WordPress Security Headers – A Simple Guide to Making Your Website Safer

WordPress Security Headers

WordPress security headers is one of the most pragmatic approaches you can have in your security armory. One of the best things about them is that they can help you to make your web apps safer without making you go to the trouble of adding or changing anything in their code. You’re presented with a lot of options when it comes to maintaining the security of your website, and with their relative simplicity and proven effectiveness security headers seem like a good place to start.

The Purpose Of HTTP Security Headers

HTTP security headers protect your site against malicious intruders, and they’re an extra layer of security that you won’t find difficult to set up, even if you weren’t blessed with much in the way of technical ability. There are a few different examples of these to consider, and we’re going to take a look at each one and explore how to add them to your WordPress site to make it more secure.

WordPress HTTP Security Headers To Consider

HTTP security headers help to keep web browsers safe from would-be attackers. Here are some of the kinds of HTTP response headers you might encounter in your quest for security.

X-Frame-Options

This keeps visitors safe from clickjacking attacks, where the content of your website could be loaded inside another site using iframe. When a visitor clicks on a link that they think is safe they could be navigating inside your website instead, and this could be very hazardous if the user had already logged in to one of your sites restricted areas.

The deny parameter stops any rendering of the iframe.

X-Frame-Options: DENY

And allow-from mydomain permits rendering if it’s framed by one that’s been loaded from a stipulated domain

X-Frame-Options: ALLOW-FROM https://www.plesk.com

The sameorigin parameter looks for an origin mismatch and if it finds one will deny rendering.

X-Frame-Options: SAMEORIGIN

How To Add X-Frame-Options Security Header To a WordPress Site

The X-Frame-Options security header can be added to your WordPress site via the .htaccess file for Apache and with the nginx.conf file in NGINX.

Apache

<IfModule mod_headers.c>

     Header always append X-Frame-Options SAMEORIGIN

</IfModule>

NGINX

add_header X-Frame-Options "SAMEORIGIN" always;

HSTS – HTTP Strict Transport Security

HTTP Strict Transport Security is used when you want a web server to state that a web browser (or another user agent that is compliant) should only use secure HTTPS connections to interact with it and to never use HTTP, a protocol which is not so secure. HSTS is an IETF standards track protocol. It is specified in RFC 6797 after being approved years ago, in 2012.

includeSubDomains allows a rule to be applied to all of a site’s subdomains.

max-age lets the browser know how long it’s allowed to spend accessing a site via HTTPS.

Strict-Transport-Security: max-age=10886400; includeSubDomains

How To Add HTTP Strict Transport Security Header to WordPress

You can add the HSTS security header to a WordPress site using the code listed below to Apache’s .htaccess file or to the nginx.conf file:

Apache

<VirtualHost 88.10.194.81:443>

Header always set Strict-Transport-Security "max-age=10886400; includeSubDomains"

</VirtualHost>

NGINX

add_header Strict-Transport-Security max-age=10886400;

X-XSS-Protection

The X-XSS-Protection security header lets you configure the XSS protection system that you will find in many modern web-browsers. For instance, this could stop persistent XSS attacks from stealing cookies when a visitor who has logged in visits a page that contains an XSS element.

1 parameter turns the filter on.

0 parameter turns the filter off.

1; mode=block turns the filter on with the 1 parameter and also blocks the website that’s going to be rendered using mode=block.

1; report=https://thebesturlyoueverhad.com/ turns the filter on with the 1 parameter, then any illegal characters are removed from the request and the report is then forwarded to the chosen URL using the report= parameter.

How To Add X-XSS-Protection Security Header to WordPress Site

An X-XSS-Protection security header can be added to your WordPress site using the .htaccess file for Apache or the nginx.conf file in NGINX.

Apache

<IfModule mod_headers.c>
   Header set X-XSS-Protection "1; mode=block"
</IfModule>

NGINX

add_header X-Xss-Protection "1; mode=block" always;

Content-Security-Policy

The content security policy header can help you to reduce XSS risks on modern browsers by specifying which dynamic resources are permitted to load.

