Knowledge Base » Website

Category > Website

Increase memory for PHP using .htaccess

Thursday, August 18th, 2016

If you see the following error on a PHP script, you can easily fix it by increasing the allowed memory to your PHP script.

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 113 bytes) in

To do that, simply add the line below to a .htaccess file in your public_html folder

php_value memory_limit 256M

You can then verify this using a test PHP file which should have the code below. The Local Value column will reflect the increased value that you set.

< ?php phpinfo(); ?>

How to force SSL (redirect) using .htaccess

Thursday, August 4th, 2016

When your website has SSL enabled, you may want to force all traffic to be served over the SSL encrypted connection only. This can easily be achieved by adding the code below in your .htaccess file. If you have any redirect codes in your .htaccess file, we recommend adding this before that and verifying that no other redirect code is redirecting back to http:// non-SSL URLs.

The code to be added in your .htaccess file is as follows. Replace domainname.com with your own domain.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domainname.com/$1 [R,L]

Redirect all requests to www.website (or non-www)

Thursday, August 4th, 2016

Redirecting your website from non-www to www URLs can be as simple as adding suitable code in your .htaccess file.

For non-WordPress websites, you can use the code below replacing domainname.com with your own domain name.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domainname.com$
RewriteRule ^(.*)$ http://www.domainname.com/$1 [R=301,L]

For WordPress websites, this should be done by setting the URLs in your WordPress General Settings. Using the code above for a WordPress website can put it in a loop.

You can also force non-www URLs in a similar way by changing the code as follows. Again, this should be placed in your .htaccess file located in your public_html folder.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.domainname\.com [NC]
RewriteRule ^(.*)$ http://domainname.com/$1 [L,R=301]

Disable comments in WordPress

Friday, April 19th, 2013

Leaving comments open without good captcha protection in WordPress can lead to a lot of spam and oversized databases. Here is a quick way to disable comments for all posts from PHPMyAdmin (which can be launched from your hosting control panel).

Click the SQL tab in PHPMyAdmin and run the two commands below, one by one. First, we disable commenting on all posts:

UPDATE wp_posts SET comment_status = 'closed';

Next, we globally disable pingbacks/trackbacks on all posts:

UPDATE wp_posts SET ping_status = 'closed';

If you have a lot of SPAM already in the comments table, click the checkbox next to wp_comments under the database structure tab and select “Empty” from the dropdown below the list of tables.

Speed up your website with gzip compression

Thursday, October 4th, 2012

* Note: This article only applies to Linux hosting. On IIS, compression is normally enabled on server level. *

Does your website appear to be loading slow? Speed it up using gzip compress and mod_deflate. You can first verify if your site is already serving compressed content from this link. If it isn’t, add the following code in the .htaccess file under your website folder, save it and then check again for compression. Your site should be loading pages significantly faster now!


### Enable gzip compression for PHP files
php_value output_handler ob_gzhandler

### compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

### End of compression code

Website infected with an IFRAME or malware script

Monday, May 25th, 2009

Websites infected with an IFRAME or malware script

IFRAME and java script based malware infections are growingly common these days. These infections normally occur either through leaked FTP passwords or machines infected with virus / malware that adds these lines of code on files uploaded. Most of the time, it is through a leaked FTP password obtained from an insecure system.

Hackers setup normal looking websites (or use a previously hacked website where the owner is unaware of the malware) and setup expensive keylogging and hacking tools like Mpack. When a user vists the site, it scans the browser for history, passwords and other such critical information. The visitor who is unaware of the keylogger inadvertantly sends passwords and other details to the hacker who then has access to the vistors FTP details. Once the hacker obtains the FTP login details, an automated program or script is then used access the persons website and add hidden iframe or javascript code to the compromised website. Since this gets done through FTP, the user remains unaware of the hack or compromise and no matter what permissions are set, the hacker is able to write to the users website files.

This hacked website is then used to further spread the attack when a visitor opens it and accesses the hidden iframe content. This is a growing issue and thousands of websites are infected almost on a daily basis through this method.

Prevention:
1. Keep your computer operating system up to date at all times. Always download available OS security updates at the earliest.
2. Do not use Internet Explorer to FTP your website. Use a seperate FTP program like Core FTP or WS_FTP
3. Avoid saving passwords in the browser, specially FTP passwords. Do not FTP from a public or insecure connection.
4. Change passwords frequently and set a strong alphanumeric password.
5. Install an antivirus and keep it updated. Avast is a good free antivirus program for home / personal use and can be downloaded from www.avast.com
6. Avoid suspicious websites
7. If you receive an email from an unknown person with an attachment do not open it.

Cleaning up after an infection:
1. Take your site offline and put up a maintenance page on your website to avoid getting it blacklisted by search engines.
2. Format and secure your machine with a reliable install disk or use a fresh installed, OS updated computer with an updated antivirus.
3. Change FTP and other related passwords.
4. Delete all files and upload clean content – verify that the files you are uploading are not infected by checking for unknown Java script or iframe code normally found near the body tag in the code and at the end of the file. If a backup copy is unavailable, check code of files on the server for the same and delete the malware lines of code.
5. Take steps listed in prevention above to avoid repetition of such issues.

Site is black-listed by google / firefox / chrome
1. Follow steps in Cleaning up after infection
2. Follow steps in Prevention
3. Verify that no malware is present in your website
4. Follow http://googlewebmastercentral.blogspot.com/2008/04/my-sites-been-hacked-now-what.html

Other related links
http://googlewebmastercentral.blogspot.com/2007/09/quick-security-checklist-for-webmasters.html
http://googlewebmastercentral.blogspot.com/2008/08/hey-google-i-no-longer-have-badware.html