CAll Us: +1 888-999-8231 Submit Ticket
The Hostdedi Grill-Off:2018 Edition

The Hostdedi Grill-Off:2018 Edition

Dear Summer,

It seems like you arrived only yesterday. Won’t you consider staying for another month or two? Halloween is so anxious to meet you!

Forever your friend,

Michigan

 

 

Sigh.

Summer will decline like it always does, of course, and fly back south for the duration of The Season That Must Not Be Named. It is the way of things.

At Hostdedi, we’ve learned the best way to forget about our on-again, off-again relationship with Summer is to grill a few hundred pounds of meat and invite a few friends. Enter our Annual Grill-Off, now 5-years old and counting.

GrillOff at Hostdedi

On August 13, we hosted 130 team members. vendors, customers, and partners for an evening of meat-tastic merriment and charity fundraising. For the feast, leadership from multiple teams sizzled, smoked, and sliced their way through:

  • 120 lbs of ribs
  • 200 lbs of brisket
  • 50 lbs of chicken
  • 20 lbs of steak fajitas
  • 100 lbs of pork butts

Grill-Off Meat Feast With a Hosting Provider

The bounty of meat was once again supplied by our customer-turned-vendor, huntspoint.com. Beans, salads, breads, and all manner of dessert rounded out the feast with a potluck effort.

GrillOff Food Selection

Once again, the shining tool in our griller’s arsenal was our retired-and-repurposed power distribution unit (PDU). Our four-time Grill-Off Champion, Adam (who also happens to be our Chief Financial Officer), still claims its the best smoker he’s ever used. As a Texan and a harsh critic of all things grill-related, we consider this high praise.

A PDU turned into a Smoker DIY

Adam has drawn fire recently for perhaps having an unfair advantage – beef brisket, made from cows that were fed a fine blend of tall fescue and Texas bluegrass, given daily Swedish massages and bathed in unicorn tears. Alleged unfair practices aside, we thank all of our grillers – Brad, Josh, Frank, Kevin, and Adam – for toiling through the night to deliver delicious eats to us all!

And what’s summer without swimming? Our Charity Dunk Tank returned, this time for Habitat for Humanity. For $3 a ball, guests lined up to douse our leadership. Our Chief Operations Officer, Vik, had the honor of going first. If you’re hungry for a highlights reel, please check out our video!

Hostdedi dunk tank with Vik Patel

By sunset and about a half-dozen managers (and one client!) later, our guests had raised nearly $1,000 for Habitat for Humanity.

Rounding out the event were tours of our data center, an inflatable jousting arena, and a  mechanical bull, the latter of which had its way with the author of this blog after three ill-advised attempts to crack the 10-second barrier.

All of us at Hostdedi would also like to thank all of the teams that worked together to sing a sweet swan song for summer. These included HR, Facilities, Administration, Sales, Project Management, and the sun-scorched volunteers that made this event possible. We’d be remiss if we didn’t also give thanks to Mother Nature, who saw fit to provide skies of blue and clouds of white.

… And the brisket’s staying. Boss’s orders!

 

Jay Dobry

Our technical writer of 4 years and counting, Jay wrangles our Knowledge Library and occasionally dabbles in blogging, sarcasm, and getting wrecked by mechanical animals.

Posted in:
Hostdedi

Source link

Introducing Hostdedi Global DNS

Introducing Hostdedi Global DNS

We are excited to announce Hostdedi Global DNS. A globally distributed name service that puts DNS closer to your website visitors.

What is DNS?

The domain name service (DNS) is the phonebook of the Internet. Whenever you load a website, open a mobile app, or click on a cat GIF, your device usually searches for a web address using DNS.
 
The Internet is made up of connected devices with Internet Protocol (IP) addresses. The domain name service sits on top of the Internet and allows for convenient, easy-to-remember names, nexcess.net, to be translated back to hard-to-remember IP addresses as 208.69.120.21. This is made worse by the Internet’s next generation of addresses, known as IPv6, with long-string addresses such as 2607:f7c0:1:af00:d045:7800:0:1b.

