Category: Misc Host Pond

How to force SSL redirection within the .htaccess file

This FAQ will walk you through how to force visitors of your website to an SSL/encrypted connection of httpS instead of http without the S.

CAUTION 1 : Be sure to backup your website before making changes to your .htaccess file.  Please know that making a mistake in the .htaccess file can completely break your website.

CAUTION 2 : If you have a WordPress website, it is important to first modify your WordPress settings to point to the SSL/httpS connection. Otherwise you may cause an infinite loop of bouncing back and forth between secure and non-secure and the page will fail to load.

Now, to modify your .htaccess file to force redirection to SSL.

First, get yourself logged in to cPanel by following these instructions.

Once logged in to cPanel, click on the File Manager icon under the Files section.

File Manager

You may be prompted to choose the website that you’re going to be working with.  Be certain to choose the correct website, and also be sure to check the box that says “Show Hidden Files (dosfiles)”. Then click the Go button.

Host Pond Web Hosting show hidden files

Please note that if you’re not presented with the above opportunity to show the hidden files, you may need to click the “Settings” link in the upper right hand corner to locate the checkbox for showing hidden files.  See the 4 steps below to show the hidden files, and then to select the public_html as the current folder.

File Manage Show Hidden Files

Next, locate and select the .htaccess file in the document root, and then click the Code Editor icon in the toolbar. If you do not find the .htaccess file, you may need to click the “New File” icon to create the file. If you do create it, make sure you put it in the correct folder, and make sure you have the DOT before it, as in .htaccess.

Host Pond Web Hosting code editor click

If you receive the following pop-up warning, you can probably just click through by clicking edit. This warning is to remind you about having a good backup before proceeding forward.

Code Editor Backup Warning

Next, you’ll want to insert the three important redirect lines at the top of the file, and then save it.  Here those lines are as text so that you can copy and paste them. MAKE SURE YOU RENAME THE “techdruid.com” part and make sure that it reflects your website name PRECISELY. If you had the WWW. present in your WordPress settings, make sure you have them present here too to avoid any endless redirect loops.

CAUTION 3 : If you have multiple websites hosted under a single account, be sure to read past this next step before saving these changes.  You could end up breaking other websites.  You may need to use more specific/detailed code to avoid redirecting all of the websites.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^techdruid\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://techdruid.com/$1 [R,L]

 

htaccess code editing for redirect to https

That should be it in terms of forcing redirection to the secure URL for your website.

FOLLOWUP TO CAUTION 3 : Please note that if you have multiple websites, you may need to limit the redirection to a single website, or you may need to redirect multiple websites under the same account.  Here is an example of a redirect for the www.pdxwebsite.com, and NO other websites.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.pdxwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.pdxwebsite.com/$1 [R,L]

The above will redirect anyone coming to www.pdxwebsite.com to the secure connection of https://www.pdxwebsite.com.  However, if you have additional websites, such as techdruid.com in my case, or a sub-domain such as demo.pdxwebsite.com, the above redirect would not effect visitors to that secondary website. You would need to add the same lines above a second time, replacing pdxwebsite with techdruid to cause the second website to also redirect properly.  Here is a full example that would redirect two different websites hosted under the same account. Note the exclusion of “www” in the techdruid entries. This is entirely depending on how your websites are configured whether you include that www or not. As I don’t use the www on my techdruid.com website, I have excluded it from the .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.pdxwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.pdxwebsite.com/$1 [R,L]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^techdruid\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://techdruid.com/$1 [R,L]

How to park a domain, pointing it to your primary domain name

If you have a site hosted by Host Pond and have an additional domain that you’d like parked to that site, follow these instructions below.

 

STEP ONE

  • Open your web browser and go to the Host Pond website at https://www.hostpond.com/
  • Once there, click on “Account Login” tab.

 

 

STEP TWO

  • Log in using the email address with which you had signed up for Host Pond services–this is the same email address at which you receive your monthly Host Pond invoices.
  • If you do not recall your billing system password, you can use the “Request a Password Reset” link at the bottom of the page.

 

 

STEP THREE

  • Click on your hosting package.

 

 

STEP FOUR

  • Click the “Login to cPanel” link.

 

 

STEP FIVE

  • Scroll down until you find the “Domains” section and then click the icon for “Parked Domains”.

parked domains

 

 

STEP SIX

  • In the “Create a New Parked Domain” field, type the domain that you’d like to be redirected.
  • Click the “Add Domain” button.

parked domains2

 

You’re all done! Your additional domain should now go to your primary website.

 

Note: If you’ve reached this page using the DNS Record Management FAQ Wizard, you may close this browser tab or window now.

Securing your WordPress website with Host Pond

If you’ve received an email directing you to this page, then it is probably because your WordPress website is out of date and posing a security risk.  We have likely implored you to update your website as quickly as possible to avoid being hacked.  The steps on this page can be followed to update your website, and safely revert back your update if your website breaks.

Please note that we will perform the following steps for you for a fee of $49.95.  If we perform these steps for you, it does not guarantee your website will be successfully upgraded.  It only guarantees that we will revert back to your old outdated website if the upgrade fails.  Also, it will still be your responsibility to follow STEP THREE (Verify) below.  We can’t possibly know the expected inner workings of all the possible scenarios. If the upgrade fails, then more in depth steps may be necessary to bring your website up to date.  As part of of performing this upgrade attempt for you, will take some steps to give you an idea of what an upgrade might take, or if there are alternative approaches to make things work if the upgrade initially fails.

 

STEP ONE (Backup)

The biggest risk with updating WordPress, or associated Plugins and Themes when it hasn’t been done in a while, is that such an upgrade could break your website.  This is typically the result of poorly maintained plugins or themes.  But also, possibly because of waiting so long has caused the core of WordPress to change so drastically, that there is no simple/automated approach to updating a plugin or theme.  So, step one is to ensure that you have a current backup of your WordPress website.  Please follow the link below to make a backup of your WordPress website.

https://www.hostpond.com/how-do-i-backup-my-wordpress-installation-using-installatron/

 

STEP TWO (Upgrade your plugins, themes, and WordPress)

The following FAQ walks you through the detailed steps to upgrade your plugins.  Please be sure to also update your Themes, and the WordPress core, which are just footnotes at the bottom of this FAQ.

https://www.hostpond.com/frequently-asked-questions-faq/how-to-update-your-plugins-theme-or-wordpress-version/

 

STEP THREE (Verify)

Verify that your website is functioning after upgrading is complete.  If you have an eCommerce solution, test purchasing a product from start to finish.  If you have a gallery or slideshow, verify that the slideshow continues to work.  Make sure your banner and menus are all in working order.  And finally, if you have any specialty plugins in place, make sure that they are functioning by walking through them step-by-step.  The reason you’re being asked to perform this upgrade yourself is likely because we are not familiar with the plugins you have installed on your website.  We can’t possibly know the inner workings of every plugin or theme that exists.  So it is up to you or your webmaster to verify that your website is working.

 

STEP FOUR (Optional upon upgrade failure)

If you upgrade fails in a minor way, you may wish to contact us at 877-467-8503 or by emailing details@hostpond.com.  There are sometimes small problems that may crop up during an upgrade that can be fixed with minimal effort.  Please note that we will charge our development rate of $65/hour billed in 15 minutes increments to provide this kind of assistance.  We can at least give you an opinion, without charging you, whether it looks like a simple fix or not.

 

STEP FIVE (Optional upon upgrade failure)

If the upgrades fail and your website is broken, you’ll need to restore back to the previous version before you performed the upgrade.  Please follow the link below for detailed steps for restore your website using the backup you created in STEP ONE.

https://www.hostpond.com/frequently-asked-questions-faq/how-do-i-restore-my-wordpress-installation-from-a-backup/

 

Upon Successful Upgrade

So, you’ve successfully upgraded your website following these steps?  Congratulations!

But your work is not yet done.  Please take a few additional steps to ensure that your website continues to stay up-to-date and is kept as secure as possible.

 

POST UPGRADE STEP A (Install Wordfence)

Please login to your WordPress and mouse over the “Plugins” menu and chose “Add New” from the sub-menu.  In the “Search Plugins” input box, type in “wordfence”, without the quotes and press enter.  Then, click the “Install Now” button for “Wordfence Security”.

Once you’ve installed WordFence, please perform the following steps.

  • go to the menu “Wordfence -> Options” at the bottom of the new menu within WordPress.  Please UNCHECK the box for “Enable automatic scheduled scans”.  This is a resource intensive check that will slow down your website, and it is unnecessary
  • Next, check the “Update Wordfence automatically when a new version is released?”
  • Enter your email address in the input box next to “Where to email alerts”
  • Scroll down below the “Save Changes” and uncheck “Alert when an IP address is blocked”, and also uncheck “Alert when someone is locked out from login”
  • Click “Save Changes” either by scrolling up or down

 

POST UPGRADE STEP B (Install WPS Hide Login)

Please login to your WordPress and mouse over the “Plugins” menu and chose “Add New” from the sub-menu. In the “Search Plugins” input box, type in “WPS Hide Login”, without the quotes and press enter. Then, click the “Install Now” button for “WPS Hide Login”.  Once installed, go to the menu “Settings -> General” area and scroll to the very bottom.  In the input box for “Login url” replace “login” with something else that you will remember.  This is the new location you’ll go to login to WordPress instead of going to “/wp-admin”.  Doing this will stop the brute-force username & password guessing of 90% of the hackers out there.

 

POST UPGRADE STEP C (Remove Unused Plugins and Themes)

If you’re familiar with your WordPress install and the plugins that you’re actively using, it is highly recommended that go through and disable and remove ANY plugins or themes that you’re not actively using. Having plugins or themes on your website that are unnecessary degrades the performance of your website and poses an unnecessary security risk.  The only reason to ever have unused plugins or themes on your website is when you’re testing out new features.  Once you’re finished testing or trying them out, remove them immediately.

 

POST UPGRADE STEP D (Inquire about automated updates)

If you wish to keep your website updated on your own, and you’ve properly entered your email address into the Wordfence options box, you’ll start receiving emails any time there is a WordPress, plugin, or theme update available for your website.  You’ll just need to login and follow upgrade steps listed in STEP TWO of this page.

However, if you wish to have Host Pond perform these upgrades for you, you probably received an email with the details of what this will cost, considering the plugins you had installed at the time you were directed to this page.  If you were able to remove any of the unqualified plugins, this will of course reduce the price of this service we offer.  Please feel free to reach out to us by sending an email to details@hostpond.com to see how much it would cost for us to perform these updates for you.