Security and performance are very important for any website or application. If you are concerned about them, then at some point in time you might have heard of Cloudflare. CloudFlare is a leading security provider for web applications. It is also a DNS provider, and Cloudflare DNS is one of the fastest DNS on earth! Choosing Cloudflare for your website is one of the best decisions you can take to make your sites fast and secure!
We at FlexiCloud Hosting always suggest that you use CloudFlare services in one way or the other.
What is Cloudflare?
In simple words, Cloudflare is a DNS provider. If you want to use Cloudflare services, migrating your name servers to CloudFlare is vital.
Not only they provide one of the fastest DNS servers, but they are also providing a lot of various other services too! Which include a reverse proxy service, edge caching, Free SSL for life, Content Delivery Network, firewalls and many more.
Once you add the site, Cloudflare will query your DNS settings and try to copy them across. It will normally copy all the DNS records including Address records, MX , TXT CNAME, etc. I have seen that it fails to copy the subdomain records if there are any.
So you need to make sure that the subdomain records are replicated too.
After that, it will ask you to change the name servers, which you have to do from the respective domain registrar as well.
Once the name server is changed, it will take a few hours for the site to get activated. Once done you need to enable the Cloudflare icon in the DNS area so that the DNS requests will go through the Cloudflare algorithm.
Enable Free SSL
To enable free SSL from Cloudflare, you first need to enable Cloudflare from the DNS area and then Navigate to the Crypto tab.
If you do not have an edge SSL ( SSL installed in your web server ) , you need to go with the Flexible ssl. If you have a premium SSL installed in your web server ( Enterprise validation), you need to enable the Full SSL.
You can also enable ” Always Use HTTPS” so that the http requests to your site will get redirected automatically to https.
Caching and Minifying with Cloudflare
Go to the Speed tab and you can do auto minify and JS, CSS and HTML. Apart from that, you can have brotili compression, railgun and rocket loader. You can enable them as per your requirement and the plan with CloudFlare that you’re in.
Caching is the Tab where you need to navigate to clear the cloudflare caches. It is necessary some times when cloudflare wont detect the new content ot the change that you have implemented in your app.
Page Rules
Page rules are the most underrated feature of Cloudflare. You can override the default cache settings etc using page rules. You can create a page rule and make sure that the caching and other settings are enabled.
For a WordPress site, this page rule would make wonders.
Do not cache the WordPress admin area.
Summary
Cloudflare is a great tool to reduse the load that a site put towards the sever by offloading the content delivery to its edge servers. It also need that the dynamic content will still be loading from the origin server.
We will discuss more on how to use Cloudflare as a conventional content delivery network, and on how to fix common cloudfalre errors in coming posts.
This is a question that I keep getting whenever I ask someone to migrate to us. Why should I move my websites to FlexiCloud Hosting from my present hosting provider? I have a lot of things in mind, but our expertise and our industry experience come first. Then comes the technologies that we combine in our hosting to provide our clients a great hosting experience.
Linux only
FlexiCloud Hosting is a Linux-only hosting provider. We are fans of Linux and its security features. All our servers are on various Linux variants, mostly CentOS or Ubuntu. All our shared hosting services are in its own chrooted environment, which cannot communicate with other environments. This ensures that even if any website or application is infected, you are at ZERO risk.
We also use a variety of other security features which makes our environment extremely secure – we will be discussing these later in this article.
We are Affordable
We are not a cheap hosting provider. But we are affordable. Because we provide a hassle-free 30-day money back guarantee, you can sign up and try our services at zero risk.
cPanel based Hosting Provider
Our shared hosting platform uses the most popular control panel – cPanel. It is the most popular and very widely accepted control panel, which is not only easy to use but also quite powerful. There are only a few things that you cannot do with cPanel. It’s quite versatile so that you can manage almost all of your hosting through the control panel.
With cPanel you can
Install WordPress or other content management system.
Set up email accounts, forwarder, and filters.
Set up MySQL databases and users, access PHPMyAdmin
Generate and download backups
install SSL certificates
Manage your files
Create other websites easily
Create FTP accounts easily
Manage your DNS
The ease of cPanel makes your hosting management an easy task, as simple as using a webpage.