Hostdedi DNS, Today

When you host your DNS with Hostdedi, as about half our customers currently do, DNS requests from your website visitors are answered from servers located in the US. Even if we host your services in London, Australia, or other international locations, our DNS services are still located in the US.
 
We go to great lengths to put our DNS servers on third-party networks, which isolates them from potential failures. We also host eight name servers in total, which is double the number typically found among web service providers. At the end of the day, it’s still a US-based DNS infrastructure.
 
To be clear, concentrating DNS servers in a particular location is a common setup. Due to the nature of DNS, when a user visits your website, their browser or device caches the results and doesn’t need to check DNS again for an extended period of time.
 
For new visitors from international locations, this can cause something known as first-visit page load delay. These geographically distant users may experience as much as a half-second delay. This may sound trivial, but visitors are quick to notice sluggish load times and tend to avoid sites that suffer from them.
 
Administrators and developers work tirelessly to shave even fractions of seconds from page load time. A research paper by Google last year found that when delays drift beyond 3 seconds, visitors quickly lose interest and start abandoning sites.

All things being equal – faster is better.
 

Hostdedi Global DNS

We’ve been hard at work the last couple of months deploying a footprint of 15 DNS servers distributed around the world. These servers are strategically positioned so that they provide a local DNS server option for visitors to your site, and significantly reduce first-visit load times.
 
Hostdedi Global DNS uses a technology called Anycast routing, which allows us to broadcast the IP addresses of our DNS server from multiple global locations at the same time. When a visitor loads your website, this technology allows their Internet service provider (ISP) to route the visitor’s DNS requests to the Hostdedi DNS server closest to that visitor.
 
When we stood up the proof-of-concept and looked at the latency differences of Global DNS against our existing DNS, it floored us! The results were significantly better than we expected in reducing DNS first-visit latency. This was some two months ago and it validated our all-in commitment to launching a Global DNS platform.
 
Following is a real-world example of Global DNS in action. Using a tool provided by KeyCDN.com, we tested latency (round trip time) from 16 global locations, then compared Classic DNS and Global DNS.

Hostdedi Global DNS, Going Live!

If you’re a Hostdedi customer, you will enjoy the benefits of our Global DNS for no additional cost, and no action is required.
 
We will begin transitioning Hostdedi DNS to the Global DNS system on Thursday, August 30th. The first maintenance will migrate ns7.nexcess.net and ns8.nexcess.net, with other name servers to follow in the coming weeks. Our goal is to have Global DNS operational for all nexcess.net name servers by the end of September.
 
There will be no downtime as a result of this maintenance. The existing Hostdedi DNS servers will continue to operate and respond to DNS queries until we confirmed all traffic has moved away from them.
 
For instructions on pointing your domain to Hostdedi Global DNS, please see our how-to-guide for details.

Where are Hostdedi Global DNS servers located?

  • Amsterdam
  • Atlanta
  • Chicago
  • Dallas
  • Frankfurt
  • London
  • Los Angeles
  • Miami
  • New york
  • Paris
  • San Francisco
  • Seattle
  • Singapore
  • Sydney
  • Tokyo

 

Will other Hostdedi Global DNS locations be added?

Yes! We are currently looking at adding Bangalore, Hong Kong, Johannesburg, Sao Paulo, and Toronto. These locations will help close important gaps and continue to improve the experience for your website visitors.

Posted in:
General, Hostdedi

Source link

What Is WooCommerce Marketing Automation?

What Is WooCommerce Marketing Automation?

The dream of marketers is to send personalized content to leads at precisely the moment it is likely to have the most effect. Although most WooCommerce hosting clients don’t have a multi-dimensional trove of data about shoppers, we do have clues that can be used to personalize and schedule content with a positive effect on conversion rates and eCommerce revenue.

