Are you absolutely sure that you're fully complying with GDPR regulations and directives? You need to be certain of this, because if you don't comply there could be some serious pitfalls ahead. We all have responsibilities, so it's essential that we know exactly what is required of us.
In my position, I have a duty of care to advise you on best practices, and to ensure that your websites continue functioning 24/7/365 without grief! I can only do that with your cooperation in the event that your applications are approaching end of life. And since the implementation of GDPR in May 2018 the stakes have got a lot higher. Now it's not just me telling you, the European Union are saying it as well - and they're enforcing it to the letter.
Outdated software is always going to mean a jackpot for hackers, but there are some website owners who are seemingly willing to roll that dice! Unfortunately there's now another implication, and this one can do you more damage than any hacker is capable of doing. And that is failing to conform to GDPR compliance!
GDPR is about risk assessment and mitigation. If businesses use software that is EOL (End of Life) they are knowingly, or unknowingly, increasing their levels of risk and in breach of GDPR. If you fall into this category then you are likely to face the heaviest penalties if personal data is compromised.
That applies to everybody, irrespective of whether you're in the EU or not. For example, if you're in the US, the HIPAA Security Rules state that entities must “implement security measures sufficient to reduce risks and vulnerabilities". And if you're using unsupported or EOL software then you are in breach of this regulation.
So how does all this affect you and us?
In your case if you use outdated software and there is a data breach you face huge fines. In the first 9 months, 206,326 cases were reported!
The biggest so far is Google who had a €50 million fine levied in France, then the levels vary according to the severity of the breach. A Healthcare organisation in Germany had an €80K fine for exposing sensitive personal data, and even a small social site there got hit for €20K for storing user passwords in plain text.
In our case, we cannot provide you with EOL and outdated software. If we do, then we are in breach of GDPR regulations for using insecure applications to handle clients' data.
My ignorance or your ignorance doesn't cut it! We are all accountable, so we need to be aware of the possible ramifications of breaching GDPR regulations. Let me be absolutely clear here......the financial penalties in the event of a data breach are potentially crippling as you can see HERE!
I also suggest you review a summary of the regulations HERE......in particular the directive "Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing".
What's caused this scenario?
It's down to the accumulation of data breaches over the last 25 years due to the casual attitudes of website owners, which also includes Government departments and large enterprises, who never took security seriously. Then throw in the massive corporations who've deliberately misappropriated users' personal data for both financial and political reasons.
This has now led to a situation where we're being monitored, and held to account, as if we're living in a world borrowed from the dystopian fiction novels of George Orwell!
To summarise.....I've always kept clients aware of the dangers of end of life software. However, I'll openly admit that in the past I have allowed a little bit of leeway for them to get their sites updated. Or if they choose to do so, move their accounts elsewhere and continue to take the risk. But I cannot do that any more......otherwise we'll all be breaching GDPR regulations. So if a client is approaching the point of EOL software on thir account, the situation needs to be addressed prior to expiry........not at some point after that date.
There may well be providers who will take this risk because they don't want to jeopardise their income stream. We won't do that.........the penalties for data breaches are too severe to leave anything to chance.
So we're all in the same boat here inasmuch as we have to ensure that we are in full compliance with GDPR regulations. Be aware that there's no "Get out of Jail" card on this one!
We covered the marketing tactic that is Unlimited Web Hosting many years ago when this particular "initiative" began to spread across the industry.
It has no effect on what we do because we're not web hosts in the strictest sense of the term. We're web developers that provide private dedicated hosting facilities to our web design clients as a component within our Managed Service Plans.
The reason we're covering this again is that we wanted clients who've come onboard with us more recently to be aware that sometimes not everything is what it seems to be in this industry. Because what companies claim, and how you interpret that claim, may be two different things. Basically, Web Hosting is a commodity - and like everything, it has it's limits. Many hosting companies offer "unlimited" plans, but be advised there are physical limitations to both disk space, bandwidth, and all other aspects of your hosting service. Before you buy an "unlimited" plan, you need to know what you're getting into.