CloudLinux
Cloudlinux can be easily said as a kernel patch which allows us to decide how much CPU and RAM any user can consume. This ensures that no website can take the entire server down, thereby improving the stability of our servers – and your websites.
CloudLinux also comes with a lot of other features. For example, CloudLinux has its own custom PHP which is very well hardened. This is used in all the FlexiCloud Shared servers. We also use its CageFS feature, which helps us to add each user to its own cage which prohibits the user from using other unallocated system binaries and all without consent.
KernelCare is another tool that we use, which is instrumental in deploying the kernel patches that come in often to our operating systems without a reboot.
Advanced hardware
All our servers comes with Xeon processors, SSD drives with RAID and at-least 64 GB of ram. We will never compromise on the quality of the hardware that we use.
LiteSpeed Powered
FlexiCloud is powered by LiteSpeed web server instead of Apache. LiteSpeed comes with a handful of enhancement which further reduces your page load time, provides DDoS protection, QUIC support, HTTP/2 Support and a lot more.
It also supports .htaccess. So your developer do not want to go and find a htaccess rule converter to find the corresponding rules.
FlexiCloud Hosting is one of the very few cloud hosting companies in India who is offering LiteSpeed hosting in all their plans. LiteSpeed web server comes with an inbuilt caching system for WordPress. It is called Litespeed cache. It is a configurable plugin, which you can download from t cache is considered to be the best caching plugin out there in the market and is quite popular among the WP community.
AI-based firewall
We use an artificial intelligence backed firewall system, which checks the sanity of the IP before allowing it to the server. The AI spider has its legs on all its installed servers and keeps looking for malicious activities from IPs. If any malicious intent is detected, the IP is added to its black/greylist.
If the same IP tries to access a resource in any other server, the intelligence will detect it, and ask it to verify a captcha before proceeding. That way, we are able to cut down a lot of unwanted traffic entering our server. This tool has helped us to become one of the most trusted managed cloud hosting providers.
Not only does it provide us with an inbound firewall, it has a decent malware detector, honey pot, and lot other cool features, including a WAF (web application firewall).
Free SSL
Is your Hosting provider charging you for a basic SSL certificate? Move to FlexiCloud Hosting, we provide free domain validation SSL certificates for all websites, including main and subdomains hosted with us. It’s a COMODO or LetsEncrypt certificate that we are distributing for free.
The only requirement for the SSL is that the site should load from our server. You can switch your site to SSL within 24 hours after you have pointed the site to our servers.
We provide 14 day guaranteed backups in case you need to restore your site to an older version. However, we always suggest that you keep a backup of your own, to be safe from any unforeseen issues with storage.
You can download the backup from your cPanel at any point of time. This is instrumental when you face an unforeseen issue with your website like a malware attack. We can always revert to an older version of the site at any point of time.
Your support is fabulous! I have no words to say! countless thanks.
While we keep our security very high, we have seen many sites getting hacked because of two reasons, there was a security hole when they were migrated to FlexiCloud. Or they haven’t updated their websites with the latest updates and left it to be hacked. We have some in length articles on how to protect your sites from hacking and how to keep it secure.
For advanced plans, we provide free malware removal for websites. We keep our servers secure and we find fewer websites getting hacked. However, if your website ever got hacked, raise a ticket and we can fix it for you or try to restore to a recent backup that we have.
One of the best hosting companies I have ever came across. The support is very fast. They know what they are doing & they know it perfectly well?
This is a one click installer for lots of open source applications. You do not need to spend time installing them, instead, login to your cPanel, navigate to softaculous area and then install your application that you need in a few mouse clicks.
To find all the web applications that we support, check the softaculous area of your FlexiCloud cPanel.
This not only simplifies your on-boarding process, but it will also help you to manage the installations from one single place.
Green Energy!
You heard it right, our servers use green energy. FlexiCloud Hosting is one of the very few hosting providers who is not harming the environment for its energy needs.
Free Migration
We provide free migration of your websites to FlexiCloud Hosting! If you have an ecommerce or a membership website, you will need to take down the site to a maintenance mode to make sure that the ere wont be any data loss.
You just need to raise a ticket so that our support engineers can schedule a migration window and move your site to happiness.
