Home Blog Page 12

Creating an .htaccess file & How to use an .htaccess file

0

I. What is an .htaccess file?
The .htaccess file is a configuration file that enables additional Apache web-server features. It can be added in your web folder and it will affect your entire website content. You can also add further .htaccess files in a sub folder of your web folder to activate individual features for that sub folder only.. This tutorial shows you how to locate (and create) this file using the File Manager of the hosting control panel.

What do you need to prepare?

Before starting you need to prepare:

  • Login your hosting’s control panel

Step 1 – Locate and open File Manager

Navigate to the hosting control panel of the hosting account and open the File Manager tool located in the Files category:

If you are using cPanel, this item can also be found in the Files category.

Step 2 – Locate .htaccess file in File Manager

The .htaccess file is located in the public_html directory. You can access this file and edit its content by right-clicking and selecting Edit:

If your hosting platform uses cPanel, this is the same.

In case there is no .htaccess file, check whether Show Hidden Files is enabled or not:

Step 3 – Create a .htaccess file if it does not exist

If the .htaccess file does not exist, just create the new file by right-clicking on the space in the File Manager and selecting New File.

Then, enter the name .htaccess and click Create to save. You will be able to edit the code in that file later.

Installation is similar to cPanel. To create a new file, you will need to click the File button in the File Manager:

Conclusion

You already know how to locate the .htaccess file through File Manager in the hosting control panel. Know where this file is located, and know how to create and edit files that will give you better control over your website, so you can create redirections, set default pages, create passwords for folders and more.

III.What can the .htaccess file be used for?

1. 301 redirection:

One of the most common applications of the .htaccess file is to create url redirections. If you want one domain (that you have hosting services for) to be redirected to another domain, this is the text that should be in your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^firstdomain.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.firstdomain.com [NC]
RewriteRule ^(.*)$ http://seconddomain.com/$1 [L,R=301,NC]

Alternatively, you can use this code

Redirect 301 / http://domain.com

2. WWW vs non-WWW:

You can force the browser to display either the www.domain.com version of your website url or only  domain.com. Here are the two options:

2.1 Forcing www.domain.com to be displayed in a browser:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301,NC]

2.2 Forcing only the domain name to be displayed

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301,NC]

3. Block a certain IP or range of IPs:

You can also block a certain IP or a whole range of IPs from visiting your site. In order for that to be done, you will need to add these lines to your .htaccess file:

Order Deny,Allow
Deny from X.X.X.X (where X.X.X.X is a specific IPv4 Address)

If you want to block more than one IP, you will have to list each one on a separate line:

Order Deny,Allow
Deny from X.X.X.X
Deny from Y.Y.Y.Y

In order to restrict access from specific countries, you must obtain the ranges of IP addresses that are assigned to the particular country.There are several web sites (e.g. ip2location.com) that enable you to generate these .htaccess directives automatically based on the country or countries you specify.

Please note that this method is not 100% effective because IP address assignments can change, and IP address ranges can overlap. Nevertheless, this method blocks the majority of the traffic from the specified countries.

4. Changing the default home page:

If you currently have a website whose default landing page is index.html and want to change it (for example a WordPress site’s default page is index.php), but you want to keep both files (index.html and index.php) on your hosting space, you can change the default landing page by adding the following to your .htaccess file:

DirectoryIndex index.php

5. HTTP to HTTPS redirection:

If you are in need to transfer all the traffic that is currently going through HTTP but you need it to be HTTPS (ex. you have just purchased and installed new SSL certificate) you will need to add the following:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

6. Custom Error Page:

You can also use .htaccess file to use a custom 404 error page. The text that you will need to have in the file is:

ErrorDocument 404 /yourcustomer404page.html

 

How to get free SSL certificates SiteGround

0

SiteGround has been supporting the Let’s Encrypt global initiative for creating free SSL certificates for everybody from its beginning. We automatically issue and install a free certificate for the majority of the domains that are pointed to our shared servers and we allow one click installations for domains on cloud and dedicated accounts. Now, all of our customers can also install free Let’s Encrypt Wildcard to any of their domains pointed with us.

