In a previous instalment, we looked at the different types of SPAM that your website could fall victim to, from comment SPAM to email SPAM and everything in between. We even covered different ways of helping to prevent it, which included using Google ReCAPTCHA on your contact forms and installing an anti-SPAM plugin. Now, whilst those are very useful tools, you may find yourself in the situation where you are still receiving SPAM emails. That’s obviously something you’ll want to avoid, which is why in this blog, we will look at some key ways to identify these SPAM emails (if you’re not too familiar), why you’re still receiving them and what you can do to prevent them.
You may find that some of these emails are automatically caught by your email client and are either added straight to the Junk folder or are at least marked as SPAM. This often doesn’t happen, so it is important to know what to look for, to prevent you from accidentally replaying to these emails, or clicking on any links they contain. Take a look at this email below that I received.
Here are quite a few things wrong with this email, which will give you an important indication that the email is SPAM and should be deleted quickly.
SPAM emails will always be sent out of the blue. Essentially, you never asked for them, but you got them anyway. I’m not actually sure I could imagine a credible scenario where someone would ask to be spammed. They usually advertise services or products, of which you have no interest. In this case, the spammer is advertising app design services, but it could just as easily be web design services, guest blogging, sunglasses or anything in between.
Here, you can see the email is addressed generically and doesn’t use yours or your business’ name. In this example, the emailer just says ‘hi’ to start with.
In the image, you can see there are discrepancies with the supposed name of the sender and the email address. In this case, the sender is supposedly called ‘Jason Wells’, but the email address has the name ‘Andrew Loniem’ and the name that appears in the sender area is ‘Lisa Wloch’, none of which are consistent.
You can see that the sender’s email address isn’t a company-branded one. In this case, as is often the case, it appears to be a personal email address. When you’re advertising your services as a business, claiming you have done lots of apps for people, wouldn’t you want to have a branded, traceable email address, to show off to potential clients?
There is no mention in the email text of the sender’s company or brand name. A reputable agency, as they claim to be, would want to advertise this to potential clients, who could then go and take a look at their portfolio and testimonials etc.
Anyone who knows branding and marketing knows that first impressions are extremely important. If this email is the first contact you have with that company, they should want it to be perfectly written, to give off a good first impression. Here, the grammar, punctuation and spelling are all exceptionally poor. Now, people of course do have different standards when it comes to grammar, so this isn’t necessarily an indicator of SPAM. In addition, if English isn’t the person’s first language, you can make an exception. However, if a company is advertising their amazing services (in this case app design services) then you would expect to see a good command of the language. If not, you can rightly assume that their product, if they even do have a product, is of low quality and is riddled with errors.
Now, this example doesn’t have clickable links, which is a positive thing. However, you will often see many of these in an email. These unsolicited emails tend to include them, in the hope that people will click on the links. In the best case, these links are just there to direct more traffic to the sender’s websites. In the worst case, these links would cause malware to be downloaded, or the user’s details to be stolen. The more genuine emails wouldn’t send you any links unless they knew you were open to receiving them.
You may find that an email you receive has all of these. You may find that it only has one or two. The main message is, don’t interact with them. If you’re not sure, it is best to just get rid of the email. It’s better to be safe than sorry. Now, let’s take a look at why you are receiving these emails, even after you have installed anti-SPAM services.
Any sophisticated anti-SPAM software will be able to block SPAM information being sent through a contact form, SPAM comments on blog posts, non-human visitors to your website and more. However, SPAM attacks are constantly evolving and you may be finding that despite your best efforts, you are still receiving these unsolicited emails. If you are, there’s a key reason why.
There’s an all-too-common practice called ‘email address harvesting’, which is essentially where harvesting bots (special pieces of software) scan websites, looking for email addresses present on websites. Once they’re found, they are extracted (harvested) and stored in various lists. Spammers can then purchase these lists in order to send everyone on the list their SPAM emails. That’s one of the reasons why these emails often are addressed generically, since the spammer only has your email address.
Now, it is possible that your email address has been extracted from an account you signed up for, although this isn’t anything you can sort. It would be down to the security of the website you’re subscribed to. However, more often than not, you’ve innocently put your email address on your contact page, in your website’s footer, or even in a header bar. This is fantastic for user friendliness, since some people would prefer to send you an email directly, rather than using your contact form. It is unfortunately most likely to be the reason why you are receiving SPAM emails.
There could, of course, be other reasons why you are receiving these emails, such as posting your email address on forums, online articles, or anything in between, although this is a very common reason, linked to your own website. Let’s now take a look at how you can stop it from happening.
As we have seen, you could be receiving SPAM emails due to email harvesting. When you post your email address on a website, it could easily happen. The best way to ensure this doesn’t happen is to effectively mask your email address. Now, I know what you may be thinking – you don’t want to do this, since you need your visitors to actually see your email address, so they can get in touch with you. Well, don’t worry. Masking your emails doesn’t mean making them invisible, or illegible to the human eye. It is actually to do with the website code, but not the visual result.
