No, such hosting plans do not allow access with sudo privileges required to install and make adjustments to the operating system.
We always install the latest stable version of PHP (v7.4) and have the option to install earlier versions (7.2 and 7.3) if needed.
Officially only supports the latest LTS version of Ubuntu (20.04 and 18.04).
Although official tests are not done, it has been installed successfully in other versions.
When creating your WordPress site, Webinoly will ask for the name of the “host”, by default we use the “localhost” configuration but you can indicate the route to your external database in the format
You can always recover the password for the “root” and “admin” users by running the command
sudo webinoly -dbpass from your command line.
It’s very important that whenever you want to change the password of any of these users, always use the command
sudo webinoly -mysql-password, otherwise Webinoly won’t be able to remember the current password and some commands will not work correctly causing unexpected errors.
For security we configure the access to the different tools on port 22222, for example
http://server.ip:22222/pma, you can choose a different port (0 – 65535) using the command
sudo webinoly -tools-port 65535.
Also, you can choose an existing site/domain in your server to access these tools:
sudo webinoly -tools-site=domain.com, now you can use this domain as follows:
HTTP authentication is used as an extra layer of security to protect access to some administration sections, for example, wp-login or wp-admin and the tools available on port 22222 as mentioned in the previous question.
To configure a user and password, consult the httpauth command in the documentation.
People getting “403 Forbidden” or “401 Authorization Required” is caused because they still don’t have access to this area and they need HTTP Authentication credentials. Also, you will get an INFO message if you run the “verify” command saying that “HTTP Auth Credentials were not found”.
The recommended solution is to create “parked” sites with your mapped domain pointing to the main site of your Multisite installation and then create the certificate individually in each domain using the “-root” option to indicate the route to the main domain.
Let’s Encrypt has limits on the number of requests for the same domain and period of time, so we recommend that you be careful when testing and installing certificates.
Make sure your site is available, DNS is propagated and can be seen publicly from your browser before requesting a certificate.
To enable access to the www-data user, you just have to run the
sudo webinoly -login-www-data=on command. As the owner of this directory on the server established by Nginx we have configured limited access and restricted access only by SFTP, thus eliminating the possibility of accessing the command line and other operating system directories.
In this way we differentiate two types of users: Users with access to the configuration of the server and the user www-data that is usually shared by web developers.
Browsers do not support HTTP/2 without encryption, that is, our site should be running over HTTPS. With Webinoly you can configure an SSL certificate on your site easily and free of charge.
Webinoly does not include any Firewall and does not perform any automatic configuration in this regard. It is always advisable to use your own Firewall service such as UFW, the AWS Security Groups or whatever is available with your provider.
The list of ports and recommended minimum configuration can be found in the installation requirements page.
We know that each user has very particular needs and they find packages that they consider essential on every server.
Brotli, PageSpeed, Fail2ban, are some of the most requested by the community.
We regret to say that the inclusion of such packages is beyond the scope of this project and it is the responsibility of each user to include any other tool they deem necessary. In addition to the trust and commitment with our users to only include software from reliable sources and widely known and accepted for use in the most demanding business and corporate level environments.
Webinoly offers you a base with the essential packages, your imagination is the limit to add and build your perfect solution.
As additional security measures, Webinoly limits the number of requests allowed in certain areas that have proven to be vulnerable to receiving WordPress attacks.
All PHP files in the
/wp-admin/ directory, including the
admin-ajax.php file, in addition to the requests to the
wp-login.php file will be strictly limited.
When a considerable number of simultaneous requests is received per second to any of these files, the access will be blocked, showing the error “403 forbidden”.
Most infrastructure providers such as AWS and Digital Ocean have limitations for sending emails from their servers or instances as SPAM prevention measures, in addition to taking care of their IP addresses to prevent them from being blocked by other systems.
In most cases, just contact your provider to unlock this service. With Webinoly you have the option to easily configure an external SMTP service for sending emails.
We have one of the most secure and smart configurations regarding the handling of HTTP headers sent by the server.
Read the documentation in case you need some custom configuration for the HTTP Header sent by the server.
The Browser Cache configuration is already included for practically all common file extensions, so it is not necessary to use additional plugins or tools for this purpose.
It is not necessary, Webinoly will create a SWAP file automatically when it is not found as part of the optimization process of your server, the size of the SWAP will be determined according to the amount of RAM available.
First of all, if isolation is a concern for you, you should know that Webinoly is not a “shared hosting management tool” and it’s not in our plans. You can safely host as many sites as you want in your server with Webinoly and all of them will use the same PHP and NGINX user.
Is it a security risk? Definitely, NO!
If you want a site isolated for any reason, you should put it in a different server, in the same way that you need to use a different account in a shared-hosting environment.
Also, WordPress Cache (FastCGI Purge) becomes a nightmare when PHP and NGINX users are different. Native FastCGI-Cache-Purging is a premium feature only included in NGINX Plus (not-free) and we recommend not to trust in solutions or tools that use third-party NGINX modules to offer this feature.
If for some reason you have modified a configuration file manually and your server has an unwanted behavior, we recommend following these steps:
– Check if there is an “Error” or “Warning” in Webinoly by executing the following command:
sudo webinoly -verify
– Reset server settings:
sudo webinoly -server-reset
You can always check our support forum and ask for help; We will gladly try to help you resolve any situation related to your server and Webinoly.
Although we regret this decision, we would appreciate you letting us know through our support forum the reason for your decision, in this way we can improve the application.
Delete installed packages and websites:
sudo stack -purge-server-all=force. This will completely eliminate all the files, configurations and optimizations made on your server.
Delete the Webinoly application:
sudo webinoly -uninstall
If you want to reinstall Webinoly your previous configuration will be recovered.
If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the support forum.