Occasionally we have a client who is using a low-end web host or who is self-hosting and does not have a cgi-bin or scripting enabled in order for us to install a contact form processing script. Sometimes this has lead to expensive programming charges. We do not offer programming and so we have to contract out this portion of a project adding to expenses.
We have found a service that will process the script for you on their servers and so far it looks like a clean and elegant solution to a thorny problem for some clients. You will want to click our post title to review the site MyContactForm.com. With a premium account for $24.99 per year, now any client can have a professional seamless contact form installed on their site without complex programming initiatives. I think that it is a very smart solution.
Since I last wrote about the privacy updates that are mandated by the EU to cover website traffic on American websites by EU nationals, much has happened.
Several clients have shared their thoughts with us on why the sudden change. Some are listed below.
“I do feel lucky about not getting caught, but also want to be safe.”
“I’ve just had a lawyer call me and I feel like I need immediate action on the privacy updates as I don’t want to end up in court on a new matter.”
As for me, my perspective is that it is not expensive or hard to do the implementation to be in compliance with the GDPR. I am risk adverse and feel that eventually the US will institute some controls so we will be ahead of the game by changing our own websites now.
Errors, they may your heart beat faster and stomach clench especially when they impact your website. But, not all errors that are reported in plugins such as Yoast or even WordFence are real errors.
For example, today the Yoast SEO plugin flagged my site as not having a home page that was visible to search engines. But on additional testing and review of files; both the robots.txt and .htaccess file there was not issue. Additionally, on testing in the Google fetch feature in the Google Search Console – no errors were triggered. The Google bot was fully allowed even though Yoast said it was not.
Sometimes errors you see are false positives. But, that does not mean you can simply mark them as ignored or disregard them all together.
All website errors should be reviewed and corrected if found to be true. Don’t guess make sure that you do not have a problem each time one is brought to your attention.
Hackers, how do they get in to your website and hosting account? In today’s wild web, it just seems like sometimes you can’t keep hackers out!
Here’s what happened recently to me. I set up a new hosting account at a quality hosting service (not GoDaddy). The same day I loaded the site files, the site was hacked. Files were loaded and links to malware installed in newly created pages that mirrored my own site pages but with a .shtml instead of .html.
The host told me that all was secure and although the site was in a shared hosting environment that their network was not where the hack came in.
The only thing that I can possibly think of that caused the problem for this non-WordPress site is I emailed the passwords to the client. What the client did with the logins, I do not know. I am not sure if he even tried to login, but doubt it.
The host said that possibly a hacker got into the site via a field in the contact form, but there is a Captcha and tests for validity of information and on top of that no database connection for the form. I am mystified!
What I do know is that sometimes you just do not know how hackers get in, could they tunnel in from the host? Could they intercept logins by email? Could they be trawling the web for new hosting set ups and attack them? Your guess is as good as mine.
One thing I do know is that there is a new hack for WordPress websites that targets new hosting accounts where WordPress installation has not been completed. There are bots that are scanning the web for these new sites and coming in via WordPress setup files and taking control of hosting. Could this type of attack possibly be what I experienced? It is possible.
What I do know if that prompt action to clean up, wipe the server, and change all passwords for hosting and FTP and also no longer emailing logins is our newest protocol.
Moving to a new web host? Here are my top tips on quickly moving with a minimum of downtime for HTML and PHP (non-database driven) websites.
Know Before You Go
Make sure you know what is going on with your site before you go. What are you using at your old webhost? Email? Script? When you repoint your domain to your new host, anything that you had at your old host is wiped. That means you will have to set up email accounts, any scripts, and any other things you have been using. Make sure before you move, that your webmaster does their due diligence and make sure you are knowledgeable to inform them of what you have and are doing. Typically they can see scripts that run your website, but may not know of your mail server set up.
Use a Web Host that Provides a Temporary Domain
I like Hostway, when I set up a new domain that is owned or pointed elsewhere, Hostway gives me a temporary domain to use. I can load files and even test scripts and make any changes I need to before I move a domain and go live. If you don’t see this option ask, as sometimes it can be turned on for you.
Test, Test, Test
Before launch of any site, I do extensive testing both in my clients area and then in the temporary domain. Try to get all problems resolved before you turn your new site on. It will save having headaches and frustration.
Be Prepared for Propagation
Once you repoint your domain name servers to a new web host, be prepared for propagation. Know that it takes typically 4 to 6 hours for servers to refresh and longer for small internet service providers for your domain at the new web host to be seen consistently and properly. Don’t freak out when you cannot see your site. This takes time and there is nothing you can do to speed the process.
Looking for a webmaster to help you move to a new web host? Contact us and review our webmaster services today.
GoDaddy Network Protect? What’s that? That’s what GoDaddy calls it when they take your site offline due to a high number of hack attacks on your shared server. Our client has now been down two days. GoDaddy says it will allow the website to be seen when the hack attacks stop and they can turn off the GoDaddy Network Protect.
Wow, that is bad. Could your business afford to be offline two+ days with no end in site? I just have to challenge the type of network protection that GoDaddy has in place if they are constant targets of hackers. Either they are not policing their customers or not properly securing their shared hosting environments. You would think that they would have security in place to protect their business.
If you are hosted at GoDaddy, you can remediate this issue when your website is blocked due to a Network Protect action by buying a dedicated IP address. I just did that for our client who was under a Network Protect and could see his site online in about two hours.
I do have to say that after one of my domains was blacklisted due to a hacked site on my GoDaddy shared hosting environment server and now this situation with a customer, I will only recommend using GoDaddy as your host if you do not want to move or if you get a dedicated IP address for about $75 a year on top of your hosting.
Better yet, consider a different web host who takes security more seriously than GoDaddy.