Displaying items by tag: web design spain
Google have now released a State of Website Security in 2016 review......based on it's statistics from last year. And it's an eye-opener! Because in 2016 the number of hacked sites has increased by 32% compared to 2015, and that percentage is likely to keep on rising!
61% of those hacked were not notified of it because they never registered their sites in Google Search Console. The only way they'd know is when their site was destroyed or defaced, or when their web host closes their account due to them sending out spam, or being used as a phishing site to perpetrate criminal activities.
Google have pinpointed the reasons that so many websites were hacked:
1. Outdated software and missing security updates!
Really, this one goes without saying! If you run software that is outdated then you're playing Russian Roulette......and one day you will get the loaded chamber. It's just a matter of time!
2. Compromised Passwords!
Use strong and difficult passwords......and change them often! And this applies to all online accounts that you have, including Social Media!
3. Phishing and Social Engineering!
Google have been emphasising for over 2 years that every site should be accessed by a secure connection using HTTPS/SSL encryption. And it's now reached the stage where they're putting warnings in browsers to all site visitors if this system is not in place.
So if your site gets hacked.....what can you expect? Well Google have listed the most widely used defacement processes so you know what's coming your way.
1. Gibberish Hack!
This will create pages of nonsense that will ultimately divert to a porn site! You'd better prepare your story for when users contact you demanding to know why you sent them to something like that....and infected their computer with a virus or trojan at the same time.
2.Japanese Keywords Hack!
Your site will get blitzed with Japanese words directing viewers to sites that are selling fake merchandise. If you ever wanted to feature in search engines for terms like "Rolex Watches" then this is your chance!
3. Cloaked Keywords Hack!
With this attack, hackers usually use cloaking techniques to hide the malicious content. They can make the injected page appear as if it's a part of the original site.....including a fake 404 error page. They'll then sell the links on your site to a third party who will use them for whatever purposes they want. But be aware that these purposes are not going to be legal or family friendly.
All this info comes directly from Google's analysis of internet activity in 2016. It's not speculation or assumption.....it's the facts!
So what action can you take to protect your website and your business?
Strong passwords, use current software both on the site and server (and keep updating it), only use professional web designers and web hosts, implement HTTPS/SSL encryption, and ensure that your site is protected by it's own firewall built into the application.
How many of those can you answer "Yes" to?
The way things are headed now, these are not options, they're essentials! If you're not prepared to ensure these are in place then you may as well shut your site down and just use a FaceBook business page. Because if you leave it too long, a third party with bad intentions is going to make that decision for you.
I'll leave you with this thought! Those of us of a certain age can remember hearing news reports of bank robberies, post office robberies.....and even mail train robberies. Ever wondered why it's gone pretty quiet on that front in recent years?
It's simply because the gelignite, firearms, masks, and getaway cars have now been replaced by computers!
Not convinced? Did you know that the UK Chancellor has announced a new five-year £1.9 billion scheme to counteract cyber-crime in the UK? Would he do that if there wasn't a serious problem that affects everybody?
The reality is that official government statistics have shown that there were 3.8 million instances of cyber-crime in the 12 months up to June 2016 in the UK alone! And it's rising!
Ignoring the recommendations above means you're actually contributing to the problem! And looking at it another way, it's the equivalent of hearing there's a spate of burglaries in your area and then leaving all your doors unlocked! Ask yourself.....would you really do that?
Google has now started sending out warnings to users that are running outdated and vulnerable software installations. Which is what we have been doing for years in order to ensure our clients are not at risk.
This action from them has probably been initiated due to the continual problems caused by webmasters who just don't take security seriously. There was recently a mass defacement involving hundreds of thousands of websites using the Wordpress content management system (which we don't use) called the REST API Vulnerability. And no doubt this has now driven Google to take this action.
The message users are receiving (depending on what software they're using) is this:
"Google has detected that your site is currently running Joomla 2.5, an older version of Joomla. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible".
So let's just recap on the warnings Google are now issuing:
1. Sites should be mobile compatible.
2. Sites should have HTTPS/SSL security.
3. Sites should be running up to date and secure software.
I'd also add that every site should have it's own security firewall installed......which could well be the next step Google will take.
Let me emphasise that Google are not saying that you have to have a site of the technical complexity of Kyero or eBay etc.....they're just making it clear that it should reach a basic level of professionalism and responsibility.
