Heartbleed: Potential Online Vulnerability

Security analysts this week discovered a major security flaw with OpenSSL, a security protocol used by as much as 2/3 of the internet. This vulnerability is being called Heartbleed.

Because of possible exposure of personal and financial data, experts are recommending that users change their passwords to financial sites, retailers, social media accounts, and other sites. I urge you to do that for any sites you use. (Test if your favorite sites are affected.)

But how is your website affected?

This is a vulnerability with server encryption for SSL certificates. A patch has been released, so hosting companies’ server admins will be working to upgrade the servers under their supervision. 

This only affects websites that use SSL, and there is that little individual website owners should need to do.

Rackspace Hosting

We’ve contacted Rackspace (our hosting provider) about the issue, who have assured us their servers are protected and all necessary updates were made.

We’ll watch for updates to their Status page and technical updates on their public issue ticket.

Other Hosting Providers

Many of our clients are hosted with Dreamhost, Bluehost and other companies. We’ll watch their blogs for any relevant announcements.

If you provide your own hosting, we recommend you contact your hosting provider. If any actions are necessary, please let me know.

SSL Websites

For our clients with SSL certificates, we’ll be contacting your SSL providers this morning and taking any necessary actions to protect your site.

WordPress Sites

There’s no indication that WordPress sites have been affected, though a site’s hosting server may be (detailed above).

WordPress released an unrelated security patch yesterday, which has already been made to most of our client sites. We’ll keep an eye on any new releases and update as needed.

Expression Engine Sites

Similarly, Expression Engine sites have probably not been directly affected, but we’ll watch for any security patches.

Next Steps

I’ll keep an eye on the issue as it develops, but am fairly confident that client sites are safe.

If you have any questions about this vulnerability or your website specifically, please let me know.


Preparing Your Website for 2014

As 2013 comes to an end, we like to set aside some time, look back on the past year, and prepare for great 2014. Are we talking about New Years resolutions? No, website planning!

Software and Security Updates

Like any software, web software developers release periodic updates. Expression Engine releases a few major updates a year; WordPress releases a few minor updates a month and occasional major updates like the recent 3.8 update. These updates introduce new features and tools, fix known bugs, or address recently discovered security threats.

Now is the perfect time to make sure your software is up-to-date and your website is well-secured* for the coming year.

Look back

Take a few minutes to review your website’s performance in 2013. To start, pull up your Google Analytics account:

  • Have you seen increased or decreased traffic over the last year?
  • Any seasonal traffic patterns you can identify?
  • Any new or surprising sources of referral traffic that you can leverage?
  • What cities, states or countries are your site visitors from? What browsers or devices are they using?

Next, think about how you personally use the site on a daily or weekly basis:

  • Have you posted news or other fresh content lately?
  • Any parts of the site that are out-of-date or need to be updated?
  • Any problems or issues with the website that you’ve just come to “live with”?

Look ahead

Finally, take a few more minutes to think ahead to the coming year:

  • Has your business or organization defined any new goals for 2014? Does your website support that?
  • Any upcoming marketing or advertising campaigns that the website needs to be prepared for?
  • Are there any day-to-day organizational tasks that can be shifted online to save your team time and money?

And that’s it. In less than an hour, you can lay the groundwork for a successful 2014. If we can offer any advice or assist with your 2014 website planning, please let us know.

 

*Retainer clients, we’ve already made your software updates or have them scheduled, depending on your maintenance plan. And we’ll be in touch soon to schedule your end-of-the-year review, if we haven’t already.


The Importance of Content

Content marketing and content strategy are hot topics right now, with countless blog posts about how to craft effective content for your site. This is not one of those posts.

Instead, I wanted to cover something more fundamental – the role of content in the other stages of a website project – planning, design, programming, and launch.

Site Planning

There’s always an urge to rush right into design, with the expectation of filling in the content later. Clients will often ask “how can we provide  content without knowing what the pages look like?” With planning!

In the planning stage, we’ll discuss the goals of the website and produce sitemaps, wireframes, and a content outline describing the goal and type of content we advise for each page. Those planning documents can then be used as a guide to generate the content.

Design

The content will then guide the design of the pages. What types of content will each page include… text, photos, video? Will pages contain 100 words or 1000? How will the navigation work?

All of those design decisions are informed by content. Design becomes an extension of your content, instead of simply decoration for it.

Programming

The content also dictates the functionality of the programmed site. What types of content will each page include? How will the user interact with it? How will updates be posted? All of these are taken into consideration when programming the site, as the content management software is customized to meet the needs of the project.

Launch

With the site live, the content process is finished, right? Just the opposite.

Once live, a website requires new content to keep the site fresh, boost SEO rankings, and keeping visitors coming back.

 

Stay tuned for a guest post from Edward Baldwin of Recurve, who will discuss content generation in more detail.


Your website is like your… bathroom?

During a recent home bathroom renovation, I was struck by how close the construction process was to a website redesign process. How?

Skilled Specialists

Over the month-long renovation, our house was a veritable parade of specialty contractors, each working in tandem on their part of the project. In addition to our general contractor, there were carpenters, electricians, drywall guys, tile guys, and painters.

Similarly, it takes a talented team of specialists to build a new website. At a minimum, you’ll interact with a designer and programmer. But there are several other people working away behind the scenes, including copywriters, photographers, project managers and others, that help bring the project together.

Collecting Materials

As part of the renovation, my wife and I were responsible for selecting and purchasing our materials, and we were asked repeatedly to have them ready before the project started. Why? Because the contractor needed everything on hand to finalize his plans. For example, the medicine cabinet, lights and outlets were to be centered over the vanity, which affected the electrical wiring done on day 2.

We dutifully pre-purchased all of our materials, but forgot touch-up paint for an exterior hallway. No big deal, right? Not for the painter who patiently sat on our front porch clocking up Saturday overtime, while we rushed to Lowes (twice!) to match the discontinued color.

It’s just as important to compile your website materials at the start of the project. Logos, photography, marketing content and copywriting, staff bios, legal disclaimers, hosting account information and other information should all be reviewed early in the planning phase, so they can be appropriately built into the project plan.

Sure, it’s tempting to just start on the design and “figure it out later.” But those projects inevitably suffer. The design may fall short since there’s no predefined message or goal to build around. Or the added-at-the-last-minute content may be weak and ineffective, since it was cobbled together in a rush to get the website live.

Measure Twice, Cut Once

With a couple exceptions, our renovation went smoothly. But a small storage cabinet was built next to the bathtub. The contractor forgot to tell the tile guys, who used a precious few square feet of tile under the would-be cabinet. Then, they ran out of tile a foot short of covering the rest of the floor. The project was stopped for a week as we waited for more tile to be rush-delivered.

This further demonstrates the importance of  a website production process. While the web team waits on a missing piece of content or an elusive server login, the project schedule slips a day here and a week there. And the overall work suffers through a series of starts and fits. We’ve seen projects delayed by weeks and months, all for lack of a few hours of planning at the start.

Conclusion

So how to avoid these issues? Planning, planning planning!

We advocate a thorough planning phase at the start of a project, to hammer out all the details before we put pen to paper. For more information, read a more detailed description of our project process. Or give us a call and we’ll walk you through it!


Other Content Software

Are WordPress and Expression Engine your only website software options? Of course not!

There are countless other choices, including:

In our experience, each platform have their own positives and negatives, but we’ve had the best luck with WordPress and Expression Engine.

Action Item: What software does your current website use? Are there any problems or missing functionality that prevents you from keeping your website up-to-date?

 


WordPress vs. Expression Engine

When selecting your content management software, it’s important to select the right tool for the job. For most of our projects, we lean towards two popular content management packages, WordPress and Expression Engine.

WordPress is a free open-source software that started as blogging software and quickly developed into a full-featured CMS with a huge user base, a rabid developer community, and a giant marketplace of aftermarket add-ons and plugins. How big is WordPress? Some sources estimate that WordPress powers 15% of the world’s websites and 22% of US websites.

Expression Engine is paid commercial software from Ellis Lab. It also started as a blogging platform called pMachine, and was re-released as Expression Engine soon after. It also has a great developer community and a quickly growing of free and paid plugins. We favor “EE” for more robust sites, with many different types of content.

