By default, the FreePBX administration page operates on the unencrypted port 80 (HTTP). This means that all data, including usernames and passwords, is transmitted in plain text, making it easy to intercept, even by amateur hackers. While this may not be a significant issue if you only intend to manage your telephone exchange within a local LAN (provided no unauthorised individuals have access to your network), it is essential to encrypt the transmitted data if you plan to access the FreePBX dashboard from the internet. This can be achieved using a free Let’s Encrypt SSL certificate and the encrypted HTTPS protocol.
Furthermore, certain services will not function without a valid SSL certificate installed, such as WebRTC, Sangoma Zulu, Sangoma Connect, or Clearly Anywhere.
Initial Configuration
To begin, navigate to Admin -> System Admin, and then select Port Management from the right-hand menu.
As you can see in the illustration below, the Let’s Encrypt option is disabled. If you attempt to enable it by switching communication to port 80, you will encounter an error because port 80 is already in use by the Admin service. To resolve this, change the Admin service port to a different one, for example, 8080, and then try enabling Let’s Encrypt again. Click Update Now to apply the changes.
Connectivity -> Firewall -> Services
Go to Connectivity -> Firewall, and from the right-hand dropdown menu, select Services. In this window, you will notice that the Let’s Encrypt service is managed by “Responsive LetsEncrypt Rules”. While you could theoretically disable this and manage the service manually, the recommended approach is to allow “Responsive LetsEncrypt Rules” to continue managing it.
Admin -> Certificate Management
Navigate to Admin -> Certificate Management to manage your certificates. The illustration shows that a self-signed certificate is currently installed. To install a new Let’s Encrypt certificate, click New Certificate, and then select Generate Let’s Encrypt Certificate.
In the new window that opens, fill in the following fields:
Certificate Host Name: If you have purchased your own domain, enter it here.
Owner’s Email: Enter your email address.
Country: Your country.
State/Province/Region: Your county or region.
Alternative Names: Alternative Fully Qualified Domain Names (FQDNs) that must be correctly configured on your DNS servers. If you are unsure what to enter here, leave this field blank.
Challenge Over: The port on which Let’s Encrypt will automatically renew the certificate.
Remove DST Root CA X3: This removes the X3 certificate from the chain, which can cause issues on older browsers.
Finally, click Generate Certificate to create the certificate.
Once you receive confirmation that the certificate has been created, you must set it as the default for your exchange. To do this, click the green tick in the Default column.
To complete the installation, go to Admin -> System Admin, select HTTPS Setup from the right-hand menu, and go to the Settings tab. In the Certificate Settings window, select your newly created certificate and click Install. After installing the SSL certificate, you must restart the Apache server by clicking Save and Restart Apache.
After refreshing the page, you should see a notification in the address bar indicating that your certificate is valid and the connection to your site is encrypted.
Summary
Prioritising the security of your servers is paramount. With Let’s Encrypt, you can secure your FreePBX Asterisk telephone exchange with a secure SSL/TLS protocol, free of charge.
Now that FreePBX Asterisk is installed, it’s time to take a few more steps. I will show you how to update the system and modules from the browser’s GUI, as well as using SSH. We will also check the network and SIP settings. Let’s get started.
Applying the Configuration
Important: After changing many FreePBX parameters, you will need to apply the configuration. Without this, the changes will not be saved. When a parameter change requires saving these settings, a red “Apply Config” button will appear in the top right corner. Only after clicking it will the changes take effect. However, remember that if you need to make many changes at once, you do not have to click this button after every function change. Only after making all the setting changes can you press this button to apply all changes at once.
Updates
For our telephone exchange to work efficiently and be secure, we must not forget about system and module updates. We can perform updates from a web browser, the terminal, or SSH. FreePBX updates can be divided into two types:
Updating the Linux system on which FreePBX is installed. If you installed FreePBX from the ISO image from their official website, your exchange is based on the Sangoma Linux (SNG) operating system, which is based on CentOS and RedHat.
Updating the FreePBX application and modules.
Updating from the Browser GUI
Before we start using our telephone exchange, it’s worth checking if the system and all our exchange’s modules are up to date. To update the modules, log in to your FreePBX in your browser, then click the “Admin” button at the top of the page, followed by “Updates” and “Module Updates”.
To start the update process, click “Upgrade all,” and then “Process.” A new window will appear with a list of modules requiring an update. To confirm, scroll down and click “Confirm.”
A pop-up window will appear with the progress status. It is important to wait patiently for the update to finish and not to refresh the window.
Note: The problem with updates via the browser GUI is that if dependencies between modules and applications are not met, some modules may not update on the first attempt. Therefore, repeat these steps until all modules and applications are updated.
Updating System Files
Updating system files is done similarly to updating modules, but system file updates require activation. If you haven’t done it yet, go to the “Admin” tab, “System Admin,” then click “Activate” and fill out the activation form. Activation is completely free.
After activation, go to the “System Updates” tab and click “Check online” and “Update system.”
Updating Modules and System from SSH
In my opinion, updating FreePBX from SSH is faster and more convenient, especially since after installing FreePBX Asterisk, SSH is already installed by default. If you are using macOS or Linux, simply launch the terminal and type:
ssh root@your_freepbx_ip_address
So, in my case:
ssh root@192.168.1.178
If you are logging in via SSH for the first time, you will be asked to approve the SSH key – just type “yes.”
If you are using Microsoft Windows to log in via SSH, you will need to download additional software, for example, PuTTY, SolarPutty, Xshell, or many others.
Updating the Linux System
After logging into FreePBX via SSH, just type the command yum upgrade and after refreshing the packages, confirm with the ‘y’ key.
This method of updating via SSH is much faster than updating through the browser GUI, as all modules and applications are updated simultaneously.
Updating FreePBX Application and Modules – fwconsole
fwconsole is an extremely useful application available from the FreePBX console or via SSH. It allows you to perform and restore backups, update modules, manage certificates, calendars, contacts, and much more. The available options for this application are numerous, but the most useful is moduleadmin, invoked by the command fwconsole ma, which has many available sub-options. For example, the command fwconsole ma upgradeall allows for a quick update of all modules. It is worth getting acquainted with the complete documentation of the fwconsole application on the manufacturer’s website.
Admin – Updates – Scheduler and Alerts
In the “Scheduler and Alerts” tab, you will find several useful settings. In the “Email Address” field, you can enter your email address to receive notifications about available updates. The other options are:
Automatic System Updates
Automatic Module Updates
Automatic Module Security Updates
Send Security Emails For Unsigned Modules
Check for Updates every – When to check for updates.
I suggest setting automatic updates only for critical security patches, and for other updates, set it to only send email notifications, as in the example below. Every update is an intervention in the Linux operating system and, like any software intervention, carries the risk of damaging the system or causing unforeseen application behaviour. Therefore, I allow automatic updates for critical security patches, but I prefer to install other updates manually after making a backup.
Admin – Updates – System Updates
In the “System Updates” tab, you can update your Linux operating system on which FreePBX is based. First, you should click “Check Online” so that FreePBX can refresh the information about available system updates.
Firewall
Securing your FreePBX system is extremely important. There are many people in the world who use scripts to scan unsecured SIP ports to gain access to telephony used in companies. The Firewall installed in FreePBX is a really effective tool for securing our system against unauthorised access, but it requires proper configuration.
Network Settings – Firewall
To begin, we will set up secure networks and IP addresses from which we will connect to our FreePBX. Go to “Connectivity,” then “Firewall” -> “Networks.” In this window, you can set the IP address of the computer, phones, and devices from which you will be connecting, or you can add your entire local network to the firewall exceptions at once.
Note: In the network settings, you have several options to choose from, including “Local” and “Trusted.” How do they differ?
Local: In this zone, only ports used by FreePBX are open. You can add your IP phones to this zone.
Trusted: Devices added to the “Trusted” zone completely bypass the firewall on any port. Only add truly trusted devices as “Trusted.” For example, your private computer from which you connect to FreePBX via SSH must be added to “Trusted” because the SSH port is not open in the “Local” zone.
Note: You must enter IP addresses in CIDR format. If you are not sure how to do this, familiarise yourself with the article on this topic on Wikipedia. In short, if you want to add a single IP address of a device to the zone (e.g., 192.168.1.21), add a slash and the number 32 at the end of the address. It will then be 192.168.1.21/32. If you want to add all 256 IP addresses of your local network, then after the IP address (ending with the number 0), add the number 24. For example, you add all IP addresses from the range 192.168.1.0 to 255 by entering: 192.168.1.0/24.
Network Settings and Dynamic IP Address – Firewall
If we manage and log in to our FreePBX exchange exclusively on the LAN, we can easily set up static IP addresses. But what if we log in to FreePBX over the Internet, and our provider assigns us dynamic (variable) IP addresses? Then we can use something called DynamicDNS (DDNS). Dynamic DNS changes our variable IP address to a constant hostname. There are many free DDNS providers, for example, Dynu. After registering, we will get a constant hostname for our computer, which we enter in the “Networks” tab instead of the IP address.
Dynamic IP Address – Responsive Firewall
If we have dynamic IP addresses, instead of DynamicDNS, we can use the Responsive Firewall. How does it work?
The Responsive Firewall allows devices from any IP address to send a small data packet to authorise the device – for example, sending a login and password, or a key. If authorisation fails within this short time because, for example, a person trying to break into our server does not enter the correct login and password, then that IP address is temporarily added to the blocked list. After some time, this IP address will be unblocked. If the attacker tries to break into our FreePBX exchange again, then this IP address will be blocked for a little longer, and if the attacks continue, even longer, and so on.
If you have dynamic IP addresses, enabling the Responsive Firewall is a very good idea because it handles Brute Force attacks really well. However, if you have static IP addresses, disabling the Responsive Firewall is even safer, as all untrusted IP addresses will be automatically blocked.
Interface Settings – Firewall
For all the settings in the “Networks” tab to make any sense, make sure that the interface (it will most likely be the eth0 interface for you, unless you are using a WiFi card) in the “Interfaces” tab is correctly set to the “Internet” zone. If you set your interface to the “Trusted” zone, for example, then all the rules saved in the “Networks” tab will be ignored because the “Interfaces” tab has priority over the “Networks” tab.
If you do not have a hardware firewall that would manage the opening and closing of your FreePBX ports, leave the interface in the “Internet” zone.
I’ve blocked my ports and can’t get into FreePBX!
Sometimes, through carelessness, you can block the IP of your own computer from which you connect to FreePBX. Then you will not be able to log into the administrative cockpit of your telephone exchange. The FreePBX developers foresaw such a scenario and there is an easy way to fix it. All you have to do is restart your computer with the FreePBX system twice within five minutes, and the Firewall will be disabled for 5 minutes so you can unblock the IP addresses you need.
Firewall – Context Menu
While on the Firewall page, on the right side of the screen, we have access to a context menu. We will find a lot of useful information and settings there. For example:
Status – here we will see statistics of addresses blocked by the Responsive Firewall.
Services – here we can manage SSH, HTTP, HTTPS, Samba, FTP services and many others.
Advanced – here you will find information about the ports used by FreePBX, and an explanation of how the individual firewall zones work.
System Admin
By clicking on “Admin” and then “System Admin,” we will be taken to a window where we can manage the most important FreePBX settings. On the right side of the screen, a frame with individual system settings will appear. You can also purchase the System Admin Pro version, where you will have a few additional functions:
DDNS – built-in Dynamic DNS server.
Email setup – convenient management of the mail server from the browser.
Provisioning protocols – management of the FTP and TFTP server.
DHCP server – management of the DHCP server that assigns IP addresses on our network.
UPS server – you can enter the parameters of your UPS, if you have one, so that FreePBX can shut down correctly in the event of a power failure.
Support VPN – useful if you need IT support and want to provide them with a secure tunnel to your FreePBX so they can fix any faults.
VPN server – built-in Virtual Private Network server.
Activation – System Admin
If you have not yet activated your FreePBX, it is worth doing so. You can find more on this topic in the previous part of our guide: FreePBX installation of your own telephone exchange part 1.
DNS – System Admin
The DNS system allows you to convert human-friendly website addresses (for example, https://phonesrescue.co.uk) into computer-understandable IP addresses: for example, the IP address of CloudFlare servers: 172.67.160.126.
There are many different DNS servers, for example:
1.1.1.1 – CloudFlare
1.1.1.2 – CloudFlare
1.0.0.2 – CloudFlare with malware protection
8.8.8.8 – Google
8.8.4.4 – Google
208.67.222.222 – OpenDNS
9.9.9.9 – Quad9
Remember to add at least two different DNS servers. In the event of a failure of one of them, the other will take over the duties of converting www addresses to IP addresses. It is worth remembering that the choice of an inappropriate DNS can affect the speed and performance of our FreePBX. If we choose some exotic DNS server at the end of the world, it may slow down our exchange. If you are not very familiar with DNS servers and do not have any of your own trusted servers, choosing one of the DNS servers listed above is a good solution.
Intrusion Detection – System Admin
You also have access to Intrusion Detection from the Firewall level, as it works on a similar principle. It detects login attempts, for example, via SSH. But how does it work exactly? Look at the picture below. If you enter the wrong password 8 times (Max Retry) within 600 seconds (Find Time), you will be blocked for 1800 seconds (Ban Time). You can freely modify the individual parameters as needed. If you enter your address in the e-mail field, you will receive a notification after an IP address is blocked. In the Whitelist field, you can enter the IP addresses of your trusted private computers, then they will not be blocked regardless of how many times you enter the wrong password.
Network Settings – System Admin
In this window, you can set a static IP address for your FreePBX on the local network. Be sure to do this so that after a power failure at home or in the office, your FreePBX telephone exchange will still have the same IP address. However, when entering a static IP address, pay attention that it is outside the pool of addresses assigned by your router’s DHCP server. Otherwise, after a power failure, you may have IP address conflicts on your network. If you have changed the IP address and confirmed the changes by clicking “Save interface,” remember to enter the new IP address in the browser window.
Hostname – System Admin
The hostname is the name of your FreePBX server visible on the local network. The default name is freepbx.sangoma.local, but there is nothing to prevent you from changing it to your own name. Just remember not to have spaces in the name; it will be safest to use dots, for example, CreativeArt.FreePBX. After clicking “Update Hostname,” from now on, instead of the IP address on the local network, you can type CreativeArt.FreePBX.
PNP configuration – System Admin
PNP configuration is only useful if you use IP phones from Sangoma. This allows for the detection of these phones and their automatic configuration. If you do not have any Sangoma phones, you can safely disable this unnecessary option.
Time Zone – System Admin
Be sure to set the correct time zone. Imagine a situation where your company is open from 8:00 to 17:00 and during these hours FreePBX normally connects calls, and outside of working hours it informs callers that you are already closed and records calls on voicemail. What will happen if your company is in Poland, and in FreePBX you have the time zone set to Australia? Then FreePBX will redirect all incoming calls to voicemail during business hours, and at night the phones will ring. You probably wouldn’t want that, would you? That is why it is so important to set the correct time zone. Our company is located in Great Britain. If your company is located in Poland, set: Europe – Warsaw.
Note: If you have changed the time zone, simply confirming the changes with the “Submit” button is not enough; you must restart the FreePBX system for the changes to take effect. You can do this via “System Admin” – “Power Options” – “Reboot.”
Summary
In this part, we discussed the most important functions of FreePBX, activated the system, updated the system and modules, and also initially secured our system with a firewall. We will discuss the remaining functions in the next instalments.
Do you own a business and dream of recording all your calls, greeting customers when they ring your company, transferring them to other internal numbers, having a voicemail service for when the business is closed, and forwarding calls to a mobile, all for practically nothing? It couldn’t be simpler! The free telephone exchange, FreePBX, allows you to do just that, and you can install it on a standard computer in your office.
FreePBX is a professional telephone exchange that automatically records incoming and outgoing calls to the computer’s hard drive. This is an incredibly useful feature for any business.
All you need is a VoIP desk phone, a landline number, and after a brief configuration, your telephone exchange will be ready to go. We invite you to follow our series of articles on the installation and configuration of FreePBX, which is based on the Asterisk software telephone exchange. Let’s begin!
FreePBX Asterisk can be installed on virtually any computer or laptop, as well as on a hosting service. Here, we will focus on installing it on a computer within your company. Remember, for such an exchange to be effective, the computer must be permanently switched on and connected to the network, ideally with a static IP address.
To install FreePBX, a computer with the following specifications is sufficient:
Single-core processor
2GB RAM
20GB disk space
However, if your company intends to handle several internal phones simultaneously and record calls over a longer period, it is worth investing in an Intel i5 processor, 4GB of RAM, and a 120GB hard drive. In our company (Phones Rescue Ltd), FreePBX Asterisk runs as a virtual machine on a server, but a mini PC would also work perfectly well. They are quiet and energy-efficient, which is significant for a machine that needs to run 24 hours a day.
