Author: Host Pond

How to secure your WordPress website with SSL at Host Pond Web Hosting

As of January 2017, nearly all Host Pond customers have SSL certificates available and ready for use on their websites.  You can test this out by entering httpS:// followed by your website in your browsers address bar.  It should load without a certificate error if it is properly available. Though in most cases, if you have a WordPress website, it will redirect back to the insecure HTTP:// connection as that’s how WordPress behaves out of the box.

Before continuing, I highly recommend that you follow these instructions to backup your WordPress website. Some of these instructions, in some situations can cause your website to break. Having a current backup is absolutely critical. If at any time during these steps, your website breaks, please follow the restore instructions to restore your website from the backup you just created.

If you have a WordPress website, and you want to secure your website with SSL (encryption), the first step is to login to your WordPress control panel.  Typically, it is the URL/Address with a “/wp-admin” appended at the end, without the quotes.  So, if your website was http://pdxwebsite.com, then the WordPress login for that website would be http://pdxwebsite.com/wp-admin. Please note that in many cases, Host Pond customers have a plugin that changes the “/wp-admin” to some other hidden address. This is to keep hackers from trying to break in. If you have any trouble at all getting logged in or locating the login address, please send us an email to details@hostpond.com for assistance.

Once logged in, go to the “Settings -> General” area of the control panel.

WordPress Settings General SSL

Ensure that both the WordPress Address (URL) and the Site Address (URL) begin with https as is shown in the following screenshot.

https for site address

Then click the Save Changes button.

save changes

This simple change will essentially force redirection to the secure/encrypted connection for your website. In a perfect world, this would be all you would need to do. And in fact, there may be some of you where this works like a charm, and nothing more is needed. You can test this out by going to your website with Google Chrome to see if you notice the green “Secure” to the left of the address bar, indicating that everything is working.

However, it is important to note that WordPress is extremely resource intensive to load. So, if visitors are coming to your site, initially without the httpS in the address bar, they are having to load WordPress twice, in which case they are probably having to wait a really long time for the first page to load. Because of this, even if the above gets things working properly for you, I highly recommend modifying your .htaccess file to force a secure redirection, which will make for a more pleasant and speedy response time for visitors coming to your website.

In some cases, you may see something like the following in your address bar after forcing redirection.

SSL not secure

Unfortunately there are many reasons why this could happen. When you encounter this error, there are typically options for getting further details about why this is occurring. At this point, if you’re not adept in sifting through and understanding the error message, you may need to reach out for assistance to make the secure connection work properly.

The most common reason for seeing this kind of message is because of mixed content. Meaning, some of the images or resources are being loaded insecurely. This typically happens when you’ve got hardcoded “http://” references somewhere in your WordPress website. One way to verify this is to view the page source of the broken page and search for these http:// references to see if they exist. If they do, you may be able to manually correct these by modifying your WordPress template, or by modifying the links within your pages.

There is one option available for quickly replacing these insecure links across your entire website, but the method for doing so is rather technical. It involves uploading a search and replace script to the server, and running it to change all http://yoursite.com references in your website database with https://yoursite.com. The instructions for successfully doing this are beyond the scope of this document. However, for your reference, here is the script that we use at Host Pond to perform the search and replace on WordPress websites. WARNING : USE THIS SCRIPT AT YOUR OWN RISK IF YOU CHOSE TO.

https://interconnectit.com/products/search-and-replace-for-wordpress-databases/

How to force SSL redirection within the .htaccess file

This FAQ will walk you through how to force visitors of your website to an SSL/encrypted connection of httpS instead of http without the S.

CAUTION 1 : Be sure to backup your website before making changes to your .htaccess file.  Please know that making a mistake in the .htaccess file can completely break your website.

CAUTION 2 : If you have a WordPress website, it is important to first modify your WordPress settings to point to the SSL/httpS connection. Otherwise you may cause an infinite loop of bouncing back and forth between secure and non-secure and the page will fail to load.

Now, to modify your .htaccess file to force redirection to SSL.

First, get yourself logged in to cPanel by following these instructions.

Once logged in to cPanel, click on the File Manager icon under the Files section.

File Manager

You may be prompted to choose the website that you’re going to be working with.  Be certain to choose the correct website, and also be sure to check the box that says “Show Hidden Files (dosfiles)”. Then click the Go button.

Host Pond Web Hosting show hidden files

Please note that if you’re not presented with the above opportunity to show the hidden files, you may need to click the “Settings” link in the upper right hand corner to locate the checkbox for showing hidden files.  See the 4 steps below to show the hidden files, and then to select the public_html as the current folder.

File Manage Show Hidden Files

Next, locate and select the .htaccess file in the document root, and then click the Code Editor icon in the toolbar. If you do not find the .htaccess file, you may need to click the “New File” icon to create the file. If you do create it, make sure you put it in the correct folder, and make sure you have the DOT before it, as in .htaccess.

Host Pond Web Hosting code editor click

If you receive the following pop-up warning, you can probably just click through by clicking edit. This warning is to remind you about having a good backup before proceeding forward.

Code Editor Backup Warning

Next, you’ll want to insert the three important redirect lines at the top of the file, and then save it.  Here those lines are as text so that you can copy and paste them. MAKE SURE YOU RENAME THE “techdruid.com” part and make sure that it reflects your website name PRECISELY. If you had the WWW. present in your WordPress settings, make sure you have them present here too to avoid any endless redirect loops.

CAUTION 3 : If you have multiple websites hosted under a single account, be sure to read past this next step before saving these changes.  You could end up breaking other websites.  You may need to use more specific/detailed code to avoid redirecting all of the websites.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^techdruid\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://techdruid.com/$1 [R,L]

 

htaccess code editing for redirect to https

That should be it in terms of forcing redirection to the secure URL for your website.

FOLLOWUP TO CAUTION 3 : Please note that if you have multiple websites, you may need to limit the redirection to a single website, or you may need to redirect multiple websites under the same account.  Here is an example of a redirect for the www.pdxwebsite.com, and NO other websites.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.pdxwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.pdxwebsite.com/$1 [R,L]

The above will redirect anyone coming to www.pdxwebsite.com to the secure connection of https://www.pdxwebsite.com.  However, if you have additional websites, such as techdruid.com in my case, or a sub-domain such as demo.pdxwebsite.com, the above redirect would not effect visitors to that secondary website. You would need to add the same lines above a second time, replacing pdxwebsite with techdruid to cause the second website to also redirect properly.  Here is a full example that would redirect two different websites hosted under the same account. Note the exclusion of “www” in the techdruid entries. This is entirely depending on how your websites are configured whether you include that www or not. As I don’t use the www on my techdruid.com website, I have excluded it from the .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.pdxwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.pdxwebsite.com/$1 [R,L]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^techdruid\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://techdruid.com/$1 [R,L]

Host Pond Web Hosting rejects investments in fossil fuels and abuses against indigenous people

water is life nodapl

Today I have setup a new bank account with a local credit union, with the intention of migrating both my personal and business accounts to them.

I have been a happy and loyal customer of Bank of the West for 12 years now. And while I’ve been tempted to switch from them for years, I have been nervous about changing what is not broken for me, personally.

However, in light of the fact that Bank of the West’s parent company BNP Paribas is contributing to the Dakota Access Pipeline through loans and lines of credit totaling more than $444 million U.S. dollars, I believe the time to switch has arrived.

NODAPL banks investing in the pipeline

For further information about the graph above, please have a look at Food and Water Watch.

I’ve watched as peaceful protesters have been shot with rubber bullets, sprayed with pepper spray, and attack dogs allowed to bite them. All of this in the name of protecting the investments of corporations for the continued use of fossil fuels and exploitation of the planets resources.

As I have a choice and a voice, Host Pond and I will not be contributing to these things through my action or inaction anymore.

The time has come to put every ounce of our investment into renewable energy and reject with absolute clarity the further development and use of non-renewable energy.

Discontinuing my relationship of 12 years with my bank is not a comfortable or easy change, but it is the right thing to do. I hope that you will join me in migrating your accounts from any of the above listed commercial banks to a community bank or credit union that serves its members.

Sincerely,
Richard Powell
Host Pond Web Hosting

How to Renew your Domain Name

This FAQ will walk you through the process of renewing your domain name for 1 to 5 years. If you wish to renew for more than 5 years (maximum 10 years total), you can do so by following up a 5 year renewal order with another 1 or 2 year renewal order.

STEP ONE

  • Open your web browser and go to the Host Pond website at https://www.hostpond.com/ 
  • Once there, click the “Account Login” tab.

 Splash Screen Account LoginA

STEP TWO

  • Log in using the email address with which you had signed up for Host Pond services–this is the same email address at which you receive your monthly Host Pond invoices.
  • If you do not recall your billing system password, you can use the “Forgot Password?” link at the bottom of the page.

Client Area Login

STEP THREE

  • Click on either the “Domains -> My Domains” menu option, or simply the “Domains” button shown in the example below.

Domains my Domains

STEP FOUR

  • Click either the wrench, or the green “Active” link to the right of any of your domain names. 

Domain List

STEP FIVE

  • Click the “Renew” link in the “Actions” area.

Domain Renewal Click

STEP SIX

Next, choose the number of years that you wish to renew your domain name for. The price of the renewal will display next to the number of years. Once you’ve chose the number of years you’d like to renew, click the “Add to Cart” button to the right of the domain name.

IMPORTANT : A domain name can ONLY be registered for a maximum number of 10 years. What this means is that, unless your domain name is expiring today, you can actually only renew your domain name for 9 more years. Your order will fail if completing it will effectively put the expiration date beyond 10 years from today. 

STEP FOUR  Click either the wrench, or the green "Active" link to the right of any of your domain names.

STEP SEVEN

  • Once all domain names you wish to renew show “Added” to the right, click the “Go to checkout” button at the top right.

Domain Renewal go to Checkout

STEP EIGHT

  • Confirm the total amount due, entering any promotion codes and validating them before continuing. Once the price is as expected, click the green “Checkout” button.

Domain Renewal Checkout

STEP NINE

  • Finally, choose your payment method, entering the security code on the back of your credit card if its a card that is on file with us.
  • Click the “Complete Order” button.

 

Domain Renewal Complete Order

 

That’s it. All done!

How to restore your WordPress installation from a backup

If you’ve created a backup of your WordPress installation that you’d like to restore to, but are unsure how to go about doing so, we’ve got you covered with these instructions.

 

STEP ONE

  • Open your web browser and go to the Host Pond website at https://www.hostpond.com/ 
  • Once there, click on the “Account Login” tab.

 

 

STEP TWO

  • Log in using the email address with which you’d signed up for Host Pond services–this is the same email address at which you receive your monthly Host Pond invoices.
  • If you do not recall your billing system password, you can use the “Request a Password Reset” link at the bottom of the page.

 

 

STEP THREE

  • Click on “Services” from the main navigation menu, then select “My Services.”
  • Click on the “Active” button next to the hosting package you’d like to access.

 

 

STEP FOUR

  • Click the “Login to cPanel” link.

 

 

STEP FIVE

  • Scroll down until you find the “Software/Services” section and then click on the “Installatron” icon.

 

 

STEP SIX

  • Scroll down to the Content Management section and click on the “WordPress” icon.

 

 

STEP SEVEN

  • Click the “My Backups” tab. Here you will see all of the backups you have manually created (note: there are, by default, no automatic backups, you will have to have manually created a backup for it to appear).
  • Click the check box next to the backup from which you’d like to restore.
  • Click the “Restore” icon.

 

 

STEP EIGHT

  • There will be two “Continue” buttons–be sure to click the one in the “Restore to original location” section.

 

 

STEP NINE

  • A new page will load displaying all of the files that will be overwritten. Scroll down to the bottom of the page to click on the “Restore” button.

 

 

A progress bar will show the progress of the backup occurring, and once it has reached 100% your WordPress installation will be restored to that backup’s version.

How to install WordPress with Installatron

If you’ve purchased hosting with us and would like to set up WordPress on your domain, this tutorial is here to help!

 

STEP ONE

  • Open your web browser and go to the Host Pond website at https://www.hostpond.com/ 
  • Once there, click on “Account Login” tab.

 

 

STEP TWO

  • Log in using the email address with which you’d signed up for Host Pond servies–ttis is the same email address at which you receive your monthly Host Pond invoices.
  • If you do not recall your billing system password, you can use the “Request a Password Reset” link at the bottom of the page.

 

 

STEP THREE

  • Click on “Services” from the main navigation menu, then select “My Services.”
  • Click on the “Active” button next to the hosting package you’d like to access.

 

 

STEP FOUR

  • Click the “Login to cPanel” link.

 

 

STEP FIVE

  • Scroll down until you find the “Software/Services” section and then click on the “Installatron” icon.

 

 

STEP SIX

  • NOTE: If you have already previously installed WordPress to a domain, you will likely see another screen that is a list of any of your installations–you will want to click on the “Applications Browser” tab near the top of that screen.
  • Scroll down to the Content Management section and click on the “WordPress” icon.

 

 

 STEP SEVEN

  • Click the “install this application” button.

 

 

STEP EIGHT

  • In the “Domain” drop-down list, select the domain name on which you would like to install WordPress; if you have only one domain name through us, it will default to that domain name.

 

 

STEP NINE

  • Scroll down to the “Settings” section. The app will auto-generate an Administrator Username and Password but if you’d like to change those fields (or any of the fields in the “Settings” section you can feel free to do so.
  • We also recommend that you change the default options in two sections. With “Two-Factor Authentication”, we recommend you set that to “Do not enable two-factor authentication” as it requires a slightly complicated set up of an app on your smartphone. And we also recommend that you change the “Limit Login Attempts” option to “No, do not limit failed login attempts” as we recommend a more aggressive plugin called WordFence for that purpose.

 

 

STEP TEN

  • Finally, click on the “+Install” button and then you’re done!

 

 

Now that WordPress is installed, you can go to your website and see the default WordPress install.  If you want to manage the WordPress installation and add content, just add “/wp-admin” onto the end of your domain name and login using the username and password that you’ve used.  Example (http://YourSite.com/wp-admin/).

 

How to park a domain, pointing it to your primary domain name

If you have a site hosted by Host Pond and have an additional domain that you’d like parked to that site, follow these instructions below.

 

STEP ONE

  • Open your web browser and go to the Host Pond website at https://www.hostpond.com/
  • Once there, click on “Account Login” tab.

 

 

STEP TWO

  • Log in using the email address with which you had signed up for Host Pond services–this is the same email address at which you receive your monthly Host Pond invoices.
  • If you do not recall your billing system password, you can use the “Request a Password Reset” link at the bottom of the page.

 

 

STEP THREE

  • Click on your hosting package.

 

 

STEP FOUR

  • Click the “Login to cPanel” link.

 

 

STEP FIVE

  • Scroll down until you find the “Domains” section and then click the icon for “Parked Domains”.

parked domains

 

 

STEP SIX

  • In the “Create a New Parked Domain” field, type the domain that you’d like to be redirected.
  • Click the “Add Domain” button.

parked domains2

 

You’re all done! Your additional domain should now go to your primary website.

 

Note: If you’ve reached this page using the DNS Record Management FAQ Wizard, you may close this browser tab or window now.

DNS Record Management FAQ Wizard

For most Host Pond customers you should not ever have to do anything with your DNS records.  DNS record management is handled automatically when you sign up for a website, or when you create an addon or parked (second or third or more) domain name.  However, there are situations where people need to manage their DNS records manually.  This wizard is an attempt to get you to the correct FAQ or article so that you can achieve your goal.

Securing your WordPress website with Host Pond

If you’ve received an email directing you to this page, then it is probably because your WordPress website is out of date and posing a security risk.  We have likely implored you to update your website as quickly as possible to avoid being hacked.  The steps on this page can be followed to update your website, and safely revert back your update if your website breaks.

Please note that we will perform the following steps for you for a fee of $49.95.  If we perform these steps for you, it does not guarantee your website will be successfully upgraded.  It only guarantees that we will revert back to your old outdated website if the upgrade fails.  Also, it will still be your responsibility to follow STEP THREE (Verify) below.  We can’t possibly know the expected inner workings of all the possible scenarios. If the upgrade fails, then more in depth steps may be necessary to bring your website up to date.  As part of of performing this upgrade attempt for you, will take some steps to give you an idea of what an upgrade might take, or if there are alternative approaches to make things work if the upgrade initially fails.

 

STEP ONE (Backup)

The biggest risk with updating WordPress, or associated Plugins and Themes when it hasn’t been done in a while, is that such an upgrade could break your website.  This is typically the result of poorly maintained plugins or themes.  But also, possibly because of waiting so long has caused the core of WordPress to change so drastically, that there is no simple/automated approach to updating a plugin or theme.  So, step one is to ensure that you have a current backup of your WordPress website.  Please follow the link below to make a backup of your WordPress website.

https://www.hostpond.com/how-do-i-backup-my-wordpress-installation-using-installatron/

 

STEP TWO (Upgrade your plugins, themes, and WordPress)

The following FAQ walks you through the detailed steps to upgrade your plugins.  Please be sure to also update your Themes, and the WordPress core, which are just footnotes at the bottom of this FAQ.

https://www.hostpond.com/frequently-asked-questions-faq/how-to-update-your-plugins-theme-or-wordpress-version/

 

STEP THREE (Verify)

Verify that your website is functioning after upgrading is complete.  If you have an eCommerce solution, test purchasing a product from start to finish.  If you have a gallery or slideshow, verify that the slideshow continues to work.  Make sure your banner and menus are all in working order.  And finally, if you have any specialty plugins in place, make sure that they are functioning by walking through them step-by-step.  The reason you’re being asked to perform this upgrade yourself is likely because we are not familiar with the plugins you have installed on your website.  We can’t possibly know the inner workings of every plugin or theme that exists.  So it is up to you or your webmaster to verify that your website is working.

 

STEP FOUR (Optional upon upgrade failure)

If you upgrade fails in a minor way, you may wish to contact us at 877-467-8503 or by emailing details@hostpond.com.  There are sometimes small problems that may crop up during an upgrade that can be fixed with minimal effort.  Please note that we will charge our development rate of $65/hour billed in 15 minutes increments to provide this kind of assistance.  We can at least give you an opinion, without charging you, whether it looks like a simple fix or not.

 

STEP FIVE (Optional upon upgrade failure)

If the upgrades fail and your website is broken, you’ll need to restore back to the previous version before you performed the upgrade.  Please follow the link below for detailed steps for restore your website using the backup you created in STEP ONE.

https://www.hostpond.com/frequently-asked-questions-faq/how-do-i-restore-my-wordpress-installation-from-a-backup/

 

Upon Successful Upgrade

So, you’ve successfully upgraded your website following these steps?  Congratulations!

But your work is not yet done.  Please take a few additional steps to ensure that your website continues to stay up-to-date and is kept as secure as possible.

 

POST UPGRADE STEP A (Install Wordfence)

Please login to your WordPress and mouse over the “Plugins” menu and chose “Add New” from the sub-menu.  In the “Search Plugins” input box, type in “wordfence”, without the quotes and press enter.  Then, click the “Install Now” button for “Wordfence Security”.

Once you’ve installed WordFence, please perform the following steps.

  • go to the menu “Wordfence -> Options” at the bottom of the new menu within WordPress.  Please UNCHECK the box for “Enable automatic scheduled scans”.  This is a resource intensive check that will slow down your website, and it is unnecessary
  • Next, check the “Update Wordfence automatically when a new version is released?”
  • Enter your email address in the input box next to “Where to email alerts”
  • Scroll down below the “Save Changes” and uncheck “Alert when an IP address is blocked”, and also uncheck “Alert when someone is locked out from login”
  • Click “Save Changes” either by scrolling up or down

 

POST UPGRADE STEP B (Install WPS Hide Login)

Please login to your WordPress and mouse over the “Plugins” menu and chose “Add New” from the sub-menu. In the “Search Plugins” input box, type in “WPS Hide Login”, without the quotes and press enter. Then, click the “Install Now” button for “WPS Hide Login”.  Once installed, go to the menu “Settings -> General” area and scroll to the very bottom.  In the input box for “Login url” replace “login” with something else that you will remember.  This is the new location you’ll go to login to WordPress instead of going to “/wp-admin”.  Doing this will stop the brute-force username & password guessing of 90% of the hackers out there.

 

POST UPGRADE STEP C (Remove Unused Plugins and Themes)

If you’re familiar with your WordPress install and the plugins that you’re actively using, it is highly recommended that go through and disable and remove ANY plugins or themes that you’re not actively using. Having plugins or themes on your website that are unnecessary degrades the performance of your website and poses an unnecessary security risk.  The only reason to ever have unused plugins or themes on your website is when you’re testing out new features.  Once you’re finished testing or trying them out, remove them immediately.

 

POST UPGRADE STEP D (Inquire about automated updates)

If you wish to keep your website updated on your own, and you’ve properly entered your email address into the Wordfence options box, you’ll start receiving emails any time there is a WordPress, plugin, or theme update available for your website.  You’ll just need to login and follow upgrade steps listed in STEP TWO of this page.

However, if you wish to have Host Pond perform these upgrades for you, you probably received an email with the details of what this will cost, considering the plugins you had installed at the time you were directed to this page.  If you were able to remove any of the unqualified plugins, this will of course reduce the price of this service we offer.  Please feel free to reach out to us by sending an email to details@hostpond.com to see how much it would cost for us to perform these updates for you.

 

How do I import a WordPress installation into Installatron?

If you have a WordPress site that has not been installed with Installatron and would like to upload it to your domain using Installatron regardless, we have you covered with these following steps!

 

STEP ONE

  • Open your web browser and go to the Host Pond website at https://www.hostpond.com/ 
  • Once there, click on “Account Login” tab.

 

 

STEP TWO

  • Log in using the email address with which you’d signed up for Host Pond services–this is the same email address at which you receive your monthly Host Pond invoices.
  • If you do not recall your billing system password, you can use the “Request a Password Reset” or “Forgot Password” link at the bottom of the page.

 

 

STEP THREE

  • Click on “Services” from the main navigation menu, then select “My Services.”
  • Click on the “Active” button next to the hosting package you’d like to access.

 

 

STEP FOUR

  • Click the “Login to cPanel” link.

 

 

STEP FIVE

  • Scroll down until you find the “Software/Services” section and then click on the “Installatron” icon.

 

 

STEP SIX

  • NOTE: If you have already previously installed WordPress to a domain, you will likely see another screen that is a list of any of your installations–you will want to click on the “Applications Browser” tab near the top of that screen.
  • Scroll down to the Content Management section and click on the “WordPress” icon.

 

 

 STEP SEVEN

  • Click the arrow next to the “+install this application” button, and then select “import existing install.

 

 

STEP EIGHT

  • Click the “Continue” button in the “From this account” section.

 

 

STEP NINE

  • Select the domain (if you have multiple domains) from the dropdown on which you’d like to import the WordPress site.
  • Click the “+Import” button.