In a similar way to X-Content-Type-Options, the Content-Security-Policy header offers you a lot of different ways to configure it, but for now, we’ll just point out the ones in the example because they also happen to be accessible for beginners.

default-src specifies the standard policy for loading content like AJAX requests, frames, HTML5, images, js, css, fonts, and Media.

script-src defines what count as legitimate JavaScript sources.

connect-src applies to WebSocket, XMLHttpRequest (AJAX), EventSource. If not permitted the browser will emulate a 400 HTTP status code.

img-src defines bona fide image sources.

style-src defines authentic stylesheet sources.

Adding a Content Security Policy Security Header

You can add a Content-Security-Policy security header to a WordPress site using the .htaccess file for Apache and using the nginx.conf file in NGINX.

Apache

Header set Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';

NGINX

add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';";

X-Content-Type-Options

Set the X-Content-Type-Options header to stop the browser from interpreting files as anything other than what’s been declared as the content type in the HTTP headers. It’s got many configuration options and lots of potential parameters, but the one that you will find being used most often is called nosniff

X-Content-Type-Options: nosniff

Adding an X-Content-Type-Options Security Header

You can add the X-Content-Type-Options security header to your WordPress via the .htaccess file for Apache and with the nginx.conf file in NGINX.

Apache

<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
</IfModule>

NGINX

add_header X-Content-Type-Options "nosniff" always;

How To Add HTTP Security Headers If You Have Plesk?

Plesk is one of the most popular hosting platforms worldwide, it lets you build, secure, run websites and web apps. If you are lucky and your server is managed by Plesk, you have numerous ways on how to adjust the HTTP security headers of your WordPress website. Here is the easiest one:

  • Log into your Plesk hosting control panel using url https://myserver.com:8443, where myserver.com is the domain name assigned to your server
  • Click on ‘Domains’ section in the sidebar and choose the the website you want to add HTTP security headers
  • On the next page you will see a variety of features – please click on ‘Apache and nginx Settings’
  • Here you will be able to add Apache or NGINX headers into corresponding field with directives – ‘Additional Apache directives’ or ‘Additional nginx directives’.
  • After adding directives you should save your adjustments by clicking ‘Apply’ button.

How to Clear WordPress Cache

Clear WordPress Cache

Enabling caching is one of the most effective ways of boosting the performance of a WordPress website. Maintaining adequate security is probably a close second, but we definitely recommend enabling caching as one of your top priorities. But what does that mean exactly, what happens when you clear WordPress cache and is this something that you can do for yourself?

This guide is here to explain why you would want to clear WordPress cache on your WordPress sites, and it will also show you the various ways of purging or deleting the cache from inside and outside your WordPress installation.

The Idea Behind WordPress Caching

So, this is how a web page is loaded – somebody finds a link to your website. It could be through search engine results, somebody else’s website, social media or in an email. They click that link and are taken to your WordPress site. This generates an HTTPS request asking your web server to assemble and deliver all the files that your browser needs to load the website. The more images, files, and scripts it needs to throw together to build the site, the longer the HTTPS request takes to complete. If the person is patient while all this happens, they will soon be treated to a pristine view of your website.

Things are a little different when WordPress website caching is enabled. Here’s what that process looks like – someone finds a link to your website. They click that link and are taken to your WordPress site, this generates an HTTPS request that’s sent to your web server. The server can tell that there haven’t been any changes to the website content since the last time someone visited. The server sends a static copy of the website to the person’s browser window. Every visit to the site will be handled this way until either the page content changes or the cache expires and gets automatically purged.

So, as you can see, caching avoids making the server jump through hoops unnecessarily. When your business relies on capturing more leads via your website it’s essential to have quicker page loading times. These days, if people don’t get what they want within a couple of seconds then they will go elsewhere, so your page needs to load faster than that, and WordPress caching can help you achieve it. There are also times when you’re going to need a WordPress cache cleanup on your websites for other reasons though.

Reasons For Clearing the Cache on WordPress Websites

Website caching is used to give visitors to your site the best possible experience. A static saved copy of your site sent to each new visitor takes a lot less processing power to achieve, so they get the pages they want faster.

But that raises the question: why speed up content delivery to your site visitors if that content is nothing new?

The value of your website is that it brings worthwhile and compelling content to visitors, and if you aren’t updating your offerings on a regular basis then why should they bother coming back?

So, let’s take a look at some of the different ways that caching might mistakenly hinder new content delivery and why learning to do a WordPress cache cleanup manually is in your best interests.

Design Tweaks

Your website is really no different than any other piece of marketing collateral. Things like product details and contact information can change at a moment’s notice, and if you decide to rebrand then the website needs to change to reflect that. Your WordPress website is as dynamic and ever-changing as your business needs to be if it wants to remain successful.

Let’s say you’ve done all of that but you can’t see any of the changes on the website. Chances are that the caching mechanism hasn’t caught up with the changes yet.

New Content

Websites need to be regularly renewed with a steady procession of valuable and relevant content. Blog posts, white papers, and a million and one other pieces of digital real estate are constantly appearing to attract new visitors and keep old ones coming back. The more this happens, the more the search engines notice. Google, for one, is particularly enthusiastic about websites that regularly update and grow their content (as long as its high-quality stuff, that is).

But, if your web server is hanging on to the cached version of a particular page or it isn’t showing your new content to visitors, Google’s bots won’t even know that it’s there. This is an issue that sometimes occurs when your content is going into widgetized parts of the website.

Theme and Plugin Updates

One good reason for manually doing a WordPress cache cleanup is related to WordPress updates. In particular, every time there is a theme or plugin update, you need to do a WordPress cache cleanup to make sure that any changes you’ve made to the files, code or the way the website looks are reflected when the next HTTPS request comes along.

Database Changes

If you are using a managed WordPress hosting solution for your website, this is something to be aware of. If you migrate a website or database files change for any reason, chances are you are going to need to clear WordPress cache so that visitors aren’t bothered by error pages or an out of date version of your website.

Images Hosted Externally

Here’s another reason why a WordPress cache cleanup on your websites might be a good idea.

When using a WordPress plugin for image optimization, the server might carry on sending older uncompressed versions of them. To make sure that the server gets the images that the plugin has compressed, clear your cache following optimization.

Conclusion

When these changes to your website happen, your caching mechanisms need to pick up on the fact they have, and when they do, the WordPress cache will be cleared and the web server will handle the next HTTPS request using the updated content and deliver it to the browser.

Of course, that’s how things should work in practice, but the reality of how the software handles things is that it isn’t always smart enough to realize that an image with an identical file name but a different color product has been changed. It’s exactly this kind of thing that makes it essential for us to know how to do a WordPress cache cleanup on our websites.

How To Do a WordPress Cache Cleanup

The WordPress Codex has a page entitled “I Make Changes and Nothing Happens”. When people are new to WordPress, this is the kind of thing that you will often hear them say, because they don’t always remember that they need to click on “Update” or “Publish” after they’ve made their changes.

As we’ve seen there are lots of occasions when it is desirable to do a manual WordPress cache clear on a website so that the updates become visible.

Because caching can be used both inside and outside of WordPress there are several ways to purge its cache manually. If the website isn’t showing your changes and you know that it definitely isn’t a case of user error within WordPress here’s what to do.

How to Clear Your Browser Cache

You can only clear the browser cache of your own machine. Here’s how to do that in Chrome. Select the WordPress cache for your site using the Settings or History tabs. Once you’ve done that, go to the “Clear Browsing Data” section. This section will let you clear browsing data for cached files and images and delete the cache from every website in your browsing history. If you just want to clear your own website go back to Settings and go to Content Settings, click on ‘Cookies’ and expand ‘See all cookies and site data’. Perform the search of your website and clear it.

WordPress Cache Cleanup Using Cache Plugins

Let’s take a look at how to locate the WordPress cache cleanup option in case of various plugins usage.

WP Super Cache

This plugin is a lot less complicated. The downside to that is that you don’t have as much control over which cached data is cleared though. Despite that, it’s a breeze to use from these three locations – “Easy” and  “Contents” tabs, as well as “Admin” toolbar.

W3 Total Cache

Find the Performance menu and look for the plugin “Settings”. Scroll down the page and make a note of the individual caching settings. When enabled, you’ll be given two choices to clear WordPress cache.

