Can I Trust HTTPS?

Can I automatically trust a site that uses HTTPS?

 

Recently, BBC Watchdog ran a story on bogus fundraising accounts being opened shortly after the horrific Grenfell Tower fire in London.  I thought I had ceased to be surprised by the depths to which some criminals would stoop but this one sickened me.  Not only is it deceiving the well-meaning folk who think they are donating to charity, it deprives those who really need support of the funds to help get them back on their feet.  Furthermore, once the scam is revealed, it  is likely to make everyone more wary of giving to any online charity.

A spokesman from Action Fraud said that you should look for the sign of security – HTTPS – in the URL of the website along the associated green padlock symbol somewhere in your browser.

https as a sign of security

So, should you trust a site simply because it uses HTTPS? 

In a word, NO!

HTTPS stands for Hyper Text Transfer Protocol Secure and signifies that the connection between a browser and the server hosting the website is secure and uses an encrypted protocol to transmit data between the visitor and the website.  This is a good thing as it means that your communication cannot be eavesdropped by a third party; particularly important when you are sending highly sensitive information such as your credit card details through a shopping cart at checkout time.  If you are running an eCommerce site, this is clearly essential.

Until fairly recently, acquiring the SSL certificate to facilitate HTTPS was a costly business. However, with Google’s drive to secure the web the cost of certificates has dropped and with the Lets Encrypt project now well established, it is possible to acquire a certificate for nothing.

Whilst the cost of a certificate was certainly a barrier to potential scammers in the past, the price drop means they are available to all.  And with countless tutorials available online, even the most inept of cyber criminals are able to find out how to install a certificate and set up an HTTPS site.

But surely, HTTPS means it is secure, I can trust a site that is secure can’t I?

The certificate that underpins HTTPS refers simply and only to the transmission of data.  It does not certify the site, its content, the identity of the site owner or the activity conducted on that site.  Any assumption that using HTTPS indicates a more trustworthy site is therefore clearly unwarranted.

So what should you look out for?

  • Use a familiar and trustworthy website.
  • Don’t rely upon a link to a site in an email or in social media, even if it is a site you have used before; type the address into your browser address bar. It is easy to make a link look like it goes to a safe site where in fact it goes somewhere else.
  • When you arrive at a site check the address bar. Is the URL (web address) correct?  Look out for tricks such as…
    1. a different domain ending, so rather than justgiving.com it is justgiving.global
    2. deliberate spelling mistakes in the URL e.g. justgivimg.com, that you might not spot if you only looked quickly.   Before you question whether I’m calling Just Giving  out on this, I’m not but as one of the largest fundraising websites they are likely to be a big target for on line fraudsters.
    3. subdomains e,g. justgiving.official.com. This is nothing to do with the JustGiving website but a subdomain of a website called official.com.  Scammers are ingenious in how they mask the identity of the site you are going to, scrutinise everything to assure yourself that you are where you expect to be.
  • Requests for you to use bank transfers rather than credit card or PayPal type legitimate payment gateways transactions should have alarm bells ringing loudly. No legitimate fundraising site would ask for payment to be made this way.
  • If using PayPal, when you get to the stage of confirming the transaction, check to see who the payee will be, if it is not who you expect, and you may be able to confirm this by referring to a previous credit card statement, then something is wrong. Stop and only proceed with caution.

Scammers and cyber criminals are becoming increasingly competent at building websites that aim to steal either your money or your personal information.  Whilst HTTPS is a good sign that the connection between you and the website is secure, it does not mean the website itself should automatically be trusted.  Before giving a website any information or donating money, verify for yourself that the site is legitimate and that you are not being taken for a ride.

Page Speed Matters

website speed matters

There is more to web design than arranging content on the page.   Unfortunately, there are many web designers (and I use that phrase loosely), that rely upon tools such as WordPress or other web-builder platforms for every site they create.  Ask them to create a site from scratch in html, CSS and JavaScript and they wouldn’t have the faintest idea where to start.

Why does this matter?

Web-builder platforms are the “Swiss army knives” of web design. They come with a multitude of features and functions; of which many are rarely, if ever, used. However, because they are in place, the browser must download the resources associated with this feature even if it doesn’t get used in a site. Additional JavaScript files, extra CSS files etc all increase the number of requests the browser has to make to the server, slows down render time and ultimately delays the point at which the user can see and interact with a website.

Even in these days of super-fast broadband (for those lucky enough to have it), 4g mobile networks, wifi hotspots in almost every cafe and coffee shop, site speed is still a vital metric for any web designer.

If your site is identical in content to another site (unlikely I know) but the other site loads more quickly, it is almost a given they will appear above you in Google search results. No one wants to wait and that includes the search engines themselves!