The easiest way to mask your email addresses, if you’re using WordPress, is through an email encoder plugin. Once installed and activated, this plugin would do the rest, without you having to lift a finger. A few of the best ones are:
These plugins do something very simple. They look through all of your web pages for any email links and then mask them from any email harvester. Take a look at the examples below, to get an idea of how they work.
The first example is what your email address will look like inside a website’s code, if you have made it clickable and it is not encoded. When you click on a ‘mailto’ link, it essentially just opens up the default email programme you’re using. This makes it an easy target for any email harvester.
The second example is what your email address looks like, once it has been encoded. Whilst the email link is still perfectly usable, as it was before, the ‘mailto’ link is no longer there. That means your email address cannot be harvested like it used to, successfully closing off another avenue to you falling victim to email SPAM. Of course, different plugins will work slightly differently, but the outcome is the same.
We know that there are many reasons why you might fall victim to SPAM. One of those is through the email address(es) you have on your website, to help your visitors to get in touch with you, which means your emails could be harvested and sold to spammers.
You need to prevent this from happening. Of course, the simplest way would be to not post your email addresses on your website. You could also add your email addresses to your website as images. However, you shouldn’t do that. It is terrible for the user experience, since people want to be able to click on an email link, or at least copy it. They can do neither when you have an image there instead.
That’s why you should use an email encoder plugin, to mask the email addresses you have on your website, to prevent them being harvested and sold to spammers. The examples provided in this blog work on the WordPress platform. Although different website platforms work slightly differently, they should all have similar same functionality. Of course, there’s nothing to stop a human visiting your website, clicking on an email link and sending you an unsolicited email. However, in conjunction with an anti-SPAM plugin, you’re now giving yourself the best chance of preventing SPAM.
At Digital Lychee, I make sure that all my clients have the perfect website for their needs. Whether you are looking for a brand new website or just help upgrading your current website, I will help you create a great-looking, functional and ultimately secure website, that prevents as much SPAM as is possible. If you are interested in my services, or you want to find out more about my blog, I would love to hear from you. You can get in touch with me here.
I am proud to announce that my latest client website is now live! Mary Doyle, who founded Rocket Girl Coaching, is an inspirational Accessible Aviation Consultant, Disability Equality Trainer and Online Executive Coach, who lives with a disability but never lets it get her down. She was named in the Shaw Trust Disability Power 100 in 2018 and 2020 and was also a recipient of an FSDP (Flying Scholarships for Disabled People) scholarship. If you want to find out more about her or get in touch with her (or both!) you can do that at https://rocketgirlcoaching.com.
If you’re thinking of getting a website built, or upgraded, for any purpose, from a business to a club and anything in between, please don’t hesitate to get in touch!
In a previous instalment, I explained why it was important for you to set up a staging site, from allowing you to break lots of things on your website, to training new webmasters. There are, of course, a number of ways you can do that, which can suit different people or organisations better. Over the next few blogs, I will take you through those, starting with the more manual, cPanel way.
For those of you who are not aware, the cPanel is a Linux-based graphical user interface (GUI) which is used as a control panel to simplify the management of your website and its server. It provides all the functionality you would need to be able to publish your website, manage any associated web domains, create mailboxes and forwarders and even manage spam filtering. It is through the cPanel that you would set up your staging site. To do that, I’ve set out the following steps you should follow.
This method works best when you have your web domain hosted within the same account as your database, which means you wouldn’t need to update any DNS (Domain Name System) records. In this tutorial, that’s the situation I am presuming you find yourself in. If not, please feel free to leave a comment and I will do my best to give you the advice you need.
When you’re creating a staging environment for your website, you need to make sure it is effectively separate from the live site, so it doesn’t interference with that site and cannot be found through a simple search. The best way to do that is to create it using a subdomain. You’ll have come across these before in numerous guises. For example, you maybe have seen companies who run a blog on a subdomain, looking something like this: blog.mywebsite.com. In this case, you want to name it something like dev or staging but in reality, it is up to you. To create it, log into your cPanel and select the Subdomains icon in the DOMAINS section.
Once you’ve clicked on this, you’ll be taken to a new page, which will allow you to enter the name of your new subdomain. In the first box that appears, you will be allowed to choose the new subdomain, in the Subdomain box. When you do choose your subdomain, the Document Root will automatically populate, so you don’t need to worry about that. The Document Root is in fact the folder to which all your subdomain’s files will be copied, at a later stage. Once you have clicked on Create, you will see a green success message.
Now that you’ve created the subdomain from which your staging website will be run, you need to create a new database for your staging website. To do this from your cPanel, select MySQL® Databases from the DATABASES section.
Once the new page has loaded, you simply need to head to the Create New Database section, type in the database’s name and click on Create Database. As in the previous step, you’ll then be greeted with a green success message.