Downloading the FreePBX Asterisk ISO Image
Let’s start by downloading the FreePBX Asterisk ISO image from the manufacturer’s website. Go to the FreePBX website and click on ‘Download’ at the top of the page. Select the latest available stable version and click ‘FULL ISO’.
Preparing the USB Drive
You need to install the downloaded ISO image onto a USB drive and make it bootable. You can do this using an application like Rufus (for Windows) or Balena Etcher (for Windows, macOS, Linux). Both applications are free. An 8GB USB drive is sufficient for FreePBX. I work on macOS, so I will use Etcher to create a bootable USB drive, but using Rufus is also incredibly simple and you should have no trouble with it. Launch Balena Etcher, click ‘Flash from file’, then select the USB drive where you want to place the FreePBX Asterisk installation by clicking ‘Select target’, and finally, click ‘Flash!’
Warning! The entire contents of the selected USB drive will be deleted. When clicking ‘Select target’, make sure you have chosen the correct USB drive for the FreePBX Asterisk installation. If you accidentally select another drive or a USB stick containing important data, you will lose it permanently!
Installing FreePBX Asterisk on the Hard Drive
Once you have the USB drive with the FreePBX Asterisk installation ready, it’s time to install it on your computer’s hard drive. Insert the prepared USB drive into a free USB slot and start the computer. If the FreePBX Asterisk installation does not begin automatically, you will need to enter your computer’s BIOS and change the boot order of the drives. We cannot help you with this step, as these options depend on the specific model and brand of your computer. If you are unsure how to do this, check the user manual for your computer or laptop.
Choose the Asterisk Version
Select one of the available Asterisk versions. If you have no experience with FreePBX, we suggest choosing the version recommended by FreePBX.
Choose the Graphical Mode
If you are installing FreePBX on a local computer, select ‘Graphical installation – Output to VGA’.
Choose the FreePBX Version
In the next window, you cannot select any option other than ‘Standard’, so simply press Enter.
Create the Root User Password
You will not be able to continue the installation without creating a password for the ‘root’ user. Click ‘ROOT PASSWORD’.
Create a Strong Password
It is essential to create a password that is difficult to break. Otherwise, your telephone exchange could be hacked, and believe me, you do not want that. Someone with root privileges could, for example, redirect all your company’s phone calls to their own number, listen to all recorded conversations, change any settings, or even completely delete your telephone exchange along with all the recordings. So, I will repeat: CREATE A STRONG PASSWORD FOR THE ROOT USER. Finish creating the password by clicking the ‘Done’ button in the top left corner.
Wait for the Installation to Finish
After creating the root password, you can wait for the installation to complete. This will take several, or even several dozen, minutes depending on the processing power of your computer, the transfer speed of your USB drive, and the speed of the USB port. If your USB drive is version 3.0 and your computer has USB 3.0 ports, be sure to use one, as this will significantly speed up the installation. You can monitor the installation progress on the bar at the bottom of the screen.
System Restart
After the installation is complete, you will see a ‘Reboot’ button. Before you click it, remove the USB drive from the USB port.
First Login
After the restart, log in to the system by entering ‘root’ as the username and providing the password you created during the installation. After logging in, you will see the IP address of your FreePBX telephone exchange. For now, this is an IP address obtained automatically from a DHCP server, which we will later change to a static IP address. Enter the provided IP address into your web browser’s address bar. In my case, it is 192.168.1.178.
Initial Setup
To begin, we need to create a user with administrative rights for FreePBX settings. Provide an email address to which system notifications will be sent, for example, if someone leaves a message on the voicemail – ‘Notifications Email address’. In the ‘System Identifier’ field, enter a friendly name for our telephone exchange. The ‘Automatic Module Updates’ option allows you to enable automatic system updates. To finish, click ‘Setup System’.
Free Activation
To take full advantage of the FreePBX telephone exchange, we suggest activating the system. Activation is free and only takes a moment. Click the ‘Activate’ button to begin the activation process.
Language Selection
In the next window, you will be able to select the system language.
Firewall Settings
In the next window, you will proceed to the firewall settings. Do not skip this step, as hackers are very keen on breaking into unsecured telephone exchanges. The firewall will allow you to effectively secure your telephone exchange against most attacks completely automatically.
Firewall – Trusted Computer
If the computer you are currently using is trustworthy and inaccessible to unauthorised individuals, you can add it to the trusted list.
Firewall – Trusted Network
If all computers on your local network are trustworthy and inaccessible to unauthorised individuals, you can add the entire local network to the trusted list.
Responsive Firewall
The Responsive Firewall is an extremely useful option, and we suggest you enable it. How does it work? Well, if an unknown client (VoIP phone, computer, exchange) tries to log in to our telephone exchange (which is sometimes necessary, for example, when we have added a new, unknown phone to our network), it is initially allowed. Only after sending initial packets is the machine asked to log in. If the login attempt fails, the computer is then temporarily blocked for a short period. With each subsequent failed login attempt, the block time increases, until the 50th attempt, at which point the client’s IP address is permanently blocked.
Firewall – Telephone Exchange Behind NAT
If the FreePBX telephone exchange has been installed on a computer within a local network, you must enable this option. Furthermore, if your external IP address is dynamic (ask your internet provider about this), you will need to configure a DDNS service.
Summary
Your FreePBX telephone exchange has now been installed, initially configured, and secured with the firewall. In the following guides, you will learn, among other things, how to configure your first VoIP phone, how to set your company’s opening hours, and how to configure a welcome greeting for your calling customers.
When looking for hosting for your website, you need to consider not only the disk space, the type of hard drives (SSD, HDD, NVMe), the monthly transfer limit, or the number of databases, but also which web server will be handling your site. There are many different web servers on the market, but the three most popular—Apache, Nginx, and LiteSpeed—capture over 42% of the market share (August 2025). I am not including the Cloudflare server here, as it operates on a slightly different principle than these three. All of them are very stable, well-developed, and feature-rich; however, there are significant differences between them that will affect your website’s performance and ease of use.
What is a web server?
A web server is software that handles requests sent by visitors to a site and sends back a complete page for display in their web browsers. Every time you type a website address into your browser, you send a request to an HTTP/HTTPS server. This server either displays an HTML file in the case of static pages or dynamically generates a PHP page stored in a database, as is the case with sites built on WordPress, Joomla, or Drupal.
We will compare the three most popular web servers so you can choose the best solution for your website. For some time now, the most popular web server has been Nginx, which has surpassed Apache. In third place, and climbing rapidly, is LiteSpeed.
Web Servers: Top 10 Market Share – August 2025
Server
Market Share
Nginx
24%
Cloudflare
15%
Apache
14%
OpenResty
6%
Google Servers
5%
LiteSpeed
4%
Microsoft
1%
Sun
0%
NCSA
0%
Other
31%
Source: netcraft.com*Sites may use several web servers simultaneously, which is why the percentages do not add up to 100%.
Apache
Let’s start with Apache, as it is the oldest of the web servers presented here. This open-source server, created in 1995, was the undisputed leader in popularity for a long time. It practically dominated on Linux machines, and even on Windows computers, it was often chosen over the commercial IIS from Microsoft.
Nginx
Nginx was created to address the existing shortcomings of the Apache server and initially functioned only as a reverse proxy server and load balancer. It was later transformed into a fully-fledged web server. It is compatible with Apache, so existing sites can be easily transferred from Apache to Nginx.
LiteSpeed
LiteSpeed is the youngest web server of the three. Like Nginx, it is also fully compatible with Apache and supports .htaccess files, mod_rewrite, and mod_security.
Apache Apache has a process-based architecture. Each HTTP request is handled by a separate process. All these processes are managed by a single main parent process. This is the main drawback of Apache. The problem with a process-based architecture is that it struggles significantly with RAM consumption. While this isn’t a major issue on low-traffic sites, it becomes noticeable on popular websites. Under heavy load, performance and page loading speed drop drastically.
Nginx The Nginx web server works completely differently. Its architecture is event-driven. There is one main process and several worker processes that manage all the traffic on the site. This architecture is much more efficient. With Nginx, there is no such drop in performance, even for heavily loaded websites.
LiteSpeed Similar to Nginx, LiteSpeed’s architecture is event-driven. Therefore, just as with Nginx, the drop in performance with an increasing number of visitors is much smaller than with Apache.
Speed
For low-traffic websites, the speed of all three web servers is at a similar level. But the more active users a site has, the more Apache starts to fall behind the other two. Admittedly, after installing W3 Total Cache on Apache, things improve slightly, but with 100 concurrent visitors, Nginx and LiteSpeed still outperform Apache by a significant margin.
Nginx with FastCGI Cache is much faster than Apache with W3 Total Cache, but it is LiteSpeed with the LiteSpeed Cache for WordPress plugin installed that shows the real advantage. For a WordPress-based site, the Apache server was able to handle 826.5 requests per second, Nginx handled 6,025 requests per second, while LiteSpeed handled a staggering 69,618 requests per second.
Web Server Speed Comparison
Server
Requests/sec
MB/sec
Errors
LiteSpeed
69,618.5
270.38
0
Nginx
6,025.3
24.5
0
Apache
826.5
3.08
0
Test Environment
Web Servers Tested:
LiteSpeed Web Server v5.4.1
Nginx v1.16.1
Apache v2.4.41
WordPress:
WordPress version: 5.2.2
LiteSpeed cache: LiteSpeed Cache for WordPress
Nginx cache: FastCGI Cache
Apache cache: W3 Total Cache
Client & Server Machine:
RAM: 1GB
Processors: 1
CPU Threads: 1
Processor Model: Virtual CPU 6db7dc0e7704
Disk: NVMe SSD
Network:
Bandwidth: 9.02 Gbits/sec
Latency: 0.302 ms
Cloud VM:
Vultr High Frequency Compute 1GB VM
Caching
The cache is used to temporarily store frequently used data. A web server’s cache stores frequently visited web pages and other resources. This reduces the server’s load, increases the site’s overall performance/throughput, and shortens page load times.
Apache
Apache has various caching modules, such as mod_cache, mod_cache_disk, mod_file_cache, and htcacheclean. You can implement them on your Apache server to improve the performance of frequently visited pages.
Nginx
You can enable caching on an Nginx server using cPanel or Plesk if you have them installed, or directly in the Nginx configuration files.
LiteSpeed
You can very easily enable the cache in LiteSpeed using plugins for:
WordPress
Magento
Joomla
PrestaShop
OpenCart
Drupal
XenForo
Laravel
Shopware
CS-Cart
MediaWiki
The cache also offers several other unique features, such as the Cache Crawler. The Cache Crawler scans your website when it is not under load, identifies the most frequently visited pages, and moves them to the cache to speed up your site even further. LiteSpeed cache also improves the performance of online shops by caching customers’ shopping baskets.
Supported Operating Systems
Apache
As the oldest of the three web servers, Apache supports the most operating systems. It supports all Unix/Linux systems: CentOS, RedHat, Fedora, Ubuntu, OpenSUSE, etc. It is the only one fully supported by Microsoft Windows systems.
Nginx
You can also install Nginx on all Unix/Linux systems; however, it does not run correctly on Windows systems.
LiteSpeed
You can install LiteSpeed on CentOS 7+, Ubuntu 14.04+, Debian 8+, FreeBSD 9+, Fedora 31+, and Linux Kernel 3.0+.
*As of January 2023, you can install LiteSpeed on Ubuntu 22.04; however, CyberPanel does not work on this version of the system. If you want to use CyberPanel with its convenient GUI, you should stay on Ubuntu 20.04.
Ease of Configuration
If you are just starting your journey with web servers, ease of use may be important to you. It is much more pleasant to manage a web server from a browser with a convenient graphical interface than by using the CLI or editing configuration files.
Apache
Apache is most commonly configured by editing the .htaccess file. This is where you set up redirects, password protection, custom error messages, indexing, and much more. However, editing this file requires some knowledge of web server configuration, without which you can easily make a mistake and completely disable your site. Therefore, always make a backup before editing this file.
Nginx
The Nginx server is configured using .conf configuration files. By default, Nginx does not have a control panel with a graphical interface, but you can install one of several available Control Panels. Some of them are free, like Hestia Control Panel, while others require payment.
LiteSpeed
The free OpenLiteSpeed installs by default with a Dashboard featuring a convenient, graphical user interface. Additionally, you can install one of several control panels, for example, the excellent and free CyberPanel, from which you can manage the entire server. You can install a new website, install WordPress with LiteSpeed Cache, install SSL certificates with a single click (both free via Let’s Encrypt and your own paid certificates), configure DNS, FTP, SSH, create backups, change the PHP version for each site separately, install a mail server, and much more.
Security
All three described web servers take security very seriously.
Apache additionally has a vigilant and the largest community of developers, which responds instantly to any detected security vulnerabilities. It also offers various configuration parameters to protect the site from DDoS attacks and privilege escalation, though implementing them requires a bit of IT knowledge.
With Nginx, in addition to the community, security is handled by F5, the company that acquired the rights to Nginx. It has extensive documentation on security and potential threats.
LiteSpeed is also very secure and is continuously and efficiently developed. Any detected security vulnerabilities are patched promptly.
Plugins
Plugins allow you to extend the capabilities of a web server.
Apache probably has the most extensive list of plugins, including those for managing SQL connections, data compression, or executing CGI scripts.
There are also many plugins for Nginx, which are written by the developer community. Thanks to them, you can, for example, manage HTTPS SSL authentication or dynamically block IP addresses.
In terms of the number of plugins, LiteSpeed may seem the weakest at first glance, but this is only apparent, as many things that you have to install separately in Apache or Nginx come as standard in LiteSpeed.
CMS Support
All three servers support Content Management Systems (CMS) without any issues, including:
Joomla
Drupal
Magento
OpenCart
PrestaShop
Shopware
MediaWiki
and others
Summary
Each web server has its advantages and disadvantages. However, LiteSpeed seems to be the most future-proof at present, although Nginx has not yet had its final say, especially as it is backed by the large American corporation, F5. Apache, on the other hand, has the largest community and is the best documented. However, we are of the opinion that once you try the convenient graphical user interface of CyberPanel and the LiteSpeed dashboard, you will not want to go back to Apache.
Over time, phishing attacks have become increasingly sophisticated. Thanks to public information campaigns on television, more people have become aware of the threats and know what to look out for after receiving messages from uncertain sources. However, criminals are also constantly adapting their attack methods to changing circumstances, and many people still fall victim to these types of attacks, losing confidential or private data, and even their savings. The matter is even more serious when we talk about phishing attacks on companies that hold confidential data of their customers in their databases. How is it possible that companies still fall victim to such attacks?
Lack of Employee Security Training
Training employees is a cost to the company. Therefore, in the name of saving money, it turns out that business owners are abandoning training their employees in the field of cyber-security. Untrained employees do not know how to avoid ever-new security threats. Without proper training, they may not realise how serious a threat phishing can be to the company, how to detect it, and how to protect themselves against it. A lack of employee training can end in disaster for the enterprise and cause the company many problems, including legal ones. Training is essential to know how to recognise a phishing message in the first place.
As long as business owners ignore the problem of a lack of employee training, companies will continue to fall victim to phishing attacks. The cost incurred for training in cyber-crime can pay for itself in the future, and ignoring this type of threat can come back to haunt them.
The problem affects small companies to an even greater extent than large enterprises, as large companies can usually allocate more funds for training, because the cost per employee for such training will be lower than in small firms with a few or a dozen employees. Furthermore, the IT infrastructure of large companies is generally much better protected against cyber-attacks than in small businesses.
Money
Cyber-criminals make money from phishing attacks. Often, large sums of money. Obtaining confidential data, for example, login details for banking websites, from unsuspecting employees is much easier than hacking directly into the banks’ websites. That is why, despite the passage of time, phishing attacks are still going strong. New, ever more sophisticated methods of phishing attacks are constantly emerging.
Cyber-criminals are often able to invest considerable funds in purchasing software and hardware to carry out these types of attacks. This, combined with the unawareness of untrained company employees, means that tens of thousands of data-phishing sites are detected each year. According to The Anti-Phishing Working Group, over a million phishing attacks were detected in the first quarter of 2022. In March 2022, over 384,000 data-phishing sites were discovered. This is a really serious problem for private individuals and an even bigger problem for companies.
Careless Employees
Sometimes it is not the company itself that is responsible for falling victim to phishing, but the carelessness and negligence of individual employees, even despite appropriate training being conducted. Clicking on links and entering confidential data on websites without thinking can result in the leakage of login data. Any employee with access to websites at work can fall victim to phishing.
Easy Access to Software for Criminals
In the past, only a handful of hackers in the world had the skills to write software to carry out effective phishing attacks. Today, in the age of the ubiquitous internet, with the right amount of cash, criminals are able to easily acquire professional tools and software to carry out phishing attacks. That is why the number of these attacks is growing year on year.
Companies Are Looking for Savings
Recent years, 2020-2022 (the coronavirus pandemic, high energy prices), have not been easy for entrepreneurs. It is no wonder, then, that companies looking for savings are tightening their belts and giving up on employee training. However, saving on a company’s cyber-security can come back to haunt them in the future.
Summary
The problem of phishing attacks, especially on companies, is growing year on year, and their methods are becoming more and more sophisticated. Therefore, taking care of the security of company data and the confidential data of our clients is extremely important. That is why professional training for office employees in the field of security is extremely important. Such training is offered by many companies, such as Network Masters or Securitum, both online and in-person. It is also extremely important to properly secure our company’s IT infrastructure itself. A good quality firewall can automatically detect and block many types of attacks on our company’s computer systems, including phishing.
Estate agency websites differ slightly from those in other industries. Creating such a site in WordPress isn’t just a matter of uploading a few photos and a property description. This type of website requires the latest knowledge in web development. Some features for this kind of site are quite easy to implement using free or paid plugins, many of which can be found in the WordPress repository. However, implementing some advanced functions may require hiring a specialist in web development, databases, and PHP. Unique features can help your website stand out from the competition. In this article, we will look at the key stages of creating such a website, as well as interesting features you could install on your site.
Key Features of Estate Agency Websites
An estate agency website is not just about having an online presence. What’s important is the graphic design with high-quality photos, a clear property search engine with detailed filtering options, and a form to arrange a viewing.
Key features of any estate agency website:
Detailed Information: Try to include as much detailed information as possible. Without it, it will be harder to sell or let a property.
Photographs: The more, the better. Photos are what primarily draw attention to a listing, and users rely on them when searching for a house or flat.
Contact Details: It is advisable to provide various contact options, not just a phone number: email addresses, instant messengers, etc.
Online Viewings: These allow estate agents to show properties or negotiate offers with clients who do not live in the local area.
Maps: These will help interested parties to understand the property’s location.
Search Filters: A client who has to browse through dozens of pages of listings they are not interested in to find their dream home might get bored before they find it. A good search engine is not just about simple sorting by price. Some people care about the neighbourhood, proximity to a school or a tube station; some are looking for ground-floor flats, while others want a third-floor flat, and others won’t even consider listings without a garden. Provide your users with a well-organised search engine, and your site will sell many properties.
Stages of Creating an Estate Agency Website
The creation of most websites consists of several stages. Remember, however, that website development never truly ends; to be well-positioned in Google, the site must be regularly updated.
Stage One: Choosing a Theme
The first and one of the most important steps is choosing the theme upon which your website will be built. A good theme for an estate agency might already have a built-in function you need, so you won’t have to install an additional plugin later, and some extra plugins can be quite expensive. Therefore, take your time. Think about which features are most important to you and spend some time checking several, or even a dozen, different themes. Don’t focus on the visual aspect of the site – because that can be relatively easily customised to your needs – but rather on the functional side of a given theme. Choosing the first theme you come across without thinking can come back to haunt you in the future.
Here are a few recommended themes:
RealHomes (Paid): It has a powerful search engine with lots of options, custom photo galleries, and additionally, a dozen different graphic layouts to choose from. The theme allows for attaching documents to each property offered – PDF files, office documents, scans, etc. It is possible to add floor plans for each level of the building. You can very easily and quickly edit property details. A useful feature is the ability to compare individual listings or search for similar properties.
NexProperty (Free): This is a completely free theme. It was originally created more for occasional property rentals, but it can be relatively easily transformed into a professional estate agency website. This theme has a decent search engine and allows for the convenient placement of all offered properties on a map. It features a clear booking page for appointments and a subpage for staff members. A recommended free alternative to other paid themes.
VW Real Estate (Free and Paid): A visually interesting theme with a lot of graphical flourishes. It has a simple property search engine. It is also possible to purchase a paid option with technical support, multi-language support, and better SEO optimisation.
Houzez (Paid): An excellent, extremely flexible theme. There are over a dozen graphic styles to choose from. The theme’s back-end is brilliantly organised, where we can manage properties and clients. Convenient reports allow for detailed analysis. A professional and highly recommended theme.
Stage Two: Selecting and Installing Plugins
Thanks to plugins, you can quickly and without coding extend the functionality of your website. Most of the plugins needed for an estate agency can be found in the WordPress plugin repository. A noteworthy plugin is Realtyna Organic IDX plugin WPL. It allows for the convenient addition and management of property listings.
Stage Three: UX/UI Design
Creating an interesting and unique design is a complex but satisfying process. To ensure the site’s success, it is important to target the right audience and make the site easy to use on both computers and smartphones. A convenient property search is one of the most important elements of an estate agency website. It should search for listings based on all relevant parameters: number of rooms, flat area, location, garage availability, etc.
Stage Four: Implementing Additional Features
The final stage should be the implementation of all additional functions that an estate agency website should have but cannot be implemented using WordPress plugins. If you are not a professional coder, you will need the help of a specialist for this. An interesting option could be, for example, an application for Android or iOS phones. Help with obtaining a mortgage or even comparing offers from different banks could be useful for a potential client.
Summary
Creating a professional estate agency website is not just about choosing a theme and listing properties. It requires creating a good and unique graphic design, ensuring a great user experience, and designing an effective property search engine. Taking care of each of these aspects will certainly result in acquiring a large number of potential clients.
WordPress and Weebly are popular website-building platforms that allow you to create websites with virtually no knowledge of HTML, JavaScript, or CSS. On both platforms, the method of creating pages is similar, but not identical. In this article, we will show you the differences between them so you can choose the best solution for your website. Read the full article to learn what distinguishes WordPress from Weebly.
WordPress
WordPress is a content management system (CMS) used for creating and managing websites. It is an open-source platform, completely free to download and use. WordPress is hugely popular, holding over 64% of the CMS market. The second CMS on the podium is Shopify, which has just 5.6%.
In 2025 Weebly holds a 0.7% market share of all the websites that use CMS. Weebly is used by 0.5% of all websites. Weebly is presently used on 508,756 websites. Most of the Weebly-powered websites (specifically, 380,849) are registered in the US.
One of the biggest advantages of WordPress is its flexibility: you can use it to create a simple personal website, a comprehensive corporate site, an online shop, a blog, or a forum. There are thousands of free and paid extensions, plugins, and themes available for WordPress, which allow the user to customise both the appearance and functionality of the site. As the most popular CMS in the world, WordPress has a large and active community of users, so you can count on extensive support if you encounter problems.
However, WordPress sometimes requires a certain amount of technical knowledge to be used effectively. You won’t need any coding experience to create a simple website, but to build a large site with an online shop perfectly tailored to your needs, you will need at least a basic knowledge of HTML, CSS, JavaScript, and PHP.
There are two versions of WordPress available: WordPress.org, which is available for download but requires separate hosting and a domain that you will have to arrange on your own, and WordPress.com, which provides both hosting and a domain for your site. Depending on the disk space, availability of technical support, and available extensions, there are many pricing options.
WordPress – Key Features
WordPress is a powerful and feature-rich content management system. Here are its key features:
Customisation: You have enormous possibilities to tailor your site to your needs. If a certain functionality is missing, you can download free and paid plugins that extend the site’s capabilities and help customise its appearance.
Content Creation and Management: With WordPress, you can easily create and edit blog posts, pages, media files, and much more. A huge convenience is the history of changes on your site, where you can restore the page to a version before an edit in case of problems.
SEO and Marketing: WordPress includes a range of built-in features that facilitate search engine optimisation (SEO) and marketing activities, such as fully configurable URLs, the ability to add meta-tags and descriptions, and integration with social media and email marketing platforms.
User Management: WordPress allows for the creation of multiple user accounts with assigned roles and permissions, which facilitates management and enables collaboration among many people in creating the website.
E-commerce: WordPress can be successfully used to create a professional online shop using e-commerce plugins like WooCommerce. These plugins offer payment gateway integration, allowing customers on your site to pay by card, PayPal, or many other payment systems. You will also be able to manage inventory and shipping.
Multi-language Support: WordPress supports the creation of multilingual websites through plugins. For example, the popular WPML plugin allows for the translation of content into many languages, thereby reaching a wide audience.
WordPress – Support
WordPress is an open-source platform with a huge and active user community, which means it’s easy to get the help you need if you have problems with your site. You have several options for getting help with WordPress:
WordPress.org Support Forum: The WordPress.org support forum is a good place to start looking for help with a problem on your site. You will find not only users of this CMS but also the people who create WordPress, so you can count on professional help.
WordPress.org Documentation: Many of your site’s problems have probably already been solved and described. Just check the documentation to solve the problem quickly and efficiently. If you haven’t had previous contact with WordPress, be sure to start with the provided guides.
WordPress.com Support: If you use the paid version hosted on WordPress.com, you can get help through the Support Centre, where you will find a knowledge base, tutorials, and a community forum.
