Securing mail from your website to a mailbox

By default a wordpress installation uses a method of sending mail that does not use a mailbox to send the message and does not encrypt the message. Email cannot be confirmed to be end to end secure unless you know the receiving or sending person is using encryption and is set up correctly; you can encrypt mail in the places where you control email so that it is encrypted from the website to the mailbox. If it is your mailbox, and you know that your mail client is set up correctly with encryption, then you have end to end security. If the website is running over SSL and the address starts with https:// (98% of them are now), then a user entering information into a form is also encrypted. So the path from the users browser, through your contact form, from the website to your receiving mailbox is encrypted and cannot be intercepted as plain text.

How do I make the changes

Log into your website and go to Plugins.
Seatch for WP Mail SMTP, locate it and install it. Continue reading Securing mail from your website to a mailbox

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Do You Send Newsletters?

New recommendations for Newsletters

Some of you are using Mailpoet on your websites to generate newsletters. I have run into a lot of problems sending out my newsletter this month, I have had to send it three times. I checked through my logs and found that a very small number came out last month as well. I have been investigating what has happened.  The top two entries in the image below show there is a problem because rather than a 65%+  opening rate, there is a 4% opening rate.

Continue reading Do You Send Newsletters?

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

More on GDPR and your hosting

Updated for May 2018

Somebody shared with me a PDF offer from their hosting company offering to check and lock down their website for a single payment of £497, and proposed that this would be suitable evidence to the ICO office if they ran into problems later that they had tried to meet the requirements of GDPR. I have seen quite a few examples of people trying to make money out of it, some are pretty outrageous, but it comes with the territory.

For my client base I have looked critically at the website and email side of things and there are some things that are worth doing to firm up on security. This is my list, if you want me to work through this list (I mention why in most of the items below) it is a one off charge of £50. In some cases I have already actioned some of these things below on some sites such as turning on SSL for most people and setting up offsite backups. This past two months, more and more of my time is being taken up doing things for free. Unfortunately, I still have expenses to cover, so I cannot do everything for free.

Am I covered for GDPR if I do all of these things?

The short answer is no. The actions listed below cover and protect one part of the information gathering systems. But GDPR is more about what you do internally in your office, how you deal with the data and protect it. You still need to do that work. It starts with a Data Protection Impact Assessment (link to ICO website). Please make sure you have read and understood what GDPR is all about. Your website and email systems are a small part of it.  Continue reading More on GDPR and your hosting

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

GDPR Resources

The following is a list of sites referring to GDPR

Some of these may be touting for business. If they are, that is not why they were chosen to be included in this list. You may find some useful guidance here that relates to your organisation and what you need to do.

I am aware that some of the parent organisations of the charities I support are running training on GDPR and as such you are probably adequately covered for your operations. Others though have no centralised guidance, so are being left to their own devices. Hopefully these links will help, along with other things I have published on this site.

Information Commissioner Site

Start here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Probably answers most questions and is a comprehensive plain language guide.

General Resources

Commercial site offering guidance

https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation

What is personal information?

eugdprcompliant.com

Is an IP address Personal Information?

https://www.whitecase.com/publications/alert/court-confirms-ip-addresses-are-personal-data-some-cases

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

GDPR Privacy Notice

GDPR (General Data Protection Regulation) is due to come into force from the 25th of May. Everyone processing data in any form will be subject to the requirements of this new regulation. 

I  have been researching the implications of the regulation with regards to your website, and have attempted to put an example notice together which will help to cover the regulation. First though some caveats. Continue reading GDPR Privacy Notice

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Be seen (by Google)…

I have just finished working my way around 100+ websites and backing them all up. I also check them to make sure the infrastructure is up to day. There are a couple of interesting observations that are worth noting, particularly if you are new to editing, or struggling with updating your website, or don’t like updating it for some other reason.

All of the points raised and guidance are included in a downloadable document at the end of this article.

