Blog

WordPress and Chrome: trouble with editing images

A recent Chrome update has affected the behaviour of the WordPress text editor, meaning you can no longer select, resize and edit any embedded images.

The solution? Updating WordPress to the latest version (or changing browser, which obviously isn’t ideal if you are a loyal Chrome user).

If you find that your site is affected by the above issue, please get in contact and we will arrange to update your WP version.

Please note: Even if you are a current client, there is a charge for this service, as the issue is caused by changes in Chrome, rather than a bug in the website. The cost of the update will depend on a number of factors, such as:
– Age of the current website and WordPress version
– Number and types of plugins (which will also need updating)
– Complexity of the WordPress theme, which may be affected by the update

Stop WordPress hackers getting your username

I just came across a major security flaw in standard WordPress installations: at the moment, hackers can easily get hold of the usernames on a WP site just by typing this sort of URL: yourdomain.com/?author=1. By changing the last digit, they can then build up a list of the usernames of any authors who have posted on your website, and start having a go at guessing their passwords.

Even if you have taken the precaution of hiding author’s names from the frontend, or using nicknames, the above trick wil bypass that and show the author’s username at the end of the URL.

I was flabbergasted at this discovery and can’t believe that this major security loophole hasn’t yet been addressed, especialy since the solution is SO SIMPLE: you just need to add the following lines to your .htaccess file:

RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]

This stops the URL trick from working.

Thanks for Tosho at StackExchange for the solution:

http://wordpress.stackexchange.com/questions/46469/can-i-prevent-enumeration-of-usernames

Of course you still need to hide author’s names in your template, or get all authors to use nicknames for posting.

As a final precaution, always install a solid security plugin like BulletProof Security.

Bye bye hackers!

Get control of your domain

As a web designer I am often approached by clients who want an existing website redesigned or totally redeveloped.

In many cases, these clients have never had to access their website’s admin area, or their hosting account, or their domain name account because someone originally set all these things up for them.

When I set up a website for a new client, I make a point of encouraging them to register the domain themselves: although I would love to perform this step for them and spare them the trouble, I think it is unethical to tell a client you are registering a domain for them, when in  reality you are registering it under your own name.

It is even more unethical (and potentially illegal) if you then charge that client for yearly domain renewals, since in effect you own that domain.

Unfortunately many people think they own a certain domain name until they try to get access to it, and then realise they have been conned. By then, it may be too late. The designer who registered the domain has either:

1. disappeared – or
2. stopped trading – or
3. fallen out with the client for whatever reason

In any case, they are unlikely to relinquish control of the Continue reading

Magento trouble – again…

I remember talking to another web designer at a networking meeting a few years ago and mentioning that I was building eCommerce sites on Magento.

“That’s brave!” – he said.

He was right: Magento is not for the faint-hearted. If you want an easy life, pick WordPress and Woocommerce, much easier to set up and a lot less stressful to update.

Of course I don’t use Magento just to punish myself, I have my reasons: when set up correctly, it’s hands down the most powerful and sophisticated eCommerce solution on the market. Plus it comes with the sort of price tag I like: £0. And unlike Woocommerce, you are not then pestered with continuous reminders that you are running the free version and you’d be much better off buying this or that extension. Magento CE can already do it all – or almost.

The problem is that it requires you to set up you server properly, which means fiddling with php.ini, cron jobs and other even more obscure settings that should only ever be tweaked by server administrators – I am not one of those.

The other problem is updating. Even relying on Softaculous (Saint-aculous I call it) to handle the (absolutely necessary) back-up and Continue reading

SEO FAQ

A lot has changed in the world of web design over the last couple of years. When clients approach me these days, there are noticeable differences in their priorities and concerns: wheres before they would mainly be preoccupied with the aesthetics and usability of a website, these days it’s all about search engine visibility.

This is a good thing, in the sense that I no longer have to give a long speech about the importance of substance over style: “It’s not about how good your website looks, it’s whether web users can find it in the first place…”. I can’t remember the last time I’ve had to say this to a client, and it used to be a daily occurrence.

But now the problem is with mis-information about SEO. Everyone realises it’s important, but few people understand enough about it to know what the main priorities should be when approaching a new website build, or planning a revamp.

These are some of the questions I am asked by every client at the start of a new project, along with the type of reply I tend to give – of course my answers are always based on individual scenarios, but for obvious resons I am Continue reading

Pay monthly websites

We are thrilled to announce a new service from WebRightNow: Pay Monthly website packages.

These three brand new packages include everything you need: web design, content management system, domain name and hosting. Our Package 3 can be used to set up an eCommerce website built on the popular Magento platform and hosted on a Virtual Private Server (VPS) to give you maximum performance.

It’s only been a few days since we introduced this new service and the response has been overwhelming. As always, we are pleased to be able to help small businesses, especially those in East Dunbartonshire, facing an uphill struggle in the current economic climate.

Visit this page to find out more.

Web maintenance spreadsheet for web designers – download

Most web designers will find that initial web development is usually followed by regular updates and general  maintenance work.

I have a simple system: £30 an hour rate, calculated down to single 15 minute slots (i.e. it’s £7.50 up to 15 minutes, £15 up to 30 minutes and so on). I try to give clients a rough estimate of the time required but I don’t give a precise figure because it’s not always possible to anticipate complications, yet it’s only fair that I get paid for the amunt of time I actually spend on a job. That’s what you would expect from a plumber, a babysitter or a personal trainer – why should it be any different for web designers?

I look at the time when I start, I look at the time when I stop – simple as that. In fact if possible I email the client to say “I’m going to make those changes now” and then email them back when they are done, so they can see how long it took. Of course I could inflate the hours, but I don’t. Why? Because honesty is always the best policy: in the long run it gets you more work and it’s a lot less stress than lying – Continue reading

We are going on holiday…

WebRightNow will be going away for a few weeks (yes, web designers need holidays too…) between 12th and 31st July. Existing customers who are having major problems with their websites can still contact us for urgent queries by putting the word URGENT in the subject line of any emails sent to us. For any new enquiries, we will reply as soon as possible once we are back.

Thank you all, now Italy awaits… A bit of dry weather is just what’s needed to recharge and get those creative juices flowing again!

Server trouble

Apologies to all our customers for the recent glitch in our hosting server. The problem was actually with database security and it will hopefully be resolved within the next few hours, we will keep you posted.

Magento tutorial: custom product listing order

Many store owners using Magento as their e-commerce platform are frustrated by the lack of flexibility and control in terms of how their products are displayed on the frontend.

Ideally, we would like a screen where you can view your products, then simply drag them up and down to change the order in which they appear when in list view.

Unfortunately, when it comes to user-friendliness, Magento is way behind other CMSs like WordPress.

Still, there is a fairly straightforward way to re-arrange the default product listing order in Magento – if you know where to click.

First of all, in your admin area go to Catalog > Attributes > Manage Attributes > Add New Attribute and create a custom attribute. Give it an attribute code of “listing_order”, leave it as a text field, make it a required value to ensure you remember to set this when you add new products. Also set the “Input validation” to integer number. Then scroll to the bottom and change the “Used for Sorting in Product Listing” field to “yes”. You also need to give the new attribute a label, call it “Listing Order”.

Save to exit this screen, then go to Catalog > Attributes > Manage Attribute Sets, Continue reading