If these three sentences resonate with you in any way, you may want to give a look at these two smart steps to improve your website’s performance.
Responsive Design makes sure that browsing works fluidly across all screen sizes from desktop, laptop, tablet and smartphone. This is done by building your website in a manner that presents differently to different screen sizes, so the website visitor has a very positive experience no matter what size screen they are looking at.
Adding the S for “Secure” to your web address will both improve your ranking and avoid warnings such as “this site may not be safe” when visitors arrive. Adding the “S” requires a Secure Socket Layer that encrypts data transferring to and from your site from visitors and adds authentication to your website that says it is safe for visitors.
You may now be wondering how did we get here.
From 1996 to 2014, it was all about growing businesses into deciding that they should have a web presence. Some did it just to be there (in case they might miss something). Then, as time went by, more and more businesses took to a web presence and grew their effort to maximise its effectiveness.
Finally, with the rise of mobile devices such as smartphones and tablets, more and more people shifted towards them, moving away from desktop computers.
Amazon, Ebay, Netflix, YouTube, Facebook, Instagram and other social networks and services have been strong drivers of bringing more and more users online as everyone now can connect to the web reaching out their device in their pocket.
Search Engines such as Google, as their algorithms grow more and more sophisticated, want to provide their users the best possible experience when searching for something through their service.
Aware of the rise of mobile browsing, this means that a website has to:
On April 21, 2015, The rise of mobile devices in the online browsing market, led Google to roll out the so called “Mobilegeddon” algorithm update. This update gives priority – in mobile Search Engine Results Page – to websites that display correctly on mobile devices.
Last January, Google started issuing a penalty to those websites that display intrusive popups on their users’ devices.
The list goes on.
HTTPS encryption has been declared to be a ranking factor since August 2014, although people are getting more aware of it only just lately, when major web browsers started to clearly show in their URL bar whether a website has such encryption in place or not.
On Chrome browser, for example, you will now see to the left of the web address:
Secure
Info or Not secure
Not secure or Dangerous
For website owners this can be a big negative. Someone is just about to visit your website and they are now being warned away, because “you are HTTP and not HTTPS!”.
Again, the focus here is on the visitor first and the website owner second.
For websites that are just information – this appears at first to be a bit strong but adding the “S” to HTTP adds a Secure Socket Layer to ensure data is encrypted and therefore protects the website visitor. This matters whether they are simply browsing your website or entering personal details and other sensitive information such as credit card details, etc.
Now, the bottom line is that if you do not have a HTTPS on your website – visitors are likely to reduce due to warnings and lower rankings.
If you do add HTTPS (using a Secure Socket Layer) then you are seen to respect your potential website visitors and you are rewarded by Google and the browsers by not having warnings showing to visitors.
This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.
On September 19, WordPress released a new Security and Maintenance Update.
Needless to say: if you are a WordPress website owner, you should update now, if you didn’t already. Also, be sure to backup your website, if you didn’t do it recently!
To Backup your website is always important before installing Core updates. This prevents issues (such as your website becoming broken or unbrowsable) from rising, especially with Plugins, as they may not always be 100% compatible with the new version.
Need help with your WordPress Backup and Update? Contact us!
Cross-site scripting vulnerabilities (XSS), mostly.
This is a short list of the main bugs that have been found and that the 4.8.2 update fixes, along with a brief explanation, where needed:
XSS is a kind of vulnerability used to bypass websites’ access controls.
A path traversal attack (aka directory traversal attack) aims to access files and directories that are stored outside the web root folder.
Through open redirects an attacker may successfully launch a phishing scam and steal user credentials. This can happen by redirecting the victim to links identical to the original site, so to have a more trustworthy appearance.
There are other 7 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.8.2 directly from their website.
We are available to chat with you over these and other WordPress related issues anytime. Contact us!
This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.
If you are Administrator of a WordPress website, pay attention!
The security firm SiteLock has reported that WP-Base-SEO, a fake version of the legit WordPress SEO Tools plugin, has infected lots of WordPress websites.
As SiteLock shows, WP-Base-SEO does a very good job in faking legitimacy, providing references to the official WordPress Plugin Database and instructions on how to use the plugin properly.
Still, digging deeper in the main PHP files of the plugin, they found out a base64 eval request. It’s a PHP function very often used for malicious purposes and, as such, its use is disregarded by PHP.net. In this case, it opens up backdoor access to the website.
The security news website Threatpost states that over 4.000 WordPress sites have been infected by WP-Base-SEO. It is likely that the attackers have mass-scanned WordPress websites searching for outdated plugins to target. This is a very common practice.
Just to provide an example, in April, 2016 an outdated version of WordPress RevSlider image slider plugin, was held responsible for 2.5 terabytes data leak that went under the name of “Panama Papers”.
As always:
We at Handyweb have dealt with WordPress Security issues and can help you if you need solutions! Contact us!
This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.
WordPress has just released a Security and Maintenance Update.
The 4.7.3 update fixes important secuirity issues that 4.7.2 and previous updates still didn’t manage to fix completely.
Of course they suggest to install the update immediately and. as WordPress users ourselves, we can’t help but strongly suggest you to do that.
So, if your website uses WordPress as a Content Management System (CMS), you should backup your website and update WordPress Core to the latest version.
To backup your website is always important, especially before installing Core updates, so to prevent issues. Also, if your website has Plugins installed, these may not always be 100% compatible with the new version which can lead to your website becoming broken or unbrowsable.
Need help with your WordPress Backup and Update? Contact us!
Being an open source, heavily community-reliant CMS, WordPress updates are usually based on the huge amount of feedback coming from its huge user base (WordPress 4.7 has been downloaded over 17 million times).
This is a short list of the main bugs that the 4.7.3 update fixes, along with a brief explanation, where needed:
There are other 39 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.7.3 directly from their website.
We are available to chat with you over these and other WordPress-related issues anytime. Contact us!
This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.
Today’s headlines show that the Swift payment system has been hacked. This system is used by many leading banks in the world, probably including yours. Perhaps it is a good time to remind yourself of your responsibilities as a website owner: you should always protect your visitors’ data against hackers.
The headlines on the heading picture of this article are all cut from web stories today. There is an increasing level of security breaches even on top brand websites.
For website owners there are two areas to consider, when seeking to keep your website safe from hackers.
Do you have an Ecommerce website? Find out more about how to increase your Ecommerce security.
Your interaction with your online visitors is based of trust. If your website fails in delivering a proper protection for its visitors, building trust in them will be very difficult.
Here are 7 steps you can consider if you want increase your visitors’ trust
One of the easiest ways for hackers to access your website is because your software, like your website CMS, are not up to date. Many CMS such as WordPress often release Security and Maintenance Updates. These updates aim to close off the loopholes in security found in the previous versions.
More about why you should always keep your software up to date.