All posts by Nick Hyatt

About Nick Hyatt

Nick has web design experience spanning two centuries (well his first page was in 1998)! He is passionate about helping smaller businesses and new ventures make their mark on the web. As well as a web designer he has spent time as a management consultant and business coach and brings these skills to help customers excel. When not designing websites he is likely to be in the mountains be it skiing, climbing or just taking photos of awe inspiring scenery.

Google Analytics Logo

Google Analytics – time is running out…

Google Analytics Logo

Have you updated your Google Analytics set up yet?  For anyone using the legacy Universal Analytics (UA) code you have until the end of the month (June 30th 2023) to switch to the new Google Analytics v4 (GAv4) method. 

Not sure if this affects you? Read on to see if you need to take action to change your Google Analytics set up, where to do it and how.

What is Google Analytics?

Google Analytics (GA) is a free service set up by Google to allow site owners to identify trends and patterns in how people use their website.  GA handles both the data acquisition and analysis and visualization making it a powerful tool for any website owner keen to know how their visitors find and interact with their site.

You may have installed it on the site when you first built it, or your web designer may have done this for you.

How do I know if I’m using Universal Analytics?

If the GA code used on your site uses either analytics.js, ga.js or urchin.js then your site is using UA and you will need to switch to GAv4.  Similarly, if the tracking code in your script looks like UA-XXXXXXXX, then you still have UA active.

However, if your Google Analytics code uses gtag.js and the tracking code begins G-XXXXXXX then you are already on GAv4 and needn’t take any further action.

You can check this by looking at the source code for a page in your website. You should find the tracking code in the <head> of the document, relatively close to the top.

What’s the difference between UA and GAv4?

UA dates to the early 2000’s when Google acquired Urchin Analytics.  By 2013 this had been rebranded as Universal Analytics and quickly became the most widely used tracking mechanism available.  Traffic visible on a website and on an App were treated differently and appeared in discrete Views in the GA Dashboard.  In 2013 this wasn’t so much of an issue but by 2022 Google recognised that it was non-sensical to have traffic for the same organisation in two different locations.  As a result, GAv4 was developed and the decision to sunset UA made.  GAv4 also simplifies the number of reports available (UA having tens if not hundreds of different reports, some of limited value) and streamlines how activity is recorded.  Please note, this is a very simplified view of a much more complex situation.  For more in depth information see Google’s own Introduction to Google Analytics 4.

What do I need to do?

In your Google Analytics Dashboard, set up a new GAv4 property.  It is likely that Google will have done some of this for you already, but you will still need to confirm some of the settings.

Universal Analytics is going away is a useful article from Google on understanding the differences between UA and GAv4, as well as the steps needed to create / set up your new code.

You will then need to include the tracking code in your website.  This will be identical to the method you are already using for UA just the script or tag will look a little different.

What happens if I don’t set up and use a GAv4 code?

After 1st July 2023, the old UA code will cease to track visits and activity on your website.  That immensely useful stream of data on your visitors and their activity will disappear.  Your ability to track conversions, see popular pages and gauge the length of time each visitor stayed on the site will go.

The data tracked by the UA code should (according to Google) still be available for 6 months after July 1st, 2023.  Data can be exported during this time to preserve it since historical information is vital for comparing ongoing site performance.  After the 6 months have elapsed it is likely that your historical data will no longer be accessible.

Need help?

We can guide you through the process, watch over your shoulder (virtually) whilst you set up the new tag or, with your permission, set up and install a new GAv4 tag for you.

Medal inscribed with 20 years

Happy Birthday WordPress

Happy Birthday to the #1 Content Management System (CMS), WordPress.  On its own, it has far greater coverage than all the other CMS put together.
 
20 years ago this month, WordPress was born.  A fork from a previous project saw it rapidly take off and become one of the guiding lights of web 2.0.
 
Starting out as a simple blogging platform, anyone who has had exposure to WordPress since then knows how far it has developed.  Each new version adding more features, additional capability and an improving user interface.
 
QD Design have followed this development when WordPress became our CMS of choice in 2015. The changes we have seen in 8 years are astonishing; goodness only knows what the future holds for WordPress.
 
Why should you use WordPress? Good question!  WordPress balances the competing priorities of ease of use with flexibility and capability.  Some CMS tools are easy to use but have limited capability and minimal flexibility in what they can do (yes, Squarespace I do mean you).  WordPress is equally at home powering a personal blog as it is representing a small business or even running a holiday rental platform.
 
