The File Manager

You’ve been able to upload files using FTP, but you can also work with the file system through cPanel applications available under the File Management label. You can check how much disk space you’re using with the Disk Space Usage application, find out how many files are in each subdirectory with the File Count application, and manage the files themselves with the File Manager. 

When you access the File Manager, it asks which directory to open, such as the home directory or the site’s document directory. Figure 6-1 shows the File Manager opened in the blipdebit.com home directory. One of its subdirectories is labeled stuff, and contains the files for the site’s weblog.

Figure 6-1. The blipdebit.com website home directory opened in the File Manager

Using the File Manager, you can create a directory or remove an existing one. You can also copy files, create new files, move them, or download files without having to use FTP software. If you want to edit an HTML file, click the file and select the HTML Editor. The file opens into a decent visual HTML editor, shown in Figure 6-2. 

Figure 6-2. Web page opened in the HTML Editor

You can also use the File Manager to change permissions on a file. For the most part you shouldn’t be concerned about file permissions, but some software may require you to change the permission to allow the software to write to the file or to remove write permissions for security purposes. 

When you select a file and then access the File Permission option, a small window opens displaying all the files permissions across User, Group, and World, as shown in Figure 6-3. The permissions are Read, Write, and Execute. When software asks to add or remove permission, you’ll be changing the World, or the Group and World permissions. Just add or remove checkmarks according to what the software needs. 

Figure 6-3. File permissions for the Wordpress wp-config.php file

Managing Recurring Tasks with Cron

Some software requires recurring activities. For instance, many content management systems (CMS) requires you to check if there are new updates on a regular basis. You can schedule the updates in your calendar and manually make them, but a better method is to schedule the task using an automated system: Cron. To perform the automated task, you create a Cron job. 

To create a Cron job, in your cPanel, look for a set of tools under the label Advanced, and then click the Cron jobs icon. The writing at the top of the page notes that you do need to be familiar with Linux commands, but for the most part, software that needs to have Cron jobs set up also provide instructions in what to input into Cron. 

To demonstrate how Cron works, create a text file with some text and load it up to your server. It doesn’t matter what the text is, as it’s only being used as an example. The command you’re going to want Cron to run is the following (modified to fit your environment):

/usr/bin/mail -s "Good Day!" [email protected] 
< /home4/blipdebi/mail.txt

This command mails the contents of the text file to the given email address. You have to specify the complete location for the text file, as Cron won’t know where it is, otherwise. You have to provide the complete location for the application, too, even if it’s one universally available, like mail. The location is most likely /usr/bin/mail for mail. Just assume Cron knows nothing about the system or its applications, and go from there.

To create the Cron job, in the form below the label Add New Cron Job, you’ll be providing information about how often to run the job. There are presets available for the most common options, but we’re going to walk through the steps to set each value. 

There are settings for minute, hour, day, month, and weekday. The Cron job will run every 10 minutes, every hour, and every day. In the first field, you can type in 10, or you can select the option labeled “Every 10 minutes (*/10)” from the Common Settings dropdown. For the rest of the fields, you’re going to type in an asterisk, which symbolizes “every,” as in every hour, every day, every month, and so on.  Once you’ve entered the values for the schedule, type the command into the Command field. Your Cron job entry should look like that given in Figure 6-4. 

Figure 6-4. Setting up new Cron job

One other option is to have the system send you an email each time the Cron job is run. The email will contain output, if any, from your Cron job. You’ll want to provide an email the first time you create a Cron job, because your email will receive any errors that might result from running the job. If no errors occur, and you’re running a frequently occuring Cron job, you can delete the email request. 

All existing Cron jobs are listed in a table below the form to add a new Cron job. You can delete or edit an existing Cron job via this table. 

Command Line Access with SSH

For the most part, everything you need is available via cPanel. The whole purpose for cPanel is to enable all of the functionality you need to manage your website without having to actually log into the server and do it manually.

There may be a time, though, when you’ll want to directly access the command line on your server. For instance, I prefer to use the Linux text editor and make simple edits to files directly via SSH, rather than download the file, make the change, and upload it again. 

To access the command line, you’re going to need the Secure Shell, or SSH. SSH is a protocol that enables secure connection between your home computer and your remote server. Another method is to use Telnet, but your data wouldn’t be secure. Because of the lack of security, most hosting companies only allow you to use SSH. 

You’ll use software on your PC to make this connection. Both the Mac and Linux PCs have this capability installed by default. Windows users will need to download the software. 

I’m going to demonstrate creating a SSH connection on Bluehost, but the steps should be very similar to any cPanel based shared hosting system that allows SSH access. In addition, I’ll demonstrate how to connect to the server using PuTTY, the most commonly used Telnet and SSH application for Windows, freely available to all. 

To start, download PuTTY. There is an installation program, but you can just download the PuTTY application directly from the download page. Place it somewhere you can easily access on your computer.

Next, find the cPanel group labeled Security, and click the icon labeled SSH/Shell Access.  In the window that opens, you may get a warning about needing to verify your account before enabling SSH. Since the blipdebit.com account was verified when it was first created, we don’t have to go through this step. Your experience may vary depending on your host. 

Once you have satisfied the preliminary requirements, click the button in the SSH page labeled Manage SSH Access. SSH is disabled by default. The page that opens has a simple drop-down box with two options: to enable or disable SSH. Select the option to enable SSH and click the Submit button, as shown in Figure 6-5. That’s it: you’re now enabled for SSH access. Now you’re ready to create your connection.

Figure 6-5. Enabling SSH

You don’t have to do anything else to be able to connect to SSH at this point. If you have PuTTY installed, you can open the application, type your domain name into the Host Name field in the Session window, and then provide your username and password. You’ll be connected to your server. 

There’s an additional step, though, that can simplify your connectivity and provide better protection for your account password. You can generate a public/private key pair: encrypted files that provide the necessary connection information. The public key file lives on the server, and the private key file lives on your computer. Instead of entering your account password, you enter a unique passphrase when prompted. 

To generate the public/private key pair, access the cPanel SSH page again, and find and click the Manage  SSH Keys button. In the page that opens, click the “Generate a New Key” button, and fill in the fields, as shown in Figure 6-6. I opted for the default Key Name when I created my keys, but you can use whatever you wish. Make sure to pick a unique passphrase, and record it somewhere: you will need it. Choose RSA encryption type and select the 2048 Key Size. Finally, click the Generate Key button.

Figure 6-6. Generating the public/private key for SSH

The key appears in a table in the Manage SSH Keys page. It’s not currently authorized. To authorize the key, click the Manage Authorization link, and in the page that opens, click the Authorize button. Now you have your authorized public and private keys, as shown in Figure 6-7.

Figure 6-7. Authorized public/private keys

You’re going to download the private key to your computer, into a location you can easily find again. Once downloaded, you’ll need to generate a PuTTY ppk file, using the PuTTYgen tool, downloaded from the PuTTY download page. Just like PuTTY, the tool is ready to use as soon as you download it: you don’t need to run any installation program. 

Double-click the PuTTYgen tool to run the application. In the small window that opens, click the Load button.  Locate the newly downloaded private key and load it. You’ll be prompted to enter your passphrase, as shown in Figure 6-8.

Figure 6-8. Enter a passphrase to generate a ppk file

After the key is loaded, click the “Save private key” button, and save your ppk file to a easy to locate location. Close the PuTTYgen application, and open PuTTY.

PuTTY has options on the left and form fields that open on the right. It should open to the Session form field. Type your domain name into the Host Name field, as shown in Figure 6-9.

Click the Data option under Connection in the left, and in the form that opens, type your username into the “Auto-login username” field, as shown in Figure 6-10.

Figure 6-9. Enter domain name into Host Name field

Figure 6-10. Type in username

Next, click the SSH option, and make sure the Preferred SSH protocol version is set to 2. Click the Auth option listed under SSH, and in the form that opens, browse for the private key ppk file you just generated, as shown in Figure 6-11.

Figure 6-11. Find and load the ppk file you just generated

Return to the Session window, type a name into the Saved Sessions field, and click Save to save the session information. Whenever you want to connect, click your saved session, and click Load to load the settings, then Open to open the connection, demonstrated in Figure 6-12. 

The first time you connect to your server, you’ll get a message similar to the following, except your domain name displays: 

The authenticity of host 'blipdebit.com' can't be established. 
RSA key fingerprint is (sequence of characters). 
Are you sure you want to continue connecting (yes/no)?

Verify the name of the domain, and type Yes. Now you’re connected.

Figure 6-12. Saving the session data and loading it to connect

You’ll need to brush up on your Linux command-line skills to do anything in your newly opened terminal connection. If you’ve not used Linux before, check out the new Linux user resources I mentioned in “Managing Recurring Tasks with Cron”. They’ll get you started.

Secure FTP (SFTP)

SFTP is a way of transferring files using the security established by SSH. Any commands and transmitted data are encrypted, which means no snoop can peek in and see what you’re moving between your server and your local computer. 

Once you’ve enabled support for SSH, you can also use a more secure form of FTP: secure FTP or SFTP. As a matter of fact, once you’ve enabled SSH access for your website, you won’t be able to connect using regular FTP. No worries, though, because connecting with SFTP is a snap.

When connecting with your FTP application, such as Filezilla, select the SFTP protocol option, and make sure the port is set to 22 (the default port for SFTP). You’re all set and ready to transfer files.

Website Statistics

Website statistics provide information about how many visitors come to your website(s), what pages they access, where they come from, and even information about the browsers they use. The latter is useful when you’re tweaking your website design, but the former—who is visiting what pages, and where they came from—can help you improve the overall impact of your site. 

Hosting services that feature cPanel offer multiple statistical programs. You can pick the same program for all sites, all programs for all sites, or a combination. 

To set up statistics for your site, access the Statistics group in cPanel. Click the icon labeled Choose Stats. In the page that opens, shown in Figure 6-13, a table shows the sites and provides options for the statistic programs, in this case AWStats and Webalizer. For now, check all options for all sites. You can always drop programs if you find you prefer one over the others. 

Figure 6-13. Picking statistical programs for each site

It’s going to take at least 24 hours before enough information is collected to make the statistics meaningful. And it really takes at least a month, or more, to get a real understanding of visitor patterns. 

Once there is enough collected data, there are icons in the cPanel to access the statistical programs. You should have access to AWStats and Webalizer, but this differs based on the hosting company. My personal favorite is AWStats, which I use at my burningbird.net site, as shown in Figure 6-14. In the image, we’re looking at the search engine phrases resulting in visits to the site, my personal favorite of all the statistics. 

Figure 6-14. Checking out search phrases resulting in site visits

You can also incorporate other statistical and analytical applications. Wordpress has several plugins (including Jetpack) that incorporate statistics directly in the web pages. Other services, such as Google Analytics, work by embedding code into each web page that’s tracked (also supported by a Wordpress plugin). 

The important point to keep in mind when it comes to statistics is not to get so caught up in it that you spend more time with them than the sites themselves. Site traffic takes time to build, and it shouldn’t be your primary focus. Statistics are nothing more than a useful tool. 

Adding Support for Digital Certificates and SSL

For the most part, your web content is accessed via the HTTP protocol. However, there may be circumstances where you want the increased security offered by incorporating support for HTTPS, or secure HTTP. Many websites now prefer to serve their web pages using HTTPS because data sent to and from the server is encrypted. Encrypted data is data that can’t be snooped or sniffed, which means your usernames, passwords, and other sensitive information is protected. 

Adding support for HTTPS requires adding support for SSL (Secure Sockets Layer), and this means having access to an SSL certificate. An SSL certificate is a digital file that binds a key with an organization, in such a way that the HTTPS protocol is enabled (over the default port of 443). SSL certificates can be either self-signed or signed by a certificate authority (CA). The problem with self-signed SSL certificates is if you use them on your website, every browser that accesses your web page will put up a message basically screaming that your site is unsafe and strongly advocating people not access it. In other words, self-signed certificates are not useful with publicly facing web pages. 

Shared hosting companies offer shared SSL certificates with some or all accounts. However, there are restrictions for using the certificate, including traffic limitations and having to use specific URLs. For instance, Bluehost limits files served to be less than 100 KB, or they’ll be truncated. And you have to use URLs based on the pattern:

https://secure.BlueHost.com/~username

where username is your own username, such as blipdebi. To incorporate into your website, you’d have to add entries to your .htaccess file that redirect your website’s URLs to the Bluehost URLs, but this type of redirection can conflict with other forms of redirection implemented by your weblogging tool. 

The only workable approach for incorporating HTTPS support for your website is to get your own SSL certificate, signed by a CA. Unfortunately, SSL certificates from CA authorities can be pricey. You have to pay an annual fee to use the certificate. 