How to see the Let’s Encrypt certificates issued for your account?

To access the Let’s Encrypt certificate tool, log in to your cPanel and click on the Let’s Encrypt icon in the Security tab.

Once there, you will see a list of the active Let’s Encrypt certificates for your account.

How to issue and install a new Let’s Encrypt certificate yourself?

Select a domain name and the type of certificate you wish to install and click install.
In a few moments, you will have a working SSL certificate for your domain name!
Now you just need to configure your application to work via https:// to start using the certificate on your site.

How to upgrade an existing Let’s Encrypt certificate to Let’s Encrypt Wildcard?

If you already have a single domain Let’s Encrypt certificate for one of your domains, but you wish to replace it with a Wildcard one, you can just click on the “Get Wildcard” button next to the certificate you wish to replace. This will install Wildcard to the domain name you have replaced the certificate for, as well as all of its subdomains (except of add-on domains, if any).

How to enforce the certificate on your site?

Issuing a certificate is just a first step in making your website work properly over HTTPS. You usually need some additional configuration so that your domain is not accessible both over http and https, in order to avoid duplicate content. Additionally you may need to rewrite any links to external content, so that your site does not show warnings for mixed content in the browser. The best way to do this changes are in your specific application, but if you are not sure how, we have created a shortcut in the Let’s Encrypt interface that allows you to both enforce the certificate and rewrite the links with a single click. You can manage the HTTPS settings of your domain name in the “Actions” menu next to your domain name.
Have in mind that the HTTPS settings for domains with Let’s Encrypt Wildcard are only applied to the primary domain.

How to renew a Let’s Encrypt certificate?

Let’s Encrypt certificates issued by SiteGround are automatically renewed by us until they are canceled. You don’t need to do anything manually.

How to cancel a Let’s Encrypt certificate?

If you want to cancel an installed certificate just click on the Cancel button next to the domain name.

Prerequisites for installing a Let’s Encrypt certificate

There are a few requirements that a domain should meet so you can install a Let’s Encrypt certificate successfully on it.

  • The domain and its www subdomain should be both pointed to your cPanel account IP address. Otherwise the certificate cannot be verified and installed on your domain.
  • If you’re attempting to install a Let’s Encrypt Wildcard SSL for a domain name, the server hosting your account must be in control of the DNS zone for the respective domain.
  • There should not be a general redirect upon the installation of the certificate, as it would prevent the HTTP validation from completing. You should temporary remove such redirects until the certificate’s installation is completed. You may safely re-add them after the certificate is successfully installed.
  • By default, if you initiate installation of  a Let’s Encrypt certificate on your primary domain, cPanel would include your parked domains in the installation of the SSL. This means that if you have a parked domain that is not pointed to your cPanel’s IP address, the installation of the SSL would fail. You should either point these domains to your cPanel account, or temporary unpark them until the installation completes.

Let’s Encrypt limits

The Let’s Encrypt installation has several rate limits applied and if you have reached one of those, the installation of a new certificate will not be successful. The most frequently met limits are:

  • 5 Duplicate certificates successfully issued and installed for the same domain name per week. For instance, if you requested a certificate for the example.com and www.example.com domains, you could request four more certificates for those domains during the week. If you changed the set of names by using a subdomain such as blog.example.com, you would be able to request additional certificates.
  • 5 Failed Validations per domain name per hour. If you attempt to install Let’s Encrypt certificate for your domain name, and the installation fails 5 times, you will not be able to request a new installation in the next hour and you need to wait for the limit to be lifted.

Get free SSL with Let’s Encrypt in cPanel (StableHost, SiteGround, DreamHost, …)

0

Free SSL Certificates from Let’s Encrypt are being used more and more in the world, until 10/2016 there are more than 10 million websites activated.

SSL or HTTPS in the future will be the standard protocol, as browsers are making improvements to make it easy for users to distinguish which websites are secure, which are not. Even Google places priority on search results for sites that use SSL.

The world’s most popular hosting management system, cPanel has quickly enabled users to activate, use and automatically renew Let’s Ecnrypt certificates to install SSL easily and completely with just a few clicks.

You only need to use hosting providers that have enabled this functionality in cPanel, such as Hawk Host, StableHost, SiteGround, DreamHost …

Now that we no longer have to spend money on buying SSL, refer to the steps below to activate the Let’s Encrypt certification for free SSL.

Note: Changing the url will reset the Like, +1, and facebook comments. However, for the long-term benefit I encourage you to use HTTPS.

Installing a Certificate

Once you’re logged into cPanel, you should see a Let’s Encrypt for cPanel button under Security. Click on it to access your active domains list to install a certificate.

 

Toward the bottom of the page, you should see the Issue a new certificate section. You should see a list of all your active domains including variations of them with and without a www. prefix.

You can check multiple boxes to install more than one certificate at a time or click the Issue Single link beside the domain where you want your certificate installed.

If you check multiple boxes, click one of the Issue Multiple links at the top or bottom of the list.

The Issue a new certificate section.
You can install multiple certificates at a time or just one.

Next, click the checkboxes next to the domains you don’t want to include if you selected multiple ones on the list on the previous page. Also select which domain you wish to be the primary one users are going to visit.

If you use one of the domains to access your email, also check the box labeled Install mail SMTPS/POP3S/IMAPS SSL certificate. Finally, click Issue to install your certificates.

Let
Select which domains to include and install by clicking the Issue button.

The installation process takes about 10 seconds, but can take up to 45 seconds depending on how many certificates you have selected to issue. When the process has completed, you should see a message letting you know the installation was a success.

If something went wrong, try again. It usually works the second time around.

When you return to the main page, you should see your domains with certificates installed listed at the top of the page. You can click the Remove links to delete certificates one-by-one, or the Reinstall link to renew the certificates before the expiry date.

Configure HTTPS for Website

1. WordPress

If you use WordPress, you need to take more step to enable using Let’s Encrypt.

In WP Admin, you install and activate the Really Simple SSL plugin

After the activation is complete, press the Go ahead, activate SSL! button appears on the screen. Or activate in the Settings, SSL menu.

Now when you visit the link http://domain.com, you will automatically be redirected to https://domain.com. At the same time all the .CSS, .JS files will be transferred to https link, the url displayed in the browser will be green.

In case the website is active, there will be many http links that exist in the article content and comment content. You install the Search Regex (or Better Search Replace) plugin and then replace the link to http://domain.com to https://domain.com with Source as Post content and Comment content.

If you do not want to add the SSL plugin, add the following code to the wp-config.php file, configure the https url in Settings and replace the http to https.

# SSL
if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
$_SERVER[‘HTTPS’]=’on’;

2. Other CMS

For other systems I do not use so I do not have specific instructions.

However, in essence you need to do the following:

  • Redirect http to https for domain.
  • Move the entire image, js, css link from http:// to https:// to the green icon as demo. View-source to see if any unchanged, then update.

Update configuration in Google Webmaster Tools and Analytics

1. Google Search Console

After you have changed http to https, go to Google Webmaster Tools, add a new domain with the https link.

Then proceed to configure this new domain similar to the old domain.

Right out of the dashboard, click Sitemap to add a link file:

Go to Site Settings and adjust the crawl rate

On the Search Traffic menu, select International Targeting, click the Country tab, and select the country you want to target.

Old Http domain will still be kept in Search Console.

2. Google Analytics

With Google Analytics, in the main report page you click on the top Admin tab and select Property Settings in the PROPERTY column

Drag down the Default URL line, switch from http to https:

So done, now wait for Google index all the https urls that your website will appear on Google with new urls, definitely higher position than before.