Appointment Bookings

• Do you offer customer “appointments”?

• Spend too much time managing your calendar and not enough with clients?

• Let them make bookings directly with you via your website.

• Take payments via your website at the time of booking, stop worrying about “no shows”.

Consultants, Therapists, Fitness Instructors (in fact anyone who offers appointments to their clients), we feel your pain.  Responding to customer enquiries can be time consuming; time that you could be spending earning with a client.

Simplify the process by putting your calendar onto your website so that customers can see exactly when you are available AND let them make a booking without having to call, text or email you.  Better still, ask for payment when the booking is made so you never have to keep cash or handle change.  It is simple to integrate a card payment processor such as PayPal, Stripe or one of the many others available.

Have multiple therapists working from the same premises and need separate calendars for each? No problem.

Need to offer different appointment types or durations? We’ve got it.  In fact you can have ten different appointments within each calendar.

Need to reserve certain times for “walk ins”?  Of course, you can block out repeat time slots or ad hoc blocks of time.

Need to insert appointments by hand (where a client calls you or makes a follow up appointment)? You can easily drop a manually created appointment into your calendar via the simple admin screen.

Our easy to use appointments system will save you time, increase your earning opportunities and means you can spend more time with your clients and less doing administration!

Call us for a demonstration of the system, or drop us a message and we can call you back.

RIP Caldera Forms

So long, it has been good knowing you.

Yesterday (24th March 2021) came the announcement I feared was coming.  My favoured form builder for WordPress and one I’ve used across umpteen sites for all sorts of forms, is being ‘retired’ at the end of the year.

After being purchased by rival form plugin Ninja Forms – who stated at the time that they had every intention of maintaining Caldera Forms as a fully supported plugin – it now transpires that that wasn’t true.  Caldera Forms wasn’t what they expected it to be (or at least the customers and their usage were not) and so they are retiring it at the end of 2021.

If you cannot win customers, buy them.

This story is replicated throughout the history of business and commerce; if you cannot entice your competitors customers to move to you, then simply buy out the competitor and the customer base comes to you.  Once they are ‘your’ customers you are free to do to them whatever you like.  I’ve experienced this with hosting companies, ISPs, software developers to name just a few examples.  In every situation the purchaser says they wanted to buy the business because of the great product or service they provided.  Then, almost without fail, they run down the product, water down the service or reduce the support offered hoping that inertia will keep the customer with them.

I recall many years ago, when starting out as a WordPress user, being disappointed with many of the Form plugins.  Some were (and still are – yes Contact Form 7, I’m talking about you) unbelievably crude and / or limited in what they could do.  It took a while to find Caldera Forms but I was delighted to discover that not only was it endlessly customisable, had every field type you might ever want to use, it also had excellent conditional fields where the choice made in one area would dictate what was show in another.  It was also fully responsive and out of the box could deploy multi-column forms on large screens that shrank down to a single column on a phone-sized screen.  Best of all, this functionality was all available in their free to use product.

What’s the Alternative?

Sadly the search for an alternative has shown that not much has changed with the form plugins that are available.  There is always something missing or only available in the premium product.  One (very well known) plugin had great form field features except for a CAPTCHA field which was only available if you coughed up for the paid version.  So, in essence what the developer is saying is you can use this plugin so long as you don’t mind the deluge of dodgy deals that appear in your inbox.  Another plugin allowed most form field types with the exception of a dedicated Phone field (this being reserved for the premium product).  Few Contact Forms can go without a field to capture the enquirers phone number. Having to pay for such a basic feature is like being asked to pay for doors on your car.

It is said that “change is always difficult”.  In this case it is especially difficult when you are having to move from a tool that met your needs perfectly to a less capable alternative.

I know I’m not alone, Caldera Forms had a wide and loyal following amongst developers and designers who appreciated the flexibility it provided.  Hundreds of thousands of developers who have used it on countless websites are searching for the “holy grail” of form plugins.

So, fellows developers and designers, what are you going to be using instead of Caldera? Leave your suggestions in the comments below.

Is your website backed up?

data centre on fire

As tens of thousands of website owners across Europe are discovering this morning, disasters do happen.

The OVH data centre in Strasbourg caught fire late on March 10th completely destroying the SGB1 data centre, damaging the SGB2 data centre and taking SGB3 and SGB4 offline for an extended period.  OVH is one of the largest data centres in Europe and hosts many well known sites and services.

Thankfully there were no injuries and firefighters have been able to control and extinguish the fire. It does however beg the question….

Is your website backed up?

Are you absolutely sure about that?

Apparently, many of the site owners at OVH had their sites backed up to the same data centre meaning that the backup has gone up in smoke as well.  They may never be able to restore their websites.

Backups, like almost every form of insurance, are far from ‘sexy’.  They are not the sort of thing that your web developer or host will make a big deal about – partly because we all hope never to have to call upon them.  However, when we do, we want to know that they are there and that they can be relied upon.

Backups are only part of the picture.

Having a backup is great but as the OVH situation has shown, where that backup is stored is vital.  It needs to be separate from the main site hosting in either a different physical location or as a cloud based backup.

Secondly, can you access the backup or are you reliant upon the hosts?  The staff at OVH will be working furiously to check that  the SGB3 and SGB4 centres can be brought back on line ASAP (though the thought of them having been doused in water to keep them cool makes it seem that it will be some time before this happens).  It could be days (if not weeks) before they get around to making any backups that exist for the affected datacentre available to customers.  If only the customer or their developer had access to their own backups, they could be back on line (albeit on a different server) before the end of the day.

What is your disaster recovery plan?

Having your own backup is a great start but what are you going to do with it?  OVH are frantically securing new servers and space in other data centres for their customers but this will take time.  For many businesses, every minute that their website is offline is a minute when they lack profile, cannot interact with customers or make sales.

A disaster recovery plan should cover what you are going to do with those backups so, should the worst really happen, you aren’t left scrabbling around trying to find alternate arrangements.

The QD Design approach

Every HTML / CSS site we create for customers is backed up daily to a cloud location.  We also have the latest site files on our server which are in turn backed up nightly to an off site location.

WordPress websites are also backed up every day to a cloud location arranged by our data centre.  We also make backups independently of the hosting centre and store them in our own cloud location which we can access without requiring the data centre to intervene.

Finally we have an Amazon Web Services (AWS) server on standby just in case we need to shift the hosting of a customer website to an alternate location. We hope never to have to use it but it is reassuring to know it is there and ready to deploy just in case.

What does your web developer / hosts do?

Now might be a very good time to have a conversation with them to check that backups of your website are being made, are being saved in a safe location AND they have a plan for what to do, should disaster strike.

If you are not happy with what you hear, we would love to speak with you.

Christmas Tree Decorations

Christmas & New Year 2021

QD Design – Christmas / New Year Hours

For your information, the QD Design office will be closed from Dec 24th through to Jan 5th.  However, emails will still be received and read (though perhaps slightly less frequently than as usual).  Should you encounter an issue with your website during this period and need it resolved urgently, please reach out via phone or text to notify us.

Lastly, thank you to all the QD Design customers for their business in 2020.  We are delighted to have been able to support you / your organisation and look forward to doing more of the same in 2021.

Wishing you a safe & peaceful Christmas and a happy & prosperous New Year.  Here’s to a much better (and more normal) 2021.

Evading the Edge Update

Those ‘lovely’ people at Microsoft have been tinkering with the Edge browser.  They are keen for us to try it.  So keen, that it is being pushed out as a ‘Windows Update’.

Following a restart of your machine you will be faced with this screen….

Edge Update Screen

From which it is impossible to escape.  There is no close button, hitting Escape does nothing and even pulling up the Task Manager with Ctrl + Alt +Del doesn’t give a clue as to how to avoid going through the forced migration process.

Migration is probably the wrong word, it is more like your account is being taken hostage by Edge.  By the time you reach this screen it has slurped up a lot of your details from your existing browser (history, favourites, saved card details etc) and is is waiting for you to confirm your acceptance of the migration.  It seems impossible to avoid being sucked into ‘new’ Edge;  resistance, as they say, is futile!

However, you can sidestep it, if you know how.

How to Avoid Edge

Counter intuitively, you do first have to hit the ‘Get Started’ button.  However, unlike a parachute jump without the parachute, this is one adventure where you will live to tell the tale.

After hitting Get Started, it will ask you if you want to import from your existing browser (Chrome, Firefox, Opera, it doesn’t matter, they really, REALLY want you to migrate).  Along side this very prominent button, is a much less prominent link that says “Continue Without Importing“.  Hit this option.

