Here are some news items that you may have missed, but that all affect your online business.
WordPress 5 released
We may be in the middle of a pandemic and lots of things not working like they used to. Fortunately that doesn’t seem to affect WordPress development at all.
In August, WordPress released a major update, 5.5, right on schedule. It brought improvements to the block editor, improved image editing, default XML sitemaps and more.
As always with a major update, there’s the potential that something on an existing site might break. For that reason, I recommend waiting for a point release to fix those almost inevitable bugs.
The moral of the story is to always be careful when applying a major update:
- Find out what issues others experience when updating
- Always, always make a full backup of the website before installing the update
- Ideally, install the update on a staging version of the website first. Only install on the live website after that update is successful.
That said, WordPress generally does a great job balancing the need to keep developing and changing with legacy support.
I have a couple websites that were built 10 years ago and that are still around. For each there are reasons for why they haven’t been rebuilt to a modern user experience yet. The point is that both, while built on a theme that was retired years ago, are still fully secure and run the latest version of WordPress. Because with each WordPress update, they’ve been tweaked as needed to keep them working. So it’s possible.
Confused about SEO?
Maybe it should be “Who isn’t confused about SEO?”
Part of the problem is that everywhere you turn, there’s someone telling you they have the best plan for scoring massive SEO gains. Resulting in lots of traffic to your website. Or not when those schemes don’t deliver.
That’s why this guide is so helpful. It starts plainly enough: Why SEO matters and goes from there. It’s a guide in mostly plain English for those of us who aren’t aspiring to be tech gurus.
Every one of us what owns a website should read and apply. Unless of course, I really only want the website to be for me and me alone. Seriously, there are valid reasons for why a particular website doesn’t need to be found by search engines, but that’s the rare exception. Most websites are there to be found. Need to be found.
The now open source Have I Been Pwned project recorded 16 breaches over 2 weeks recently. With 95,850,490 records affected.
What does that mean for you and me?
Same advice as always:
- Use strong passwords
- Use 2 factor authentication when available
- NEVER reuse passwords (as in using the same password in multiple places)
- Do use a password manager to keep track of your login information. Because that sticky note on your monitor or the list taped under your desk are just too easy to find and steal.
- Change passwords regularly and any time there’s a hint that an account might have been compromised.
- Use extra care when connecting to login websites/services on public networks (that’s anywhere away from your private home network). Being able to get online at the coffee shop, the library, street corner or random waiting room, is great, but you don’t know who’s listening in to that Wi-Fi traffic, hoping to grab some login data.
Don’t be a statistic and don’t let the bad guys win.
More about website security: Improve the security of your website in 8 steps
Mozilla lays off 25% of its staff
The makers of the Firefox browser have laid off over 300 employees this year.
That appears to mean that while they’ll still focus on Firefox, they won’t work on its developer tools.
Firefox’s market share has been steadily slipping for the last 10 years. Which makes me sad, because I’d hate to see it wither and die away.
Tip: Always have more than one browser available on your computer or mobile device. Because sometimes a website loads fine in one browser, but not in another. For no particular reason at all.
SSL: Trust is good, but only for so long
Google, Apple and Mozilla have now (as of September 1, 2020) stopped trusting SSL certificates issued for more than 398 days.
When you purchase a SSL certificate for your website, you’ve been able to select varying time periods for it to be valid. Like 1 year. Or 2 years. Even 5 years. Some vendors really liked selling you those multi-year certificates.
Which seemed to make sense if you were planning to be around. Then you could just install the SSL certificate and forget about it. For a long time.
Turns out that’s not good for security in an ever-changing environment. Lots of things can happen over several years.
Companies go out of business, websites get hacked, certificates lost or stolen.
Now we’re effectively limited to SSL certificates being good for only about one year.
If your website uses Let’s Encrypt, then certificates are issued for 90 days and automatically renewed.
If you have a SSL certificate that needs to be manually renewed, do put that date on your calendar. Your website will either stop working or show up as “not secure” if the certificate expires. None of us want that.
End of the road for Flash
On 12/31/2020 Flash, the tool that once animated so many websites and applications, reaches end-of-life. No more updates.
We knew this was coming. Many of us haven’t used Flash in applications or on websites for years.
The demise of Flash started back in 2007, with the launch of the iPhone, which popularized web browsing on mobile phones. Given that Flash always was a resource hog, it never played well with mobile devices, even the ones that really did try to accommodate it.
For years though, Flash was the darling of website designers who wanted to create stunning websites with lots of animation. That unfortunately also took forever to load.
More importantly, there were ongoing security issues. As soon as one hole was patched, hackers found another one.
All together excellent reasons for moving on. It’s now several years ago that we were warned that the end of Flash would come. This is the year.
If you’re still using Flash in an app or on a website, it might be tempting to just keep using it after the updates/patches stop coming.
Given the past history of security issues, that’s a spectacularly horrible idea.
Instead, please be safe and get rid of Flash now, if you haven’t already. There are still 3 months of the year left to accomplish any code changes needed.
Worst case scenario: Just remove whatever was displayed by Flash and collapse the space. Your customers will thank you. Then get replacement content in place as soon as practical.
Chrome now warns users about insecure form submissions
The web is increasingly shifting to using secure connections between browser and server, with the HTTPS protocol.
But you might still encounter some sites that are using HTTP (with no encryption), sending everything in the open.
That’s a real problem when you enter (personal) information on an online form, as someone snooping along the way could easily steal the information. Or change it. Or redirect you to a fake site.
Chrome will now warn users when they submit information on a not secure website. And also turn off autocompletion when the page loads using HTTP.
Since free SSL certificates are readily available, there is no reason at all for any website owner to still run their website using HTTP. Especially as the warnings will scare away your visitors.
Learn more about SSL and HTTPS in this article: The one with “Not Secure”
Is your website your friend?
If your website has been around for more than 3 years or your business has changed, it’s quite likely no longer serving you as well as it could and should.
Your Ultimate Website Roadmap is my brand new course where in 5 weeks you’ll create a tailored roadmap, empowering you to build, or have built, your next website with confidence — knowing that it is aligned with your business goals and effectively connects with your ideal customers.
Full details and registration are here: https://roadmap.claesjonasson.design