HWS Logo

01423 313230    info@harrogatewebsolutions.co.uk

Latest Blog

What are the differences between the DPA and GDPR?

The GDPR has been implemented since the 25th of May 2018. Here are the factors that make it different to the Data Protection Act of 1998.

  • Increased territorial scope: The GDPR applies to any organisation that is using data from residents of the European Union.

  • Penalties: If an organisation is in breach of the GDPR they may face massive fines of up to 4% of their annual turnover – this is the maximum fine for the most serious of infringements.

  • Consent: As part of the new regulations, the organisations must request the consent of any EU citizen to allow them to process their data.

  • Notification of breach: If a company has been breached for any reason, the organisation must report the breach to the Information Commissioner’s Office within 72 hours. If they fail to notify within this time scale they may face a penalty.

  • Right to access: An EU resident can ask the organisation if they have or are processing any personal data. The organisation must then send a copy of all information that they store and how they are processing it.

  • Right to be forgotten: At any time, an EU citizen can tell an organisation that they wish for all their personal data to be erased from the company’s storage.

  • Privacy by design: ICT systems and processes must now all be designed around the privacy of the sensitive data of the data subject.

  • Data protection officers: Another name for chief information officer, every organisation must have a person in charge of the privacy of the sensitive information of their data subjects. This is to ensure that privacy is kept at a high standard.


SEO is the abbreviation of Search Engine Optimisation. All major search engines such as Google, Yahoo, or Bing use algorithms that read websites and rank them in how relevant to the users search criteria they are. You can optimise your website to be more definitive on what your content is about. This helps your website to be higher on the search engines ranking system.

To optimise your website, follow these rules:

  • Have a keyword that is relevant to the what your website is about

  • Use keyword rich content, search engines read your page, and will see how relevant to the keyword your content is

  • Internal and external links

  • Keep your website fresh, don’t leave the same content for months at a time

  • Keep your SEO up to date, search engines alter algorithms all the time


Why Your Passwords Should Be More Complex

As annoying as it is to remember multiple passwords, the worst thing you can do regarding your online safety is use a password with one word for every online account you have.

This is because whenever there is a data breach (such as the recent Dixons or Yahoo breaches), hackers sell the data they gathered to others who then will attempt to break into as many accounts as possible.

That is why it is important to not only change passwords recently, but to use different passwords everywhere and use harder to break (multi-word) passphrases.


Why is WordPress so popular?

We are at the beginning of the age of technology. There's no denying it. 47% of the world population use an internet enabled device. This means that it is easiest for your potential customers to find you if you have a website and not everyone wants to or has the time to learn how to build a website from scratch. Enter WordPress, the easier option to building a website.

It is a great way to build a good looking functional website. You do also have to learn a few things to be able to create the website that you envisioned but if you just want a website and didn't have something too specific in mind you could just install WordPress, find and install a theme you like, download a couple plug-ins to make building the website even easier and then get building. Its a simple way to get a website out there, without having to learn everything that was traditionally required to build websites such as HTML and CSS.

We use WordPress to build some of our websites because it makes it easy for our customers to update the information on their websites because it has a Content Management System (CMS). This is a very useful feature for us as it means that our customers can edit the text and other items on their homepage without needing to rely on us to do it.

As I said though, if you want a very specific look to your website then you need to either learn PHP, HTML, CSS, and a little JavaScript or you can come to us. We will get you to tell us what sort of website you want and how you want it to look, then we build a mock-up for you to decide if you like the look of it. If you like it we buy the domain name, install WordPress, find a theme close to what you wanted and then transform it into the website you wanted using our knowledge of PHP, HTML, CSS and JavaScript whilst also keeping it simple for you to edit.


What is GDPR and what do I need in my Privacy Policy?

GDPR stands for General Data Protection Regulation and is a Law made by the EU about Data Protection and is designed to replace the 1998 Data Protection Act. It brings in stricter laws around data handling and storage and primarily aims to give people more control over the data companies hold about them.

What does this mean for me?

