Blog

Don't forget your website has to meet the new google compliance rules

1) mobile responsive via template

2) google mobile first rule (pc versions of websites are no longer indexed)

3) monitor resolutions (must scale via template)

4) you must have a google webmaster account, and it must be properly configured.

5) You have to manually submit to the new google mobile (smartphone) index via fetch and render. Non-compliance will incur search engine listing penalties. It is reported that if you don't do this, your site will not be in the new search index at all. Compliant websites will show up first.

================================

SERVER COMPLIANCE

Many customers are getting notices from the hosting companies about upgrading. Your notice may look something like this:

"We have detected that your server is using PHP 5.3 which is obsolete and no longer receives official security updates by its developers. The Joomla! Project / Wordpress / Drupal / Magento recommends upgrading your site to PHP 7.2 or later which will receive security updates at least until 2019-12-01. Please ask your host to make PHP 7.2 or a later version the default version for your site. If your host is already PHP 7.2 ready please enable PHP 7.2 on your site's root and 'administrator' directories – typically you can do this yourself through a tool in your hosting control panel, but it's best to ask your developer if you are unsure."

Your first line of defense in the case of your website breaking or getting hacked is your backup program.
Learn about Website Backups Basics, wordpress backups joomla backups  drupal backups.

Google webmaster tools is an absolute requirements for your websites search engine indexing. Google webmaster tools account is where you manage your websites indexing and configurations. It is here where you can instruct what google can see and access so your site can be fully indexed correctly. 
Do not confuse this with google adwords or analytics, this is for indexing configurations only

If your website isn't mobile friendly right now, the SEO future is about to get pretty bleak.

Google has officially started the process of rolling out "mobile-first indexing" but, of course, only for those websites that adhere to the best practices. 
 
In the past, Google's crawling, indexing, and ranking systems used the desktop version of a page's content, but mobile-first indexing now means that the mobile version of a page will be used instead. 

Google indicated that it is notifying those websites being migrated to mobile-first indexing through the Search Console interface and clearly noted that being indexed this way provides no ranking advantage. 

Site owners will likely see significantly increased crawl rate from the "Smartphone" Googlebot as a result of the change. Additionally, Google will show the mobile version of pages not just in Search results but also within Google cached pages.

read the google webmaster central blog

We did our best to forewarn our clients about the need for mobile repsonsive websites, based on google specific rules. The time is here. You can wait no longer, or suffer the penalties. Please contact Mike if you have any questions 860-294-2444

On March 1, 2017, a new world dawned for websites.

911websiterepair would like to make everyone aware of the new website compliance rules that were implemented on March 1st. These new rules affect all websites and require that websites be behind an SSL, ie https:// vs http:// as mandated by the federal government initiative titled, “HTTPS EVERYWHERE”.

See (https://obamawhitehouse.archives.gov/blog/2015/06/08/https-everywhere-government)

We applaud this effort to secure the internet by implementing the proscribed protocols. In researching the new compliance rules, we gleaned a great deal of knowledge. The initial buzz was that this SSL requirement stemmed from security measures proposed and implemented by Google and were to go from suggestions to enforcement beginning January 1, 2017. As we know, where Google leads, all other browsers will follow.

However after careful research, it is our conclusion that Google was following the lead of the federal government as they step up their efforts to make it more difficult for sensitive and private user information to be gathered with ease by hackers.

We applaud this effort and are confident that we can secure our customers websites.

More on this change:

Compliance is not optional as the repercussion will be that your search engine rankings will be penalized. With a site not secure message next to you URL it is likely to seriously effect your traffic, visitors and revenues.

Before we go into the details, you should also know the following.

The compliance protocol was designed to force government websites to encrypt the transmission of data between a website and a remote system. Amazingly, there were no directives in place to require government websites to use standard security protocols thus rendering government information vulnerable. As the browser is the function that identifies compliance or not, the protocols were expanded to cover all websites.

To quote the source article:
“HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server or website iteself from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation.”

These requirements are now being directed to ALL websites.

The internet has become quite dangerous with all the hacking and data loss,
The search engines and browser providers (ie:google) decided to adapt the new protocols on their own.
Although inconvenient, this protocol and new compliance rules are to the benefit of all and will provide a safer internet.

Over the years we have been amazed at the number of online business that do not use an SSL because they were reluctant spend $125.00 a year on a SSL certificate and a static IP. Do not let price stop you. This is part of the cost of doing business on the internet.

Be mindful, the SSL does not secure your website or server, it encrypts the transmission of data from your site to a remote source, for instance a log-in form, contact form, or shopping carts credit card information.

You don’t have to follow the rules, but you will be penalized for non-compliance.

It is also important to note that note all SSL's are not created equal. You want to make sure you have a high level SSL. The lower priced SSL's do not work on all browsers and devices. We have also been led to believe that part of the Google algorithm has been adjusted to detect the type and strength of your SSL encryption..

So, let’s look how the effects of the changes appear for any website.

Here is a breakdown of some of the new secure messages found in the browser address bar. You can start looking up your favorite websites and see that they do indeed exist and really mean something.

1) The first Secure message shows that the site is secure and compliant.

2) The second item shows a gray I in a circle and the not secure message. The site does use a SSL, but there are items on the pages, code, and even images that are not secured. If you click the I ( in the circle) you will get a drop down with all the warning messages.

3) The third message is that site does not have an SSL installed at any level of the site.

(FYI: 911websiterepair now shows the correct security messages)

There are some specific features that need to have the SSL applied.
For instance, if you have a log-in page on your site, it now needs to be behind the SSL This shows that the browsers such as chrome have released updated versions that show the new warnings.

If you are not using the latest version of the top browsers, you may not see the warnings at all. But put yourself in the shoes of your site visitors. As many browsers automatically upgrade, they WILL see the secure messages. If you are not seeing these messages in your browser, upgrade your browsers now.

It is not enough to just install and configure your whole website to use SSL. In the case of our 911websiterepair example, the forms and login and transaction pages, even our ticket system is beyond an SSL. The reason our front page had the non-secure message is because of the log-in link at the top right.

There are many other elements of a website which will have to be configured individually to comply and to get the full secured icon and message.

Without getting too technical, some considerations are.

1) To ensure that the Not Secure warning is not displayed for your pages, you must ensure that all forms containing elements and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS.

2) Full verses Relative urls.
Best practice always is to use relative urls as opposed to full urls. Many sites have a combination of both, not only in articles but in the headers and include references within a websites code.

So, when you link to other pages in your site, users could get downgraded from HTTPS to HTTP.
These problems happen when your pages include fully-qualified, intrasite URLs that use the http://

3) My effort is not to instruct the reader on how to fix all the impending issues of meeting the compliance, but to show that you need to have some developer skills to implement. Here are some more examples of issues when converting a site to full SSL coverage.

4) If your site depends on scripts, images, or other resources served from a third party, such as a CDN or jquery.com, you have two options: Serve the resources from a server that you control, and which offers both HTTP and HTTPS. This is often a good idea anyway, because then you have better control over your site's appearance, performance, and security. In addition, you don't have to trust a third party.

5) Keep in mind that you also need to change intrasite URLs in your stylesheets, JavaScript, redirect rules,
tags, and CSP declarations, not just in the HTML pages.

6) Redirect HTTP to HTTPS. You need to put a canonical link at the head of your page to tell search engines that HTTPS is the best way to get to your site.

Set tags in your pages. This helps search engines determine the best way to get to your site.

7) It is also important to make sure that clients never send cookies (such as for authentication or site preferences) over HTTP. For example, if a user's authentication cookie were to be exposed in plain text, the security guarantee of their entire session would be destroyed—even if you have done everything else right!

There are many more issues that need to be resolved to make sure your website meets compliance and earns the secured padlock in the address bar. One of the biggest obstacles is converting potentially thousands of full URL's to relative URL's. That should be done in the database globally and not manually.

Contact 911websiterepair if your website is not showing the secure message in the browser. We offer affordable pricing and realistic time frames. In some cases you will be able to achieve this on your own. We are here if you need our help. It really is a little more complicated that you may think. Also, as not all sites are the same, we need to quote for individual websites.

