Category Archives: News & Announcement

03Apr/14

What are cookies?

If you’ve ever read a newspaper article about the internet, it’s likely that someone, somewhere will have mentioned ‘cookies’. They may have been explained as an evil and intrusive spying mechanism tracking your every move on the net – or a harmless device designed to make your life easier. This guide should clear up any confusion and ease any concerns.

How do they work?
When you visit a site that uses cookies for the first time, a cookie is downloaded onto your PC. The next time you visit that site, your PC checks to see if it has a cookie that is relevant (that is, one containing the site name) and sends the information contained in that cookie back to the site.

The site then ’knows’ that you have been there before, and in some cases, tailors what pops up on screen to take account of that fact. For instance, it can be helpful to vary content according to whether this is your first ever visit to a site – or your 71st.

The good thing about cookies…
Some cookies are more sophisticated. They might record how long you spend on each page on a site, what links you click, even your preferences for page layouts and colour schemes. They can also be used to store data on what is in your ‘shopping cart’, adding items as you click.

The possibilities are endless, and generally the role of cookies is beneficial, making your interaction with frequently-visited sites smoother – for no extra effort on your part. Without cookies, online shopping would be much harder.

…and the bad
So why the paranoia? The answer probably depends on how you feel about organisations – both big business and government – storing information about you. There is nothing especially secret or exceptional about the information gathered by cookies, but you may just dislike the idea of your name being added to marketing lists, or your information being used to target you for special offers. That is your right, just as others are entitled to go along with the process.

When cookies first started to appear, there was controversy. Some people regarded them as inherently sneaky – your PC was being used (without warning) to store personal information about you, which could then be used to build a picture of your browsing habits.

Cookies and the law
Most modern websites use cookies in some way, and it is unlikely that the majority of internet users even notice cookies working away in the background as they browse from site to site. Until now it has been up to individual users to either block or allow cookies using settings in their internet browser. From the end of May 2012 though, a new EU law will require all sites that use cookies to seek your express permission to store and retrieve data about your browsing habits.

Most sites will now draw your attention to their cookie policy when you first visit the home page. Don’t be put off by this, you were probably sharing details with the site before without even knowing it. In many cases you can click to say you understand the cookies policy but in many instance you can simply ignore the announcement and continue browsing as normal.

Sites will continue to use cookies and the information they store in order to make your online browsing an easier, more enjoyable experience. Cookies are nothing to be scared of, even if the new prompts seeking your consent might seem a little off-putting for the cautious internet user.

In the UK, the Information Commissioner’s Office (ICO) will be closely monitoring sites to make sure that they comply with this new legislation, so there will be no avoiding the regulations. Websites have had over a year to make the changes to their code, so there should be no excuses!

You can of course still change how cookies are stored on your machine by clicking on the ‘Tools’ menu in your internet browser, but you may find that the new law means your concerns about privacy and your personal data have been addressed.

Source: http://www.bbc.co.uk/webwise/guides/about-cookies
27Mar/14

Why Choose Us ?

  • Free quotes. There is no charge for an initial meeting during which we can explore your needs.
  • Fixed prices & no surprises. We’ll provide you with a fixed price quoute so that you don’t get any nasty surprises!
  • We’re experts. Each member of our technical team has at least 5 years IT experience, much of it in corporate IT.
  • We guarantee our work. If you’re not satisfied with the results, then we’ll fix it at no extra charge.
  • We’re contactable & responsive. Have you ever been frustrated by an organisation that is difficult to contact? Usually, we’re available to take your call but if we aren’t and you leave a message then we’ll call you back within 4 business hours.
  • We deliver business solutions. We’re not geeks or nerds who mumble incomprehensible techno-babble. Instead, we apply technology to deliver business solutions that enable new capabilities, improve the efficiency of your business and help you communicate more effectively.
  • We Listen. We understand that although there are common themes, each business is different and has its own special needs. Instead of shoe-horning every business into a “one size fits all” product, we take the time to work with you design a solution that fits like a glove.
  • We provide peace of mind. Because we provide a fixed price and guarantee our work, you can rest assured that you won’t have any unpleasant surprises. And later, you can be sure that we’ll be there to help.
  • We have a proven methodology. We’ve developed and refined our methods over many years, so you can expect our services and projects to be delivered consistently.
27Mar/14

Why Do I Need a Website?