Saying that......I've actually had people who are knowingly in the position above actually ask me how they can improve their Google positioning. Just let that sink in! They fail all of the basic criteria that Google requires, they've received multiple warnings to that effect.....yet they want to be recommended by them.
Bottom line is if you can't demonstrate professionalism in your online presence then Google (and users) will just not take you seriously. Think of it this way: Most of you at one time or another will have experienced the damage caused by viruses, trojans, ransomware etc when your computer gets infected by malware. Where do they come from? From infected websites on the internet!
Google want to get this under control, and they will now penalise sites who refuse to accept their responsibilities regarding security. They're certainly not going to be recommending sites they class as dangerous to their users.
I'd go so far as to say that they will eventually take the view that if you're not part of the solution then you're part of the problem......and you'll end up becoming invisible. Others are following too.....because I've had warnings flash up from Facebook that I may be leaving there to visit a site that is classed as dangerous. So all the big players are getting behind these security initiatives.....it's not something you can ignore.
If you're a client, then we've already notified you of your status in each of the criteria. If you're not a client, then your current web developer should have kept you up to date on all these developments to ensure you were protected. If they haven't, then get in touch and we can run some checks for you.
Many site owners are going to be getting an e-mail warning from Google very soon! Simply because they have not put HTTPS/SSL security in place on their sites.
From this month on "Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields".
We've been advising our clients that this has been coming for some considerable time.....most recently two months ago in HTTPS Websites so many are now prepared. Are you?
The background to this is that we register every site that we build with Google in their Search Console. This tells them exactly where your site is located, and we also give them an XML sitemap along with multiple page URL's so they can index you more efficiently. So they know all about you!
This has benefits besides quicker indexing because it also flags up warnings if there are technical irregularities on the site. We then analyse these and rectify them immediately before it causes any issues. But with this situation regarding HTTPS they're taking it a stage further because they're sending me an e-mail to be passed on to the owner of the site.
The correspondence is quite clear....."The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as Not Secure".
If you look in the browser address bar of this site you'll see the green padlock and the word "Secure". If you don't have an SSL in place you'll bee seeing a warning icon with the words "Not Secure" which doesn't exactly inspire confidence in visitors. After all, if you had the choice of vising a Secure or Non-Secure site where would you go?
It's not clear yet whether these warnings will show up in the Google search listings.....but if they do then your traffic is likely to drop considerably. We already know that Google are prioritising Secure sites in the listings, now it's a question of if, or when, they plan to start dropping the Non-Secure sites. Whatever happens, it's not good news if you don't have SSL security in place.
I know that some of you won't like this latest update. But you have to understand that Google wants to make the web a safer place.....and directing users to sites where they could be put at risk of phishing or identity theft doesn't help their cause. And it certainly doesn't help the users much either.
If you have a website, think of it as a shop in real life. Then ask yourself whether you would want to enter any premises that had been deemed unfit or dangerous? We all have a collective responsibility here, so I would strongly suggest you get HTTPS/SSL encryption in place immediately. With Business comes Responsibility!
As I pointed out a few months ago in Is Your Business Worth a Coffee the cost is not going to break the bank! But running without it is guaranteed to have a detrimental effect on your bank balance through lost business.
2017 is approaching, so what does the future hold for your business online? Nobody can accurately predict everything, but a clear pattern is forming!
1. Mobile Websites: It's no secret that mobile computing has now taken over! If you haven't got a mobile compatible site by now you may as well pack up and go home. Simply because there's a world of business opportunities out there......and you won't be seeing any of it! You are outside looking in!
Walk down the street, go into any bar.....and what do you see? People on smartphones! And they won't be looking at sites that are not mobile compatible. In fact, they may not even be given a choice if they want to see a desktop based site, as Google will be basing rankings on the mobile version as per their recent Mobile First announcement. No mobile version? No ranking!
2. Desktop Websites: These will now have less importance, so do not design a site based purely on what you see on a traditional computer. In fact, some analysts are speculating that we could be entering an era where the clock is now ticking on this technology. Personally, I don't ever forsee a time where traditional sites will become redundant.....but there's no doubt that their importance and relevance are going to keep diminishing as each year passes.
3. Voice Search: Semantic search and user intent based on natural language patterns rather than basic keywords is going to become the norm. Voice-based queries are generally much longer, and phrased in a more natural way, so ensure that your site delivers information in a conversational (but professional) manner. Communicate by giving answers, not sales pitches!
