Cyber for the Very Small Business

If you keep up with the news, you will have noticed the increasing frequency of stories relating to cybersecurity. Data breaches, theft, espionage; we are living in a new world, one with emerging and rapidly developing threats to business, infrastructure, and supply chains.

A lot of these stories focus on big companies. Fortune 500s, multinationals. Obviously, important and powerful organizations have targets on their back. But what about you, with your commercially hosted WordPress or Drupal site?

Too Small to Care?

I won’t spend too much time here talking about what could happen, and why it could happen to you, with your small business and your website. I prefer to spend time talking about what you can do to protect yourself. But I’ll give one quick example. There was (is) a bug in Drupal. It went undetected and caused what was called “Drupalgeddon.” A lot of vulnerable sites were attacked by malware and had to be taken offline. An attack like this, malicious actors scan the internet for vulnerable systems. Some won’t care who you are. Whether you are Capital One or Joni’s Pet Grooming, if you had a vulnerable system, you could get attacked.

Someone came to me and that is exactly what happened to them. Their commercial host – a very good one – took their site offline and basically said “Fix it if you want it back up.” The client had zero, absolutely zero idea what to do. Luckily, I was able to help them.

How to Protect Yourself

There were a couple of things that this client did right. For starters, they made sure that had automatic backups made of the site on a regular schedule. I was able to quickly scan the backup to make sure it hadn’t been infected (it hadn’t) and then replace the infected site with the clean backup.

So yes, you should be making backups. If you have an arrangement with a developer or something like a “web master,” they should be doing this for you. Best practice is to have the live site and at least two backups, stored in different locations, at once. So maybe on a flash drive, and one on a cloud service like DropBox. This might sound time consuming. Its not, really. And if something happens, you can be back up in minutes, and not have to miss any potential customers form visiting your site.

Lock it Down

I’m really focusing here on businesses that have a website that is hosted on a commercial provider like GoDaddy or Dreamhost. These companies are going to do their best to make their servers secure. There business depends on it, they are highly incentivized. However, Where does their responsibility end, and yours begin?

In the case I mentioned above, the client’s site was breached after the patch had been released by Drupal. But the client had no idea about any of it. So, if you are maintaining the site on your own, you should talk to your hosting provider about what steps you can take to protect yourself. this may mean subscribing to security newsletters that are sent out by the CMS, like WordPress or Drupal. If you have an agreement with a developer, make sure you discuss with them keeping the site secure. The main thing here is keeping your site software up to date. That means regular keeping plugins, extensions, modules and the CMS itself up to date. One thing I always do is install WordFence on WordPress sites. WordFence is an application firewall that can prevent certain kinds of attacks. It also sends out regular notifications about security warnings and known vulnerabilities. These will help you understand the threat environment as it relates to your site.

If you are doing any kind of activity on your site that requires users to share personal information, whether it be email addresses, credit card information, or contact information, install SSL. This is basically the little green lock that shows up in the URL bar in your browser. This makes sure that information sent from a user to your site is encrypted. Some sites might not need SSL, but it is becoming so ubiquitous now that even if users don’t understand how it works, they come to expect it, even if there isn’t a strong technical use-case for it on your site. Its inexpensive and worth the cost for peace of mind.

There are more things that can be done. Its really important that if you hire a developer that you have a conversation with them about your site’s security. A knowledgeable, proactive developer will tell you what you need and what you don’t need and help you navigate long-term solutions.

If you have questions about your site’s security posture, get in contact with me and we can discuss. You paid good money for your site, and it represents your business, let’s keep it safe.

website process

OK, I want a website, what’s the process?

A new WordPress site, whether for personal, hobby, or business use, is an investment. Not only is there is a financial cost, but the process can take time, and can require a fair amount of energy. Its important to know what to expect when you sign up and say, “OK, let’s do this.”

The Conversation

For me, the first thing is discovery. Discovery is the process of finding out what it is that you need. You have a business that you want to promote, great. Do you want to list your available services? Do you want to list packages and prices? I assume you want people to be able to contact you through the site, but are you doing a lot of social media or blogging, or is it just going to be a mail form?

Now, its important to know that a good consultant isn’t just going make a list and run with it. Yes, as a developer I am trying to nail down a specification, that is, the list of things I need to build. However, I want us both to think about whether or not the list of things makes sense. For example, let’s say you provide some service like Career Coaching. Within that service there are any number of different smaller services that a potential customer can choose from. So maybe listing them all will make the customer feel like they are staring at the Denny’s menu. Too many choices can cause paralysis.

The better option might be to really hone in on copy that tells the story of what you do. Drop hints at the different services available and lead the customer down the path to talking to you more.

Point is, when figuring out what you need for your website, it has to be a conversation and exploration, not an inventory.

The Drawing

So, we have figured out what we need. At that point, there will be a high-resolution mockup (a flat image file) of the pages. This will be the basis for the work, and really defines the scope. With the mockups, we will go back and forth a couple of times to arrive at the final design. Once its locked in, I will go and build.

Generally speaking, barring very unique or specialized sites, the building of a custom WordPress site from the design doesn’t take that long. I prefer to spend time prior to the coding; going through the specifications and design. Those are the crucial conversations.

The Code

I will build the website on my own computer, and then when its ready for you to review, I will migrate it to a staging site. That site will only be available to you and me. It is likely that once you interact with it, both on your laptop and on your phone, you may want to change small things. I build in time for this. As much as the flat image is representative, the live thing sometimes sparks new ideas, and we want room to address them.

Once the staging site is approved, we will discuss plans to launch. For some people this is as simple as “make it live and let me know.” For others, this will be coordinated with a social media or email campaign. Also, part of the package that I offer includes training on WordPress as it relates to the content on your site, so if you would like to dive into that prior to launch, we can.

Depending on the options you choose, I can provide some medium to long-term support for your site after launch. Otherwise, as part of the training, I will provide you with the know-how to do basic site maintenance tasks yourself.

Your new WordPress site is live! Go forth and make your web presence felt!

Gutenberg for WordPress, a gentle introduction, part 1

If you have a website that uses WordPress — and your WordPress version is up to date — you might have noticed the big change in your content editor. We have now entered the era of Gutenberg. Without going to deep into it, there was a lot of debate about Guternberg and what it meant for the trajectory of the WordPress project. Whatever the pros and cons, Gutenberg is here and if your site runs on WordPress its important to get familiar with it.

Generally speaking, if you are using WordPress primarily to blog, Gutenberg may look and feel different than the Classic Editor, but its not. Just start typing. Add the title, like it says, then click in the area below where it says “Start typing.” Of course, it also suggests another option: add a block.

This is the part I want to explore a bit. With Blocks, Gutenberg allows for more flexible, creative posts. Let’s recreate this:

A combination of blocks can make your posts more dynamic and engaging.

As examples go, its ok. But going through it will demonstrate different block types and show you how to mix and match elements to bring your posts to the next level.

The first element after the title is just a paragraph block. You can get one of those when you “start typing,” as the post editor suggests. Once you have you content in place, its time to add another block. Make sure “Block” is selected on the right sidebar (as opposed to “Document”) and hover in the area below and click on the circled “+” sign to add a block.

Add a Gallery

We are going to add a Gallery. You should see “Gallery” when you create a new block, but if not, check “Common Blocks.” once you have selected it, it will give you the option of selecting images. You can select multiple images (hold down the Ctrl key and click on images) from your Media Library, and WordPress will take care of the work of spacing them and laying them out. I selected three images, a very common layout convention.

Fun with Columns

Being able to add columns easily and quickly inside your content editor provides a potentially powerful tool to WordPress. Generally speaking, column layouts have been restricted to either page-builder tools or to developers using code. Of course, to really get the most out of Columns, knowledge of CSS helps, but for simple use, the Columns block is great.

Click on the Add Block sign and scroll to Formatting. There you will find Columns. You can select the number of columns using the slider that appears on the right. once you have done that, you can either type directly into the columns, or use the “Add Block” again while hovering inside a column to add another element. In our example, I used “Block Quote” for the left column, and a regular paragraph block in the right.

Gutenberg is simple, fun, powerful

The debates about Gutenberg and the future of WordPress will continue to rage. I admit, I was hesitant at first, but I already see the benefits of the new block-centric editor and so do my clients.

In part 2, we will delve a little deeper and see how we can use Gutenberg for page layout. Stay tuned!

if you have a project you have questions about, contact me.

Tagged with: , ,


The US Round-table on Sustainable Beef asked me to develop a site for their “Sustainability Framework.” Continue reading

cattlemen for tax reform

When you get a client that is both engaged with the process of design and development, but also very trusting and respecting of your professional expertise, it results in not only a delightful experience, but usually a fine finished product.Continue reading