Displaying items by tag: web design spain
None of our clients have ever received a message of this nature, and we aim to make sure it stays that way. We do that by ensuring that your sites, all addon components, and all server applications are up to date. Plus, the sites and the servers have additional commercial security applications in place as further lines of defence against unwanted visitors.
Just because no client of ours has ever experienced this scenario doesn't mean that it doesn't happen. It does......every day! If you look at the Sucuri Security Analysis you can see for yourself how many sites do get hacked......we're talking of thousands on a daily basis. The fact of the matter is that every 4 to 5 years, a site will reach the stage where it can't take any more security patches or run on later PHP versions. The reason for this is that the application is now totally out of date and contains multiple deprecated and end of life processes that need to be totally removed from the installation. That is the point where it needs to be replaced as you can't keep papering over the cracks.....you can only go so far. Though by that time it's going to look very visually dated to users anyway, which is not a good way to present yourself to potential clients. Dormant site equals dormant business in the view of end users.
At that stage we can no longer support sites of this nature as they represent a danger not just to themselves, but to every other client on the server. We won't take risks of this nature......the wellbeing of our clients' businesses is too important to us. Unfortunately, some clients refuse to accept our recommendations. Obviously they don't consider their site security to be of any relevance, so they find a web hosting provider who doesn't consider their server and client security to be of any relevance either. Now you have the perfect storm!
This is just playing Russian Roulette......and one day you will get the loaded barrel. It's just a matter of time. And that time arrived for one former client this week when he received this mail from his current provider.
We have found that your site is potentially compromised/hacked. Our scanning systems have provided the following information regarding the issue: Malware detected. Our Team cares greatly about your site's health and well being and we recommend one of the following options which we have documented in detail for your review: Have a developer clean the site or request a site sanitization from us ($90)
Due to the nature of the problem, we need an immediate response from you. Simply respond to this email letting us know what option you are choosing. If we do not hear back, the site will be isolated and blocked to protect your site data as well as the network.
His provider can clean up the malware for $90.......but that hasn't changed the status of his site one bit. All they will do is remove the malware - his site is still in the same outdated and vulnerable position it was before it got hacked. So within a week or so it'll get hacked again resulting in another $90 cleanup bill. And this will continue ad infinitum until he replaces the installation entirely.
Unfortunately, it's not just the cost of the cleanup processes! It's the lost business, the diminished client confidence, the disruption, and the resulting stress of a trainwreck like that. And just when you think it can't get any worse you find that Google has blacklisted your site because it's found the malware on there. Be aware that websites lose about 95% of their traffic when blacklisted by Google, and getting them to reassess your site status can take some time.
It's not the first time this has happened to an ex-client and it won't be the last. There is an easier way of course - just listen to the security advisories that we give on your site status. After all, if your mechanic tells you that your brakes are about to fail........do you then carry on driving regardless, thinking it won't happen to you?
Nothing is more important than security......and there can be no compromises in this area. Seriously......just don't risk it!
Are you using videos to promote your business? If not, you should be! Providing your specific industry easily lends itself to video marketing. By that, I mean Property Agents, Tourism, Automotive, Construction etc. In fact anything where you can incorporate visual elements to get user attention. If you're wondering why it's advantageous to do this, check out the recent statistics:
- 78% of people watch online videos at least once per week, and as many as 55% watch online videos every day.
- By 2022, video content will comprise more than 82% of all consumer internet traffic.
- 59% of modern executives report they would prefer to watch a video than read text-based content.
- Viewers can retain up to 95% of a message relayed through video content, compared to only about 10% through text-based content.
- 92% of people watching video content will share the content with others.
- 65% of people report that watching YouTube videos has helped them successfully solve a problem or complete a task.
- 62% of consumers report higher interest in products after seeing them in video-based promotion through Social Media.
YouTube is a key element here! Remember that this is part of Google's empire, so it carries a lot of authority. Haven't you noticed that when you search for something on Google that YouTube videos keep popping up as suggestions? That could be your business leapfrogging into a high position on the front page.
YouTube is literally a Content Marketing goldmine with billions of views every day, with viewers consuming roughly one billion hours of content on a daily basis. That's a huge outreach that you could tap into! Just embedding videos into your site that nobody will ever see is a waste of time.......let YouTube promote your business for you!
And it's so easy to do! Create a YouTube channel for your business via your Google account, record your content via your smartphone, and then upload to YouTube. Make sure you give a short description using your critical keywords and phrases, use YouTube's tagging feature for keywords......and then add a link to your site. It's absolutely critical that you add this link to drive traffic to your website - and increased organic traffic has the knock-on effect of potentially boosting your rankings.
Video is a critical marketing tool these days......and one that you should definitely consider to increase your outreach. It gives you the ability to share more information about your brand, your values, and your products and services with a wider audience simply by leveraging the power of video content.
I'll openly confess that I don't do it......simply because I have nothing of value to actually record on film. But if there's an opening for YOU to use it via a YouTube channel, then definitely consider it to promote your business and get yourself in front of potential clients!
It's no secret that Google are continually revising their core updates in order to improve search results to their users. Therefore your positioning in the results can change accordingly.
But you may wonder why would your position change? Google actually give a simple analogy for this situation: Imagine you made a list of the top 100 movies in 2015, then in 2019 you refresh the list. Obviously the results are going to change. New movies may have come out, or you might reassess ones you previously saw and think they deserve a higher or lower place.
So apply this thinking to your website and understand that If your site drops.......it doesn't mean there's something necessarily wrong with it. It's just that newer sites may have come along, or possibly existing sites have increased the quality of their content to rank higher than they previously were.
Which brings me to the crucial word: Content!
Google doesn't rank your site on how artistic and pretty it is.....it doesn't care. In fact it can't even see how attractive it is because the search engine spider doesn't actually have eyes......it's just a machine that's scraping data off the page. It wouldn't know whether an image showed a Spanish Beach or the Spanish Inquisition unless I put in an "alt tag" to tell it that information. The visuals are just window dressing for your users......nothing more.
Of course your site must look attractive and professional.........but it has no bearing on your search positioning.
On-site optimisations to present your content to users and search engines are important........but ultimately you will live or die according to what your content contains. There's no way round this fact, and as I always say......"There is no Magic Bullet".
Google have just released an updated directive confirming what it is they look for when assessing a website. Full information HERE!
There's nothing in it that they haven't stated before as per previous Google Search Quality Guidelines, but it's worth you just browsing through these to get a better overall perspective:
Content and quality questions
Does the content provide original information, reporting, research or analysis?
Does the content provide a substantial, complete or comprehensive description of the topic?
Does the content provide insightful analysis or interesting information that is beyond obvious?
If the content draws on other sources, does it avoid simply copying or rewriting those sources and instead provide substantial additional value and originality?
Does the headline and/or page title provide a descriptive, helpful summary of the content?
Does the headline and/or page title avoid being exaggerating or shocking in nature?
Is this the sort of page you’d want to bookmark, share with a friend, or recommend?
Would you expect to see this content in or referenced by a printed magazine, encyclopedia or book?
Does the content present information in a way that makes you want to trust it, such as clear sourcing, evidence of the expertise involved, background about the author or the site that publishes it, such as through links to an author page or a site’s About page?
If you researched the site producing the content, would you come away with an impression that it is well-trusted or widely-recognized as an authority on its topic?
Is this content written by an expert or enthusiast who demonstrably knows the topic well?
Is the content free from easily-verified factual errors?
Would you feel comfortable trusting this content for issues relating to your money or your life?
Presentation and production questions
Is the content free from spelling or stylistic issues?
Was the content produced well, or does it appear sloppy or hastily produced?
Is the content mass-produced by or outsourced to a large number of creators, or spread across a large network of sites, so that individual pages or sites don’t get as much attention or care?
Does the content have an excessive amount of ads that distract from or interfere with the main content?
Does content display well for mobile devices when viewed on them?
Does the content provide substantial value when compared to other pages in search results?
Does the content seem to be serving the genuine interests of visitors to the site or does it seem to exist solely by someone attempting to guess what might rank well in search engines?
