2 smart steps to improve your website performance

2 smart steps to improve your website performance

  • You want to get the most visitors to your website;
  • you don’t want to be excluded from Google searches on smartphones;
  • you don’t want visitors to see warning messages that might drive visitors away from your website.

If these three sentences resonate with you in any way, you may want to give a look at these two smart steps to improve your website’s performance.

1) Equip your website with a Responsive Design

Responsive Design

Responsive Design makes sure that browsing works fluidly across all screen sizes from desktop, laptop, tablet and smartphone. This is done by building your website in a manner that presents differently to different screen sizes, so the website visitor has a very positive experience no matter what size screen they are looking at.

2) Get HTTPS, setting up a SSL to secure data on your website

Adding the S for “Secure” to your web address will both improve your ranking and avoid warnings such as “this site may not be safe” when visitors arrive. Adding the “S” requires a Secure Socket Layer that encrypts data transferring to and from your site from visitors and adds authentication to your website that says it is safe for visitors.

Need help to set up a Responsive Design or SSL on your website?

The rise of the mobile-first design approach

You may now be wondering how did we get here.

From 1996 to 2014, it was all about growing businesses into deciding that they should have a web presence. Some did it just to be there (in case they might miss something). Then, as time went by, more and more businesses took to a web presence and grew their effort to maximise its effectiveness.

Finally, with the rise of mobile devices such as smartphones and tablets, more and more people shifted towards them, moving away from desktop computers.

Amazon, Ebay, Netflix, YouTube, Facebook, Instagram and other social networks and services have been strong drivers of bringing more and more users online as everyone now can connect to the web reaching out their device in their pocket.

The role of Search Engines

Search Engines such as Google, as their algorithms grow more and more sophisticated, want to provide their users the best possible experience when searching for something through their service.

Aware of the rise of mobile browsing, this means that a website has to:

  • be easy to browse from any device;
  • keep their users privacy safe.

Mobile-first design approach

On April 21, 2015, The rise of mobile devices in the online browsing market, led Google to roll out the so called “Mobilegeddon” algorithm update. This update gives priority – in mobile Search Engine Results Page – to websites that display correctly on mobile devices.

Last January, Google started issuing a penalty to those websites that display intrusive popups on their users’ devices.

The list goes on.

Safety through HTTPS encryption\SSL certificate

HTTPS encryption has been declared to be a ranking factor since August 2014, although people are getting more aware of it only just lately, when major web browsers started to clearly show in their URL bar whether a website has such encryption in place or not.

On Chrome browser, for example, you will now see to the left of the web address:

  • Secure

  • Info Info or Not secure

  • Dangerous Not secure or Dangerous

For website owners this can be a big negative. Someone is just about to visit your website and they are now being warned away, because “you are HTTP and not HTTPS!”.

Again, the focus here is on the visitor first and the website owner second.

For websites that are just information – this appears at first to be a bit strong but adding the “S” to HTTP adds a Secure Socket Layer to ensure data is encrypted and therefore protects the website visitor. This matters whether they are simply browsing your website or entering personal details and other sensitive information such as credit card details, etc.

Now, the bottom line is that if you do not have a HTTPS on your website – visitors are likely to reduce due to warnings and lower rankings.

If you do add HTTPS (using a Secure Socket Layer) then you are seen to respect your potential website visitors and you are rewarded by Google and the browsers by not having warnings showing to visitors.

Let us help you find what you need! Fill our secure form!

This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.

Website/Technical Request

Consent

2 + 10 =

WordPress 4.8.2 Security and Maintenance Update released

WordPress 4.8.2 Security and Maintenance Update released

On September 19, WordPress released a new Security and Maintenance Update.

Needless to say: if you are a WordPress website owner, you should update now, if you didn’t already. Also, be sure to backup your website, if you didn’t do it recently!

To Backup your website is always important before installing Core updates. This prevents issues (such as your website becoming broken or unbrowsable) from rising, especially with Plugins, as they may not always be 100% compatible with the new version.

Need help with your WordPress Backup and Update? Contact us!

What does WordPress 4.8.2 update fix?

Cross-site scripting vulnerabilities (XSS), mostly.
This is a short list of the main bugs that have been found and that the 4.8.2 update fixes, along with a brief explanation, where needed:

  • Cross-site scripting (XSS) vulnerabilities were discovered:
    • in the oEmbed discovery;
    • in the visual editor;
    • in the plugin editor;
    • in template names;
    • in the link modal.

XSS is a kind of vulnerability used to bypass websites’ access controls.

  • Path traversal vulnerabilities were discovered:
    • in the file unzipping code;
    • in the customizer.

A path traversal attack (aka directory traversal attack) aims to access files and directories that are stored outside the web root folder.

  • An open redirect was discovered on the user and term edit screens.

Through open redirects an attacker may successfully launch a phishing scam and steal user credentials. This can happen by redirecting the victim to links identical to the original site, so to have a more trustworthy appearance.

There are other 7 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.8.2 directly from their website.

We are available to chat with you over these and other WordPress related issues anytime. Contact us!

Let us help you find what you need! Fill our secure form!

This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.

Website/Technical Request

Consent

13 + 8 =

WP-Base-SEO: fake SEO Plugin for WordPress it’s actually a Malware

WP-Base-SEO: fake SEO Plugin for WordPress it’s actually a Malware

If you are Administrator of a WordPress website, pay attention!

The security firm SiteLock has reported that WP-Base-SEO, a fake version of the legit WordPress SEO Tools plugin, has infected lots of WordPress websites.

As SiteLock shows, WP-Base-SEO does a very good job in faking legitimacy, providing references to the official WordPress Plugin Database and instructions on how to use the plugin properly.

Still, digging deeper in the main PHP files of the plugin, they found out a base64 eval request. It’s a PHP function very often used for malicious purposes and, as such, its use is disregarded by PHP.net. In this case, it opens up backdoor access to the website.

The security news website Threatpost states that over 4.000 WordPress sites have been infected by WP-Base-SEO. It is likely that the attackers have mass-scanned WordPress websites searching for outdated plugins to target. This is a very common practice.

Just to provide an example, in April, 2016 an outdated version of WordPress RevSlider image slider plugin, was held responsible for 2.5 terabytes data leak that went under the name of “Panama Papers”.

How to increase your WordPress website Security?

As always:

  • Keep the WordPress Core updated to the latest version
  • Pay attention when installing a new WordPress plugin on your website: look for good ratings and legit feedback from the WordPress Plugin Database users
  • Keep your plugins updated to the latest version
  • If a plugin has not provided any update in the last few months, consider removing it from your website.

We at Handyweb have dealt with WordPress Security issues and can help you if you need solutions! Contact us!

Let us help you find what you need! Fill our secure form!

This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.

Website/Technical Request

Consent

4 + 2 =

WordPress 4.7.3 Security and Maintenance Update released

WordPress 4.7.3 Security and Maintenance Update released

WordPress has just released a Security and Maintenance Update.

The 4.7.3 update fixes important secuirity issues that 4.7.2 and previous updates still didn’t manage to fix completely.

Of course they suggest to install the update immediately and. as WordPress users ourselves, we can’t help but strongly suggest you to do that.

So, if your website uses WordPress as a Content Management System (CMS), you should backup your website and update WordPress Core to the latest version.

To backup your website is always important, especially before installing Core updates, so to prevent issues. Also, if your website has Plugins installed, these may not always be 100% compatible with the new version which can lead to your website becoming broken or unbrowsable.

Need help with your WordPress Backup and Update? Contact us!

What does WordPress 4.7.3 update fix?

Being an open source, heavily community-reliant CMS, WordPress updates are usually based on the huge amount of feedback coming from its huge user base (WordPress 4.7 has been downloaded over 17 million times).

This is a short list of the main bugs that the 4.7.3 update fixes, along with a brief explanation, where needed:

  • Cross-site scripting (XSS) via media file metadata.
    XSS is a kind of vulnerability used to bypass websites’ access controls.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
    CSRF is a type of malicious website exploit where unauthorized commands are transmitted from a user that the website trusts.

There are other 39 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.7.3 directly from their website.

We are available to chat with you over these and other WordPress-related issues anytime. Contact us!

Let us help you find what you need! Fill our secure form!

This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.

Website/Technical Request

Consent

8 + 5 =

Brought to you by Handyweb.ie 

Phone: +353 (0) 44 93 45145
Email: info@handyweb.ie
Services: Web and App Consultants, e-Commerce, Responsive Web Design, Search Engine Optimisation, Digital Marketing, Social Media, App Development, Online Payments, Online Business Automation

Website security: as hacking continues to grow, is your website safe?

Website security: as hacking continues to grow, is your website safe?

Keep your website safe and maintain your website visitors’ trust

Today’s headlines show that the Swift payment system has been hacked. This system is used by many leading banks in the world, probably including yours. Perhaps it is a good time to remind yourself of your responsibilities as a website owner: you should always protect your visitors’ data against hackers.

The headlines on the heading picture of this article are all cut from web stories today. There is an increasing level of security breaches even on top brand websites.

For website owners there are two areas to consider, when seeking to keep your website safe from hackers.

  • Your clients and visitors’ personal information
  • Your website and its database

Do you have an Ecommerce website? Find out more about how to increase your Ecommerce security.

Your interaction with your online visitors is based of trust. If your website fails in delivering a proper protection for its visitors, building trust in them will be very difficult.

Here are 7 steps you can consider if you want increase your visitors’ trust

One of the easiest ways for hackers to access your website is because your software, like your website CMS, are not up to date. Many CMS such as WordPress often release Security and Maintenance Updates. These updates aim to close off the loopholes in security found in the previous versions. 

More about why you should always keep your software up to date.


Brought to you by Handyweb.ie 

Phone: +353 (0) 44 93 45145
email: info@handyweb.ie
Services: Web and App Consultants, e-Commerce, Responsive Web Design, Search Engine Optimisation,  Digital Marketing, Social Media, App Development, Online Payments, Online  Business Automation.