Blog, News, Tips & Tricks

4 Steps to protect your website investment

Step 1: Backup your entire website

Make sure you have a worst case scenario backup plan. Sure any web hosting service worth it’s salt will keep backups of your website but don’t just rely on that. What if they went out of business and shut down operations suddenly, would you be able to get your website back online with another hosting provider? What if your website was hacked but you didn’t notice it for several weeks, would your hosting provider have a clean backup to restore? Take these matters into your own hands and have a backup plan in place. Make sure you have your own backup of your website. Make sure your backup includes everything needed to get your website back online. If you update your website regularly you should save a new backup at regular intervals.

Step 2: Keep your website software up-to-date

Cyber-criminals and hackers are constantly scanning the web for websites with security vulnerabilities. Popular CMS software such as WordPress is scrutinised for any security weaknesses that can be exploited. If any security holes are exposed the WordPress team responds quickly with a security update. But you must update your website software to the latest version of WordPress to make sure you have all the security updates. If you are running an old version of WordPress, it may have known security holes which leaves your website vulnerable to attack. So make sure you regularly update to the latest version of WordPress (or whatever CMS software you are running). Beware that updating the software can have it’s risks – the upgrade could fail leaving your website inaccessible or there could be incompatibility issues, so it is important to backup your site prior to upgrading. WordPress plugins should also be kept up to date for the same reason. You can read the release notes for WordPress and plugins to determine if the latest release includes any security updates.

Step 3: Use strong passwords and keep the safe

A weak administration password could be the biggest security hole in your website. It is best to use passwords of at least 10 characters. They should contain a combination of upper case, lower case, numbers and symbols. It is safer not to use the same password for multiple different purposes. It is also recommended to change your passwords from time to time. That can mean a lot of passwords to remember so a secure password storage utility such as KeePass (Win), KeePassX (Mac, Linux) or Password Safe (Win) comes in handy for keeping track of all those passwords in a secure manner.

Step 4: Ensure your website is configured as securely as possible

Certain measures can be taken to add an extra layer of protection from hackers scanning your website beyond what is provided by the out-of-the-box content management system. e.g. Certain information that does not need to be displayed but could be of help to hackers can be hidden. For WordPress websites there are security add-ons that assist you with making your website more secure. One that we use and recommend is Better WordPress Security.

Solution to WordPress adding br and p tags around shortcodes

The Problem:

Sometimes I find stray p or br tags appearing inside a block of content that I’ve enclosed in shortcodes and this can mess up the layout by adding extra spacing where I don’t want it. It occurs because of the default order in which WordPress processes your content – wpautop (the function which converts line breaks to p or br tags) is run before the shortcodes are processed.

The Solution:

  1. Change the execution priority of wpautop so that it executes after the shotcodes are processed instead of before. Add this in your functions.php file:

    remove_filter( 'the_content', 'wpautop' );
    add_filter( 'the_content', 'wpautop' , 12);

  2. Now there will be no extra p or br tags added inside your shortcode block. In fact there will not be any automatic conversion of line breaks to p and/or br tags at all. So if you want the legitimate line breaks to convert to p and br tags, you will need to run wpautop from inside your shortcode function, e.g.:

    function bio_shortcode($atts, $content = null) {
       $content = wpautop(trim($content));
       return '<div class="bio">' . $content . '</div>';
    }
    add_shortcode('bio', 'bio_shortcode');

Hack Attack

Flicking through Time Magazine on the plane back to NZ, I came accross an interesting read regarding website hacking. It is astonishing how organised these hacker organisations are, so much so that some of them even offer customer support!

Here’s the article: Read more »

An alternative to storing passwords in FileZilla or other FTP clients

One of my client’s websites got hacked recently but fortunately he was able to restore the website and tighten up security. He also discovered how the attack happened – his own computer got infected with malware which got access to a file created by the popular FTP client, FileZilla. That file contained his FTP connection details for his website, including password in plain text. Yes, FileZilla stores all the site connection details that you save in the site manager in a plain text XML file. This seems very unsecure. The FileZilla developers contend that it is the job of the Operating System to keep your information secure and that even if they encrypted it, malware authors would easily decipher it. However, I am of the opinion that encrypting the passwords would make it more difficult for the hackers and therefore would improve the security.

Read more »

Want to know what people are searching for, when and where?