So forget what the SEO mail spammers say, forget what the bloke in the pub says, forget what the internet blowhards who claim to be the world's foremost SEO expert say......that directive as above is straight from the horse's mouth.
We may not agree with it! From my point of view it could be argued that whoever's got the best wordsmith (not the best web developer) on their team has the upper hand in this. But the good news is that great wordsmiths are few and far between in this business - because they're all earning much better money as journalists.
So if you are able to come up with content that demonstrates your industry knowledge while giving users valuable information, it will stand you in good stead when Google does it's indexing. And it also gives you something to promote on Social Media to a much wider audience.
Are you absolutely sure that you're fully complying with GDPR regulations and directives? You need to be certain of this, because if you don't comply there could be some serious pitfalls ahead. We all have responsibilities, so it's essential that we know exactly what is required of us.
In my position, I have a duty of care to advise you on best practices, and to ensure that your websites continue functioning 24/7/365 without grief! I can only do that with your cooperation in the event that your applications are approaching end of life. And since the implementation of GDPR in May 2018 the stakes have got a lot higher. Now it's not just me telling you, the European Union are saying it as well - and they're enforcing it to the letter.
Outdated software is always going to mean a jackpot for hackers, but there are some website owners who are seemingly willing to roll that dice! Unfortunately there's now another implication, and this one can do you more damage than any hacker is capable of doing. And that is failing to conform to GDPR compliance!
GDPR is about risk assessment and mitigation. If businesses use software that is EOL (End of Life) they are knowingly, or unknowingly, increasing their levels of risk and in breach of GDPR. If you fall into this category then you are likely to face the heaviest penalties if personal data is compromised.
That applies to everybody, irrespective of whether you're in the EU or not. For example, if you're in the US, the HIPAA Security Rules state that entities must “implement security measures sufficient to reduce risks and vulnerabilities". And if you're using unsupported or EOL software then you are in breach of this regulation.
So how does all this affect you and us?
In your case if you use outdated software and there is a data breach you face huge fines. In the first 9 months, 206,326 cases were reported!
The biggest so far is Google who had a €50 million fine levied in France, then the levels vary according to the severity of the breach. A Healthcare organisation in Germany had an €80K fine for exposing sensitive personal data, and even a small social site there got hit for €20K for storing user passwords in plain text.
In our case, we cannot provide you with EOL and outdated software. If we do, then we are in breach of GDPR regulations for using insecure applications to handle clients' data.
My ignorance or your ignorance doesn't cut it! We are all accountable, so we need to be aware of the possible ramifications of breaching GDPR regulations. Let me be absolutely clear here......the financial penalties in the event of a data breach are potentially crippling as you can see HERE!
I also suggest you review a summary of the regulations HERE......in particular the directive "Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing".
What's caused this scenario?
It's down to the accumulation of data breaches over the last 25 years due to the casual attitudes of website owners, which also includes Government departments and large enterprises, who never took security seriously. Then throw in the massive corporations who've deliberately misappropriated users' personal data for both financial and political reasons.
This has now led to a situation where we're being monitored, and held to account, as if we're living in a world borrowed from the dystopian fiction novels of George Orwell!
To summarise.....I've always kept clients aware of the dangers of end of life software. However, I'll openly admit that in the past I have allowed a little bit of leeway for them to get their sites updated. Or if they choose to do so, move their accounts elsewhere and continue to take the risk. But I cannot do that any more......otherwise we'll all be breaching GDPR regulations. So if a client is approaching the point of EOL software on thir account, the situation needs to be addressed prior to expiry........not at some point after that date.
There may well be providers who will take this risk because they don't want to jeopardise their income stream. We won't do that.........the penalties for data breaches are too severe to leave anything to chance.
So we're all in the same boat here inasmuch as we have to ensure that we are in full compliance with GDPR regulations. Be aware that there's no "Get out of Jail" card on this one!
We covered the marketing tactic that is Unlimited Web Hosting many years ago when this particular "initiative" began to spread across the industry.
It has no effect on what we do because we're not web hosts in the strictest sense of the term. We're web developers that provide private dedicated hosting facilities to our web design clients as a component within our Managed Service Plans.
The reason we're covering this again is that we wanted clients who've come onboard with us more recently to be aware that sometimes not everything is what it seems to be in this industry. Because what companies claim, and how you interpret that claim, may be two different things. Basically, Web Hosting is a commodity - and like everything, it has it's limits. Many hosting companies offer "unlimited" plans, but be advised there are physical limitations to both disk space, bandwidth, and all other aspects of your hosting service. Before you buy an "unlimited" plan, you need to know what you're getting into.
Firstly, there is no such thing as an unlimited hard drive, everything is determined by the capacity of the drive itself. Furthermore, the network lines that carry data around the web (optic fiber, cable etc) have a finite capacity because there is a limit to the amount of data that can be transferred at any given point in time. So you will never have unlimited diskspace and bandwidth.....because it simply doesn't exist.
And unfortunately, there's a sting in the tail! Because hidden in the provider's terms of service will be very strict limits on CPU, RAM, MySQL, Number of Processes, Concurrent Connections, Disk IO, and Inodes.....and should you try to achieve this mythical "unlimited", you're going to hit those limits very quickly. Particularly if you have a site with a listing application for properties, vehicles etc that uses any type of XML feed import or export system.
In case there's any doubt on this, here's an extract from a major UK Unlimited Webhost's terms and conditions.......buried deep in their site. It's certainly nowhere near their sales pitch that's for sure!
"What is excluded from Unlimited:
In order to ensure that no one single website can adversely affect the other Registered Users, WebHost’s servers use systems to restrict the amount of CPU, Concurrent connections, IO, Number of processes, Memory, MySQL CPU & IO.
If a Registered User is identified as being close to these limits on a consistent basis, WebHost will advise alternative and more appropriate hosting services such as a Virtual Private Server (VPS) or a Dedicated Server.
In extreme instances WebHost reserves the right to suspend or cancel the service at their discretion".
The text above shows you what triggers the "upsell". Don't want to pay more? Then you'll be shown the door. They can get you on multiple elements of the service.........and the majority of users won't even understand what those items relate to.
Let me clarify that this is not illegal in any way. They claimed that you can use all the diskspace you want.......and presumably you can! Just as long as you don't trigger any of the other limits in the plan. Though they weren't very forthcoming with that info at point of sale were they? But those limitations were there in the Terms and Conditions when you initially ordered the Hosting account.......so if you didn't read the T&C's carefully then that's down to you.
If you check our Terms and Conditions you'll see they contain nothing like that whatsoever. We offer managed service plans which include hosting services, and they provide resources that actually exist. Of course there are limits applied to the resources a single individual client can use - as you can't have one user grabbing all server resources and disadvantaging others.
But I can guarantee (because I know the restrictions these unlimited guys apply) that our allocation of CPU, RAM, MySQL, Number of Processes, Concurrent Connections, Disk IO, and Inodes considerably exceed what they allow on their "unlimited" plans. In fact we have clients who would exceed the limits of an unlimited webhost due to Inode use with just one e-mail account.
Unlimited web hosting plans are simply a marketing ploy to get your business. And of course the providers don't support your website......only the server and network.
If your website gets hacked or just doesn't work, then you'll need to find somebody who can fix it. To ask for help with that would not be classed as a "Valid Enquiry" to your webhost. And that is also specified in their Terms and Conditions......which you probably never read. Site support is clearly specified in ours of course, as with us you have a Managed Service Plan, not a basic web hosting account.
We believe in ethical business practices, rather than deliberately misleading unknowing clients (who don't understand the technical aspects) just to get their money. Not all hosting providers are the same. Not all web designers are the same. There are levels!
And we are the very rare crossover between both those roles - what we do with both those aspects is always at the very highest level. And always 100% transparent!
Please note that our enterprise level hosting resources are only available for our web design clients as a component within our Managed Service Plans.
Over the years I've continually stressed the importance of web security to our clients. To the point that some of you think that I'm paranoid.
But in this instance it's a case where the perceived paranoia should be interpreted as actually being in possession of the full facts. And of course, I have the relevant data to support those facts.
Remember that you don't see what I see on a daily basis. You're disconnected from it because I handle the process completely - so you don't need to think about it. But just because none of our clients have ever been hacked doesn't mean people aren't trying. They are! And it's my job to stop them!
But what am I up against? This image below is a screenshot of the security firewall in one of our client's sites. Those statistics represent the hacking attempts made on that particular site within specific timeframes. And every one of those hacking attempts was blocked and the IP blacklisted.
So let's be absolutely clear that these threats are very real, and they need to be taken seriously. I take them very seriously indeed.........do you?
Because throughout recent years the security threats to web sites and personal information have increased in sophistication, magnitude, intensity, volume, and velocity. In fact, 87 percent of IT security specialists worldwide believe that we're now in the middle of a global Cyber War!
This elite level of expertise, which was previously directed mainly at governmental and international corporate entities, is now spreading across into the mainstream of security threats that we have to face every minute of every day. The script kiddies and amateur hackers of yesteryear have now been been usurped by a much more sophisticated and knowledgeable network of potential intruders. And they're packing a lot more firepower in their arsenal.
Faced with this additional level of threat we had two choices: Stick with the current system that has served us well for so many years and hope for the best. Or raise the bar to reflect the change in the status quo. As you would expect from us, we've raised the bar. A lot! So in addition to our normal (and very extensive) security processes, we've now deployed an industry-leading commercial security system.
Obviously I can't go into any detail on this openly, but it does introduce advanced intrusion prevention and Bruteforce protection to mitigate against the new threat levels that we face.
From now on, all the individual security elements which were previously working independently are contained within a controlled and integrated server security environment and the processes interact together should the threat change or evolve. Plus, it brings a lot of additional elements of protection to our servers, one of which is it has the ability to automatically send any infected files to a cloud based analysis engine. The file is then automatically cleaned and sent back down to the server when the threat has been removed.
Obviously we hope we never have to use this aspect as our mission is to stop any threats before they reach that point. But it's still good to have processes in reserve......just in case.
So we have now created an environment where detection, protection, and reporting of security threats happen simultaneously and collaboratively. The system protects your web applications and personal data effectively against malwares, botnets and hacker attacks at all times. And after speaking to the developers, it appears that we are the first provider in Spain to implement this system.
But we can only go so far, because you have a responsibility as well. Do not run outdated software and deprecated PHP versions on your accounts......you're just asking for trouble. And if you are running vulnerable software then all the security systems in the world are not going to help you because the application will just let the attacker in without triggering security. Essentially you've given them the key to the door.
We've always notified clients of this situation before their sites reach this stage. And if they choose not to update their software then that's their choice. However, we are then unable to provide hosting services for them any longer - as they're a risk to themselves and everybody else. We would of course find them an alternative host. Be assured that there's plenty of "Web Hosts" out there who don't care what their clients put on their web space......as long as the money comes in.
It comes down to this: Would you prefer your data to be within a secure gated compound......or a crack house? It's a no-brainer as far as I'm concerned!
We're pleased to announce a new addition to our hosting infrastructure to further enhance the quality package that we deliver to our clients. Most people don't think about this aspect very much......but it's absolutely critical. It's the foundation of our business, and also your business.
Simply because, if your web site isn't live, and your mail service isn't operating, then your business can grind to halt. So the challenge of delivering that level of efficiency on a 24/7/365 basis is a big one. It's certainly not something that's achievable on a shoestring budget or by cutting corners. And it's not a gig for part-timers that's for sure.
As a quick overview of what's involved, you need to be aware that Web Hosting is normally delivered using a LAMP Stack (Linux, Apache, MySQL, PHP). All of these are open source and provide what is necessary to deliver the content of your site when they are installed onto a web server that's connected to the major public networks worldwide.
However, there are alternative commercial applications that can replace those base elements listed above to provide better performance and security. And we have just replaced the open source Apache component with the commercial server application known as Litespeed Web Server.
The key benefit of LiteSpeed is it's ability to deal with heavier traffic, utilising less memory and CPU resources than Apache. It can also handle DDOS attacks with more efficiency, and has full mod_security compatibility. The LiteSpeed Web Server can serve thousands of clients concurrently, and it's highly optimised code serves static and dynamic content much faster than a standard Apache server.