We are technical people, not salespeople
We won’t upsell our products to you unless we feel it is necessary for your business. If you encounter any issue, you can contact us any time and will fix it immediately.
We work entirely differently when you compare us with others in the industry. some times you may not hear from us at all unless there is a bill pending to be paid.
Our client’s testimonials speak for us. We have a lot of clients who have migrated their sites from industry behemoths and are very satisfied with FlexiCloud. They spread their word of happiness. In most cases, they’ll get another intimation when their next billing cycle is due of when their website traffic grows to require an upgrade.
We assure you that you will get peace of mind by hosting with us – no spam calls to upsell us, no worries about performance, and no pressure of unwanted cross promotions.
30-day money back guarantee
Once you start hosting with us, you’ll see the difference and will never want to leave us.
In the unfortunate instance that you miss your ex-hosting provider, within 30 days of your signup, you can always have your 100% money back. Just raise a ticket.
Free and Friendly support
We are are friendly and we are always willing to go the extra mile to help you fix your issues. Our clients speak for us!
I gave up on GoDaddy to be here and I'd recommend everyone to come on this server, these guys are giving over the top services for affordable prices and also are available 24×7,Too happy!!
Who doesn’t want a fast website? According to a study, 25% of your visitors will go away from your website if the site loads in more than 4 seconds. The mobile visitors are increasing day by day as well. These two add the importance of the fact that not only your site needs to be fast, but it also has to be mobile ready as well! I am discussing in this article a few basic steps that you can implement to make your sites fast.
The following are the major factors that decide the speed of your website.
Start with DNS
DNS plays a major role in deciding the speed of your website. Your DNS server should be able to resolve quickly and return the IP address to which the browser or the application that need to be connected. You can look at the fastest DNS servers here https://www.dnsperf.com/ . According to the DNS pref, Cloudflare is the fastest DNS provider. We also recommend them, not only because its free, but it also has a lot of other nice to use features, which will be discussed in up coming posts.
The WebServer matters
Once the DNS is connected, the next action is done by the web server and it plays the next crucial role.
We at FlexiCloud uses Litespeed web server, which is much faster ( at least 500 % ) than Apache, which is used by most of the shared hosting companies. You can read a bit about the official benchmarks taken by LiteSpeed itself here.
If you’re not using a control panel and is building your own server, we suggest to use Nginx web server, which is as fast as Litespeed, and you need to enable the FastCGI or proxy caching ways. We will be discussing how to set those up in a different article in length.
Whats your PHP version ?
The PHP version that you use on your website will play another crucial role in determining the speed of your website. We at FlexiCloud Hosting knows how important this is and we provide multiple versions of PHP for your hosting.
If you are on a WordPress framework, we strongly recommend you to use the latest PHP version, that is PHP7.2. FlexiCloud will be releasing the 7.3 soon and once that is done, you can upgrade your PHP from your cPanel.
Caching
A caching tool will keep the compiled output of the pages to a file and delivers that to the visitor, without taking the requests through the PHP and database over and over. So having a caching plugin is too good for a WordPress site so that the website will use fewer server resources, and the pages will be faster for the visitor.
Since we use the LiteSpeed web server, The FlexiCloud users will be able to use Litespeed Cache for WordPress, which is one of the best caching tools that are available in the market. You can read more about the LiteSpeed Cache for WordPress here in this link.
The size of the images plays a very important role in the page speed. Large images will definitely slow down your site, while very small images will take away the user experience. So you need to find a balance between the image size and quality.
Ideally, you should use JPEG (or JPG) for images with lots of color and PNG for simple images. Because the compression in JPEG is much better than that in PNG. There are a lot of image compression plugins available which you can use. I sometimes use Canva and I have seen it easy to use.
Use a Content Delivery Network
CDN stands for Content delivery network. There are a lot of providers who just hosts your static contents like images videos CSS and JS and deliver them to your visitors.
There are mainly two types of CDN. A traditional CDN, where you configure to host just the static content, and the Reverse proxy CDN, where the entire site is being reverse proxied and cached.
Key CDN, Max CDN etc comes in the first Category, while Cloudflare and Sucuri are the examples of the second type.
If you’re using the reverse proxy, you will need to point your site towards their IP or change the nameservers to theirs. They have a strong firewall and caching rules to speed up your site content and they provide various analytics.
One disadvantage of having a CDN is that you have to keep your images in your server, and the CDN providers have to query the static content as their TTL expires. So if you have a large amount of them you may end up in a slower image delivery site.
Instead, you can offload your images to Amazon s3, or to Digital Ocean spaces or to Google Storage.
You can use the following plugin to do that for Amazon s3. While they have tools to sync images to spaces too, we would prefer the official plugin which can be found down there 🙂
WordPress has an inbuilt cron to handle the repetitive jobs, and over time, it can lose its sanity. Its always preferred to disable the inbuilt cron and add a manual cron job.
Add this line in wp-config.php just before the line that says “That’s all, stop editing! Happy blogging. “
define('DISABLE_WP_CRON', true);
Then you need to add a cron from your cPanel so that the file wp-cron.php will run every 15 or 30 minutes. You can also use plugin like Wp Control plugin to check and see what the cronjobs are running for.
Remote Contents
The number of remote contents that your site loads when a page is fully loaded is another important factor. If you have a lot of remote content, loading from third-party service providers can slow down your site.
Fonts, advertisements etc are common examples. many of the ad networks sites are heavily overloaded and they are slow, so you need to be very careful on the ad network you are using in your site because that could be the one-stop reason for your sites to be slow.
You can use plugins like these to load google fonts locally, which can improve your page speed considerably as well.
Conclusion
These are definitely not all of them, but these cover the most of it. There are a few others like the quality of theme and the plugins that you install also factor into the page speed.
Please let us know if we have missed any important points via comments.
One of the most common issues that we are seeing as a web hosting company is that the sites getting hacked and used to send spams or send out DDoS attacks or to host phishing sites. In this article, I am trying to outline an idea on how to make your sites more secure, what are the best practices and how to secure your sites without compromising the speed. Like every hosting company, WordPress is the most used platform to build the sites in FlexiCloud Hosting as well. That amplifies the importance of this article.
There are many things that a normal web user, who is not a tech-savvy person can do, by which the security of the site will be increased considerably. Google reports between 30000 to 100,0000 websites every week for malware or phishing attacks and these reports directly affect their reliability and visitor confidence, thereby affecting their business. Read about the transparency report on safe browsing by google.
Regular Updates to WordPress
This is one most important rule for security, even though you are not doing anything else. You, no matter what, have to keep your core WordPress up to date regularly. WordPress is a community software, and for that reason, there will be major and minor updates regularly which need to be applied to make the sites run smooth.
Why the updates are important? Because the code is open. It’s not very difficult for a hacker to find websites working on a vulnerable version of WordPress or a particular plugin or theme and initiate an attack on those websites. So whenever there is an update, apply them. You can take the backup of your code and database if you think that may break while you update the core or plugins.
Strong Passwords
The most basic way to hack your website or any online property is to try possible passwords. You should not be keeping your passwords weak, and open an easy way for the hacker to take control of your site.
There are a lot of online and offline tools available these days to generate a very strong password. I normally recommend to use Password generator or LastPass or PassPack for online password generating and saving or you can use KeePassX for offline
Not only your administrator password is important, but your cPanel password, your client area password, your FTP password and your email passwords are equally important when it comes to the security.
Remove Unwanted themes and plugins
Regular housekeeping is important for your sites. You need to make sure that your sites haveintalled those themes and plugins that your use. If you do not use a plugin, you can deactivate and delete it.
Not only it will improve the security, it will also helps your site to speed up.
Regular Backups
We need to make sure that our reactive measures are working before we implement a proactive system. The first and most efficient way to implement a reactive protection is to keep your backups safe. There are a lot of Plugins that you can use which takes your backups and sends them to a safe location.
FlexiCloud Hosting takes your backups daily and saves it for 14 days before we purge the older ones.
There are tools like code guard which will alert you when a modification on your files are noticed.
Disable File editing
You can disable the default code editor inside WordPress by adding the following code into the wp-config.php.
We recommend the plugin WPS hide login so that it will create a custom login URL for you and disable access to your default wp-login.php page.
Disable file execution in uploads folder
Add the following line in your uploads folder’s ( normally wp-content/uploads) .htaccess file, so that PHP files cannot execute under the folder, and increase the security.