1). Google Searches.

Before I start checking a site I perform a google search on the entity name (not the domain name) to make sure it comes very close to the top, if not at the top of the first page on Google. I have never had any problems getting people to the top of searches without paying a penny. But there are things you need to do to stay there, and stay fresh.

Download some tips

2). A picture paints a thousand words

Well in web terms it doesn’t unfortunately. I have seen lots of examples of people placing images, such as posters on their home pages. Posters are generally a graphic stored as a PDF, JPG or PNG file. It is an image file. Humans can read and interpret images. Google and computers generally cannot.

Download some tips Continue reading Be seen (by Google)…

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Mainly for the benefit of new users

How to quickly update your website

This item is largely for the benefit of new users to WordPress and the systems I have put together.  This assumes you are using a Divi based system. If you don’t know what that is, you probably are not using a website based on the Divi template. The steps are broadly the same for any system. But on the later Divi sites I have configured them to work in a specific way with a featured image.

Basics

Your site comprises fixed or page based content, this tends to remain static and can be located directly through the menu. This is the main part of your website. It tells the world; who you are and what you do in a generic sense.

There is another form of content called a Post. Posts are handled slightly differently. They tend to be transient in that they are time based, with the most recent being prominent and visible on your site, and the oldest buried in an old blog page in your site. However both are still in your site and can be located.  Continue reading Mainly for the benefit of new users

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Emerging GDPR

Chances are this affects your organisation

GDPR stands for General Data Protection Regulation, which will become law in May of this year. It tightens up on existing Data Protectionregulations. It does have implications for everyone on the web, but it also extends to your back office systems (so beyond your website and email systems and our relationship) where you have recorded in any form; personal information.

Right now I have not read it all. I will return with some recommendations or things to think about in late Feb or early March. In terms of your websites, there may be things you need to do. For any CRM (Customer Relationship Management System) or any database or method for recording personal information, you will be affected. So do not ignore it.

Information Commisioner Office

You can start by going to this link and reading the material there: ICO GDPR.

Online learning course

A colleague has also pointed out that there is a self guided course available for free which takes around 3hrs. I have not looked at this yet, but do check it out. Go to Future Learn.   I have not validated either of these yet. Do not pay anyone any money just in case there is a solicitation for money (unless you wish to). Guidance on the regulations should be available from multiple sources for free. I suspect that there will be a lot of FUD as well (Fear Uncertainty and Doubt) peddled by some consultants seeking to help you for a fee. So do take care. Continue reading Emerging GDPR

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Nominet Messages

The following is applicable if you have a domain ending in .co.uk, .org.uk or .uk

Nominet are the issuing authority that manage any domain names ending in .uk. In the 7 years I have been working with Charities and not for profit groups, I have needed to contact them twice, once being a difficult case where the registrant of a domain name had passed away. The organisation represented by the domain name needed to regain control. They are very helpful, but have been largely a passive organisation; there when you need them.

I had an instance this week, which was unusual and it raises a lot of questions, none of which have been answered. However I think it is worth raising to your attention because if your domain name is registered against your email address, and they contact you and you fail to respond, or miss the mail, or ignore it, then you risk your website and email being taken offline.  Continue reading Nominet Messages

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Elegant Themes Divi Documentation

I have just been alerted to a comprehensive set of videos and other online resources which have just been released by Elegant Themes (the people who develop the Divi WordPress Theme).

If your site is based on Divi (if you don’t know it probably isn’t, but check with me), you can access these tutorials to learn about how you can get the most out of your website. Do bear in mind, I have not seen them all, or used all of the whistles and bells in this template, so there are bound to be things in here, I have not used.

The link to the document is here: https://www.elegantthemes.com/documentation/divi/

Update 19/01/18

New set of comprehensive help direct from Elegant Themes for Divi users can be located through here: Divi Helper Announcement this includes access to 70 videos.

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail