Feed: Bolt Web Hosting, Inc. - AggScore: 32.0

Server Cluster Upgrades – 4/11/12 8:00PM PST

Dear clients,

Please be advised that we will be performing some upgrades to the new server cluster that we have been moving our shared/reseller web hosting clients to.

We have identified a bottleneck in the new hardware that has to do with mysql, and we are going to be installing solid state drives (SSDs) that will be dedicated to hosting mysql on each server. This will eliminate the bottleneck and make the servers run faster.

This upgrade will take approximately 60 to 75 minutes and will be commencing at approximately 8:00PM PST tonight (just under 5 hours from now).

During this upgrade, the servers will be offline as the new drives are mounted, formatted, and have the databases moved over to them.

If your websites have not yet been moved to the new server cluster, then you will be unaffected by this. Additionally, VPS clients will be unaffected by this upgrade.

We appreciate your patience and wish you a fantastic evening!

cPanel Patch Resulting in Major Changes to WHM and cPanel

Dear clients,

Please be advised that yesterday cPanel released a major patch which has affected all clients, especially VPS and reseller clients who access WHM.

If you are on a VPS, you may get presented with a license agreement upon logging in, simply accept the new agreement to get into WHM.

Another big change that all clients will notice is the login screen for WHM and cPanel has changed. It went from the standard grey login page to a very blue login page.

We have also had several clients raise concerns about certain features like IonCube or various PHP libraries, email, and even mysql not being fully functional and causing issues. We are aware of the problems and are trying to get everything working as quickly as possible.

We apologize if this caused any confusion, but we have no control over this patch as we need to keep our servers updated to the latest version.

You can read about this massive cPanel patch on their website here: http://www.cpanel.net/releases/1132/index.html

Sincerely,

Christian Little
Bolt Web Hosting Inc.

New Servers, New Data Center, New Levels of Amazing Service!

Today we are announcing that we have finalized the deal with our new data center and will be getting new servers deployed there over the coming weeks!

There are several exciting features with these servers, but we are going to show you some of the most important elements:

E3 Processors – Our current servers are running Intel Xeon E5620 and X3440 processors. These new servers will be running on E3 CPUs, which process data faster and more reliably.

RAID10 – That’s right! All of the new servers will have a RAID10 setup, meaning faster read/write times and a redundant backup system in case of a hard drive failure. No more waiting several hours for the server to come back up in the event of a hard drive failure!

Hot-Swappable Drives – What could be better than RAID10? How about hot-swappable hard drive bays with RAID10! If a hard drive fails on the new servers, we can simply pull it out and plug a new one in and let RAID do it’s magic, no more turning off a server and de-racking to to replace hard drives!

Enhanced Security – We are deploying new hardware firewalls and routers. Combined with a new security policy, these new servers will be extremely resilient against hackers.

Enhanced Anti-Spam Policies – These new servers will have strict email anti-spam policies in place. Not only does this reduce both inbound and outbound spam, but it also ensures the integrity of our IPs.

LiteSpeed – These new servers will be deployed with the extremely powerful LiteSpeed Web Server. Working on conjunction with Apache, LiteSpeed has been proven to greatly enhance the response rate of a web server by up to 400%!

There are many other features on this new line of servers, suffice to say these new servers will super charge your web hosting experience!

Once these new servers start coming online, we will be contacting clients individually to notify them about their transition. Nothing will be required from you, thanks to our DNS cluster we can move clients to and from any server without waiting on you to update where your domains are pointed!

Stay tuned as we move into a new era of exceptional web hosting services!

Who Wants Free Web Hosting For a Year?

Guess what? We’ve decided to give you the chance to win free hosting for a year!

On April 2 2012 we are going to be selecting 2 randomly chosen clients that have an active hosting account with us.

The first client chosen will get the grand prize of free hosting for 12 months! Whatever hosting plan you have with us will be covered for the next 12 months (wouldn’t that be amazing if you got your VPS covered for the next 12 months?).