If you've been a client for many years, you already know that we've constantly invested in our hosting infrastructure. As far as we're concerned, this is a critical core element of our business. So let's recap on our progression over the years!
2003: Web Hosting Reseller Account.
2008: Our first Virtual Private Server (VPS) in London.
2010: Our second Virtual Private Server (VPS) in Michigan.
2012: Our first Dedicated Server in London.
2014: Our second Dedicated Server in Michigan.
2016: Conversion of servers to run on Cloud Linux operating system in order to deliver greater security, efficiency, and stability.
2017: London Dedicated Server replaced with a new, more powerful server containing 32GB RAM, 32 CPU's, 6 x 480GB SSD Drives RAID 6.
2019: Conversion of Servers to use Litespeed technology to further enhance our level of service.
So as we keep moving forward......so do you! All clients using currently supported PHP versions are now running on Litespeed. Unfortunately we are unable to provide this facility for those running on deprecated and withdrawn PHP versions. However, once old sites are replaced and are using current PHP versions they will be upgraded to Litespeed.
Now here's an interesting point that I'd like you to consider:
Back in 2003, for a cost of €150 a year you would receive 150MB diskspace and 5GB bandwidth.
Fast forward to 2019 and for €150 a year you receive 10,000MB diskspace and 150GB bandwidth.
That equates to €1 a megabyte in 2003, compared with €0.015 a megabyte in 2019. That's 65x the diskspace and 30x the bandwidth of 2003 while paying the same price.
Can you think of anybody else that you do business with who can say the same thing?
Of course, it's a fact that the mass purchase of diskspace and bandwidth have got cheaper for us to buy over the years. But throughout those years we've passed those savings back to our clients........while still continuing to invest in improving and enhancing our hosting infrastructure. This is absolutely necessary, because in IT, if you're not moving forwards.....then you're going backwards! Failure to do so is occupational suicide - just ask MySpace, Altavista, Lycos and all the other failed business models from the dotcom boom of 20 years ago.
We already have another initiative planned within the next year.......and if you're a WebSpain client then you can be sure that you'll be a part of it!
Please note that our hosting infrastructure is only available to our current web design clients using sites that we have built.
Every new client that comes onboard with WebSpain gets their first year of fully managed web services free of charge. They are then able to evaluate whether they want to stay as a longterm client, or perhaps take their site elsewhere.
But besides the allocation of server resources that you receive, there's the permanent ongoing attention that comes with it!
What we provide with our Managed Services Plans:
Site security updates applied on day of release.
Site errors rectified subject to site software being current.
Enterprise strength site security firewall.
Malware removal on sites using Cloud based Auto Clean for infected files.
Uptime monitor checking connectivity to your site every 5 minutes 24/7/365.
Proactive monitoring of site and server security notifications related to your account.
E-Mail delivery monitoring.
Ongoing DNSBL IP Reputation Checks.
Ongoing Domain Reputation checks powered by Google Safebrowsing.
Daily account backups to a remote server on the network using R1 Soft technology.
Twice a day database backups.
PHP version upgrades subject to site software being current.
Immediate site and mailbox restoration.
GDPR compliancy implementation.
SSL / Dedicated IP address implementation.
Cloud Linux optimised servers.
Industry-leading commercial server security system.
Sites protected within CageFS individual containers.
KernelCare seamless operating system security updates with no server reboot required.
cPHulk Brute Force Detection.
Shell Fork Bomb Protection.
Optimised ModSecurity rules.
High CPU, RAM, and disk inode allocations to each site.
SSD Hard Disks.
Rapid response to clients with personal support 365 days a year.
Please do not confuse our services as listed above with basic web hosting accounts that are sold by web hosting providers.
We do not sell basic web hosting services, we deliver Fully Managed Service Plans for our web design clients. No web host will manage, update, and rectify faults on your website, all they support is the server and the network.
What we don't provide with our Managed Services Plans:
Web Design services using any application other than the Joomla content management system.
Web Design services on any third party server.
Website or Hosting Support of any site that is located on a third party server.
Website or Hosting Support to anybody who is not a current client of WebSpain.
Website or Hosting Support for websites using end of line software and/or running on withdrawn PHP versions.
Website or Hosting Support for a client's additional services that have been contracted tthrough a third party provider.
Bulk E-Mail sending facilities.
Promotional and Marketing Services.
E-Mail Marketing Campaigns.
Bulk data input services.
Social Media Promotions.
PPC (Pay per Click).
Bespoke Programming and Coding.
As an example, the managed package detailed above for a client using 20GB diskspace in a UK datacenter would be approximately €395 a year. But of course there are alternatives to our services! Who knows......the grass may be greener elsewhere? So I've listed a few options, all of whom deliver professional services that I anticipate would be on a par with ours.
Web Hosting €280 a year (Clook) plus a Site Firewall €175 (Sucuri). Total €455.....but this does not contain site management, only hosting and security facilities.
Site Management €850 a year (Joomlashack). This contains site management, but no hosting facilities. So add the two options together to match the full WebSpain package and it would cost you €1305 a year.
Site Management and Hosting combined from €1050 up to €3200 a year (JoomDev). This is the closest match to what we provide, but there is no indication on their site of diskspace allocation or the number of sites covered. And there are limitations in the number of support tickets that you can submit per month..
So if you're comparing like for like that's how the figures stack up. Of course, if you don't want support or security of any kind for your site, and your only requirement is cheap hosting......then you're spoilt for choice. There's virtually no end to the numbers of "providers" who can supply you with diskspace on oversold servers and you can just wing it from thereon. It's what I call the "Occupational Suicide" option.
It's not a course of action that I would recommend if you have a viable business. But if your website isn't important to you, or you don't care about running obsolete software and having dubious neighbours with adult sites etc in close proximity to you.....then it's certainly worth considering. You may well be able to find somebody for less than €50 a year......but the amount you pay will have a direct bearing on the level of service you receive. Because at those unsustainable levels of pricing there is no margin for the provision of professional support personnel. Just bear in mind in that scenario you're on your own as regards your site, and depending where you go, you may well be on your own in the matter of having a reliable hosting service and e-mail facility as well.
One point I do want to emphasise is that if you do not have a current WebSpain account, you are not a WebSpain client. Therefore we will be unable to assist you with any problems that you may encounter. Our service is only for current WebSpain clients, as they are our sole focus of attention.
If you want to maintain similar levels of service then you're looking at over €1000 a year minimum......compared to our example price point of €395. Of course you can get cheaper if you're willing to lower your expectations. But when you go to the very bottom of the barrel then it's not how much money you can save, it's how much grief you can withstand!
Time doesn't bypass anything, or anybody! That includes our computers, our mobile phones, our TV's, our cars......even us! So why would websites be any different?
Yet it's been my experience in the past that when I notify some clients that their sites have become outdated and no longer have security support they seem surprised. It's as if they weren't aware that websites, like everything in life, are affected by the passage of time.
So how does a website age? Visually you can always tell an old website because of the way it looks, as it will appear somewhat dated compared to modern ones. But it's not the visual element that's the problem.....it's the code that's been used within it where the problem lies. Because as time goes on, security holes appear. And if they're not patched and updated then there are going to be security breaches!
Another critical element in the "safe" life expectation of a site is PHP. PHP is the scripting language on the server that runs all our clients' websites......in fact around 83% of the sites on the Web are powered by PHP.
Over the years, as with all technology, PHP has advanced considerably. It's much more secure, and now considerably faster in the time it takes to render web pages. This gives you peace of mind re security, and a much better experience to your users. But as it advances through the versions it becomes necessary to remove certain coding elements that older sites used. This is to ensure that any unsafe elements are no longer included, and to continue to advance the application in terms of performance and security.
Unlike some years ago, we now have the option to run multiple PHP versions on a server at the same time......so most web hosts are able to accommodate the needs of all users at any given time. At present we have PHP 5.6, 7.0, 7.1, and 7.2 available which can be assigned on a per site basis. And 7.3 is due to launch next month so that will be added as well.
