A Guide to Technology Stacks

A Guide to Technology Stacks

Technologies, Software, and Tools

A technology stack or tech stack for short refers to a set of technologies, software, and tools that are used in the development and deployment of sites, apps, and other digital products.

For example, a classic technology stack is the LAMP stack. The LAMP stack is traditionally used for creating an environment for running PHP applications. The stack is made up of the following technologies: Linux (the environments OS), Apache (the HTTP server), MySQL (the database), and PHP (the server-side programming language).

The infographic below provides you with an exceptional introduction to technology stacks. It covers:

  • Web development stacks

  • Software stacks

  • A glimpse of the large-scale technology stacks of major tech companies like Airbnb and Stack Overflow

Technology Stack Infographic

Technology Stack Infographic
Common WordPress Errors & How to Fix Them

Common WordPress Errors

And How to Fix Them

Get your site back up and running!

WordPress is an incredibly stable Content Management System that many people use (including Pixel Forge!) due to the ease of use and level of customization available. With its widespread use and huge number of developers contributing to it, it’s difficult to guarantee that nothing will ever go wrong. Here are a few common WordPress problems that users encounter and how to fix them.

Before You Begin

Step 1 – Many solutions involve editing, deleting or updating files in your WordPress install. Make sure you have an FTP client you are comfortable using, and a text editor capable of showing syntax highlighting for HTML and PHP.

Step 2 – Determine where to start: Can you see an error message or is the problem more vague?

Theme is missing the style.css stylesheet

This message is caused by the theme you are trying to install having an incorrect file structure, the stylesheet actually being missing, or the theme not being a theme at all.

  • Make sure you have the correct file. If you downloaded your theme from Themeforest, for example, you must unzip that download to find the theme install file

  • Open the file to verify the structure is correct. Theme zips should show a folder inside. Inside that folder, you should see a style.css file.

  • Make sure the file is actually a theme. Is it possible the file is a plugin instead? This is a common mistake with theme-related plugins like Divi, Themify Builder and Visual Composer. To find out, you can try installing it under Plugins → Add New.

  • If all else fails, get in touch with the theme author to get you a working file.

404 Not Found

In most cases, this error is caused by a missing file, or an incorrect URL.

To solve it for post/page links:

  • From the WordPress Admin, go to Settings → Permalinks

  • Choose an option other than Default and click Save to regenerate your permalinks, then try again.

  • Didn’t work? Choose the Default option and try again. If that worked, skip down to .htaccess troubleshooting..

You can avoid 404 errors by periodically re-saving your permalinks, and making sure you never edit the slug of published posts, categories or tags. The Broken Link Checker and Redirection plugins can help if you really need to edit slugs and want to avoid broken link errors.

To solve it for images or other filetypes:

  • Edit the post, menu or widget where the link is set and make sure it is pointing to the right file by re-setting the link.

  • Make sure file names are lower-case with no special characters or spaces to reduce the chance of problems in the browser.

  • Re-upload the file – sometimes the link is fine but the file is really missing!

Error establishing a Database Connection

The most common cause of this error on new setups is an incorrect database path in the wp-config.php, but sometimes it can mean your database server is down.

To solve it:

  • Connect to the site with your FTP client and download a copy of the wp-config.php file and open it up to verify the server name and login/password are correct. You can check these from the hosting control panel. If you make changes, simply rename the original file on the server to something like wp_config.old, then upload your fixed copy.

  • Login to WordPress. If you see a message indicating the database needs repair, follow the prompts to run the repair.

  • If these two steps do not solve it, get in touch with your host or check their server status pages for downtime affecting your website.

Maintenance Mode Message

Updates are a vital part of keeping your WordPress website functional, and sometimes they happen automatically. Whether you initiate an update yourself or are welcomed with a surprise maintenance message in your browser, wait a few minutes before taking action. You might just be trying to view your home page while an update is running on the back-end, in which case this message is totally normal. If the message doesn’t go away, or is keeping you from logging on, something has interrupted the update process, so you’ll need to delete the file yourself.

To solve it:

  • Log into the website via your FTP program or your hosting control panel’s File Manager and locate the .maintenance file in your root folder.

  • Right-click to delete it. Don’t worry, this is totally safe.