<Files *.php>
deny from all
</Files>
Do not use the default admin username
By default, the admin username is ” admin ” and most people do not know that it can be any name. Using admin as the administrator username is a potential risk, and we recommend not to use it.
Use Latest PHP version
The version of PHP plays an important role not only in the speed of the site, but also the security. Now that the PHP 7.3 is almost released, you should stop using PHP5.x. We at FlexiCloud Hosting, have the default PHP in all our servers as 7.2, with an option to change the version to your required one from cPanel.
Disable XML-RPC
The XML RPC feature was enabled in the wordpress to help the mobile apps to communicate with your site. Some plugins like JetPack also uses the feature.
I am hoping that the WordPress will soon move towards an API based communication than xmlrpc based. Till then there are chances for a potential attack through it.
I would normally suggest disabling access to xmlrpc.php via htaccess rule.
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 11.22.33.44
</Files>
Conclusion
Security never ends, Its an ongoing process. We will keep you posted with the updates that we have on this area.
This page helps you with a few basic stuff which is necessary to get on boarded with FlexiCloud, and understand how we work. This will also help you to how to take care of your hosting and understand what are the best practices.
We will keep on updating this article regularly.
Support
Support is the most important tool that you need when you are hosting an important website. You can always get free support as per your plan by raising a ticket from your client portal or by sending email to [email protected]
We do not encourage support through social media and we consider social media like Facebook and Twitter as a broadcasting platform. However, whenever possible, we address the queries via social media as much as possible. But in case of any emergency, the primary channel for support is the ticketing system from your client area.
NameServers.
Name servers play a key role in pointing the domain name to a server where you have the code located. If you have chosen to use a domain name that is bought from a different provider like GoDaddy, you will need to change name servers or point the domain name to our IP address.
To change the name servers you will need to login to the control panel of the domain registrar and change the name servers to
Once you have changed the name servers, you will need to wait a few hours for the change to get propagated.
If you do not want to change the nameservers, you can point the site’s IP to our server. You’ll find the IP address from the welcome email or from your cPanel.
SSL
Once the site has started resolving from our server, the autoSSL will install a Domain Validation SSL certificate on your website automatically. This process can normally take upto 24 hours after name server or IP change has happened.
You can speed up your SSL installation process, after the name server change by going to the cPanel >> SSL status.
Softaculous
If you want to install any open source applications like WordPress or Drupal you can do these from the Softaculous area inside the cPanel. You do not need to take the pain in downloading the applications, and install it in the traditional way, but you can install it from your cPanel >> Softaculous area with a few clicks.
Emails
To create email accounts, please go to Cpanel => Email Accounts Section, and create email IDs. Once that is created, and MX is pointing to our server, the emails will start working.
Accessing the email
There are two ways to access your email account, using webmail and using your email client.
Via webmail: Login to the webmail interface at SERVERNAME/webmail . You can get your server name from your welcome email from FlexiCloud Hosting. The webmail interface will ask for a username and password which is the full email ID and the password that you’d created.
Via email client: Using an email client, you can connect to our server via IMAP or POP. A normal configuration will ask for the incoming and outgoing server which will be the server name. The username and password will be the full email ID and the password that you’d created from cPanel.
Please ensure that you should set the frequency to check emails as once in three minutes at most. If you connect more frequently to the server to check emails, it will result in the blocking of your IP address by the firewall. If this happens, you will need to contact our tech support to get the ban lifted on the IP.
If you are using POP, please ensure that you have not set the mail client to delete your emails automatically after download. If you do so, it may result in losing those emails from other devices.
Backups
Multiple backups of your data is very important. FlexiCloud Hosting provides a variety of backup options for our clients, because we take up backup very seriously.
Our backup engine takes backup of every accounts, daily, and keep it on a different disc drive. This backup will be retained for seven calendar days. For disaster recovery, the backups will be synced with a remote disc ( google drive/amazonS3/dropbox ), regularly. Even though we do take backups, we have provided options so that you can download your backups through cPanel. We would strongly suggest that you take regular backup of your data and save it in different locations in case of any catastrophe.
Malware
We use multiple tools to detect and alert the presence of malware/vulnerabilities in the code, and remove them from our servers.