But a big change also happens next month which will affect clients on older sites: PHP 5.6 and 7.0 will become unsupported and end of line! Here's the PHP version calendar:
After those two highlighted dates, any users on PHP 5.6 and 7.0 will no longer have security support and are potentially exposed to unpatched security vulnerabilities.
The key point you have to be aware of here is that if you still need to run on those old PHP versions, then there's elements within your site that are out of date as well. So there's two risks facing you: outdated site software and outdated server software.
In terms of our clients, we will continue to provide PHP 5.6 and 7.0 for them until the expiry of their current hosting period. At that point, if they don't intend to upgrade their sites, we will find an alternative Web Host for them who can still offer these outdated versions. But be aware, those Hosts won't be able to offer that facility indefinitely......there will come a point in time when they'll withdraw them too.
As always, my advice is this: Only use currently supported versions of site software and server software. If you don't, then you're putting yourself, and others on the server, at risk of potential security breaches.
As I mentioned earlier, some clients don't like to hear that they are potentially at risk. But we have a responsibility to keep clients informed, in the same way your mechanic would give you a safety advisory related to your car. I doubt that anybody wants to get a report saying their brakes are failing........but it's most definitely something they need to be told!
Another reaction I get is when clients say "Why would anybody want to hack my site? It doesn't get a lot of visitors so I'll just leave the site as it is".
Now just change that thought process to "Why would anybody want to burgle my house or steal my car? I'll just carry on leaving the doors unlocked".
Make no mistake, Point 1 and Point 2 express exactly the same point of view.....that somehow it won't happen to me. However, statistics suggest that it will happen to you if you don't take security seriously. There are more than 1.86 billion websites on the internet. Around 1% of these, something like 18,500,000, are infected with malware at a given time each week; while the average website is attacked 44 times every day. Official Industry Source HERE!
Just because you're not aware of this situation doesn't mean it's not happening. It just means it's not happening to you because of the proactive steps we have taken on an ongoing basis over many years.
If we are no longer able to take those measures because of the circumstances I've detailed in this article then we have a responsibility to our clients to make them aware of it. Of course, what they decide to do at that point is their decision......but nobody who's a client of ours can ever say "I didn't know".
Now here's 3 questions:
1. Did your web developer personally contact you prior to the day and explain these principles?
2. Did your web developer implement these changes prior to 25th May?
3. Did your web developer make all the necessary changes to your site to ensure you were compliant without billing you for their services?
If you answered "Yes" to all three then you're obviously a WebSpain client. As I've said in the past, not all web designers are created equal. This is just another example of how we always go further in the area of client support.
As far as GDPR will develop in the future, there are no guarantees that the stipulations, or even the interpretations, won't actually change. And at this point it remains to be seen how closely the regulations are actually going to be enforced.
No doubt there are millions of website owners out there that haven't got a clue about all this.......because their web developer never bothered to bring them up to speed about their responsibilities. You'll be able to spot them quite easily if they don't have a "specific consent" option in their forms. Potentially, organizations not in compliance could face hefty penalties of up to 20 million euros, or 4 percent of their worldwide annual turnover, whichever is higher - so this isn't something that you can leave to chance.
But there's one area where the GDPR isn't clear at the moment.....and that's HTTPS/SSL encryption on websites. The GDPR regulations specifically state that all user information received must be stored securely, and all reasonable precautions must be taken in terms of it's security at point of contact and thereafter.
To me, that would infer it's necessary to have all connections encrypted rather than unsecured......despite the fact SSL Security isn't directly referenced. So my personal recommendation (as I've been saying for 3 years) is to ensure that you have an encrypted connection to your site.
Google has been saying this throughout this period, and now with the introduction of GDPR the onus is on you personally to ensure that you are seen to be complying with the legal responsibilities that you now have. Also, from July onwards, Google Chrome browsers will begin to flag every website that does not use HTTPS encryption with the warnings 'Not secure' prominently highlighted in the address bar. That's a business-killer if ever there was one.
Failure to secure peoples' data in the past was just seen to be unprofessional......now it breaks European law. There's a big difference. Seriously.......just don't take any chances on this because the stakes just got a lot higher.