Shoppers interact with WooCommerce stores: they browse products, put them in carts, make purchases, abandon carts, read blog articles, send support emails, visit and stop visiting, leave reviews, and more. Each event presents retailers with a chance to engage with their customers.

If that sounds complicated and time-consuming, that’s because it is. There are so many different processes involved in marketing that it is easy to neglect areas that might have an impact on the bottom line. As a retailer, you are focused on getting customers to your store with inbound marketing and advertising, improving the eCommerce experience with conversion rate optimization, building a brand, supporting customers, and more.

Marketing automation reduces the labor involved in marketing by automatically sending emails and other communications when they are relevant.

Let’s have a look at some examples.

Sign-Up Emails

When a customer creates an account on your store, you have an opportunity to engage them with content and promotions to help them understand your brand and the products you sell.

Abandoned cart reminders

As I have written elsewhere on this blog, it is more common for eCommerce customers to abandon carts than it is for them to make a purchase. Well-timed emails that remind customers of the products they selected can decrease abandonment rates substantially, especially if they include a coupon code or promotion.

Win-back programs

Here, engagement is triggered by something the shopper doesn’t do, namely visiting the store or buying a product. Win-back emails are intended to give shoppers who have not visited recently a good reason to do so.

In this article I have focused on email, but there are marketing automation solutions for a wide range of platforms, including social media, SMS, advertising.

Marketing Automation And WooCommerce

WooCommerce marketing automation can be implemented as an integration to a third-party marketing automation platform or as a plugin that provides similar functionality.

Marketo is a leading eCommerce marketing automation platform, and although it doesn’t provide a WooCommerce plugin, it is possible to move WooCommerce customers into Marketo via Zapier.

HubSpot, another prominent marketing automation provider, benefits from a third-party WooCommerce plugin that provides excellent integration and real-time data syncing between a WooCommerce store and the HubSpot platform.

AutomateWoo is a premium WooCommerce plugin that includes a wide range of marketing automation capabilities. Each of the marketing automation examples I mentioned – sign-up, abandoned cart, and win-back programs — are possible with AutomateWoo, in addition to card expiry notifications, product recommendations, SMS notifications, and more.

Automating WooCommerce marketing helps retailers to take advantage of the many opportunities for engagement with shoppers without the massive investment of time and money it would take to do it manually.

Posted in:
WooCommerce

Source link

eCommerce Login Attempts Are Almost Always Fraudulent

eCommerce Login Attempts Are Almost Always Fraudulent

Nine out of ten eCommerce login attempts are fraudulent. That is the key finding of an investigation of credential stuffing by Shape Security, a provider of online fraud prevention. Credential stuffing involves the use of stolen credentials to log in to customer accounts to buy products and take advantage of credit arrangements.

Online retailers are more likely to be targeted by credential stuffing because it is common for shoppers to reuse the same credentials on different sites and because automating the eCommerce login process is straightforward compared to banks and other potential targets.

Credential stuffing starts with leaked usernames and passwords. Last year, over 2.3 billion username and password pairs were leaked by online services. Most of the leaked credentials came from Yahoo, which repeatedly exposed the credentials of billions of users. Tens of millions of credentials were leaked from poorly secured forums, databases, and servers. Millions more were leaked in phishing and malware attacks against users.

The usernames and passwords are gathered by criminals and used to make login attempts on eCommerce stores, banks, and social media accounts. The most sophisticated credential stuffing operations create bespoke login scripts that operate from dozens of locations.

The scripts make millions of login attempts with the leaked credentials on tens of thousands of stores. Shoppers use the same email address and password combination on multiple sites, so the leaked credentials can be used to successfully authenticate on many sites and eCommerce stores.

The criminals’ “conversion rates” are quite low: the best credential stuffers successfully authenticate on less than one percent of accounts, but credential stuffing generates significant revenue because credential stuffing is a high-volume, low-cost operation.

Once they have access, the criminals can steal user data, consume gift card balances, and place large fraudulent orders using stored or stolen credit card numbers. It is estimated that credential stuffing costs the US economy in excess of $5 billion per year.

