Next Level Ops Podcast: Tips for Keeping Your Server Secure with Igor Antipkin

Hello Pleskians! This week we’re back with the fourth episode of the Official Plesk Podcast: Next Level Ops. In this installment, Superhost Joe speaks to Igor Antipkin, Plesk’s Security Warlock. Igor shares his philosophy on the multifaceted role security plays in projects. And sheds light on how users can reduce security risks.

In This Episode: Threat Modelling, Thinking About Risks and How to Not Become a Security Engineer

In This Episode: Threat Modelling, Thinking About Risks and How to Not Become a Security Engineer - Next Level Ops Podcast: Tips for Keeping Your Server Secure with Igor Antipkin - Plesk

What are some of the common security issues that end users encounter? How can users protect their servers against security vulnerabilities? According to Igor, there are no easy steps when it comes to server security. Instead, users can follow some general recommendations to identify and deal with risks. 

“Security is a process,” says Igor, “It’s an approach that should be taken into account when you work on a project.” The first step is to identify potential security risks in the design phase of the project. Think, think and think some more. What kind of risks can you encounter? What should you best protect yourself from? “Just don’t think so much, otherwise you face the risk of becoming a security engineer,” says Igor. 

Thank you Igor, we’ll make sure our listeners heed this piece of advice!

“Security is a process. It’s an approach that should be taken into account when you work on a project.”

Igor Antipkin

Key Takeaways

  • Use threat modeling to identify potential security risks. Consider possible security risks in the project design phase. The kinds of threats and risks you might have – list them, write them down (and hopefully don’t leave your notebook lying around). One advantage of using this approach is minimizing the likelihood of security breaches. And it reduces rework in the later stages of your project.
  • Educate your users about security risks. End users today should care more about security. Outdated software is the most common problem in this scenario. It’s important to keep your software up to date. And making sure that you install all the latest updates.
  • Use the principle of least privileges. Limit user permissions based on individual roles to give access where it’s needed. This limits the amount of damage any single individual can do to a website or server.
  • Be informed about the software you use. Inform yourself about software security as much as you can. Stay involved in the community to stay up to date about potential issues.

…Alright Pleskians, it’s time to hit the play button if you want to hear the rest. If you’re interested in Plesk extensions, check out our previous episode. If you want to check out some tools to spruce up your security, take a look at this guide. We’ll be back soon with the next installment.

The Official Plesk Podcast: Next Level Ops Featuring

Joe Casabona

Joe is a college-accredited course developer. He is the founder of Creator Courses.

Igor Antipkin

Igor is a Security Engineer at Plesk.

As always, remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!

Enabling WordPress GZIP Compression

WordPress GZIP compression

As Google becomes more and more focused on improving the user’s experience of websites, web developers are paying attention. They know that user experience is boosted by fast loading times and good page speeds. These factors became significant search ranking factors during the summer of 2018, which is way back in the murky mists of time now. If you didn’t know that, then chances are you’ll be getting poor SERPs results, so time to get up to speed with it! With this in mind, we’re going to look at one of the quickest and simplest methods of improving the performance of your site – GZIP compression.

WordPress GZIP Compression – What is it?

GZIP is the name of a piece of software used for GZIP compression and decompression is, and it’s also the name of the file format that the program uses. It was invented by Mark Adler and Jean-loup Gailly, who made it available for free. They wanted it to replace the compression program that was in use in early Unix systems.

As is the case with WordPress core software, GZIP was intended to be used by GNU, which is free open-source software. It actually lent the “G” from its name to GZIP.

WordPress GZIP compression reduces the size of all the files that your website uses, including the ones under the hood like CSS, JavaScript and HTML. It isn’t perfect though. GZIP compression struggles to work with images and it doesn’t always get things right when it’s working with media files.

For instance, it can handle audio files like MPEGs and WAVs but ask it to crunch an MP3 file down to size and it may actually do the opposite and make the file bigger.

If you want zip compression to work on your Web server then you need to enable both folder compression and file compression. Web servers that have GZIP enabled will return the content-encoding: GZIP header in their response.

Every modern web browser supports GZIP compression and it will automatically ask for this when making HTTP requests. It’s good to know that all of your users will benefit from GZIP compressions using WordPress GZIP compression once you’ve got it up and running.

Why GZIP Compression Matters

Apart from the implications for search, a website that doesn’t use GZIP compression and loads slowly will harm the experience of your users, which may put them off from buying from you.

Surveys have suggested that around 47% of website users expect a page to load in no more than two seconds. Up to 79% of customers are a lot less likely to purchase from your website if they aren’t happy with the user experience it provides, so if you’re somebody who is running an e-commerce website, this could prove to be very detrimental to your business.

Things like render-blocking JavaScript files or JavaScript W3 can take up an awful lot of server space. That’s why it’s always wise to make sure that your JavaScript files are as compressed as they can be. Even if you haven’t noticed the way that these large files are affecting page load times, it’s something to consider. In fact, it’s something that you should actively look for, and you can do that using various tools to diagnose page loading time problems:

  • Pingdom
  • Google Pagespeed Insights (it’s worth listening when the advice comes straight from the horse’s mouth!)
  • GTMetrix

So what is compression and how does it work? Put simply, it’s a handy way of removing all of the unnecessary stuff in a group of files so that they take up less space but don’t lose any of their original information.

