Affordable websites shouldn't be "cheap"!

DreamHost = Bad Hosting

I recently switched several of my clients to @DreamHost from another web hosting company. Actually, I switched my own business to DreamHost also. One of the reasons I switched is that the old hosting company, 1&1 didn’t include free SSL certificates with all of the hosted domains; they only offered one free SSL certificate per hosting account. They wanted $19.99 per domain hosted. When you’re running an business on as small a budget like mine, paying $20 for each domain isn’t workable. Especially in light that many hosts are offering free SSL certificates through Let’s Encrypt. My introductory discount on the other host was set to expire in November anyway, so I shopped around.

Of the various hosts out there, DreamHost offered what I wanted and had good reviews. And the introductory price was very attractive. In fact PCMagazine recently gave them very high ratings in their recent recommendations and gave DreamHost an Editor’s Choice Award. Unfortunately, their experience with DreamHost was very different from mine.

DreamHost does not offer telephone support. Not all hosts do. You can request a callback from DreamHost, but that will set you back $20 for each call. I can’t tell you how many hours I spent in their Chat Queue for the multiple problems I experienced. I would often get in the queue with six people ahead of me. Based on the wait times, it seemed they only had one agent handling all of the chat queue during a shift.

A week ago Tuesday, DreamHost began having problems with its email servers; emails were delayed for hours before being delivered. I was unaware of the problem. But one of my long-time clients was. Her business lifeblood is through email, especially when she is out of the country. This client gets as many as 100 emails a day from her customers when she’s out of the country. In fact, this was one of my first clients. And she decided to go to another tech guy because of the email delays. Her clients were frustrated because she wasn’t responding to their emails. Well, she was responding to their emails … as soon as she got them.

DreamHost tweeted out that they were having issues. Later in the day, they tweeted that the email server had been replaced and that everything was working properly. Unfortunately, I hadn’t checked Twitter. I suppose that Twitter and their own Status page are the only way that they communicate when there are problems. And I suppose that Twitter and a Status page are the best ways for a large company like DreamHost to communicate that they’re having issues. But I can’t run a business and be on Twitter and check a webpage all day.

And then … they had problems again this week. More email delay issuess. As I exclaimed to the DreamHost Chat agent, companies like mine and my clients’ depend on email and we can’t run a business with unreliable email services. I said that this was totally unacceptable and that I would move to another host if it weren’t for the money I spent transferring my clients’ domains to DreamHost (I’m extremely glad that I hadn’t paid DreamHost $100 per website to move them for me!). To move to another web host, I’d be out another $20 per domain. Again, with a shoestring budget like mine, I can’t afford $20 per domain several times in just a couple of months. I did all of this to save a little money for my clients. My bad. Perhaps I should have chosen to register the domains with a different company than the host; many developers recommend this … in order to avoid the position I have found myself in. I’m seriously considering making that move when these domains come up for renewal next year.

As I explained in a DreamHost Chat Session rating, I have spent several decades in customer service, including several years teaching customer service skills in a Fortune 500 company’s call center, and almost two years working in the sales training department that trained its employees in its over 7000 stores. I know good customer service. My experience with DreamHost’s has been the worst customer service I have ever experienced. Ever! Perhaps things are different if you are starting with a fresh website. But if you need to move your website from one web host to another,  do not choose DreamHost.

As much as I dislike speaking poorly of others, I have written this to warn my readers about DreamHost. Based on my experience, DreamHost has been more like a NightmareHost.

 

 

Is WordPress Secure and Capable?

Are you hesitating to build your organization’s website on WordPress because you don’t think it’s secure enough or it’s too lightweight?

Think again! Here are some heavy-hitters that are using WordPress for their organization’s websites.

Security? How about the US White House!

http://bit.ly/2IqTCgn

 

Give us a shout and let us design a custom WordPress solution for your organization!

 

“Safe” Websites for “Non-Techies”

You may have wondered why some website addresses start with “http” and some begin with “https”. The short answer is that websites that begin with https encrypt the information between the website visitor and the computer that’s hosting the website. Web browsers (Edge, Firefox, Chrome, Safari, etc.) are beginning to flag the http websites with “This website is not secure” warnings in either the address bar or in place of the web page.

Beginning this July, with the rollout of version 68 of Google’s Chrome Browser, Google will list *all* websites still using http as “Not Secure”. Websites that still use http will still be online, but visitors will have to acknowledge that the website they want to visit isn’t “safe” before they’re allowed to access the website. Nobody wants their website to not be “safe”, am I right?

Many web hosts charge from a few dollars to several hundreds of dollars a year for the security certificates (SSL/TLS) that make the encryption possible. Since many websites are not heavy e-commerce websites that processes thousands of dollars every month, not all websites need the guarantees offered by the more expensive certificates.