Allowed Memory Size Exhausted

You’re installing a plugin, trying to load the customizer or clicking around in your admin panel just to have it time out and tell you you have insufficient memory or that your site memory allocation has been exceeded. This is referring to the amount of memory your database and scripts can use on your server. On most shared (cheap) hosting, the default memory allocated to WordPress is often not enough to handle setups with database-heavy plugins. These can include translation plugins, image management, gallery, link checking or SEO plugins. In many cases, you can increase the memory limit yourself.

You may also see the error worded as “out of memory.”

To solve it:

1. First, try adding the following to your wp-config.php

define( 'WP_MEMORY_LIMIT', '64M' );

This will increase the memory limit to 64MB (you can also set it to 128MB or 256MB if you want).

2. When the first step is not enough, try deactivating all plugins except those that provide critical features to the front-end display of your site. This includes caching plugins. If the situation is improved, see the Check Plugins section of the 5 Step Solution below for more detailed advice on choosing plugins.

3. This may not be enough if your issue is related to script memory. If the problem persists, you will need to increase the PHP limit set in the php.ini.

Fatal Errors

Fatal errors are almost always due to a plugin conflict, the file is damaged, or the file is not compatible with a dependency. In most cases, the function will tell you exactly what the problem is, and in which file. You can interpret fatal errors pretty easily by breaking them down into four parts:

  1. Error type – Google this part when you’re unsure
  2. Function or code issue – helps you find code errors
  3. Path to file where error occurred
  4. Line of code in the file that contains the error

Some common fatal errors are:

Call to Undefined Function

This is caused by a plugin or theme using a function hook but the function not being defined anywhere.

To solve it:

  • Make sure any plugins you have activated do not require a specific theme or other plugin. For example, a WooCommerce Paypal plugin needs WooCommerce to be installed and activated.

  • Check the code of the file indicated if you are comfortable with PHP, and solve the problem there.

  • If all else fails, go through the 5 Step Solution below.

Cannot Redeclare

Similar to the above, except in this case the function is declared more than once instead of not at all. This happens if there are conflicting plugins activated, or if the theme or plugin author did not use a unique function name.

To solve it:

  1. If you are comfortable with the code, follow the error message to find the duplicate function and change the function name to something unique. Make sure to update all hooks that use it.
  2. Not code-savvy? Check plugins.

PARSE ERROR: SYNTAX ERROR

This message means there is a mistake in the code of your theme or plugins that needs to be corrected.

To solve it:

  1. If you’ve just added some custom code to your theme’s functions.php, use your FTP client to download a copy of the file and fix the snippet. The easiest way to find syntax errors is to use an HTML editor with PHP syntax highlighting, but check for common mistakes such as missing quotes or semi-colons. If you’re really unsure, just delete your custom code and re-upload the file without it.
  2. If the error is in a plugin file, skip down to Check plugins.

You can avoid this problem in the future by always testing custom code locally before applying it to a live site, or making a backup of the file you are editing first so it can be easily restored via FTP if something goes wrong. The Solid Code Theme Editor is helpful for showing syntax errors before you hit Save when editing via your WordPress admin.

WARNING: CREATING DEFAULT OBJECT FROM EMPTY VALUE IN CUSTOMIZER.PHP

This error is due to your PHP version being too low for your current WordPress version. Get in touch with your host and make sure your site meets WordPress minimum requirements.

TEMPORARY FIX FOR ERRORS

Often times fatal errors that do not block access to your WordPress admin are just reporting a problem with the code in your theme or an active plugin, and are visible due to DEBUG mode being active on your site.

To solve it:

  1. Connect to the site via your FTP client and download a copy of the wp-config.php file.
  2. See if this line exists:
    define('WP_DEBUG',true);
  3. If so, change it from true to false, then save and upload back to the server to overwrite the existing file.
  4. Make sure your theme and plugins are up to date, and work with the authors to solve the errors, as even hidden errors can cause functionality to fail or the site to load slowly.

Internal Server Error (HTTP 500)

This one is almost always caused by the server configuration. Skip down to the 5 Step Solution to troubleshoot.

The Blank White Screen

Known affectionately as the “white screen of death”, blank browser pages where your website should be are the most frustrating thing to deal with, as they also block access to your admin panel.

The most common cause of this problem is a plugin conflict, either with another plugin, or with your active theme, or it may be hiding a fatal error you just can’t see.

To solve it:

If you right-click and view the source, you may be able to see this error, OR:

  1. Connect to the site via your FTP client and download a copy of the wp-config.php file.
  2. See if this line exists:
    define('WP_DEBUG', false);
  3. If so, change it from false to true. If not, copy and paste the following right above “/* That’s all, stop editing! Happy blogging. */”
  4. Save and upload back to the server to overwrite the existing file.

If any errors are available, this will allow you to see them. Don’t forget to set the value back to false once you solve your problem, or your visitors risk seeing all sorts of normal developer messages and errors, even on a working website!

If this does not help, you probably have a plugin conflict. Continue with the 5 Step Solution:

5 Step Solution

The following five steps solve just about any WordPress problem that is not caused by the server or bad code, or at the very least will help you determine what the problem is. Follow each step until your issue is solved or improved.

STEP 1 – UPDATE!

Having an out of date WordPress install or theme can cause a multitude of problems as files become unsynched or functions stop working because their dependencies have been removed or replaced.

  1. If you can login to your WordPress admin, go to Dashboard → Updates and apply any WordPress updates, Plugin updates, and Theme updates available. If you can’t login, update the files manually using your FTP client.
  2. If you have premium themes or plugins installed, be sure to check with the theme author or marketplace where you bought it to see if an updated file is available, then follow the author’s instructions for updating.

STEP 2 – CHECK PLUGINS

Due to the open-source nature of WordPress, the code quality of plugins varies wildly. This leads to many common WordPress problems.

  1. Connect to the site via your FTP client and navigate to the wp-content folder.
  2. Rename the plugins folder to plugins-old
    • Renaming your folder forces all of your plugins to deactivate so they cannot conflict with one another.
  3. Attempt to access the WordPress admin again

If this solved it, a plugin was probably the culprit. Rename the folder back to plugins and then visit the Plugins page in your WordPress admin. Reactivate your plugins one at a time, reloading your site in a new browser tab after each reactivation until it breaks (or hopefully doesn’t). This should help you narrow down which plugin triggers the problem. Simply repeat these steps again, then delete the offending plugin.

STEP 3 – CHECK YOUR THEME

If your theme author has thoroughly tested your main theme, the problem is not likely inherent to the theme itself, but the theme may have become corrupted, become infected with malware or have a problem with your sever’s configuration that prevents your site from working. To ensure the theme files are sound, try reinstalling the theme and leave any customization or child themes out for now.

STEP 4 – CHECK .HTACCESS

This file controls some aspects of security on your site, and how redirects work, including permalinks in WordPress. Some security plugins will modify this incorrectly or in too strict a manner which causes problems in WordPress. Your host may also enforce specific .htaccess rules that cause problems in WordPress.

  1. Connect to the site using your FTP client and locate the .htaccess file in the root.
  2. Right click and rename the file to something like .htaccess_old and try reloading your site.
  3. If that fixed the issue, log into your site and go to Settings → Permalinks, make sure something other than Default is selected, and click Save to regenerate your permalinks. This will also generate a fresh .htaccess file if you have WordPress Multisite, visit NETWORK ADMIN NETWORK SETUP and verify your wp-config.php and .htaccess are configured as outlined on that page.
  4. If turning on permalinks breaks things again, contact your host to troubleshoot. For best results, be sure to host your site on a host that offers WordPress hosting, and/or uses Unix-based servers.

For detailed .htaccess help, check out these .htaccess tips to speed up and secure WordPress.

STEP 5 – CHECK PHP & CACHING

  1. PHP should be at least 5.6.
  2. Disable eaccelerator for PHP. See this article for help? or ask your host.
  3. Turn off server-side caching. In most cases, it is better to manage caching from WordPress with a plugin designed for WordPress. unless you are on Managed WP hosting. Your host can assist you with disabling server caching such as Varnish, Pagespeed, X-Cache or Cloudflare etc, usually there is a setting in your domain page on your cPanel to turn these off.

Conclusion

Sometimes the solution to a really tough issue in WordPress is to restore a recent backup, but that won’t help if you aren’t maintaining regular backups! In addition to backup options offered by your host, see this guide for keeping your Content Backed Up.

One of the ways to streamline this process is to explore your managed WordPress hosting options. If manage your site yourself, make sure you backup the entire site at least weekly and keep at least 3 previous backups. For sites that are updated often, make sure you backup the database daily and do periodic content exports as a fallback.

One of the ways to streamline this process is to explore your managed WordPress hosting options. If manage your site yourself, make sure you backup the entire site at least weekly and keep at least 3 previous backups. For sites that are updated often, make sure you backup the database daily and do periodic content exports as a fallback.

If all else fails, your problem may be with WordPress itself, or with the data in your database. Start by reinstalling WordPress, and if that fails, you may need to contact your host for further help.

  • If all else fails, get in touch with the theme author to get you a working file.

  • Answer These Questions

    Answer These Questions

    Get the Most Out of Your New Website

    Prepare for a successful website!

    When you’re working with a web design company on your new website, you want to get the most out of your investment. A good website will help you attract more and better leads that are more likely to engage with your business.

    Part of maximizing the success of your website is being prepared with relevant information. This will help us build the most effective marketing platform for you.

    Let’s take a look!


    1. What does your business do?

    To create the best website for your business, a web design company needs to fully understand your business. They can’t produce a website that works for you if they don’t know much about your company. It is important that your web design company has the opportunity to get to know your business.

    This includes the history of your business, the products or services you offer, your employees, competitors, and more. All these questions should help us get a better understanding of your business, how you operate, and your company values.

    When a web design company knows your business, they can start to shape a site that reflects your business best.

    2. Do you have a website?

    It may seem like a silly question, but we need to know if you already have a website built. This is an important part of the process for two reasons.

    The first reason is that your web design company needs to know how much work they need to put into your site. If you don’t have a website, they’ll need to put in more effort to build one for you. For businesses with established sites, they know that they have an existing structure they can modify.

    It is also important to know if your business has a website because if you do, your web design company can ask you about your site. They can ask you what you like and dislike about your site, what you wish was on your site, and how your website drives (or fails to drive) results for your campaign.

    This is an opportunity for us to learn what you like and dislike about websites. It will help us create a site that drives results for your business.

    3. What is your site’s goal?

    Before beginning the project, you should know what you want to achieve with your website. You shouldn’t just build a site “just because.”

    There are numerous goals you can focus on with your website. You can aim to earn more leads and revenue, increase brand awareness, capture emails or social followers, or get more phone calls to your business. It is important that you establish a goal for your website to help your web design company create a better site for your business.

    Your goal impacts the design of your site. If you want to increase more brand awareness, your web design company will focus on building your brand and helping people become familiar with it. On the other hand, if you wanted to earn more leads, your web design company will focus on incorporating elements that encourage people to learn more and ultimately purchase.

    4. Who is your target audience?

    Your target audience plays an important role in how you shape all aspects of your campaign. You want to appeal to them and get them interested in your business. Your website’s design is no different.

    To design a website that drives results, you need to know who is in your target audience. We will ask you about your target audience so they can build a site that works better for your audience. Your audience’s behavior will impact how you structure your site.

    5. How is your company unique?

    Each company across the globe has something unique to offer their customers. There is something that sets them aside from the competition. It may be something small, but there are things that make your business unique compared to your competition.

    This is an important selling factor that we’ll want to incorporate into or emphasize in the design.

    You want to stand out from the competition. Your unique features of your business will help you do that.

    6. Who are your competitors?

    You want to create a website that will help you stand out from the competition. It is important that your web design company knows about your competitors so they can create a website that makes you unique from your competitors.

    You’ll need to think of a short list of competitors that directly impact your business. You can give this list to your web design company so they can check out their sites. This will give them an idea of how your competitors sites look and how they can produce a site that is better.

    7. What features do you want on your site?

    It is important that you incorporate features that will help you achieve your campaign goals.

    You’ll need to think about how you want your site to look. There are numerous features you can add to engage your audience and keep them interested in your site. You need to think about which features you want on your site.

    Some popular features include email sign-up bars, social media icons, incorporation of videos, or color choices. These are all features that have an impact on your audience. It is important that you think about which features are important to your campaign.

    You want to be sure that you are incorporating elements that help you achieve your site’s goal. If your goal is to capture more leads, you’ll want to incorporate an email sign-up bar and social media icons. The features you incorporate on your site should help you build a site that gets your audience to complete the intended action.


    Start building a better website today

    If you want to build the best website for your business, you need to make sure you know the answers to questions that help you construct your ideal website. These questions should help you construct a better site that is more effective for your audience.

    Want to get started today? Contact PixelForge today to begin building a better website!

    Beginners Guide to Drone Flying

    Beginners Guide to Drone Flying

    A Few Tips for Your New Hobby

    Hello everyone,

    This blog post is long overdue. As you might know we have started providing drone and photography services to compliment our website and design side of our company through http://esphotography.art. Without further ado lets get started!

    The most important aspect of drone flying is SAFETY! There are many rules and laws which need to be followed which can be found at www.tc.gc.ca. This is a great guide but of course doesn’t really help a new pilot except give you an understanding of the Canadian Drone laws.

    From my experience you need to do the following things in order to ensure a safe and fun flight:

    • Build a pre flight check list which is used before you take off
    • Enabled all sensors.
    • Set your maximum altitude (in the case of Canada 90m)
    • Set your Return to Home altitude (50m) based on height of surrounding terrain.
    • Always keep your drone within line of sight and have a spotter where possible.
    • Don’t fly on rainy or windy days.
    • Always check your propellers for damage
    • Do not fly near people, or buildings.

    Here are some beginner safety questions which I had to learn the hard way, through experience!

    What happens if we are up in the air and someone complains about our drone?

    In my experience the best way to handle this is bring the drone back and land it. Then speak with the individual about their concerns and try to win them over by showing them examples of the video or photos you have taken and apologize for the action which might have upset them.

    What happens if my controller loses connection to the drone?

    With DJI drones, it will automatically return to home (RTH).

    What happens if my drones battery gets low?

    With the DJI drones you will be prompted and if it gets too low the drone with automatically return to home.

    Now that we went through the safety section, the next area of course is maintenance. Maintenance is like any other camera or technology product. You need to make sure you keep the drone clean, the optics clear and if anything strange happens fully investigate it before flying again. You do not want to get your drone up in the air and then at 90m it starts to suddenly fall and crash.


    Here are some beginner maintenance questions:

    How do you clean your optics?

    I use a lens pen which can be found on Amazon.ca or any other place which sells cameras.

    What do you do if something does happen or you lose power?

    Well my go to has been google and the DJI forums. The community is very helpful and can help solve 99% of the issues. If you are still having issues feel free to shoot us an email and we can try to help OR take your drone to a repair shop.

    OK now the boring stuff is out of the way!

    Onto the flying and getting your camera configured for taking the best videos! I am a big fan of the DJI take off system, once GPS has found 13-16 satellites your console goes green and you can now take off. Make sure there is nothing near the drone or above it as this will be your Return to Home (RTH) point. Click the launch button and slide to the right. Your drone will now launch and hover around 4 feet in the air. For new fliers i recommend setting your drone to beginner mode which limits its power and output.

    Once hovering, check your camera settings, focus and anything else. Out of the box the video is set to automatic which will give you good results for your first time in the air. We will be posting a video / news article about the best camera settings for a Phantom 4 and a Mavi Pro.

    Fly around, enjoy and get used to how the drone operates once you are comfortable take it out of beginner mode and see the difference.

    If you do have questions, please feel free to drop us an email via our Contact Page, or Facebook!

    Happy flying!

    Security Tips to Protect Your Website

    Security Tips to Protect Your Website

    Stay Secure Against Hackers

    You may not think your site has anything worth being hacked for, but websites are compromised all the time.

    The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware.

    Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top 9 tips to help keep you and your site safe online.

    1. Keep software up to date

    It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

    If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

    If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.

    Many developers use tools like Composer, npm, or RubyGems to manage their software dependencies, and security vulnerabilities appearing in a package you depend but aren’t paying any attention to on is one of the easiest ways to get caught out. Ensure you keep your dependencies up to date, and use tools like Gemnasium to get automatic notifications when a vulnerability is announced in one of your components.

    2. SQL injection

    SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.

    Consider this query:

    "SELECT * FROM table WHERE column = '" + parameter + "';"

    If an attacker changed the URL parameter to pass in ‘ or ‘1’=’1 this will cause the query to look like this:

    "SELECT * FROM table WHERE column = '' OR '1'='1';"

    Since ‘1’ is equal to ‘1’ this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

    You could fix this query by explicitly parameterising it. For example, if you’re using MySQLi in PHP this should become:

    $stmt = $pdo->prepare('SELECT * FROM table WHERE column = :value');
    $stmt->execute(array('value' => $parameter));

    3. XSS

    Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages, which then runs in the browsers of your users, and can change page content, or steal information to send back to the attacker. For example, if you show comments on a page without validation, then an attacker might submit comments containing script tags and JavaScript, which could run in every other user’s browser and steal their login cookie, allowing the attack to take control of the account of every user who viewed the comment. You need to ensure that users cannot inject active JavaScript content into your pages.

    This is a particular concern in modern web applications, where pages are now built primarily from user content, and which in many cases generate HTML that’s then also interpreted by front-end frameworks like Angular and Ember. These frameworks provide many XSS protections, but mixing server and client rendering creates new and more complicated attack avenues too: not only is injecting JavaScript into the HTML effective, but you can also inject content that will run code by inserting Angular directives, or using Ember helpers.

    The key here is to focus on how your user-generated content could escape the bounds you expect and be interpreted by the browser as something other that what you intended. This is similar to defending against SQL injection. When dynamically generating HTML, use functions which explicitly make the changes you’re looking for (e.g. use element.setAttribute and element.textContent, which will be automatically escaped by the browser, rather than setting element.innerHTML by hand), or use functions in your templating tool that automatically do appropriate escaping, rather than concatenating strings or setting raw HTML content.

    Another powerful tool in the XSS defender’s toolbox is Content Security Policy (CSP). CSP is a header your server can return which tells the browser to limit how and what JavaScript is executed in the page, for example to disallow running of any scripts not hosted on your domain, disallow inline JavaScript, or disable eval(). Mozilla have an excellent guide with some example configurations. This makes it harder for an attacker’s scripts to work, even if they can get them into your page.

    4. Error messages

    Be careful with how much information you give away in your error messages. Provide only minimal errors to your users, to ensure they don’t leak secrets present on your server (e.g. API keys or database passwords). Don’t provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.

    5. Server side validation/form validation

    Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

    6. Passwords

    Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

    As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.

    Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.

    In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.

    Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

    7. File uploads

    Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

    If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

    So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but it isn’t recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

    Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can’t be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

    deny from all
        <Files ~ "^w+.(gif|jpe?g|png)$">
        order deny,allow
        allow from all
        </Files>

    Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:

    <img src="/imageDelivery.php?id=1234" />
         
    <?php
          // imageDelivery.php
         
          // Fetch image filename from database based on $_GET["id"]
          ...
         
          // Deliver image to browser
           Header('Content-Type: image/gif');
          readfile('images/'.$fileName);  
         
    ?>

    Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.

    Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don’t have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.

    If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.

    If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimizing the risk of your data being exposed.

    Finally, don’t forget about restricting physical access to your server.

    8. HTTPS

    HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees to users that they’re talking to the server they expect, and that nobody else can intercept or change the content they’re seeing in transit.

    If you have anything that your users might want private, it’s highly advisable to use only HTTPS to deliver it. That of course means credit card and login pages (and the URLs they submit to) but typically far more of your site too. A login form will often set a cookie for example, which is sent with every other request to your site that a logged in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site.

    That’s no longer as tricky or expensive as it once was though. Let’s Encrypt provides totally free and automated certificates, which you’ll need to enable HTTPS, and there are existing community tools available for a wide range of common platforms and frameworks to automatically set this up for you.

    Notably Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. There’s a stick to go with that carrot though: Chrome and other browsers are planning to put bigger and bigger warnings on every site that doesn’t do this, starting from January 2017. Insecure HTTP is on its way out, and now’s the time to upgrade.

    Already using HTTPS everywhere? Go further and look at setting up HTTP Strict Transport Security (HSTS), an easy header you can add to your server responses to disallow insecure HTTP for your entire domain.

    9. Website security tools

    Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.

    There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers will use in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL injection.

    Some free tools that are worth looking at:

    • Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS

    • OpenVAS. Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.

    • SecurityHeaders.io (free online check). A tool to quickly report which security headers mentioned above (such as CSP and HSTS) a domain has enabled and correctly configured.

    • Xenotix XSS Exploit Framework – A tool from OWASP (Open Web Application Security Project) that includes a huge selection of XSS attack examples, which you can run to quickly confirm whether your site’s inputs are vulnerable in Chrome, Firefox and IE.

    The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren’t a concern for your site.

    If you wish to take things a step further then there are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.

    So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then I would try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or to upload a server side script.

    Hopefully these tips will help keep your site and information safe. Thankfully most CMSes have a lot of inbuilt website security features, but it is a still a good idea to have knowledge of the most common security exploits so you can ensure you are covered.

    There are also some helpful modules available for CMSes to check your installation for common security flaws such as Security Review for Drupal and Wordfence Security for WordPress.

    If you found this information helpful or have any security tips of your own, let us know!

    Tips for Awesome Website Content

    Tips for Awesome Website Content

    Compelling and Informative

    Many companies miss the point of having a website. Too often a grand marketing vision gets in the way of presenting useful information. The copy must be written with your customer in mind.

    Here’s how many websites are developed. The decision-makers gather around the conference table and begin brainstorming. “Our website should include our mission statement so visitors know what guides us,” says one executive.

    “It should look and sound professional, so let’s use stock photos and have Mary write the copy because she was an English major in college,” says another.

    “We should have a page with all our products. But let’s not put too many details or prices because we want visitors to have to contact us,” says a third.

    Someone from the sales department adds, “On the Contact Us page, let’s use a form with lots of questions that will help us make a sale. Have visitors tell us their budget and how soon they intend to make a purchase. And let’s be sure to get their full name, mailing address and phone number so we can have a salesperson pursue them.”

    Are you cringing as you read these website suggestions? If not, you should be. They’re off-base and sure to alienate visitors.

    The Visitor Must Come First

    While all these ideas have merit for the company, they don’t make much sense for visitors. And that’s a big mistake. If you don’t put your visitors first, your website won’t be effective. Bottom line, it’s not about you!

    The best websites are customer-centric. They’re designed to provide the information visitors seek and to present it in an interesting, organized fashion. They let the customer see the real you, which then builds trust.

    They make it easy for visitors to complete whatever action they have in mind, whether it’s to buy a product, subscribe to a newsletter, or contact you for more details.

    Your visitors don’t want cute or clever. They won’t take the time to decipher your meaning. They simply want to know how you’re going to solve their problem. Or, put another way, what are you selling and why is it right for me NOW?

    Here are 15 tried and proven tips to help make your website successful:

    1. Start with a clear navigation.
      Organize your pages into logically-named categories and use standard terms on your menu. Visitors don’t want to guess where to go. They don’t want to analyze what you mean. And they don’t have the patience to embark on a scavenger hunt for facts.
    2. Use conversational English.
      Despite what your high school English teacher may have thought, nobody wants to read text that sounds like a term paper. Yawn. Write copy as though you’re speaking directly to the visitor. Use second person like “you” and “we.” Contractions are fine. And a friendly, informal tone is better than stiff, corporate-speak.
    3. Avoid industry jargon.
      Don’t use words or phrases that your visitors may not recognize. Use familiar terminology.
    4. Provide all the relevant information.
      When people search the web, they’re seeking answers. If your site doesn’t provide the facts, the visitor will move on to the next one in the search results. Don’t be afraid of sharing too much, and that includes prices. Studies show information-rich websites are the most effective in converting visitors into serious prospects.
    5. Leave out the hype.
      Visitors don’t want spin. They expect honesty and transparency. They crave facts so they can make an educated decision. Place all your cards on the table and let visitors draw their own conclusions.
    6. Make your home page a to-the-point summary.
      Since your home page is the most common entrance to your website, it should describe how customers will benefit from your content, products, or services. If visitors can’t quickly figure out what’s in it for them, they’ll click that back button. Poof, gone!
    7. Create unique landing pages for specific topics.
      While you might want everyone to come through the front door, the home page of your website, that might not be the best strategy. A more targeted approach is to create landing pages that speak to specific subjects. If someone is looking for information on say your product’s military application, he should land on your page that is dedicated to that subject. Landing pages convert at a higher rate than do home pages.
    8. Let pictures help tell your story.
      Stock photos are pretty, but do they tell visitors about the real you? No, they’re too generic. You can use them in some places on your site to help break up what would otherwise be a copy-heavy page, but when it comes to products and people, real photos work best. Visitors want to see what they’re buying and who they’re buying it from.
    9. Include trust-building content.
      Explain why your company is uniquely qualified to provide its products or services. Provide some details about your company’s history and achievements. Include a photo of the founder if it’s relevant. Consider dedicating a page to testimonials or case studies. These third-party endorsements hold weight. Customers buy from companies they trust.
    10. Keep your website up to date.
      If visitors notice that your content isn’t current, then your site loses all credibility. Continually update your site, add to it and remove any information that is obsolete. The last part of that sentence is critical, so I hope you didn’t miss it. You shouldn’t only add content. You need to also delete anything that’s no longer relevant. If the good information is buried, your visitor might never find it.
    11. Use a straightforward layout.
      Nobody likes clutter, and that includes visitors to your website. Clean, simple and organized works best. The more intuitive, the better, so visitors can easily find what they need.
    12. Make it easy for visitors to contact you.
      Put your contact information in multiple places so it’s easy to find. It should always be just one click away. Don’t make visitors work too hard to reach you. They might not bother, and you’ll lose them.
    13. Keep forms simple.
      If your website includes a form, such as on your Contact or Quote page, ask the fewest questions possible. Visitors hate completing all those fields, (don’t we all?), and they likely don’t trust you enough to provide all the information you’re requesting. Yes, you’d love to obtain their detailed information, but it’s what they prefer, not you!
    14. Include a call to action on nearly every page.
      Tell visitors what you would like them to do next. Lead them down the path to a sale or to contacting you. It’s great to be a quality source of information, but you also want visitors to know they can make a purchase.
    15. Make it perfect or as close to it as you can get.
      Spelling and grammar mistakes make you look like an amateur. So does poor wording. Review your work closely, or better yet, consider hiring a professional copywriter to craft your content.

