Standing behind our Liquid Web Cloud Sites product, are server racks full of both powerful and stable Linux and Windows servers which power well over 100,000 sites and applications. Every Windows-based package is served from these clusters that are built and optimized especially for Windows. All Linux-based packages are also served from these same brawny server clusters created and specifically optimized for Linux. We use advanced load balancing technologies to automatically detect the type of technology you are running and route each request to the proper pool of servers.
Continue reading “Choosing Your Cloud Sites Technology Setup”Category: Featured Articles
The Featured Articles category outlines information regarding the top knowledgebase articles which showcase the most requested information our clients are looking for.
How to Install Pip on Ubuntu 16.04 LTS
Installing WordPress using WP-CLI
WordPress has a great GUI-based installation process however some use cases call for CLI! Or, maybe you just feel more at home in a terminal, either way this article will show you how to get your WordPress site setup with just a terminal, using WP-CLI, and maybe a sprinkle of SSH.
In order to be able to install WordPress manually using WP-CLI you will first need to create a new database for the WordPress install. You will need to know how to find your SSH credentials as well as being used to using Terminal or Putty and WP-CLI.
Continue reading “Installing WordPress using WP-CLI”Top 15 Server Security Practices for 2020
In this article, we will denote the security best practices for 2020 and beyond. Because security is such a challenging subject for many, it often goes unheeded, and as such, many are caught unaware when an issue arises. By following these best practices, you can significantly lower your risk of being compromised by a malicious actor.
Continue reading “Top 15 Server Security Practices for 2020”Top Ten 2019 Password Security Standards

Here are the top ten password security standards and specification for 2019. Use these tips to increase your overall security and remember, your server is only as secure as your weakest password or point of authentication.
Follow these top 10 best practices for 2019 to better protect all of your information.
Continue reading “Top Ten 2019 Password Security Standards”The Best Settings for Configuring FastCGI
How to Install Mod Fcgid on cPanel’s EasyApache 4 with CloudLinux
- CloudLinux 6x/7x
Expectations: Downtime & Performance
Downtime – Please plan ahead as this operation may cause downtime. While installing an Apache module and enabling a baseline configuration should only require an Apache restart, there may be unforeseen circumstances that require troubleshooting. This can lead to sites becoming unresponsive and/or slow.Installation of mod_fcgid
The following steps should be followed as close to the examples as possible. Things will vary slightly depending on CentOS/CloudLinux versions, and a few other factors. The article will denote the differences where they are expected.Step 1: Liquid Web Servers Only – Disable Mod_Zeus & Other EA3 Modules
Older Liquid Web cPanel servers with EasyApache 3 who upgraded to EA4 may find residual configs on the system that can cause conflicts in the Apache configuration. This step will help make sure these older configs are disabled. The following sed one-liner will take care of disabling the inclusion line for these modules. These modules are stored in the /usr/local/lp/configs/httpd/conf.d/ directory. This directory is typically mentioned in the /etc/apache2/conf.d/includes/post_virtualhost_global.conf config file. The sed code looks for and comments out the specific include statement for this file.sed -i -e 's/[^#]+\(Include [/]usr[/]local[/]lp[/]configs[/]httpd[/]\)/#\1/g' /etc/apache2/conf.d/includes/post_virtualhost_global.conf
To confirm the change, print the contents of the post_virtualhost_global.conf file using cat:
cat /etc/apache2/conf.d/includes/post_virtualhost_global.conf
The output should be blank or have a commented out inclusion line like below:
#Include /usr/local/lp/configs/httpd/conf.d/*.conf
Step 2: Disable Litespeed
FCGI is not compatible with Litespeed, which uses its mod_lsapi module to process PHP using lsphp. Disabling Litespeed in this way does not remove it from the server; it merely enables Apache as the default web server./usr/local/lsws/admin/misc/cp_switch_ws.sh apache
Step 3: Install mod_fcgid
The following yum command will install the necessary module:yum install ea-apache24-mod_fcgid -y
Once completed, confirm Apache has the fcgid_module loaded:
httpd -M | grep 'expires\|version\|fcgid'
Example output:
fcgid_module (shared)
Step 4: CloudLinux Only – Configure CageFS Map for FCGI
The following snippet will create the necessary directories needed by mod_fcgid to execute correctly. It will then add those directory entries into the /etc/cagefs/cagefs.mp file, allowing user-level access to said directories from within their caged environment. Finally, it forces cagefs to remount all user directories for access to the new directory on all sites.mkdir -p /var/run/mod_fcgid /usr/share/cagefs-skeleton/var/run/mod_fcgid /run/mod_fcgid
cp -p /etc/cagefs/cagefs.mp{,.lwbak.$(date +%F_%H%M%S)}
cat <<EOF>>/etc/cagefs/cagefs.mp
/var/run/mod_fcgid
/run/mod_fcgid
/usr/local/cpanel/cgi-sys/
EOF
cagefsctl -M
Step 5: [OPTIONAL] Remove Unnecessary Writable Permission
Due to security restrictions, any website files or directories with group-writable or other-writable permissions will be denied and a 500 Internal Server Error will be displayed. The following awk one-liner uses the find command to search all DocumentRoot directories configured on the server. It is advised to run this process in a screen session as it may take an hour or more depending on the size of the file system in question. The code takes care to use nice and ionice commands to run the process as a low priority so there will be minimal impact on server load or disk I/O. All changed files and their previous permissions are recorded in the /var/log/fixperms.log file.Step 5a: Create & Attach to a Screen Session
screen -dmS fixperms; screen -x fixperms
Step 5b: Run the One-Liner
nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) {x="find \""e"\" \\( -type f -or -type d \\) -and -perm /g+w,o+w -printf \"%M %y %m %p\\n\" -exec chmod g-w,o-w {} +"; while(x|getline) {print $0;print strftime("%F %T %Z"),$0 >> "/var/log/fixperms.log"} close(x)}}' /etc/apache2/conf/httpd.conf
Exit screen by holding CTRL/CMD then pressing A, then D.
Step 6: [OPTIONAL] Disable mod_php Directives in .htaccess Files
Another common precaution to take when switching to FCGI is that any existing mod_php related directives inside any .htaccess file are not compatible with mod_fcgid and will cause the site to throw a 500 Internal Server Error. So, these entries need to be located and disabled or removed. The following awk one-liner checks all configured DocumentRoot directories for .htaccess files, and if they contain a php_value or php_admin_value entry, it will disable by commenting the line out. First, an in-place backup is created of the original file. The backup is named .htaccess.bak.YYYY-MM-DD_HHMMSS. All changed files and their previous permissions are logged in the /var/log/fixhtaccess.log file.Step 6a: Create & Attach to a Screen Session
screen -dmS fixhtaccess; screen -x fixhtaccess
Step 6b: Run the One-Liner
nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) { x="find "e" -name .htaccess -exec grep -iEl \"^([^#]*php_(admin_)?value)\" {} +"; s="sed -i.bak.$(date +%F_%H%M%S) \047s/^\\([^#]*php_\\(admin_\\)\\?value\\)/#\\1/gi\047 2>&1";
while(x|getline) {print $0; print s,$0; print strftime("%F %T %Z"),s,$0 >> "/var/log/fixhtaccess.log"; while(s" "$0|getline y) { print y; print strftime("%F %T %Z"),y >> "/var/log/fixhtaccess.log" } close(s" "$0)} close(x)}}' /etc/apache2/conf/httpd.conf
Step 7: Rebuild the Apache Config (Troubleshoot Any Errors)
The following command checks the system httpd.conf file for syntax error and if none are found, runs the cPanel httpd.conf rebuild script. Fix any syntax errors, until a clean rebuild is completed without error.httpd -t && /scripts/rebuildhttpdconf
Step 8: CloudLinux ONLY – Setup PHP Selector
The PHP Selector feature of CloudLinux is only compatible with the inherit PHP versions in the cPanel MultiPHP Manager interface. All sites should be using the inherited version of PHP or PHP Selector will not function for that site. This only applies to CloudLinux servers.Step 8a: Force All Sites to Use Inherited Version of PHP in MultiPHP Selector
The following command uses cPanel’s whmapi1 system to force all sites onto the inherited version of PHP in MultiPHP Manager./usr/sbin/whmapi1 php_get_vhost_versions | awk -F'[: ]+' '$2~/vhost/{x="/usr/sbin/whmapi1 php_set_vhost_versions version=inherit vhost-0="$3;print x;system(x);close(x)}'
Step 8b: Disable MultiPHP Manager & MultiPHP INI Editor
The following uses the cPanel whmapi1 system to add MultiPHP Manager/INI Editor to the disabled features list./usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp=1 multiphp_ini_editor=1 ; /usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp_ini_editor=1
Step 9: Switch All PHP Handlers over to FCGI
The following will convert all installed PHP Handlers to using FCGI. These handlers are viewable through the Handlers tab of WHM’s MultiPHP Manager interface or by running the cPanel rebuild_phpconf script./usr/local/cpanel/bin/rebuild_phpconf --current | awk 'NR>1{x="/usr/local/cpanel/bin/rebuild_phpconf --"$1"=fcgi"; print x; system(x);
close(x)}'
To confirm the changes, run:
/usr/local/cpanel/bin/rebuild_phpconf --current
Example Output:
DEFAULT PHP: ea-php71
ea-php54 SAPI: fcgi
ea-php55 SAPI: fcgi
ea-php56 SAPI: fcgi
ea-php70 SAPI: fcgi
ea-php71 SAPI: fcgi
ea-php72 SAPI: fcgi
Step 10: Perform a Full Stop & Restart of Apache
The following script will stop Apache (gracefully if possible), and kill any unresponsive Apache & PHP processes before starting the Apache service again. It will also verify the Apache configuration syntax and will only perform the restart procedure if the syntax returns ok. This technique is handy as it is common for Apache processes to get stuck from time to time on busy servers. This snippet deals with those scenarios after performing the humane stop request first.httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.
cat <<'EOF'>>~/.bashrc && source ~/.bashrc
alias apache_rescue='httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.'
EOF
What Can Machine Learning Do? [Infographic]
Troubleshooting: Locked Out of RDP
How Do I Get Back Into RDP?
You may be working from a local machine that has an IP that is not scoped on that RDP port, making it impossible for you to gain remote access to add the IP address to the RDP rule’s scope. Do not fret; there is a simple and quick way to add your IP to the RDP scoping (or any other entities such as MySQL or MSSQL) right through your Plesk interface in your local browser. You can watch this video, or scroll down for step-by-step directions.