Note: Some of you are already configured with a security certificate. To find out if you’re affected, just go to your website and look at the address bar. If you have a Green Lock icon and/or https://, you already have https configured for your website.

Note: For more information about security certificates, please see https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html)

Note: This is another “service after the sale” that we will not bill for our current clients. However, if we incur additional costs for the certificates, I will have to pass those costs along to you.

 

Privacy is a Big Deal

I’m sure you’ve heard the latest news citing Facebook’s privacy policy problems. Facebook’s CEO Mark Zuckerberg recently testified before committees from both Houses of Congress. For two days, our elected representatives grilled the young CEO after it was revealed that Facebook data on 50 million users was provided to a political profiling company. Many Facebook users have since deleted their accounts, promising never to use that social network again.

In somewhat related news, on May 25, the European Union will begin enforcing the General Data Protocol Regulation (GDPR). The goal of the GDPR is to protect the privacy of residents of the European Union. That’s good, right? So what does that mean for a small organization operating in the United States… like yours?

According to the GDPR, any company (regardless of national origin) that processes data of EU residents must implement measures to protect privacy *by default*. As it applies to you and me, if your website requests any information from website visitors (including tracking analytics and Contact Forms), they must be alerted to how that information will be used and how long the data will be retained. Even if you don’t serve EU residents directly, if your website is visited by a European resident, you are affected by this new law.

I have been looking into the issue and will put measures in place before May 25 to make sure that we’re in compliance. Note: I am not charging my clients for this “service after the sale”.

Please see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation or contact your attorney for more information about how the GDPR affects your organization.

 

WordPress at 30%

Happy 30% WordPress

Several sources reported yesterday that WordPress runs on a whopping 30% of the top 10 Million most popular websites on the entire Internet.  Also, WordPress currently powers 60.2% of those websites that run a Contact Management System (CMS). One of the sources notes that my alma mater, UNC-Chapel Hill has recently moved its website to WordPress!

This means several things:

  • WordPress has a very high brand recognition.
  • WordPress is powerful enough to run some of the most popular websites.
  • WordPress is secure enough to run some of the most popular websites.
  • WordPress continues to grow in popularity.

This is great news! It’s also chilling news. Why?

Just as we have seen with Microsoft Windows over the years, being the “800lb gorilla” means that a lot of hackers are going to take aim at discovering and exploiting vulnerabilities. And just because WordPress is powerful and secure enough to run some of the most popular websites doesn’t mean that all of those WordPress installations are as secure as they can by, including running the most recent version. And there’s the rub.

Plugins and Themes are the most vulnerable vector for malware attacks. The WordPress Core is securevery secure… at least the most recent version is. And that is true with every new version of WordPress. Automattic, the company that writes and maintains the WordPress Core pushes out minor updates of the Core files very quickly whenever a new vulnerability is discovered in the WordPress Core. So long as the website administrator has enabled automatic updating, the website will be secured when the update rolls out. That was until the February 5, 2018 release of WordPress 4.93. The day after 4.93 was released, 4.94 was released that fixed a “serious bug” in 4.93 that disabled automatic updates.

But if your WordPress website administrator hasn’t run the 4.94 update, your website will never be automatically updated! Never.

Unfortunately, many people who have written Plugins and Themes are not as diligent with their updates as Automoattic is; some developers have completely abandoned their Plugins or Themes, either because they aren’t around anymore, they aren’t writing code anymore, or they don’t care anymore. If there is any exploitable code in the Plugin or Theme, all a hacker needs to do is find the website and load it with malware.

“But why would anyone want to hack my website?” I can tell you that many of my websites — even those that have very few visitors every month — are probed for vulnerabilities more often than they receive legitimate visitors! I have witnessed this nafarious probing increase a great deal in the past few weeks on all of the websites that I maintain.

Unless you have a static HTML “business card” webite that very rarely has changes, you need to step up to the WordPress platform! WordPress allows you to make your own content changes, letting you keep more of you money since you don’t have to call a “web guy” and pay him/her anytime you need to make content updates. Please contact me! Let me save you some serious money!

If your website is already running on WordPress and you don’t know if you’re running the most recent version of the WordPress Core, Plugins, or Themes, please contact me! Your WordPress website may already be infected with Malware!

Let me take a FREE quick look “under the hood”. If I find something, it may need a quick fix, and for a small fee ($30) for the small fix, you’ll be on your way (and I’ll even install some security measures to protect your website in the future!). If it’s more involved and needs a larger fix, we’ll need to talk for a few minutes about how much (or little!) I’ll need for the larger fix. I also offer WordPress Maintenance packages that keeps things updated for an entire year. Contact me if you’re interested!

WordPress is now powering 30% of the web. How high will it go?

 

Free Web Hosting is Bad for Your First Website

I came across this article that echos other insights I have posted in the past. Oftentimes, free and cheap isn’t  the most cost-effective way to do things.

Let that sink in.

Take a few minutes to read this article. Then give me a shout. Let’s talk about developing (or redeveloping) your personal blog or small organization website.

 

10 Ways That Free Web Hosting Is Bad for Your First Website

 

 

Uh Oh!

WordPress 4.9.3 was released on February 5 and included several bugfixes. The next day, WordPress 4.9.4 was released to fix a "severe bug" in the previous day's bugfix. If your WordPress website was automatically updated to version 4.9.3, you must manually update your website to version 4.9.4, otherwise your website will never automatically update again. If you don't know how to do that, it's time to call your webhost or developer! And you may have to part with some of your hard-earned money!

However… if your website was developed and maintained by All-In Web Services, your website was updated within a few hours after these WordPress maintenance releases rolled out. We've got you covered! And we will continue to keep your website running the latest, most secure version of WordPress.

Wordfence has more information here.

New Computer Vulnerabilities Affect Almost All Computers

News was released in the past couple of days about two computer vulnerabilities that affects just about all computers (including tablets and smartphones) made in the past twenty years. Yes, you read that correctly!

One security website says, “Both of these vulnerabilities are hardware level vulnerabilities that exist because of a flaw in CPU architecture. They are very serious vulnerabilities because they are operating system and software independent. The long term fix for both of these issues will require that CPU makers change the way their chips work, which means redesigning and releasing new chips.” (see the link at the end of this post for more information about the Meltdown and Spectre Vulnerabilities.

Malicious hackers could use the vulnerability to access private information inside your computer. The vulnerability can be exploited if you simply visit an infected website that downloads a malicious file to your computer.

CPU chip manufacturers (Intel, ARM, etc) are working diligently to close this major security flaw. AMD, an Intel competitor claims their CPUs are not affected.

So what should you do?

Most of these recommendations are good “best practices” you should already be doing.

  • First of all, make sure that your computer Operating System (Windows, OS X, Linux, Android, etc.) is up-to-date. You may have to manually install an update because some antivirus software may not allow the automatic update to download and install.
  • Make sure that your antivirus and security software is up-to-date.
  • Make sure that your internet browser software (Microsoft Edge, Google Chrome, Mozilla Firefox, Opera, Safari, etc.
  • Discontinue Internet Explorer if you are still using it for accessing the Internet. Instead, use one of these other browsers because Microsoft has discontinued support for IE.
  • Make sure that you have good backups of important files (documents, financial information, passwords, pictures, etc.).
  • Update any hardware firmware updates that your computer manufacturer releases.
  • Be extra vigilent and cautious about clicking links in your email. Before clicking on a link in an email, even if it appears to come from a friend or financial institution, hover your mouse over the sender’s email address and make sure that the link is the same as the actual sender’s email address. Also, hover over the link and look at the bottom of your screen on the status bar to see where the link is pointing. Or just pick up the phone and verify that it is a valid link.

Again, these are very serious vulnerabilities and affect almost all computers made in the past twenty years. Don’t panic, but be careful.

For more information:

https://www.defiant.com/meltdown-spectre-impact
https://www.cnet.com/news/spectre-meltdown-intel-arm-amd-processor-cpu-chip-flaw-vulnerability-faq/
https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/

Major Security Issue for LastPass Just Announced

I have often sung the praises of the LastPass Password Manager. Off the top of my head, I only know a couple of passwords for all of the websites that I access. And each website I visit has a different password. Instead of trying to keep up with a book or sticky notes where I have written all of my passwords, I simply use LastPass to manage all of it for me. Most of my websites allow me to have LastPass populate the login credentials for each website I access. And if I’m asked for a “strong password” when I sign up for a new service or website, LastPass is right there at my digital fingertips, ready to produce a strong password of any length of characters with letters, numbers, capitals, and symbols.

Unlike many other password managers, LastPass has a proprietary way of storing my information on their servers that can only be accessed with my LastPass password, so no one can steal my passwords … even if they were to be able to hack into LastPass’s main database. If I have logged out of the LastPass Extension on my browser, no one access my passwords and secure notes, even if they have my computer. Or phone. Or tablet. My master password unlocks the encrypted password vault online. The bottom line is that I love the way that technology can help me with technology.

Unfortunately, LastPass has been in the headlines recently. The most disturbing one appeared just moments ago. Evidently, there is a major security flaw in the software. According to the story, LastPass is recommending that users alter the way they are using their password manager: Disable the browser extension and use the LastPass Vault to access the websites rather than going directly to a webpage to use the self-populating features of the plugin.

Yes, this is serious business. Even if you don’t think you have anything important to hide, your personal privacy and identity is something worth protecting (take it from someone whose identity has been compromised by someone who used my credit card information to make a few purchases).

I still believe that LastPass is the best solution for managing all those passwords. But for the time being, I’m going to be a little more careful in the way I use it. You should too!