4. Site Loading Times: As more and more usage switches to mobile, don't overload your pages with a large number of resource-heavy material like videos, high resolution images etc. Obviously don't dumb the pages down and make them appear bland to your users, but maintain a balance between form and function.
5. Fast delivery of relevant information: People want info.......and they want it immediately! So ensure that what people initially read on mobile is going to grab their attention. Don't waffle on about things that are irrelevant to their needs or interests.....just get the message across!
So that's the way things seem to be heading! Good practices like quality content, user experience, intuitive navigation, Social Media marketing, and SSL security are still the foundation on which your site is built. But Mobile Rules!
What do I think? Personally, I think the whole world has gone mad! We have now reached a scenario where the majority of people are living their lives vicariously through mobile phones!
I'll take real life any day! The storyline at my age may be a bit monotonous but the visual experiences more than make up for it!
See you in 2017!
Google have announced major changes to the way they index websites! It's now Mobile First!
What this means is that instead of Google using the content of the desktop version for evaluating a website, they will now be visiting the mobile site first. Effectively, the desktop version has been demoted.
We've been into the mobile era for some years now, and if you still don't have a mobile compatible site in place, then you've got a problem. Google have stated that they will still crawl the desktop version, but how high you're going to rank with just that one option remains to be seen.
If you've got a mobile compatible site then you're still not necessarily in the clear. Because if your mobile site was just a barebones "stripped down" version containing limited content.....then that's what will be evaluated and your rankings will drop accordingly. In fact, Google have even said to remove sites like this until they are on a par with the desktop version.
That's a worrying scenario for those people who've paid for a mobile site, because now they're going to find that what they've got is not what Google wants! They'll probably need a new mobile site, which may well entail having to replace the desktop version as well.
However, if you're a WebSpain client you'll know that there's never any need to worry! This will not affect you!
Simply because we've only ever built mobile sites that contain the full content of the desktop version. No difference whatsoever, and it's been that way since we started building mobile compatible sites four years ago. And unlike others, we never charged extra for mobile compatibility, they came that way as standard!
To summarise, businesses without mobile compatible sites have got a problem, and businesses with stripped-down mobile sites have got a problem!
WebSpain clients can just relax, you don't have a problem........because we were ahead of the curve on this years ago!
HTTPS/SSL security on websites is important! I've been saying it for some years, and recent statements from Google demonstrate that it's now becoming the minimum acceptable standard......"A web with HTTPS is not the distant future. It’s happening now, with secure browsing becoming standard!"
Let me clarify that! It's now no longer evaluated as an optional addon that gives additional benefits......it's now classed as a critical indicator of your professionalism. Google is not in the business of deliver poor or potentially unsafe search results to users, so it's looking for signs that demonstrate you are a serious business entity. Basically it needs to know that you are who you say you are, and that any site visitors are not at risk of identity theft, phishing etc.
This is part of a mission that Google have been on in recent years to make the web a safer place. And it's really picked up momentum now. Here's their latest Security Bulletin where they say "More than half of pages loaded and two-thirds of total time spent by Chrome desktop users occur via HTTPS, and we expect these metrics to continue their strong upward trajectory".
We're now heading towards two classes of web sites......the professional and secure ones with HTTPS, and the unprofessional and insecure ones who are trying to do everything on the cheap while taking no responsibility for their clients' personal security.
If you were Google, who would you recommend in search listings? If you're a site visitor, who would you trust to do business with?
As I've listed before, these are some of the benefits of having HTTPS/SSL data encryption in place:
1. 2048 bit encrypted connection between the user and the site giving a higher level of security for data transmission.
2. An SSL certificate also provides authentication. This means that users can be sure that they are sending information to YOU, and not to a criminal’s server.
3. Protection from Phishing, where a criminal tries to impersonate you or your website.
4. Dedicated IP address that gives you protection from any IP blacklisting of your site and e-mail caused by other users on the shared server IP address.
5. Enhanced professionalism giving clients confidence in doing business with you.
6. Trust! Browsers give visual cues, such as the lock icon in the address bar, which tells visitors that their connection is secure.
7. SSL is a criteria for search engine ranking, so potentially higher placement in searches.
None of the above is opinion! None of it is conjecture or hypothesis! It's the cold hard facts with verifiable links to substantiate them. Do YOU need it? Once again, I'm not going to give you an opinion!
