Malicious code on your web hosting account?
Written by: Jon Eivind Malde

We have started handling any malicious code found on your web hosting account faster and better while also warning you by email. The system is gradually being used on more and more servers and will soon cover all web hosting servers. When the system is in use on all servers you will get a warning within minutes if something is found on any of your accounts.

Why are we doing this?

Malicious code represent a risk to all clients on a server as well as other users online. Hackers can do any of the following with malicious code:

  • Extract all data you have stored in the account/website or insert code to continually have access to your data without you or your clients knowing about it.
  • Send spam or phising emails (which will blacklist the IP addresses of the server and result in email delivery problems for all users on the server).
  • Attack other servers online/your visitors to spread virus/malware or participate in DDoS attacks.
  • Run code to overload the server to impact yours and other websites on the server.

When we find mailcious files we will follow these steps (where next step is only performed of the previous failed):

  1. Check backup for clean file and automatically restore.
  2. Clean file for mailcious code.
  3. Put file in quarantine.
  4. Delete file.

Put in other words; We try to do the least invasive to your website first and use the more drastic actions only when needed. Due to the risk malicious code represents we have to go to these lengths to keep you, your visitors and the Internet as a whole safe.

What system are you using?

The system we use is called Imunify360 and is provided by CloudLinux (who also provide us with the OS we use on all our web hosting servers). We have been using Imunify360 since CloudLinux launched the system in the beginning of 2017 and have been working together on how it should work since. We finally feel the system is mature enough to use more actively and integrated with our own systems. That is why we start handling these files now.

Imunify360 logo

Imunify360 does a lot more than just finding malicious code in files. Among other it:

  • Stops attacks on your website with a web application firewall (WAF).
  • Stops brute force attacks (attempts to find out your password) on services such as SSH, IMAP and more.
  • Patches software on the server which has known vulnerabilities such as the kernel (without having to reboot the server).
  • Stops processes running malicious code while also tracking down the orgin of the attack in the logs.
  • Finds blacklisted domain names.

Imunify360 is in other words an important part of the security of our web hosting servers, and will gradually become more important as the software evolves.

Where can I see the files that have been found?

You have full access to the files and log in the control panel (cPanel) as shown in the guide Malware scanner in Imunify360. You will also be able to restore files from quarantine and white list files identified as malicious when they should not have been (false positive).

Some files mentioned in the emails we send might have been found a long time ago. We could have chosen not to report these, but we do in case they might be important for you. In such old incidents it might also be that the files mentioned are not in your log as Imunify360 did not log these in the same way as they do now.

What should I do if files are found on my web hosting account?

You should first check if your website is working as it should. If the files have been restored from backup or cleaned it should not be necessary to do anything. If they are put in quarantine or deleted you should check if the website solution you use have that file and if it contains malicious code. Ask the provider of the solution or us if you are in doubt.

You should follow the tips in the guide How to secure your website against hackers after checking the files.

Questions or comments? We would be happy to hear from you 🙂

Free SSL certificates with AutoSSL
Written by: Jon Eivind Malde

Back in 2016 we partnered with Symantec (now Digicert) to deliver free SSL certificates to our customers. AutoSSL, cPanel`s solution for free SSL certificates, was also recently launched at the time. However we chose to work with Symantec instead as we believed their solution would be best for our customers.

Tom showing free SSL certificate with AutoSSL.

Background

The two solutions differed in that Symantec`s solution envisioned that you start with a free SSL certificate and add extra functionality as you grow. In other words – the SSL certificate is tailored to your needs. The AutoSSL solution had a very different strategy where the goal was only to deliver free SSL certificates for domains hosted on cPanel. However, at that time AutoSSL was not very well integrated into cPanel and there were issues with the solution.

Why free SSL certificates with AutoSSL

Symantec did unfortunately never live up to what they envisioned and what we envisioned for our customers. There have barely been changes since we started working together. Meanwhile AutoSSL has continually improved in terms of usability and integration in cPanel. As a result of that – the sooner the better – we had to acknowledge that we chose wrong solution back in 2016. We have now discontinued working with Symantec to deliver free SSL certificates and we have already made AutoSSL available to all our customers on all web hosting packages. The last remains of free SSL from Symantec will be removed from our website in a matter of days.

Advantages with AutoSSL

The advantages for you with the new solution is that:

  • All (sub) domains on the web hosting account will be covered instead of just a single (sub) domain
  • The certificates are issued/renewed automatically instead of you having to manually issue/renew them on our website
  • Parked domains is also covered by free SSL certificates now. This is particulary handy for those using the 1-page website builder on their domain name.
  • The forwarding package is also covered by free SSL certificates now
  • If you forget to renew a SSL certificate it will be automatically replaced by a free SSL certificate (so that you avoid having an error on your website for all visitors)
  • You will get free SSL certificate also for mail.yourdomain.com (where yourdomain.com is your domain name) and will be able to setup your email client with SSL using the hostname mail.yourdomain.com instead of cpanelX.proisp.no (where X represents the server number)
  • Other useful addresses such as webmail.yourdomain.com and cpanel.yourdomain.com can be accessed with https without any warnings as they will also be covered.

Disadvantages?

You might ask yourself if there is any disadvantages with the new solution when you see the list of advantages. Yes, there is. We don’t get to show you the advantages paid SSL certificates can do for you beyond what the encryption only free SSL certificates delivers. You also don’t get to setup your own SSL certificate specifically tailored to you like Symantec envisioned. But, fear not 🙂 We will eventually add tips about paid SSL where suitable based on analysis of your needs. For example during diagnose of your web hosting – in time.

What about you who already have SSL from Symantec?

If you have:

  • Only free SSL certificate this will be automatically replaced when it expires.
  • Free SSL certificate with site seal we will replace this with a PositiveSSL certificate at the same price as your site seal. You will in other words get a paid certificate with 30% discount. The disadvantage is that you have to change site seal, but if you need help to do that we are more than happy to assist.
  • Free SSL certificate with wildcard (Basic SSL Plus) we will replace this with a PositiveSSL wildcard certificate at the same price. You will in other words get a paid certificate with discount.

How often are free SSL certificates issued?

The new solution issues/renews SSL certificates once per night for all (sub) domains on all web hosting packages that doesn’t already have SSL certificates or have certificates that are about to expire. You can follow the guide “Install free SSL certificate with AutoSSL” if you need to issue a free SSL certificate before it is issued automatically.

Feel free to contact us if you have any questions or comments regarding the change 🙂

Acronis backup – our new backup solution
Written by: Jon Eivind Malde

We’ve been using R1soft backup as backup solution for all our services since 2007. The solution worked well for us initially. Much was promised in terms of upcoming new features for our clients. What was promised was unfortunately never delivered no matter how many times we pointed this out.

In addition to the fact that the product has not developed significantly over the years, we’ve also experienced an increasing number of errors with the solution. Anyone can have errors, but for us the amount became larger than what we considered acceptable. Every second counts when we need to restore from backup and having to deal with errors in the middle of a disaster recovery can significantly delay when we are back to normal operations.

Choosing new backup solution

In the past year, we have tested many backup solutions to find the one that provides the best user experience and functionality for our customers. At the same time, it has also been important that the performance must be at least as good as before. Acronis’ backup solution differed significantly from the other solutions and became the natural choice, although the solution is 3 times as expensive for us as our previous solution. Don’t worry – you won’t have to pay more. There is a saying “You get what you pay for …” and it seems to be the case here 🙂

Acronis

Acronis delivers solutions to more than 5 million end users and 500 000 businesses in more than 150 countries worldwide. They have won numerous awards for their solutions since its inception in 2003.

Here are some of the advantages compared to R1soft backup:

  • Faster backup restore (testing was up to 10 times faster)
  • It is now possible to restore email addresses, forwarding etc. (which is then correctly set up on the server)
  • Imunify360 (security software on our servers) will automatically replace files that are infected by malware from backup if there are uninfected files there
  • When logging in via cPanel you do not have to enter your username and password as you sometimes had to before
  • Improved logging so you can see what’s restored and when it’s finished
  • Generally less errors during restore operations

Transition information

As of April 15, all web hosting accounts will be covered by Acronis backup. Unfortunately, in the transition there will be smaller backup entries available via cPanel. If you need older backups, please contact support so we can restore this for you during this period. This is not ideal for either you or us, but we hope for your understanding in our efforts to improve our service to you. We apologize in advance for the inconveniences it causes for customers who want to restore from older backups.

The transition to Acronis will also enable us to offer you more
related solutions. We will publish more information about this as it is launched.

Our new backup restore guide:
Guide for restoring backup from Acronis

Do you have questions or comments? Then we would love to hear from you 🙂

6 tips: How to get faster and better support
Written by: Isabelle

Every customer would like to see their support ticket resolved as fast as possible. When contacting our support team you should include as much relevant information as possible. By doing this our support team will be able to solve your issue and give you a reply faster.

Tip!
We offer VIP support for all Pro Premium and Enterprise web hosting or as an add on service for any other service or product we offer.

1. Check knowledgebase and run diagnose

The first thing you should do when experiencing any issues with one of our services, is to check the knowledgebase for solutions. If you do not find the answer there, you can run a diagnose via the client portal. This will give you information on any issues with your services.

fast support

2. Use descriptive title

If you did not find the solution to your problem in the knowledgebase or by running a diagnose, you should contact our support team.

The first information we receive regarding your problem is the title of your problem. Please try and describe the problem as clearly and precise as possible. Using titles as “Help! Everything is offline” or “Important!!!!” gives us no information on what the problem is regarding.

Use titles such as “Outgoing email is not working for any accounts” or “Disc space is full”. These titles will give our support team essential information on what the problem is regarding from the beginning.

3. Only give us information related to the issue

At times clients gives our support team an extreme amount of information when contacting us. Remember that the more unrelated information you give us, the more information our support team will need to read through and the longer time it takes them before they can start working on the issue.

In other words, the more information related to the issue, less time is spent scanning for relevant information.

  • Here are some examples of relevant information you should let us know:
  • What domain name is the problem regarding
  • Which service (website, email, DNS, database) is the problem regarding

Here are examples of relevant information you should include when you have issues regarding email:

Is webmail working?
Which email client are you using?
Which operative system are you using?
Is the issue regarding incoming-, outgoing email or both?
Is the issue regarding one specific email account or all the email accounts?
If the issue is only concerning one account, please state the account.
Have you received any error messages? What is the content of these?

4. Grant access and permission

To solve an issue our support team will often need to reproduce the issue. This requires a form for login. You should therefore give us access to the account if it is required to reproduce the issue or to solve the issue.

Sometimes it may be necessary to change configuration or the account to solve the issue. If you already know this when contacting us, you should give our support team permission to execute these actions. You will then save the time spent with us asking you for permission and waiting for your reply.

fast support

5. Use the same support ticket when updating your issue

If you need to update your support ticket with more information, you should use the same ticket code. If you send us a new support ticket, our support team will spend time collecting information from different support tickets regarding the same issue.

In case you have solved your issue before you have received an answer from us, we always appreciate if you update your support ticket so we can close it.

6. Priority support

All our Premium and Enterprise web hosting has VIP support included and will have priority support. You can easily upgrade your web hosting from Pro Start or Pro Medium if you would like to have the benefits of Pro Premium web hosting. Alternatively you can order VIP support as an add on service for any other service or product we offer for only 3€ per month. VIP support cover all services and products in your account.

Summary

When you have an issue with your web hosting or any other service at PRO ISP you should always check our knowledgebase first. If you do not find the solution to your problem here, try running a diagnose.

If you are still experiencing the issue, you can contact our support team via email, live chat and phone. Please provide relevant information, give us access and permissions to give our support team all the tools they need to solve your issue in one reply.

We include VIP support for all Pro Premium and Enterprise web hosting or as an add on service for any other service or product we offer.

Optimize WordPress with LiteSpeed Cache plugin
Written by: Simon A. Skaar

LiteSpeed webserver (LSWS) is a webserver with extremely good performance compared to other webservers. LiteSpeed can replace Apache without one having to do any changes to the configuration file for the installation.

LiteSpeed cache plugin

If your installation is located on a server that is running LiteSpeed, you can use powerful plugins from LiteSpeed that will ensure full optimization and caching of your website. There are modules created for WordPress, Joomla, OpenCart, Drupal 8 and several of the popular CMS systems. At PRO ISP LiteSpeed is free to use if you have Pro Medium, Pro Premium or Enterprise web hosting.

LiteSpeed cache for WordPress is one of those powerful plugins available when on LiteSpeed server. The plugin offers optimization of your website, with cache, optimization of scripts and pictures. One of the best benefits of using LiteSpeed Cache plugin is that you can optimize your website with just a few clicks.

To install the plugin, select it from the plugin library accessible from your admin panel, or see our guide “How to install LiteSpeed cache plugin for WordPress“.

How to optimize web shop

When you have installed and activated the plugin, standard configuration will be active, and you will be able to see the four first options under “Settings”. Normally you will not need to change any of these.

Tab #5 – WooCommerce will only be visible if you already have WooCommerce active.

As soon as you active the plugin, the optimization will begin, and standard cache will be activated. To see other settings, select “Show advanced options”. A selection of 12 tabs will appear (thirteen if you have WooCommerce installed).

Optimize (tab #5)

Optimize contains Minify, combining and HTTP/2-push of scripts and is important when optimizing a website. In short terms it removes any unnecessary code, comments and combine CSS and JS files, resulting in fewer request for your visitors.

With the changes mentioned under this section, we had good results from GTMetrix.

This is the results before the Optimize function was activated (cache was already activated).

Before enabling recommende Optimize - Litespeed for WordPress

This is the results after the Optimize function was activated.

After our recommended Optimize features are enabled.

If you are not sure which settings to select, we recommend activating CSS Minify, CSS HTTP/2-push, JS Minify, JS HTTP/2-push. Activating CSS Combine, JS Combine can result in scripts and CSS failing.

After you have activated any options or made any changes in the plugin, you should check that your website is working as normal. If you are experiencing problems with the Combine function, but still want to activate this one, you should check out “How to fix problems caused by CSS/JS optimization“.

When activating HTML Minify the source code will not be easy to read should you need to later. All code will be “pressed together” to save resources. It is still recommended to activate this one. Under the same function you will see Inline CSS Minify and Inline JS Minify. These will remove any spacing, sections and comments in all CSS- and/or JS-files.

Load CSS Asynchronously is a function that will make sure CSS and HTML are loaded simultaneously. As a standard CSS is always loaded first so the website will be displayed correctly as soon as it loads. By activating Load CSS Asynchronously, the website will load faster but could give your visitors a bad impression since they will be able to see your website without images and CSS for a second. We therefore recommend you also activate Generate Critical CSS. This will connect to LiteSpeed’s Critical CSS server which will insert the necessary CSS, so your visitors will not see a lesser version of your website. We also recommend to activate Generate Critical CSS in the Background which makes sure the website is loaded automatically in the background and caches ready for when a visitor will want to see the website as fast as possible, without errors.

Load JS Deferred will make sure all scripts are loaded according the HTML-code. Activate this and test your website. If you are experiencing any errors, you should activate Exclude JQuery and try again.

DNS Prefetch is not mentioned in this article but if you are interested you can read more in “X-DNS-prefetch-control“.

The final option in Optimize is “Remove Comments” meaning comments or scripts typically deactivated by */ or //. These will automatically be removed in the cached version of the website and can in many cases contribute to faster load.

The settings in the Optimize tab can make a big difference to increase the speed for your website. When activated. this function will replace any other plugins (for example Autooptimize) within minify-options.

Tuning (tab #6)

Combined CSS Priority and Combined JS Priority only needs to be activated if you are experiencing problems with your design after activating the options from Optimize.

Remove Query String makes sure a website with different possible strings behind the URL is ignored and only the website shown is cached.

An example could be:
exampledomain.org/product/ball
exampledomain.org/product/ball?colour=yellow
exampledomain.org/product/ball?colour=pink

Without Remove Query Strings all these sites will be cached even though it’s the same site as the visitor is currently on. When activating Remove Query String, they are ignored, and resources are saved since only exampledomain.org/product/ball is cached. You can read more about this and see examples on LiteSpeed’s blog.

If you are using Google Fonts, you can load these quicker by connecting to Google servers before the actual load of the website starts. Use Load Google Fonts Asynchronously. Remove Google Font will remove any external fonts loaded from Google. If you are unsure if you need these options, you can check your website after activating and see if it works better.

We will not be looking into rules/excludes as this is highly advanced.

Remove WordPress Emoji will reduce the number of requests from your website. We recommend this since you can use standard emojis if needed.

Media (tab #7)

We will leave Lazy Load Images remain inactivated since this is a function you alone should consider if you need. Perhaps not everyone will need this, but it will save resources when it comes to loading the website, but remember you need to satisfy both visitors and search engines.

Optimize Automatically we recommend activating as this will activate optimization of your images. We also recommend activating Optimization Cron, Optimize Original Images, Optimize WebP Versions, Optimize Losslessly and Image WebP Replacement.

After activating these, you can click “Image optimization” under the options for LiteSpeed. You will have an overview of how much space you have saved and a que of how many images being optimized.

As an example, we have uploaded an image of 1,4MB which was already optimized by a third party, after a few minutes of processing in the background, I got an 8% less image file size. With standard settings you will not see any noticeable changes to the image.

CDN (tab #8)

In this tab we will insert CloudFlare’s API at the bottom of the page, since the website is using CloudFlare nameservers. If you are not using CloudFlare (or any other CDN) you can ignore this. You do not necessarily need CDN if your target group is in Norway and you are located on a Norwegian server. CloudFlare has many other interesting functions included in our web hosting. If you are expecting a lot of tragic from abroad, you should use this.

Regarding Load JQuery Remotely you should only activate this is your visitors are from other countries than Norway since both Google and Cdjns can retrieve this from foreign servers. Analytics sites will also consider this as external requests.

ESI (tab #9)

If you are not sure what ESI are, you can read more about this is “Wpw: Private cache vs. public cache”.

In short terms this is a function within cache, displaying different cached websites for different roles (guest, admin). We recommend activating this in addition to Cache Admin Bar and Cache Comment Form.

Vary Group settings do not need to be altered, unless you have a web shop with different prices displayed according to role (for example retailers seeing different prices than private parties).

Advanced (tab #10)

The only option we are going to activate is Browser Cache with a TTL of 1296000. You can also leave the standard values as is. Browser Cache stores logo, images and fonts locally on visitor’s units so they will not need to load this every time they visit the website or any other of your links. Most static files that is rarely altered will be stored. TTL do not need too be to high as you will sometimes change the content. Anything from one day in seconds to one month is fine.

We will not be looking into Object Cache as this is highly advanced.

Debug (tab #11)

If you suspect any errors on your website is caused by LiteSpeed, you can activate “Disable All Features”, store and then check your website (remember to deactivate after).

In this tab you can also alter how much information is logged. You can deactivate ADMIN-AJAX by deactivating “Heartbeat”. You should not do this unless you have a valid reason.

Crawler (tab #12)

Currently only Enterprise servers have this function available, so we will leave this out of the article. If you are interested, please contact us and we will help you select the best web hosting.

WooCommerce (#13)*

In this tab we have activated all options and left Product Update Interval remain on “Purge Product on changes to the quantity or stock status. Purge categories only when stock status changes.”

* You will only see this if you have the web shop module WooCommerce installed and activated.

Summary

If you wish to be located to a LiteSpeed webserver please follow instructions in “Change web hosting server”. If you wish to upgrade in order to move to a LiteSpeed webserver please follow instructions in “Upgrade services”.

Please feel free to contact us for advice or recommendations.

What’s new in cPanel version 76
Written by: Morten Malde

Our hosting server is running version 74 of cPanel and this week all servers will be upgraded to version 76. There are no major changes in this upgrade, but some changes are worth noting.

New “domain” overview icon

There will be a new icon in cPanel that shows a better overview of adddon domains associated with your hosting package. If you have additional addon domains, then this icon will be very useful. You can choose which folders the different domains should point to and you can go directly to email creation for the domain name in the list.
You could also do this before, but it is now simplified for you.

Nytt ikon i cPanel

Internal PHP in cPanel is upgraded

cPanel will upgrade PHP version from 5.6 to 7.2. Based on our tests, there is a noticeable difference in speed within the cPanel itself. Navigation and response has been significantly faster and better.

PHP 5.6 to PHP 7.2

SquirrelMail is removed in version 78

On new servers with version 76, webmail software Squirrelmail is no longer available. From the next version (78), Squirrelmail will also disappear from our older servers. This is mainly due to safety reasons. You can read more about this in “The Death of SquirrelMail”.

Squirrelmail blir fjernet fra cPanel

How to recognize and avoid fake emails?
Written by: Isabelle

Fake emails are one of the biggest security threats online against private individuals and companies. Behind these emails are scammers trying to steal your personal information to abuse this. In a survey conducted by Intel Security, 80% of people cannot identify phishing emails.

What is a fake email and what is phishing?

A fake email is a type of fraud. Most of the times so called phishing is used. Phishing is a term for digital spying or “fishing” for sensitive information, such as passwords or credit card information.

A phishing email will try to cheat the receiver into believing the sender of the email is someone else. The email will contain logo and other elements to give the impression its a serious and genuine email. It will encourage you to click the links in the email. These links will lead to what may appear as a serious website, such as Google, DNB or any other companies we deem as secure and trustworthy. In reality you have now accessed a fake website created by the scammers, who will have access to any information you enter on the website.

fake emails

An increasing issue

Statistics shows that phishing and fake emails is an increasing issue when it comes to security. According to  “Enterprise phishing resiliency and defense report” phishing has increased with 65% in 2017. Wombat security reports in “2018 state of the Phish” that 76% of companies had reported being subject to phishing attacks in the past year.

As much as 95% of all attacks on company’s networks are the result of a successful spear phishing attack (an advanced and targeted form of phishing often directed towards companies) according to Networkworld.

Take precautions

There are several precautions you can do in order to avoid being a victim to fake emails and phishing, as a person and a company. An advanced and sophisticated spam filter is the first line of defense since this will stop many of the fake emails. All our web hosting includes spam filter. If you have Pro Premium hosting you also have access to SpamExperts, which is a more advanced and accurate spam filter.

Since the human factor is the weakest link when it comes to this problem, the most important measure you can do is get yourself (and your employees) familiar with some guidelines:

  • Do not trust senders name

    One of the most used tactics for fake emails is abusing the senders name. Do not trust the senders name, but also check the email address as well. If it seems suspicious, do not open the email.

  • Look, but do not click

    If the email contains links, hover the mouse over these to check where they lead but do not click. If the link appears suspicious, do not click them.

  • Check for spelling mistakes

    Companies and organizations are meticulous with their emails. Serious emails normally do not have spelling mistakes or poor language.

  • Analyze the subject

    If the email is addressed to “Dear client” it could be a sign of a fake email. Companies and organizations normally use a greeting including at least the first name of the client.

  • Do not give out personal information

    Banks and companies with access to sensitive information will never ask you to provide this information via email.

  • The use of “urgent” or any threatening language in the subject

    Giving the impression the email is urgent or using fear is a tactic often used in phishing emails.

  • Check the signature

    Lack of details regarding the sender and how you can contact the company is often a sign of phishing. Serious companies will always include their contact information.

  • Do not open attachments

    Fake emails often include attachments with malware. If you open this it can destroy files on your computer, steal your passwords or even spy on you without your knowledge. Do not open attachments you did not expect to receive.

  • Be skeptical 

    These fake emails have become highly sophisticated. Even though an email has the company’s logo, correct spelling and appears to be a valid email, this does not mean it is. Be skeptical and if you find an email to be suspicious, do not open it.

Are you using an outdated PHP version?
Written by: Isabelle

By the end of 2018 PHP 5.6 and 7.0 will cease to exist. If you are using these PHP versions you should upgrade to a newer PHP version. The reason for this is to ensure your website will continue working, remain fast and secure.

What is PHP?

PHP is short for Hypertext Preprocessor. This is a script language running on web servers to point websites with dynamic content (search engines and blogs for example).

Make sure the website is compatible

Upgrading from 5.5 to 7.X should work flawlessly, but we recommend you check the program code for your website to make sure.

You will need to do the following:

  • Make sure the latest version of your script (for example WordPress/Joomla/OpenCart) is installed on your hosting.
  • Make sure all themes and plugins you are using is updated and compatible with PHP 7.X. If you have updated them any time during the last year, they are probably ready for PHP 7.1+. Contact your website developer if you have questions regarding your website being compatible with new PHP versions.
  • The guides below contain checkpoints you should go through for your website in order to be ready for upgrade to 7.X.

Upgrade from 5.6 to 7.0
Upgrade from 7.0 to 7.1
Upgrade from 7.1 to 7.2

If you have used mysql_* -functions for your website, you will need to replace them with mysqli or PDO. If you have a newer version of WordPress/Joomla/OpenCart, you are already using the correct database connection.

*PRO ISP supports all PHP versions, even though some of these will cease to exist.

How to change PHP version?

Our guide “Set up PHP version for web hosting account in cPanel” will show you how to change PHP version. You can change PHP version as much as you want via cPanel.