404.php alternative

This is a replacement of the class.404.php file and provides a lot more information to help backtrace problems, hacking attempts, etc… Replace /includes/classes/class.404.php with: Alternative version to catch all 404 without $_POST and $_GET, only exclude when particular strings in URL

Server Configuration and Tuning for Optimal Server Performance

Here is a summary of server configuration for optimal server performance, site speed, and security for a single ecommerce site dedicated server with 16GB RAM. File locations are based on cPanel EA4 Apache 2.4 Event MPM PHP 5.6 PHP-FPM MariaDB 10.3 All configuration values are defined and tuned based on our actual website usages. E.g….

Optimized .htacces for Cache-Control / Expires / Security

Below codes will optimized website performance and security with: Gzip Compression Strict-Transport-Security unset ETag set X-Content-Type-Options “nosniff“ Cache-Control for Images (1 month) and CSS/JS with (1 week) Expires for Images (1 month) and CSS/JS with (1 week) If you are using cPanel, putting these config in pre_main_2.conf is preferred which will apply these to all…

Enforce HTTPS with Strict Transport Security (HSTS)

Problem Some websites are conceived to only work in HTTPS. In that case, the webmaster sometimes keeps its HTTP version functional with an HTTPS redirection. But this mechanism is not safe and the web site can be the victim of a MITM attack Solution To avoid this, you can indicate browsers that the web site…

Kaspersky Internet Security False Positive Blocking ISC Checkout

Problem Kaspersky Internet Security blocks ISC single-page express checkout in Step 3 after choosing a shipping method for URL /remote.php via an AJAX call. Cause It is a common false positive detection in Kaspersky Internet Security Solution Report to Kaspersky via below 4 channels. You should receive their response within 1 or 2 days Email:…