If you are finding your current website platform restricting, talk to us at QD Design about moving to WordPress.
Homepage of Big Role Media

Client Introduction – Big Role Media

 

Who are they?

Big Role Media are an inclusive media company based in Los Angeles.  Targeted largely at women, Big Role produces multimedia that ‘gives them a nudge to hold their head high, get out there, grab a hold of their dreams, and not let them escape‘. They are multi-talented and write, record and film their own work.

Their requirement

Having had a Squarespace site previously, they wanted to move onto a more capable platform, one that gave them more features, more options, more scope for growth and a greater ability to truly customise the sites to match their ‘brand’.  This was their first experience of WordPress, and like most of us, that first experience was daunting.

WordPress does lots of good things but the “Dashboard” is not one of them. I still remember my first visit shortly after having installed a box-fresh copy of WP, it was overwhelming; I had no idea where to start, what was a Post vs a Page, where images had to go etc. Having spent 16 years successfully crafting sites in html by hand, WordPress’ dashboard seemed like it was more of a hindrance than a help.

Screenshot of the WordPress dashboard
The WordPress dashboard

Big Role Media wanted a ‘magazine’ style site where they could write articles, post video, share audio and generally connect with their audience (and demonstrate their multitude of talents).

What did QD Design do?

We ran an initial WordPress 101 session over Zoom to a) find out what they needed and b) give some pointers on navigating around the Dashboard.

As they began to create content, we suggested and added suitable plugins to offer the functionality they required and began to customise the site appearance by creating a child theme that removed some of the elements that were not needed. We advised them to  streamline the dozens of Categories and hundreds of Tags to a more usable amount and then linked specific Post Categories to certain Pages making it quicker to find the content type or subject matter the visitor was after. We also connected the site to both Google Search Console and Google Analytics so traffic and search health could be monitored.

Lastly, we ran the site through a suite of tests to evaluate site speed, SEO and accessibility (all part of Google’s Core Web Vitals they use to measure user experience of a site).  Where possible, issues that were flagged were addressed through opting in / out of different plugins, resizing media images and deploying a SEO tool. Frustratingly, as a wordpress.com (hosted by WordPress rather than the self hosted wordpress.org type of site), some of the built in and unavoidable tools and plugins were the cause of Core Web Vital problems. C’mon WordPress, why are you building in issues and problems?

The finished article

Whilst no website is ever finished (there is always new content to add, improvements to make and updates to apply), this is how the site looks right now.

Screenshot of the home page of Big Role Media website - https://big-role.com

A huge thank you to Bella at Big Role Media for asking QD Design to help with their site. We now have / have had customers in the Middle East, Australasia and now the USA.  Where next?

Blog 2 Social Screenshot

Sharing WordPress Posts to Facebook

Writing content for a Blog can take a great deal of time to identify a suitable topic, research it and write / edit the Post itself.  Sharing that content across multiple Social Media platforms (Facebook, Twitter, LinkedIn etc) can be even more time consuming.

A Blog that doesn’t promote itself is akin to talking to the wall, no one will hear you or even know that you have something to say.  Remembering to share posts across all your social accounts in a timely manner isn’t always straightforward.  If only there was an easy way to do it.

Cue Blog2Social…

What is it?

Blog2Social is an automated tool that shares your WordPress Post to your Social channels.  It can also be used for scheduling posts so that they appear at a specific time rather than simply when you write and publish them.

Why Post this?

This is a test Post to see if the content does indeed appear in the QD Design Facebook page.

Having checked out the QD Design Facebook Page, the Post does indeed show up along with the Featured Image and a reasonable length excerpt.  This is encouraging and could save many site owners time; time they would have spent crafting Social Media posts to promote their website / Blog posts.

Time to dig into this tool more deeply and see what it can really do!

website under cyber-attack

Russian Invasion of Ukraine and Cyber-attacks

Firstly, my thoughts go out to everyone in Ukraine and to anyone that has friends and family there.  I hope they are managing to keep safe.

Given that in the 20th Century we experienced 2 world wars, numerous regional conflicts that were proxies for, and could have escalated into, global conflicts, as well as countless civil wars and border disputes, to see a European country brazenly invade a neighbour based on patently untrue reasons is shocking.  I sincerely hope the Russians come to their senses and cease this invasion ASAP.

In the run up to this invasion, several web commentators suggested that there would be an increase in cyber-attacks that occurred in parallel with the invasion on the ground. Based on the activity logs of several websites I have created and or manage; this seems to have commenced already.

WordPress sites are particularly at risk

I have identified concerted and extensive efforts to access websites that are noticeably different to the everyday attempts to login using a likely administrator username.   You will understand if I don’t give any more details than this.

However, as the most widely used website development platform (by a considerable margin), it is not surprising if WordPress gets more attention.

I use Wix, Squarespace, Ionos, am I OK then?

Sadly not.  Whilst WordPress accounts for the vast majority of websites developed using a Content Management System (and therefore attracts more attention from cyber-attackers), ANY website that has an ‘admin’ login of some sort is likely to come under attack.

Am I under attack from the KGB?

No.  State organised cyber-attacks, should they occur, will focus upon major institutions such as banks, utilities, transport networks, government, and the military.  Unless you work in one of these organisations / sectors then state organised cyber attacks are unlikely to impact you.

However, Russia has, as Wired Magazine puts it “An expansive web on nonstate actors, from cybercriminals to front organisation to patriotic hackers that it can and has leveraged to its advantage”.  Moscow has habitually turned a blind eye to their activities so long as their focus has been outside of Russia.  Their activities might not be directed specifically at your business or organisation but as the WannaCry malware cryptoworm outbreak in 2017 proved, collateral damage can spread far and wide.  As a result of WannaCry, the NHS saw tens of thousands of computers infected, equipment such as MRI scanners out of action and postponed non urgent treatment for some patients.  It is unlikely that the NHS was a primary target for this malware but once it got into their systems, it spread rapidly and with devastating impact. 

Why do the attackers want to break into my website?

The cyber-attackers have numerous possible reasons for trying to access your site. 

  1. To spread misinformation and propaganda
  2. For financial gain – e.g. Ransomeware where your site and data is held ‘captive’ until you pay for it to be released
  3. To connect with your users and followers (you may have very few, but they don’t know this)
  4. To attack other websites
  5. Malevolence – lets create even more disruption and unrest by defacing / taking down websites

What might a cyber-attacker do?

The first thing they will probably do if they gain access to your site, is change your password thus freezing you out.  Other Administrators (if they exist) will be deleted to give them free rein to do whatever they like.

Your content may either be removed or amended to suit their objectives.

If you take payments for goods and services via your website, then most probably the beneficiary account will be switched so they take any future funds.

If you have a full eCommerce store on your site, you may find that your products are removed and replaced with goods that are under control of the cyber-attacker.

How do cyber-attackers break into websites?

They use a range of different methods.

  1. Brute force – they keep trying username and password combinations until they find one that works.  These may have been harvested from previous data breaches and be sitting in huge databases available to purchase from the dark web. 
  2. Via a known vulnerability.  White and black hat hackers are continually testing the integrity of software.  White hat hackers will inform the software developer so they can fix it, black hat hackers will sell details of the vulnerability to anyone that wants to exploit it.
  3. Social Engineering.  The easiest way to gain access to a website is to get someone to tell you their username and password.  Cyber-attackers are exceptionally skilled in creating plausible approaches to website owners and administrators encouraging them to divulge usernames and or passwords.  Be particularly suspicious of any request for a password reminder by another user on your site or a request by the ‘hosts’ for you to confirm the username and password for your site.

How can I protect myself / my website?

A few simple precautions will go a long way to helping to maintain the security of your site.

  1. Limit the number of users who have full Administrator rights to a minimum.
  2. Enforce strong username and password requirements for all users.  For WordPress this should mean…
    • Not using the default ‘admin’ username
    • Setting the public display for authors names to NOT be their username
    • Using long passwords – in excess of 15 characters
    • Ensuring that any password used is unique to that site
  3. If it is available, consider using 2 Factor Authentication (2FA) when people login to the site.
  4. Put in place an application firewall or security tool.  For WordPress, plugins like WordFence are a good place to start (though others are available).  They are easy to install and even with the default settings, provide an enhanced level of security.  The alerts and logs produced by these tools could give you enough warning that an attack is underway for you to step in and end it.
    If you use another Content Management System (Drupal, Joomla etc), search for Security Extensions that will serve the same purpose.
  5. Limit the number of failed logins and ban the IP address from where the login attempt originated.  You ‘might’ inadvertently ban a legitimate user, but it is easy to unblock them if this occurs.
  6. Get and keep your site UPDATED.  Cyber-attackers are on the look out for websites that are out of date and those which have known vulnerabilities in outdated software.  Why make it easy for someone to break in by leaving a weakness unaddressed?
  7. Make sure you have a recent BACKUP of your site.  Should the absolute worst happen, and your website be breached, knowing that you have a full and dependable backup you can revert to means that you have a level of insurance.
  8. If you only login in from one location (e.g. home or your office) consider restricting logins to only the IP address associated with that location.

Summary

Whilst you may believe that your website has little intrinsic value to a cyber-attacker, they may see it very differently.  Your website is a platform for them to conduct a whole series of malicious and criminal activities IF they can access and take control of it.

Be vigilant to what is going on with your website.  Even if you have no proof, assume your website is (or will be) under attack and act accordingly.

A few relatively simple steps can help to secure your website and give you peace of mind.  Far better you act now to secure your site than spending hours (possibly days) trying to recover control, remove unwanted content, restoring the site and rebuilding your reputation.

If you have any concerns over the security of your site or believe you have experienced a cyber-attack, QD Design can help.  Contact us for a free consultation.

WordPress Maintenance and Support

WordPress Maintenance and Support

WordPress 5.9 has (eventually) been released. If you are a Gutenberg Block user there are some significant changes and improvements for you here.

If you manage your own site, now is the time to make a full back up of the site and database before updating the Theme(s), Plugins and WordPress itself.

If QD Design looks after and maintains your site, we will be doing this for you over the course of today.

We give you peace of mind that your site is maintained, monitored, secured and backed up 24/7. Want QD Design to manage your site? Give us a call today.


Running your business is a full time job, we get that. Having to look after a website once you’ve got the day job done, can be one task too many for a lot of small business owners. That’s why we offer our WordPress Maintenance and Support packages. We can take care of all of the maintenance tasks, backing up the site, taking care of plugin conflicts – all of the things that you know need to be done but never have enough time in the day to get around to.

Starting from just £15 a month, let us handle your WordPress website so you can get on with what you do best; serving your customers and users. We offer 4 different levels each tailored to your needs.

Give us a call today to find out what we can do for you and your website.

Appointment Bookings

• Do you offer customer “appointments”?

• Spend too much time managing your calendar and not enough with clients?

• Let them make bookings directly with you via your website.

• Take payments via your website at the time of booking, stop worrying about “no shows”.

Consultants, Therapists, Fitness Instructors (in fact anyone who offers appointments to their clients), we feel your pain.  Responding to customer enquiries can be time consuming; time that you could be spending earning with a client.

Simplify the process by putting your calendar onto your website so that customers can see exactly when you are available AND let them make a booking without having to call, text or email you.  Better still, ask for payment when the booking is made so you never have to keep cash or handle change.  It is simple to integrate a card payment processor such as PayPal, Stripe or one of the many others available.

Have multiple therapists working from the same premises and need separate calendars for each? No problem.

Need to offer different appointment types or durations? We’ve got it.  In fact you can have ten different appointments within each calendar.

Need to reserve certain times for “walk ins”?  Of course, you can block out repeat time slots or ad hoc blocks of time.

Need to insert appointments by hand (where a client calls you or makes a follow up appointment)? You can easily drop a manually created appointment into your calendar via the simple admin screen.

Our easy to use appointments system will save you time, increase your earning opportunities and means you can spend more time with your clients and less doing administration!

Call us for a demonstration of the system, or drop us a message and we can call you back.

RIP Caldera Forms

So long, it has been good knowing you.

Yesterday (24th March 2021) came the announcement I feared was coming.  My favoured form builder for WordPress and one I’ve used across umpteen sites for all sorts of forms, is being ‘retired’ at the end of the year.

After being purchased by rival form plugin Ninja Forms – who stated at the time that they had every intention of maintaining Caldera Forms as a fully supported plugin – it now transpires that that wasn’t true.  Caldera Forms wasn’t what they expected it to be (or at least the customers and their usage were not) and so they are retiring it at the end of 2021.

If you cannot win customers, buy them.

This story is replicated throughout the history of business and commerce; if you cannot entice your competitors customers to move to you, then simply buy out the competitor and the customer base comes to you.  Once they are ‘your’ customers you are free to do to them whatever you like.  I’ve experienced this with hosting companies, ISPs, software developers to name just a few examples.  In every situation the purchaser says they wanted to buy the business because of the great product or service they provided.  Then, almost without fail, they run down the product, water down the service or reduce the support offered hoping that inertia will keep the customer with them.

I recall many years ago, when starting out as a WordPress user, being disappointed with many of the Form plugins.  Some were (and still are – yes Contact Form 7, I’m talking about you) unbelievably crude and / or limited in what they could do.  It took a while to find Caldera Forms but I was delighted to discover that not only was it endlessly customisable, had every field type you might ever want to use, it also had excellent conditional fields where the choice made in one area would dictate what was show in another.  It was also fully responsive and out of the box could deploy multi-column forms on large screens that shrank down to a single column on a phone-sized screen.  Best of all, this functionality was all available in their free to use product.