If you have:

  • Data tracking such as Google Analytics
  • A registration Form
  • E-Commerce functionality (You collect information to process payments, orders, etc.)
  • A newsletter sign-up form
  • Include Social media links on your websites
  • A comment system such as Disqus
  • Scripts that use Cookies
  • A contact form for people to contact you directly from your websites
Then you are going to be affected by GDPR. Don't let this worry you though, compliance is pretty simple to follow, the main thing you should do is create / update your privacy policy.

What should I put in my privacy policy?

In your privacy policy you should disclose any and all information you collect about a person and how it is used (This includes whether it is transferred to a third party and a list of all third parties that information goes to). This sounds like it would be difficult but isn't, it's just tedious. If you make websites using WordPress or similar services that use plug-ins you should be able to check the relative website for the plug-in where they should disclose whether they collect any information, what they collect, and how they use it (including third parties). When (re)writing your privacy policy you need to reference GDPR terminology. You need to make clear:

  • The information you collect
  • what the information will be used for
  • How long it will be retained on the site or elsewhere
  • How and why you are collecting the data
  • the software / application you are using to facilitate data collection

What else do I need to have on my website?

If you use cookies you should have a clear banner stating that you use cookies and that more information about the cookies used can be found in your privacy policy. If you have a login portal and/or an email newsletter you need to have an active opt-in to the newsletter meaning that if someone signs up to the login portal they have to tick a box to opt-in to the newsletter, they can't automatically be opted-into the newsletter by signing up and having a checkbox that is automatically ticked. You also need to separate all the options a user can opt-in to instead of having one tick-box to opt-into everything. As well as different boxes for things to sign up for you also need to have a separate tick-box per method of contact and it needs to be as easy to opt out of these services as it is to opt-into them.


With browsers like Google Chrome starting to crack down on security the best advice would be to get one. However, if your website doesn't handle peoples personal information then at the moment you are fine. As it is at the moment you only need an SSL/TLS certificate if you transmit personal information through your website as browsers will warn users that their personal information may not be safe.

Examples of websites that currently should have SSL certificates are:

  1. E-Commerce websites
  2. Websites with a user area with a login portal
  3. Websites with a contact form

Not every E-Commerce site needs an SSL certificate though. If your site takes payments through a payment gateway such as PayPal and ALL (All meaning all, not some or most) the personal information is handled by the gateways site and doesn't have a login area to save "baskets" then the website doesn't need an SSL certificate, but it is best practice to have one. Having your SSL certificate means people are more likely to purchase something from your website since Companies like Barclays bank are educating people about best practices for purchasing online (checking for the green padlock is one of them).

Having an SSL certificate is recommended for all websites though as not only does it secure the connection between the user and the website, it also boosts your rankings on google making it a good excuse to have one so that even if you don't transmit any personal data using your website you can still climb the rankings on google providing you have the right SEO (You can read more about SEO here).

To answer the question "Do you need SEO?" It depends, but you definitely should get one for your website as soon as possible to make your website more trustworthy to users and to improve your Google Search rankings.


Most people tend to stick to the advice of using strong passwords for email accounts, but very rarely do they change the passwords on a regular basis. Changing your password can be annoying but it does help you stay one step ahead of hackers. A third tip is to not share your passwords with anyone.

Another simple way to protect your email account is to not open emails from unknown senders, and especially not the attachments in such emails. These emails can potentially contain malicious code that can infect your computer or other devices with a virus.


Why Do I Need To Clear The Cache?

The browser cache stores many files, images and scripts from websites on your computer to speed up loading times whenever you revisit a website. This can be limited in size, but the chances are that you will need to clear it out every so often (this can give you a noticeable increase in speed on your computer).

On occasion, not clearing the cache can cause issue on some websites. Firstly, it can cause old versions to be displayed, because your browser thinks there are no new updates even if there are. Secondly, not clearing the cache can make websites look poorly formatted due to some files being retrieved from the cache and others from the server.

To clear the cache, navigate to the settings in the top right corner menu in the browser. Most browsers have a search option and others have the option to clear the cache near the top.


General Data Protection Regulation is coming. Are you prepared?

A change in data protection is coming. On 25 May the long-awaited and much-hyped General Data Protection Regulation (GDPR) will start being enforced across Europe.

GDPR is the biggest overhaul of data protection laws in more than two decades but Elizabeth Denham, the UK's Information Commissioner, has called it an "evolution" rather than a complete "revolution".

For businesses and organisations which already comply with the UK's current data protection law, many things will stay the same but GDPR will bring in some new obligations. For example:

  • Appointment of a data protection officer is mandatory for all public authorities.
  • Significantly increased penalties are possible for any breach of the regulation - and not just data breaches.
  • A Data Protection Impact Assessment is required for high-risk processing.
  • There are legal requirements for security breach notification.
  • Data protection issues must be addressed in all information processes.
  • Removal of charges, in most cases, for providing copies of records to patients or staff who request them.
  • There are specific requirements for transparency and fair processing.
  • There's a requirement to keep records of data processing activities.
  • Tighter rules where consent is the basis for processing.

Top Tips for keeping safe online this Christmas.

Christmas is a stressful time of year, but even as the emails roll in we need to stay vigilant, especially when buying online.

1) Buy from reputable stores.
If a website that you're buying from doesn't have an SSL certificate (the green padlock in the address bar) don't buy! Your information won't be safe.

2) If it seems too good to be true, it generally is.
Similar to the above, make sure you purchase from reputable stores. Check reviews on sites like Trustpilot or Facebook.

3) Don't open email attachments from unknown senders.
If you get an email from UPS and you haven't ordered anything, don't be curios and open the email, it could compromise your computer.

Have a very merry and safe online Christmas from the team at Harrogate Web Solutions.


We regularly write about why it’s important to keep strong passwords and to change them regularly, but it is a message that can’t be stressed enough.

If someone is able to log into your email account, they have access to potentially every other online account you have linked to that email address. If you are aware of some simple steps whenever you are shopping online or are creating an account/logging on to a website:


Check if the website is encrypted.

The website will have a green padlock in the address bar and will say it is secure. Most browsers these days will say that websites without this will ask you if you are sure you want to enter your information.

If a website is insecure, hackers can potentially see and take your information that is being sent from your browser to the server.


Man in the middle attacks.

These seem to be less common than in the past but are still a very real threat. A few years ago, an unknown number called my mobile and said my computer was infected. Fortunately, I was able to realise that this was a scammer who wanted to remotely log into my computer, however upon taking to other people about it, the number who would have fallen foul to this shocked me.

These can also come about via email or through social media too.


Use different passwords for different websites

This is the most talked about and yet least followed advice, and it is a way of making your online presence that bit more secure. If you use the same password for every online account, it is much easier for hackers to log into each account.


Why it's important to pick an experienced SEO company

SEO is a very complex process which can make or break your online presence, so it’s important to pick a company with plenty of experience and a proven track record of not only providing a good service but an ongoing service, forging client relationships.

There are many factors to consider in SEO, and these are changing regularly for each Search Engine. This is another factor to consider when picking a company to carry out SEO on your website.

 

Top things to look for

  • Check for current clients’ SEO relative to their competitors
     
  • Check the SEO company’s own SEO
     
  • Make sure any questions you have are answered before signing up

It is important to keep your computer safe, especially when it contains data and files that are important to you and potenially your business. In this article we will look at 3 easy ways that you keep your computer safe and secure.

1. Strong Passwords 

You should always use passwords to keep your computer secure but using strong passwords will increase security further. Using just standard passwords that you use with every account on your computer can be potentially very dangerous. If someone manages to guess this password they have instant access to all your accounts. Not good. By using multiple strong passwords you can significantly reduce the risk of anyone getting into your accounts. A strong password should be over 8 characters long and use at least 1 lowercase character, 1 uppercase character, 1 special character and 1 number. However using more than this will make passwords even stronger. 

2.  Following Links

You should never click on links that you are unsure about. These links can be found all over the internet but are mainly found in emails, at a glance they may look real, but with the right knowledge to investigate you can easily spot an unsafe link. As a precaution, never follow links that look unsafe or from emails that appear 'spammy'. 