GZIP is great at doing this for WordPress websites and by doing so it can really help to improve your website’s performance, particularly when it comes to page load times.

How Does WordPress GZIP Compression Work?

A few of the most important computer languages – HTML, CSS, and JavaScript – do all the work behind-the-scenes for most modern websites. But if you look at them in their simplest form, they are still pretty much just a bunch of text files.

When users visit your website, their web browsers download these files and use the information they contain to start rendering the page, reassembling it per the code that the files contain. This means that the information is then turned into something readable that the average person can understand, which is exactly what you want!

But browsers are people, so they don’t need all the extra formatting and white space that makes text easier to read for humans. As long as the browser can understand the content of the code it doesn’t matter what it looks like, even if it’s just one long ugly piece of text.

The general idea is that WordPress GZIP compression gets rid of all the formatting that makes it easier for humans to read. This obviously reduces the size of the file while preserving the information.

GZIP Test For Checking if Zip Compression Has Been Enabled in WordPress

If you have the kind of web host who will have already enabled GZIP compression for you during setup, then you’re in good shape, but if you’re not sure then it’s fairly easy to check GZIP compression status using online tools like GiftOfSpeed GZIP Test.

The ways you can check for GZIP compression are usually fairly similar irrespective of which GZIP test tool you pick. You just need to provide the URL for your website, then start the search.
The tool will then either confirm that GZIP compression is enabled on your website and that you have saved ‘X’ amount of space, or it’ll tell you that it’s disabled at the moment.

If you want to find out whether your browser received the content-encoding: GZIP header in the response from the webserver, just do this:
In Chrome, look under Developer Tools > Network, then click on the name of the homepage. Some information will appear, scroll down through this until you find the section marked Response Headers.

How to Enable WordPress GZIP Compression

You actually need to enable WordPress GZIP compression on the server-side rather than the WordPress side. When you buy hosting from popular hosting companies, you’ll find that in their standard hosting packages they’ve already got this enabled. With some other web-hosting providers, you’ll need to do this yourself.

If you discover that WordPress GZIP compression isn’t enabled yet, you can use one of a few different methods to begin. We are going to go through a few ways of enabling GZIP compression in WordPress that should suit you whether you’re a beginner or a highly experienced web developer.

Enable WordPress GZIP Compression under Apache

You can switch on GZIP compression for your WordPress website by making changes to your .htaccess file ( which is part of Apache infrastructure ).  A lot of people take this approach, but unfortunately doing it this way means that there is a chance that something might get broken! It’s hardly surprising because messing with a sensitive server file like .htaccess means that one little mistake can have big consequences that crash your website.

To lower your chances of messing up your WordPress website, do the sensible thing and backup your original file before you change anything, not only that but backup your WordPress website too! Once you’re completely sure that you can recover from a catastrophic failure if you need to, it’s time to get things underway.

The .htaccess file is usually hidden on both the remote server as well as your computer, you should be able to find it in your website’s root folder.

The ideal method is to access the file using FTP, and we could also use another admin interface or Plesk.

To enable WordPress GZIP compression in your FTP client, you’ll need to make hidden files visible.

Once you find your .htaccess file, you can make changes, but first it might be better to download it to your own computer and make them there. The file is most likely going to be hidden on your machine so you need to instruct it to show hidden files.

 

Compress JavaScript, Text, HTML, CSS, XML and fonts

AddOutputFilterByType DEFLATE application/javascript

AddOutputFilterByType DEFLATE application/rss+xml

AddOutputFilterByType DEFLATE application/vnd.ms-fontobject

AddOutputFilterByType DEFLATE application/x-font

AddOutputFilterByType DEFLATE application/x-font-opentype

AddOutputFilterByType DEFLATE application/x-font-otf

AddOutputFilterByType DEFLATE application/x-font-truetype

AddOutputFilterByType DEFLATE application/x-font-ttf

AddOutputFilterByType DEFLATE application/x-javascript

AddOutputFilterByType DEFLATE application/xhtml+xml

AddOutputFilterByType DEFLATE application/xml

AddOutputFilterByType DEFLATE font/opentype

AddOutputFilterByType DEFLATE font/otf

AddOutputFilterByType DEFLATE font/ttf

AddOutputFilterByType DEFLATE image/svg+xml

AddOutputFilterByType DEFLATE image/x-icon

AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE text/html

AddOutputFilterByType DEFLATE text/javascript

AddOutputFilterByType DEFLATE text/plain

AddOutputFilterByType DEFLATE text/xml

 

Remove browser bugs (only needed for really old browsers)

BrowserMatch ^Mozilla/4 gzip-only-text/html

BrowserMatch ^Mozilla/4\.0[678] no-gzip

BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

Header append Vary User-Agent

Save the file, using it to overwrite your original .htaccess file. Check your website with a GZIP compression checker tool (or verify the response headers) to check if it worked.

Enable GZIP Compression on NGINX

Although the majority of most shared hosting plans use Apache web servers, you could be using something else, like NGINX.

To enable GZIP compression for NGINX web servers you have to go about it differently. If you’re running on NGINX, you can enable GZIP compression in WordPress by finding your nginx.conf file and adding this code:

gzip on;

gzip_disable "MSIE [1-6]\.(?!.*SV1)";

gzip_vary on;

gzip_types text/plain text/css text/javascript image/svg+xml image/x-icon application/javascript application/x-javascript;

 

Contact Your Web Host to Enable GZIP Compression

If you’re not comfortable making changes to your website files, it’ll be easier to ask your web host to enable WordPress GZIP compression for you.

A lot of web hosts, including GoDaddy, Kinsta, and Siteground enable WordPress GZIP compression automatically because it improves performance so much, while others will give you the instructions and let you set up WordPress GZIP compression yourself.

If you don’t have GZIP compression enabled by default and you’re not sure how to change that, then don’t be afraid to talk to your web host. Most of them will usually be perfectly happy to help you.

A Plugin to Enable WordPress GZIP Compression

WordPress GZIP Compression can be set up using a plug-in, but while that may be easier it could also expose you to additional security issues and take up more disk space on your server. But if you do choose to go down this route then here are some plug-ins that can help you enable WordPress GZIP compression.

Lots of the tools that let you enable GZIP compression on your WordPress site are caching suites which are there to help you set up your website for best performance. Compressing HTML, JavaScript and CSS files is certain to improve it.

But Enable GZIP Compression was designed for only one purpose, enabling and disabling GZIP compression for your WordPress site when it’s on an Apache webserver.

WP ROCKET

WP Rocket is a caching plugin, and in just a few clicks it can help WordPress sites load faster. Once you’ve activated it, WP Rocket adds GZIP compression rules in the .htaccess file using the mod_deflate module.

W3 TOTAL CACHE

W3 Total Cache is among the best WordPress caching plugins, but it isn’t for beginners and it may break your website if you don’t know how to use it correctly. But if you are comfortable then it can be useful for helping you to enable HTTP compression. Just go to the browser cache, and then check the box for HTTP compression.

WP SUPER CACHE

WP Super Cache is another WordPress cache plugin that lets you compress code.

To enable WordPress GZIP compression with WP Super Cache, go to the WordPress dashboard > WP Super Cache > Advanced > and check the box for Compress pages. This will ensure that they’re served to visitors more quickly.

Conclusion

There are lots of ways to improve your WordPress site’s speed and page load times, but GZIP compression is one of the easiest ways to do it.

It’s not difficult to check whether you have WordPress GZIP compression enabled, and it’s well worth doing. Giving this a little of your time will pay you back tenfold in terms of avoiding lost revenue from potential customers who got put off by your slow page load times.

When you’ve finished with implementing WordPress GZIP compression, that isn’t the end of the story. You can still improve your page speed further by getting into things like image optimization plug-ins or using a CDN. There’s lots to learn but thankfully it’s pretty much all available for free.

How Your Feedback Can Improve Plesk Products

How Your Feedback Can Improve Plesk Products - Plesk

At Plesk, we value input from our community the most. Because user feedback allows us to grow our product since our first release 20 years ago.

In other words, we’re data-driven, yes, but we also want to hear suggestions straight from our community. Because we understand that your support will help us improve all our products. And indeed, at Plesk we have an ever-growing list of features

Our technical team members are hungry for feedback. And so, we’re inviting you to meet a few of them and learn first-hand about how they work with your contributions.

Why Feedback Is Essential to Us

How to Contribute

There are different ways you can provide feedback and be part of Plesk. Let’s go through those point by point:

  • Plesk Community Discussion Forum: Welcome to our most important source of inspiration. A meeting place for the Plesk family where you can discuss, share and learn.
  • User Voice: Do you have an idea for new functionalities? This is the place where you can share your needs, as well as vote for existing feature proposals. It’s likely that the forthcoming versions of Plesk will include the top-ranked suggestions.
  • Plesk Online Community: Feel free to exchange tips, look for advice, and get hosting updates on this Facebook page. Our teams from all departments talk to the community, from CTO, to sales or technical support. Here is the place where you get the latest scoops on the product, as well as where you can have direct dialogues with Pleskians.
How to contribute - How Your Feedback Can Improve Plesk Products - Plesk

Feedback Is Essential to Us from All Sources

Those above are the main feedback sources when a new product feature is chosen for implementation. On top of that, our Product Managers strive to remain in contact with the business environment to identify needs and meet emerging trends.

Program managers are also in permanent contact with support teams for gathering information on the most required feats, or bugs to crush. For some top features, they test hypotheses on-site or create surveys and send them to customers for review.

Bottom line – all you need to do is speak to us. We’ll hear and make the magic happen 🙂

And always remember: Build, Secure, and Run!

Where do you feel most comfortable sharing feedback? Let us know about your preferences in the comment section below.

Tips for Creating an Effective Landing Page

Tips for Creating an Effective Landing Page - Plesk

Landing pages are an important component of a company’s inbound marketing strategy. At Plesk, we encourage our partners to create a landing page whenever they launch a campaign with us. A good landing page can help increase conversions and turn visitors into leads. For a landing page to be effective, it needs persuasive language, a solid layout and smart copy.

But before you begin creating your masterpiece, it’s vital to know what your goals are. Do you want to sell a product or service? Are you looking for visitors to attend a webinar or event? What do you want your visitors to do when they reach your landing page?

Once you have a clear goal, you’re ready to set up your landing page. So what are some of the essential elements of a landing page? Let’s get into these below.

1) Let’s Begin with the Layout

Your landing page layout should be clean and precise. It should work towards achieving the goal you set out earlier. Let’s take a look at the layout example below, which will work well with most products and services.

Let's Begin with the Layout - Tips for Creating an Effective Landing Page - Plesk

The important components in this landing page layout are:

  • Some room for an attractive header.
  • A section to introduce your main product or service.
  • An area where your main call to action resides.
  • Space for features and benefits of your product or service.
  • Any other information you want to provide.
  • A section for contact details or a support form.

Let’s tackle each of these components in more detail.

2) Use Compelling Imagery

A common place to add images on landing pages is in the header. Attractive and compelling images will help grab your visitors’ attention. As Napoleon himself said, “Un bon croquis vaut mieux qu’un long discours.” Translation: A good sketch is better than a long speech.

So, en avant my friends, to the next component!

3) Words, Words, Words

Words are a powerful ally for any landing page. Use headlines to present your most important message. Use subheadings to add information that adds value to your message. Headlines should be clear, concise and catchy, though it isn’t always easy to catch the 3 Cs. You can focus on the C that works best for your product or service.

And while we’re on the subject, it’s imperative that you apply the 3 Cs to any other copy you want to add to your landing page. Remember what Napoleon said? You don’t want to have your visitors bounce because of long speeches.

Additionally, the offer on your landing page should mirror offers you’re using in your ads. Consistency assures visitors that they’ve reached the right place.

4) Call to Action

The call to action (CTA) button is one of the key elements of a landing page. The aim of a CTA is to get visitors to perform an action, such as complete a sale or join a trial. Persuasive conversion words are your friends here. But there is one vital strategy to consider before you color your landing page with CTA buttons. Use CTAs sparingly. Wordy and too many CTAs will most likely overwhelm your visitors.

5) Call Out Your Best Features

Introduce your visitors to the best features your product or service offers. You can add this information in a separate section on the landing page if you prefer. Make sure that the focus of your copy is on the user and not you, the company. How can the product help your customer? Does it make your customer’s life easier in some way? Highlight the benefits your product or service offers. But keep it simple, keep it short.

Pro tip #1: Use pictures and videos to help users understand your product better.

Pro tip #2: Use customer testimonials. These help build trust and confidence in your product.

6) Point Users to Next Steps

The best way to do this is by having contact and support forms. A contact form gives visitors a place to go with their questions. It also shows that you are there to help them. However, do remember that you want to give visitors as few actions to complete as possible. So make sure that your forms don’t have too many fields or ask for too much information.

So, if you’re still reading up to this point, know that you now have the building blocks for a pretty good landing page.

And if you’re a Plesk Partner in need of more guidance on the topic, please contact your Account Manager. You can also take a look at other resources from our blog for setting up a WordPress website or using social media to boost your site traffic.

But if you’re a weary Internet traveler who stumbled upon this page and liked reading it, let us know in the comments below.

WordPress Security Headers – A Simple Guide to Making Your Website Safer

WordPress Security Headers

WordPress security headers is one of the most pragmatic approaches you can have in your security armory. One of the best things about them is that they can help you to make your web apps safer without making you go to the trouble of adding or changing anything in their code. You’re presented with a lot of options when it comes to maintaining the security of your website, and with their relative simplicity and proven effectiveness security headers seem like a good place to start.

The Purpose Of HTTP Security Headers

HTTP security headers protect your site against malicious intruders, and they’re an extra layer of security that you won’t find difficult to set up, even if you weren’t blessed with much in the way of technical ability. There are a few different examples of these to consider, and we’re going to take a look at each one and explore how to add them to your WordPress site to make it more secure.

WordPress HTTP Security Headers To Consider

HTTP security headers help to keep web browsers safe from would-be attackers. Here are some of the kinds of HTTP response headers you might encounter in your quest for security.

X-Frame-Options

This keeps visitors safe from clickjacking attacks, where the content of your website could be loaded inside another site using iframe. When a visitor clicks on a link that they think is safe they could be navigating inside your website instead, and this could be very hazardous if the user had already logged in to one of your sites restricted areas.

The deny parameter stops any rendering of the iframe.

X-Frame-Options: DENY

And allow-from mydomain permits rendering if it’s framed by one that’s been loaded from a stipulated domain

X-Frame-Options: ALLOW-FROM https://www.plesk.com

The sameorigin parameter looks for an origin mismatch and if it finds one will deny rendering.

X-Frame-Options: SAMEORIGIN

How To Add X-Frame-Options Security Header To a WordPress Site

The X-Frame-Options security header can be added to your WordPress site via the .htaccess file for Apache and with the nginx.conf file in NGINX.

Apache

<IfModule mod_headers.c>

     Header always append X-Frame-Options SAMEORIGIN

</IfModule>

NGINX

add_header X-Frame-Options "SAMEORIGIN" always;

HSTS – HTTP Strict Transport Security

HTTP Strict Transport Security is used when you want a web server to state that a web browser (or another user agent that is compliant) should only use secure HTTPS connections to interact with it and to never use HTTP, a protocol which is not so secure. HSTS is an IETF standards track protocol. It is specified in RFC 6797 after being approved years ago, in 2012.

includeSubDomains allows a rule to be applied to all of a site’s subdomains.

max-age lets the browser know how long it’s allowed to spend accessing a site via HTTPS.

Strict-Transport-Security: max-age=10886400; includeSubDomains

How To Add HTTP Strict Transport Security Header to WordPress

You can add the HSTS security header to a WordPress site using the code listed below to Apache’s .htaccess file or to the nginx.conf file:

Apache

<VirtualHost 88.10.194.81:443>

Header always set Strict-Transport-Security "max-age=10886400; includeSubDomains"

</VirtualHost>

NGINX

add_header Strict-Transport-Security max-age=10886400;

X-XSS-Protection

The X-XSS-Protection security header lets you configure the XSS protection system that you will find in many modern web-browsers. For instance, this could stop persistent XSS attacks from stealing cookies when a visitor who has logged in visits a page that contains an XSS element.

1 parameter turns the filter on.

0 parameter turns the filter off.

1; mode=block turns the filter on with the 1 parameter and also blocks the website that’s going to be rendered using mode=block.

1; report=https://thebesturlyoueverhad.com/ turns the filter on with the 1 parameter, then any illegal characters are removed from the request and the report is then forwarded to the chosen URL using the report= parameter.

How To Add X-XSS-Protection Security Header to WordPress Site

An X-XSS-Protection security header can be added to your WordPress site using the .htaccess file for Apache or the nginx.conf file in NGINX.

Apache

<IfModule mod_headers.c>
   Header set X-XSS-Protection "1; mode=block"
</IfModule>

NGINX

add_header X-Xss-Protection "1; mode=block" always;

Content-Security-Policy

The content security policy header can help you to reduce XSS risks on modern browsers by specifying which dynamic resources are permitted to load.

In a similar way to X-Content-Type-Options, the Content-Security-Policy header offers you a lot of different ways to configure it, but for now, we’ll just point out the ones in the example because they also happen to be accessible for beginners.

default-src specifies the standard policy for loading content like AJAX requests, frames, HTML5, images, js, css, fonts, and Media.

script-src defines what count as legitimate JavaScript sources.

connect-src applies to WebSocket, XMLHttpRequest (AJAX), EventSource. If not permitted the browser will emulate a 400 HTTP status code.

img-src defines bona fide image sources.

style-src defines authentic stylesheet sources.

Adding a Content Security Policy Security Header

You can add a Content-Security-Policy security header to a WordPress site using the .htaccess file for Apache and using the nginx.conf file in NGINX.

Apache

Header set Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';

NGINX

add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';";

X-Content-Type-Options

Set the X-Content-Type-Options header to stop the browser from interpreting files as anything other than what’s been declared as the content type in the HTTP headers. It’s got many configuration options and lots of potential parameters, but the one that you will find being used most often is called nosniff

X-Content-Type-Options: nosniff

Adding an X-Content-Type-Options Security Header

You can add the X-Content-Type-Options security header to your WordPress via the .htaccess file for Apache and with the nginx.conf file in NGINX.

Apache

<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
</IfModule>

NGINX

add_header X-Content-Type-Options "nosniff" always;

How To Add HTTP Security Headers If You Have Plesk?

Plesk is one of the most popular hosting platforms worldwide, it lets you build, secure, run websites and web apps. If you are lucky and your server is managed by Plesk, you have numerous ways on how to adjust the HTTP security headers of your WordPress website. Here is the easiest one:

  • Log into your Plesk hosting control panel using url https://myserver.com:8443, where myserver.com is the domain name assigned to your server
  • Click on ‘Domains’ section in the sidebar and choose the the website you want to add HTTP security headers
  • On the next page you will see a variety of features – please click on ‘Apache and nginx Settings’
  • Here you will be able to add Apache or NGINX headers into corresponding field with directives – ‘Additional Apache directives’ or ‘Additional nginx directives’.
  • After adding directives you should save your adjustments by clicking ‘Apply’ button.

How to Clear WordPress Cache

Clear WordPress Cache

Enabling caching is one of the most effective ways of boosting the performance of a WordPress website. Maintaining adequate security is probably a close second, but we definitely recommend enabling caching as one of your top priorities. But what does that mean exactly, what happens when you clear WordPress cache and is this something that you can do for yourself?

This guide is here to explain why you would want to clear WordPress cache on your WordPress sites, and it will also show you the various ways of purging or deleting the cache from inside and outside your WordPress installation.

The Idea Behind WordPress Caching

So, this is how a web page is loaded – somebody finds a link to your website. It could be through search engine results, somebody else’s website, social media or in an email. They click that link and are taken to your WordPress site. This generates an HTTPS request asking your web server to assemble and deliver all the files that your browser needs to load the website. The more images, files, and scripts it needs to throw together to build the site, the longer the HTTPS request takes to complete. If the person is patient while all this happens, they will soon be treated to a pristine view of your website.

Things are a little different when WordPress website caching is enabled. Here’s what that process looks like – someone finds a link to your website. They click that link and are taken to your WordPress site, this generates an HTTPS request that’s sent to your web server. The server can tell that there haven’t been any changes to the website content since the last time someone visited. The server sends a static copy of the website to the person’s browser window. Every visit to the site will be handled this way until either the page content changes or the cache expires and gets automatically purged.

So, as you can see, caching avoids making the server jump through hoops unnecessarily. When your business relies on capturing more leads via your website it’s essential to have quicker page loading times. These days, if people don’t get what they want within a couple of seconds then they will go elsewhere, so your page needs to load faster than that, and WordPress caching can help you achieve it. There are also times when you’re going to need a WordPress cache cleanup on your websites for other reasons though.