The second client chosen will get 6 months of free web hosting! As above, it will apply to whatever hosting plan you have with us.

This is just the tip of the iceberg everybody! We are going to be announcing even more draws and contests in the coming months that might net you a free domain name, more free hosting, and even some other fun prizes that we are currently looking at (wouldn’t it be cool if your hosting company gave you a brand new TV?)

If you know anybody that is looking for a new web host, this would be the time to tell them about us.

Only clients with an active hosting plan in good standing qualify for this draw.

Hacked WordPress: How to Fix it in 5 Steps

Was your WordPress hacked? Not sure what to do? Then read this guide that walks you through cleaing up a hacked wordpress website.

Help! Somebody hacked WordPress on my site! My visitors are seeing a big red message about malware on my sites!

This is one of the most common problems that website owners run into and come to us with – how to deal with a hacked wordpress.

This guide is not the solution for every single hacked wordpress, but it will point you in the right direction on how to figure out exactly where the hack is and how to remove the hack.

Step One: Don’t Panic

It sounds simple enough but you would be amazed how how easy it is to panic when your find your wordpress blog has been hacked. Stressing yourself our and panicing will not fix your website, so take a few deep breaths and let yourself be calm. You will find that by calming yourself down are you more able to deal with this problem.

Step Two: Change ALL Of Your Passwords

One of the most common methods that a hacker uses to break into your hosting account or website is to get the password. So take two minutes and chance all your passwords for cPanel, WordPress, and any other logins on your website.

You should NEVER use the same password for multiple logins. EVER.

Step Three: Check Important Files

The first file you should check is the .htaccess file in the public_html folder. Hackers love abusing this file because by making changes to it they can affect every page on your website. So check this file and see if there’s any kind of javascript code, or maybe it’s redirecting your visitors to a domain you do not recognize.

It is extremely important not to delete the .htaccess file if you run WordPress, as WordPress has several directives in there that have to be there for your website to function. If you see something that does not look right, try deleting it from the file, do not just delete the entire file.

Important: The following code MUST be in the .htaccess file for WordPress to function. If the following code is missing, WordPress will NOT function properly:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Everything else in the file is optional, it is normal for plugins to add code to the .htaccess file (especially caching and CDN plugins). But you can wipe everything out of the file and just have the above code to get WordPress working. If you wipe out code that is used by your plugins, you can simply de-activate and re-active the plugins and they will update the .htaccess file automatically.

Another important thing to note is that the .htaccess file is NOT visible in the cPanel File Manager. You need to connect with an FTP program or via SSH to access it.

The next file you should check is the .htaccess file in the document root of your files. Normally this file does not exist here, but we have seen some hackers stick a copy of the hacked .htaccess file here so that if you take out the one in the public_html folder it is still hacked.

If your wordpress is still hacked, the next step is to check index.php. If you see anything fishy (like javascript code that you do not recognize, then wipe it out).

The last files to check are the Javascript (.js) files for your theme. For wordpress sites, they can be found in the /wp-content/themes/(theme) folder. If you see some really weird looking code, it is probably obfuscated JS code that redirects your visitors off your site, wipe it out.

There are a lot of other core files you could check, but the .htaccess file and theme template files are what hackers usually go after. If you are comfortable enough with WordPress, you should check the wp-content and wp-includes folders to see if anything is going on in there. One really good way of checking is to pull up a directory listing and look at the “Last Modified” value for each file. If you know you have not touched any of the files in 3 months and have not updated WordPress in 3 months, then you know anything modified within the past few days was probably done by a hacker.