3. Don't Trust Pop-ups

You should never trust popups that appear on your computer, even if it looks like a program that you have installed on your computer. This is a common trick to make you install something that attackers can use against you. Instead, if a popups says a piece of software is out of date, go to the official website where you can get a direct installation of an update which is a far safer method of keeping things upto date. 

Although these are only a few examples of how to keep your computer safe, they will significantly reduce the risk of being hacked or have data stolen. 

Read More of our blogs to find out more about computer and internet safety


Recently we have seen an influx or emails using a method known as spoofing. Put simply spoofing is as follows, an employee receives an email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords). For example, the spoofer may send an email from 'name@spoofer.tld' but it may be received as info@yourdomainname.co.uk. This is common and don't worry, it doesn't mean someone has access to your emails, domain or domain DNS. 

 

Often this method is used to send spam however lately we have seen a rise in the number of scammers asking for a bank transfer. Please ensure all emails asking you to make a payment or send sensitive information are validated with the person of whom this is supposed to be coming from in person or via phone call.

 

Please do not visit any of the domain names mentioned in this blog as they were for demonstrational purposes only. If you have any questions please do not hesitate to contact info@harrogatewebsolutions.co.uk


Wordpress Security Tips

 

Keeping a Wordpress website is an ongoing process that you must stay up to date with. Not staying up to date can lead to hackers gaining unwanted access to the website and causing serious damage.

 

Points highlighted red are points that should always be considered and checked.

 

Updating:

A few simple steps you can take is to just keep the Wordpress version up to date. The Wordpress team are always rolling out updates and fixes for security issues raised by both the developers & the community. It's, therefore, important to make sure when a new update is released you do it. Keeping plugins updated is also just as important as they too should receive regular security updates to continue to operate securely on the latest version of Wordpress.

 

Secure Hosting:

Besides keeping everything up to date version wise you should consider server security too. Make sure you are using a trusted and secure hosting provider as hackers will often look for ways into the server not necessarily the website. If you are unsure about yours, you can always take a look out our managed hosting plans here.

 

Accounts & Permissions:

It's also standard practice to ensure you setup user permissions whether your website allows users to sign up or not. Make sure all user permission are set correctly for the given role as incorrect permission may give an unwanted user undesirable access to your website. Remeber to set a strong password for the admin account and change it on a regular basis. It's also a good idea to change the default Wordpress username from 'admin' to something a little more unique which makes it more difficult for someone to guess the admin login.

 

Limit Login Attempts:

One plugin we do suggest installing is 'Limit Login Attempts' which will allow you to set how many attempts you or a user can make before being locked out of that account for a set time. This can stop automated bots from trying to guess their way in with common usernames and password and the same for hackers.

 

SSL:

You can also install (or have setup) an SSL certificate, this stands for 'secure socket layer'. It encrypts data between the browser and the server so information sent in forms can't be stolen. There are a few other gains from this too which are listed below:

- Customer Trust (looks much safer)
- Good for preventing against phishing attacks
- Can boost search engine rankings
- All information is encrypted

 

Conclusion:
Keeping any Wordpress website is an always ongoing process as well as a tough and time-consuming job. However, there are countless ways to protect again hackers, phishers and other types of attacks using some simple steps. While doing some of these takes time, it's time that won't later be spent clearing up after your website was hacked and potentially malicious or dangerous content was placed on the website. If you are unsure about any of these we advise you speak to a specialist who can help you further, if you are interested you can view our hosting packages here where we can implement the above security features into any Wordpress website.


Website security is more important than ever with more hackers & scammers using all kinds of dangerous methods to steal data, redirect website traffic too dangerous websites or even break them which can ruin businesses. Fortunately, there are a countless number of measures you can take to fully properly yourself regardless of whether you have a one-page website or a 400 page eCommerce website.