Much like a car needs a driver, or an aircraft (not some military ones though) needs a pilot, your newly created database needs a user. To create this user for your database, in the same MySQL® Databases section of the cPanel, simply head to Add New User under the MySQL Users section. There, all you need to do is create a new username, generate a password and click on Create User. Again, you will see a green success message once you have created the user.
Now, to add the user to the database, you simply need to navigate to Add User To Database, which is directly below Add New User on the same page. Here, simply select the user you just created and the database you created previously, before clicking Add.
When you do this, you will be taken to a new screen, which is called Manager User Privileges. Simply select ALL PRIVILEGES and then Make Changes. You will see a green success message when this is complete.
When you create your staging website, you want it to be an exact replica of your live website, to give you the best chance of seeing what any changes you make will look like, when they are published. That’s why you need to copy the website files over, rather than simply starting afresh. To do that, head to the phpMyAdmin page within the DATABASES section of your cPanel.
One you have been redirected to your phpMyAdmin section, head to Export. There, you will be greeted with the export window. From there, it is as simple as selecting Go and saving your downloaded database file somewhere you can find it. You can leave the Quick option selected. There’s no need to use any Custom settings.
Next, select the new database from the sidebar menu, head to Import and browse your computer for the file you just exported and select Go. Then, after a brief moment, you should see that all the database files you exported have been imported into your new database.
You need to remember though that as you have copied the database files from the live site, the staging database will default to using the live site’s URLs. You need to change this. Still in phpMyAdmin, ensure you have your new database selected and expanded, and head to the wp_options tab. Here, make sure you edit the siteurl and home properties, to point to your staging site.
By this point, you will have set up your subdomain, database, user and will have imported your live database into your staging one. The penultimate task you must complete is to make sure you transfer all of your files from the live website domain to the subdomain. To do this, select File Manager from the FILES section in your cPanel.
Once you are in your File Manager, in the menu on the left you will notice two files: public_html and dev.digitallychee.com (in my case – yours will be whatever you set your subdomain to be). Essentially, all you need to do is copy and paste the files in public_html folder to your subdomain folder. You can do this by selecting all the files in public_html, right click, select Copy and in the window that appears, change the file path from the default (public_html) to that of your subdomain.
At this point, you’ve set up your subdomain, set up your database and you have copied over your website files to the subdomain folder. The problem is, the files you have copied over are still looking for the database of the live site. To remedy this, simply right-click on wp-config.php within your subdomain folder, select Edit and then Edit again. There are three characteristics that you need to change here. These are: DB_NAME; DB_USER; DB_PASSWORD. These should be changed to the values we created in previous steps.
By this point, you have completed everything you need to do within your cPanel, to set up your staging website. There is, however, one final thing to sort. Throughout your staging website’s database, there are still likely to be references to the live site’s URL. That can pose quite a problem, which needs to be sorted. But don’t worry, it is simple to sort, with a plugin.
Basically, you need to install a plugin that will look through your database and update any URLs to point to your staging website. In my case, this would involve updating https://digitallychee.com to https://dev.digitallychee.com. There are many plugins you could use, although the one I use for my WordPress website is called Better Search Replace.
Once installed, you will find the plugin at Tools > Better Search Replace. This will of course vary, depending on the plugin you choose to install. Next, you need to add your live domain into the Search for box, your staging domain into the Replace with box and click on Run Search/Replace. You’ll notice a tick box which asks if you want to do a dry run first. That can be useful, just to see if you actually do need to make any changes and it could also catch any errors you have made typing in the domains, before you make your changes, so you don’t end up with problems later.
If you have followed the above steps and you haven’t run into any issues, then voila, you’ve got a functioning staging website! If you’ve got any comments or questions about the blog, then please don’t hesitate to ask, by leaving a comment, or sending me an email.
For all my clients, if I am helping to build you a website, then I will ensure a staging environment is set up, so that we can agree on the new design, before it is published. I would love to hear from you, to help you get started on your digital journey. You can get in touch with me here.
If you either have a website, or you are thinking of creating one, for whatever reason, the chances are you’ll want to do some work on it at some point. Perhaps you want to build a brand-new feature, or you want to upgrade the theme, or anything in between. Whatever the platform is that you are using, that’s where a staging site, or staging environment as you may hear it called, comes in handy. In this blog, I’ll explain what a staging site is and talk you through some of the key reasons why you should use one. In future instalments, we’ll go through some of the different ways you can set one up.
A staging website, in the simplest terms, is a development environment not often accessible to search engines and the public, which can be used to test new or different elements of a website, before they are published to the live, public version of the website. It is quite common to password-protect the staging environment, to ensure members of the public can’t view it, even if they can find it.
The staging site itself can be developed in numerous ways, from using a local server hosted on your computer, right through to using the same hosting platform as your live site. We’ll cover that in more detail in future instalments though. So, knowing what a staging site is, why do you need to use one?
Now I hear you asking, why would I want to break anything with my website? This does of course seem counter-intuitive but bear with me. