How to Install Magento 2.1.3 on PHP 7.1.0

magento on php 7
magento on php 7

Here is how to install and run the latest Magento 2.1.3 on the latest PHP 7.1.0

Disclaimer: although this hack is tested on the default Magento 2.1.3 sample data installation use this with caution for production sites. always test test test!

Patch installation files

Magento 2.1.3 checks php version and refuses to install with php 7.1.0. Let’s bypass it.

Open up setup/src/Magento/Setup/Model/PhpRedinessCheck.php and change line 79

from:

$normalizedPhpVersion = $this->getNormalizedCurrentPhpVersion(PHP_VERSION);

to:

$normalizedPhpVersion = $this->getNormalizedCurrentPhpVersion('7.0.2');
Suppress mcrypt warnings

Edit vendor/magento/framework/Encryption/Crypt.php and prefix all mcrypt/mdecrypt functions with @ :

@mdecrypt_generic

here is a diff file:

54c54
< $this->_handle = @mcrypt_module_open($cipher, ”, $mode, ”);

> $this->_handle = mcrypt_module_open($cipher, ”, $mode, ”);
56c56
< $maxKeySize = @mcrypt_enc_get_key_size($this->_handle);

> $maxKeySize = mcrypt_enc_get_key_size($this->_handle);
62c62
< $initVectorSize = @mcrypt_enc_get_iv_size($this->_handle);

> $initVectorSize = mcrypt_enc_get_iv_size($this->_handle);
80c80
< @mcrypt_module_close($this->_handle);

> mcrypt_module_close($this->_handle);
83c83
< @mcrypt_generic_init($this->_handle, $key, $initVector);

> mcrypt_generic_init($this->_handle, $key, $initVector);
93,94c93,94
< @mcrypt_generic_deinit($this->_handle);
< @mcrypt_module_close($this->_handle);

> mcrypt_generic_deinit($this->_handle);
> mcrypt_module_close($this->_handle);
138c138
< return @mcrypt_generic($this->_handle, $data);

> return mcrypt_generic($this->_handle, $data);
152c152
< $data = @mdecrypt_generic($this->_handle, $data);

> $data = mdecrypt_generic($this->_handle, $data);

rm -rf var/cache/*
rm -rf var/generation/*

WordPress 4.7.3 Security & Maintenance Release

wordpress upgrade
wordpress upgrade

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.2 and earlier are affected by six security issues:

 

  • Control characters can trick redirect URL validation.
  • Reported by Daniel Chatfield.

 

  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Reported by xuliang.

 

  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Reported by Marc Montpas.

 

  • Cross-site scripting (XSS) via taxonomy term names.
  • Reported by Delta.

Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Reported by Sipke Mellema.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.3.

How to activate CloudFlare in the cPanel customer interface

Step 1 – Find CloudFlare in the Control Panel

After the CloudFlare plugin is installed, you will see a CloudFlare icon in cPanel.

 

Step 2 – Activation

If they already have a CloudFlare direct account, sign-in. If not, click on Sign up.


Step 3 – CNAME or Full DNS setup

CNAME setup :  By default, CloudFlare is set up for your customers using CNAME. To enable CloudFlare on CNAME​, please click
Provision Domain with CNAME Setup​ green button.

Full DNS option

Once you enable the Full DNS option in the config.js file, your customers can select and use either CNAME or Full DNS setup. Customers will need to refresh the page after the hosting provider updates their name servers
to CloudFlare’s name servers.

Step 4 – Enable CloudFlare for subdomains

For subdomains, click the grey cloud icon and toggle to orange. This means traffic will flow through CloudFlare for these subdomains.

Enable CloudFlare for subdomains

 

Enable CloudFlare for subdomains

Step 5 — Analytics

Your can see CloudFlare analytics for each site by clicking the “Analytics” icon

Step 5 — Additional settings and upgrades

Users can now control more CloudFlare security settings right from cPanel.

In addition to selecting the basic security level of your site from Essentially Off, Low, Medium, or High, you can configure the Challenge Passage, which specifies how long a visitor is allowed access to your website after completing a challenge.

You can enable Browser Integrity Check which evaluates HTTP headers from your visitors browser for threats, if a threat is found a block page will be delivered. In addition, users can select ‘I’m under attack mode’ when experiencing a DDoS attack on Layer 7. To access additional settings and upgrade from “Free” to “Pro”, customers need to log in to their cloudflare.com account.

cPanel EasyApache 4

easyapache 4
easyapache 4

cPanel continues to surprise the industry-releasing one new feature here and there, making sure that its clients get the most out of their investments. With its newest innovation, cPanel is set to enhance the client’s web hosting experience.

The launch of EasyApache 4 (EA 4) brings various improvements in installation, update, and other features that are important for the client. EasyApache 4 is a major revamp of how cPanel and WHM ships and maintains the Apache and PHP distribution.

EasyApache 4 represents a total overhaul of how cPanel & WHM ships and maintains our Apache and PHP distribution.

Simply explained, EasyApache is the software that installs, configures, updates, and validates your web server, PHP, and other components of your web server.

cPanel & WHM installs EasyApache 4 by default on new installations of systems that run cPanel & WHM version 58 or higher.

EasyApache 4 offers the following improvements over EasyApache 3:

  • Binary packages
  • Software collections
  • Path reorganization
  • MultiPHP support
  • Post-update actions

Binary packages

Binaries are cost-efficient improvements that save time and monetary resources for site owners, server owners, and developers.

Rather than compile binaries from source, we build RPM packages with binaries that you can easily install via yum. This allows for quicker, automatic updates of packages.

The system forks any custom packages from the Red Hat® specification files, but contain the latest version. Binary packages also allow Apache and PHP to automatically update.

Binary Packages allow for quicker updates, installations, and the ability to spin down and spin up different web stacks and configurations quickly. This reduces the cost for site owners and server owners.

These binaries reduce the time it takes for updates and installs to a few minutes. This also allows developers to quickly spin up and spin down different configurations.

Software collections

EasyApache 4 uses the Software Collections Library (SCL) for PHP packages. The use of SCLs enables the installation of multiple, concurrent version of PHP on the file system.

An SCL is an alternate path inside the /opt file that contains the full file system that various software needs. When you enable an SCL, it adds the path within that environment to the system. Commands that do not specify a path and scripts that use the /usr/bin/env file to determine their path can then use this path to find the appropriate version of the software.

How to execute a script with SCL

To execute a script with a software collection environment, you must run the scl command. For example, to run the php -v command on a php56 collection, run the following command:

scl enable ea-php56 ‘php -v’

This command’s output will resemble the following example:

PHP 5.6.6 (cli) (built: Jul 16 2015 12:28:49)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies 

Path reorganization
The system originally stored Apache files in the /usr/local/apache directory. This directory no longer exists except for a few symlinks.
EasyApache 4’s path reorganization includes the following benefits:
  • The additional paths allow EasyApache 4 to function quicker and more efficiently.
  • The additional paths allow multiple directories to store data and symlink between files.
  • The additional paths allow more effective storage of data, especially with backups and recovery.

The following table lists the new file directories where EasyApache 4 now stores the Apache files:

 

File or Directory location Description
/usr/bin/httpd/ This directory contains the actual Apache executable, binary file, and webserver.
/var/log/apache2/ This directory contains all the logs for the apache2 file as well as all access logs.
/etc/apache2/ This directory contains the configuration directory for Apache and contains all directories for Apache includes, modules, and configuration files. This directory does not contain log files.
Note: This directory uses the symlink to the usr/lib64/apache24/ directory.
/usr/lib64/apache2/modules/ This directory contains all of the dynamic modules for Apache.
/opt/cpanel/ea-php*/ This SCL directory contains all of Apache’s binary files.
/etc/apache2/logs/access_log/ This file contains HTTP requests that the server received and that did not go to a domain.
/etc/apache2/logs/domlogs/ This directory contains a log of HTTP requests that the system routed to a domain.
/etc/apache2/logs/error_log/ This file contains error information.
/var/www/html/ This directory contains the document root for the server. It contains default pages that users can see.
/etc/apache2/logs/ This directory contains an alias to the /var/log/apache2/ directory.
/etc/apache2/modules/ This directory contains an alias to the /usr/lib64/apache2/modules/ directory.

MultiPHP support

EasyApache 4 supports multiple versions of PHP. Multiple PHP versions allow you to assign different PHP versions to each of your domains. Coupled with automatic upgrades, this ensures that your PHP applications run on the most up-to-date, secured PHP versions.

Post-update actions

EasyApache 4 removed OptMods and no longer supports them. However, in addition to the new RPM actions that EasyApache 4 can execute from its specification file, we created yum-plugin-universal hooks. These new hooks allow for executable actions based on the package name they operate in. For example, if you run a script on an ea-* package, if any updated packages exist in the ea4 namespace, the system executes these scripts.

Optimize images for SEO and website loading speed

image-compression
image-compression
Why Do I need to optimize Images on my Website?

Then Simple and most basic reason is for improving website SEO and load the website faster. The faster the websites is loaded the more SEO traffic you can expect.

How to reduce the load times of pages by loading appropriately sized images.

Diminish file sizes based on where images will be displayed.

Resize image files themselves instead of via CSS.

Save files in appropriate format depending on usage.

Cost benefit ratio: high value

Access needed

90% of most websites are graphics dependent and therefore there are a lot of image files. Leaving these images uncompressed and in the wrong format can drastically slow down your web page load times. So it’s  important to optimize your images.

Optimizing images for the web

The images create using programs like Photoshop and Illustrator look amazing but often the file sizes are very large.

This is because the images are made in a format which makes them easier to manipulate in different ways.

With file sizes upwards of a couple of megabytes per image, if you put these files on your website it would be very slow to load.

Optimizing your images for the web means saving or compiling your images in a web friendly format depending on what the image contains.

Images hold data other than just the pixels we see on the screen.

This data can add unnecessary size to the image which leads to longer load times as the user waits for the image to download.

In terms of cost versus benefit optimizing your images should be near the top of your page speed optimizations if you don’t have them optimized already.

How it work?

Optimizing images for the website can reduce your total page load size upto 80%.

There are two forms of compression that we need to understand, Lossy and Lossless.

Images in a lossy format will look slightly different than the original image when uncompressed.

Keep in mind that this is only visible at a very close look. Lossy compression is good for website, because images use small amount of memory, but can be sufficiently like the original image.

Images in lossless format retain all the information needed to produce the original image.

For this reason these images carry a lot more data and in return are a much large file size.

Can you imagine take a poster size image and using it as a thumbnail? The little 20px by 20px image would take as long to load as the original poster, when we could just be loading a 20px

We can also optimize images for the website by saving them as the appropriate dimensions.

Resizing the image on the webpage itself using CSS is helpful but the issue is the web browser will still download the entire original file, then resize it and display it.

Optimize Your Images

Full optimization of images can be quite an art to perfect as there are such a wide variety of images you might be dealing with. Here are the most common ways to optimize your images for the web.

Reduce the white space around images – some developers use whitespace for padding which is a big no no.

Crop your images to remove any whitespace around the image and use CSS to provide padding.

Use proper file formats –

If you have icons, bullets or any graphics that don’t have too many colours use a format such as GIF and save the file with lower amounts of colours.

If you have more detailed graphics then use JPG file format to save your images and reduce the quality.

Save your images in the proper dimensions.

If you are having to use HTML or CSS to resize your images, stop right there. Save the image in the desired size to reduce the file size.

To resize your images you will have to use some form of program.

For basic compression you can use a simple editing program such as GIMP.

For more advanced optimization you will have to save specific files in Photoshop, Illustrator or Fireworks.

Tools PageSpeed use to test this recommendation –

WooCommerce Server Requirements

 

The first step insetting up your WooCommerce-powered online store is to install WordPress and the WooCommerce plugin itself. But before doing so, you should check that your hosting environment meets our minimum requirements. These are:

  • PHP 5.6 or greater
  • MySQL 5.6 or greater
  • WooCommerce 2.5 requires WordPress 4.1+
  • WooCommerce 2.6 requires WordPress 4.4+
  • WP Memory limit of 64 MB or greater (128 MB or higher is preferred)

 

You should also check WordPress minimum requirements.

Optional Items
  • Some other optional things that may be required include:
  • CURL or fsockopen support for PayPal IPN
  • Some of our extensions require SOAP support
  • An SSL certificate if you wish to install direct payment gateways
  • Multibyte String support if you’re running a non-english store
  • If you want WordPress pretty-permalinks, there are some additonal requirements listed here
  • You can check if your server has the items listed above after installing WooCommerce from the System Status page.

You can check if your server has the items listed above after installing WooCommerce from the System Status page.

Moving Hosts

Need a new host? Check out our hosting here or dedicated WordPress web hosts listed here.

Domain Name 60 Day Lock

Domain lock
Domain lock

To prevent domain name theft, ICANN requires that domain names be prevented for transfer for 60 days in certain situations:

  • Domain name is within 60 days of initial registration
  • Domain name is within 60 days of a previous transfer

In addition, certain registrars may have procedures to prevent transfer for 60 days as well. For example, the registrar GoDaddy places a 60 day lock on any domain name when the whois information is modified. However, as discussed on Domain Name Wire by Bobdobbs (and verified by DomainSherpa), “The 60 day lock can be overridden by a supervisor if you really NEED your domain transferred.”

However, a domain can be sold and transferred during the 60-day registrar lock. Although the domain cannot typically be transferred to an account outside of your registrar, it can be “pushed” to another account within the same registrar. To do so, the buyer must have an account at the current registrar. The seller then uses the buyer’s registrar account login name and/or account number during the transfer.

What is DomainKeys

Domainkeys
Domainkeys

What is DomainKeys – DomainKeys is an email authentication technology developed by Yahoo, and is primarily used as an additional anti-spam and anti-phishing method.

How DomainKeys works

  • Sending emails

 

The domain owner generates a public / private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers.

When each email is sent by an account within the domain, the DomainKey-enabled email server automatically uses the stored private key to generate a digital signature of the message. This signature is embedded as a header in the sent email, and the email is sent on to the target recipient’s mail server.

  • Receiving emails

 

The DomainKeys-enabled receiving email server extracts the signature and claimed From: domain from the email headers and fetches the public key from DNS for the claimed From: domain.

The public key from DNS is then used by the receiving mail server to verify that the signature was generated by the matching private key. This proves that the email was indeed sent by, and with the permission of, the claimed sending From: domain and that its headers and content weren’t altered during the transfer.

The receiving email server applies the local policies based on the results of the signature test. If the domain is verified and no other antispam tests catch it, the email can be delivered to the user’s inbox. If the signature fails to verify, or there isn’t one, the email can be dropped, flagged or quarantined.

 

How to use a Microsoft Access database on Windows Plesk Hosting

Uploading your database

Login to your the Plesk Control Panel and open the File Manager.

Open the private folder and select Add New Folder.

Click the Browse button and location the database file (*.mdb) file from your local computer.

Press the OK button to upload it.

 

Setting up a database connection

Click on Home to return to the Home page and select ODBC Settings under Services.

Click on the “Add new ODBC DSN” button

Enter the name of the new connection for the database uploaded in the previous steps (You must only use letters and numbers – no spaces). You can also add an optional description.

From the drop down, select “Microsoft Access Driver (*.mdb)” and click OK.

Enter the Database File Path, this will be in a format similar to: E:\inetpub\vhosts\<example.com*gt;\private\<uploaded_database.mdb> (See the section Finding the Database Path below) where example.com is your domain name and uploaded_database.mdb is the name of the database uploaded to the site. Normally the domain name will not include the www part.

The rest of the fields are optional and are normally not needed.

Click on the “Test” button and if the connection has been created correctly you will be shown the message “Connection Successful”.

If you do not see “Connection Successful” please check you have specifed the correct path (without the www). If you need to enter a password to open the database enter the appropriate username and password details.

 

Finding the Database Path

Save the attachment shown below “showpath.asp” and upload this to the ‘httpdocs’ folder for your website.

Browse to this page in your web browser http://www.example.com/showpath.asp (replacing www.example.com)

This should show you a path similar to C:\inetpub\vhosts\<example.com*gt;\httpdocs\showpath.asp

To create the path to your database remove the portion “httpdocs\showpath.asp” from the end and add “private\<uploaded_database.mdb>.

Once this is working, please remove the file showpath.asp from your website as it is no longer needed

CentOS 5 End of Life- Bye Bye

CentOS5
CentOS5

CentOS 5 – 6 months until End of Life

This notice was originally posted when CentOS 5 had one year of supported life left. It now has 6 months. You are encouraged to put your migration plans into action now if you haven’t already done so. CentOS 6 goes EOL in 2020, CentOS 7 in 2024.

As per the announcement upstream, http://rhn.redhat.com/errata/RHSA-2016-0561.html you should know that CentOS 5 now has one year of support life left. People using CentOS 5 are encouraged to start their migration process to a supported version.

It should be noted that, unlike RHEL, there is no extended support option for CentOS. Once RHEL 5 goes EOL upstream on March 31st 2017, there will be no further updates for CentOS 5 at all. Those using CentOS 5 and requiring more than 1 year of life are encouraged to investigate the RH extended support program although that will require a migration to RHEL 5 as it does not apply to CentOS 5.