Securing mail from your website to a mailbox

By default a wordpress installation uses a method of sending mail that does not use a mailbox to send the message and does not encrypt the message. Email cannot be confirmed to be end to end secure unless you know the receiving or sending person is using encryption and is set up correctly; you can encrypt mail in the places where you control email so that it is encrypted from the website to the mailbox. If it is your mailbox, and you know that your mail client is set up correctly with encryption, then you have end to end security. If the website is running over SSL and the address starts with https:// (98% of them are now), then a user entering information into a form is also encrypted. So the path from the users browser, through your contact form, from the website to your receiving mailbox is encrypted and cannot be intercepted as plain text.

How do I make the changes

Log into your website and go to Plugins.
Seatch for WP Mail SMTP, locate it and install it. Continue reading Securing mail from your website to a mailbox

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Do You Send Newsletters?

New recommendations for Newsletters

Some of you are using Mailpoet on your websites to generate newsletters. I have run into a lot of problems sending out my newsletter this month, I have had to send it three times. I checked through my logs and found that a very small number came out last month as well. I have been investigating what has happened.  The top two entries in the image below show there is a problem because rather than a 65%+  opening rate, there is a 4% opening rate.

Continue reading Do You Send Newsletters?

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Facebook Feed Broken in WordPress?

Following the media news about Facebook and the ability of “bad actors” to search Facebook based on a telephone number or email address and locate people, Cambridge Analytica and other news where personal data is being used in manner that most people might object to, the system API’s (Application Programming Interfaces) are being reviewed and modified or retired to help to tighten up on security.

If you are using one of two Facebook plugins in your WordPress site, you may find it is no longer working. That is because Facebook have modified the interface. There will be ways around this I expect, but I am going to leave it a few weeks and let the dust settle.

If you find your facebook feed page is corrupted, or at best not looking great because it has a warning message in there, disconnect it from the menu for now.

I understand that there are workarounds, that require admin access to the Facebook Group page and knowledge of a special key and secret. I have not used those when setting up your page.  As I find out more I will update this page.

You can read about the changes here if you want to have a go yourself: https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes/

(13/04/18)

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Changes to Updraftplus

In another article on this site I refer to some issues with Updraftplus the backup plugin we use on all sites. One of the things that has happened over the past three months is the settings have been corrupted.  Where this has happened there are a wide range of symptoms, I will not go into them here.

Reset the configuration

I have been advised by Updraftplus to reset the configuration (effectively means erase the settings and set them up again). If your site was backing up to an external dropbox that either I set up for you, or you set up, it is no longer doing so. The settings for your dropbox authentication have been lost as a result of the reset process. I could not avoid it.  Continue reading Changes to Updraftplus

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

What you don’t know can’t kill you

For many charities they may independently buy hosting and build a website, or someone else builds it for them and they don’t take any more action. There is a flaw in this, not all website hosting works as smoothly as you may think it does, and as you will see in this article, sometimes things happen which will substantially break a site, ….. and you are unaware of it.

Over the past two weeks I have raised around 10 support cases with the hosting provider we are using. They have been brilliant over the past year, I don’t have any regrets moving to them, the sites are generally trouble free. Since we moved to them last year, I have raised 178 support cases on your behalf, you never knew that did you? Continue reading What you don’t know can’t kill you

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Google Recaptcha v1 Withdrawn

YOU ONLY NEED TO TAKE ACTION IF YOU CHECK YOUR SITE AND SEE A MESSAGE LIKE THE ONE ABOVE. IF YOU DON’T SEE THE MESSAGE YOU ARE UNAFFECTED.

It seems that Google have withdrawn Google Recaptcha Version 1 function that is used on some contact forms wef 31/03/2018. Please check your contact form now and see if this has happened to you. It was withdrawn yesterday. If you have this problem on your site nobody can send you a message so it is important to resolve it quickly.

Self Help

This is what you need to do:

Login to the site go to Forms in the sidebar menu and select it.

This for most people will show a single form or multiple forms. Select a form and open it in the editor and check to see if the bottom most item says New reCAPTCHA.

If you have that on your form, delete it. Then save the form.

Check ALL of the forms on your site if you have more than one. Save each one.

On completion go into your site as a user would, and locate each form and send a message to confirm it is working. Check the form still makes sense as well.

This has removed the Spam Protection mechanism used in this form. So your spam count may go up as a result of making this change.  However your visitors can still send you a message.

This particular form plugin is no longer supported by the author, so we should probably find an alternative form. Check back on this site later for a solution that uses the new or an alternative Google ReCaptcha function.

If you immediately start getting hit by an increase of Spam let me know please.

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

GDPR Privacy Notice

GDPR (General Data Protection Regulation) is due to come into force from the 25th of May. Everyone processing data in any form will be subject to the requirements of this new regulation. 

I  have been researching the implications of the regulation with regards to your website, and have attempted to put an example notice together which will help to cover the regulation. First though some caveats. Continue reading GDPR Privacy Notice

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Emerging GDPR

Chances are this affects your organisation

GDPR stands for General Data Protection Regulation, which will become law in May of this year. It tightens up on existing Data Protectionregulations. It does have implications for everyone on the web, but it also extends to your back office systems (so beyond your website and email systems and our relationship) where you have recorded in any form; personal information.

Right now I have not read it all. I will return with some recommendations or things to think about in late Feb or early March. In terms of your websites, there may be things you need to do. For any CRM (Customer Relationship Management System) or any database or method for recording personal information, you will be affected. So do not ignore it.

Information Commisioner Office

You can start by going to this link and reading the material there: ICO GDPR.

Online learning course

A colleague has also pointed out that there is a self guided course available for free which takes around 3hrs. I have not looked at this yet, but do check it out. Go to Future Learn.   I have not validated either of these yet. Do not pay anyone any money just in case there is a solicitation for money (unless you wish to). Guidance on the regulations should be available from multiple sources for free. I suspect that there will be a lot of FUD as well (Fear Uncertainty and Doubt) peddled by some consultants seeking to help you for a fee. So do take care. Continue reading Emerging GDPR

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Nominet Messages

The following is applicable if you have a domain ending in .co.uk, .org.uk or .uk

Nominet are the issuing authority that manage any domain names ending in .uk. In the 7 years I have been working with Charities and not for profit groups, I have needed to contact them twice, once being a difficult case where the registrant of a domain name had passed away. The organisation represented by the domain name needed to regain control. They are very helpful, but have been largely a passive organisation; there when you need them.

I had an instance this week, which was unusual and it raises a lot of questions, none of which have been answered. However I think it is worth raising to your attention because if your domain name is registered against your email address, and they contact you and you fail to respond, or miss the mail, or ignore it, then you risk your website and email being taken offline.  Continue reading Nominet Messages

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Webmail…..

… is not JUST webmail

I thought I would make some comments here following some conversations I have had recently with people. There may be some misunderstandings.

Multiple 10GB mail boxes

If you are using the mail accounts provided with the hosting, the mail boxes are each 10GB in size. While you can access them through this address: https://stackmail.com you can also access them through ANY device with a mail client (aka mail program).

I personally access my mail account on the following devices:

iPhone, iPad (using the native email application), Macbook using Mac mail, iMac using Mac mail, Windows 7 desktop running Outlook & Thunderbird, Windows 10 laptop running Outlook and on any of those devices I can also use a browser to get to webmail. I also run my accounts as IMAP. This means on each device, I get the same view of my mail including any special folders I have set up. This is because I am viewing mail on the server, and not locally. If I was set up as POP3 on my clients, then the server is only used as temporary storage for mail.  Continue reading Webmail…..

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail