands:

# mkdir -p ~/myapp/templates/static_pages 
# mkdir ~/myapp/static_files 
# mkdir ~/myapp/static_media

a. Find the ALLOWED_HOSTS line and then modify it as below. Replace example.com with your own domain name:

ALLOWED_HOSTS = [‘example.com’]

b. Find the TEMPLATES block, and then modify it as below:

TEMPLATES = [
{
‘BACKEND’: ‘django.template.backends.django.DjangoTemplates’,
‘DIRS’: [os.path.join(BASE_DIR,’templates’)],
‘APP_DIRS’: True,
‘OPTIONS’: {
‘context_processors’: [
‘django.template.context_processors.debug’,
‘django.template.context_processors.request’,
‘django.contrib.auth.context_processors.auth’,
‘django.contrib.messages.context_processors.messages’,
],
},
},
]

c. Locate the STATIC_URL line, and then add the below lines beneath it:

MEDIA_URL = ‘/media/’
MEDIA_ROOT = os.path.join(BASE_DIR, “static_media”)

STATIC_URL = ‘/static/’
STATIC_ROOT = os.path.join(BASE_DIR, ‘static_files’)

9) Open the ~/myapp/myapp/urls.py file using the text editor. Delete the existing text and copy the below text into the file:

from django.contrib import admin
from django.urls import path, include
from django.conf import settings
from django.conf.urls.static import static
from django.conf.urls import url
from django.views.generic.base import TemplateView

urlpatterns = [
path(‘admin/’, admin.site.urls),
url(r’^$’, TemplateView.as_view(template_name=’static_pages/index.html’), name=’home’),
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

10) Open the ~/myapp/passenger_wsgi.py file and do the following changes. Replace username with your own account username:

import myapp.wsgi
SCRIPT_NAME = '/home/username/myapp'

class PassengerPathInfoFix(object):
    """
    Sets PATH_INFO from REQUEST_URI because Passenger doesn't provide it.
    """
    def __init__(self, app):
        self.app = app

    def __call__(self, environ, start_response):
        from urllib.parse import unquote
        environ['SCRIPT_NAME'] = SCRIPT_NAME

        request_uri = unquote(environ['REQUEST_URI'])
        script_name = unquote(environ.get('SCRIPT_NAME', ''))
        offset = request_uri.startswith(script_name) and len(environ['SCRIPT_NAME']) or 0
        environ['PATH_INFO'] = request_uri[offset:].split('?', 1)[0]
        return self.app(environ, start_response)

application = myapp.wsgi.application
application = PassengerPathInfoFix(application)

11) Use a text editor to create a basic index.html file in the ~/myapp/templates/static_pages directory.

The file can be as simple as a text file that says Hello world.

12) Type the following command:

# python ~/myapp/manage.py migrate

13) Create and set up the superuser account:

For this, type the below command:

# python ~/myapp/manage.py createsuperuser

Type the administrator username at the Username prompt and then press Enter.
Type the administrator e-mail address at the Email address prompt and then press Enter.
Type the administrator password at the Password prompt and then press Enter.

14) To collect the static files, type the below commands:

# python ~/myapp/manage.py collectstatic

In case you are asked for overwriting existing files, type yes and then press Enter.

15) Restart the Python application in cPanel:

Log in to cPanel.
Click Setup Python App in the SOFTWARE section of the cPanel home screen.
Locate the correct application under the Existing applications and then click Restart.

16) Test the Django site:

Go to http://www.example.com, where example.com represents your domain name. The index.html file should load.
Go to http://www.example.com/admin, where example.com represents your domain name. The Django administration login page should be displayed. Use the superuser credentials that you created earlier to log in.

If there a problem for the website to appear in your browser, run the passenger_wsgi.py file manually. For this, type the below command:

# python ~/myapp/passenger_wsgi.py

When you run this file, you should get any text output to the console. In case there are any errors, check the syntax in the configuration files.

That’s all! Now, you can easily install and configure Django on a Linux shared hosting account.

Setup Python App

The Setup Python App feature allows you to deploy Python applications on your cPanel while running the Apache web server.

You can check the functionality by visiting the cPanel, Setup Python App.

On the next page, you will be able to Create Application and check existing Web applications.

After clicking Create Application you will be presented with the app creation menu:

If you wish to create a new Python application, you must specify the Python version, fill in the Application root, and the Application URL. Then click Create.

Optionally, you can also set up Application startup file, Application Entry point and Passenger log file.

As soon as the environment is set, you can upload your application files to the application root directory.

When the application is created, you will be able to see the next page:

At the very start, you have the command necessary to enter your virtual environment. This is useful when you need to manually execute some commands either via SSH or with the terminal menu in cPanel.

To be able to do this, you need to enable Shell access as in this guide.

You can change options like Python version, Application root, Application URL, Application startup file, Application Entry point and Passenger log file here.
After changing such options, please make sure to click the Save button on the upper right.

The Python versions available are 2.7 and 3.3, 3.4, 3.5, 3.6 and 3.7.

PLEASE NOTE: Python version switch can take up to 5 minutes.

The Application startup file is to specify the Python WSGI application entry point. It must be specified as a filename.
Application Entry point is there to set up a WSGI callable object for the previously specified startup file.

With the help of the Configuration files field you can install various modules through Pip. Under the Add another file… field you can enter the name of the given module and click Add.

If you click Delete, the corresponding module entry will disappear. If you click Edit, you can change the module in question.

Once you have added the module, you can click Run Pip Install and install the module in question from the drop-down.

You can also execute pip install commands directly under the virtual environment via SSH.

Also, you can execute python script commands from the web interface (e.g. you can install packages from specific repositories or control web applications by means of django-admin).

You can additionally set up Environment variables:

Click Add Variable and you will be able to set up Name and Value of the variable in question. After you have entered the correct data, click Done to create the variable.

NOTE: Changes will not be applied to the application environment until the Update button is clicked. All changes can be reverted by clicking the Reset button.

You also have the options to Stop App and Restart the application.

To delete the application, click Destroy. The application folder itself will remain unmoved.

Dealing with WSGI application issues

In some cases, apps may not run properly when the main application variable is called app. This is because WSGI software that we use to run Python on our servers requires the main application variable to be called application.

We will use the Flask application as an example here to make the application work:

1. Install Flask and all the other modules required for the app. It can be done in many ways:

Install modules manually one by one over SSH

This can be done using the standard Run Pip Install button described in this guide, or via SSH using pip install module command.

Install all the modules at a time with a requirements.txt file.

It can be done with the following type of command via SSH:pip install -r requirements.txt

Install all the modules with a setup.py file via SSH, if it is created for the application,. The usage of this option depends on the app in question.

2. Remove the default passenger_wsgi.py file under the application root folder.
3. Find the main script of the application in the application root folder. Search for the following line to find it:
from app import app
(it can be from src import app or from app import application, however from app import app is the most common way to write it). The main script is usually called app.py, main.py, index.py, or init.py.
4. Rename this script to passenger_wsgi.py or set it in the Application startup file field within the Python App interface in cPanel.
5. Right below the import line (from app import app), insert this line:
application = app

The described actions should help fix an application that was not written with WSGI software in mind.

High Severity Vulnerability Patched in Ninja Forms

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.

We reached out to Ninja Form’s security team according to their Responsible Disclosure Guidelines and they replied within a few hours. The plugin was patched less than 24 hours after our initial contact, on April 28, 2020.

All Wordfence users, including both Wordfence Premium and free Wordfence users, are protected from XSS attempts against this vulnerability by the Wordfence Firewall’s built-in XSS protection.

Description: Cross-Site Request Forgery to Stored Cross-Site Scripting
Affected Plugin: Ninja Forms
Plugin Slug: ninja-forms
Affected Versions: < 3.4.24.2
CVE ID: CVE-2020-12462
CVSS Score: 8.8 (High)
CVSS Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fully Patched Version: 3.4.24.2

The Ninja Forms plugin features a “legacy” mode which allows users to revert its styling and features to those of the plugin’s final 2.9.x version. As part of this feature, it adds several AJAX functions which appear to be intended to import forms and fields between the “legacy” mode and the default mode. While all of these functions used capability checks, two of the functions failed to check nonces, which are used to verify that a request was intentionally sent by a legitimate user. One function in particular, ninja_forms_ajax_import_form, allowed importing forms containing custom HTML:

add_action( 'wp_ajax_ninja_forms_ajax_import_form', 'ninja_forms_ajax_import_form');functionninja_forms_ajax_import_form(){if( ! current_user_can( apply_filters( 'ninja_forms_admin_upgrade_import_form_capabilities', 'manage_options') ) ) return;$import= stripslashes( $_POST[ 'import'] );$form_id= ( isset( $_POST[ 'formID'] ) ) ? absint( $_POST[ 'formID'] ) : '';WPN_Helper::delete_nf_cache( $form_id); // Bust the cache.Ninja_Forms()->form()->import_form( $import, TRUE, $form_id, TRUE );if( isset( $_POST[ 'flagged'] ) && $_POST[ 'flagged'] ){$form= Ninja_Forms()->form( $form_id)->get();$form->update_setting( 'lock', TRUE );$form->save();}echojson_encode( array( 'export'=> WPN_Helper::esc_html($_POST['import']), 'import'=> $import) );wp_die();}

As such, if an attacker was able to trick an administrator into clicking a crafted link, they could spoof a request using that administrator’s session and import a form containing malicious JavaScript into the site. Worse yet, it was possible to replace any existing form on the site with one of these imported forms by setting the formID $_POST parameter to the ID of an existing form.

Depending on where the JavaScript was placed in the imported form, it could be executed in a victim’s browser whenever they visited a page containing the form, whenever an Administrator visited the plugin’s Import/Export page, or whenever an Administrator attempted to edit any of the form’s fields. As is typical with Cross-Site Scripting (XSS) attacks, a malicious script executed in an Administrator’s browser could be used to add new administrative accounts, leading to complete site takeover, while a malicious script executed in a visitor’s browser could be used to redirect that visitor to a malicious site.

Vulnerability Disclosure Policies are Important

One of the reasons this plugin was patched so quickly was because the plugin’s team maintains a Responsible Security Disclosure Policy, often referred to as a Vulnerability Disclosure Policy. This allowed us to contact them directly with our full disclosure rather than spending days trying to find or verify the appropriate contact channel. While we have occasionally seen plugins patched in less than 24 hours in the past, responses like this are exceptional and indicate a serious dedication to security.

If you are responsible for any kind of software product or service, having a Vulnerability Disclosure Policy (VDP) not only improves your chances of being alerted to serious security issues, but also allows you to set expectations for your response. Most importantly, it reduces the risk of vulnerabilities in your products being prematurely or irresponsibly disclosed and attacked by bad actors before you have a chance to fix them. For these reasons, we strongly recommend implementing a VDP to improve not only the efficiency of your response to specific flaws, but also the general security of your product.

Timeline

April 27, 2020 19:00 UTC – Our Threat Intelligence Team discovers and analyzes the vulnerability and verifies that our existing Firewall Rules provide sufficient protection against XSS.
April 27, 2020 19:24 UTC – We provide full disclosure to the plugin’s developer as per their Responsible Security Disclosure Policy.
April 27, 2020 20:27 UTC – We receive a response that a patch should be available the next day.
April 28, 2020 19:00 UTC – Patched version of the plugin released.

High Severity Vulnerability Patched in Ninja Forms

Wordfence

Network Optimizer – Railgun

Optimized partners can reach international customers faster with Railgun

Railgun ensures that the connection between your origin server and the Cloudflare network is as fast as possible.

Railgun compresses previously unreachable web objects by leveraging techniques similar to those used in the compression of high-quality video. This can result in additional performance increase.

What Railgun Does

Railgun accelerates the connection between each Cloudflare data center and an origin server so that requests that cannot be served from the Cloudflare cache are nevertheless served very fast.

Approximately 2/3 of requests to sites on Cloudflare are served directly from cache from the data center that is physically closest to the person surfing the web. Because Cloudflare has data centers around the world this means that whether you are in Bangalore, Brisbane, Birmingham or Boston web pages are delivered quickly even when the real, origin web server is thousands of miles away.

Cloudflare’s ability to make a web site appear to be hosted close to web surfers is key in accelerating web surfing. A web site might be hosted in the US, but accessed mainly by web surfers in the UK. With Cloudflare the site will be served from a UK data center eliminating the costly delay caused by the speed of light.

But the other 1/3 of requests made to Cloudflare have to be sent to the origin server for processing. This happens because many web pages are not cacheable. This can be because of a misconfiguration, or, more commonly, because the web page changes frequently or is personalized.

For example, it’s hard to cache the New York Times home page for any length of time because the news changes and being up to date is essential to their business. And for a personalized web site like Facebook each user sees a different page even though the URL may be the same for different users.

Railgun uses a collection of techniques to accelerate and cache these previously uncacheable web pages so that even when the origin server must be consulted web pages are delivered quickly. And that even works for rapidly changing pages like news sites, or for personalized content.

Cloudflare research showed that even though many sites cannot be cached they actually change very slowly. For example, the New York Times home page changes throughout the day as news stories are written, but the boilerplate HTML of the page mostly stays the same and many stories stay on the front page all day.

For personalized sites the boilerplate HTML is the same with only small pieces of content (such as a person’s Twitter timeline or Facebook news feed) changing. This means there’s a huge opportunity to compress web pages for transmission if the unchanging parts of a page can be detected and only the differences transmitted.

How It Works

When a request is made to a Cloudflare server for a web page that is not in cache Cloudflare makes an HTTP connection to the origin server to request the page. It’s that HTTP connection that Railgun accelerates and secures.

www.cloudflare.com/en-gb/website-optimization/railgun/

Railgun consists of two software components: the Listener and Sender. The Railgun Listener is installed at your web host on an origin server. It’s a small piece of software that runs on a standard server and services requests from Cloudflare using the encrypted, binary Railgun protocol.

The Railgun Sender is installed in all Cloudflare data centers around the world and maintains connections with Railgun Listeners.

When an HTTP request comes in that must be handled by an origin server, Cloudflare determines whether it is destined for a Railgun-enabled website. If not, standard HTTP is used, but if so the HTTP request is routed to the Railgun Sender for handling.

The Railgun Sender turns the request into a compressed, binary chunk that’s transmitted to the corresponding Railgun Listener. The Railgun Listener handles the request and performs an HTTP request to the origin server. From the origin server’s perspective it’s as if the HTTP connection came directly from Cloudflare, but because it comes from inside the hosting partner’s infrastructure the request suffers no latency related delay.

Railgun uses a new caching mechanism based on comparing page versions to determine what needs to be transmitted across the Internet to the Railgun Sender. Using this mechanism Cloudflare is able to achieve typical 99.6% compression (taking, for example, a 100k web page down to 400 bytes) and a speedup of over 700%. In fact, the compressed data is often so small that using the binary Railgun protocol the entire response fits inside a single TCP packet.

Railgun connections are secured by TLS so that requests sent across them cannot be eavesdropped upon. The connection is secured by certificates so that a man-in-the-middle attack is not possible. The TCP connection between Cloudflare and the origin server is kept alive so that it can be reused for subsequent requests eliminating the slow start up of a TCP connection.

Railgun requests are multiplexed onto the same connection and can be handled asynchronously. This means that Railgun is able to handle many, simultaneous requests without blocking and maximizing the use of the TCP connection.

What is QUIC.cloud

Introduction

QUIC.cloud is the first and only content delivery network with the ability to cache dynamic WordPress pages. Using QUIC as the transfer protocol, QUIC.cloud will make your website faster and more secure than the competition.

Litespeed’s QUIC.cloud is a new way to supercharge your website.

QUIC.cloud CDN, an intelligent cache CDN based on LiteSpeed Cache, is the only CDN service that can accurately cache dynamic pages (pages that can change frequently).

LSCache for WordPress knows when to automatically purge and sync data in QUIC.cloud CDN, giving it the upper-hand on all other CDN providers. Users can now provide anyone across the globe access to their sites in less than 100ms!

Also, new to QUIC.cloud is image optimization, critical CSS, and LQIP. With these new services readily available, QUIC.cloud is more customizable and efficient than ever before.

After reading through this guide, if there is something you do not understand, please let us know by sending an email to support[at]quic.cloud.

Requirements

Before you can utilize QUIC.cloud, you should refresh your LiteSpeed Cache for WordPress module to in any event v3.0.

Ths guide also assumes you already have a domain setup with WordPress. If you do not yet, please check out WordPress’ Domains guide.

Matching WordPress and QUIC.cloud

To begin, sign into your WordPress dashboard for the domain you’d like to use with QUIC.cloud.

At that point explore to the menu bar on the left half of the site, and float over LiteSpeed Cache.

Then, select General.

On that page there will be a box for a Domain key; click the link Apply Domain Key, on the right side of the box.

You will see a bar at the top saying you applied successfully and to wait for the result. Please refresh the page.

After refreshing, the box should be automatically filled with the key. Next click Save Changes in the right corner.

This image has an empty alt attribute; its file name is image-34.png

Once you save, click Link to QUIC.cloud.

Next you will be redirected to QUIC.cloud to sign up/login.

If you login, you will be redirected back to your WordPress dashboard.

If you sign up, you will be asked to fill in your desired password and to agree to the QUIC.cloud terms and conditions. Then click Register.

Check your emails for a message from QUIC.cloud and confirm your account.

Once you click the activation link, a new tab will open saying the activation was successful.

Click My Dashboard and you will be redirected back to the WordPress dashboard.

Back on the WordPress dashboard, there is a button that will direct you to your QUIC.cloud dashboard.

Once on the QUIC.cloud dashboard, you will see the new domain listed.

When you click into the domain, you should see a list including our CDN and the services offered.

If you’d like to use the CDN, please continue on to the next section of this document. If you are not interested in using the CDN, however, then you have successfully finished your setup. Congratulations and welcome to QUIC.cloud!

Setting up the CDN

Before a domain can use QUIC.cloud CDN, the DNS for that domain must be properly set up. Please follow the instructions below to set up your DNS.

DNS Setup

If you are not sure about how the DNS works, check out our DNS Primer. You will need to be logged into your WordPress admin and your DNS management page.

Note -  The base domain, e.g. example.com is known as the Root or Apex Domain. All other usages of this domain such as sub.example.com or www.example.com are subdomains.

If you are adding the root domain to QUIC.cloud, refer to the following section. If you are adding a subdomain, refer to the subsequent section.

Adding the Root(Apex) Domain

QUIC.cloud requires that your DNS maps your domain to a domain provided during setup. This means that your DNS provider must support domain to domain mapping for the Root domain.

The following instructions have screenshots from the CloudFlare DNS manager.

Take a screenshot of your current configurations. Keep this as a reference in case things go wrong, so you have something to go back to.
Check what your TTL value is and adjust it to the smallest value possible (if not already). You will need to wait until the old DNS records expire before you can use QUIC.cloud. After the old value expires, every record should be using the new value. Example: previous value: 1 hour, new value: 2 minutes. If it is 3pm when you change the value to 2 minutes, you must wait until 4pm to be sure that all the records now use the 2 minute value.
(Optional) If you wish to use both the root domain and the www. subdomain: Create a CNAME record pointing www. to your Root domain:

If you have a www. record already, edit that to look like the above screenshot. The net result is that www.example.com will target the same server as example.com.

4. Create an A record for a random subdomain that points to your origin IP. For example, origin.example.com.

1.Convert your current record for @ to a CNAME record targeting the subdomain you created in step 4.

Deleting the root domain record:

Note – The below screenshots are for deleting an A record and adding a CNAME record. If your current record is a CNAME record or your DNS Manager allows changing record types, you can just edit the record.

Setting the CNAME record for the root domain:

Make sure that your site is still accessible as is. Here are some ways to test.

Note – If you are using CloudFlare DNS, ensure that the cloud is set to “Grey” (this means you are not actually using Cloudflare for anything other than the DNS).

After performing the above steps, the following should be true: * Your site is still accessible. Nothing should have changed. * If you performed step 3, your www. subdomain should also point to your current IP. Refer to how to check the DNS. * The random subdomain should also target the same IP.

If any of the above are not true, review your DNS configurations and run through the steps again. One possible reason that the above are not true is that the TTL for the old configuration has not expired yet. Make sure that the time has elapsed.

Adding the Subdomain

The following instructions have screenshots from the Digital Ocean DNS manager. The steps should be similar for your DNS provider.

Take a screenshot of your current configurations. Keep this as a reference in case things go wrong, so you have something to go back to.
Check what your TTL value is and adjust it to the smallest value possible (if not already). You will need to wait until the old DNS records expire before you can use QUIC.cloud. After the old value expires, every record should be using the new value. Example: previous value: 1 hour, new value: 2 minutes. If it is 3pm when you change the value to 2 minutes, you must wait until 4pm to be sure that all the records now use the 2 minute value.
If the subdomain points to the same origin server as the Root domain, this step is not required. Create an A record for a random subdomain that points to your origin IP. For example, origin.example.com.

Convert your current record for the subdomain to a CNAME record targeting the subdomain you created in step 3. If you are using the root domain as the base, target that instead.The below screenshots are for deleting an A record and adding a CNAME record. If your current record is a CNAME record or your DNS Manager allows changing record types, you can just edit the record.

Deleting the old record:

Make sure that your site is still accessible as is. Here are some ways to test. If you are using CloudFlare DNS, ensure that the cloud is set to “Grey” (this means you are not actually using Cloudflare for anything other than the DNS).

After performing the above steps, the following should be true: * Your site is still accessible. Nothing should have changed. * The random subdomain should also target the same IP.

If either of the above are not true, review your DNS configurations and run through the steps again. One possible reason that the above are not true is that the TTL for the old configuration has not expired yet. Make sure that the time has elapsed.

Enable CDN

When on your QUIC.cloud dashboard, click on the domain you’d like to enable the QUIC.cloud CDN service for.

Note – Domains can be listed in QUIC.cloud and use the QUIC.cloud services, without using the CDN.

Next, under the services list, click CDN.

Note - If the status of the CDN says ‘OK’, then your CDN is already enabled for that site and you do not need to continue with this guide.

On the following screen, click Enable CDN.

Next we will discuss the DNS records and verification.

Configure DNS Records and Verify

Update the DNS Manager

Note the CNAME record that we created for you, as below:

In your DNS Manager, change the CNAME you set up to point to this CNAME domain.

CloudFlare DNS Example:

At this point, nothing should have changed. Your site should still target your server. Here are some ways to test.

Configure Access for your site (Optional)

On the CDN page, under Setting -> Connection, there are three options that configure how the browser connects to QUIC.cloud and how QUIC.cloud connects to your origin server. Select the appropriate option.

Connection Type to Origin: This option specifies the connection type between QUIC.cloud and your origin server. The available options are: match the connection type from the browser to QUIC.cloud or use HTTP Only.

Frontend Force HTTPS: This option specifies the connection type between the browser and QUIC.cloud servers. If set to ON, HTTP requests to QUIC.cloud are redirected to HTTPS automatically. Otherwise, both request types are forwarded to your backend server (depending on how Connection Type to Origin is configured).

Enable QUIC Backend: If your site offers QUIC and/or HTTP/3, you can try this option. This will let QUIC.cloud servers attempt to connect to your origin server using QUIC and/or HTTP/3.

Configure your Firewall

When your site goes through QUIC.cloud servers, all the requests will appear via QUIC.cloud IPs. This will likely trigger some firewall rules. Make sure to whitelist QUIC.cloud IPs so that the requests do not trigger the firewall.

Verify Your Website is Using QUIC

You must have a valid SSL Certificate set up on QUIC.cloud to use QUIC.

If QUIC.cloud is working properly, your site should be using QUIC. You can use a browser extension to verify this, such as this for Google Chrome. It will show a Green lightning bolt indicator, if your website is using QUIC.

Alternatively, you could use HTTP/3 Check to test it out.

That’s it. QUIC.cloud CDN should now be set up. If you have any questions or issues, please contact us at support[at]quic.cloud.

What is Entry Process Limit – Shared Hosting

An Entry Process is the number of PHP scripts you can run at a time. Our Shared Hosting and WordPress hosting plans have limitation of entry process at a time.

Number of visitors on website – An Entry Process should not be confused with the number of visitors you can have on your website as it takes just fractions of a second to complete.

For Eg. if we have restrict 25 entry processes that doesn’t mean that only 25 people can visit your website at a time. It’s because there is very rare possibility of 25 people browsing your website at the same fraction of a second.

When a visitor browses any web page of your website, the web server would start serving the request. While this request is being served, it will use one entry process.

Once this request has been served, the web server would no longer use an entry process and the entry process count would get decreased by 1.

Please note that cron jobs, shell scripts and other commands also use entry process for the duration of the time they are running.

Why such restrictions – Entry process limitations to ensure that no single user consumes all server resources and to prevent DDoS attacks against the web server.

Entry process will limit the number of concurrent connections to web server, thus preventing our server against malicious traffic.

When you use all allotted entry processes (25), new visitors would experience a 508 error.

Recall an Email in Outlook – instructions

Instructions in this article apply to Outlook 2019, 2016, 2013, 2010, 2007; and Outlook for Office 365.

If your business uses Microsoft Outlook on the collaborative communications server, Microsoft Exchange Server, you have some advantages over standard Outlook account users, such as the ability to search multiple mailboxes, increased security features and the ability to recall or even replace an email message. With the latter, you can “unsend” emails, which is ideal if you forget to include important information, discover an error in a message or realize you hit the dreaded “Reply All” button on a private email. In addition, you can replace the recalled message with a modified version.

Requirements to Recall

To recall Outlook email:

Both you and your recipient must have an Exchange server email account and use Outlook as the email client.
The recipient’s mailbox is open when you attempt to process a recall.
The original message is unread and is in the recipient’s Inbox.
The message was not touched by any process, such as a rule, spam filter, or add-in.

When you attempt to retract email, Outlook may notify the recipient of the recalled email.

How to Recall an Email in Outlook (and Replace It, if Desired)

1. To recall an email in Outlook:Open Outlook and go to the Sent Items folder.

2. Double-click the sent message you want to recall to open it in a separate window.

The options to recall a message are not available when the message is displayed in the Reading Pane.

3. Go to the Message tab, select the Actions dropdown arrow, and choose Recall This Message.

4. In the Recall This Message dialog box, select one of the following:

Delete Unread Copies of This Message to recall the message.
Delete Unread Copies and Replace With a New Message to replace the message with a new one.

5. If you want to receive notification of the results, select the Tell Me if Recall Succeeds or Fails for Each Recipient check box.

6. Select OK.

7. If you selected Delete Unread Copies and Replace with a New Message, modify the original message.

8. Select Send.

9. You’ll receive an Outlook notification message regarding the success or failure of your attempt to retract or replace the email.

How to ensure the recall is successful

Whether an already-sent e-mail can be replaced by a new message depends not only on the requirements listed above, but also on the recipient’s Outlook settings.

The following scenarios are possible according to Microsoft.

Scenario 1: The “Automatically process meeting requests and responses to meeting requests and polls” feature is enabled (as default).

If the recipient has the “Automatically process meeting requests and responses to meeting requests and polls” feature enabled, both the original message and the message to recall the e-mail will be stored in the recipient’s inbox. Whether the recall works or not depends on whether the mail has been read.

If the recipient has not yet read the original message, it will be replaced by the recall message. The recipient is then informed that you have recalled the original message.
If the message is marked as read when the recall message arrives, the recall attempt will fail and the message will remain in the recipient’s inbox. However, the recipient will be informed that you attempted to recall the message.

Scenario 2: The “Automatically process meeting requests and responses to meeting requests and polls” feature is disabled.

If the recipient has not enabled the “Automatically process meeting requests and responses to meeting requests and polls” feature, both the original message and the message about the recall will be stored in the recipient’s inbox. Whether the recall is successful or not depends on which e-mail is opened first:

If the recipient opens the message about the recall first, the original message will be deleted, meaning the recall was a success.
If the recipient opens the original e-mail first, the recall will be unsuccessful.

Scenario 3: An inbox rule moves the original e-mail to another folder.

If the recipient has defined a rule, which means that the original e-mail and the recall e-mail will be stored in different folders, the recall will fail.

Scenario 4: An inbox rule moves both the original e-mail and the recall e-mail to a different folder.

If the recipient has defined a rule stating that both e-mails should be stored in the same folder, then it depends which e-mail is opened first.

If the recipient opens the recall message first, the original message will be deleted. The recall was a success.
If the recipient opens the original e-mail first then the recall will fail.

Why recalling an email in Outlook doesn’t always work

Unfortunately, if the recipient opens the email you didn’t want them to see, you can’t recall it. They can still get the recall message and note that you wanted to delete the first email, but it will stay in their Outlook system anyway.

