Reviews
Thursday, 01 November 2018 12:38

Turning Back Time

Current PHP Versions

Time doesn't bypass anything, or anybody! That includes our computers, our mobile phones, our TV's, our cars......even us! So why would websites be any different?
Yet it's been my experience in the past that when I notify some clients that their sites have become outdated and no longer have security support they seem surprised. It's as if they weren't aware that websites, like everything in life, are affected by the passage of time. 

So how does a website age? Visually you can always tell an old website because of the way it looks, as it will appear somewhat dated compared to modern ones. But it's not the visual element that's the problem.....it's the code that's been used within it where the problem lies. Because as time goes on, security holes appear. And if they're not patched and updated then there are going to be security breaches!

Another critical element in the "safe" life expectation of a site is PHP. PHP is the scripting language on the server that runs all our clients' websites......in fact around 83% of the sites on the Web are powered by PHP. 
Over the years, as with all technology, PHP has advanced considerably. It's much more secure, and now considerably faster in the time it takes to render web pages. This gives you peace of mind re security, and a much better experience to your users. But as it advances through the versions it becomes necessary to remove certain coding elements that older sites used. This is to ensure that any unsafe elements are no longer included, and to continue to advance the application in terms of performance and security.

Unlike some years ago, we now have the option to run multiple PHP versions on a server at the same time......so most web hosts are able to accommodate the needs of all users at any given time. At present we have PHP 5.6, 7.0, 7.1, and 7.2 available which can be assigned on a per site basis. And 7.3 is due to launch next month so that will be added as well.
But a big change also happens next month which will affect clients on older sites: PHP 5.6 and 7.0 will become unsupported and end of line! Here's the PHP version calendar:

PHP Versions 

After those two highlighted dates, any users on PHP 5.6 and 7.0 will no longer have security support and are potentially exposed to unpatched security vulnerabilities.
The key point you have to be aware of here is that if you still need to run on those old PHP versions, then there's elements within your site that are out of date as well. So there's two risks facing you: outdated site software and outdated server software.

In terms of our clients, we will continue to provide PHP 5.6 and 7.0 for them until the expiry of their current hosting period. At that point, if they don't intend to upgrade their sites, we will find an alternative Web Host for them who can still offer these outdated versions. But be aware, those Hosts won't be able to offer that facility indefinitely......there will come a point in time when they'll withdraw them too.
As always, my advice is this: Only use currently supported versions of site software and server software. If you don't, then you're putting yourself, and others on the server, at risk of potential security breaches.

As I mentioned earlier, some clients don't like to hear that they are potentially at risk. But we have a responsibility to keep clients informed, in the same way your mechanic would give you a safety advisory related to your car. I doubt that anybody wants to get a report saying their brakes are failing........but it's most definitely something they need to be told! 
Another reaction I get is when clients say "Why would anybody want to hack my site? It doesn't get a lot of visitors so I'll just leave the site as it is".
Now just change that thought process to "Why would anybody want to burgle my house or steal my car? I'll just carry on leaving the doors unlocked".

Make no mistake, Point 1 and Point 2 express exactly the same point of view.....that somehow it won't happen to me. However, statistics suggest that it will happen to you if you don't take security seriously. There are more than 1.86 billion websites on the internet. Around 1% of these, something like 18,500,000, are infected with malware at a given time each week; while the average website is attacked 44 times every day. Official Industry Source HERE!

Just because you're not aware of this situation doesn't mean it's not happening. It just means it's not happening to you because of the proactive steps we have taken on an ongoing basis over many years.
If we are no longer able to take those measures because of the circumstances I've detailed in this article then we have a responsibility to our clients to make them aware of it. Of course, what they decide to do at that point is their decision......but nobody who's a client of ours can ever say "I didn't know".

If you have any queries just contact us on

Published in WebSpain
Thursday, 23 March 2017 10:01

Google's NoHacked campaign!