Preventing Credential Stuffing

It is relatively easy to stop credential stuffing from a technological perspective. Implementing two-factor authentication on shopper accounts would be completely effective. Increasing the complexity of the login process would make it more difficult for criminals to automate attacks.

But neither of those methods appeal to eCommerce merchants because they have the unwanted side effect of reducing conversions. The eCommerce industry is incentivized to make it easier for shoppers to authenticate, not more difficult.

Alternatives include IP blacklists, which can be successful against less sophisticated attackers that don’t have access to large networks of proxy servers. Blacklisting is less effective against more sophisticated operations that use paid proxying services and botnets.

Credential stuffing is likely to remain a problem for as long as we use username and password combinations for authentication. Advanced authentication systems such as FIDO 2 are the most likely long-term solution because they provide simple and secure logins without shared secrets.

Posted in:
Security

Source link

WordPress Releases A Feature Plugin For Progressive Web App Development

WordPress Releases A Feature Plugin For Progressive Web App Development

A new PWA feature plugin from Google, Automattic, and XWP lays the groundwork for turning WordPress into a Progressive Web App (PWA). Major WordPress features often start life as feature plugins: the new Gutenberg block-based editor was developed and tested as a feature plugin. The PWA plugin modifies WordPress to make it more compatible with PWA technologies such as Service Workers and Web App Manifests.

What Are Progressive Web Applications?

Progressive Web Applications use JavaScript and modern Web APIs to create a native-like experience for web applications. PWA’s have lower latencies than server-rendered web pages, they function without a network connection, and they can be installed on mobile device homescreens.

Service Workers play an important role in Progressive Web Apps. A Service Worker is a script that runs in the background independent of web pages. Service Workers can intercept network requests and respond with cached data, allowing web apps to function when there is no network connection.

The combination of the Cache API and a Service Worker can create seamless page transitions: data can be pre-cached and used to render pages in the browser when the user clicks on a link.

Web App Manifests provide configuration data that browsers and operating systems can use to provide a native-like user experience for web applications. When Progressive Web Applications are installed on a mobile device’s home screen, the Web App Manifest tells the browser which icon to use and how the app’s UI should be displayed.

Bringing Progressive Web Applications To WordPress

The current release of WordPress lacks several features it would need to work well as a Progressive Web App.

Each application can only register one Service Worker, which means plugins and themes can’t handle Service Worker registration themselves. The PWA feature plugin introduces an API that allows plugins and themes to register Service Worker scripts with WordPress, which concatenates them into a single script. The WP_Service_Workers API uses the same interface as the familiar WP_Scripts API.

Service Workers require HTTPS connections; they cannot be registered if the connection is insecure. The PWA feature plugin adds an API endpoint for discovering whether a site supports HTTPS.

Why Progressive Web Applications?

Traditional web applications are slower than native applications, can’t be installed, don’t work offline, and don’t integrate well with push notifications. PWAs solve all of these problems (although there are some limitations on Apple devices).

PWAs are also less expensive and complex to build and maintain than native applications. This is particularly beneficial to smaller businesses and retailers that can’t afford to build separate web, iOS, and Android apps.

PWA Today?

The PWA feature plugin was released in July. It is probably not a good idea to install it right away on a production site. Feature plugins are part of the WordPress development process: they change often and aren’t guaranteed to be bug free.

It’s also important to note that installing the plugin on your WordPress site won’t turn it into a PWA. The plugin simply adds features that make it easier to build a PWA on WordPress.

If you want to implement PWA features on your site today, the Super PWA plugin is a better option.

Posted in:
WordPress

Source link

Games for Geeks

Games for Geeks

Games for Geeks at HostdediA guest post contributed by our technical writer Jason Dobry, about how bringing everyone together helps to create a team that knows more, does more, and makes for a great game of Zombicide. 

 

 

The best geeks are unashamed, even proud,  of their geekhood. As a technical writer in web hosting company, I’m just one more happy geek in the sea, lost in the tides of Linux, Magento, and obscure quotes from Monty Python and the Holy Grail.

To be fair, I’m a writer first, and a tech second, or perhaps even fifth. I work with nearly every team and learn something new nearly every day. The upswing of this is I know about 70 percent of our faces and names. The challenging part is my technical knowledge rates better in “breadth” than “depth.”

Building a Multi-Talented Team

Job challenges aside, this cross-team familiarity is a tremendous asset. Like many companies, we use an instant-messaging tool, email, and other means of digital communication. The ability to connect a name to a face provides an extra incentive to help each other out. It’s easier to ignore Joebob (Needy) McGreeblies when I know him only as pixels on a screen, rather than someone I’ve met.

Of course, that assumes Bob and I actually liked each other when we met. Maybe Joebob is socially awkward, or maybe I stayed up too late watching Westworld for the second time and yawned every 30 seconds during our conversation. Or, maybe we just work in web hosting, and both of the extroverts already found their way to Sales.

Sometimes meeting these strangers isn’t enough. In a company of mostly tech-minded introverts, how does one encourage them to rub elbows?

It’s a myth that geeks don’t enjoy the company of others. They just tend to prefer the company of other geeks, which is why I organize Games for Geeks (GFG) at Hostdedi. We meet on the third Friday of every month for company-supplied pizza and a geeky board game or three. These aren’t “party games,” these are games that make you either think of ways to cooperate or ways to conquer.

Team-Building Without Team-Building in Mind

Mind you, GFG wasn’t devised to be a team-building activity. I was just looking for a way to add board games to my busy schedule of writing, children, and subservience to my feline captors.

It’s just a fortunate side-effect. We’re a small group, but games bring together people spanning teams that normally don’t interact much: System Operations, Support, Software Development, and Billing.

I didn’t stop to appreciate this perk until recently. As I said earlier, my role as technical writer spans nearly every team, but some teams don’t naturally interact all that much. GFG gives these teams a reason to do so without feeling contrived or “required.” Participation is voluntary… but

FUN IS MANDATORY

Except it’s not, of course. I’ve found the most reliable way to get people to attend is just to be “the best geek” I can. Jump in with both feet, sound like a borderline lunatic, sprinkle a dash of cheerleader, and be personable. I’m not outgoing by nature, but I can fake it if it means I can get my game on.

It’s not even exclusive to people identifying as “geek.” There’s no litmus test, no threshold for admission The geek-curious are welcome, and we always appreciate new blood. In past months, we’ve hosted spouses, neighbors, family members, and sometimes just co-workers with a grudge against zombies or cosmic evil.

Ultimately, it’s just about sharing light-hearted fun in an intellectual activity while eating far too much pizza and not nearly enough veggies. Not a hard sell for anyone that’s curious about games in which we:

  • Survive armageddon in End of the Line, a post-apocalyptic tale of family survival, radioactive zombies, and fuel shortages. Just because life is brutal, doesn’t mean it can’t be fun!

  • Team up to take down the ancient horror slumbering beneath the city in Arkham Horror, even if we succeed only in annoying the Great Old One and are devoured like buzzing mosquitoes.
  • Choose sides in the Gunfight at the O.K. Corral in Flick ‘Em Up, a game where the white hats only win if they shoot straight and stay cool. Regrettably, the good guys in our game did neither.

GFG has run more or less every month since October 2016. We’re small – about a half dozen regulars and handful of “occasionals” – but it’s one more way to have fun in a “work setting” while forgetting we’re in a work setting. Added to other company social events like trivia, softball, charity events, and perhaps even a company Grill-Off, it creates another vector for shared experiences.

“Shared” doesn’t even have to mean “cooperative.” Plotting against your coworkers in a low-stakes environment makes for a good laugh, and everyone’s content to leave past squabbles on the table. Well… except for me, against a certain person by the name of “Alan,” who stole my family’s grain in a game of Agricola and left us with no recourse but to eat our family pig, Mr. Ribs.