I'll just let Google answer that one...."As the remainder of the web transitions to HTTPS, we’ll continue working to ensure that migrating to HTTPS is a no-brainer, providing business benefit beyond increased security. Don’t hesitate to start planning your HTTPS migration today!"
Worried about Dirty COW? You should be, because last week a serious vulnerability was discovered in the Linux kernel which runs the majority of the world's servers. It was so critical that it can lead to a privilege escalation, denial of service, or information leaks. And it's called Dirty COW! Why the name Dirty COW? It gets its name from the Linux sub-system, called Copy-On-Write or COW, in which it appears.
You may well have seen reports in national dailies about it, and now it's spread to Android Phones as well. Basically, if you've got a website then you are potentially at serious risk because it could take weeks before web hosts get round to patching the kernel on their servers. Then the server will need to be rebooted resulting in downtime.
Unless of course you're a WebSpain client! Because when we switched to Cloud Linux earlier this year we also purchased Kernel Care as part of the package. KernelCare keeps Linux servers secure with all the latest kernel patches available immediately, and they're automatically applied without needing to reboot the server. So no security issues and no downtime!
It keeps running permanently and checks for any kernel security updates every 4 hours. If there's an update available, it just applies it without any human intervention or downtime. Our kernel was patched on 21st October......literally as the news broke.
If you're not a WebSpain client then you just have to cross your fingers that somebody is going to take action at some point to protect your business interests. Timescale is impossible to estimate......but I can guarantee that the less you paid for your hosting then the longer it will take. If it's even patched at all! But that's what happens when your main priority is cheap!
It just demonstrates, once again, how proactive we've always been in this area, and how not all web hosting is created equal.
If you're serious about your business then you need a serious provider. If you're not serious about your business, or perhaps you just don't care......then there's plenty of providers out there that would be a perfect fit for you. But we're not one of them!
We've always attempted to keep our clients safe from the undesirable elements and the grief that go along with doing business on the Internet. In effect we keep you within a protective shield so you don't see these things. Therefore you don't get grief. It just works! You don't even need to think about it!
I'm sure you're all familiar with the phrase "you get what you pay for", and this has never been more true than in the case of internet services. Particularly web hosting! Over a year ago, we published an article "Not all web hosting is created equal" where we detailed exactly what we bring to the table in terms of web hosting services. But things have changed since then......we've advanced even further with the addition of Cloud Linux on the servers.
We believe that no other web designer providing hosting services offers the allround quality of service that we deliver.....day after day.
And this is not just at server level......it's also at site level, which no other web host will manage for you. With a normal web host, your site is your responsibility.....not theirs. But in our case, we handle it all to give you total peace of mind.
Obviously I would say that....wouldn't I? But what about the experience of a former client who went elsewhere, and actually discovered for herself what life is like on the Dark Side?
"The saying "You do not know what you have until it's gone" has never been so true for my husband and I.
Having been with WebSpain for around 9 years, WebSpain not only built our two business websites we were a hosting client too. During this whole time we had no issues whatsoever with our sites or hosting.
However as time went on our sites were considered "old " in the techno world and we didn't really have time to get round to upgrading them. This meant that as our sites were old, Webspain could not really support them any longer on their servers, as they are exceptionally up to the minute with hosting etc. Therefore we had to move. We changed to another hosting company and have had nothing but problems since. These varied from no e-mails, lost emails, and site down time, all of which is a nightmare when running a web based business. In the end we could not even get our e-mails.
So in desperation, we went to Pete for help and he ended up logging onto their server and rectifying the issue that the other hosting company were unable to do. The standard of service and professionalism of WebSpain can really not be compared to the many other companies out there. Believe me, we know and it has cost us dearly".
And that is the reality of the situation! I know the hosting company that she's with, and overall they have a good reputation. But we deliver a total allround package that far exceeds what any pure web host offers......and once you get accustomed to that as being the norm then anything else is going to fall short.
We haven't published this to blow our own trumpet, we've published this to make you aware of the reality here. And the reality is that you cannot compare the service that a basic web host provides against the totally rounded and all encompassing range of services that we deliver. They are totally different things.
In some cases you could save yourself a few Euros by switching to someone who just provides web hosting.....or you could even pay more. But in both cases you are still not going to get the allround level of service that we deliver.