    In today’s information-saturated world, visitors to your website are likely to be impatient. If they can’t quickly find what they want, they’ll move on. They’re skeptical of anything that sounds “salesy.” If they could speak to you, they’d say, “Just the facts, please.”

    To be effective, your website must deliver true value. Put your visitors’ needs and wants first as you create its content and watch your conversion rate soar!

    If you found this information helpful or have any content tips of your own, let us know!

    Internet Marketing Tips

    Internet Marketing Tips

    Increase Online Traffic and Revenue

    Increasing revenues and profits for your business will take strategy and effort.

    Here are four tips to help you as a business owner increase your traffic and profits.

    Update Your Website

    It’s 2017, so if you’re like most businesses, you have a website (if not, what are you waiting for?). In fact, odds are good that you’ve had the same website for several years. This can be a blessing and a curse, and is something business owners should address in 2017.

    Websites that have been around longer have an SEO advantage over newly created sites. However, the longer a site has stayed the same, the more likely it becomes that certain information on the site is inaccurate or out of date.

    A recent study found that the majority of consumers encounter multiple erroneous sites in their daily internet browsing. There are few faster ways to lose a customer than having them drive to the address listed on the website, only to find that the business has moved across town.

    Updating a site is also a good time to upgrade security features. Feeling secure is essential to building consumer trust. Similarly, improving the site’s mobile friendliness can also lead to tangible improvements in business performance.

    Utilize PPC and Social Media Ads

    Many business owners have a false impression about the way that the internet and social media work. While it’s common for large websites or popular social media business pages gained their massive followings organically, this is almost never the case.

    Rarely there are cases of something just going viral. In most situations things that get a lot of publicity and attention paid for advertising and promotion to get the ball rolling. True, all the money in the world isn’t going to help bad content, but without paid promotion on the internet, getting noticed can be slow work.

    It’s important to realize that social media can be just as useful as Google in directing traffic to websites. While fans for a page don’t necessarily equate to customers, Facebook’s utility as content distribution network makes the platform as useful as search ads on Google or video ads on YouTube. Investing in both forms of paid advertising can produce good returns for a business.

    Integrate Marketing Tactics

    Another goal business owners should pursue is using multiple marketing tactics in a coordinated way. A long time ago, the only way people learned about information was through gossip or the town crier. Now, there are a large variety of ways to get information to consumers, and the better these methods are used in conjunction, the more effective the results.

    This integration can fall into two categories. First, businesses that use multiple forms of internet advertising should coordinate them to ensure that one consistent message is being sent to target consumers. Using email advertising, social media, PPC and video ads in tandem makes it hard for people to miss the message.

    The other form of integration is when businesses coordinate their online marketing with their offline marketing. The methods mentioned before are effective on their own, but imagine how much more effective is when the online ads are reinforcing what they’ve seen on local billboards, TV ads, etc. Making an effort to coordinate all the various advertising and marketing channels can be tricky, but it is worth it for business owners to make the effort or to hire people who can handle this coordination and implementation for them.

    Create More Content

    While this may seem like an anticlimactic piece of advice, this may be the most important. Advertising still works, there’s tons of evidence to support that, but consumers are becoming more capable of avoiding and ignoring ads if they want to. Content marketing is a good way to reach audiences while showcasing the knowledge base of a business.

    For example, some consumer have begun using ad blockers to prevent them from seeing ads while browsing websites (though Facebook is designed so that these technologies don’t work on their site). If people aren’t going to see your banner ads about your plumbing business, writing blog posts about common plumbing issues would be a good way to attract your target audience without relying on ads. It may be indirect, but content marketing works.

    And if there’s one thing that business owners should strive to do is use every available form of advertising and marketing to promote their business.

    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Youtube
    Consent to display content from Youtube
    Vimeo
    Consent to display content from Vimeo
    Google Maps
    Consent to display content from Google