You know who you are, “Alan.” Better be watching your back during that next game of Zombicide. Sure, it’s cooperative, but accidents happen…

 

 

Jason Dobry

Our technical writer of 4 years and counting, Jay wrangles our Knowledge Library and occasionally dabbles in blogging, softball, and being the second loudest person on his team.

Posted in:
Hostdedi

Source link

A Five Step Guide To Taking Over A WordPress Site

A Five Step Guide To Taking Over A WordPress Site

Taking over a WordPress site can be a daunting prospect. Whether you bought the site or inherited it, it’s unlikely that you will find everything as it would be if you had installed and configured it yourself.

Have you ever driven someone else’s car and had to spend five minutes adjusting the seats, the mirrors, the steering wheel position, and the air conditioning just to make the experience bearable? People tweak their environment to make it more comfortable, and that’s as true of a WordPress site as it is for a car.

But before you get down to moulding your recently acquired WordPress site to suit your preferences, there are a few more important tasks to take care of.

Information gathering

A WordPress site has a lot of moving parts and you need to understand how the site is hosted and how you can get access to the relevant accounts.

First, gather together usernames and passwords. You will need:

  • The hosting account’s portal credentials.
  • SSH and FTP passwords, if there are any.
  • Credentials for the domain registrar.
  • Access to any email addresses associated with the site.
  • Access to the DNS hosting account if it isn’t hosted by us.

Visit each of these accounts to check that the supplied credentials work. You don’t want to find out that you can’t access the domain registrar, for instance, just before the domain is due for renewal.

This information is essential to running the site, so if any important credentials are missing, get in touch with the site’s previous owner.

When you talk to the site’s previous owner, ask about any custom code or plugins that the site is running. Custom code may be fragile or incompatible with new versions of WordPress, so it’s a good idea to know where to look if something goes wrong.

Change logins and delete old users

It’s time to assert your control over the site: the only people who should be able to access it are those you have given explicit permission to. Change the admin passwords and delete any admin users you don’t want to have access.

You can add and delete accounts in the Users section of the admin menu. When you are deleting users, be careful not to delete all the content associated with that user: there’s an option to associate their content with a different user in the “Delete User” dialogue.

Update the site and its plugins

An out-of-date site is a vulnerable site, so one of your priorities should be to check that WordPress is up-to-date. I would also recommend turning on automatic updates if they have been deactivated.

Carry out the same process for plugins and themes. Make sure plugins are updated and also that they don’t have any known vulnerabilities: occasionally a plugin is removed from the repository and without investigating you might not know that it’s vulnerable. Google is your friend here.

If a plugin has not been updated for many months, it may have been abandoned by its developer: it is advisable to find alternatives to abandoned plugins because any security vulnerabilities are unlikely to be fixed.

Run malware scans

If the site’s previous owner was not diligent about updating and other security best practices, it may already have been compromised. The WordFence and Sucuri plugins include malware scanning and many other useful security features.

Create backups

If the site already has a backup system in place, test it. Carry out a full site restore on a local installation of WordPress to make sure that the backups are working and up-to-date.

If there is no backup system, creating one should be a priority. We have covered several excellent WordPress backup solutions on this blog.

Now that you have complete access to the site, it is secure and malware free, and the backup system is humming away in the background, you can start to publish content and focus on attracting more visitors.

Posted in:
WordPress

Source link

Auditing WordPress Site Performance With Lighthouse

Auditing WordPress Site Performance With Lighthouse

Performance-optimized WordPress hosting is an essential component of a fast and reliable WordPress site, but hosting isn’t the only variable that affects performance. A host of other factors are involved in ensuring that the data your site sends to the browser is received and rendered as quickly as possible.

Because there are so many factors involved, WordPress site owners should take a data-based approach to optimization. Ad-hoc optimizations based on vague ideas about optimization best practices are unlikely to get to the heart of the issue. Without information, you will almost certainly waste time and energy on “optimizations” that have no real-world effect.

