Essential Upgrades to Your Website

PHP Upgrade

In November 2018, it was announced that the programming language that underpins your site — PHP version 5.2/5.6 — was coming to ‘end of life’. This means that the technology will no longer be supported and could pose a significant security risk. End of life was due to take effect in December 2018.

As part of our commitment to support our web clients, and working with our hosting providers, we have put measures in place to upgrade PHP on your site to the latest version (PHP 7.2) and as such we have extended the end of life deadline until February 14th 2019.

What does the upgrade entail?

Website owners with a Support & Maintenance plan with Nephew will receive the upgrade at no extra cost.

Those without a Support & Maintenance plan will incur a small administration fee of £125 ex VAT — payable before the upgrade takes place.

The PHP upgrade has been scheduled to take place on Monday February 11th, 2019 at 1pm. It is expected that the upgrade will not result in any downtime or disruption to service.

Those that decide to defer the update do so in the understanding that any security issues, arising from PHP end of life, will be the responsibility of the website owner. Additional charges to fix any security issues as a result of the deferral, may be incurred.

Next Steps

Fill out the form below to confirm that you have read the information above and would like to proceed with the upgrade.


Padlock on dotted background

The Essential Benefits of SSL Certification

Don’t have an SSL Certificate installed on your site? Google is coming for you.

Online security is a necessity in the modern world. And, in an attempt to improve it, Google now displays a ‘Not Secure’ message to any website that does not have an SSL installed.

 

Google Chrome SSL warning on website
Example of a the Google warning displayed on a website without SSL certification.

What is an SSL?

Secure Sockets Layer is a standard security technology that acts like an electronic passport for your website. It establishes an encrypted link between a web server and a web browser. The link ensures that all data transferred between the two remains safe and private. Without it in place, the data could be intercepted and harvested.

Do I need one?

If your site has any kind of text input (contact forms, search bars, payment forms, login panels) then you will need an SSL certificate.

How do I know I don’t already have one?

Any website address that begins with https:// is a hallmark of a site that does not have SSL certification. Once SSL is installed, this will change to https:// and will display a padlock icon at the beginning of the address bar.

 

DV & OV Validation SSL address bar
Example of how DV & OV SSL Certification is displayed in a browser.

 

Site without SSL Certification address bar
Example of how a site without SSL Certification is displayed in a browser.

 

If you see that your site address begins with https:// but, instead of a padlock, you see an information icon, this means that you website is only partly secured and that some of your web resources are not being served securely. This should be investigated as soon as possible.

 

Mixed Content SSL in address bar
Example of how a site with Mixed Content errors is displayed in a browser.

Types of SSL

Domain Validated Certification

This is the most common type of certification. The Certificate Authority that issues the certificate checks the rights of the applicant to use a specific domain name. No official company identification is vetted and users can be sure that their information is encrypted. However, it does not state who is truly receiving this information.

DV SSL are the certification of choice for most businesses as they are quick to set up, require no submission of company information and are relatively low-cost.

 

DV & OV Validation SSL address bar
Example of how DV & OV SSL Certification is displayed in a browser.

 

Organisation Validated Certification

The Certificate Authority carries out the same checks as a DV SSL, plus it conducts some vetting of the requesting organisation. Additional company information is displayed to customers when clicking on the Secure Site Seal, providing further clarity on who is behind the site.

 

DV & OV Validation SSL address bar
Example of how DV & OV SSL Certification is displayed in a browser.

 

Extended Validation Certification

The Certificate Authority carries out the same checks as a OV SSL, plus it conducts a thorough vetting of the requesting organisation. The steps required for full issuance include:

  • verifying the legal, physical and operational existence of the entity,
  • verifying that the identity of the entity matches official records,
  • verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate,
  • and verifying that the entity has properly authorised the issuance of the EV SSL Certificate.

 

Extended Validation SSL address bar
Example of how Extended Validation SSL Certification is displayed in a browser.

 

Sites with EV SSL benefit from extended security enhancements within browsers, displaying the site address within a green bar or green font. For site owners aiming to assert the highest levels of authenticity, then this is the ideal solution.

All of the certification solutions above can be implemented on a single domain, subdomains (Wildcard SSL), or multiple domains (Multi Domain).

Wildcard SSL

A wildcard SSL protects not only the top level domain but the subdomains too. For example: a wildcard certificate will secure your main address www.yoursite.com as well as any subdomain such as blog.yoursite.com or shop.yoursite.com.

Multi domain SSL

This solution allows site owners to protect up to 100 domains via single certificate. They are specially designed to secure Microsoft Exchange and Office communications environments.

How do I get an SSL installed on my site?

All web customers that have a hosting plan with Nephew Media benefit from free, single domain, Domain Validated SSL certifications, including installation.

Customers with third-party hosting (such as GoDaddy or 123 Reg) will incur a fee for the certification and installation. Fees depend on the type of SSL required.

Interested in getting an SSL setup and installed? Let's chat.


The True Cost of a Hacked Website and the Value of a Maintenance Plan

As a business owner, you do a lot.

You’re responsible for running your business, keeping customers happy, finding and nurturing new customers, making sure your service maintains excellence, keeping staff happy and more.

That’s a lot – but it’s what you’re good at and what you love (well, most days).

Sometimes, though, you’re also responsible for things that go beyond your expertise – like maintaining your website.

And when we say maintaining, we don’t mean updating the content in the admin area; we mean the more specific tasks of ensuring your site is safe from harm, protected from malicious intrusions and performs to its best.

Sure, you might be thinking “We’ve never been hacked and it probably won’t happen to us.”

But without proper maintenance protocols in place, your chances of getting hacked are pretty likely. According to industry security experts, an average of 30,000 web pages are infected every day. More than 80% of those occur on small websites on innocent web servers that go on to infect others.

On WordPress, those chances are increased due to its popularity.

“We’ve never been hacked and it probably won’t happen to us.”

Your reaction might be “So what? we’ll just fix it now and move on.” But what is the true cost to a business of a hacked website? Let’s break it down into quantifiable and non-quantifiable costs:

Quantifiable Costs

These are costs that are easy to know because you get billed for them, such as:

  • Cost of a developer to repair the damage
  • Admin costs of time spent communicating with staff, outside providers and customers.
  • Investment in preventative measures (such as moving to new hosting, adding future proof preventative measures)
  • Time spent investigating researching and working on fixing the problem.

Unquantifiable Costs

You may not get billed for these costs, but they have a residual, long term cost. These may include:

  • Loss of data or stolen data
  • Loss of confidence, reputation and trust — in customers, staff and your business operations
  • Disruption and stress. Repairing a hack takes you away from your other business needs and places you outside of your comfort zone.
  • Loss of revenue due to downtime. Your site could be inaccessible both when hacked and while being fixed. How many visitors, orders, sales or leads could you have missed during this time?

Set Yourself Up For Future Success

There’s three steps to resolving a hacked website:

  1. Fixing the original cause and returning the site to it’s original, ‘pre-hacked’ state
  2. Introducing preventative measures to ensure the same hack doesn’t occur again
  3. Introducing hardening and patching protocols to protect the site from any new malicious attacks.

Each step costs your business time, money and effort. Making a conscious decision to move straight to step 3 and invest in a robust Support & Maintenance Plan may cost a monthly fee, but it takes just a single hacking incident to realise the true value of having one in place.

Our Maintenance Plans

Nephew Media web clients benefit from a choice of three Support & Maintenance plans, providing flexibility for any budget.

Just need the basics and peace of mind that your site will run smoothly? Essentials is for you. Need a dedicated level of support and have some content, coding and design changes you want to make? Then choose our Standard Plan. Or need support at your beck and call via email and telephone with performance optimisation and monthly reports? Then Priority is your preference.

Whatever plan you choose, Nephew Media has got your back. All of our plans can be paid on a monthly rolling contract or, better still, pay in full for an annual subscription and save 15% on your plan.

Is there something we missed? If you have a specific need, let’s chat and discuss a bespoke plan to fit your exact requirements.

Call us on: 01604 978300 or email: support@nephew.media