Step Four: Outside Help

If your website is still hacked after doing the above, then it is time to take more drastic action. And for this you need a few free tools:

• Securi SiteCheck (http://sitecheck.sucuri.net/scanner/): This is our #1 recommendation for website malware scanners because it gives you a detailed report showing not only the infected files, but the exact lines of code that it feels were added or modified by a hacker.
• VirusTotal (https://www.virustotal.com/): While Securi SiteCheck scans for malicious code (i.e. redirects to other websites, etc), VirusTotal scans for trojans and other viruses which can actually infect people that come to your website. Whenever a client comes to us about a hacked website, this is one of the first things we check and we highly recommend it.
• URL Void (http://www.urlvoid.com/): This tool checks the reputation of your website against numerous blacklists. While it will not tell you what is wrong with your website, it will tell you who thinks you have a problem with your website. This can be useful after cleaning up your files to try and repair your reputation.

Drop the URL of your website into those three tools. Each of them will connect to your hacked WordPress site, and scan it for malicious activity. If they find anything, they will give you a report showing what is wrong. The Securi.net scanner is extremely useful, as it provides detailed information on infected files (it tells you exactly which files are infected, and it even shows you the specific block of code that is causing the problem). As such, we recommend using that tool first as it will help you wipe out 99% of malicious code on your website.

Step Five: Contact Your Web Host

If the above three steps have not removed the malicious code from your hacked WordPress, then it is time to seek help from your web hosting company. Odds are they can narrow down the problem and help you get rid of it. Most hosting companies (ourselves included) have a set of tools that monitor websites and scan file systems for problems and can figure out where the problem is rather quickly.

We hope you find this guide useful, and we really hope you do not have to go through the stress of dealing with a hacked WordPress. But if you do, now you at least have some foundation to work with!

How to Increase the Security of Your WordPress Blog in Less Than 5 Minutes

A common misconception for website owners is that their hosting company takes care of the security for them, and while this is true to a certain extent there are ways that hackers can essentially ignore the security of the server and attack your website directly. So today we are going to show you a couple of plugins that every WordPress blog should have that will make your blog much more secure.

The last thing you want is to wake up one morning and discover that a hacker deleted your blog and put up a redirect to a foreign pornographic website.

You do keep regular backups of your site in case that happens right? Right???

Why Isn’t My Web Host Protecting Me?

You web host can offer a certain degree of protection in terms of firewalls, monitoring software, and numerous other things that protect the server (which in turn protects you). But most security software does not monitor WordPress specifically, and since there are several potential security holes with WordPress, you are at risk.

Your web host can protect you against a lot of things, but WordPress (and other platforms like Joomla, Mambo, and so on) are independent applications that can be attacked directly by a hacker.

Anyways, here are three (actually four) really good plugins that help secure your WordPress blog.

To add any of these plugins to your WordPress blog, simply:

1. Login to WordPress
2. Click on Plugins
3. Click on Add New
4. Click on Search
5. Enter the name of the plugins below
6. Click Install

The entire process takes about one minute per plugin.

WordPress Firewall

This plugin monitors URL parameters and files that are requested by visitors to your website. If they try to do anything sneaky (like injecting MySQL code via a URL parameter), this plugin catches it and stops them. The beauty of this plugin is that runs automatically on it’s own (you just need to feed it your email address so it can let you know when it’s blocked somebody).

Once installed, simply click on Settings, then on Firewall to configure the plugin. Enter your email address, leave everything else as-is. (Ensure that “Block leading http:// and https:// in application parameters” is NOT checked in the configuration page, as this will break a lot of plugins if it is enabled).

Login Lockdown

This handy little plugin monitors who is trying to login to WordPress, if somebody fails a login attempt it makes a record of it. If they fail multiple login attempts, the plugin kicks in and prevents them from being able to login to your blog. This is one of the best plugins available that stops brute-force attacks against your WordPress blog, and it’s very easy to configure.

Once installed, click on Settings, then on Login LockDown and configure it. At the bottom of the configuration page, it gives you a list of any IPs that have been blocked, so you can see who is trying to break into your site.

WP-Security

This tool is a security scanner which looks at the server you are on as well as your WordPress folders and files. It’s really good at identifying folders that hackers can exploit. There’s two parts to this plugin: WSD Security and the Scanner.

WSD Security provides you with general information about your server and it checks a few things in the database and .htaccess files. It gives you some recommendations on how to enhance the security of your blog, and you should follow what it says here.

Scanner checks the folders of your blog to see if they have the right file permissions. It will tell you if you need to change the folder permissions to minimize potential security risks.

Website Defender

This is an addon plugin to WP-Security. Website Defender is a malware and virus scanner which routinely scans your WordPress blog remotely and alerts you to any problems. This is an amazing tool for discovering if somebody has hidden some nasty JavaScript code on your site, and we highly recommend it. Like all the other plugins listed here, this is FREE.

To get Website Defender, simply click on the WSD security menu (appears after you install the WP-Security plugin above) and you’ll see a signup box on the right. Register your site through that form, and it will create your account. Then you simply need to go to WebsiteDefender.com, login with your new account, and verify a few things (they’ll ask you to upload a PHP file to your blog, do it). Then wait for the scanning to begin. They will send you an email notification if they ever detect anything wrong on your site.

All Done!

Let’s do a quick review, in five minutes you have protected your WordPress blog from:

Brute-Force Login attempts: A person or program trying to break into WordPress by guessing your password randomly.

URL Parameter and MySQL injection attacks: Exploiting flaws in the WordPress engine by passing certain commands via URL parameters.

Folder traversing: Finding all your files and looking for holes in your file permissions and folder security.

JavaScript, Viruses, and Malicious Code Injection: Adding evil code to your blog that infects your visitors.

Not bad for five minutes of work!

How to Install a SSL Certificate in cPanel

We frequently have clients asking for help with installing a SSL certificate for their website, so we’ve put together this guide that walks you through the entire process. From start to finish it takes about 15 minutes to complete.

Requirements

Before you can install a SSL certificate in cPanel, you need to make sure the site in question is on a dedicated IP address. Odds are that if you have a shared or reseller hosting plan, your site is on a shared IP address and you need to talk to your web host about getting a dedicated IP for your site before following this guide (there is usually a fee associated with a dedicated IP, for most hosts this is $2 – $5 per month to cover the cost of the IP address).

Warning: Attempting to install a SSL certificate on a domain that does not have a dedicated IP will result in some rather unpleasant error messages in cPanel, and could cause performance problems with your website. If you are uncertain at all, double-check with your web host if your domain has a dedicated IP.

Alternatively, cPanel can tell you simply by looking at the stats on the left. Simply click on “Expand Stats” under the table to see the full list, and you should see something that looks like this:

If your site is not on a dedicated IP, it will instead say “Shared IP Address” with the shared IP.

In addition to the dedicated IP address, you need to purchase the SSL certificate. There are plenty of companies offering SSL certificates for reasonable rates, we recommend shopping around and finding the certificate that suits you.

SSL / TLS Manager

Once you have confirmed that you are on a dedicated IP address, click on the “SSL / TLS Manager” inside cPanel:

That will load this page:

Generate a Certificate Signing Request (CSR)

The first step is to click on “Generate, view, or delete SSL certificate signing requests”. That will present you with a form that lets you generate a Certificate Signing Request, fill out the form and make sure you select your domain as the host.

Once you have filled out the form, click on the Generate button, and you’ll get a screen that looks like this:

The page will actually show 2 boxes, but we are only interested in the first box that is titled “SSL Certificate Signing Request”.

Copy the CSR To Your SSL Issuer

You now need to copy the entire contents of the CSR box and give it to the company that you bought the SSL certificate from. They should have a web form somewhere on their site (you’ll probably need to be logged in and click on the SSL certificate in their interface) where you can paste the CSR.

Important: You must copy the entire CSR (including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—–) if you don’t, the certificate will not work.

Important 2: If your SSL issuer asks what type of server you are on, select “cPanel” if it’s an option. If not you might need to select “CentOS / Apache” (or whatever configuration your hosting environment uses), but almost all issuers will have cPanel as an option.

Download the .crt, .key, and ca Files

When you input the CSR, the company you bought the SSL certificate from should provide you with two or three files:

The .crt file (required) is the actual certificate. Every SSL issuer provides this file.

The .key file (optional) is the RSA private key. If the issuer gives you the .key file, then you MUST download it.

The .ca file is a CA Bundle, and is provided by certain issuers. If the issuer gives you an CA Bundle, then you MUST download it (or the certificate installation will fail).

Install the Certificate

Now you have the two (or three) items required to install the SSL certificate: the CRT File, the RSA private key, and possibly a CA bundle file.

Go back into the SSL / TLS Manager in cPanel, and this time click on “Setup a SSL certificate to work with your site”, you’ll get the following form:

Now you just need to do the following:

1) Select your domain from the domain drop-down menu at the very top.

2) Open the .crt file with a text editor like notepad, and copy/paste everything in it to the Certificate box.

3) Open the .key file with a text editor like notepad, and copy/paste everything in it to the Key box. Note: If your issuer did not give you the .key file, then you should be able to click the Fetch button for this field on the form and it will automatically populate with the the correct information.

4) Open the ca file (if they gave you one) with a text editor, and copy/paste everything in it to the CA Bundle box.

5) Click Install Certificate

Assuming everything installed properly, you now have a functional SSL certificate on your website.

Testing the Certificate

Before you start using the certificate, you need to test it. Some SSL certificates don’t install properly on the first few attempts and need to be done again (this is completely normal).

To test the SSL certificate, go to the SSL Checker tool here: http://www.sslshopper.com/ssl-checker.html

Enter your domain name and click “Check SSL”. The website will connect to your website via SSL and verify that the certificate is valid and working properly.

If the SSL certificate installed properly, then you will see a report that looks something like this:

If the SSL certificate did not install properly, then you may need to delete the certificate from cPanel and repeat the entire process over. This is common and is nothing to worry about – sometimes it takes 5-6 attempts of installing a SSL certificate to make it work properly. If this situation arises, simply go into the SSL / TLS Manager in cPanel and delete the CSR and the SSL certificate and repeat this process.

wp-cron.php – How To Stop It From Running Frequently

Did You Know?

WordPress has grown way beyond its original purpose, which was a blogging platform. Now with the right plugins, themes, and content, you can use WordPress as a fully functional content management system.

There are a lot of non-blog sites out there powered by WordPress, take About.com for example – they run a variation of WordPress Multisite. They had their own version of it running long before WordPress Multisite, or even its predecessor WordPress Multiuser (or WordPress MU as it was officially called back then).

Official Website: http://wordpress.org/

WordPress is an amazing platform which powers millions of websites. Unfortunately, it can also be extremely inefficient at times – and one particular example is wp-cron.php.

What Is wp-cron.php?

This file is a PHP script which runs all the automated tasks that let WordPress do all it’s wonderful tricks. Some examples include:

• Posting content when it is scheduled to be posted at specific times
• Check all pending comments for spam (if you have plugins like Akisment running)
• Send emails (i.e. if you have the option enabled where you get emailed whenever a comment is posted, this script handles the email)

Basically wp-cron.php is the automatic part of WordPress.

Why Is wp-cron.php Bad?

Wp-cron.php is called every time a page is loaded. That means if you are getting 50 visitors to your site every hour, and each of them reads 2-3 pages, then wp-cron.php is being called:

• 50 x 2.5 = 125 times per hour
• 125 x 24 = 3,000 times per day
• 3,000 x 30 = 90,000 times per month!

It does not just stop there, because unlike other features in WordPress, the wp-cron.php is spawned as an independent process which can sometimes take several minutes to complete its operations. So an active WordPress site with the traffic volume listed above is spawing 3,000 processes every day which do not really do anything.

Wait, You Said wp-cron.php Does Stuff

Yes it does, but if it’s being run every second it becomes redundant, and this is where you have a problem. A script that runs 3,000 times per day is not necessary, and it can put a rather annoying burden on the server, which affects not only you, but everybody else on the server as well.

The only reason you would need the script running that frequently is if you have 10 or more new posts being scheduled to appear every hour on your website (as the scheduler would be guaranteed to run on-time).

If you are a normal user that updates your site only a handful of times every week, then the default setting for wp-cron.php is extremely overkill and it can actually cause performance issues not only for your site, but other sites on the same server.

Think about it this way, supposed there are 100 WordPress blogs on the server (odds are there are many more than that, but for the sake of an example we’ll stick with 100). Those WordPress blogs could potentially be causing 300,000 erroneous processes every day, and 99% of them won’t do anything when they run. As you can probably imagine, 300,000 useless processes running on a server is a huge amount.

But don’t fret, there’s a simple way to being part of the solution, rather than being part of the problem.

How to Tweak wp-cron.php

There is a two-step process that you can do to stop this type of nonsense, which in turns makes your account consume less CPU, which in turn makes the server have a lower load, which in turn makes everybodys websites run faster.
Here’s how it works:

First, you need to stop wp-cron.php from running on every page view. Do this by opening the file wp-config.php (found in the folder where WordPress is installed) and add the following line close to the top of the file:

define(‘DISABLE_WP_CRON’, true);

What that does is tell the WordPress engine not to run the wp-cron.php script on every page view, essentially it disables it.

Second, you need to create a way for the wp-cron.php file to run on a regular basis. Usually the best way to do this is a normal cron job. Create a cron job in cPanel that runs every hour (or less frequently, see below for suggested frequencies), and have the cronjob run this command:

wget -O /dev/null http://www.example.com/wp-cron.php?doing_wp_cron

Change example.com to whatever your domain name is.
That command tells linux to run the wp-cron.php via wget, which works fine and triggers the wp-cron.php script into doing its magic.

All done! You’ve just stopped your website from generating a significant number of processes on the server and it took you a whole five minutes to accomplish! Your web hosting company will thank you, and everybody on the server will appreciate that you are trying to reduce the load you are causing on the server.

Suggested Frequencies

Here is our recommended run times for the cron job if you decide to implement it. This really boils down to two factors:

First – if you are having posts added hourly, then you should set the cron job to run hourly. However this only applies if you are using WordPress’s built-in scheduler to post the content. If you are not using the scheduler at all, then this factor is of no concern to you.

Second – how frequently comments are being left at your blog. If, for example you are getting 1-2 comments per day, then setting the cron job to run every 12 or 24 hours won’t really hurt you at all. Whereas if you are getting 10-20 comments/day, then you might want to look at running the cron job every 2-3 hours. However, if you are constantly getting a lot of comments (and as such, have tools like Akisment and such needing to run frequently), then we suggest running it every 15 minutes.

There is absolutely no reason to have the cron job running more frequently than every 15 minutes.

We strongly recommend you start with running the cron job every 4 or 12 hours and adjust as needed.

It’s a Bird, No It’s a Plane…Wait It’s a Lightning Bolt?

We’ve just launched a new site design, and we finally have a logo worth showing!

Say good-bye to the old 2011 design that has a very corporate feeling, and say hello to our new 2012 design featuring our new mascot – a lightning bolt!

We have plenty more changes coming over the next few weeks as we roll into the New Year, this is just the tip of the iceburg.

In 2011 we focused a lot of our energy on infrastructure and planning for growth.

This year is all about focusing on our existing clients as well as welcoming new clients to our services.

As such, we decided we needed a new design for our website which was more fun. And you wouldn’t believe how hard it is to create a mascot out of a lightning bolt while making it look good on a web page.

So we’d like to introduce our new mascot, and are taking suggestions for names for the cute little guy.

Some other exciting projects that we have coming down the pipe very soon:

Domain Registrations: We’re finally doing it! We’re taking the plunge into the domain registration market and pretty soon you’ll be able to get .coms and every other domain extension through us if you so choose to.

Contests: We have some great contests and promotions that will be starting up soon. Win prizes, cash, or free hosting!

We have some other great projects about the launch, but we don’t want to let the cat out of the bag, so stay tuned and we look forward to hosting your websites for many years to come!

How to Install vTiger CRM in cPanel

vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and medium businesses, with low-cost product support available to production users that need reliable support.

Website: vTiger.com

We recently had a client ask for assistance in setting up vTiger CRM on their hosting account. To our surprise, there was very little information available online about how to do this, so we had to do some investigating and experimenting to figure out how to make it work properly. If you follow this guide, you should be able to have it up and running within about 20 minutes.

The Problem: The standard way to install this program requires a bare server (no apache, no mysql, etc), as it will install Apache and MySQL and numerous other software programs . Obviously this doesn’t work for a WHM/cPanel server since they already have those programs installed.

This is further compounded by the fact that if you follow the standard installation instructions, it will try to install Apache and MySQL and PHP with all the supporting modules on your server regardless of whether they are there or not. This will result in vTiger overwriting your existing configuration! (This actually broke a VPS container for our client when they tried it because it created numerous conflicting files – apache and PHP couldn’t function after this happened!).

In short, the standard vTiger installation process does not auto-detect if you have these programs setup and running and will over-write them without a second thought!

So if you are on a hosting plan with cPanel follow this process and you’ll get it up and running in 15-20 minutes.

Step 1: Download the Latest Build

The first thing you want is the files, which you can download from the website. As of the time of writing this, the current version is 5.0.4 and the link to download this version is here: http://prdownloads.sourceforge.net/vtigercrm/vtigercrm-5.0.4.tar.gz?download

Step 2: Upload via cPanel

Login to the cPanel account that you want to have vTiger running on, and go into the File Manager. Navigate to the folder you want to install the software to, and upload the .tar.gz file that you download in step one above.

Once it has been uploaded, click on the file, then select Decompress (or Extract depending on what version of cPanel you are using) in the File Manager.

It is very important that you do this step in the cPanel File Manager for several reasons: a) It saves all the files under the proper username, and b) cPanel automatically assigns the right file permissions to all the files and folders (this will save you a ton of time and headaches, otherwise you have to manually chmod numerous files and folders as outlined in the vTiger manual).

Step 3: EasyApache

Before you can run the installer, you need to make sure a few PHP modules are enabled on your server. If you have access to EasyApache (this requires root access, which you will have if you run a dedicated server or VPS). Simply login to WHM, click on EasyApache, and start a new build. When you get to the page where you select PHP modules, click on “Show Exhaustive List” , and enable the modules listed below before building Apache and PHP.

If you do not have access to EasyApache, contact your web hosting company and ask them to enable the modules. None of these modules pose a security threat, so it should not cause any problems with your web host.

You must have the following modules enabled in PHP for vTiger to install and function properly:

• GD – Used to display all the graphs, none of the graphs/images will function if this is not enabled. You may also not be able to install vTiger without it.
• FreeType TTF – The font used in almost all reports and graphs, you will get numerous PHP errors if this is not enabled.
• MySQLi – This is a lightweight version of the MySQL library. It runs faster than the regular library, and it’s the module that it uses to talk to the database – vTiger will not install or function at all without this module.

Step 4: Load the vTiger Installer

Once you have made sure that the above modules have been installed, simply open a web browser and load the folder where you decompressed the files in Step 2 above.

You may need to navigate to a subfolder called “vtigercrm”. So http://www.mydomain.com/vtiger/vtigercrm would be the folder you would open in a browser if you uploaded the .tar.gz file to a folder called vtiger.

If you want it to load in the vtiger directory, not a subfolder, simply move the files around in the cPanel File Manager (takes an extra 10-15 seconds since you can just click “Select All” drag-and-drop them to the right folder).

Step 5: Installer

Simply follow the instructions in the installer from Step 4 and you’ll have vTiger up and running in no time. You will need to setup a MySQL database with a user that has all privilegdes (takes about 30 seconds to do via the MySQL Databases button in cPanel).

Viola! You now have vTiger running on your WHM/cPanel account!