If your first message was sent to a folder other than the inbox then the recall won’t work. Neither will it work if it’s sent to a public folder or if you try to recall it from a mobile device. Once one person has seen it, it’s too late.

The recall feature is designed to work with Outlook. If you are sending from a Gmail account for example, you can’t expect it to work, you’ll need to read our guide on how to recall an email in Gmail for tips on how to achieve this.

Different Solution – Delay your emails.

This means you can delay the delivery of an email after you’ve sent it giving you that extra time to change your mind.

Delay the single message in Outlook.

1. Click Options in the Message editing window

2. Hit Delay Delivery.

3. Select the Do not deliver before check box.

4. Select the delivery date and time that you want from the two drop-down lists.

5. Then click on the Close button to save the changes

6. After you click Send, the message will stay in the Outbox folder until your scheduled delivery time.

This will only work to give you a bit more time to reconsider your message; it will not prevent you from accidentally sending the email to the wrong person. It is also only useful if you remember to check the message again before it leaves your Outbox.

Delay messages sending in group

1. Click on the File tab

2. Click Manage Rules & Alerts

3. Click New Rule under the Email Rules tab

4. In the Rules Wizard window under Step 1: Select a template box, and under Start from a Blank Rule, click Apply rule on messages I send, and then click Next to continue

5. In the Step 1: Select condition(s) list, select the boxes for any options that you want and then click Next

6. If you leave all the conditions unchecked when you click Next a confirmation dialogue box will appear. If you click Yes, the rule you are creating will then be applied to all messages you send

7. Now under Step 1: Select the action(s) list, check the box stating defer delivery by a number of minutes

8. In the Step 2: Edit the rule description (click an underlined value) box, click the underlined part of the phrase: defer delivery by a number of minutes

9. Enter the number of minutes you want to delay the messages for before it’s sent (Note: delivery can be delayed up to 120 minutes)

10. Click OK, and then when you’re done hit Next

11. Another list of checkboxes with exceptions that you want will then appear (Step 1: Select exception(s) if necessary)

12. If you want your rules to apply to all your emails click Next

13. Then under the Rules Wizard In the Step 1: Specify a name for this rule box enter a name for the rule you’ve created.

14. Check the Turn on this rule check box and then click Finish

15. It’s then a good idea to test your rule before relying on it when you come to sending something vital.

16. From now on, after you send each message it will stay in the Outbox folder for the time specified.

Again, this solution only works if you are carefully checking each of your emails for mistaken recipients or incorrect email attachments before it leaves your Outbox.

4020 : INVALID : Information received from an Invalid IP address.

Error number: 4020Error message: 4020 : INVALID : Information received from an Invalid IP address.

Explanation: If your website is integrated with Sage Pay using either the Server or Direct method we must have a valid IP address from your platform or web hosting company in order to accept transactions.

The 4020 error message indicates that the transactional post that is coming from your site/hosting company is not being made using the valid IP addresses that you have entered into your Sage Pay account – via MySagePay.

All transactions that are posted from your website/server MUST be sent via one of the IP addresses that you have provided to Sage Pay. If your IP address is not entered within MySagePay, or is coming from a dynamic IP range then you will always encounter this error.

Solution: The 4020 error message is an easy fix, the first thing you will need to do to prevent this error is obtain the IP address that is being used to post the information through to Sage Pay.

You are able to locate the IP address that you are using by –

Process a transaction using the Sage Pay Simulator – you can then obtain the IP address that is being used for the transaction.
Contact your Server administrator – if your Server is being hosted internally – they will then be able to provide you with the IP directly.
Contact your Hosting Company – if your site is being externally hosted by a 3rd party – they will be able to provide you with the IP directly.
Perform a “Ping” test – open your start menu, type “CMD”, this will then load up the DOS screen where you can then type “PING” followed by the URL you are trying to reach – your own website – this will then provide you with the IP address of the site that is making the post to Sage Pay.

Once you have the IP address you will then be able to enter this into your MySagePay admin account, to do this see our Adding IP article here.

https://www.sagepay.co.uk/support/error-codes/4020-invalid-information-received-invalid-ip-address