Securing mail from your website to a mailbox

By default a wordpress installation uses a method of sending mail that does not use a mailbox to send the message and does not encrypt the message. Email cannot be confirmed to be end to end secure unless you know the receiving or sending person is using encryption and is set up correctly; you can encrypt mail in the places where you control email so that it is encrypted from the website to the mailbox. If it is your mailbox, and you know that your mail client is set up correctly with encryption, then you have end to end security. If the website is running over SSL and the address starts with https:// (98% of them are now), then a user entering information into a form is also encrypted. So the path from the users browser, through your contact form, from the website to your receiving mailbox is encrypted and cannot be intercepted as plain text.

How do I make the changes

Log into your website and go to Plugins.
Seatch for WP Mail SMTP, locate it and install it. Continue reading Securing mail from your website to a mailbox


Facebook Feed Broken in WordPress?

Following the media news about Facebook and the ability of “bad actors” to search Facebook based on a telephone number or email address and locate people, Cambridge Analytica and other news where personal data is being used in manner that most people might object to, the system API’s (Application Programming Interfaces) are being reviewed and modified or retired to help to tighten up on security.

If you are using one of two Facebook plugins in your WordPress site, you may find it is no longer working. That is because Facebook have modified the interface. There will be ways around this I expect, but I am going to leave it a few weeks and let the dust settle.

If you find your facebook feed page is corrupted, or at best not looking great because it has a warning message in there, disconnect it from the menu for now.

I understand that there are workarounds, that require admin access to the Facebook Group page and knowledge of a special key and secret. I have not used those when setting up your page.  As I find out more I will update this page.

You can read about the changes here if you want to have a go yourself:



Changes to Updraftplus

In another article on this site I refer to some issues with Updraftplus the backup plugin we use on all sites. One of the things that has happened over the past three months is the settings have been corrupted.  Where this has happened there are a wide range of symptoms, I will not go into them here.

Reset the configuration

I have been advised by Updraftplus to reset the configuration (effectively means erase the settings and set them up again). If your site was backing up to an external dropbox that either I set up for you, or you set up, it is no longer doing so. The settings for your dropbox authentication have been lost as a result of the reset process. I could not avoid it.  Continue reading Changes to Updraftplus


What you don’t know can’t kill you

For many charities they may independently buy hosting and build a website, or someone else builds it for them and they don’t take any more action. There is a flaw in this, not all website hosting works as smoothly as you may think it does, and as you will see in this article, sometimes things happen which will substantially break a site, ….. and you are unaware of it.

Over the past two weeks I have raised around 10 support cases with the hosting provider we are using. They have been brilliant over the past year, I don’t have any regrets moving to them, the sites are generally trouble free. Since we moved to them last year, I have raised 178 support cases on your behalf, you never knew that did you? Continue reading What you don’t know can’t kill you


Changes to incorporate SSL

With GDPR coming along shortly, I am working my way around the hosting accounts and where it is possible, I am enabling a security certificate for each domain.

Unlike the previous hosting we were in, this one offers free security certificates, they normally cost around £75 per year. They are free to me, so they are free to you.

What does this mean?

It means that when a visitor comes to your website they do not go to http:// they go to https:// the “s” is important because it means the data going to and from the website is generally* encrypted. I will explain why I have said “generally” in a moment”.  SSL means Secure Socket Layer.

What is particularly important is anything entered into a form is encrypted between the user and the website, and therefore nobody can intercept it on the wire. When your site was first built we were not able to use SSL certificates, and all requests and data entered between a client and the server were in plain text. If they could be intercepted then they could be read.  Continue reading Changes to incorporate SSL


Google Recaptcha v1 Withdrawn


It seems that Google have withdrawn Google Recaptcha Version 1 function that is used on some contact forms wef 31/03/2018. Please check your contact form now and see if this has happened to you. It was withdrawn yesterday. If you have this problem on your site nobody can send you a message so it is important to resolve it quickly.

Self Help

This is what you need to do:

Login to the site go to Forms in the sidebar menu and select it.

This for most people will show a single form or multiple forms. Select a form and open it in the editor and check to see if the bottom most item says New reCAPTCHA.

If you have that on your form, delete it. Then save the form.

Check ALL of the forms on your site if you have more than one. Save each one.

On completion go into your site as a user would, and locate each form and send a message to confirm it is working. Check the form still makes sense as well.

This has removed the Spam Protection mechanism used in this form. So your spam count may go up as a result of making this change.  However your visitors can still send you a message.

This particular form plugin is no longer supported by the author, so we should probably find an alternative form. Check back on this site later for a solution that uses the new or an alternative Google ReCaptcha function.

If you immediately start getting hit by an increase of Spam let me know please.


GDPR Privacy Notice

GDPR (General Data Protection Regulation) is due to come into force from the 25th of May. Everyone processing data in any form will be subject to the requirements of this new regulation. 

I  have been researching the implications of the regulation with regards to your website, and have attempted to put an example notice together which will help to cover the regulation. First though some caveats. Continue reading GDPR Privacy Notice


Be seen (by Google)…

I have just finished working my way around 100+ websites and backing them all up. I also check them to make sure the infrastructure is up to day. There are a couple of interesting observations that are worth noting, particularly if you are new to editing, or struggling with updating your website, or don’t like updating it for some other reason.

All of the points raised and guidance are included in a downloadable document at the end of this article.

1). Google Searches.

Before I start checking a site I perform a google search on the entity name (not the domain name) to make sure it comes very close to the top, if not at the top of the first page on Google. I have never had any problems getting people to the top of searches without paying a penny. But there are things you need to do to stay there, and stay fresh.

Download some tips

2). A picture paints a thousand words

Well in web terms it doesn’t unfortunately. I have seen lots of examples of people placing images, such as posters on their home pages. Posters are generally a graphic stored as a PDF, JPG or PNG file. It is an image file. Humans can read and interpret images. Google and computers generally cannot.

Download some tips Continue reading Be seen (by Google)…


Mainly for the benefit of new users

How to quickly update your website

This item is largely for the benefit of new users to WordPress and the systems I have put together.  This assumes you are using a Divi based system. If you don’t know what that is, you probably are not using a website based on the Divi template. The steps are broadly the same for any system. But on the later Divi sites I have configured them to work in a specific way with a featured image.


Your site comprises fixed or page based content, this tends to remain static and can be located directly through the menu. This is the main part of your website. It tells the world; who you are and what you do in a generic sense.

There is another form of content called a Post. Posts are handled slightly differently. They tend to be transient in that they are time based, with the most recent being prominent and visible on your site, and the oldest buried in an old blog page in your site. However both are still in your site and can be located.  Continue reading Mainly for the benefit of new users


Low cost site upgrades are still available

Offer Expires in 30 days.

It is the season of goodwill, and I am providing site upgrades to Home-Start and NACCC child contact sites for the next 30 days at a very low cost, so please be quick if you are thinking about this.

To qualify, your site needs to already be in my hosting. If it is based on the original Home-start Lite or Child Contact Centre Lite sites comprising 13 pages the cost is £120. If there are some additional customisations in your site with additional pages then the costs are slightly higher. 14-18 pages £160, 19-23 pages £200.

This is particularly important to users of sites that are not mobile friendly. Google can reduce your rating in searches if you are not considered to be a mobile friendly site. Continue reading Low cost site upgrades are still available