Firstly, there is no such thing as an unlimited hard drive, everything is determined by the capacity of the drive itself. Furthermore, the network lines that carry data around the web (optic fiber, cable etc) have a finite capacity because there is a limit to the amount of data that can be transferred at any given point in time. So you will never have unlimited diskspace and bandwidth.....because it simply doesn't exist.
And unfortunately, there's a sting in the tail! Because hidden in the provider's terms of service will be very strict limits on CPU, RAM, MySQL, Number of Processes, Concurrent Connections, Disk IO, and Inodes.....and should you try to achieve this mythical "unlimited", you're going to hit those limits very quickly. Particularly if you have a site with a listing application for properties, vehicles etc that uses any type of XML feed import or export system.
In case there's any doubt on this, here's an extract from a major UK Unlimited Webhost's terms and conditions.......buried deep in their site. It's certainly nowhere near their sales pitch that's for sure!
"What is excluded from Unlimited:
In order to ensure that no one single website can adversely affect the other Registered Users, WebHost’s servers use systems to restrict the amount of CPU, Concurrent connections, IO, Number of processes, Memory, MySQL CPU & IO.
If a Registered User is identified as being close to these limits on a consistent basis, WebHost will advise alternative and more appropriate hosting services such as a Virtual Private Server (VPS) or a Dedicated Server.
In extreme instances WebHost reserves the right to suspend or cancel the service at their discretion".
The text above shows you what triggers the "upsell". Don't want to pay more? Then you'll be shown the door. They can get you on multiple elements of the service.........and the majority of users won't even understand what those items relate to.
Let me clarify that this is not illegal in any way. They claimed that you can use all the diskspace you want.......and presumably you can! Just as long as you don't trigger any of the other limits in the plan. Though they weren't very forthcoming with that info at point of sale were they? But those limitations were there in the Terms and Conditions when you initially ordered the Hosting account.......so if you didn't read the T&C's carefully then that's down to you.
If you check our Terms and Conditions you'll see they contain nothing like that whatsoever. We offer managed service plans which include hosting services, and they provide resources that actually exist. Of course there are limits applied to the resources a single individual client can use - as you can't have one user grabbing all server resources and disadvantaging others.
But I can guarantee (because I know the restrictions these unlimited guys apply) that our allocation of CPU, RAM, MySQL, Number of Processes, Concurrent Connections, Disk IO, and Inodes considerably exceed what they allow on their "unlimited" plans. In fact we have clients who would exceed the limits of an unlimited webhost due to Inode use with just one e-mail account.
Unlimited web hosting plans are simply a marketing ploy to get your business. And of course the providers don't support your website......only the server and network.
If your website gets hacked or just doesn't work, then you'll need to find somebody who can fix it. To ask for help with that would not be classed as a "Valid Enquiry" to your webhost. And that is also specified in their Terms and Conditions......which you probably never read. Site support is clearly specified in ours of course, as with us you have a Managed Service Plan, not a basic web hosting account.
We believe in ethical business practices, rather than deliberately misleading unknowing clients (who don't understand the technical aspects) just to get their money. Not all hosting providers are the same. Not all web designers are the same. There are levels!
And we are the very rare crossover between both those roles - what we do with both those aspects is always at the very highest level. And always 100% transparent!
Please note that our enterprise level hosting resources are only available for our web design clients as a component within our Managed Service Plans.
Over the years I've continually stressed the importance of web security to our clients. To the point that some of you think that I'm paranoid.
But in this instance it's a case where the perceived paranoia should be interpreted as actually being in possession of the full facts. And of course, I have the relevant data to support those facts.
Remember that you don't see what I see on a daily basis. You're disconnected from it because I handle the process completely - so you don't need to think about it. But just because none of our clients have ever been hacked doesn't mean people aren't trying. They are! And it's my job to stop them!
But what am I up against? This image below is a screenshot of the security firewall in one of our client's sites. Those statistics represent the hacking attempts made on that particular site within specific timeframes. And every one of those hacking attempts was blocked and the IP blacklisted.
So let's be absolutely clear that these threats are very real, and they need to be taken seriously. I take them very seriously indeed.........do you?
Because throughout recent years the security threats to web sites and personal information have increased in sophistication, magnitude, intensity, volume, and velocity. In fact, 87 percent of IT security specialists worldwide believe that we're now in the middle of a global Cyber War!
This elite level of expertise, which was previously directed mainly at governmental and international corporate entities, is now spreading across into the mainstream of security threats that we have to face every minute of every day. The script kiddies and amateur hackers of yesteryear have now been been usurped by a much more sophisticated and knowledgeable network of potential intruders. And they're packing a lot more firepower in their arsenal.
Faced with this additional level of threat we had two choices: Stick with the current system that has served us well for so many years and hope for the best. Or raise the bar to reflect the change in the status quo. As you would expect from us, we've raised the bar. A lot! So in addition to our normal (and very extensive) security processes, we've now deployed an industry-leading commercial security system.
Obviously I can't go into any detail on this openly, but it does introduce advanced intrusion prevention and Bruteforce protection to mitigate against the new threat levels that we face.
From now on, all the individual security elements which were previously working independently are contained within a controlled and integrated server security environment and the processes interact together should the threat change or evolve. Plus, it brings a lot of additional elements of protection to our servers, one of which is it has the ability to automatically send any infected files to a cloud based analysis engine. The file is then automatically cleaned and sent back down to the server when the threat has been removed.
Obviously we hope we never have to use this aspect as our mission is to stop any threats before they reach that point. But it's still good to have processes in reserve......just in case.
So we have now created an environment where detection, protection, and reporting of security threats happen simultaneously and collaboratively. The system protects your web applications and personal data effectively against malwares, botnets and hacker attacks at all times. And after speaking to the developers, it appears that we are the first provider in Spain to implement this system.
But we can only go so far, because you have a responsibility as well. Do not run outdated software and deprecated PHP versions on your accounts......you're just asking for trouble. And if you are running vulnerable software then all the security systems in the world are not going to help you because the application will just let the attacker in without triggering security. Essentially you've given them the key to the door.
We've always notified clients of this situation before their sites reach this stage. And if they choose not to update their software then that's their choice. However, we are then unable to provide hosting services for them any longer - as they're a risk to themselves and everybody else. We would of course find them an alternative host. Be assured that there's plenty of "Web Hosts" out there who don't care what their clients put on their web space......as long as the money comes in.
It comes down to this: Would you prefer your data to be within a secure gated compound......or a crack house? It's a no-brainer as far as I'm concerned!
We're pleased to announce a new addition to our hosting infrastructure to further enhance the quality package that we deliver to our clients. Most people don't think about this aspect very much......but it's absolutely critical. It's the foundation of our business, and also your business.
Simply because, if your web site isn't live, and your mail service isn't operating, then your business can grind to halt. So the challenge of delivering that level of efficiency on a 24/7/365 basis is a big one. It's certainly not something that's achievable on a shoestring budget or by cutting corners. And it's not a gig for part-timers that's for sure.
As a quick overview of what's involved, you need to be aware that Web Hosting is normally delivered using a LAMP Stack (Linux, Apache, MySQL, PHP). All of these are open source and provide what is necessary to deliver the content of your site when they are installed onto a web server that's connected to the major public networks worldwide.
However, there are alternative commercial applications that can replace those base elements listed above to provide better performance and security. And we have just replaced the open source Apache component with the commercial server application known as Litespeed Web Server.
The key benefit of LiteSpeed is it's ability to deal with heavier traffic, utilising less memory and CPU resources than Apache. It can also handle DDOS attacks with more efficiency, and has full mod_security compatibility. The LiteSpeed Web Server can serve thousands of clients concurrently, and it's highly optimised code serves static and dynamic content much faster than a standard Apache server.
If you've been a client for many years, you already know that we've constantly invested in our hosting infrastructure. As far as we're concerned, this is a critical core element of our business. So let's recap on our progression over the years!
2003: Web Hosting Reseller Account.
2008: Our first Virtual Private Server (VPS) in London.
2010: Our second Virtual Private Server (VPS) in Michigan.
2012: Our first Dedicated Server in London.
2014: Our second Dedicated Server in Michigan.
2016: Conversion of servers to run on Cloud Linux operating system in order to deliver greater security, efficiency, and stability.
2017: London Dedicated Server replaced with a new, more powerful server containing 32GB RAM, 32 CPU's, 6 x 480GB SSD Drives RAID 6.
2019: Conversion of Servers to use Litespeed technology to further enhance our level of service.
So as we keep moving forward......so do you! All clients using currently supported PHP versions are now running on Litespeed. Unfortunately we are unable to provide this facility for those running on deprecated and withdrawn PHP versions. However, once old sites are replaced and are using current PHP versions they will be upgraded to Litespeed.
Now here's an interesting point that I'd like you to consider:
Back in 2003, for a cost of €150 a year you would receive 150MB diskspace and 5GB bandwidth.
Fast forward to 2019 and for €150 a year you receive 10,000MB diskspace and 150GB bandwidth.
That equates to €1 a megabyte in 2003, compared with €0.015 a megabyte in 2019. That's 65x the diskspace and 30x the bandwidth of 2003 while paying the same price.
Can you think of anybody else that you do business with who can say the same thing?
Of course, it's a fact that the mass purchase of diskspace and bandwidth have got cheaper for us to buy over the years. But throughout those years we've passed those savings back to our clients........while still continuing to invest in improving and enhancing our hosting infrastructure. This is absolutely necessary, because in IT, if you're not moving forwards.....then you're going backwards! Failure to do so is occupational suicide - just ask MySpace, Altavista, Lycos and all the other failed business models from the dotcom boom of 20 years ago.
We already have another initiative planned within the next year.......and if you're a WebSpain client then you can be sure that you'll be a part of it!
Please note that our hosting infrastructure is only available to our current web design clients using sites that we have built.
Every new client that comes onboard with WebSpain gets their first year of fully managed web services free of charge. They are then able to evaluate whether they want to stay as a longterm client, or perhaps take their site elsewhere.
But besides the allocation of server resources that you receive, there's the permanent ongoing attention that comes with it!
What we provide with our Managed Services Plans:
Site security updates applied on day of release.
Site errors rectified subject to site software being current.
Enterprise strength site security firewall.
Malware removal on sites using Cloud based Auto Clean for infected files.
Uptime monitor checking connectivity to your site every 5 minutes 24/7/365.
Proactive monitoring of site and server security notifications related to your account.
E-Mail delivery monitoring.
Ongoing DNSBL IP Reputation Checks.
Ongoing Domain Reputation checks powered by Google Safebrowsing.
Daily account backups to a remote server on the network using R1 Soft technology.
Twice a day database backups.
PHP version upgrades subject to site software being current.
Immediate site and mailbox restoration.
GDPR compliancy implementation.
SSL / Dedicated IP address implementation.
Cloud Linux optimised servers.
Industry-leading commercial server security system.
Sites protected within CageFS individual containers.
KernelCare seamless operating system security updates with no server reboot required.
cPHulk Brute Force Detection.
Shell Fork Bomb Protection.
Optimised ModSecurity rules.
High CPU, RAM, and disk inode allocations to each site.
SSD Hard Disks.
Rapid response to clients with personal support 365 days a year.
Please do not confuse our services as listed above with basic web hosting accounts that are sold by web hosting providers.
We do not sell basic web hosting services, we deliver Fully Managed Service Plans for our web design clients. No web host will manage, update, and rectify faults on your website, all they support is the server and the network.
What we don't provide with our Managed Services Plans:
Web Design services using any application other than the Joomla content management system.
Web Design services on any third party server.
Website or Hosting Support of any site that is located on a third party server.
Website or Hosting Support to anybody who is not a current client of WebSpain.
Website or Hosting Support for websites using end of line software and/or running on withdrawn PHP versions.
Website or Hosting Support for a client's additional services that have been contracted tthrough a third party provider.
Bulk E-Mail sending facilities.
Promotional and Marketing Services.
E-Mail Marketing Campaigns.
Bulk data input services.
Social Media Promotions.
PPC (Pay per Click).
Bespoke Programming and Coding.
As an example, the managed package detailed above for a client using 20GB diskspace in a UK datacenter would be approximately €395 a year. But of course there are alternatives to our services! Who knows......the grass may be greener elsewhere? So I've listed a few options, all of whom deliver professional services that I anticipate would be on a par with ours.
Web Hosting €280 a year (Clook) plus a Site Firewall €175 (Sucuri). Total €455.....but this does not contain site management, only hosting and security facilities.
Site Management €850 a year (Joomlashack). This contains site management, but no hosting facilities. So add the two options together to match the full WebSpain package and it would cost you €1305 a year.
Site Management and Hosting combined from €1050 up to €3200 a year (JoomDev). This is the closest match to what we provide, but there is no indication on their site of diskspace allocation or the number of sites covered. And there are limitations in the number of support tickets that you can submit per month..
So if you're comparing like for like that's how the figures stack up. Of course, if you don't want support or security of any kind for your site, and your only requirement is cheap hosting......then you're spoilt for choice. There's virtually no end to the numbers of "providers" who can supply you with diskspace on oversold servers and you can just wing it from thereon. It's what I call the "Occupational Suicide" option.
It's not a course of action that I would recommend if you have a viable business. But if your website isn't important to you, or you don't care about running obsolete software and having dubious neighbours with adult sites etc in close proximity to you.....then it's certainly worth considering. You may well be able to find somebody for less than €50 a year......but the amount you pay will have a direct bearing on the level of service you receive. Because at those unsustainable levels of pricing there is no margin for the provision of professional support personnel. Just bear in mind in that scenario you're on your own as regards your site, and depending where you go, you may well be on your own in the matter of having a reliable hosting service and e-mail facility as well.
One point I do want to emphasise is that if you do not have a current WebSpain account, you are not a WebSpain client. Therefore we will be unable to assist you with any problems that you may encounter. Our service is only for current WebSpain clients, as they are our sole focus of attention.
If you want to maintain similar levels of service then you're looking at over €1000 a year minimum......compared to our example price point of €395. Of course you can get cheaper if you're willing to lower your expectations. But when you go to the very bottom of the barrel then it's not how much money you can save, it's how much grief you can withstand!
Time doesn't bypass anything, or anybody! That includes our computers, our mobile phones, our TV's, our cars......even us! So why would websites be any different?
Yet it's been my experience in the past that when I notify some clients that their sites have become outdated and no longer have security support they seem surprised. It's as if they weren't aware that websites, like everything in life, are affected by the passage of time.
So how does a website age? Visually you can always tell an old website because of the way it looks, as it will appear somewhat dated compared to modern ones. But it's not the visual element that's the problem.....it's the code that's been used within it where the problem lies. Because as time goes on, security holes appear. And if they're not patched and updated then there are going to be security breaches!
Another critical element in the "safe" life expectation of a site is PHP. PHP is the scripting language on the server that runs all our clients' websites......in fact around 83% of the sites on the Web are powered by PHP.
Over the years, as with all technology, PHP has advanced considerably. It's much more secure, and now considerably faster in the time it takes to render web pages. This gives you peace of mind re security, and a much better experience to your users. But as it advances through the versions it becomes necessary to remove certain coding elements that older sites used. This is to ensure that any unsafe elements are no longer included, and to continue to advance the application in terms of performance and security.
Unlike some years ago, we now have the option to run multiple PHP versions on a server at the same time......so most web hosts are able to accommodate the needs of all users at any given time. At present we have PHP 5.6, 7.0, 7.1, and 7.2 available which can be assigned on a per site basis. And 7.3 is due to launch next month so that will be added as well.
But a big change also happens next month which will affect clients on older sites: PHP 5.6 and 7.0 will become unsupported and end of line! Here's the PHP version calendar:
After those two highlighted dates, any users on PHP 5.6 and 7.0 will no longer have security support and are potentially exposed to unpatched security vulnerabilities.
The key point you have to be aware of here is that if you still need to run on those old PHP versions, then there's elements within your site that are out of date as well. So there's two risks facing you: outdated site software and outdated server software.
In terms of our clients, we will continue to provide PHP 5.6 and 7.0 for them until the expiry of their current hosting period. At that point, if they don't intend to upgrade their sites, we will find an alternative Web Host for them who can still offer these outdated versions. But be aware, those Hosts won't be able to offer that facility indefinitely......there will come a point in time when they'll withdraw them too.
As always, my advice is this: Only use currently supported versions of site software and server software. If you don't, then you're putting yourself, and others on the server, at risk of potential security breaches.
As I mentioned earlier, some clients don't like to hear that they are potentially at risk. But we have a responsibility to keep clients informed, in the same way your mechanic would give you a safety advisory related to your car. I doubt that anybody wants to get a report saying their brakes are failing........but it's most definitely something they need to be told!
Another reaction I get is when clients say "Why would anybody want to hack my site? It doesn't get a lot of visitors so I'll just leave the site as it is".
Now just change that thought process to "Why would anybody want to burgle my house or steal my car? I'll just carry on leaving the doors unlocked".
Make no mistake, Point 1 and Point 2 express exactly the same point of view.....that somehow it won't happen to me. However, statistics suggest that it will happen to you if you don't take security seriously. There are more than 1.86 billion websites on the internet. Around 1% of these, something like 18,500,000, are infected with malware at a given time each week; while the average website is attacked 44 times every day. Official Industry Source HERE!
Just because you're not aware of this situation doesn't mean it's not happening. It just means it's not happening to you because of the proactive steps we have taken on an ongoing basis over many years.
If we are no longer able to take those measures because of the circumstances I've detailed in this article then we have a responsibility to our clients to make them aware of it. Of course, what they decide to do at that point is their decision......but nobody who's a client of ours can ever say "I didn't know".
Now here's 3 questions:
1. Did your web developer personally contact you prior to the day and explain these principles?
2. Did your web developer implement these changes prior to 25th May?
3. Did your web developer make all the necessary changes to your site to ensure you were compliant without billing you for their services?
If you answered "Yes" to all three then you're obviously a WebSpain client. As I've said in the past, not all web designers are created equal. This is just another example of how we always go further in the area of client support.
As far as GDPR will develop in the future, there are no guarantees that the stipulations, or even the interpretations, won't actually change. And at this point it remains to be seen how closely the regulations are actually going to be enforced.
No doubt there are millions of website owners out there that haven't got a clue about all this.......because their web developer never bothered to bring them up to speed about their responsibilities. You'll be able to spot them quite easily if they don't have a "specific consent" option in their forms. Potentially, organizations not in compliance could face hefty penalties of up to 20 million euros, or 4 percent of their worldwide annual turnover, whichever is higher - so this isn't something that you can leave to chance.
But there's one area where the GDPR isn't clear at the moment.....and that's HTTPS/SSL encryption on websites. The GDPR regulations specifically state that all user information received must be stored securely, and all reasonable precautions must be taken in terms of it's security at point of contact and thereafter.
To me, that would infer it's necessary to have all connections encrypted rather than unsecured......despite the fact SSL Security isn't directly referenced. So my personal recommendation (as I've been saying for 3 years) is to ensure that you have an encrypted connection to your site.
Google has been saying this throughout this period, and now with the introduction of GDPR the onus is on you personally to ensure that you are seen to be complying with the legal responsibilities that you now have. Also, from July onwards, Google Chrome browsers will begin to flag every website that does not use HTTPS encryption with the warnings 'Not secure' prominently highlighted in the address bar. That's a business-killer if ever there was one.
Failure to secure peoples' data in the past was just seen to be unprofessional......now it breaks European law. There's a big difference. Seriously.......just don't take any chances on this because the stakes just got a lot higher.