 

The most simple thing you can do is make sure your website was built by a reputable company as poorly written code can pose a massive security risk by allowing scammers to steal data or inject dangerous code. It doesn't matter how much other security you apply to your website if the code uses old deprecated methods and is poorly written it will never be secure. 
This generally only applies to content management sites and eCommerce websites.

 

Another simple measure you can take is by purchasing something called an SSL certificate, it stands for 'Secure Socket Layer' and encrypts any data that is sent from the server. In layman’s terms, it provides the green padlock with HTTPS you see at the top. When you fill out a form and press send, the data is secured with an encryption and no one can access it other than the server the website is on. As a plus SSL certificates are also a ranking factor for Google, sites with them generally are seen as more legitimate and as such Google prioritises them above non-secure sites not to forget the more professional look. There are multiple different types of SSL available but your hosting provider should be able to inform you in more detail about these and which one is best suited to your website.

 

If your website uses something called a CMS or 'Content Management System' (somewhere to log in and make changes) then make sure you use a strong password using alphanumeric & special characters to make as hard as possible for people to gain access. For example 'simple' may become '$imP!e' as this is much harder to guess. Again make sure to not use this elsewhere, keep all your password unique and change them every few months. Avoid writing them down or storing them in an obvious file on your PC or laptop.

 

Do you have a contact form on your website? Let's say you do, does it have a captcha of any kind? A captcha is something which only humans can complete, it may say 'repeat the numbers and letters shown in the above box' Not having one opens your email inbox to spam, we recommend Google's reCaptcha as it's incredibly secure and easy to complete if it's your first time on the website. If it's not your first visit Google's reCaptcha will ask you to tick boxes or complete some other kind of verification to avoid spam. Again if your website utilises some kind of user based area either account or comments section, ensure you use a captcha to stop spam accounts from being created or advertisements in the comments section.

 

If you are unsure about any of the above or would like to know more HWS would be happy to assist you, email us at info@harrogatewebsolutions.co.uk or call now on 01423 313230.


The Importance of Website Statistics

How well is your website performing? Do you have up to date statistics on your website? If not you are missing out on important information regarding your website and its’ visitors.

If you don’t use Google Analytics or other statistics software such as AWStats, how can you tell where your website traffic is coming from and what pages people are dropping off?

Using statistics you can tell which pages on your website are bringing you business, and whether or not people spend time on your website.

You can also find which searches people used and how many people accessed your website via your social media accounts.

All in all, it is important to know how your website is performing and how the performance can be improved, and statistics can aid with this a lot.


Do I Own My Website

How much do you actually know about your website? Today Harrogate Web Solutions will go through some questions you should be asking yourself about your website.

 

Do I Own My Website?

This might seem like a trick question, but it is surprising how many companies don’t own their website. Services such as Wix and 1&1 allow you to build a website for low fees, but if you wanted to change hosting, it would prove difficult and expensive, especially as you don’t own it.

 

Can I Transfer My Website Anywhere?

Leading on from the previous question, being able to transfer your website to an alternative hosting company is incredibly easy or difficult depending on the website and domain you have. For example, moving a hand built (php) website on a .co.uk domain name could take as little as 5 minutes for the files, and 24 hours for the domain name.

Conversely, a WordPress or Magento website on a .com domain name takes at least a week to transfer the domain name, and due to the huge amount of files, at least 2 hours to transfer and setup the website.

 

Who Has My Domain Name And Who Is It Registered To?

Wherever possible, Harrogate Web Solutions register domain names to the client who bought them, despite paying the renewals each year. However do you know who your domain name is registered to? Ensuring it is you makes moving in the future exponentially easier.

 

Are My Details Correct On The Internet?

This point expands away from just your website. Are your details correct on Facebook, Google Maps, your business cards even? The smallest typo could spell big potential losses due to people not knowing how to contact you.

 

How Many People Actually Look At My Website?

Analytics are unbelievably important when it comes to improving anything, your website included. If you don’t know how well your website is performing how can you know what pages are or aren’t pulling their weight?

 

As the world embraces the internet more and more, having control of your own domains and keeping details up to date is a necessity.


Cookies have always seemed a grey area to many people, and since the cookie law passed in 2011 they have seemingly disappeared, but what actually is a cookie?

 

A cookie is a small text file that stores information in your browser (such as chrome, safari or edge) that contains data about

  1. your stay on a website + returning visits

  2. data entered into a website (such as log in details for that particular website)

  3. data about websites you have visited (this is usually for advertising through Google AdWords)

Unfortunately some websites took cookies too far and used them to gather data from web users, so the cookie law was passed so people would know if cookies are in use on a website, and what their purpose on that website is.

The law doesn’t state how a website should notify the user about the use of cookies, only that in the privacy policy of the website it tells the user what they are and how the website uses them (see ours here). Harrogate Web Solutions prefer to ensure the user knows what is being stored in their browser rather than a tiny, unnoticeable, link in the footer. To confirm users remember, every 30 days the banner is reset and will be shown.

If you have any further questions about cookies please ask, we will be more than happy help.


Businesses & Social Media

With there being so many Social Networks around it can be hard to decide which are worth your businesses time and which ones not to bother using. Harrogate Web Solutions today will explain the pros and cons of some of the major Social Networks and whether or not your business should be using them.

 

Facebook

Pros: Facebook is by far the biggest Social Network based on the number of users it has, and as they all ‘like’ things, Facebook collects the data to accurately recommend you to potential customers.

Cons: Must have a personal account to create the business page.

Summary: You should seriously consider using Facebook for your business.

 

Twitter

Pros: Instantaneous, updates occur in real time and users react quickly too.

Cons: As a micro-blogging platform, there is a character limit on posts. Text posts tend to go unnoticed, images are recommended to catch peoples attention.

Summary: Twitter is the network we recommend the highest due to the real-time updates, so many potential customers are available on demand.

 

Instagram

Pros: Instagram is great for showing the personal side of a business, and is a useful tool for showing off products.

Cons: Without interesting content you will be most likely ignored. Also content posted to Instagram must be posted from a smartphone.

Summary: If you have regular, interesting content to share, Instagram is recommended.

 

LinkedIn

Pros: Primarily for businesses trading with other businesses, and it can create connections with other businesses very well.

Cons: Not great for generating sales if you don’t sell to other businesses.

Summary: Usually a LinkedIn account is useful, but not essential for businesses who sell only to the general public.

 

Google+

Pros: Integrated with Google Maps, which benefits SEO greatly. Also integration with Google Hangouts which can be used for webinars or presentations.

Cons: Similar to Facebook in how it works, but with less users.

Summary: Google+ is recommended simply for the integration with Google Maps, posting updates is up to you, try it and if you get a response keep going.

 

YouTube

Pros: Worlds largest video sharing platform. Was also recently integrated with Google+, so webinars/presentations can be uploaded or livestreamed to YouTube via Google+. YouTube can also be used to show off new products in use.

Cons: If you have no content to share in a video format it wouldn’t benefit your business.

Summary: If you create webinars or have interesting content to post, we would recommend a YouTube account.

 

Pinterest

Pros: Similar to Instagram in that you can share photos, not only that but you can create albums (‘boards’) of photos, however unlike Instagram you can link to content that isn’t uploaded direct to Pinterest. For example you can ‘pin’ a YouTube video to a board.

Cons: Pinterest requires a lot of work than the other Social Networks mentioned to get a response.

Summary: If you have the time available for regular pinning and repinning, Pinterest can be successful for you.

 

Closing words

It is important to note for all of the Social Networks you chose to use that content you upload is relevant and interesting, spamming followers with boring content or posts that either paint you in a bad light or is irrelevant to your business is generally ignored and could harm your brand’s reputation.

 

Social Media is becoming more and more important for how brands are grown, so it is important that businesses learn to use it to its’ full potential.
If you enjoyed this blog please feel free to like our Facebook page, and follow our Twitter and Instagram accounts.


If you have any questions, do call us!   01423 313230

We're here to help, if you didn't find what you were looking for or still aren't sure about something you can call our dedicated team on 01423 313230 or email us at info@harrogatewebsolutions.co.uk