Having a website is like opening a door and inviting potential customers into your busiwhy websiteness.
So…Why does YOUR business need a website?

Your site communicates with prospects and customers 24 hours a day, 7 days a week, 365 days a year. Even when you aren’t at work, your website is. Your customers can get to know you and your products through the website at their convenience. It can be better than passing out your business card to thousands of people.

Expands your reach. People from across the street and across the border have access to your products and services from the comfort of their own space.

Increases the effectiveness of your advertising. Print advertising is static, while the web is dynamic. Once you have a website up and running, we recommend your print advertising include your website address where pictures, text, tables and forms can help you get your message across.
Gathers feedback. Use forms and email to allow your clients to communicate with you.

Communicates effectively. Whether your website is built for customers or employees, web–based communication and email communication are cost–effective and time–saving devices.

It gets you found. Having a well–built website will increase the visibility of your site to the search engines that people use to find what they are looking for. Your specialist should not only offer creative design solutions, but also know how to make your site search engine friendly, so that clients can find you.

Sells directly. E–commerce can dramatically reduce expensive overhead while delivering a 24/7 ‘sales force’. Even if you don’t sell your product online, your website gives you the opportunity to distinguish your company or organization to your client.

Reaching today’s consumer. Today’s emerging generation has never known life without a digital world of connection. According to stats (and who doesn’t like statistics!), over 88% of Canada’s population is online.1 Add the growth of social media to that and it becomes evident that without a credible web presence, you don’t exist for an expanding segment of your target market.

Your competitors. The sooner you gain a presence on the web, the better. Your competitors know this too. Increasingly, your clients (and potential clients) are making their decisions based on the standard of your website. A useable and engaging website can help to level the playing field between small and large companies.

Want to grow your business online? Contact us. We can help you succeed.

Internet World Stats, accessed May 22, 2013. Statistic as of June 30, 2012.

26Mar/14

How to Protect Your Site ?

WordPress is one of the most ubiquitous content management systems in the world. Even better, it’s open source! However, as an open source piece of software, it can be vulnerable to malicious individuals digging through code and finding vulnerabilities in the code, which they attempt to exploit. As such, WordPress sites have been prone to security breaches and being hacked, and having your WordPress site hacked can be damaging to your reputation and your business. At Themify, we often hear about WordPress security issues from members, thus it inspired us to share this article.

Stay Updated

WordPress itself constantly badgers you about new updates that are available for WordPress – don’t ignore these! It’s vital that you stay up to date on your WordPress installs, themes, and plugins to ensure that any existing vulnerabilities have been patched up.

WordPress will display the update notifications as soon as you login, Themify shows you notifications on the Themify admin panel, and other plugins and themes should have something similar. Keep updating your files and stay up to date!

Remove Inactive / Old Themes and Plugins

WordPress Themes and plugins that are installed on your WordPress website, but are currently inactive or old versions are security risks: they may not be the most up to date and have security holes that malicious attacks can take advantage of.

Your best bet is to remove any themes and plugins that you are not currently using and stick with what you need.

Disable the Theme / Plugin Editor

Intruders who are able to guess your admin login and password are able to access your theme or plugin files and insert their own malicious code. For example, they can replace a template file into a PHP uploader and upload more files or change file permissions without your knowledge.

Disabling the built-in Theme and Plugin text editor inside of WordPress ensures that these intruders aren’t able to modify your Theme or Plugin code in any way.

In the directory that you’ve installed WordPress into, you will find a file called wp-config.php, and you will need to add the following code into that file:

/* disable theme editor and plugin editor */
define( 'DISALLOW_FILE_EDIT', true );
define( 'DISALLOW_FILE_MODS', true );

Once disabled, you should no longer be able to edit files inside of the WordPress admin panel.