What’s the Alternative?

Sadly the search for an alternative has shown that not much has changed with the form plugins that are available.  There is always something missing or only available in the premium product.  One (very well known) plugin had great form field features except for a CAPTCHA field which was only available if you coughed up for the paid version.  So, in essence what the developer is saying is you can use this plugin so long as you don’t mind the deluge of dodgy deals that appear in your inbox.  Another plugin allowed most form field types with the exception of a dedicated Phone field (this being reserved for the premium product).  Few Contact Forms can go without a field to capture the enquirers phone number. Having to pay for such a basic feature is like being asked to pay for doors on your car.

It is said that “change is always difficult”.  In this case it is especially difficult when you are having to move from a tool that met your needs perfectly to a less capable alternative.

I know I’m not alone, Caldera Forms had a wide and loyal following amongst developers and designers who appreciated the flexibility it provided.  Hundreds of thousands of developers who have used it on countless websites are searching for the “holy grail” of form plugins.

So, fellows developers and designers, what are you going to be using instead of Caldera? Leave your suggestions in the comments below.

Is your website backed up?

data centre on fire

As tens of thousands of website owners across Europe are discovering this morning, disasters do happen.

The OVH data centre in Strasbourg caught fire late on March 10th completely destroying the SGB1 data centre, damaging the SGB2 data centre and taking SGB3 and SGB4 offline for an extended period.  OVH is one of the largest data centres in Europe and hosts many well known sites and services.

Thankfully there were no injuries and firefighters have been able to control and extinguish the fire. It does however beg the question….

Is your website backed up?

Are you absolutely sure about that?

Apparently, many of the site owners at OVH had their sites backed up to the same data centre meaning that the backup has gone up in smoke as well.  They may never be able to restore their websites.

Backups, like almost every form of insurance, are far from ‘sexy’.  They are not the sort of thing that your web developer or host will make a big deal about – partly because we all hope never to have to call upon them.  However, when we do, we want to know that they are there and that they can be relied upon.

Backups are only part of the picture.

Having a backup is great but as the OVH situation has shown, where that backup is stored is vital.  It needs to be separate from the main site hosting in either a different physical location or as a cloud based backup.

Secondly, can you access the backup or are you reliant upon the hosts?  The staff at OVH will be working furiously to check that  the SGB3 and SGB4 centres can be brought back on line ASAP (though the thought of them having been doused in water to keep them cool makes it seem that it will be some time before this happens).  It could be days (if not weeks) before they get around to making any backups that exist for the affected datacentre available to customers.  If only the customer or their developer had access to their own backups, they could be back on line (albeit on a different server) before the end of the day.

What is your disaster recovery plan?

Having your own backup is a great start but what are you going to do with it?  OVH are frantically securing new servers and space in other data centres for their customers but this will take time.  For many businesses, every minute that their website is offline is a minute when they lack profile, cannot interact with customers or make sales.

A disaster recovery plan should cover what you are going to do with those backups so, should the worst really happen, you aren’t left scrabbling around trying to find alternate arrangements.

The QD Design approach

Every HTML / CSS site we create for customers is backed up daily to a cloud location.  We also have the latest site files on our server which are in turn backed up nightly to an off site location.

WordPress websites are also backed up every day to a cloud location arranged by our data centre.  We also make backups independently of the hosting centre and store them in our own cloud location which we can access without requiring the data centre to intervene.

Finally we have an Amazon Web Services (AWS) server on standby just in case we need to shift the hosting of a customer website to an alternate location. We hope never to have to use it but it is reassuring to know it is there and ready to deploy just in case.

What does your web developer / hosts do?

Now might be a very good time to have a conversation with them to check that backups of your website are being made, are being saved in a safe location AND they have a plan for what to do, should disaster strike.

If you are not happy with what you hear, we would love to speak with you.

Christmas Tree Decorations

Christmas & New Year 2021

QD Design – Christmas / New Year Hours

For your information, the QD Design office will be closed from Dec 24th through to Jan 5th.  However, emails will still be received and read (though perhaps slightly less frequently than as usual).  Should you encounter an issue with your website during this period and need it resolved urgently, please reach out via phone or text to notify us.

Lastly, thank you to all the QD Design customers for their business in 2020.  We are delighted to have been able to support you / your organisation and look forward to doing more of the same in 2021.

Wishing you a safe & peaceful Christmas and a happy & prosperous New Year.  Here’s to a much better (and more normal) 2021.