NoHacked-campaign

Google have now released a State of Website Security in 2016 review......based on it's statistics from last year. And it's an eye-opener! Because in 2016 the number of hacked sites has increased by 32% compared to 2015, and that percentage is likely to keep on rising!
61% of those hacked were not notified of it because they never registered their sites in Google Search Console. The only way they'd know is when their site was destroyed or defaced, or when their web host closes their account due to them sending out spam, or being used as a phishing site to perpetrate criminal activities.

Google have pinpointed the reasons that so many websites were hacked:

1. Outdated software and missing security updates!
Really, this one goes without saying! If you run software that is outdated then you're playing Russian Roulette......and one day you will get the loaded chamber. It's just a matter of time!
2. Compromised Passwords!
Use strong and difficult passwords......and change them often! And this applies to all online accounts that you have, including Social Media!
3. Phishing and Social Engineering!
Google have been emphasising for over 2 years that every site should be accessed by a secure connection using HTTPS/SSL encryption. And it's now reached the stage where they're putting warnings in browsers to all site visitors if this system is not in place.

So if your site gets hacked.....what can you expect? Well Google have listed the most widely used defacement processes so you know what's coming your way.

1. Gibberish Hack!
This will create pages of nonsense that will ultimately divert to a porn site! You'd better prepare your story for when users contact you demanding to know why you sent them to something like that....and infected their computer with a virus or trojan at the same time.
2.Japanese Keywords Hack!
Your site will get blitzed with Japanese words directing viewers to sites that are selling fake merchandise. If you ever wanted to feature in search engines for terms like "Rolex Watches" then this is your chance!
3. Cloaked Keywords Hack!
With this attack, hackers usually use cloaking techniques to hide the malicious content. They can make the injected page appear as if it's a part of the original site.....including a fake 404 error page. They'll then sell the links on your site to a third party who will use them for whatever purposes they want. But be aware that these purposes are not going to be legal or family friendly.

All this info comes directly from Google's analysis of internet activity in 2016. It's not speculation or assumption.....it's the facts!

So what action can you take to protect your website and your business?
Strong passwords, use current software both on the site and server (and keep updating it), only use professional web designers and web hosts, implement HTTPS/SSL encryption, and ensure that your site is protected by it's own firewall built into the application.
How many of those can you answer "Yes" to?

The way things are headed now, these are not options, they're essentials! If you're not prepared to ensure these are in place then you may as well shut your site down and just use a FaceBook business page. Because if you leave it too long, a third party with bad intentions is going to make that decision for you.

I'll leave you with this thought! Those of us of a certain age can remember hearing news reports of bank robberies, post office robberies.....and even mail train robberies. Ever wondered why it's gone pretty quiet on that front in recent years?
It's simply because the gelignite, firearms, masks, and getaway cars have now been replaced by computers! 

Not convinced? Did you know that the UK Chancellor has announced a new five-year £1.9 billion scheme to counteract cyber-crime in the UK? Would he do that if there wasn't a serious problem that affects everybody?
The reality is that official government statistics have shown that there were 3.8 million instances of cyber-crime in the 12 months up to June 2016 in the UK alone! And it's rising!

Ignoring the recommendations above means you're actually contributing to the problem! And looking at it another way, it's the equivalent of hearing there's a spate of burglaries in your area and then leaving all your doors unlocked! Ask yourself.....would you really do that?

If you need advice just contact us at

Published in WebSpain
Saturday, 05 November 2016 09:24

HTTPS/SSL Security is Taking Over!

HTTPS Websites

HTTPS/SSL security on websites is important! I've been saying it for some years, and recent statements from Google demonstrate that it's now becoming the minimum acceptable standard......"A web with HTTPS is not the distant future. It’s happening now, with secure browsing becoming standard!"

Let me clarify that! It's now no longer evaluated as an optional addon that gives additional benefits......it's now classed as a critical indicator of your professionalism. Google is not in the business of deliver poor or potentially unsafe search results to users, so it's looking for signs that demonstrate you are a serious business entity. Basically it needs to know that you are who you say you are, and that any site visitors are not at risk of identity theft, phishing etc.

This is part of a mission that Google have been on in recent years to make the web a safer place. And it's really picked up momentum now. Here's their latest Security Bulletin where they say "More than half of pages loaded and two-thirds of total time spent by Chrome desktop users occur via HTTPS, and we expect these metrics to continue their strong upward trajectory".

Google Blog

We're now heading towards two classes of web sites......the professional and secure ones with HTTPS, and the unprofessional and insecure ones who are trying to do everything on the cheap while taking no responsibility for their clients' personal security. 
If you were Google, who would you recommend in search listings? If you're a site visitor, who would you trust to do business with?

As I've listed before, these are some of the benefits of having HTTPS/SSL data encryption in place:
1. 2048 bit encrypted connection between the user and the site giving a higher level of security for data transmission.
2. An SSL certificate also provides authentication. This means that users can be sure that they are sending information to YOU, and not to a criminal’s server.
3. Protection from Phishing, where a criminal tries to impersonate you or your website.
4. Dedicated IP address that gives you protection from any IP blacklisting of your site and e-mail caused by other users on the shared server IP address.
5. Enhanced professionalism giving clients confidence in doing business with you.
6. Trust! Browsers give visual cues, such as the lock icon in the address bar, which tells visitors that their connection is secure.
7. SSL is a criteria for search engine ranking, so potentially higher placement in searches.

None of the above is opinion! None of it is conjecture or hypothesis! It's the cold hard facts with verifiable links to substantiate them. Do YOU need it? Once again, I'm not going to give you an opinion!
I'll just let Google answer that one...."As the remainder of the web transitions to HTTPS, we’ll continue working to ensure that migrating to HTTPS is a no-brainer, providing business benefit beyond increased security. Don’t hesitate to start planning your HTTPS migration today!"

If you require any more info just contact us at

Published in WebSpain
Tuesday, 27 September 2016 10:18

Have you been Compromised?

Internet Security

Have you been Compromised? I would be pretty sure that you already have been.....but you don't know it!
Would you like to find out for sure? Then read on......because we have a simple online check for you.

You may not know, but over the last few years, millions of email addresses have been leaked, stolen and sold in hacking attacks on thousands of websites!
This is big business, because your information and data is worth money! The results of this test may well be a shock to those people who are concerned about the security of their personal information. For those who are not remotely concerned about security, and there are a percentage who fall into this category, it still won't register. Nothing ever does until they get totally blitzed.

So here is the test.....just enter any e-mail address that you use then see the results: https://haveibeenpwned.com/
If your data has been compromised (and my guess is it will have been), then the screen will turn red and you will be told where the data breach has happened. 

Your next course of action is to visit the sites that are listed and change your passwords to something very secure. You should do this now......not later!

What can you do to protect yourself in the future?
1. Your website should be running on the latest software.....not on an application that has been outdated for years.
2. Your website should have SSL Security in place.
3. Your website should be protected by a security firewall.
4. Stop using high risk webmail accounts like Yahoo, Hotmail etc. GMail is by far the best option.
5. If you have accounts on other sites under your e-mail account, then keep changing the password regularly.
6. Any passwords you use should be complex using a combination of low and upper case letters, and symbols.
7. Use professional security programs on your computers such as Kaspersky or Eset.
8. Backup the data on your computer to an external drive on a weekly basis.
9. If you're not using your computer.....then turn it off! Don't leave it permanently connected to the internet.

That's my advice.....given in good faith, and in your best interests! I can't do anything about the points from number 4 onwards. Points 1 to 3 fall into our area, but unless you're prepared to take those points seriously we've very limited in what we can do to protect your interests.

Was I compromised? Yes.....on Linkedin and DropBox, but I dealt with those issues immediately, so the risk was eradicated. But I keep on top of security issues and take it very seriously.....do YOU?

If you need any advice just contact us on

Published in WebSpain
Friday, 02 September 2016 12:25

Is your Business worth a Coffee?

SSL Site Security

Is your Business worth a cup of Coffee a week? Because it seems that many site owners out there don't seem to think so!
And unfortunately for those people, Google are now telling their site visitors exactly how much value they actually place on it.

I'm talking about SSL encryption! Because for the past few years Google has been telling people how important it is to have SSL security encryption on their websites. We first brought it to your attention over two years ago in SSL for SEO

Since that time we've updated you on the increased importance that Google (and other search engines) have been applying to it. In fact Google has even gone as far as to confirm they are interpreting the presence of an SSL certificate as a criteria in search engine positioning.....as we announced back in July 2015 in GOOGLE AND SSL SECURITY.

Now things have moved on again! In the past Google were giving incentives for site owners to put this in place. Now they're potentially penalising insecure sites by warning users that it could be a risk to their personal security. Effectively they're saying "We've given you two years to put this in place.....you haven't bothered, so now you're going to be penalised".

They're doing this by showing a warning icon in the browser address bar if SSL security is not in place. Prior to this, it was just a fairly innocuous blank icon of a page.....but now it's a large "I" denoting important information. Here you can see the difference between safe and unsafe sites:

 SSL Warning

As you see, WebSpain is in green with the padlock displayed, while the insecure site has the "I" icon. And when the user clicks that icon they are told "This page is not secure".

We didn't even notice that this system had been put in place! It was only when a client contacted us about one of their customers being reluctant to fill in an online form due to the risk of data theft, that we became aware of it.

As we've covered before, SSL encryption protects you and your clients from the risk of data theft and phishing. It also gives you potentially improved search engine positioning, while enhancing professionalism and client confidence. Additionally, you are protected from anybody else on the server getting the shared IP address blacklisted.

Ultimately it's your choice on whether you choose to implement it......we are just making you aware of the direction that things are headed. Taking this further, if they decide to redirect straight to their full page insecure message then users will see this:

Site Warning

Personally, I wouldn't bet against them putting an "Unsafe Site" warning in the search listings as well. Be aware that this isn't going to go away! If anything, they'll up the ante even further! So I would suggest that you address this issue now.....before your business starts getting disrupted.

Look at the benefits of SSL encryption......and balance that against the cost! It isn't even 2 Euros a week, which basically equates to a cup of coffee! Our businesss is most definitely worth a cup of coffee a week......is yours?

For more information contact us at

Published in WebSpain
Wednesday, 06 July 2016 17:47

Do you need HTTPS/SSL?

SSL Certificates

If you think you don't need HTTPS/SSL security on your site, then you may need to re-evaluate this opinion as things are changing.

Back in August 2014 we published an article called SSL for SEO. This related to the announcement that Google had made at the time informing webmasters that HTTPS/SSL security was now a ranking factor in search engine positioning. So what's changed since then? At first not much......but stats now demonstrate that having SSL security in place is getting very important.

Let's first look back to July 2014 prior to Google's announcement! This chart shows that only 7% of the results delivered on the first page of Google were sites with SSL encryption.

Importance of SSL

Fast forward two years.....and now the chart shows that the percentage of sites with SSL on the first page of Google is 35%.

Benefits of SSL

At the current rate of increase we're going to hit 50% earlier next year. And industry analysts consider that 50% could well be the balance point where Google really turn up the algorithmic volume on SSL. In the initial stages they couldn't downgrade sites for not having SSL because it would diminish the quality of their search results. But now the bigger players like Wikipedia, Amazon, Facebook, YouTube, eBay, Twitter etc are all on board with SSL.....things are likely to change.

So what is SSL? Basically it's a a 2048bit data encryption method, and these days it comes with multiple benefits:

1. 2048 bit encrypted connection between the user and the site giving a higher level of security for data transmission.
2. An SSL certificate also provides authentication. This means that users can be sure that they are sending information to YOU, and not to a criminal’s server.
3. Protection from Phishing, where a criminal tries to impersonate you or your website.
4. Dedicated IP address that gives you protection from any IP blacklisting of your site and e-mail caused by other users on the shared server IP address.
5. Enhanced professionalism giving clients confidence in doing business with you.
6. Trust! Browsers give visual cues, such as the lock icon in the address bar, which tells visitors that their connection is secure.
7. SSL is a criteria for search engine ranking, so potentially higher placement in searches.

If those benefits are not important to you, then there is no need for you to consider SSL. However, if that's the case, I would advise you not to make statements in your terms and conditions like "We take your security and data protection seriously".....because in reality you don't. So probably best if you omit that part because you're leaving yourself wide open.

To summarise, HTTPS/SSL encryption delivers numerous benefits to both site users and site owners alike, and it's importance is going to continue to rise.
At some point it may well be that those websites without HTTPS/SSL will be viewed as inactive or dormant businesses. Or even worse, as some analysts have suggested, Google may show a message to users warning them that it's an insecure site, or actually force HTTPS through the browser. If that happens, it could have catastrophic effects on businesses without SSL security.

We've used HTTPS/SSL on our site for almost 10 years now.....simply because it was the professional way to do things. For those of you considering making the switch now, there's many more incentives to do so as I've indicated above. Because you never know, in the future it could come down to Google viewing unsecured sites as.....NOT ENCRYPTED? Then you're NOT RELEVANT!

If you have any queries contact us at

Published in WebSpain
Wednesday, 25 May 2016 10:36

Time for Lockdown?

Secure Websites

Security is the most important aspect of any internet based application. Bar none! Just because you haven't experienced bad things.....bad things do happen, and it's getting worse. Every day we battle with various attempted security breaches at both server and site level. If they're particularly serious then we let clients know.

It doesn't help that despite numerous security advisories, some clients knowingly continue to run obsolete and insecure software. Unfortunately there's only so much we can do in these situations because vulnerabilities actually exist......so it's only a matter of time before somebody exploits them. That's an absolute fact.

If you're on current software (which 99% of our clients are) then the risk is greatly reduced. It doesn't mean you're impervious to intrusion by any means, but the odds in your favour are a lot better. But what do you do if somebody wants you taken out of commission for either business or personal reasons?

Now this is where it gets interesting......because recently, two sites have gone through a period of sustained and premeditated hacking attempts. And one of them was ours! Yes.....I'm talking about this site!

In our case, somebody (for whatever reason) bombarded the site with intrusion attempts. And despite everything being locked down tight, they got in. We were onto it virtually instantly and dealt with it, but the results could have been catastrophic.
So it was at that point we had to rethink our options. We immediately put in a commercial website firewall application along with a number of other security related initiatives......which for obvious reasons we can't elaborate on. Since then all has been well, but we're expecting a repeat at any time, and no doubt this will be at an even higher level of expertise.

The second incident occurred very recently......and it was directed at one of our lady clients. Somebody who's been with us for many years and has a very successful business. Her attacks were perpetrated over a longer period and at a much higher volume than ours. It sent her bandwidth usage through the roof resulting in her site going offline for a short period.
We then set up the same security system as we'd done on ours, but we even had to take the unprecedented step of blocking transmissions from a number of countries. Yes.....it was that bad. I'm pleased to report that since then everything is back to normal.....however, as in the case of our site, we're monitoring any traffic to her site very carefully.

So why were we, and our client, attacked in this manner?
The common denominator is we've both been in our respective business sectors for nearly 20 years and are very well established. It could well be the case that we're the dominant entities in our markets......and if either of us were taken out of commission then others could potentially stand to gain from it. Neither of us have any problems with any person (client or otherwise) past or present, and neither of us have any bad business relationships with competitors or associates. So there's absolutely nothing conclusive to go on.

The fact remains that two of us with current and secure software were taken out of commission in a clinical, systematic, and sustained manner. This was no script kiddy or opportunist behind it.....this was a pro who no doubt was being paid to get the desired result. Disruption was minimal in both cases as we were on it fast......but it just goes to show that even when even when all your web applications are up to date, a pro can still get to you. If you're running obsolete software then the result will not be a short disruption, it'll be a trainwreck......but that's your choice.

The cold, hard truth is that even if all applications are up to date and all normal security processes are in place, you're still vulnerable. Not vulnerable in relation to the amateur hackers (like obsolete sites are), but you are most definitely vulnerable to the pros. And it doesn't cost much for somebody to hire a pro to do this sort of job! Both my client and I are fairly sure this is what happened in our cases......and we may not be in the clear yet, as only time will tell.

My feeling on this whole business is that now I would never run a site of mine without having the commercial firewall (and other initiatives) in place. Our property was violated....the site felt "dirty" afterwards so we replaced it entirely. If you've ever had a car stolen and returned then it's the same feeling, and I don't want to be in that position again. Should any clients want to have the same level of protection put in place to secure their site, and the way things are these days I would certainly consider it, just contact us at

Published in WebSpain
Sunday, 06 December 2015 12:00

Are you playing Russian Roulette?

Web Design Security

This relates to the most important aspect of what we do.....Security! Because it's estimated that there are millions of outdated and totally obsolete Content Management System websites still in circulation. And they're all playing Russian Roulette!

Besides looking very dated.....which isn't going to inspire potential customers, the majority are not even mobile compatible. Consequently they're unlikely to get any business through mobile searches as their sites will not render correctly on different devices. And when you consider that the majority of internet searches now come via mobiles, then it's obvious that their potential target audience is going to be severely restricted.

Obsolete websites can be a business killer in terms of your credibility, but there's more to it than that.....there's Security! 
We covered this in some depth nearly a year ago in The Life of a Website and it holds just as true today. Nothing has changed except the obsolete sites have now become even more vulnerable. Essentially, the stakes have been raised!

If you have an outdated site (and you will have had notification of this) you are potentially at the mercy of site vandals, script kiddies, activists motivated by current political events, and more organised groups that will take advantage (in a very clinical manner) of any weaknesses. This is usually accomplished by injecting malicious scripts into sites followed by a redirect for visitors to something like the Neutrino Trojan exploit kit server. Find out more about this HERE! 
Therefore your visitors will be compromised by this weakness as well......making your site a danger to everybody, not just yourself. 

The main target for that particular exploit (and there are many others) is WordPress content management systems.....which we don't use. In fact we won't even allow these sites on our servers. Not that it's a bad CMS by any means, but there are just too many poorly built and outdated WordPress sites out there done by hobbyists and amateurs, and they represent a security risk to everybody.

So while the risk you face isn't as severe as those people, the risk is still there. All we can do is make you aware of it.
If you choose to continue with the insecure site, we will just migrate it onto a Legacy Server that still supports the obsolete and deprecated server side scripts that these applications need.

Obviously running outdated site and server software is not exactly the ideal scenario for you or us. So moving these sites onto another server so as not to prejudice the status of current up to date sites is what we have to do. Remember that the longer it goes on the more the risk increases to you and everybody else. So don't play Russian Roulette with your business website........because one day you may get the loaded barrel.

As always, if you have any queries, just contact us at  

Published in WebSpain
Friday, 22 August 2014 23:00

SSL for SEO?

SSL Certificates

Google has recently announced that they are starting to use HTTPS/SSL as a ranking signal within their search engine algorithm.  
The official wording was: “Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search-ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”

So what is HTTPS/SSL?
It's a 2048bit data encryption method that previously was only ever in general use on ecommerce sites to make online payments safer, and on sites that required personal information like NIE, National Insurance, or Passport numbers to be input. Simply because SSL encrypts the connections to the site giving a higher level of security. Google has been going down the path of encrypting their own sites for some time, and now they want other sites to follow suit in order to make the Web a safer place to use.

Obviously anything that strengthens web security, online safety, and the secure transmission of personal data is a benefit to everybody. In addition, it definitely enhances a potential client's perception of you being a legitimate and professional business.....that's the reason we use SSL encryption on this site. 
Having better site security and demonstrating professionalism is advantageous on many levels. But now that Google has announced this new initiative of favouring sites that demonstrate security measures are in place, people have been given an incentive to put these processes into place.

But one important point here is that just because you have an SSL certificate in place does not mean your rankings on Google will suddenly increase to top positioning. The reality is that if your site is technically poor with low quality plagiarised content then you'll be going nowhere! Because achieving high rankings on search engines is a combination of many different factors, and this announcement just means that HTTPS/SSL has now been added to the list of website criteria that will be evaluated.

For more information on HTTPS/SSL contact us anytime at 

Published in WebSpain

Been let down by other Companies? Need help? It's time to speak to WebSpain!   Contact Us