“Empty cache” is used if the settings stay the same, but you want to delete the cached data for that specific option. “Save Settings & Purge Caches” allows you to save a new caching configuration and purge the present cache at the same time. You can also purge all data and cached content from your website instantly with the admin toolbar “Performance” menu

 

 

Clearing WordPress Cache When You’re Using Managed WordPress Hosting

Caching is something that should also happen server-side. It’s a bit of a different way to do it from the usual WordPress website approach because you’re also looking at things like PHP caching, MySQL caching, object caching, and so on. Website caching only copies the content and files within your WordPress site. When WordPress cache cleaning doesn’t help, or if you just want to make sure that you covered all the bases, then clearing the server-side cache too is the way to go.

With managed WordPress hosting, various hosts frequently allow users to purge their own cache.  Your web hosting company should be able to tell you whether you are allowed to purge a server-side cache, but even if they won’t let you access it directly, they may still be able to deal with the problem for you.

Clearing WordPress Cache On CDN Level

content delivery network (CDN) adds an extra layer of caching to WordPress websites. CDNs have copies of websites all over the world in their data centers. This is so that they can send a version of your website that is geographically closest to someone. This means your visitors get to see your site more quickly than they otherwise would, which is exactly what you want.

To clear your CDN cache, you’ll need to login to its platform. Most popular platforms ( e.g. KeyCDN and CloudFlare ) provide user-friendly interface to initiate this process in few clicks.

KeyCDN

Keycdn is a content delivery network with long history which is powering a huge number of sites across the web. To clear the cache, you need to login, click “Zones” and choose the zone you need. Use “Manage” drop down list to choose Purge by Tag / Purge Url / Purge.

CloudFlare

You should login to your account, select the website of your interest and click “Caching” button. Choose “Purge Everything” or “Purge Individual Files, Purge By Tag” for Enterprise plan.

Clearing WordPress Cache Using the Command Line

Lastly, let’s take a look at what we need to do to clear WordPress cache via the command line. As it says here, this is so you can flush the object cache in your database. When you’re ready, run this in your WordPress command line:

$ wp cache flush
Success: The cache was flushed.

This will refresh all of the content you’ve added or the design elements that you’ve changed so that where they’ve been cached as fragments or objects your visitors will see the most up-to-date version, just as you intended.

Conclusion

Caching helps make your WordPress website work at its best, but sometimes you need to clear out all that cached information so that your visitors see your most recent content. Think of it as digital spring cleaning that can help make your business more successful. We hope that this guide helps you to keep your site in tiptop shape.

How to Install Plesk On Windows?

Install Plesk On Windows

Install Plesk In One Click

One of the quickest and easiest ways of getting a Plesk server up and running with its default configuration is one-click installation. Here’s how you do it:

1. Use RDP to login to the server.

2. Download Plesk Installer.

3. Pull up the Windows command prompt and switch the working directory to wherever you saved the installer binary to, then run this command:

4. plesk-installer.exe --select-product-id=panel --select-release-latest --installation-type=recommended

The installation process will now get underway the latest release, taking from 30-60 minutes. The installer downloads the most up-to-date (stable) version of Plesk and includes the most common, popular features that should hopefully suit a typical cross-section of users. After this, it will look for the latest performance and security updates and patches and install them too.

More Plesk components and features can be added at any time, so if you feel as if you’re missing out on anything by going with the typical install, don’t worry. You can add or remove elements at any time. But if you’d like more control during your first installation then you may want to use the web GUI or the console instead.

Plesk Installation on Windows Using the Console

Use the interactive console to choose which Plesk elements are installed. Here’s how to do that:

1. Use RDP to log in to the server.

2. Download the Plesk Installer.

3. Open the Windows command prompt and switch the working directory to wherever you saved the installer binary, then run this command:

4. plesk-installer.exe --console

The console will appear in the command prompt window.

To install an older version of Plesk, choose:

plesk-installer.exe --console --all-versions

Carefully read through the above text, and if you’re happy with it then hit F followed by Enter to continue.

Install Plesk On Windows - 1

 

Now choose which version of Plesk you would like to install.

Install Plesk On Windows - 2

 

If you have chosen the --all-versions option, you’ll get a different list of available Plesk versions.

You can now choose from some advanced settings by typing S:

  • choose which directory the installer will put the downloaded files in.
  • choose where to look for the installation files. The default setting is to download them from the Plesk servers themselves, but it’s also possible to make the system look for them elsewhere, like in your local mirror or perhaps your local machine if you already put your downloaded installation files there.
  • specify a proxy server address, along with password and username if required (when you’re installing Plesk on a server behind an HTTP proxy).

Install Plesk On Windows - 3

You can configure the settings using either the configuration or with arguments in the command line. Once you are done, close the installer and then restart with the new settings.

This is where things get interesting. Choose one of these installation types to continue:

  • the Recommended installation type has everything you’re going to need for web hosting (things like web server, a mail server, a database server), along with the kind of typical features that most people find useful. If you don’t know which installation type to go with then just choose Recommended. It’ll have most of what you need.
  • the Full installation type includes everything that Plesk has to offer, but obviously, this will take up a lot more room on your disk.
  • the Custom installation option lets you pick and choose from everything. It’s a tasting menu that lets you build the exact configuration that you want, and because of this, we suggest that only experienced Plesk administrators are advised to go with Custom.

If you’re not happy with your installation after it’s finished then don’t despair, because Plesk lets you add or remove whatever components and features you want later, giving you the scope to set it up just how you want it.

Once you’ve chosen your installation type, you might get a prompt to configure some extra settings, like the Plesk installation directory, the directory where Plesk stores the content for the website it’s hosting, and the “admin” user password (the one that lets you log in to Plesk).

At this point, you’ll have one final opportunity to look through all of the components and features that you’ve decided to install and give it the ‘okay’. If you are happy with it, press F and then enter to get things underway.

Installing Plesk on Windows Using Web GUI

For anyone wanting to choose which Plesk components to install, it’s best to use the graphical interface. Here’s how:

1. Log in to the server using RDP.

2. Download Plesk Installer.

3. Pull up the Windows command prompt and switch the working directory to the one you saved the installer binary to, then run this command:

plesk-installer.exe --web-interface

This is going to run the installer GUI in your browser.

If you’d prefer to install an older version of Plesk, then type:

plesk-installer.exe --web-interface --all-versions

Choose a language for the interface and then log in using your Windows administrator credentials to continue. You’ll then see the installer GUI welcome screen. This is where you will come to later when you want to update, add or remove any of Plesk’s components, but for now, you’ll just be installing Plesk.

Install Plesk on Windows - GUI - 1

If you’d like to make changes to the settings for this installation, then click on Updates source and installation settings.

Install Plesk On Windows - GUI - 2

Here you’ll be able to:

  • Change where the installation files are downloaded from by default (which is the Plesk servers). You can tell the system to look for them elsewhere, such as a local mirror or local disk.
  • Change where the installation files are downloaded to
  • Configure the HTTP proxy server address, and also set the username and password.
  • Change the language of the installer interface.

When you’re happy with your selections, click Save to carry on to the next part.

Install Plesk On Windows - GUI - 3

Click Install or Upgrade Product on the welcome screen to carry on.

Now, it is time to choose the version of Plesk that you want to install. Check the box next to Plesk, then choose which version you want and which installation type. In the example above you’re choosing Plesk Obsidian, which is the latest stable release. If you ran the installer with the –all-versions option, the list of available Plesk versions will be different.

Install Plesk On Windows - GUI - 4

The features and components that get installed will depend upon which of these types of installation you choose:

  • Recommended is the type that will give you all the necessary elements that you need for web hosting—things like a web server, mail server, database server, and so on—plus a selection of the most popular and widely used features. This is the one to go for if you aren’t sure what you need yet.
  • The Full installation type does what it says and gives you everything that Plesk has to offer, but you’ll only want to go for this option if you’re sure you have enough disk space, as it takes up quite a lot.
  • The Custom installation type lets you pick and choose from a list of which elements you want to install, but it’s best left to confident admins who have previous experience of Plesk.

Don’t worry about making the wrong choice at this point because there isn’t really a wrong choice. With Plesk, you can always add or remove components and features later until you have the system set up just how you want it.

Install Plesk On Windows - GUI - 5

Once you’ve chosen what type of installation you want, you might get a prompt to configure extra settings, like which directory to install Plesk in, where to put the content of websites hosted in Plesk, and the Plesk “admin” user password (which, along with your login name will get you into Plesk).

Once you’ve configured the settings, click Continue to start installing.

Install Plesk On Windows - GUI - 6

IP Address Management. How to Make it Simpler With Plesk

IP Address Management In Plesk

Plesk’s user-friendly and extensively featured GUI was created to make the management of web, mail, DNS, and other services a lot simpler for IT specialists. It’s is a hosting control panel, so its job is to act as a bridge between a system’s services and its users. For instance, when someone uses the GUI to create a website, Plesk broadcasts this request to either an Apache or an IIS web server, and in the case of the latter it adds a new virtual host to the system. Having a one-stop-shop like this for looking after system services means that maintenance costs go down and flexibility and control for administrators go up.

One of the things that the Plesk GUI lets you do is both manage and add to the list of registered IP addresses.

The designation for every IP address registered in Plesk must the either shared or dedicated. As the name suggest, shared IP addresses can be shared between an endless number of different websites irrespective of which account they belong to. Dedicated IP addresses are tied to one account only, be they for the customer, reseller, or a Plesk administrator. You can use them for hosting numerous websites, but they must always belong to the same account.

An IP address with the dedicated designation offers these benefits:

  • hosting anonymous FTP shares (no password authentication required).
  • reputation management for an IP address—perhaps because the previous subscriber on that account was distributing spam, for instance—so that websites hosted on it aren’t tarred with the same brush.
  • use an SSL/TLS certificate to secure a website if Server Name Indication (SNI) support is not available. SNI opens the door for SSL/TLS protection for websites that share IP addresses. This may not work with every browser and server though. To find out more, see SSL/TLS and Shared IP Addresses.

How to list registered IP addresses

To look at the list of IP addresses registered in Plesk together with essential information like the number of websites or the IP address type hosted on a given IP address, go to Tools & Settings > IP Addresses. The search menu lets you search for IP addresses. You can bring it up by clicking on the arrow button on the right-hand side of the screen.

How To Add IP Addresses In Plesk

1. Go to Tools & Settings > IP Addresses.

2. Click on Add IP Address.

If you are running Plesk within a Virtuozzo container, you can only add IP addresses on the Virtuozzo hardware node. The Add IP Address button won’t be shown. Have a look at the documentation for Virtuozzo if you want to learn how to add IP addresses when running Plesk in a Virtuozzo container. Once you’ve added all the IP addresses you want, you’ll need to re-read IP addresses.

You can’t add or remove IP addresses from a network interface that has DHCP enabled. If that’s the case, you’ll need to disable it for a given network interface.

3. Use the Interface menu to choose the network interface for your new IP.

4. Type in the IP address and the subnet mask in the appropriate box. For instance, 123.123.123.123/16 or 2002:7b7b:7b7b::1/64.

5. Set the Public IP address (this is an option used for Plesk servers behind NAT). If you want to add a private IP address that you’ll be using to host public-facing websites, you can pair it to a public IP address by adding it in the Set the Public IP address field. This IP address will be used in the domain records that show what’s being hosted on this IP.

6. Choose shared or dedicated for the new IP address.

7. Choose the default SSL/TLS certificate to use with the new IP address. Each IP address is secured with the (self-signed) certificate by default.

8. Choose your preferred FTPS usage policy (on Plesk for Windows).

To make FTP connections secure, the FTP server installed on your Plesk server needs to support FTP over SSL/TLS. For instance, Gene6, Serv-U FTP, IIS FTP 7.x servers support FTP over SSL/TLS.

9. Hit OK and the IP address will be added.

How To Hide IP Addresses In Plesk

You can hide any IP address that’s been registered in Plesk, which means that no one will then be able to see them. When someone looks under Tools & Settings > IP Addresses they simply won’t be there, so they can’t be assigned. But why would you want to do this? Well, one reason is to stop you from accidentally assigning a private IP address to a subscription.

Note: you’ll get an error that says “The IP address is already used for hosting” if you try to hide one when it’s already been assigned to a subscription (or several of them). The IP address will also get tagged with a “blacklisted” label under Tools & Settings > IP Addresses, but you’ll still be able to assign it though.

To hide one or more IP addresses

Open the panel.ini file for editing and add these lines:

[ip]

blacklist="88.10.196.83"

88.10.196.83 is an IP addresses which you want to hide. You can hide both IPv4 and IPv6 IP addresses. Here’s an example:

[ip]

blacklist="88.10.196.83, 2002:5bcc:18fd:c:f482:d057:9ccf:993D"

Unhiding one or more hidden IP addresses

If you have a change of heart for some reason, you can unhide a hidden IP address, remove it from the panel.ini file and Reread IP.

Log in to Plesk, go to Tools & Settings > IP Addresses, and click on Reread IP.

How To Update The IP Addresses List

You can update the list of IP addresses in Plesk. This registers every current IP address on the server’s network interfaces in Plesk, which can be helpful when:

  • you run Plesk in a Virtuozzo container and have added an IP address using the hardware node.
  • you’ve manually added an IP address to the server.

In both instances, you must update the list of IP addresses before you can assign them to subscriptions.

To update the list of IP addresses:

1. Go to Tools & Settings > IP Addresses.

2. Click on Reread IP.

Assigning The Default Website For an IP Address

The first website hosted on an IP address becomes the default website for that address. If several websites are hosted on one IP address when the IP address is used for browsing it’s the default website that’s returned instead of a domain name.

Let’s say that you host several other websites on one IP address as well as your own. You might want visitors to see your website when they visit, and you can make this happen by making your own website the default one.

To set the default website:

1. Go to Tools & Settings > IP Addresses.

2. Click on the IP address you want.

3. Choose the website you’d like from the Default site menu.

4. Click on OK.

Next Level Ops Podcast: The Best Extensions for Your Website with Jan Loeffler

Next Level Ops Podcast: The Best Extensions for Your Website with Jan Loeffler - Plesk

We’re back with the third episode of the Official Plesk Podcast: Next Level Ops. In this installment, Superhost Joe speaks to the Pleskian Technology Mage, Jan Loeffler. Jan tells us about Plesk Lighthouse Extensions and why they’re super useful.

In This Episode: The Weather, Popular Plesk Extensions, SEO and More

In This Episode: The Weather, Popular Plesk Extensions, SEO and More - Next Level Ops Podcast: The Best Extensions for Your Website with Jan Loeffler - Plesk

If you’re unfamiliar with Plesk extensions, you’re probably wondering what Lighthouse Extensions are. To clarify, Joe and Jan dive right into the specifics, after updating us on the weather of course.

In general, Plesk’s extensions provide extra tools, features and services to users. Their purpose is to enhance the ways in which users work and interact with websites. In particular, they serve a useful role when dealing with specific website areas, such as SEO. So, the SEO Toolkit extension can help users in designing an SEO strategy for better visibility on search engines.

“Usually it’s like running a marathon. If you want to run a marathon, you don’t do it in one day. It needs consistent training and working towards this goal. The same is true for getting on the first page of Google.”, says Jan.

Well Jan, we hope that soon you’ll be able to run a marathon once more after this lockdown is over. We will cheer for you!

"Usually it's like running a marathon. If you want to run a marathon, you don't do it in one day. It needs consistent training and working towards this goal. The same is true for getting on the first page of Google.”

Jan Loeffler

Key Takeaways

  • What are Lighthouse Extensions? There are over 130 extensions in the Plesk Extensions catalog. The Lighthouse Extensions are the most popular among users.
  • Why are the Speed Kit and SEO Toolkit extensions important? As soon as you start selling something on your website, performance matters. If a website takes more than 3 seconds to load, many users will leave. Speed Kit analyzes your site and knows how to cache it. The SEO Toolkit gives you stats to narrow down the areas where your website performance can improve. It supports all major search engines: Google, Bing, Baidu, Yahoo, and so on.
  • How can users get started with Lighthouse Extensions? Some are pre-installed when you spin up a new Plesk server. And the Extensions catalog gives insights into the most popular extensions. Additionally, there’s an Advisor tool that helps users become more productive. It guides you along the value chain and recommends tools you can enable to get the best out of each step.

…Alright Pleskians, it’s time to hit the play button if you want to hear the rest. Or go to our Simplecast channel to listen to the full episode. While you’re there, take a peek at our previous episodes here and here. We’ll be back soon with the next installment.

The Official Plesk Podcast: Next Level Ops Featuring

Joe Casabona

Joe is a college-accredited course developer. He is the founder of Creator Courses.

Jan Loeffler

Jan is the Chief Technical Officer at Plesk.

Remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!