The Pros, Cons and Costs of adding Encryption to your Website
If you have a website that asks any personal information, or has membership or eCommerce built in, your visitors may be seeing browser security warnings. Is it time to add SSL encryption?
Canonical URLs
Special thanks to Pam at League of Women in Government for asking this great question: What is a canonical URL? What if you publish an article that gets replicated on a news site, or what if you have the same product multiple times with slightly different settings in your eCommerce site, or what if you want to syndicate a blog? The answer: you want visitor coming to your site from a search engine to go to a more relevant page. This is the purpose of the canonical URL: to inform the search engine that a more relevant page exists for this content. Literally, a canonical URL looks like this: Adding a Canonical URL The WordPress SEO by Yoast plugin is a great search engine optimization tool. To add a canonical URL to a page on your site using this plugin, in WordPress edit the page that replicates the original content, scroll to the bottom, and in the Yoast SEO settings, choose advanced (gear icon), and then enter the URL. Online Resources Yoast: rel=canonical: The Ultimate Guide Google: Use Canonical URLs
Keeping it Neat
Like a good clown fish tending his anemone, we work tirelessly to keep our customers websites up to date and our systems running smoothly. But as everyone knows, bad things happen in the big ocean. Why? Let's talk about the mystery case of the re-written posts... Last month one of our customers had two posts defaced with a harmless message from the "White Hat Hacker" saying the site was insecure. Clearly done for sport, the White Hat Hacker thought this was funny, but we took it seriously. Within seconds the old posts were restored using WordPress's built-in revisions capability, then we ran full source-code repository scans using WordFence, which we discussed last month. Turns out, even though all code was up to date, a vulnerability had been introduced, and a second update resolved it. But still, our customer was one of 1.5 million sites hacked as part of this exploit. Hackers attack websites for sport and profit. A frequent strategy used by hackers that have cracked a site is to create an invisible window to the far left or right of the viewable screen with ads, and because those ads are displayed, they get a small piece of revenue. Cool, eh? No harm, no foul, except when Google comes along and scans your site, they notice this, and your site is designated a hacked site in their search engine. This process takes several weeks, and it may take several more weeks before a friendly person gives you a heads up. At which point, you freak out. BUT! If you have 90 day backups, just keep winding back in time till you find the unhacked code. This is something we pay a lot of [...]
eCommerce Security: Two Recommendations
Just as the Romans built Hadrian's Wall to keep out the marauding hordes, there are simple defenses you can put in place at no cost to protect your website and your business. The two recommendations below are essential for eCommerce sites, but may also be used for any WordPress website. A customer’s eCommerce site came under attack. It was a little unusual, because first, it was a live person that attempted an invalid transaction, and then they launched a BOT (script) that made another thousand attempts. Of course, the attempts failed, and our customer was charged a small transaction fee that was waived by the credit card gateway, but it forced us to study how we could stop or slow this type of attack. Our customer runs a boutique eCommerce site that uses WooCommerce for the shopping cart and Authorize.net as their credit card gateway. To connect the two they use Woo’s Authorize.net DPM Connector, which allows the transaction to be framed into their site, much like a Google map can be displayed in your website. First, a CAPTCHA is a test that makes sure that a real person, not a script or a bot, is submitting information to your website. To be more customer friendly we had not set up a CAPTCHA, but after the attack we decided it was necessary. Second, it's good to have a firewall running in your site that can monitor (and stop) attacks, and also allow you to individually block an IP address that is attacking. When we see highly scripted programs try to take down a customer, these types of attacks frequently come from a single IP. The easy ability to watch real-time attacks from [...]
Wonderful World of Fonts
Fonts are beautiful and amazing and have the ability to communicate passion, feeling, and style. Choosing the right font families for your website is an important branding decision that impacts how visitors will respond to your content.
Big Things Happening at Luminys
Three years ago we made the biggest decision in the history of Luminys.
Luminys Celebrates 12 Years
This week we celebrate 12 years in business. Like a single malt, it's worth a little reflection. Join us for a quick walk down memory lane of the major events from 2002 through 2014.
OneOC Website Development Series
Take control and kick your website up a notch by attending this three-part series to learn techniques and best practices for keeping your website up to date and maximizing your impact.
Shields Up, We’re Under Attack
It happened to us and it could happen to you. When a website we host was infected with a virus, here's what we learned and how we responded.