To get your own certificate, you’ll first need to get your own, unique IP address. Currently you’re sharing an IP address with others, and this isn’t going to work if you want to use your own SSL certificate. Shared hosting companies offer individual IP addressed, though you will have to pay an extra fee for the privilege (currently $3.33 per month in Bluehost). 

Hosting companies also, typically, have an arrangement with one or more CAs, making it much simpler to get an SSL certificate. Bluehost works with two companies, with prices ranging from $49 to $299 annually, depending on your requirements. If you’re not running a storefront, the lower-cost alternative should be all you need. However, if you want to use the certificate with your top-level domain and any subdomains, you will need to purchase a wildcard certificate. This is a certificate variation that provides HTTPS support for your main domain (blipdebit.com), and all first-level subdomains (such as stuff.blipdebit.com). 

To use one of the Bluehost-partnered CAs, access the Addons page, get the dedicated IP address, and then select which CA you’re interested in. The certificate is then automatically installed. Other hosting companies should have similar procedures in place.

If you’re interested in using an SSL certificate from a third-party CA, you’ll still need to get your dedicated IP address first. Then you’ll need to perform a series of actions. I’ll cover those necessary for Bluehost, but the steps should be similar for any shared hosting company.

First you’ll need to generate a private key. When you set up your SSH connection, you created a private/public key combination to support this type of connectivity, and you’ll need to do something similar for the SSL certificate. For Bluehost users, generate the private key by finding the Security group in your cPanel and then clicking the icon labeled SSL/TLS Manager. In the page that opens, click the link labeled “Generate, view, upload, or delete your private key.” In the page that opens, select the key size of 2,048, provide an optional description, and then click the Generate button. The key is displayed in the next page. It’s a good idea to copy the contents of the Encoded Private Key to a file on your computer, just in case you want to use that key in another server. 

Once you’ve generated the private key, next you’ll generate a Certificate Signing Request (CSR). You’ll need to provide this to the CA. Returning to the SSL/TLS Manager page, click the link labeled “Generate, view, or delete SSL certificate signing requests.” In the page that opens, complete the form in the page, providing the domain(s), company name, organization name, city, state, country, email, and passphrase. If your certificate isn’t for a company, you can use your domain name for company name, and whatever you wish for organization. Make sure the email address is valid and one you have access to. And don’t use an important passphrase, because it’s stored in an unencrypted format. 

If you’re only interested in covering one domain, just give the domain name (e.g., blipdebit.com). If you’re interested in covering all your first-level subdomains (e.g., stuff.blipdebit.com), you can specify a wildcard domain, demonstrated in Figure 6-15. The certificate would cover your domain and subdomains. However, CAs charge more, sometimes significantly more, for wildcard certificates.  

When you submit the form, the CSR is generated. You’ll need to copy the encoded certificate signing request into a file on your PC. This is the file you’ll have to submit to the CA when you purchase your SSL certificate.

The process to purchase the actual certificate does vary by CA. Each should provide sufficient instructions to complete the act. Once you have your certificate (file with extension of .crt), you’ll  load it to your hosting company’s server. In the case of Bluehost, access the SSL/TLS Manager page one more time, and click the link labeled “Generate, view, upload, or delete SSL certificates.” In the page that opens, click the button to browse for, and upload the certificate. Once uploaded, you’ll need to open a ticket to request that your key and certificate be installed on the server.

Figure 6-15. Inputting wildcard domain into CSR form

It is simpler to just get your certificate through your host, but the price difference can be significant. For example, purchasing a wildcard certificate from Comodo via Bluehost costs $299 a year. Purchasing the same wildcard certificate from Comodo using the registrar we used for our domain name, Namecheap, costs $94 a year. I would say the cost difference makes up for the additional complexity. 

So you have your certificate installed. Now what? You can force all of your web pages to be served as HTTPS with a couple of relatively minor modifications. 

For your static pages, force them to be served as HTTPS by making a small modification to your site’s .htaccess file. Use the Code Editor in the File Manager (covered earlier) to add the following to this file:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

If you want to serve your Wordpress pages as HTTPS, there is a plugin for that. Actually there are several, but one of the more popular is the Wordpress HTTPS plugin. Just follow the plugin installation instructions. 

Moving Your Site

At some point in time you may need to move your website to a different server/host. How complex the move is depends on what you have installed. If your site consists of static pages, and something like a Wordpress weblog, you’ll need to copy all of your files, but you’ll also need to copy your weblog’s database.

Even if you’re not moving your website, it’s a good idea to make your own backup of all your files, at least once a month. Yes, your shared host also does backups, but there’s no such thing as bad redundancy when it comes to web content.

Backing Up Your Files and Moving Them

You can easily copy all of your file using your FTP software. Before you do so, though, make sure that the FTP tool you use is set to display hidden files, such as .htaccess. If you don’t, these essential files won’t be copied with the rest. 

Create a folder in your computer to contain your backup files. In the FTP tool, such as Filezilla, copy the files by dragging them from your server to your PC, as shown in Figure 6-16.

Figure 6-16. Downloading the public_html files

The public_html subdirectory is the location of your publicly accessible files and contains the files you want to copy. You shouldn’t need to copy files in any higher-level subdirectory, unless you placed the files there yourself. The directories are used by the server for log files, email storage, and so on. 

Once you have a copy of all your files, use the FTP client to relocate them in your new server. If you’re moving hosts, you’ll want to move things as is. This includes keeping the exact same subdomains. Keep the process as simple as possible. You don’t want to move hosts and rearrange your site at the same time. 

Exporting and Importing the Database

If you have installed a CMS like Wordpress, you’ll need to export the database for the tool, as well as copy the files. You can export the database using phpMyAdmin, which is available as an icon under the Database Tools group in cPanel. After logging into phpMyAdmin, click the Databases icon in the top menu bar, and select the database you’re exporting. If you have more than one database, you’ll need to export all of them. 

Prepare Your Weblog for the Move

Before you begin the process of exporting your weblog’s database, you should put your site into maintenance mode. This is a page that tells people that the site is currently undergoing maintenance and will be back shortly. If you think there’s a plugin to manage this for you, you’d be right: I suggest you use WP Maintenance Mode. 

When you click the database, the tables display, similar to that shown in Figure 6-17. Along the top are menu options, including one for exporting the database. Click it. 

Figure 6-17. The Wordpress database

There are two options for exporting the database: Quick or Custom. Keep it simple and pick the Quick option. Make sure the format is SQL, and don’t check the option to store the file on the server: you want to store it on your computer, as shown in Figure 6-18.

Figure 6-18. About to export the database

You now have a copy of the database. To move it to your new host, you’ll need to create the database and import the files. You can’t create the database using phpMyAdmin, you’ll have to use the MySQL Databases tool. Like phpMyAdmin, it should be listed in the cPanel Database Tools group. 

In the page that opens, there’s a space to input the name for the database. You’d like to be able to keep the database names the same, but frequently, hosting companies annotate database names, adding their own imprint, as shown in Figure 6-19. Not a problem: there’s just a file we’ll need to tweak after the database is finished. 

You’ll also need to create a user. Ideally, the user would have the same username and password created when you first created the weblog. However, again, the username may be annotated with the hosting company’s imprint, so type in as close a name as you can. Give the user all privileges when prompted. Once you create the user, add them to the database. All three activities—creating the database, creating the user, and adding the user to the database—are performed in the same MySQL Databases page.

Figure 6-19. Creating a new database

Once the database and user are created, then you can use phpMyAdmin to import your exported SQL into the new database. Open phpMyAdmin, and click the newly created database to open it. Once opened, click the Import button in the top menu bar. Browse for and select your exported database SQL, leave the other fields in the page at their default, as shown in Figure 6-20, and then click the Go button. Once it’s imported, you should have a duplicate of your previous database. 

Figure 6-20. Importing the database entries into new database

The only other change you might have to make is if the database and/or username have changed. If this happens, you’ll have to edit the wp-config.php file in your Wordpress weblog directory. You can edit it using the Code Editor, one of the tools available in the File Manager. Figure 6-21 shows the file opened in the Code Editor, and you can easily spot the two values that need to be changed: DB_NAME and DB_USER. If the password is different, make sure to change the value for that, too. 

Figure 6-21. Editing the wp-config.php file

Change the database and/or username, and save the file. Open the weblog, and you should be ready to go.

If you’re concerned about the process, you can do a trial run. Create a new database and username in your existing host, add the username to the database, and import the exported SQL into it. Then change the wp-config.php file and see if you have any problems with the weblog using the newly created database. If you don’t have any problems with the new database on the existing server, you shouldn’t have any problems with the database on the new server.