Securing mail from your website to a mailbox

By default a wordpress installation uses a method of sending mail that does not use a mailbox to send the message and does not encrypt the message. Email cannot be confirmed to be end to end secure unless you know the receiving or sending person is using encryption and is set up correctly; you can encrypt mail in the places where you control email so that it is encrypted from the website to the mailbox. If it is your mailbox, and you know that your mail client is set up correctly with encryption, then you have end to end security. If the website is running over SSL and the address starts with https:// (98% of them are now), then a user entering information into a form is also encrypted. So the path from the users browser, through your contact form, from the website to your receiving mailbox is encrypted and cannot be intercepted as plain text.

How do I make the changes

Log into your website and go to Plugins.
Seatch for WP Mail SMTP, locate it and install it. Continue reading Securing mail from your website to a mailbox


Do You Send Newsletters?

New recommendations for Newsletters

Some of you are using Mailpoet on your websites to generate newsletters. I have run into a lot of problems sending out my newsletter this month, I have had to send it three times. I checked through my logs and found that a very small number came out last month as well. I have been investigating what has happened.  The top two entries in the image below show there is a problem because rather than a 65%+  opening rate, there is a 4% opening rate.

Continue reading Do You Send Newsletters?


New Guidance on Contact Forms

On many sites there are one of two contact forms used, one is called Form Manager (generally very old sites) and the other is called FS Contact Form. Neither of these form handlers are available now through the WordPress repository. Neither of them are supported any more by their authors. It is very much in your interests to replace them.

I am recommending the removal of the existing contact forms on all websites and replacement with Contact Form 7 and another plugin called Contact Form Redirection.

Both of these are supported contact forms and have current versions compatible with WordPress version 4.9.5.

By using these two plugins it will be possible to achieve the following:

  • Contact Form similar in appearance to your current form
  • Ability to upload an attachment
  • Supports Google Recaptcha version 2.00 (to reduce spam).
  • On screen message to sender to confirm message has been sent
  • Redirection to a Thank You page
  • Ability to format the message that is returned to your organisation
  • Send a copy of the submitted message to the author to confirm submission

It can probably do many more things, but these are a superset of what we are currently supporting on the most advanced sites.

The downside is Contact Form 7 is not that intuitive to use if you are a novice user compared to the former versions. However it is one of the most popular plugins for managing user forms.

Contact me if you need some help. 


Facebook Feed Broken in WordPress?

Following the media news about Facebook and the ability of “bad actors” to search Facebook based on a telephone number or email address and locate people, Cambridge Analytica and other news where personal data is being used in manner that most people might object to, the system API’s (Application Programming Interfaces) are being reviewed and modified or retired to help to tighten up on security.

If you are using one of two Facebook plugins in your WordPress site, you may find it is no longer working. That is because Facebook have modified the interface. There will be ways around this I expect, but I am going to leave it a few weeks and let the dust settle.

If you find your facebook feed page is corrupted, or at best not looking great because it has a warning message in there, disconnect it from the menu for now.

I understand that there are workarounds, that require admin access to the Facebook Group page and knowledge of a special key and secret. I have not used those when setting up your page.  As I find out more I will update this page.

You can read about the changes here if you want to have a go yourself:



Changes to Updraftplus

In another article on this site I refer to some issues with Updraftplus the backup plugin we use on all sites. One of the things that has happened over the past three months is the settings have been corrupted.  Where this has happened there are a wide range of symptoms, I will not go into them here.

Reset the configuration

I have been advised by Updraftplus to reset the configuration (effectively means erase the settings and set them up again). If your site was backing up to an external dropbox that either I set up for you, or you set up, it is no longer doing so. The settings for your dropbox authentication have been lost as a result of the reset process. I could not avoid it.  Continue reading Changes to Updraftplus


What you don’t know can’t kill you

For many charities they may independently buy hosting and build a website, or someone else builds it for them and they don’t take any more action. There is a flaw in this, not all website hosting works as smoothly as you may think it does, and as you will see in this article, sometimes things happen which will substantially break a site, ….. and you are unaware of it.

Over the past two weeks I have raised around 10 support cases with the hosting provider we are using. They have been brilliant over the past year, I don’t have any regrets moving to them, the sites are generally trouble free. Since we moved to them last year, I have raised 178 support cases on your behalf, you never knew that did you? Continue reading What you don’t know can’t kill you


Changes to incorporate SSL

With GDPR coming along shortly, I am working my way around the hosting accounts and where it is possible, I am enabling a security certificate for each domain.

Unlike the previous hosting we were in, this one offers free security certificates, they normally cost around £75 per year. They are free to me, so they are free to you.

What does this mean?

It means that when a visitor comes to your website they do not go to http:// they go to https:// the “s” is important because it means the data going to and from the website is generally* encrypted. I will explain why I have said “generally” in a moment”.  SSL means Secure Socket Layer.

What is particularly important is anything entered into a form is encrypted between the user and the website, and therefore nobody can intercept it on the wire. When your site was first built we were not able to use SSL certificates, and all requests and data entered between a client and the server were in plain text. If they could be intercepted then they could be read.  Continue reading Changes to incorporate SSL


Hosting Costs Change

Since I started providing hosting and email for everyone I have been providing it for £48 per year, with a few exceptions where there was high usage or multiple accounts. I have not increased those charges for six years. With GDPR coming in, there are some additional measures that can be made to help protect the integrity of your website.

With effect from April 1st 2018 , all hosting renewals will increase to £5 per month, £60 per year. Currently within the hosting arrangement all sites are backed up each week and several copies week’s worth of copies are stored in the hosting, generally between 3 and 6. I also visit each site and check it four times a year, so my service is a little more than just providing space on a server.  Continue reading Hosting Costs Change


Be seen (by Google)…

I have just finished working my way around 100+ websites and backing them all up. I also check them to make sure the infrastructure is up to day. There are a couple of interesting observations that are worth noting, particularly if you are new to editing, or struggling with updating your website, or don’t like updating it for some other reason.

All of the points raised and guidance are included in a downloadable document at the end of this article.

1). Google Searches.

Before I start checking a site I perform a google search on the entity name (not the domain name) to make sure it comes very close to the top, if not at the top of the first page on Google. I have never had any problems getting people to the top of searches without paying a penny. But there are things you need to do to stay there, and stay fresh.

Download some tips

2). A picture paints a thousand words

Well in web terms it doesn’t unfortunately. I have seen lots of examples of people placing images, such as posters on their home pages. Posters are generally a graphic stored as a PDF, JPG or PNG file. It is an image file. Humans can read and interpret images. Google and computers generally cannot.

Download some tips Continue reading Be seen (by Google)…


Mainly for the benefit of new users

How to quickly update your website

This item is largely for the benefit of new users to WordPress and the systems I have put together.  This assumes you are using a Divi based system. If you don’t know what that is, you probably are not using a website based on the Divi template. The steps are broadly the same for any system. But on the later Divi sites I have configured them to work in a specific way with a featured image.


Your site comprises fixed or page based content, this tends to remain static and can be located directly through the menu. This is the main part of your website. It tells the world; who you are and what you do in a generic sense.

There is another form of content called a Post. Posts are handled slightly differently. They tend to be transient in that they are time based, with the most recent being prominent and visible on your site, and the oldest buried in an old blog page in your site. However both are still in your site and can be located.  Continue reading Mainly for the benefit of new users