News & Alerts

Understanding how to use this site

I have added a page under the main menu that shows you how to use this site. There are currently over 200 news/ self help/ information items on the site with hints and tips and 34 fixed pages. I realised that some of you visiting here may not be aware they are there because they cannot be located directly through the main menu.

They are news posts that are accessed through the news and alerts page. Each is categorised according to the content in the page and it’s relevance.

To help you get as much information as possible from the information on this site please see this page for more an explanation of how the site works. How to use this site. 

For clients of Wingrove-Media

If you have recently been working with me, and I have developed a site for you, or I am hosting your site you can sign up to a monthly newsletter using the form below:

After clicking Subscribe please check your email account and confirm your subscription

Please note that if you are not recognised as a client you will not be added to the mailing list. Most general articles on this site are freely available to everyone, I have made this available in the same spirit of many other developers who wish to help people, if only in thanks to those that have helped me in the past when I first started. The purpose of the content in this site is primarily targeted at my client base who have a specific implementation or are using specific services to support their website and email. 

Please check the sidebar for a list of articles, or search the site for something using the methods described in the sidebar. There is a category cloud in the side bar which is used to categorise posts. You can use this to narrow down your search.

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Securing mail from your website to a mailbox

By default a wordpress installation uses a method of sending mail that does not use a mailbox to send the message and does not encrypt the message. Email cannot be confirmed to be end to end secure unless you know the receiving or sending person is using encryption and is set up correctly; you can encrypt mail in the places where you control email so that it is encrypted from the website to the mailbox. If it is your mailbox, and you know that your mail client is set up correctly with encryption, then you have end to end security. If the website is running over SSL and the address starts with https:// (98% of them are now), then a user entering information into a form is also encrypted. So the path from the users browser, through your contact form, from the website to your receiving mailbox is encrypted and cannot be intercepted as plain text.

How do I make the changes

Log into your website and go to Plugins.
Seatch for WP Mail SMTP, locate it and install it. Continue reading Securing mail from your website to a mailbox

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Do You Send Newsletters?

New recommendations for Newsletters

Some of you are using Mailpoet on your websites to generate newsletters. I have run into a lot of problems sending out my newsletter this month, I have had to send it three times. I checked through my logs and found that a very small number came out last month as well. I have been investigating what has happened.  The top two entries in the image below show there is a problem because rather than a 65%+  opening rate, there is a 4% opening rate.

Continue reading Do You Send Newsletters?

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

New Guidance on Contact Forms

On many sites there are one of two contact forms used, one is called Form Manager (generally very old sites) and the other is called FS Contact Form. Neither of these form handlers are available now through the WordPress repository. Neither of them are supported any more by their authors. It is very much in your interests to replace them.

I am recommending the removal of the existing contact forms on all websites and replacement with Contact Form 7 and another plugin called Contact Form Redirection.

Both of these are supported contact forms and have current versions compatible with WordPress version 4.9.5.

By using these two plugins it will be possible to achieve the following:

  • Contact Form similar in appearance to your current form
  • Ability to upload an attachment
  • Supports Google Recaptcha version 2.00 (to reduce spam).
  • On screen message to sender to confirm message has been sent
  • Redirection to a Thank You page
  • Ability to format the message that is returned to your organisation
  • Send a copy of the submitted message to the author to confirm submission

It can probably do many more things, but these are a superset of what we are currently supporting on the most advanced sites.

The downside is Contact Form 7 is not that intuitive to use if you are a novice user compared to the former versions. However it is one of the most popular plugins for managing user forms.

Contact me if you need some help. 

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

More on GDPR and your hosting

Updated for May 2018

Somebody shared with me a PDF offer from their hosting company offering to check and lock down their website for a single payment of £497, and proposed that this would be suitable evidence to the ICO office if they ran into problems later that they had tried to meet the requirements of GDPR. I have seen quite a few examples of people trying to make money out of it, some are pretty outrageous, but it comes with the territory.

For my client base I have looked critically at the website and email side of things and there are some things that are worth doing to firm up on security. This is my list, if you want me to work through this list (I mention why in most of the items below) it is a one off charge of £50. In some cases I have already actioned some of these things below on some sites such as turning on SSL for most people and setting up offsite backups. This past two months, more and more of my time is being taken up doing things for free. Unfortunately, I still have expenses to cover, so I cannot do everything for free.

Am I covered for GDPR if I do all of these things?

The short answer is no. The actions listed below cover and protect one part of the information gathering systems. But GDPR is more about what you do internally in your office, how you deal with the data and protect it. You still need to do that work. It starts with a Data Protection Impact Assessment (link to ICO website). Please make sure you have read and understood what GDPR is all about. Your website and email systems are a small part of it.  Continue reading More on GDPR and your hosting

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Facebook Feed Broken in WordPress?