Very often, we don't notice the changes that happen progressively throughout the course of our lives......because they're not instant, they're gradual. The same applies to our websites.
We've just replaced the WebSpain site, and despite it being less than two years old, it was starting to date considerably compared to others in our field. That prompted me to visit the Wayback Machine which periodically takes snapshots of sites over the years.......to see just how sad some of the earlier versions of WebSpain actually were compared to today.
What I found made for scary viewing......as an example, this monstrosity is from 2010!
I cringe looking at it. It's a bit like bringing out your old photos from the 70's when you had big hair and even bigger flares! It feels like I've put a photo of my dirty underpants online.
But the reality is that the type of presentation you see there was par for the course in 2010. That was all we had to work with back then because the technology that is available today didn't exist. Mobile websites? No such thing!
We normally replace our site every 18 months so there's been about 4 or 5 updates since then.......but comparing the 2010 presentation to today is a real eye opener! Things have changed a lot in 8 years.
I want to emphasise that it's not a case of we've got better at what we do.....it's a case of the technology and applications available to us to work with are now on a totally different level to back then. And like real life, it didn't happen overnight......it was a progression over those years, but at a much faster rate. The mobile era was the game changer, but even that technology at this present time is much more advanced than it was 5 years ago.
Now ask yourself this question if you are a client from recent years:
Would you have even contacted us to find out more information if our website still looked like that?
Highly unlikely......because we would have looked like amateurs or a defunct business. It's the kiss of death at point of discovery!
The fact is, if you can't immediately present yourself as a professional then you will not be taken seriously. Besides looking unprofessional, old sites will also be riddled with security issues and running on slow, outdated, and vulnerable PHP versions on servers.
PHP have announced that later this year, versions 5.6 and 7.0 on the server will be discontinued and unsupported. So if you're still running an older site then this could present problems.
The red dot denotes expiry of those versions......contact us if you want to know whether you're affected! This new WebSpain site runs on PHP 7.2, which as you can see is supported till the end of 2020.
So to summarise, running outdated and obsolete sites can not only adversely affect your business in terms of client pereception, it also puts you and your users at risk of hacking and phishing attacks. Stay current!
Make sure you present yourself as a live, thriving business.....not as somebody who's trapped in time! And definitely don't wait until you plummet to the depths of obsolescence and embarrassment of the WebSpain 2010 site. Because everyone will be laughing at your site in the same way as most of you are now laughing at my old one!
For over 3 years we've been advising website owners to get HTTPS/SSL encryption in place because the internet has been moving towards a totally encrypted medium. A major development is now taking effect from July 2018 onwards.....and from thereon it's going to get much more difficult to present yourself online as a professional business unless you have this system in place.
Because from then on, Google will be placing a "Not Secure" warning in the browser for all sites (and all pages on all sites) that are not encrypted. The official announcement from Google can be seen HERE!
There are many benefits of having HTTPS/SSL encryption in place:
1. A 2048 bit encrypted connection between the user and the site gives a higher level of security for data transmission.
2. An SSL certificate also provides authentication. This means that users can be sure that they are sending information to YOU, and not to a criminal’s server.
3. Protection from Phishing, where a criminal tries to impersonate you or your website.
4. You can use a Dedicated IP address that gives you protection from any IP blacklisting of your site and e-mail caused by other users on the shared server IP address.
5. Enhanced professionalism giving clients confidence in doing business with you.
6. Trust! Browsers give visual cues, such as the lock icon in the address bar, which tells visitors that their connection is secure.
7. SSL is a criteria for search engine ranking, so potentially higher placement in searches.
8. You'll get a "Secure" message displayed on your site rather than "Not Secure".
If that all sounds a bit technical.....then here's a short video that will explain it.
So if you haven't got SSL in place then now is the time to make a move before you end up losing business! Simply because the words "Not Secure" on every page of your site are not going to inspire or reassure any potential client!
It appears that 2018 has started with an avalanche of Spam e-mails from self professed SEO Experts, Marketing Consultants, Promotional Analysts.....and various other surreal titles that these people dream up. And the content of these mails all contain serious warnings.
The mails usually emanate from the Indian subcontinent, and for reasons best known to themselves these individuals will be doing business under some ludicrous pseudonym like Buck Rogers, Rhett Butler, or Troy Tempest.
Their modus operandi is basically to panic you by forecasting imminent doom for you and your business due to multitudes of technical problems with your site! And they'll know all this just by getting the e-mail address off it! Because that is all they've actually done!
This approach can be viewed as an unethical and misleading practice designed to take advantage of end users who don't understand the technical aspects. Or maybe they're just that inept that they believe it themselves. Either way, they want your money.....and they'll tell you anything to get it.
Their usual sales pitches, based on total fiction, go along these lines:
1. Your site can't be found on Google. Call me cynical, but I don't think they've thought this one out very well. Because if you can't be found on Google, how did they find you? Crystal Ball? Ouija Board? The Voices in their Head?
2. No metatags on the pages! These are the keywords that can be put in the header of each page.....visible to search engines only. Problem is they've actually been obsolete for over 10 years!
Just see what Google said back in 2009: Google does not use the keywords meta tag. So putting in metatags is irrelevant! Nobody can see them and search engines don't use them! But these "experts" are quite happy to charge you to put them in anyway.
3. Not enough Keywords! These are still relevant today but in a contextual and natural manner, and used in moderation. Don't look to jam them in wherever you can or you'll end up getting penalised for poor quality content.
Simple rule to follow: Deliver information on your site in a natural manner as if you were speaking to somebody face to face. As an example, if you are an estate agent in Spain would you actually stand in front of a prospecive client and say something like this? "Property for Sale Spain, Best Spanish Property, Spanish Property Costa del Sol etc etc". Of course you wouldn't.....so why do it on your website?
Google has analysed your site as a human would since 2015.....using it's Artificial Intelligence System RankBrain. So just write for humans because that's what Google wants. Jamming keywords will only diminish your credibility as far as Google is concerned.
4. A specific type of website application is better for SEO! Totally wrong! Google doesn't care whether you use Wordpress, Joomla, Drupal, or even basic HTML. They are only interested in the end result.....which is whether you have a quality site that delivers value to users. The actual software application that is powering it is irrelevant. So somebody using this pitch will be trying to get you to order a new website from them by dangling the carrot of SEO enhancement.
5. You don't have enough H1, H2, H3 tags on your site! While it is still good practice to use them if required, the practice of stuffing them everywhere has no bearing whatsoever. And may even be viewed as spammy in some cases.
Basically, it's the quality of the content covered by the tags that is evaluated.....not the tag itself. Start putting them everywhere with insufficient depth of content to warrant it sends a clear signal to Google. And not a positive one.
6. Social media likes and shares boost search engine rankings! The simple act of liking or sharing has no bearing on your site's search engine positioning at all. If it drives traffic to your site then that is a different matter and is viewed as a positive signal. Social media activity is highly recommended to get your business and brand directly in front of potential clients ......thereby eliminating them searching on Google where your rankings may not be so good. There's more ways than Google to generate business these days.
But selling you Social Media promotional services under the guise of it somehow enhancing your presence on Google is incorrect. You'll only enhance your presence on the Social Media channels....nowhere else.
So what is the Reality?
The reality is contained in Google's Search Quality Evaluator Guidelines. What they stipulate as essential requirements are Page Quality, Expertise, Authoritativeness, Trustworthiness, Supplementary Content, Quality User Experience, Functionality, Mobile optimisation, SSL Security, and Page Loading Speed. Remember that there's a wealth of articles on this site that cover these areas.....and all with links to Google for validation.
As I always say, we do not provide SEO services......we just build websites properly based on Google's guidelines! Nobody elses's!
We follow their directives and then implement those processes in the best way possible for your business.
So what Buck Rogers says, what a Kiddie Blogger says, what the man in the pub says, or what a friend of a friend who knows about this stuff says......they're not relevant to me! Don't let them be relevant to you either!