Reasons For Clearing the Cache on WordPress Websites

Website caching is used to give visitors to your site the best possible experience. A static saved copy of your site sent to each new visitor takes a lot less processing power to achieve, so they get the pages they want faster.

But that raises the question: why speed up content delivery to your site visitors if that content is nothing new?

The value of your website is that it brings worthwhile and compelling content to visitors, and if you aren’t updating your offerings on a regular basis then why should they bother coming back?

So, let’s take a look at some of the different ways that caching might mistakenly hinder new content delivery and why learning to do a WordPress cache cleanup manually is in your best interests.

Design Tweaks

Your website is really no different than any other piece of marketing collateral. Things like product details and contact information can change at a moment’s notice, and if you decide to rebrand then the website needs to change to reflect that. Your WordPress website is as dynamic and ever-changing as your business needs to be if it wants to remain successful.

Let’s say you’ve done all of that but you can’t see any of the changes on the website. Chances are that the caching mechanism hasn’t caught up with the changes yet.

New Content

Websites need to be regularly renewed with a steady procession of valuable and relevant content. Blog posts, white papers, and a million and one other pieces of digital real estate are constantly appearing to attract new visitors and keep old ones coming back. The more this happens, the more the search engines notice. Google, for one, is particularly enthusiastic about websites that regularly update and grow their content (as long as its high-quality stuff, that is).

But, if your web server is hanging on to the cached version of a particular page or it isn’t showing your new content to visitors, Google’s bots won’t even know that it’s there. This is an issue that sometimes occurs when your content is going into widgetized parts of the website.

Theme and Plugin Updates

One good reason for manually doing a WordPress cache cleanup is related to WordPress updates. In particular, every time there is a theme or plugin update, you need to do a WordPress cache cleanup to make sure that any changes you’ve made to the files, code or the way the website looks are reflected when the next HTTPS request comes along.

Database Changes

If you are using a managed WordPress hosting solution for your website, this is something to be aware of. If you migrate a website or database files change for any reason, chances are you are going to need to clear WordPress cache so that visitors aren’t bothered by error pages or an out of date version of your website.

Images Hosted Externally

Here’s another reason why a WordPress cache cleanup on your websites might be a good idea.

When using a WordPress plugin for image optimization, the server might carry on sending older uncompressed versions of them. To make sure that the server gets the images that the plugin has compressed, clear your cache following optimization.

Conclusion

When these changes to your website happen, your caching mechanisms need to pick up on the fact they have, and when they do, the WordPress cache will be cleared and the web server will handle the next HTTPS request using the updated content and deliver it to the browser.

Of course, that’s how things should work in practice, but the reality of how the software handles things is that it isn’t always smart enough to realize that an image with an identical file name but a different color product has been changed. It’s exactly this kind of thing that makes it essential for us to know how to do a WordPress cache cleanup on our websites.

How To Do a WordPress Cache Cleanup

The WordPress Codex has a page entitled “I Make Changes and Nothing Happens”. When people are new to WordPress, this is the kind of thing that you will often hear them say, because they don’t always remember that they need to click on “Update” or “Publish” after they’ve made their changes.

As we’ve seen there are lots of occasions when it is desirable to do a manual WordPress cache clear on a website so that the updates become visible.

Because caching can be used both inside and outside of WordPress there are several ways to purge its cache manually. If the website isn’t showing your changes and you know that it definitely isn’t a case of user error within WordPress here’s what to do.

How to Clear Your Browser Cache

You can only clear the browser cache of your own machine. Here’s how to do that in Chrome. Select the WordPress cache for your site using the Settings or History tabs. Once you’ve done that, go to the “Clear Browsing Data” section. This section will let you clear browsing data for cached files and images and delete the cache from every website in your browsing history. If you just want to clear your own website go back to Settings and go to Content Settings, click on ‘Cookies’ and expand ‘See all cookies and site data’. Perform the search of your website and clear it.

WordPress Cache Cleanup Using Cache Plugins

Let’s take a look at how to locate the WordPress cache cleanup option in case of various plugins usage.

WP Super Cache

This plugin is a lot less complicated. The downside to that is that you don’t have as much control over which cached data is cleared though. Despite that, it’s a breeze to use from these three locations – “Easy” and  “Contents” tabs, as well as “Admin” toolbar.

W3 Total Cache

Find the Performance menu and look for the plugin “Settings”. Scroll down the page and make a note of the individual caching settings. When enabled, you’ll be given two choices to clear WordPress cache.

“Empty cache” is used if the settings stay the same, but you want to delete the cached data for that specific option. “Save Settings & Purge Caches” allows you to save a new caching configuration and purge the present cache at the same time. You can also purge all data and cached content from your website instantly with the admin toolbar “Performance” menu

 

 

Clearing WordPress Cache When You’re Using Managed WordPress Hosting

Caching is something that should also happen server-side. It’s a bit of a different way to do it from the usual WordPress website approach because you’re also looking at things like PHP caching, MySQL caching, object caching, and so on. Website caching only copies the content and files within your WordPress site. When WordPress cache cleaning doesn’t help, or if you just want to make sure that you covered all the bases, then clearing the server-side cache too is the way to go.

With managed WordPress hosting, various hosts frequently allow users to purge their own cache.  Your web hosting company should be able to tell you whether you are allowed to purge a server-side cache, but even if they won’t let you access it directly, they may still be able to deal with the problem for you.

Clearing WordPress Cache On CDN Level

content delivery network (CDN) adds an extra layer of caching to WordPress websites. CDNs have copies of websites all over the world in their data centers. This is so that they can send a version of your website that is geographically closest to someone. This means your visitors get to see your site more quickly than they otherwise would, which is exactly what you want.

To clear your CDN cache, you’ll need to login to its platform. Most popular platforms ( e.g. KeyCDN and CloudFlare ) provide user-friendly interface to initiate this process in few clicks.

KeyCDN

Keycdn is a content delivery network with long history which is powering a huge number of sites across the web. To clear the cache, you need to login, click “Zones” and choose the zone you need. Use “Manage” drop down list to choose Purge by Tag / Purge Url / Purge.

CloudFlare

You should login to your account, select the website of your interest and click “Caching” button. Choose “Purge Everything” or “Purge Individual Files, Purge By Tag” for Enterprise plan.

Clearing WordPress Cache Using the Command Line

Lastly, let’s take a look at what we need to do to clear WordPress cache via the command line. As it says here, this is so you can flush the object cache in your database. When you’re ready, run this in your WordPress command line:

$ wp cache flush
Success: The cache was flushed.

This will refresh all of the content you’ve added or the design elements that you’ve changed so that where they’ve been cached as fragments or objects your visitors will see the most up-to-date version, just as you intended.

Conclusion

Caching helps make your WordPress website work at its best, but sometimes you need to clear out all that cached information so that your visitors see your most recent content. Think of it as digital spring cleaning that can help make your business more successful. We hope that this guide helps you to keep your site in tiptop shape.

How to Install Plesk On Windows?

Install Plesk On Windows

Install Plesk In One Click

One of the quickest and easiest ways of getting a Plesk server up and running with its default configuration is one-click installation. Here’s how you do it:

1. Use RDP to login to the server.

2. Download Plesk Installer.

3. Pull up the Windows command prompt and switch the working directory to wherever you saved the installer binary to, then run this command:

4. plesk-installer.exe --select-product-id=panel --select-release-latest --installation-type=recommended

The installation process will now get underway the latest release, taking from 30-60 minutes. The installer downloads the most up-to-date (stable) version of Plesk and includes the most common, popular features that should hopefully suit a typical cross-section of users. After this, it will look for the latest performance and security updates and patches and install them too.

More Plesk components and features can be added at any time, so if you feel as if you’re missing out on anything by going with the typical install, don’t worry. You can add or remove elements at any time. But if you’d like more control during your first installation then you may want to use the web GUI or the console instead.

Plesk Installation on Windows Using the Console

Use the interactive console to choose which Plesk elements are installed. Here’s how to do that:

1. Use RDP to log in to the server.

2. Download the Plesk Installer.

3. Open the Windows command prompt and switch the working directory to wherever you saved the installer binary, then run this command:

4. plesk-installer.exe --console

The console will appear in the command prompt window.

To install an older version of Plesk, choose:

plesk-installer.exe --console --all-versions

Carefully read through the above text, and if you’re happy with it then hit F followed by Enter to continue.

Install Plesk On Windows - 1

 

Now choose which version of Plesk you would like to install.

Install Plesk On Windows - 2

 

If you have chosen the --all-versions option, you’ll get a different list of available Plesk versions.

You can now choose from some advanced settings by typing S:

  • choose which directory the installer will put the downloaded files in.
  • choose where to look for the installation files. The default setting is to download them from the Plesk servers themselves, but it’s also possible to make the system look for them elsewhere, like in your local mirror or perhaps your local machine if you already put your downloaded installation files there.
  • specify a proxy server address, along with password and username if required (when you’re installing Plesk on a server behind an HTTP proxy).

Install Plesk On Windows - 3

You can configure the settings using either the configuration or with arguments in the command line. Once you are done, close the installer and then restart with the new settings.

This is where things get interesting. Choose one of these installation types to continue:

  • the Recommended installation type has everything you’re going to need for web hosting (things like web server, a mail server, a database server), along with the kind of typical features that most people find useful. If you don’t know which installation type to go with then just choose Recommended. It’ll have most of what you need.
  • the Full installation type includes everything that Plesk has to offer, but obviously, this will take up a lot more room on your disk.
  • the Custom installation option lets you pick and choose from everything. It’s a tasting menu that lets you build the exact configuration that you want, and because of this, we suggest that only experienced Plesk administrators are advised to go with Custom.

If you’re not happy with your installation after it’s finished then don’t despair, because Plesk lets you add or remove whatever components and features you want later, giving you the scope to set it up just how you want it.

Once you’ve chosen your installation type, you might get a prompt to configure some extra settings, like the Plesk installation directory, the directory where Plesk stores the content for the website it’s hosting, and the “admin” user password (the one that lets you log in to Plesk).

At this point, you’ll have one final opportunity to look through all of the components and features that you’ve decided to install and give it the ‘okay’. If you are happy with it, press F and then enter to get things underway.

Installing Plesk on Windows Using Web GUI

For anyone wanting to choose which Plesk components to install, it’s best to use the graphical interface. Here’s how:

1. Log in to the server using RDP.

2. Download Plesk Installer.

3. Pull up the Windows command prompt and switch the working directory to the one you saved the installer binary to, then run this command:

plesk-installer.exe --web-interface

This is going to run the installer GUI in your browser.