Google Insights for Search is an interesting tool that is fun to play with and could give you some useful nuggets of information that you can use to your advantage. You can use it to see what search terms are most popular and to see how search terms trend over time. For example if you are selling a product on your website and are planning an online marketing campaign, you can see what times of year have the most search activity for keywords related to your product and then time your campaign to occur during a time of peak interest. Your results can be restricted to a specific country or region so for example you can look at the trends accross the entire world, or just in New Zealand or even just in Nelson – pretty cool eh?

Google Insights for Search has been around since 2008  but is still in ‘beta’ mode (test mode) – check it out here.

Which content management system? Why it’s important

I was recently having a beer and a chat with a fellow Nelson web developer and discovered that we shared the same favourite content management system. That got us on to talking about what CMSs the other local web design companies here in Nelson build their websites on. My mate told me of a job he turned down because it was an existing website that was built on a content management developed in-house by the original developer of the website and quick look at the structure of the code showed that it was a complicated mess that he didn’t want to get involved with. This reminded me of how important the choice of CMS platform is. Yet very few of my clients have ever asked me about what type of CMS I would use to build their website on. I guess most people are not aware that there is a choice to be made.

For the uninitiated, a content management system is the administration side of a website that facilitates the management, updating and expansion of the website. There are a vast amount of different systems out there, a handful of widely used ones and there are some web companies that custom build their own systems.  Broadly speaking they can be categorised as:

  • Open source CMS
  • Proprietary commercial CMS
  • In-house custom developed CMS

While there may be some excellent proprietary and custom developed systems in use, open source content management systems are the most widely used and as a result generally lead the way in terms of ‘state-of-the-art’ in features, usability and security. There are a few top open source CMS platforms in particular that are highly active projects in terms of the pace of continual development, improvement and enhancement. Such systems run millions of web sites and on such a scale that any problems are quickly discovered and fixed. Whereas if you compare a custom developed system, it is unlikely to find a pace of development and improvement that comes anywhere close and it is also unlikely for find the same level of available features and capabilities as you would in a top open source platform.

Advantages of Open Source CMS over proprietary or custom built:

  • more likely to be an evolved stable platform
  • often more refined usability – i.e. easier to use
  • usually will have a much wider range of features/capabilities
  • easy to find another developer who can work on your website (so you are not locked in to the original developer for future work on your website)
  • typically well optimised for search engines
  • portable to a wide range of web hosting environments
  • generally will cost less because many specific features that you need are already built in or available as plugins/modules and the wide range of options for choosing a developer
  • no additional fee for the CMS software itself

Of course within open source there are many different systems available but three of the most widely used are WordPress, Joomal and Drupal. Each of these three are well refined systems with a large community of developers and are continuously improving and evolving at a rapid pace. They each have their own particular strengths and are all great solutions for different situations. There are also a number of other widely used and respected CMSs out there. The bottom line, if you are someone looking to get a website built, is to ask your prospective web developer what CMS they would use for your web site and why. If they propose a custom built or proprietary system, ask why they consider it to be a better fit for your situation than an open source system and compare the advantages they provide with the advantages of open source systems outlined here.

Mind Maps – A great approach for planning a website

The idea behind mind maps is that you start with a central concept, write it down in the middle of a page, then add nodes as you think of different ideas around that concept. You can further develop any of the ideas by branching out more nodes from these ideas and so on. On paper it might look something like this:

Example of a hand drawn mind map

This approach can be used for planning a website – structure, functionality, features, content, business model and what ever else you can think of. While it can be done with pen and paper, a good software tool offers much more flexibility as you can easily move things around, change them and you never run out of paper.

I’ve started using a freely available took called FreeMind for website planning and I find to be ideally suited for the job. It’s a great way to start putting structure on your ideas and – you can keep adding ideas as you think of them, go back and reorganise and fine-tune them.

Here’s a screen-shot of it in action:
FreeMind screenshot

WordPress Plugin Released – Flexi Quote Rotator

I have made a WordPress plugin for displaying quotes, testimonials or other text snippets on a WordPress website/blog available for download on this website. In the past I have modified many plugins for my own purposes, but this is my first foray into releasing a WordPress plugin for public consumption. I had been looking for a plugin that would display testimonials on a client’s web site and came across Luke Howel’s quote rotator plugin. Luke’s plugin displays the quotes as a sidebar widget which was not suitable for my needs so I decided to have a go at expanding upon his plugin to offer other display options as well as add a settings admin menu and some styling features. The result is the Flexi Quote Rotator plugin. As with the original version that it is based on, it is licensed under GPL and free to download, use, modify, redistribute as you please.

© 2020 Stellar Web Works Ltd.