All you will do is introduce a different element into the equation. And that element is grief! And going from my experience, the less you pay, the more the grief is going to increase! Just remember that not all web hosting is created equal, and Life on the Dark Side may not be what you expect.
Have you been Compromised? I would be pretty sure that you already have been.....but you don't know it!
Would you like to find out for sure? Then read on......because we have a simple online check for you.
You may not know, but over the last few years, millions of email addresses have been leaked, stolen and sold in hacking attacks on thousands of websites!
This is big business, because your information and data is worth money! The results of this test may well be a shock to those people who are concerned about the security of their personal information. For those who are not remotely concerned about security, and there are a percentage who fall into this category, it still won't register. Nothing ever does until they get totally blitzed.
So here is the test.....just enter any e-mail address that you use then see the results: https://haveibeenpwned.com/
If your data has been compromised (and my guess is it will have been), then the screen will turn red and you will be told where the data breach has happened.
Your next course of action is to visit the sites that are listed and change your passwords to something very secure. You should do this now......not later!
What can you do to protect yourself in the future?
1. Your website should be running on the latest software.....not on an application that has been outdated for years.
2. Your website should have SSL Security in place.
3. Your website should be protected by a security firewall.
4. Stop using high risk webmail accounts like Yahoo, Hotmail etc. GMail is by far the best option.
5. If you have accounts on other sites under your e-mail account, then keep changing the password regularly.
6. Any passwords you use should be complex using a combination of low and upper case letters, and symbols.
7. Use professional security programs on your computers such as Kaspersky or Eset.
8. Backup the data on your computer to an external drive on a weekly basis.
9. If you're not using your computer.....then turn it off! Don't leave it permanently connected to the internet.
That's my advice.....given in good faith, and in your best interests! I can't do anything about the points from number 4 onwards. Points 1 to 3 fall into our area, but unless you're prepared to take those points seriously we've very limited in what we can do to protect your interests.
Was I compromised? Yes.....on Linkedin and DropBox, but I dealt with those issues immediately, so the risk was eradicated. But I keep on top of security issues and take it very seriously.....do YOU?
Is your Business worth a cup of Coffee a week? Because it seems that many site owners out there don't seem to think so!
And unfortunately for those people, Google are now telling their site visitors exactly how much value they actually place on it.
I'm talking about SSL encryption! Because for the past few years Google has been telling people how important it is to have SSL security encryption on their websites. We first brought it to your attention over two years ago in SSL for SEO.
Since that time we've updated you on the increased importance that Google (and other search engines) have been applying to it. In fact Google has even gone as far as to confirm they are interpreting the presence of an SSL certificate as a criteria in search engine positioning.....as we announced back in July 2015 in GOOGLE AND SSL SECURITY.
Now things have moved on again! In the past Google were giving incentives for site owners to put this in place. Now they're potentially penalising insecure sites by warning users that it could be a risk to their personal security. Effectively they're saying "We've given you two years to put this in place.....you haven't bothered, so now you're going to be penalised".
They're doing this by showing a warning icon in the browser address bar if SSL security is not in place. Prior to this, it was just a fairly innocuous blank icon of a page.....but now it's a large "I" denoting important information. Here you can see the difference between safe and unsafe sites:
As you see, WebSpain is in green with the padlock displayed, while the insecure site has the "I" icon. And when the user clicks that icon they are told "This page is not secure".
We didn't even notice that this system had been put in place! It was only when a client contacted us about one of their customers being reluctant to fill in an online form due to the risk of data theft, that we became aware of it.
As we've covered before, SSL encryption protects you and your clients from the risk of data theft and phishing. It also gives you potentially improved search engine positioning, while enhancing professionalism and client confidence. Additionally, you are protected from anybody else on the server getting the shared IP address blacklisted.
Ultimately it's your choice on whether you choose to implement it......we are just making you aware of the direction that things are headed. Taking this further, if they decide to redirect straight to their full page insecure message then users will see this:
Personally, I wouldn't bet against them putting an "Unsafe Site" warning in the search listings as well. Be aware that this isn't going to go away! If anything, they'll up the ante even further! So I would suggest that you address this issue now.....before your business starts getting disrupted.
Look at the benefits of SSL encryption......and balance that against the cost! It isn't even 2 Euros a week, which basically equates to a cup of coffee! Our businesss is most definitely worth a cup of coffee a week......is yours?