Therefore, the first step in any optimization project is a performance audit. There are several performance audit tools you might use – we have discussed Google PageSpeed Insights before – but today I’m going to focus on another tool from Google.

Lighthouse

Lighthouse is a site auditing tool that runs websites through a series of tests, producing a report to guide your optimization strategy. Lighthouse is particularly useful for testing mobile-friendliness, because by default it throttles network connections and CPU power to emulate a slow smartphone, although that can be changed in the settings.

Lighthouse is available as a standalone app, but many readers will already have Lighthouse installed on their computer as part of Google Chrome’s developer tools.

To access Lighthouse, open a page on the site you want to test in Google Chrome. Then, open Chrome’s menu, navigate to “More Tools”, and select Developer Tools.

Click “Audit” on the panel that appears, and you should see a window that looks like this.

Lighthouse Overview

Click “Perform an audit…” and you will be presented with a list of options. If this is your first time auditing a site, I’d advise you to leave everything checked: the tests will take longer but you will develop a clearer idea of what Lighthouse can do.

LightHouse auditlist

Once the tests are finished, Chrome displays a report of the results, including performance, accessibility, and SEO metrics. Next to each result is a disclosure triangle. Click it for more information and a link to additional resources that will help you to perform the required optimization.

google lighthouse audit

Lighthouse is particularly useful because it focuses on real-world metrics such as “time to first paint” and “first interactive” that have a real impact on a user’s perception of a site’s performance.

Lighthouse also gives site owners the opportunity to see their WordPress site from the perspective of a less-than-ideal connection on a low-end device. If you only test your site from a high-end PC on cable broadband, you will develop an inaccurate idea of what your site looks like too many of its users.

While Lighthouse is a useful tool, I would still advise site owners to leverage a range of performance testing tools, including Google PageSpeed Insights and Pingdom tools, to gain a comprehensive view of site performance that can be used as the foundation of an evidence-based performance-optimization strategy.

Posted in:
WordPress

Source link

Google Chrome Displays Insecure Warning On All HTTP Pages

Google Chrome Displays Insecure Warning On All HTTP Pages

Google AnalyticsOn July 24th, Google released Chrome 68, which will mark insecure any page loaded over an HTTP connection. The long-planned move means that any site that doesn’t have an SSL certificate that enables it to use HTTPS will be prominently marked as insecure in the browser’s search bar.

HTTP Security Setting

HTTPS is a secure version of HTTP, the protocol used to send data over the internet. With HTTP, data is sent in the clear: it can be intercepted and read by third parties in what is known as a man-in-the-middle attack.

HTTPS connections use SSL certificates to encrypt the data and validate the identity of the server sending it. Data traveling over an HTTPS connection can’t be intercepted and read by a man in the middle.

Historically, HTTPS was used on eCommerce stores and other sites that receive or transmit sensitive data. In the last few years, Google and security experts have encouraged much wider adoption, arguing that every site should be protected by HTTPS.

Chrome will now display warnings for every page that is not loaded over an HTTPS connection. That’s important for sites that don’t use HTTPS because most users are unlikely to understand exactly what is insecure about them.

The History Of Google’s Push For HTTPS Everywhere

Google has been gradually moving Chrome in this direction for the last several years. Pages were once marked as secure if they used HTTPS. Pages that didn’t were displayed with no message. Last year, Chrome began to display warnings on HTTP sites when the browser was in incognito mode or when the user was asked to enter information. From this month, Chrome will display a “secure” notice for HTTPS pages and an “insecure” notice for HTTP pages.

In September, Google will go a step further and remove the “secure” notification for HTTPS sites. And in October the warning on HTTP pages will change from a neutral color to a noticeable red.

In addition to encouraging sites by warning users in the browser, Google also gives sites with HTTPS a boost in search engine results. All else being equal, a page delivered over an HTTPS connection will rank higher than an HTTP page.

The State Of HTTPS

HTTPS adoption has skyrocketed in recent years. Eighty-four percent of sites loaded by Google Chrome use HTTPS. So do 83 of the top-100 sites. But a large number of smaller sites do not have an SSL certificate and they are likely to be hardest hit by the new warnings.

HTTPS is a good thing. It keeps users and hosting clients safe. Adding an SSL certificate to a site was once complex and expensive. That’s no longer the case. At Hostdedi, many of our WordPress, WooCommerce, and Magento hosting accounts include a free standard SSL certificate and we’re happy to help eCommerce retailers and site owners add a premium or extended validation SSL certificate to their site.

It’s likely that SSL will become ubiquitous in the near future. HTTPS is required by modern web technology like HTTP2 and Service Workers, which are the foundation of Progressive Web Apps. Magento is working on PWA solutions for eCommerce and developers have just started work on a feature plugin that will make WordPress and WooCommerce PWA-friendly.

If you would like more information about implementing SSL on your website or eCommerce store, our support team is waiting to hear from you.

Posted in:
Security

Source link

Diagnosing Errors On Your WordPress Site

Diagnosing Errors On Your WordPress Site

Diagnosing Errors On Your WordPress SiteSometimes, your WordPress site may behave in ways you don’t expect. Perhaps a widget has disappeared from its customary page, or an inscrutable string of letters and numbers are output onto the page, or instead of your WordPress site, all you can see is a blank white page. Usually, the cause of these problems is easily reversible, but before you can fix a problem, you need to know what caused it.

The Usual Suspects

If a WordPress site won’t load at all, there may be a problem with your internet connection or – less likely – with your WordPress hosting. If WordPress loads, but it doesn’t look right in some way, the cause is probably one of the following:

  • Plugin errors or compatibility issues.
  • A missing or damaged theme.
  • Missing or damaged files.
  • Database issues.

Plugin compatibility issues are the most common problem and the most likely occur when you haven’t made any obvious changes to your WordPress site’s code.

Retrace Your Steps

If you are actively working on your WordPress site when the problem arises, perhaps editing a PHP file or installing a plugin, then undo what you just did. It is often useful to maintain a “log” of the changes you are making to a WordPress site, so that when something goes wrong you know exactly what you need to do to backtrack until you find the mistake.

Activate Error Reporting

By default, WordPress doesn’t report errors to the display for security reasons, but you can activate error reporting by SSHing into your account, opening wp-config.php, and editing the following configuration option.

define( ‘WP_DEBUG’, false );

Change false to true so that the line reads:

define( ‘WP_DEBUG’, true );

This will make WordPress report errors that may be useful in tracking down the cause of the problem. Don’t forget to revert to the default when you have found the problem.

Diagnosing Plugin Errors

Incompatible and otherwise faulty plugins are the most common cause of errors on WordPress sites. If you haven’t recently made any significant changes to your site, plugins should be at the top of your list of suspects.

But which plugin is causing the problem? There are two ways to manually figure out which plugin is misbehaving. The first is to disable plugins one at a time until the problem goes away. The second is to disable all plugins, and reactivate them one-by-one until the problem returns.

Occasionally, the problem is so bad that you can’t access the admin interface to deactivate plugins — the so-called White Screen of Death. The solution is to manually deactivate all plugins by logging in to your hosting account by FTP or SSH and renaming the wp-content/plugins folder to something different: the WordPress Codex recommends wp-content/plugins-old.

For sites with many plugins, it takes a lot of reactivating and deactivating to discover which plugin is causing the problem, especially if it’s caused by the interaction of a couple of plugins. Plugin Detective can help. It’s a WordPress plugin that leads you through a binary search of installed plugins, narrowing down the culprit more quickly and reliably than doing the same thing manually.

This article should help you quickly diagnose and fix the most common issues you might have with your WordPress site, but if you need more help, don’t hesitate to get in touch with Hostdedi support.

Posted in:
WordPress

Source link