You will be pestered to change your mind but persist and you can move on and continue with your preferred browser.

Those of you with a long memory may recall when Microsoft were punished (heavily) for making it difficult for Windows users to use any browser other than Internet Explorer.  It feels like we have gone full circle!

By all means Microsoft, create new versions of your software. By all means roll it out to user but please don’t force me to use it.  I would like to decide for myself.  ‘New’ Edge has been getting favourable reviews and I was half tempted to give it a try. Sadly these ‘dirty tricks’ mean that it has been consigned to the same place as the legacy Edge – the bin.

 

WordPress under attack (again)!

WordFence – creators of one of the most widely used WordPress security plugins have reported a dramatic spike in attacks on WordPress based websites. This reflects our own findings here at QD Design based on data gathered from the access logs of the various sites we manage on behalf of customers.

WordFence believe the increase is around 30 times the usual volume of website attacks.

Website attacks are, sadly, nothing new. From the earliest days of plain html sites uploaded via creaky File Transfer Programs, ‘bad actors’ have tried to break into other peoples websites.

The popularity of WordPress as a development platform for websites means that it attracts more than its fair share of attacks. Automattic (the people behind WordPress), reckon it is used on around 30% of all websites globally. With that level of usage, it is no wonder that cyber criminals focus upon it (and in particular any known weaknesses within the WordPress environment).

The current threat aims to exploit these vulnerabilities to inject a block of code into a site with the ultimate aim of giving the cyber criminal access and control of the site. With access they could remove your content, replace it with their own or gather data on your membership (should your site have such a feature).

The weaknesses they are trying to exploit are, in the main, well known and in many cases had patches published some time ago.

What to do?

  1. Don’t get too alarmed; website attacks occur all the time (though this current level is considerably higher than normal).
  2. Most importantly – keep your site up to date. The core WordPress file system, the Themes, and any Plugins all need keeping up to date. Updates are pushed out when vulnerabilities are discovered and leaving key components of your website unpatched is opening your site to increased risk of being compromised.
  3. Remove any unused Themes or Plugins. Keeping a stack of old, unused (and probably unpatched) files adds to the clutter in your admin panel. Amongst those deactivated plugins could be one that has been deleted from the WordPress repository because it is a severe security risk. This may be providing an easy ‘back door’ to your site, without you even realising it.
  4. If you don’t use a WordPress security plugin and firewall, it might be time to actively consider it. WordFence (and no I make nothing out of recommending them) make a truly effective plugin that is easy to set up and use.
  5. Consider whether restricting the access to your site by geo-location might give you an enhanced level of protection. The IP addresses of the attacks we have been following can in many cases be traced back to countries well outwith Europe. To be frank, they are exactly the sort of countries you would expect a cyber attack to originate from. If your site provides information and services to an exclusively UK audience, blocking visitors from some of the less desirable locations would prevent them from even accessing the site to try and attack it.

 

If you have concerns over your WordPress site, have noted activity you are unsure of or need to strengthen your sites security, QD Design can help. Call us on 07718 589338 to discuss any issues you are having or improvements you would like to make.

Stay up to date and stay safe!

Coronavirus / COVID – 19 Update

Coronavirus update

Like many, we have been following the global outbreak of Covid-19 with great concern and keeping up to date via the recommendations from the WHO and daily government bulletins.

The effects of the coronavirus pandemic are being felt by everyone. As the situation continues, we wanted to reach out and update you on how we’re supporting our clients and partners.

As a primarily digital business, QD Design are fortunate to be able to work remotely (in fact this is our ‘normal’).  Our systems and procedures have been devised so that we can operate at a distance and we expect to be able to support our customers, without change.

However, we recognise that for many of our clients, working remotely is either problematic or simply impossible.  We understand that, for many customers, the coronavirus outbreak has caused, unexpected and severe disruption to their businesses.

We are here for you, our customers.

Should you need a site adjustment made to cater for Coronavirus disruption, please let us know.  There will be no charge for site amendments or updates relating to coronavirus trading and operation.

What will change?

Customer visits (either to QD Design or by QD Design to your premises) will be, for the meantime, put on hold.  We must support social distancing and do our part to reduce unnecessary travel and person to person contact.  Video conferencing, phone calls, text, email are all still permitted and we can be contacted through any of these means.

Lastly, this is a time to be resourceful and supportive of one another as we face this together; please do not hesitate to contact us if we can be of any assistance to you or your business.

We urge you to stay safe over the coming weeks as we all face this together.

 

Frequently Asked Questions (FAQ)

Q: What is QD Design doing to monitor the situation?

A: Like many, we are staying well informed of the developing situation, following the advice and recommendations from the UK Government, Scottish Parliament and NHS Scotland.

Q: How is customer support being handled?

A: Simply email info@qd-design.co.uk or call 07718 589338 as normal, your request or support issue will be resolved as quickly as possible. You will be informed once the issue is resolved.

Q: Will there be delays in services or support resolutions?

A: At this point, we do not expect any significant delays.

Q: Should we expect any disruptions or downtime?

A: No. We are liaising with our Service Partners regarding web hosting and do not see there being any issues.  Should this change, we will inform all customers immediately.

Q: Do you have a provision for video conferencing and meetings?

A: Yes, we actively use Skype for meetings.  Please ask if you would like to use video conferencing.

Google Chrome Tech Support Scam Misery

Google Chrome is by far the most popular internet browser.  There is a very good chance that you are reading this article using Chrome right now.  As of Jan 2018, a whopping 56.3% of all internet users browsed the web using Chrome (data from StatCounter)

This popularity has brought some unwanted attention to Chrome. Scammers are targetting the browser users with ever more sophisticated and realistic “Tech Support” scams designed to panic the user and con them into phoning a fake ‘helpline’.  Once on the ‘helpline’, you will be asked for your credit card number in return for sorting out the problem.

What does the scam look like?

tech support scam message affecting Google Chrome browser

Having landed on an infected site the Chrome browser displays the above information, often along with unsettling alarm sounds to heighten further the users level of anxiety.  Like all scams, it is cleverly designed to put you under pressure with dire warnings about what is being ‘stolen’ and a time scale (within the next 5 minutes) to frighten the user into following the instructions.

Behind the scenes the browser is instructed to try and save a file repeatedly – so fast that it cannot cope and becomes unresponsive to any commands to close or navigate away from this page.  At which point the scammers hope that you will phone their number and offer up your credit card number in return for their ‘support’ to fix the problem.

That is the very last thing you should do. Let’s dive a bit deeper into this scam and see how to get out of it and even avoid it in the first place.

Where is this scam found?

Frequently this scam is deployed via ‘Malvertising’ – Malicious Advertising – a seemingly innocuous advert appearing on a legitimate site that happens to contain a hidden payload designed to cause harm. These adverts might have been designed from the ground up by the scammers or were a previously safe advert that has been hacked and turned into a vehicle to spread the malware.  Wikipedia on Malvertising

What can I do, if I encounter this Tech Support Scam?

Firstly, don’t panic.  Recognise it for what it is and DO NOT under any circumstances phone the number given.
Secondly, try to close either the affected tab or the entire browser as you would normally using the X top right. In all likelihood, neither of these methods will work but it is worth trying it first. Beware that closing the browser will discard any work you may have open in other tabs.
Thirdly (and most probably), you will need to use the Windows Task Manager to kill off the unresponsive browser. It may be a while since you have had to use this, so here is a quick reminder.

1. Press Ctrl + Alt + Del to bring up the options screen and click on Task Manager.

2. Click on Google Chrome in the list of Tasks to highlight it, then click the End Task button

Windows Task Manager screen image
at the bottom of the screen. This will terminate the Chrome browser and the pesky fake tech support message.

3. For peace of mind, you may want to run a security scan of your machine now to reassure yourself that nothing untoward has happened as a result of this attempted scam.

Can I prevent it?

Yes, partly. As many of the scams are distributed via ‘Malvertising’, running an Ad Blocker such as Ad Block Plus can mean they never make it anywhere near your browser. There is a Google Extension for this service –  AdBlock Plus Extension – that we have used for years and can highly recommend.
Google is aware of this issue and is working on a fix.  However,  you can bet the scammers will also be working on ways to circumvent this, so it is unlikely this type of scam will go away anytime soon.

If you know of any Chrome users, please share this article with them to help keep them informed and safe.

The Curious Case of the Disappearing Mouse

For a number of years, I’ve used a drawing tablet in preference to a mouse when working on a desktop PC.  Years of using a mouse have taken their toll on my right wrist and it was for ever painful and tender.  The tablet and accompanying pen puts the control into my dominant hand (yes, I’m a ‘leftie’) and has given me much more control in programs such as PhotoShop where drawing and shading with the pen are now possible.  Just as importantly, it has given my poor right wrist a rest and allowed the pain, tenderness and inflammation to subside.

However, recently an issue occurred that had me – reluctantly – reverting back to the mouse.  In several programs, the mouse cursor would simply disappear.  Hover actions associated with moving the mouse would still occur but seeing where it was and clicking with it were nigh on impossible.

In particular, this was happening in my go to code editor, Visual Studio Code.  Every time I clicked File – Open to begin working, the cursor would vanish and I couldn’t select a file to begin editing.  I felt rather like a chef without a knife or a photographer without a camera – devoid of a key tool to do my job!  Only by closing the program, re-opening it and using the mouse in preference to the tablet could I get anywhere.

Searching Google for similar problems associated with using a Wacom Pen Touch tablet and Visual Studio Code brought nothing of value.  A wider search showed that a similar problem occurred when using the Google Chrome browser and a Wacom tablet device. Missing of flickering mouse cursor and an inability to click, point or right click with the pen.

In the case of Chrome, the suggested solution was to disable the use of Windows Ink in the Wacom Control Panel.

With little expectation that it would make a difference in Visual Studio Code I did as suggested and, to my amazement, it now works perfectly – the missing mouse cursor has returned.  Additionally, the odd behaviour experienced in other programs, where it wasn’t possible to right click or scroll through a document using the Wacom Pen, have all gone as well.

Windows Ink seems to have been turned “on” as part of the recent Fall Creator’s update to Windows 10. Disabling it has given me back the control I had become accustomed to with the excellent Wacom PT device.

If you are having similar problems with a Wacom product, and are finding the pen cannot be used as a mouse to click or select, try disabling Windows Ink.

Passwords

Recently, cyber-security firm 4iq.com discovered on a community forum deep within the ‘dark web’, the largest aggregated database of emails / passwords found to date.  The searchable database contained 1.4 billion user login credentials hoovered up from a wide range of hacks, security breaches, data dumps etc.  These are in ‘clear text’ meaning they are not encrypted or scrambled in any way, they can be read by anyone.  Yes anyone.

Anyone who is active on the dark web, that finds the database can access it and start trying to log into other people’s accounts.  Quite possibly yours and mine.

Alarming

4i have begun extensive analysis of the data and what was immediately alarming in the database was the extent to which people were either…

  • Reusing the same password across multiple services or sites (often multiple times)
  • Using incredibly weak and obvious passwords (and in some case they were reusing the same weak passwords, which is probably the cyber equivalent of leaving your car unlocked with the key in the ignition and the engine running)!

An example of the most common (and weakest) passwords is shown in the table below…

Astonishingly, the password ‘123456’ occurred over 9 million times in the leaked and stolen data.  That’s 9 million people who are making it unbelievably straightforward for someone to break into their account.

So What?

Whilst much of the data in the database will be old, some of it is not (14% of the credentials recovered have never been seen before in any other data breach or leak).  The latest data was added in late November 2017.  This stuff is current and could easily include your information.

4i have checked with a number of users to verify if the information in the database is correct.  Almost all of the users contacted have verified that the data was true.  Frequently their reactions were…

but that’s an old password…

commonly followed by…

Oh crap! I still use that password on <this> site…

You can check whether your information appears within the database by sending an email to verification@4iq.com with subject line: Password Exposure Check  4i will respond with the truncated list of found passwords for that email.  Of course they will only report the passwords related to the specific email from which you write to them.  If you want to verify different email addresses you will have to send an email from each of them.

Take Action Now

  Stop reusing the same password in different places

  Use long (more than 12 characters and ideally 15 characters plus) passwords

  Consider using a password manager such as KeePass or LastPass to hold these rather than trying to remember them all

  Consider using two factor authentication in as many places as possible.  Whilst it may be slightly inconvenient to do so, it increases your security enormously.

  Make your email account passwords particularly complex and long.  After all, this is where any password reset notifications will be sent. If a hacker has your email password they can reset it and then beaver away on all of your other accounts.

Please, please share or pass this onto anyone that you think might benefit from it. And, above all, stay safe out there.