For security purposes, it is always recommended that you scope off your Remote Desktop Protocol (RDP) connection on your server. Putting a scope on the RDP rule in the Windows Firewall will allow only the indicated IP addresses to gain access to the server through Remote Desktop Protocol. The issue is that many of us do not have static IP addresses, but rather Dynamic IP addresses. This means that while once our IP address may be 120.32.111.01, it may change to something like 95.42.121.01 later. So if you were to add 120.32.111.01 to the RDP firewall for a customer or a system administrator, then you may need to add another rule for a different IP address.
Adding Your IP in Plesk
Step 1: Log in to Plesk
First, we need to make sure we know how to get to that Plesk login page. By default, the Plesk login page is https://<YourServerIP>:8443. For example, https://127.0.0.1:8443
We should arrive at a page with this in the center. Go ahead and type in Admin for the username and your password for Plesk. Usually, that password is set up by our team and is the default Server Administrator Password. Sometimes the username is Administrator, depending on a few variables. But one of the two user names should be fine.

Step 2: Tools & Settings
The first thing we need to do after we log into Plesk through the previous page is to navigate to the Firewall Rules. Go ahead and click on Tools & Settings. It will be located in the right sidebar near the bottom as shown below.

Step 3: Firewall
Once we pull up Tools & Settings go ahead and click on our destination, Firewall. You will find that option under the Security section. It will be the second option, just under Security Policy.

Step 4: Firewall Rules
After we are in the Firewall management, go ahead and click on Firewall Rules. This is where we will add the rule to allow a certain IP address to gain RDP access.

Step 5: Add a Firewall Rule
Under Tools, after going into the Firewall Rules, we will see the option labeled Add Firewall Rule. Go ahead and click on that, bringing us to our next step.

Step 6: Add Detail the New Rule
This is the page that we see after clicking on Add Firewall Rule. It can seem to be complicated and intimidating for some beginner level System Administrators, but it is simple.


If you or your client are not sure what that IP address that needs RDP access is, Liquid Web has a great site to visit that will display your IP address.
Here is an example of what you will find at https://ip.liquidweb.com.
While this particular example IP will not be the one that the customer or the System Administrator will see, (when visited on the local machine) the page will display the IP address that needs to be added to the rule for this RDP session to connect. That will be the only information that will be displayed on this page. Simply copy that IP address and use it in the instructions below.

Once you enter the IP address into the text box under Remote addresses, you do need to click the ADD button before clicking on OK.

As mentioned above, after clicking the ADD button while the IP address is entered into the Add an IP address or a network text box, it will be placed into the left text box. After that step, you will then be able to click OK to apply this rule to the firewall for the server.
Step 7: Connect to RDP
The individual at that IP address can now access the server via RDP. If you would like to review an article explaining how to use Remote Desktop Connection, or if you need further assistance, you can locate more info at our internal help center after logging into your Liquid Web account.

Congratulations! You now know how to add an IP address to an RDP rule that will allow a user to connect if the RDP is scoped off to the public. This can be done many times. Although Plesk does not allow you to edit the rule, you will have to create a new one each time. But this shouldn’t cause any issues. Also, keep in mind that this method can be used for any port, including MySQL and MSSQL.
The Most Helpful Humans In Hosting™
We pride ourselves on being The Most Helpful Humans In Hosting™! Our support staff is always available to assist with any Dedicated, Cloud, or VPS server issues 24 hours a day, 7 days a week 365 days a year.
We are available, via our ticketing systems at support@liquidweb.com, by phone (at 800-580-4986) or via a LiveChat for whatever method you prefer. We work hard for you so you can relax.