Protect Your .htaccess File

Your .htaccess file acts like the gatekeeper for your website’s figurative guts. It allows you to control permissions of files, meaning you can determine who has access to specific files or file types. It’s a hidden file that sits in the root directory of your website, and you’ll need to show hidden files in order to be able to access it.

Once you are able to edit it, add this to the file:

# protect .htaccess file
<Files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
</Files>

This will ensure that no one from the outside world can access your .htaccess file, protecting yourself from intruders who attempt to change file permissions on your website.

Disable Directory Listing

While you’re inside of .htaccess, you might as well disable the ability to get directory listings from your WordPress install.

Directory listings are used to see all of the contents of folders, and are often used to look at websites as a whole. However, being able to see them is not good, as it usually means it’s exposed to the public, meaning that people can search for vulnerable files and exploit security holes.

You must be editing the root .htaccess (the one for your entire website install) of your website, and you need to add this:

Options -Indexes

This will restrict the ability for anyone and everyone from being able to list the contents of your website, making it that much harder to find vulnerable files.

Protect the ‘wp-config.php’ File

Another fun thing to add to your .htaccess file, since you’ve been inside of it for the previous two!

Your wp-config.php file contains a lot of information that can be very sensitive, should someone ever gain access to it. Things like your database username and password, which is essentially your WordPress website’s lifeline.

The WordPress website database can be protected by ensuring the wp-config.php file is locked down and secured. Add this to your .htaccess file:

# protect wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

As with everything else, this code prevents outside, public access for wp-config.php, ensuring that your very sensitive data is relatively secure!

Prevent ‘wp-login.php’ From Being Accessed by Unknown IPs

If you haven’t guessed yet, this is another fun trick done by editing the .htaccess file. The file, wp-login.php, is the gatekeeper to your WordPress admin panel. By default, you can access this page from anywhere and everywhere, which is convenient, but also a huge security risk.

Using .htaccess, a list of IPs can be created that are allowed access, commonly referred to as a ‘whitelist,’ to prevent non-known IPs from attempting password guesses.

Inside the root folder’s .htaccess, add this code:

<files wp-login.php>
order deny,allow
deny from all

# static IP
allow from xxx.xxx.xxx.xxx

# dynamic IP
allow from xxx.xxx.xxx.0/8
allow from xxx.xxx.0.0/8
</files>

Fill in your actual IPs in place of the x-placeholders. If you know your actual IP, stick with static (just be sure to update it, should it change!) or use dynamic if you need to allow a range of IPs. There are a multitude of websites that will give you your exact IP address, and they are a quick search away.

Prevent ‘wp-admin’ From Being Accessed by Unknown IPs

The protection levels of ‘wp-login.php’ through an IP whitelist can be doubled by creating the same whitelist for the wp-admin folder inside of the WordPress directory. Add this code to your .htaccess file to prevent non-known IPs from accessing your wp-admin folder:

<LIMIT GET>
order deny,allow
deny from all

# static IP
allow from xxx.xxx.xxx.xxx

# dynamic IP
allow from xxx.xxx.xxx.0/8
allow from xxx.xxx.0.0/8

</LIMIT>

Deny Executable Files Like .exe Extension

Executable files are trouble – they will often contain malicious code that can install worms and virus on user’s computer. These can be blocked, of course, using .htaccess!

Add this to your .htaccess file:

# deny all .exe files
<files "*.exe">
order deny,allow 
deny from all 
</files>

This, like the other code, prevents any and all .exe files from being access on the server, ensuring that you steer well away from those troublesome executables.

Add a Firewall

Much like the .htaccess whitelist, allowing only known IPs access to wp-login.php, a firewall will only allow known IPs to access your FTP server. This is something that you will have to contact your website hosting provider to set up.

Additional Plugin Recommendations

Acunetix WP Security
Login LockDown
AskApache Password Protect

Conclusion

Website security is typically the last thing on the minds of website owners, but priorities should be raised on website security to keep WordPress sites safe and secure. The above list is a solid start, and hopefully useful.