Action Item: Review your organization’s website and make note of the different types of content it currently has. Anything else you need to add? This will come in handy when choosing a CMS for your project.


Benefits of a CMS

Once you’ve launched your website, you’ll eventually need to make updates.

Perhaps you have a small informational site and only make a few changes a year. In that case, you might just send changes to your web developer, who can make them for you.

For more complex sites, and mor frequent updates, you’re going to need a Content Management System, or CMS.

A CMS is software framework on which your website is built. It allows you and your team to make content updates through a specialized interface, without having to modify the actual code of the site. The content is usually stored in a database, and distributed to the site user as each page is loaded.

If you’ve ever used a blogging tool, like Tumblr or Blogger, you’ve used a simplified CMS.

There are numerous options for a website CMS; we’ll go into some of our favorites next week.

Action Item: How do you handle updates on your current website? Does it use a CMS? If so, collect any necessary login information and store in a safe place.


Know Your Numbers

Is your website successful?

To answer that, you need to compare your website’s goals to your website’s performance. And for that, you need analytics.

Most hosting companies offer a basic analytics software, like WebTrends or Urchin, that can get you some baseline numbers like number of visitors or time spent on site. (Note, sometimes these need to be manually activated to start tracking your numbers.)

But given a choice, we prefer Google Analytics. It’s a full-featured, incredibly robust analytics tool that you can install on any website… for free! Here are a few of the things we track with it:

  • Unique Visitors Per [time period]
  • Geographic Location of Your Visitors
  • Average Time Spent On Site
  • Average # of Pages Per Visit
  • % of visitors to complete a pre-determined conversion path (Example: Homepage > Our Services > Request a Quote)
  • % Mobile Users vs Traditional Users

Action Item: Does your organization’s website have analytics? Review your numbers for the last month, the last quarter, and the last year. Any noticeable trends? Do the numbers support your online goals?

Bonus Action Item: No analytics on your site? Install Google Analytics, using this guide from Dynamic Web Solutions, our SEO partners. Or, give us a call!


You’ve Got Mail

Like web hosting, there are a variety of options for hosting your organization’s email accounts.

Your Hosting Company – in many cases, your web hosting plan will include x number of email accounts. This is a great option for smaller organizations, as your hosting company becomes a one-stop shop. But there are downsides. For example, i you ever need to change hosting servers, you’ll need to manually move all of your email accounts (and risk downtime or loss of archived emails).

Third-Party Services – You can also get email through a dedicated third-party service. This keeps your email in one place, regardless of your current web hosting needs. And email specialists can sometimes provide better services than a budget web host, greater uptime, and other supporting services. For example, we use Google Apps for Business, which provides our email, calendars, shared document storage and other services, for a low annual fee.

Internal Mail Server – Another option is to keep a physical mail server at your organization’s office or an offsite location. But servers can be expensive and require frequent attention and upkeep from a professional server admin, so this isn’t our recommended approach.

 

Action Item: Where is your organization’s email hosted? Find any relevant account information and record it along with your domain and hosting information.


Choosing A Host

The website host is the physical computer on which your website lives. Site visitors access the server by way of your domain name, and the hosting server provides access to your pages and files.

There are numerous variations of hosting servers and hosting plans, and your choice is dependent on numerous factors:

Shared Server, Virtual Private Server and Private Server – Essentially, will your website be the only one living on a private server, or will you be sharing the server with other clients?

A private server offers you the most flexibility and security, but can be prohibitively expensive. A shared server is affordable, but can offer performance and security risks. A virtual private server is often a good middle ground… you share a server, but are partitioned from your fellow inhabitants as if you had the server to yourself.

Unix vs. Linux vs Windows – this refers to the type of software installed on a server, and would affect the types of websites you could run from the server. Consult with your site developer before making this decision.

Cloud – Technically, all web servers are part of “the cloud” so this is largely a marketing term. When describing hosting, it usually refers to a flexible network of servers that dynamically adapt to the usage needs of your website, such as a traffic spike from a sudden piece of publicity.

Action Item: Where is your current website hosted? Find your hosting company, account name, and password and store that information in a safe place (along with your domain info).