Reference websites
https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/
https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/enable-https?hl=en
https://pulse.cio.gov
https://https.cio.gov/guide/
https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf
https://www.wired.com/2016/11/googles-chrome-hackers-flip-webs-security-model/

It is possible that on June 30 your authorize.net credit card processing may stop. 

Authorize.Net has upgraded access to the Internet connections that serve thier data centers. Instead of allowing direct connections, all Internet traffic will be routed through Akamai, a third-party cloud network service that routes and delivers Internet traffic.

Using Akamai network technology will help decrease latency and improve the reliability of our payment gateway. It will also help safeguard against interruptions caused by issues beyond Authorize.Net’s direct control, such as Internet congestion, fiber cable cuts and other similar issues. Additionally, you should no longer be affected by planned downtimes.

This is a really good thing. In some cases you will need to chnage the urls n your cart or payment module to point to the new servers. They also will be automatically redirecting URLS to the new service, to prevent any one from having sales interuptions

But.....But.....But....

If your service stops on June 30, the deadline for authorizgeddon, you will have to manually change the urls in your code. Best to be careful and manually change them now.

NEW TRANSACTION URLS

https://api2.authorize.net/xml/v1/request.api
https://api2.authorize.net/soap/v1/Service.asmx
https://secure2.authorize.net/gateway/transact.dll

You can change them yourself, or we can change for you ($49.95). You need to call us for this service 860-294-2444

But even if you have changed the urls, you could still have issues. You need to make sure that your website is not behind a firewall. Even the automatic redirect will not work if you are behind a firewall.

Using Akamai technology, Authorize.Net’s IP addresses will become dynamic rather than static. If your website or payment solution uses a firewall that has whitelisted Authorize.Net’s IP address or connects to Authorize.Net directly via an IP address, you will need to make additional changes.

Firewall Considerations – If your website uses a firewall to filter outbound connections, make sure that the firewall is set to permit outbound traffic to flow to the Akamai cloud by configuring your outbound firewall to “ANY.”

If you do not update your firewall ahead of June 2016, you will be unable to process transactions after Phase Two is implemented.

IP Address Considerations – If your solution connects to Authorize.Net directly via an IP address, you will need to update it to connect by domain name. Continuing to connect directly via an IP address is strongly discouraged as merchants will not receive the benefits of routing through Akamai, and could suffer a loss of service if transactions are re-routed among our various data centers.

If you need help, if your transactions stop after June 30, please contact us. We will need access to your server and to your firewall configuration settings.

Are you ready!

Call us for help 860-294-2444

 Authorize.net announced this week that they are changing there API URL's do be compatible with Akamai Network Technology.

This means that your website payments could cease to be transmitted to authorize.net.

Now, although they say in a year or so they may redirect your old API urls to the new one automatically, Authorize.net recommends that you make the change now and prevent any future issues.  The advantage of doing it now verses later is that with the new urls you will experience no more network maintainence downtime.

As stated in the announcement, 
"Using Akamai network technology will help decrease latency and improve the reliability of our payment gateway. It will also help safeguard against interruptions caused by issues beyond Authorize.Net's direct control, such as Internet congestion, fiber cable cuts and other similar issues. Additionally, come October, merchants connected to Akamai should no longer be affected by planned downtimes." 

Authorize.net is implementing Akamai's technology into the network in two phases.

• Phase One (Now through June 2016) — They have created three new URLs for transaction processing that are hosted by Akamai. You can update your website or payment solution to point to the new transaction URLs today, which will provide you with the immediate benefits detailed above. Come October, you should no longer be affected by planned downtimes.

911websiterepair.com is offering a special price of $49.95 to implement the new URLS for you. We can do it within 12 working hours of your request. The special price applies to phone orders only (860-294-2444). By doing it now you can prevent future downtime and failed transactions.

New 911websiterepair.com

The new 911websiterepair.com is finally on line. We did quite a bit of customizations to the ticket system, memberships/subscriptions, and the template. The comments have been favorable and everyone seems to like the new parallax template format. The only thing everyone has really commented on is the logo. So we will work on a new logo to match the new template. Now we are up to joomla 3.4. Also, make sure you check the site out on your mobile phone. The resposive layout is awesome and complies with all of the latest google mobile requirements for search engine indexing. We did not lose any of our rankins with the switch to the new site. Our rankins are actually better than ever. If your considering a new site but worried about your rankings changing, DON'T, we know how to handle this. Our rankings are better then ever.

NEW HOSTING

Did anyone notice how fast the website is now. Not only do we have the new site, but new hosting too. Everyone knows we have been a big fan of Hostgator which is still fine. Our sites and needs required a more robust hosting solution. Now we are hosted on a new dedicated server at SQUIDEX.com. Support is incredible and you can see the speed difference. Using the SSD hardrives and having the server set up correctly really makes a difference. For most sites your fine with hosting services from inMotionhosting.com. You dont need a solution like ours unless you have a lot of calls and websites. But when you get to the point where you need more speed and power, SQUIDEX is the way to go.

NEW GOOGLE MOBILE REQUIREMENTS

We have been busy updating websites and doing template conversions for complying with the new google indexing rules. Now that they have implemented the new rules, people who did not upgrade their templates are dropping like flies in the rankings. I gave everyone full warning and for those who ignored me they are now suffering. If you have not upgraded to the new google mobile responsive requirements, contact us now so we can get started asap. Withour being mobile responsive, your compeditors will out rank you becuase they did upgrade.

 NEW PRICING

We have dropped our rates to $10.00 per hour. All the same policies apply, but now your can get more hours for less money. The prices will go back to normal at some time in the near future. Purchase your time blocks now and save the hours for when you need them. There is no expiration so you can use the time whenever you want.

WEBSITE SECURITY

 Sitesassure is realy taking off and in 18 months, not a single website using the firewall has beem hacked. We even have it working on cloud hosting now. Our wordpress plugin will be released soon so you can scan and get reports for free from within your admin. Soon to follow will be our joomla plugin. Don't roll the dice. Get your website secured before malware finds you. http://www.sitesassure.com 

Google recently announced, "Starting April 21, we will be expanding our use of mobile-friendliness as a ranking signal. This change will affect mobile searches in all languages worldwide and will have a significant impact in our search results."

The next algorithm update will take into consideration the mobile-friendliness of a site within search engine rankings. This means if you have a site that is not “friendly” to mobile devices, then you will likely be penalized and appear lower within search results. The new “mobile-friendly” requirement and ranking signal update to the Google algorhythm is scheduled for April 21, 2015, so time is running out to get your website optimized.

Although the update may seem harsh for sites that have not taken the time to optimize for mobile viewing, we commend Google for giving forewarning prior to releasing this update. Typically, Google implements new updates and website rankings are at the search engine’s mercy.

The layout and labeling changes are already in effect on google. Use your mobile device and do a google search. You will see the new search results layout and the label: Mobile-Friendly. If your site does not have this lable, it is reported that you will be penalized in mobile search results and you will lose your rankings.

Call 911websiterepair and get your mobile responsinve quote

860-294-2444

GOOGLE MOBILE RESPONSIVE TESTER

A Russian malware called SoakSoak has infected over 100,000 Wordpress sites since this Sunday, turning blogs into attack platforms. It's a potential shitshow, and it could've been prevented earlier this fall.

Google has already blocked 11,000 domains to try to curb the damage. According to security firm Sucuri, the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. The Slider Revolution team have fixed it with updates. The problem is that the old,vulnerable version of the plug-in is still bundled with Wordpress themes, so lots of sites are still using the wrong version.

The time has come: Joomla 2.5 official support will come to an end. On December 31st 2014.
Joomla 2.5 will reach its official End-Of-Life and will be officially deprecated. 

This could have serious and detrimental effects to your current Joomla websites future.
Joomla 2.5 was released on January 20th 2011.and has been with us now for almost 4 years.

In 2012, Joomla 3 was released with enhancements and many new features. Joomla 3.X.X has become stable and a more friendly and usable system. The day has come and has been known for quite some time already for you to seriously consider the upgrading of your website.