Podcast | Understanding Security and its Importance in eCommerce

Podcast eCommerce security Plesk blog

Another month, another episode of the Official Plesk Podcast: Next Level Ops! In this episode, we have Chris Teitzel, the Founder of Lockr.io. Chris is a cybersecurity expert, and we’re going to get pretty deep on the importance of security when it comes to your eCommerce store, and how you can reduce liability while focusing on what you do best: running your business.

Plesk podcast Chris Tietzel Lockr

In This Episode: Security, SSL, and PCI Compliance

Chris has quite a résumé. On top of running a cybersecurity agency, offering a product that touts some of the highest-level security available, and teaching people about how to secure their websites, he also sits on the Data Privacy and Integrity Advisory Committee (DPIAC) for the Department of Homeland Security.
As Chris mentions in the episode, every decision they make there, which affects privacy and security for larger organizations, trickles down to small businesses:

All of the policies and all of the procedures and everything that we talk about at scale apply to even the smallest companies. But the hardest part about being a small online retailer is that you don’t have the bandwidth to go and do that.

So while those large organizations have the money and team to implement these regulations and mitigate liability, most of us don’t. What can we do? Luckily, there are a lot of great tools out there to help small business owners do the same thing without the mounds of money. 

The first is using an established payment gateway like Stripe and Square to accept payment processing. You don’t need to become a merchant and accept the legal liability of taking credit cards any more. Within a few minutes, you can set up a Stripe account and be ready to go.

The second is SSL certificates through Let’s Encrypt. If you’re accepting payments, you need to use https, and that requires an SSL certificate (or more accurately, as we discuss in the episode, a TLS certificate). With Let’s Encrypt you can get a free certificate that is just as good as the paid ones, as far as security goes.

These 2 services will allow you to accept payments online without the need for millions of dollars to be compliant.

Key Takeaways

  • SSL stands for Secure Socket Layer, and it allows you to send secure data over the internet. As Chris puts it, “[SSL] allows 2 parties to connect and talk over a secure pipeline,” which establishes, “trust in an untrusted environment.”
  • SSL certificates protect from “Man in the Middle” attacks – basically a bad actor attempts to intercept data as it’s sent from a computer to your website.
  • Let’s Encrypt is quickly becoming the go-to for many people to implement SSL on their site. It’s free and offered by most hosting companies, meaning no website has an excuse not to use it.
  • Using managed hosting for your WordPress or WooCommerce site also helps keep your site secure. This allows you to focus on what you do best, because that’s where you’ll make money.
  • Anyone accepting credit cards needs to be PCI Compliant. This is a global standard set by the major Credit Card companies to ensure data security when processing credit card transactions. Luckily today, we have Stripe and Square, who accept the compliance and liability that goes with it.

The Official Plesk Podcast: Next Level Ops Featuring

Joe Casabona

Joe is a college-accredited course developer and podcast consultant. You can find him at Casabona.org.

Chris Teitzel

Chris is the Founder of Lockr.io.

Did you know we’re also on Spotify and Apple Podcasts? In fact, you can find us pretty much anywhere you get your daily dose of podcasts. As always, remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!

IP Addresses Management under Plesk

Manage IPs Plesk blog

Plesk is a user-friendly hosting platform designed to help streamline web hosting and server data center automation. It was was developed for providers of Windows and Linux-based commercial hosting services. The Plesk user management model accommodates both shared and dedicated hosting.

Server administrators can utilize Plesk to configure new sites, email infrastructure, and reseller accounts. They can also create and edit DNS entries via Plesk’s interface. Some of the most important solutions Plesk offers include management and automation of domain names, web apps, email accounts, databases and other tasks. Its ready-to-code environment offers effective security, encompassing numerous operating systems and layers.

Below, we’ll explore how Plesk IP address management works.

Plesk allows you to view, add to, and manage the list of registered IP addresses. Each one registered in Plesk needs to be designated as “dedicated” or “shared”.

What does this mean?

  • “Dedicated” IP addresses are restricted to one account, such as Customer, Plesk Administrator, or Reseller. They can be utilized to host a number of sites if they share an account.
  • “Shared” IP addresses may be shared across multiple websites, even if they don’t belong to the same account.

You can expect the following benefits if you designate your IP address as “dedicated”:

  • You’ll be able to host FTP shares that can be accessed anonymously without password authentication
  • You can reduce IP address reputation damage to websites hosted on it in certain negative situations, such as if a site sends spammy emails
  • You’ll be able to secure websites with an SSL/TLS certification if SNI is unavailable. SNI allows you to implement SSL/TLS to protect sites sharing IP addresses. This may not work for every server and browser, though. You can find more on this topic in this guide to SSL/TLS and shared IPs.

Please be aware, though, that you’ll need to have a shared IP address (or one unassigned IP address) on the server before you can create a subscription and host sites.

Here you may find more information regarding various routine tasks related to IP addresses management:

How to View Lists of Registered IP Addresses

If you want to look at a list of IP addresses registered in Plesk, and their key details (e.g. IP address type, number of hosted websites on a specific IP address), go to Tools & Settings > IP Addresses.

To search for IP addresses, use the search menu. You can open this by tapping the arrow button located on the screen’s right-hand side.

How to Add IP Addresses

You can add IP addresses by following these steps:

  • Navigate to Tools & Settings > IP Addresses
  • Hit the Add IP Address button

IP addresses can only be added on the Virtuozzo hardware node when you run Plesk in a Virtuozzo container. The option to add IP address will not be visible.

When using Plesk in a Virtuozzo container, you can find out more about adding IP addresses in Virtuozzo’s online resources. Re-read IP addresses when you have finished adding the IP addresses you want to include.

If you’re running Plesk for Windows, you can’t add IP addresses to, or take them out of, a network interface when DHCP is activated. Disable DHCP for a given network interface if you want to add or remove an IP address.

  • Go to the Interface menu and choose the IP’s network interface
  • Type the IP address and subnet mask into the relevant field
  • This step is for Plesk servers behind NAT: Set the Public IP address. When you want to add a private IP address you intend for hosting public-facing sites, you can combine it with a public IP address by entering it into the Set the Public IP address box. This will be utilized in A records of this IP’s hosted domains.
  • Choose if you want to make the new IP address dedicated or shared
  • Pick the default SSL/TLS certificate to be used for the new IP address. Every IP address will remain secure courtesy of the default (self-signed) certificate. You can find out more about this in the Securing Connections with SSL/TLS Certificates guide.
  • If using Plesk for Windows, you’ll need to pick an FTPS usage policy too.

The FTP server installed on your Plesk server should support FTP over SSL/TLS if you want to enable secure FTP connections. For instance, Serv-U FTP and Gene6 servers offer the correct support.

Hit OK to add the new IP address.

How to Complete the IP Address List Updating Process

The IP addresses list in Plesk can be updated to register every address on the server’s network interfaces. This may prove beneficial in certain situations, such as:

  • You’re running Plesk in a Virtuozzo container and add an IP address through the hardware node
  • You’re manually adding an IP address on the server

In either of these scenarios, you’ll need to update the IP addresses list before you’re able to assign them to subscriptions.

You can update the list of IP addresses by:

  1. Going to Tools & Settings > IP Addresses
  2. Clicking Reread IP

How to Hide IP Addresses

Any IP address registered in Plesk may be hidden, so they don’t show in Tools & Settings > IP Addresses. They will be unavailable for assignments.

For example, you might choose to hide private IP addresses on the server to prevent them from being assigned to a subscription accidentally.

Please be aware, though, that hiding IP addresses that have been assigned to a subscription (or multiple) will lead to a specific error: “the IP address is already used for hosting”.

As a result, the relevant IP addresses will be labeled as “blacklisted” in Tools & Settings > IP Addresses, though they’ll be available to be assigned.

You can hide IP addresses by:

  1. Editing the panel.ini file and adding these lines:


blacklist=”<IP addresses to be hidden>”

The <IP addresses to be hidden> will be a list of IP addresses to be hidden. You may hide IPv4 and IPv6 IP addresses.

Log in to Plesk and navigate to Tools & Settings > IP Addresses. Next, click Reread IP.

How to Unhide IP Addresses

Changed your mind about hiding certain IP addresses? You can unhide them, remove them from the panel.ini file, and Reread IP.

How to Assign the Default Website for an IP Address

The default website for an address will be the first site hosted on it. But if more than one website is hosted on a single IP address, the default website will be returned when the IP address is used for browsing rather than a domain name.

For instance, you may host your website and various others on a single IP address. You might want visitors to view your own site when they browse the IP address, and you can make this happen by selecting your own website as the default.

Here’s how to pick the default site:

  1. Head to Tools & Settings > IP Addresses
  2. Click on the right IP address
  3. Choose the website you want to make the default from the Default site menu
  4. Click the OK button