If you’d prefer to install an older version of Plesk, then type:

plesk-installer.exe --web-interface --all-versions

Choose a language for the interface and then log in using your Windows administrator credentials to continue. You’ll then see the installer GUI welcome screen. This is where you will come to later when you want to update, add or remove any of Plesk’s components, but for now, you’ll just be installing Plesk.

Install Plesk on Windows - GUI - 1

If you’d like to make changes to the settings for this installation, then click on Updates source and installation settings.

Install Plesk On Windows - GUI - 2

Here you’ll be able to:

  • Change where the installation files are downloaded from by default (which is the Plesk servers). You can tell the system to look for them elsewhere, such as a local mirror or local disk.
  • Change where the installation files are downloaded to
  • Configure the HTTP proxy server address, and also set the username and password.
  • Change the language of the installer interface.

When you’re happy with your selections, click Save to carry on to the next part.

Install Plesk On Windows - GUI - 3

Click Install or Upgrade Product on the welcome screen to carry on.

Now, it is time to choose the version of Plesk that you want to install. Check the box next to Plesk, then choose which version you want and which installation type. In the example above you’re choosing Plesk Obsidian, which is the latest stable release. If you ran the installer with the –all-versions option, the list of available Plesk versions will be different.

Install Plesk On Windows - GUI - 4

The features and components that get installed will depend upon which of these types of installation you choose:

  • Recommended is the type that will give you all the necessary elements that you need for web hosting—things like a web server, mail server, database server, and so on—plus a selection of the most popular and widely used features. This is the one to go for if you aren’t sure what you need yet.
  • The Full installation type does what it says and gives you everything that Plesk has to offer, but you’ll only want to go for this option if you’re sure you have enough disk space, as it takes up quite a lot.
  • The Custom installation type lets you pick and choose from a list of which elements you want to install, but it’s best left to confident admins who have previous experience of Plesk.

Don’t worry about making the wrong choice at this point because there isn’t really a wrong choice. With Plesk, you can always add or remove components and features later until you have the system set up just how you want it.

Install Plesk On Windows - GUI - 5

Once you’ve chosen what type of installation you want, you might get a prompt to configure extra settings, like which directory to install Plesk in, where to put the content of websites hosted in Plesk, and the Plesk “admin” user password (which, along with your login name will get you into Plesk).

Once you’ve configured the settings, click Continue to start installing.

Install Plesk On Windows - GUI - 6

Next Level Ops Podcast: The Best Extensions for Your Website with Jan Loeffler

Next Level Ops Podcast: The Best Extensions for Your Website with Jan Loeffler - Plesk

We’re back with the third episode of the Official Plesk Podcast: Next Level Ops. In this installment, Superhost Joe speaks to the Pleskian Technology Mage, Jan Loeffler. Jan tells us about Plesk Lighthouse Extensions and why they’re super useful.

In This Episode: The Weather, Popular Plesk Extensions, SEO and More

In This Episode: The Weather, Popular Plesk Extensions, SEO and More - Next Level Ops Podcast: The Best Extensions for Your Website with Jan Loeffler - Plesk

If you’re unfamiliar with Plesk extensions, you’re probably wondering what Lighthouse Extensions are. To clarify, Joe and Jan dive right into the specifics, after updating us on the weather of course.

In general, Plesk’s extensions provide extra tools, features and services to users. Their purpose is to enhance the ways in which users work and interact with websites. In particular, they serve a useful role when dealing with specific website areas, such as SEO. So, the SEO Toolkit extension can help users in designing an SEO strategy for better visibility on search engines.

“Usually it’s like running a marathon. If you want to run a marathon, you don’t do it in one day. It needs consistent training and working towards this goal. The same is true for getting on the first page of Google.”, says Jan.

Well Jan, we hope that soon you’ll be able to run a marathon once more after this lockdown is over. We will cheer for you!

"Usually it's like running a marathon. If you want to run a marathon, you don't do it in one day. It needs consistent training and working towards this goal. The same is true for getting on the first page of Google.”

Jan Loeffler

Key Takeaways

  • What are Lighthouse Extensions? There are over 130 extensions in the Plesk Extensions catalog. The Lighthouse Extensions are the most popular among users.
  • Why are the Speed Kit and SEO Toolkit extensions important? As soon as you start selling something on your website, performance matters. If a website takes more than 3 seconds to load, many users will leave. Speed Kit analyzes your site and knows how to cache it. The SEO Toolkit gives you stats to narrow down the areas where your website performance can improve. It supports all major search engines: Google, Bing, Baidu, Yahoo, and so on.
  • How can users get started with Lighthouse Extensions? Some are pre-installed when you spin up a new Plesk server. And the Extensions catalog gives insights into the most popular extensions. Additionally, there’s an Advisor tool that helps users become more productive. It guides you along the value chain and recommends tools you can enable to get the best out of each step.

…Alright Pleskians, it’s time to hit the play button if you want to hear the rest. Or go to our Simplecast channel to listen to the full episode. While you’re there, take a peek at our previous episodes here and here. We’ll be back soon with the next installment.

The Official Plesk Podcast: Next Level Ops Featuring

Joe Casabona

Joe is a college-accredited course developer. He is the founder of Creator Courses.

Jan Loeffler

Jan is the Chief Technical Officer at Plesk.

Remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!