AliExpress reduced load times by 36%…, helping to increase orders by 10.5% and conversion rates by 27%

Sites that load quickly tend to get more traffic, retain people on the site and, as in the case of Aliexpress above, do more business.  For every additional second your site takes to load you could be losing significant numbers of potential visitors to your site.

95 out of 100 on Google page speed testFollowing some adjustments to the QD Design site, we now score 95 on the Google Developers Page Speed Checker. Whilst no doubt we could improve upon this further, it puts us in the top few % for page loading speed.

Slower sites can be attributed to poor or outdated coding, bloated or un-required files being called by the browser, unoptimised images as well as whole host of factors associated with the server. Taking advantage of server side (GZIP) compression, browser caching or setting a character set for a page can all be done via the .htaccess file that sits in the root of the web server.

This is the sort of knowledge and expertise that only a true web developer will have. If you want / crave a fast loading site, then you need to speak with someone that really knows what they are doing behind the page and not just manipulating text and pictures in a drag and drop page builder.

QD Design consistently make fast loading html based sites that help businesses reach their audience as quickly as possible.  If your site is lacking that “va va voom”, then get in touch, we can analyse what is holding it back, and help you get off the brake pedal and onto the throttle!

Business Ethics and Web Design

A question was posed on Quora recently about scams from purported “web designers”. I have always taken business ethics very seriously and recognise that my customers have a choice over whether they use me or someone else.  I felt compelled to give an answer to this question.
Whether you would call some of these true ‘scams’ or just shady practices all comes down to your level of business ethics. To me, these are all deceitful and deliberate attempts to  mislead the customer.

Offshoring the work but not telling the customer

Offshoring work but using local contact details such as a local phone number, business address to make out that the business is located close by. For a lot of business owners the fact they can pick up the phone to speak with or arrange to meet face to face the designer of their website is important. Hiding the the fact that the work is actually being done thousands of miles away in a different time zone by people who are freelancers is definitely suspect.
Business offshoringShould the business owner want to update their website, unless the freelancer has done a good job of marking up and commenting their code, who ever has the task of unpicking the existing code to make changes has a harder job on their hands.

Fake reviews and testimonials

Fake reviews and testimonials. I don’t mean ‘the friend you asked to favourably review your web design business in exchange for a few beers’, type of thing. I know of one web design agency close to me that have created an entirely fictitious person, business and backstory in order to create a review on their website. It is elaborate, detailed and a complete falsehood. If they will go to the effort of creating a fake testimonial for themselves, what else are they prepared to make up or be creative about?  I wrote in greater depth on this story in Sharp Practices by Web Designers.

Cookie Cutter Site development

 ‘Cookie cutter’ web site development. There is a marketing firm not far from me that advertise their ability to create websites for incredibly low prices. It is only when you look at the output they have created that you recognise a startling similarity between all their sites. They have used the same web-builder tool for all of them and worse than that, they have used an identical template for all sites.  Every site they produce is a clone of the last.
Web site clonesThe only differences being background colors, text, logos and any images. The layouts, menus and structure are identical. They have taken a tool the business owner could have used themselves, dropped in the content (no doubt created by the business owner) and have the cheek to call themselves ‘web designers’.

Unethical SEO Services

SEO Services. There are some genuine and professional SEO service providers out there. They seem to be outnumbered by the scammers and crooks who promise “top ranking in Google” or “first page in all search engines”. For the business owner who knows little about how the search engines work (and let’s face it, that is most business owners) but is keen for their business to grow, these sort of promises sound ideal. Of course what the SEO scammer does not say, is that the top ranking is either for the most obscure ‘long tail key word’, or achieved through dubious means. The former has no meaningful impact on the business since very few searches are made for that ‘long tail key word’ whilst the latter has a dramatic effect upon their business once the search engines punish the site for employing suspect methods to raise its ranking.

Inflating Prices

Over charging. The situation that comes to mind most readily is the web design agency that says they can handle domain registration and / or hosting. They then massively inflate the costs incurred when invoicing the customer. I’ve seen bills for hundreds of dollars for registering a domain or hosting it.web agencies that overcharge
When you investigate where it is being hosted, it is easy to see that the real price is around $60 / year. Meanwhile the customer is being charged $500. In my view this is taking advantage of the customers lack of knowledge to make a fast buck.

To me, as a web designer / web developer, integrity is everything. I need and want my customers to trust me and heed the well given advice I offer them. To be less than 100% honest at all times risks damaging that hard earned trust. I want the relationship with my customers to be a partnership that stands the test of time; treating them as idiots or ‘cash cows’ to be milked feels plain wrong.

Are you Mobile Ready?

Mobile devices are changing the way we exist. Many people would be bereft without their mobile as a source of information, entertainment and as a means of communication.

So much so that mobile access to the Internet has overtaken and now far exceeds larger devices such as laptop and desktop computers.  In a recent study commissioned by Google, 69% of smartphone users said they turned to mobile search in a moment of need.

2 years ago, Google announced they would be prioritising sites in the search results that were mobile friendly over those that were not. This continues today.  If your web site is not mobile friendly, then you are potentially needlessly giving away postions in the search results.

So how do you know if your site is mobile friendly?

Simple.  Google have produce a tool that will tell you instantly if your site is mobile compatible.

search console tool, mobile friendly
Google Search Console, mobile friendly checker

Put your website URL into the search box, click Run Test and see for yourself if Google recognises your site as mobile friendly.  If it is, then you will see a page something like the one below.  If it is not then you will get a series of warning and advice on what you need to do to make your site mobile friendly.

QD Design site successfully passing the search console mobile friendly test
This is how your site should look…

“But”, I hear you yell, “Most, if not all, of my visitors are using desktop / laptop computers, so it doesn’t matter to me, does it”.   Wrong.   Google will still penalise your site if it isn’t mobile friendly even though no mobile users currently visit it.

Can you really afford to needlessly give away search engine position because your site isn’t compatible with mobile devices?

QD Design only design fully responsive mobile friendly web sites that ensure you are not penalised by Google or the other search engines. If your web site is in need of a “tune up”, let’s talk.

WordPress – How to Change the Number of Dashboard Columns

This has been bugging me for weeks.

I tend to use a single decent sized monitor for most of my web design work.  On it, every WordPress install gives me two columns of very large dashboard blocks that makes appallingly poor use of the available space.  So much so that with a number blocks expanded to their full size, much of the information is off the bottom of the screen meaning I have to scroll down for it.  Sort of negates the idea of a ‘dashboard’ if you have to go looking for the info.

I do have one site that for some reason has three columns and it made much better use of the available space.  I wanted to recreate this on my other installs but couldn’t find out how.  I searched every control in the menu structure, looked at the code that drove the dashboard but nothing came up.  How on earth did this one site have three columns and not two?


Prior to WordPress 3.8 there was an option to choose the number of columns present in the dashboard but 3.8 saw this disappear.  Admittedly, there are plug ins that allow you to take control over the dashboard but I’ve discovered something easier, simpler and so obvious I’ve been kicking myself since I found it.

Most browsers allow you to zoom in / out.  On my personal favourite browser – Chrome (and I’m pretty sure it is the same in others too), it is CTRL + / CTRL –
Well, if you zoom out to 90%, such a small change in font size you will barely notice it, it gives just enough room to fit three columns across the dashboard. Voila, everything in view, all at the same time and no need to scroll.

Give it a try. If you have a reasonable amount of space on screen when working on a WordPress site, why not make the best use of it.

What Facebook Knows About You

The recent BBC Panorama programme on “What Facebook Knows About You” seems to have taken many people by surprise.  If you are active on Facebook and the Web, you are leaving a ‘digital breadcrumb’ trail behind you.  Every ‘like’ you make, every post you share, every place you check into in Facebook, all gets logged and used to create a profile about you.  This profile is used to serve up adverts to your Facebook page that best fit your interests and lifestyle.   This is the price we pay to use this “free” service.

Many of the people featured in the programme last night were surprised at what Facebook knew about them and what Facebook perceived as their interests, hobbies and preferences.

You can easily see what Facebook knows about you.  And, if it is not to your liking, make some changes to it.  Here’s how…..

1. Assuming you are on a computer rather than mobile device, in Facebook go to the little down arrow on the far right of the blue bar at the top of the screen (next to the question mark that goes to the help info).  On a mobile go to the three horizontal lines and scroll down to Adverts.

How to find out what information Facebook holds on you

2. Choose settings from the drop down list

3. From the list on the left hand side, choose Adverts. You might also want to try the Download a copy of your Information though this can be pretty vast if you are a prolific poster. This gives you a zip file on your computer of everything you have ever posted on Facebook (text, images, videos) as well as any events you have attended or shown an interest in.

4. From the Adverts link you will see the following. Each of the rows – Your Interests, Adverts You Have Interacted With can be expanded to show more information. This is what Facebook uses to build your profile. Most of it shouldn’t be a surprise as it is you that caused it to be logged.

However there may be the odd anomaly that you can’t explain. No, I’ve no idea why I ‘Entre Rios Province’ is listed as a place I am interested in either!

5. Every one of these snippets of information can be edited and removed. The X button will remove it from your list of places, list of hobbies, list of advertisers with who you have interacted.

One important point to note is that you are never going to get rid of Facebook Ads entirely. That is what keeps it free to use.

Advert settings in Facebook

However, using these tools you can fine tune the ads you see so that embarrassing one for ‘ointment’ doesn’t appear.  If you turn off the Interest Based Adverts feature completely, then you will see any old advert that Facebook deems to put in front of you.  Leaving it on means there is a chance the Ads you see ‘might’ be relevant to you.

If you don’t like what Facebook knows about you, then the choice is simple. Delete your Facebook account, stop using the web on any device, sell your house, buy a tent, move to the woods and hide. OK, this last advice is purely tongue in cheek, you don’t necessarily need to buy a tent, you might be lucky and find a cave to sleep in!

Seriously, should you worry about the information Facebook knows about you?   Probably not.  Between Facebook, Google, your Internet Service Provider and your mobile provider, there is little these people don’t know about you.  Add in your local supermarket where you use a loyalty card, other websites where you check in or use a service e.g. your fitness tracker, and almost your entire waking day is logged or mapped.  If you are doing nothing you are ashamed of or nothing that you shouldn’t be doing, then you have little to worry about!

How long to set up a shop and sell online?

How long does it take to set up a shop and sell online?

I’ve been asked this question several times in the last week.  When you turn it around and ask the questioner how long they reckon it will take, the answer is usually several hours, if not days.

What if it took less than 30 minutes to set up your own shop and begin selling on line, wouldn’t you do it?  Of course you would!

You design handmade jewelry, knit incredible garments, print custom T shirts or make amazing items of artwork and sell them to friends / family and through local independent shops.

No doubt your customers are delighted with your products and tell all their friends about you. But you are still only tapping into the tiniest proportion of your available market. Unless someone happens to know you / one of your friends or be in that independent shop, they have no chance of knowing about your product and thus making a purchase.

The answer (of course), is to sell online.  However, several conversations in just the last week show that for many people the idea of setting up their own shop is a daunting one, and one they expect to be complex and problematical.

Let me let you into a secret. It isn’t! You could easily have a shop of your own up and running in around 30 minutes.    Here’s how.

1. Assuming you have a website running WordPress, install the WooCommerce plug in. WooCommerce is part of the organisation that builds WordPress itself and it is the biggest (by a long way) e-commerce platform on WordPress.   Not got a WordPress website – no problem. Just about every server can handle WordPress*, it is easy to set up a simple WordPress site, styled to look like your current website and put links to it from the relevant places in your main site.

2. Configure WooCommerce – set up your location, currency, whether it is a physical or downloadable product (e.g. an e book), customise any email confirmations you want the system to send.

3. Download the Payment Gateway plug in of your choice (PayPal, Stripe, Amazon Pay, WorldPay etc) and configure your account.

4. Connect WooCommerce to your chosen payment gateway and link using the provided API key.

5. Create a product to sell in WooCommerce. Ideally with a product description, images, size / colour options etc.

6. Begin selling!

It is as simple as that.  In 30 minutes or so, your reach will have gone from local to potentially global.  What’s stopping you?   You have a great product, why not sell it as widely as possible!

At QD Design we can assist you through the process. From simple advice and guidance, to setting up the WooCommerce platform and Payment Gateway or even building the complete WordPress site to contain it all.

We eat, sleep and breath the web and want to help businesses make the most out of it. Call us for a chat or drop us an email and we will get back to you.


*If your server really can’t support WordPress, we need to talk, urgently!  You are being hosted on a device that may well be compromising your websites speed and thus your position in Google search results (Google hates slow sites and penalises them over faster ones).

Scam Alert! Domain SEO Services

If you own or manage a domain you need to read this.

I manage quite a few domains and, as such, see a fair number of domain communications each month.  One recent e mail stood out.  There was something about it that wasn’t quite right.

  1. It had no letter head or logo and the sender was not who I have my domains registered with.  In fact the layout and style of the message is deliberately ‘vanilla’.
  2. Whilst this domain is up for renewal this year, I knew it was in October and not the Spring when the renewal was due.
  3. The wording was both very lengthy and hard to understand.  Again a deliberate ploy to confuse anyone that receives such a mail that it really needs to be acted upon.
  4. The incentive to “Buy Now” seemed just a bit too forceful and smacked of a con.

So what is it?

Well it isn’t a domain renewal notice even though it has a domain name, a duration of service and even a start date.  It is an offer to buy “Domain SEO Service” and  “to purchase a search engine traffic generator”.

No clear details are given on what these products will do for your website.  The one thing that is clear is that Google takes an incredibly dim view of attempts to artificially increase a sites ranking in the search results.  So much so, that sites have been penalised and in some cases banned when it has been discovered they have tried to manipulate the Google search results.

It is not worth the risk.

You do not need to pay to have your domain name submitted to and indexed by the search engines.  This could be the worst $75 you might ever spend.

You DO need to engage someone to help you optimse the content of your site and effectively focus it around your chosen keyword(s).  Your web designer should be able to advise on how best to go about doing this.

This Domain SEO Service Expiration Notice is a very clever and cynical scam.  It deliberately creates a sense of apparent urgency around the renewal of a service and hopes that the recipient either is in too much of a hurry to read it or not knowledgeable enough to know that it is unnecessary.  The originators know that in many small and medium sized businesses, the staff are working flat out and spending 5 – 10 minutes trying to work out whether something is genuine, is time they simply do not have.

If / when you get your domain renewal notice in the mail, or something that looks like one; read it very carefully before acting upon it.  It may not be quite what it seems.

iTunes GRRRRR

Podcasts are a great way to make use of time that would otherwise be wasted spent commuting, exercising or doing mundane chores. In another post I’ll share some of my favourite podcasts but one thing seems common to most of them…..

The presenters frequently ask listeners to go to iTunes to like and subscribe to their podcast. I understand this can raise the profile of a podcast meaning it has a better chance of getting even more subscribers. However, as an Android user I have no intention of going anywhere near iTunes for any reason, ever.  In fact, when I hear this it just shows how lacking in awareness the podcast presenter / producer is and how blinkered they are to think that every listener will be using an Apple device.

I’ll personally buy a beer for the first podcaster I hear acknowledge the fact that you can access and subscribe to podcasts through other means besides iTunes.

Sharp Practices by Web Designers

Recently, I noticed in my Facebook feed the name of a local web designer that was new to me.  Being curious and wanting to keep abreast of the competition, I looked them up.  I was disappointed to discover they had adopted a number of tactics that were clearly pushing the boundaries of what could be described as honest.

It got me thinking, I am the only web designer that is entirely truthful on my site and in my marketing?

So, what was this new entrant doing that was misleading and potentially dishonest?

Their Facebook ad looked like this…

Taken at face value (as many potential customers will do), this is  an unbelievable bargain.  Even outsourcing to the cheapest and least skilled offshore supplier imaginable, there is no way a ‘professional’ website could be created for £49.  And of course, it isn’t true.  Following the link to their website reveals that the real cost is £49 per month (oh and on top of that there is an ‘initial set up’ fee of £199 as well).

Assuming the business maintains the website for five years, it will have really cost an eye watering £3139 before any VAT / sales tax has been added.

Secondly, the business in question had a glowing testimonial from a garage owner who seemed delighted with the service provided.  It sounds as if the new website had already born fruit and was bringing in new business.  Oddly, there was no link to the site in question which seemed peculiar given the situation.  Stranger still, a search on Google for Prestfield Motors returned no matches whatsoever.  In fact, there were no matches for Kenny Sinclair and the motor trade in Edinburgh.  Zero, nil, zilch, zip.

It was a fake testimonial from a fake business alleging benefits that were utterly fake.  It got me wondering who was in the picture, was this really Kenny Sinclair or was he a fake too?

Of course he was a fake!  Using the ever so handy Google Reverse Image Search facility revealed that ‘Kenny’ is a prolific chap.   He appears on a hair loss website in South Africa, an Arizona skin clinic site, a UK house sale site as well as countless social media sites.‘So what’ I hear you say, don’t we all embellish the truth a bit?  Well, yes and no.  It depends on how far you take the embellishment.  In this case, the deliberate attempt to mislead on pricing is pretty close to the widely discredited and highly disliked technique of “bait and switch“.  The use of a stock image in a testimonial whilst you are awaiting a photo from the customer is understandable but deliberately creating a fake identity, a fake business and a whole fake story to sell your services is downright dishonest.  As soon as a potential customer realises your claims are unfounded they should begin to question everything you say.

For example, is your support as good as you claim?  Is your uptime really as high as you indicate?  Are you truly based in the local area or are you a front for a “pile it high, sell it cheap” offshore operation?

It is all about credibility.  Most customers do not want to do business with a firm that feels it is OK to deliberately mislead and be dishonest on their website.  Why would you trust a firm that did this?  After all, if they do this on their own site, there is a good chance they could do it on yours too.

Whatever your line of business, think carefully before making unclear, misleading or entirely false claims on your website.  The consequences will inevitably come back to bite you.