Professional Support: If you need support to solve more serious problems or to extend the functionality of WordPress, you can hire a professional WordPress developer. You will certainly find someone trustworthy in your area, and if not, most of the work can be done remotely.
Local WordPress Community: If you live in a larger city, you might find a local group of WordPress enthusiasts who promote the system. Such groups can be an invaluable help in solving problems with WordPress.
WordPress Pricing
There are two versions of WordPress: WordPress.org, which is completely free but requires you to purchase a domain and hosting separately, and WordPress.com, which has one free plan and four paid ones.
WordPress.org
You can download, install, and use WordPress.org for free. However, you will need to purchase your own domain and hosting, which is where your site’s files will be stored, and this involves additional costs.
Hosting costs can vary greatly, starting from around £7-£10 per year for shared hosting, up to £60-£70 per year or more for a virtual private server (VPS).
Domain prices can also vary significantly depending on the extension and registrar, but typically a standard .co.uk or .com domain costs from a few to several pounds per year.
WordPress.com
WordPress.com offers several paid pricing plans and one free plan with limited disk space, limited features, and no option to choose a custom domain.
The free plan includes a https://www.google.com/search?q=yourname.wordpress.com subdomain, 1GB of file space, and basic options sufficient for creating a simple site.
Paid plans start from £3 per month and, in addition to more disk space, also offer greater functionality. You can see the differences between the free and paid packages on the wordpress.com website.
The final cost of maintaining your website will depend on your specific needs and the version of the platform you choose. If you choose the free WordPress.org version, you will have to add the costs of hosting and a domain. If you choose the free WordPress.com version, you will not incur any costs, but you must be aware of limitations, the inability to choose your own domain, and ads on the site. If you choose a paid WordPress.com plan, you must consider the monthly subscription costs.
WordPress Customisation
WordPress (apart from the free WordPress.com version) provides enormous possibilities for changing the appearance and settings of the site. The possibilities are practically limitless. There are several different ways to change the look or function of WordPress:
Themes: Also known as templates, these control the appearance and sometimes the functionality of your site. There are thousands of free and paid themes available. To install a new theme, simply go to the WordPress dashboard and click: Appearance > Themes.
Plugins: This is software that adds various functionalities to your site. You can choose from thousands of free and paid plugins, ranging from simple add-ons to powerful tools that can turn your site into a professional online shop.
Custom Code: If you can code, there is nothing to stop you from changing the HTML, CSS, and PHP code of WordPress yourself to personalise the site’s appearance.
Widgets: These are small blocks of content that can be placed in various areas of your site.
Menus: WordPress allows you to create custom menus that can be placed in the header, sidebar, footer, or on any page.
Using these options, you can create a unique site tailored to your needs.
WordPress Themes
Themes control the visual aspect of your website. They are essential for WordPress to function. In just a few clicks, you can completely change the site’s appearance, colours, fonts, and menus. There are thousands of free and paid themes available, tailored to different industries, professions, and specialities. Whether you’re a carpenter or a lawyer, there are dozens of templates available for you.
There are themes for business, blogging, hobbies, and themes adapted for online shops; everyone is sure to find something for themselves. Simply log in to the WordPress dashboard, click Appearance and Themes, then Add New Theme.
After installing a theme, you can, of course, customise it to your needs by choosing your favourite font, colour scheme, or site layout. Don’t be afraid to experiment with themes—changing a theme does not affect the data on the site, and you can always safely revert to the previous theme if the new one is not to your liking. However, remember to only install themes from trusted sites. Themes installed from suspicious sources may contain viruses and steal your data. It is crucial to follow best practices for WordPress security to protect your site.
WordPress Plugins
Plugins are software that adds new functionalities to our site. The huge number of plugins is a major advantage of WordPress. Thanks to plugins, we can improve site security, enhance our site’s position in Google search results, or turn our site into a professional online shop.
WordPress has its own plugin repository, which greatly simplifies searching for and installing them, but you can also find them on other websites, download them, and install them manually. In the repository, you will find plugins for contact forms, making backups, social media integration, and much more.
Installing plugins is incredibly simple. Just log in to the dashboard, click on Plugins, and Add New. After finding the plugin that interests you, just click Install. After installation, you must activate the plugin for it to start working, and some of them also require initial configuration. It is worth reading the text files provided by the plugin creator to learn how to use it, as different plugins are operated slightly differently.
Although plugins have many advantages, they should be installed with caution.
An excessive number of plugins can result in slowing down your website.
Some plugins from the same category can interfere with each other’s work and cause problems.
Each plugin is additional code, and the more code, the greater the chance of a security breach and the possibility of your site being hacked.
WordPress and SEO
WordPress includes a number of built-in features that can help optimise our site for search engines. SEO is the process of optimising a website to achieve the best possible position in search results for specific phrases and attract more organic traffic. Here are a few ways WordPress can help you with SEO:
Clean Code: WordPress builds pages according to standards that are easily read by search engine crawlers.
Custom URLs: WordPress allows you to create custom URLs for pages and blog posts, which helps crawlers better categorise the pages of your site.
Alt tags for images: You have the ability to add alternative descriptions to images so that browsers can better categorise subpages.
Header tags: Thanks to header tags, search engine crawlers can instantly recognise the content of a page without having to scan the entire text.
SEO Plugins: Basic SEO functionalities can be significantly expanded with additional plugins. Thanks to them, you can perform detailed keyword analysis, create meta-tags, generate XML sitemaps, and much more. Popular plugins include Yoast SEO and All in One SEO Pack.
By adhering to Google’s guidelines, we have a chance to improve our site’s visibility in search results and attract more visitors. Remember that maintaining high positions in Google results requires continuous effort, and a place in the top ten once gained can easily be lost.
Weebly
Weebly does not offer the option to install its product on a hosting of your choice. The only option is to install it on Weebly’s hosting, but in the paid plans, you have the option to choose your own domain. Weebly allows you to create a professional-looking website in an incredibly simple way, without needing any coding skills. Most of the work, apart from entering content, is done using the “drag and drop” method. You can, of course, add contact forms to the site, create a good-looking blog, and even set up an online shop. This is not surprising, as since 2018, Weebly has been owned by Square (now Block), which has long handled payment systems for a huge number of online stores.
Key Features of Weebly
Incredibly easy to use: You build a site in Weebly by dragging elements from the menu to the appropriate places on the page. Absolutely anyone can handle it.
Templates: Weebly offers a large selection of templates that will allow you to customise the look of your site to your individual needs.
Customisable pages: You have the ability to create custom pages, like ‘Contact’ or ‘About’, and add text, photos, and even videos to them.
E-commerce: In the more expensive plans, you get a package of features for building an online shop with an integrated card payment system, a shopping basket, and inventory management.
Blog: Thanks to Weebly, you can easily create a blog page.
SEO Tools: Weebly includes built-in tools that will help you optimise your site for search engines. You can, among other things, add keywords or meta descriptions.
Mobile Optimisation: Weebly automatically optimises pages for mobile devices. Thanks to this, your site will look great not only on computer screens but also on tablets and smartphones.
Customer Support: Even with the free version, you have access to technical support via chat, email, and a forum, and in the more expensive plans, additionally by phone.
Weebly Pricing
Weebly offers one free plan and several paid plans that differ in price and functionality.
Free: In the free plan, you can set up a site on a .weebly.com subdomain. You have access to the drag-and-drop site builder, templates, and basic features like contact forms and Google Analytics integration. However, you cannot launch an online shop or use your own chosen domain.
Connect: In this plan, you can choose your own domain and have access to basic e-commerce functionality, such as a shopping basket and online payment processing.
Pro: The Pro plan offers extended e-commerce features, such as abandoned basket recovery and the ability to offer discounts and coupons. It also includes more customisation options, like using custom fonts or password-protecting individual pages.
Business: You get even more e-commerce capabilities, like advanced shipping options or the ability to create gift cards. There are also several features for business, such as membership-based websites and the ability to create custom reports.
You can get better prices with annual billing compared to monthly payments. You also have the option to test the packages during a 30-day trial period.
Weebly Customer Support
Weebly offers technical support through a forum, email, chat, and, in more expensive packages, also by phone. Additionally, there is access to a Knowledge Base, a blog with tips, and tutorials.
Weebly Customisation
Weebly allows users to customise their sites in various ways.
Templates: Weebly offers many templates to choose from, which are fully configurable and can be easily modified using the drag-and-drop method.
Custom domain: In paid packages, you have the option to use your own domain, but you must buy it yourself and connect it to Weebly.
Custom fonts: In the Pro and Business plans, you can use custom fonts on your pages.
Custom code: You can add custom HTML, CSS, and JavaScript code to your pages.
Plugins: Weebly also offers a repository of plugins, but there are not as many as in WordPress.
Weebly and SEO
Weebly includes a range of tools that will help you optimise your site for search engines like Google or Bing. These tools can help you improve your site’s visibility in search results, which can lead to an increase in visits and potential customers.
Meta tags: You have the ability to add meta tags, such as a title and description, to every page of your site.
Image optimisation: You can add alternative text to images.
SEO Tools: Weebly includes a built-in SEO builder that provides tips and recommendations for optimising your site for search engines.
Mobile optimisation: Weebly automatically optimises websites for mobile devices, which is important because for some time now, Google has been using mobile-first indexing. This means that the mobile version will determine the site’s position in the search engine.
Custom URLs: You can create custom addresses for each of your pages, which can improve the page’s position in search results.
By using the tools above and adhering to good SEO practices, you have a chance to achieve high rankings in Google results.
Summary
The final choice will depend on your specific needs and level of technical knowledge. If you don’t know JavaScript, CSS, or even HTML, it will be safer to choose Weebly. However, if you plan to expand your site in the future and add new functionalities, I would suggest choosing WordPress.
WordPress has a much, much larger selection of plugins that extend the site’s functionality. And even if a plugin you need for specific tasks doesn’t exist, you can ultimately hire a developer to create such a plugin for you. With Weebly, it’s different—if a certain functionality is not available and a plugin that could fix it doesn’t exist, you have to accept that you won’t be able to implement that feature on the site. In that case, the only option left is to change platforms, which can be time-consuming and costly.
When creating a website, you should pay special attention to its security. A breach of your site’s security can lead to significant problems. If your site allows user logins, or worse, you have an online shop (e.g., WooCommerce) with a customer database, it could result in a personal data leak and serious consequences, even legal action. In this article, you will learn how to remove pop-up ad malware from a WordPress site.
What’s more, the wide variety of WordPress plugins and themes means that security breaches of this CMS are not uncommon. This is not surprising, considering that there are up to 90,000 attacks on WordPress sites per minute worldwide.
It’s not that WordPress isn’t secure enough – it’s simply the most popular CMS in the world, and therefore the most frequently attacked. Its popularity is so great that, according to the company Sucuri, attacks on the WordPress platform account for 90% of all attacks on CMS systems.
Symptoms of a Malware Infection
To effectively combat malware that has infected your website, you first need to know that your site has been infected at all. Sometimes you may not even realise that your site is infected and is sending spam in the background to thousands of people about pornography or potency pills. In this article, we will help you recognise the symptoms of a malware infection.
One of the most obvious signs of a malware infection on your site is visible changes you didn’t make, or strange meta descriptions in the SERPs (Search Engine Results Pages). Furthermore, a common symptom of infection is pop-ups, adverts, or redirecting users to a completely different, spammy website.
As a WordPress site administrator, you must bear in mind that you cannot see some changes from the back-end (Dashboard). Only users visiting your site will see the annoying pop-ups.
Another very obvious symptom of infection will be the blacklisting of your site by Google. Google may then warn users trying to access your site with a large red alert, and in extreme cases, even remove your site from the Google SERPs.
A website infected with malware may also be taken down by your hosting provider if it is on a shared server, to protect the owners of other websites hosted on the same server.
If your site does not appear in Google search results, or does not open when you type its address into the browser, it is quite possible that it has been infected and removed from the Google index or from your provider’s server.
How to Clean a Website of Malware
Use a Malware Removal Plugin
If you can log in to your WordPress dashboard, the quickest way to get rid of malware is to use plugins designed for this purpose.
Plugins like Wordfence, Sucuri, or iThemes are some of the best plugins for protecting your WordPress-based site.
If you have no experience in administering web servers (Apache, LiteSpeed, Nginx) or Linux, this is the fastest and safest method to combat malware.
Manual Malware Removal
Manually removing malware is time-consuming and, if files are edited or deleted incorrectly, can result in your website becoming completely immobilised. However, if you cannot access the WordPress dashboard to install the necessary plugins, manually searching for and removing malware is often the only option. If you have no experience in this, it is safest to consult a company that does this professionally to avoid causing even more damage.
Create a Site Backup
Before you do anything to remove the malware from your site, first create a backup of the website so that you can restore it in case of complications. Creating backups should become a habit, which will save you a lot of time and stress in case of website problems.
To manually back up your site’s files, log in to your hosting using FTP, SFTP, or via the CyberPanel. Then, compress the contents of the wp-content folder and download the compressed file to your computer’s hard drive.
If your hosting has a snapshot backup option, this is also a good choice, or you can use one of the many WordPress plugins for this purpose.
It will also be necessary to back up the .htaccess file. This file is hidden by default in some file managers, so make sure you have the option to show system files enabled.
It is equally important to back up the database, as this is where most of the information displayed on our site is stored. Bear in mind that some malware can hide in the database itself.
Reinstall WordPress
Before you start looking for malware in your files, install a clean version of WordPress. By installing a fresh version of WordPress from the official website, you can be sure that it is free of malware.
Check the Files
The most difficult part of the task is ahead of you – checking all the WordPress files. This is a tedious and lengthy process, as you will have to check each file and directory one by one to identify infected files.
First, compare all WordPress files with the files from your backup, then proceed to check the theme and plugin files. If you have no experience in creating and editing HTML, CSS, or JavaScript files, it may be very difficult for you to spot suspicious lines of code.
After reviewing all the WordPress files, check the contents of the .htaccess file. This is a very important file, and even after installing a clean version of WordPress, if you have an infected .htaccess file, you may still leave a backdoor open for hackers to reinfect your site with malware.
Finally, after thoroughly checking and cleaning all files, you should also clear your browser and web server cache, as files in the cache can also be infected and reinfect your site.
Reinstall Themes and Plugins
Reinstall clean versions of your themes and plugins. Remember to only install trusted themes and plugins. The truth is that most malware infections are not caused by WordPress itself, but especially by installing poor-quality plugins and themes, or worse, installing them from untrustworthy sources. Such plugins are often already infected at the time of installation.
Reset All WordPress and phpMyAdmin User Passwords
This is an absolutely necessary step when dealing with malware. Often, the weakest link on our website is not WordPress itself, but weak passwords that are easy to guess or break using the Brute Force method. It is also worth checking the list of users on our site to see if there are any suspicious individuals with high privileges who were not there before.
It is also essential to log in to the database via phpMyAdmin and check whether any suspicious users have appeared there who should not be. You should also reset all database passwords, as a person with access to our WordPress database can cause enormous damage and change the content of our site.
Restore Photos and Other Files
After you have finished checking the files, you can restore your photos and other site files.
However, be careful and review the directories one by one before restoring the files. While there is little danger of infecting the site with multimedia files, any JavaScript or PHP file should immediately raise a red flag, as they most likely contain malware. These files should not be in your photo folders.
Checking the Database Backup
Operations on database files are very complicated, and a person without extensive knowledge of how MySQL, PostgreSQL, or MariaDB works will likely do more harm than good. Therefore, if you suspect your WordPress database is infected with malware, it is best to contact a company that handles this professionally.
Summary
Prevention is better than cure. Therefore, if you do not yet have a plugin installed to improve WordPress security, it is high time to download and install one.
Furthermore, it is worth using suitably strong and long passwords to make it harder for hackers to crack them using the Brute Force method.
Keep your WordPress core, themes, and plugins updated. The latest versions usually patch security vulnerabilities found in previous versions.
There are certain tasks on a computer that we need to perform regularly – for example, performing backups. In Linux, the Cron command is used for such repetitive tasks; it is invaluable for executing scheduled jobs. In this article, we will show you how to configure crontab to run a cron job every hour.
What is cron?
Cron is a tool, an application used for scheduling tasks, and running applications and scripts at a specific time in Unix-like operating systems. It allows you to schedule tasks (cyclically running applications or shell scripts) that will automatically run at a specified time and date. These tasks are called cron jobs.
In Linux and Unix systems, cron is commonly used for maintenance or administrative tasks, such as running backups (with the option to later send them to an FTP server, for example) or sending automated emails. Cron can also be used, for instance, to check for system updates and many other things.
Cron uses a configuration file called crontab. A crontab is a plain text file that can be edited with any text editor. The system administrator can configure a global crontab file with root permissions, and additionally, each user can have their own settings, limited by their user permissions.
A cron job is usually executed in the background, and if there is any output, it can be sent to the user via email or saved to a file. Cron is a powerful tool that allows you to automate virtually any task, but it can be difficult for novice users to operate if they are not familiar with the required command syntax.
What can we use cron for?
With cron, we can manage virtually any function of a computer or server and run cyclical tasks at a specific time and date. We can use it for example to:
Automate repetitive tasks. A cron job can be used to automate tasks at regular intervals, such as running backups or sending cyclical emails, for example, with reminders.
Run system tasks on a schedule. A cron job can check for available updates for the operating system or applications, or for example, it can regularly clean the computer of temporary files and unnecessary system logs.
Automatically perform system updates, update security, and install new software. This can help to better secure the system and ensure that we always have the latest versions of applications and libraries installed on our computer or server.
Improve performance. Thanks to cron, we can configure the execution of tasks that heavily load the computer to run during hours when the computer is least used, for example, at night.
Overall, cron can significantly streamline the performance of cyclical tasks through their automation.
Create a cron job in the Linux terminal
The crontab command is used to create cron jobs. To create a new cron job:
Open a terminal window.
Type the command crontab -e to open the cron configuration file.
Add a new entry to the crontab file, remembering to maintain the correct format, otherwise the task will not run:minute hour day-of-month month day-of-week command-to-executeAn asterisk instead of minutes, hours, or months means that this task will run every hour, minute, or every month. For example, if we want a command or script to run on the hour (i.e., at minute 0) every day of every month, we must type:0 * * * * command-to-execute
Save the crontab file and close it.
Use the command crontab -l to display the list of saved cron jobs to be executed.
NOTE: The syntax for cron job commands may vary depending on the version of the Linux system. We are basing this on the Ubuntu system. To learn more about the cron application, type man cron in the terminal.
How to create a cron job in CyberPanel
If your web server is based on LiteSpeed, you should install the CyberPanel overlay. Creating cron jobs in CyberPanel is much simpler and more pleasant than in a crontab file.
Log in to your CyberPanel Dashboard.
On the left side, click on Websites, then List Websites, select your website and click Manage.
Scroll down and click on Cron Jobs.
To add a new cron job, press ADD CRON. To see a list of existing jobs, click FETCH CURRENT CRON JOBS.
To have a given task run weekly, select Every week from the list. In the example below, cron will run a previously written backup script every week, on Wednesday at 4:16 AM. In the Day of week window, we enter numbers from 0 to 7. 0 or 7 means Sunday, 1 Monday, 2 Tuesday, etc.
We can also enter the days of the week by name in English: mon, tue, wed, thu, fri, sat, or sun.
Press Add Cron to save the created task.
Isn’t configuring cron in CyberPanel more pleasant?
In this article, you will learn how to remove unused JavaScript from your site, which will help to speed up its loading time. The issue is that a significant portion of JavaScript code is not utilised on the page and slows it down unnecessarily, as the more code on a page, the longer it takes to load. And nobody likes a slow-running website. Therefore, it is crucial to be able to locate and remove unnecessary JavaScript from your website.
What is JavaScript?
JavaScript is a programming language that allows, among other things, for the creation of dynamically updated content and the management of multimedia, and much, much more. It’s incredible how many effects can be achieved with just a few lines of JavaScript code.
Through the Document Object Model (DOM) API, JavaScript is also used to dynamically edit HTML and CSS code to refresh content on web pages. When creating a page, remember that the website’s code typically loads and executes in the order it appears on the page. So, if JavaScript that uses HTML code is loaded and run before the HTML it needs has loaded, errors may occur on the page.
What is Unused JavaScript?
Unused JavaScript refers to resources that are not used or required for rendering and displaying the site’s content.
Despite this code not being used, the user’s browser still has to load it into memory. There is no benefit from this; it only slows down the page loading and burdens the user’s computer memory.
Why is it Worth Removing Unused JavaScript?
Loading unnecessary JavaScript can have a significant negative impact on site performance and the overall user experience. The “First Contentful Paint” (FCP) parameter, one of the main indicators in Google PageSpeed Insights that assesses user experience, is heavily influenced by JavaScript code.
Types of Unnecessary JavaScript Code
Let’s divide unused JavaScript code into two categories:
Non-critical JavaScript: This is used elsewhere on the site but does not need to be loaded first and block the loading of other site elements. Such code blocking the site’s loading worsens our FCP parameter.
Dead JavaScript: This is not used at all on the page and can be safely removed.
Disadvantages of Loading Unused JavaScript Code
Unused JavaScript has a negative impact on website performance and delays page loading. Our site’s position in Google search results depends, among other things, on its speed. This is one of the key parameters. Furthermore, the likelihood that users will leave our website and visit another increases if our site runs slowly. This affects the bounce rate, which is extremely important for SEO and causes Google to lower our site’s search rankings.
It is important to distinguish between two different things: the actual loading time of the site is not the same as how users perceive its loading time. The most important thing for the user is to see the first elements at the top of the page as quickly as possible and for them to be responsive. The rest of the page elements below can load later; it is important that the user sees a blank page for the shortest possible time.
Advantages of Removing Unused JavaScript Code
It is obvious that the more JavaScript, HTML, or CSS the browser has to download and execute, the longer the page takes to load. It doesn’t matter whether the JavaScript code is needed or not; if it is on the page, the browser will always download and run it.
This is especially important for mobile users on smartphones. Not only does unnecessary code use up our data allowance, but mobile devices are also not as powerful as desktop computers. To speed up your site’s loading, you should be able to find and remove unused JavaScript, or at least make it load later so it doesn’t block the initial stages of page loading.
How to Reduce the Amount of Unused JavaScript?
First, we will try to find large JavaScript files using GTMetrix, and then I will show you ways to remove the unwanted code.
Use GTMetrix to Find Large JavaScript Files
Go to the GTMetrix website and enter your website address in the appropriate field.
Click on the Waterfall tab.
Below, click on the JS tab, and you will see the JavaScript files. Click on Size to sort them from largest to smallest.
JavaScript Minification
JavaScript minification involves removing unnecessary code from the script.
NOTE: Improper code minification can damage your site. Before using this guide, be sure to make a full backup of your entire site, including the database.
Removing Unnecessary JavaScript Code with the LiteSpeed Cache Plugin.
If your site runs on a LiteSpeed or OpenLiteSpeed web server, you can use the LiteSpeed Cache plugin to minify JavaScript code. If you also use the CyberPanel, this plugin is installed by default.
Go to your WordPress Dashboard and click on LiteSpeed Cache.
Click on Page Optimization.
Click on JS Settings at the top, and then enable JS Minify.
Click Save Changes.
Removing Unwanted JavaScript Code in Elementor
If you use the Elementor plugin, you can remove unwanted JavaScript code with it.
Go to the WordPress Dashboard, click on Elementor on the left, and then on Settings.
Click the Experiments tab at the top.
Scroll down to the Stable Features section and enable the Improved Asset Loading option.
Go to the very bottom of the page and click Save Changes.
Delaying the Loading of Necessary but Non-Critical JavaScript with Async JavaScript
Go to your WordPress Dashboard and install the Async JavaScript plugin if you don’t have it.
Click on Settings, then Async JavaScript.
Click on the Settings tab at the top, then click the Apply Defer button.
Go to the very bottom of the page and click Save Settings.
Removing Unused Code with the Asset CleanUp Plugin
When certain files or plugins do not need to be loaded on a specific subpage of our site, we can disable them using the Asset CleanUp: Page Speed Booster plugin. This plugin is a powerful tool, but in inexperienced hands, it can cause damage to our site. Remember to make a backup of your site before editing it.
Install Asset CleanUp if you do not already have this plugin.
Go to the WordPress Dashboard, then click on Asset CleanUp and Settings on the left.
Click the Test Mode tab on the left and enable the Test Mode function. This is a very useful feature. When enabled, only logged-in administrators will see the changes made. If it turns out during testing that our site is not working correctly, only administrators will see it, and the pages will still work correctly for normal users of our site. Only after making sure that everything is working correctly can we disable the Test Mode, and from then on, the site will load faster without the unnecessary JavaScript code.
After making changes, scroll down the page and click Update All Settings.
On the left, click the Optimize JavaScript tab.
Enable the option Combine loaded JS (JavaScript) into fewer files.
Scroll to the bottom of the page and click Update All Settings to save the settings.
Summary
Loading unnecessary JavaScript code makes a site load more slowly because the user’s browser has to download, parse, compile, and execute it needlessly. Unused code consumes mobile data allowance and slows down page rendering. All of this worsens the user experience and lowers our site’s ranking in Google search results.
By minifying JavaScript and removing unnecessary code, you will speed up your site’s loading time and improve its overall functionality.