Following the media news about Facebook and the ability of “bad actors” to search Facebook based on a telephone number or email address and locate people, Cambridge Analytica and other news where personal data is being used in manner that most people might object to, the system API’s (Application Programming Interfaces) are being reviewed and modified or retired to help to tighten up on security.

If you are using one of two Facebook plugins in your WordPress site, you may find it is no longer working. That is because Facebook have modified the interface. There will be ways around this I expect, but I am going to leave it a few weeks and let the dust settle.

If you find your facebook feed page is corrupted, or at best not looking great because it has a warning message in there, disconnect it from the menu for now.

I understand that there are workarounds, that require admin access to the Facebook Group page and knowledge of a special key and secret. I have not used those when setting up your page.  As I find out more I will update this page.

You can read about the changes here if you want to have a go yourself: https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes/

(13/04/18)

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Changes to Updraftplus

In another article on this site I refer to some issues with Updraftplus the backup plugin we use on all sites. One of the things that has happened over the past three months is the settings have been corrupted.  Where this has happened there are a wide range of symptoms, I will not go into them here.

Reset the configuration

I have been advised by Updraftplus to reset the configuration (effectively means erase the settings and set them up again). If your site was backing up to an external dropbox that either I set up for you, or you set up, it is no longer doing so. The settings for your dropbox authentication have been lost as a result of the reset process. I could not avoid it.  Continue reading Changes to Updraftplus

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

What you don’t know can’t kill you

For many charities they may independently buy hosting and build a website, or someone else builds it for them and they don’t take any more action. There is a flaw in this, not all website hosting works as smoothly as you may think it does, and as you will see in this article, sometimes things happen which will substantially break a site, ….. and you are unaware of it.

Over the past two weeks I have raised around 10 support cases with the hosting provider we are using. They have been brilliant over the past year, I don’t have any regrets moving to them, the sites are generally trouble free. Since we moved to them last year, I have raised 178 support cases on your behalf, you never knew that did you? Continue reading What you don’t know can’t kill you

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Changes to incorporate SSL

With GDPR coming along shortly, I am working my way around the hosting accounts and where it is possible, I am enabling a security certificate for each domain.

Unlike the previous hosting we were in, this one offers free security certificates, they normally cost around £75 per year. They are free to me, so they are free to you.

What does this mean?

It means that when a visitor comes to your website they do not go to http:// they go to https:// the “s” is important because it means the data going to and from the website is generally* encrypted. I will explain why I have said “generally” in a moment”.  SSL means Secure Socket Layer.

What is particularly important is anything entered into a form is encrypted between the user and the website, and therefore nobody can intercept it on the wire. When your site was first built we were not able to use SSL certificates, and all requests and data entered between a client and the server were in plain text. If they could be intercepted then they could be read.  Continue reading Changes to incorporate SSL

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Google Recaptcha v1 Withdrawn

YOU ONLY NEED TO TAKE ACTION IF YOU CHECK YOUR SITE AND SEE A MESSAGE LIKE THE ONE ABOVE. IF YOU DON’T SEE THE MESSAGE YOU ARE UNAFFECTED.

It seems that Google have withdrawn Google Recaptcha Version 1 function that is used on some contact forms wef 31/03/2018. Please check your contact form now and see if this has happened to you. It was withdrawn yesterday. If you have this problem on your site nobody can send you a message so it is important to resolve it quickly.

Self Help

This is what you need to do:

Login to the site go to Forms in the sidebar menu and select it.

This for most people will show a single form or multiple forms. Select a form and open it in the editor and check to see if the bottom most item says New reCAPTCHA.

If you have that on your form, delete it. Then save the form.

Check ALL of the forms on your site if you have more than one. Save each one.

On completion go into your site as a user would, and locate each form and send a message to confirm it is working. Check the form still makes sense as well.

This has removed the Spam Protection mechanism used in this form. So your spam count may go up as a result of making this change.  However your visitors can still send you a message.

This particular form plugin is no longer supported by the author, so we should probably find an alternative form. Check back on this site later for a solution that uses the new or an alternative Google ReCaptcha function.

If you immediately start getting hit by an increase of Spam let me know please.

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Hosting Costs Change

Since I started providing hosting and email for everyone I have been providing it for £48 per year, with a few exceptions where there was high usage or multiple accounts. I have not increased those charges for six years. With GDPR coming in, there are some additional measures that can be made to help protect the integrity of your website.

With effect from April 1st 2018 , all hosting renewals will increase to £5 per month, £60 per year. Currently within the hosting arrangement all sites are backed up each week and several copies week’s worth of copies are stored in the hosting, generally between 3 and 6. I also visit each site and check it four times a year, so my service is a little more than just providing space on a server.  Continue reading Hosting Costs Change

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail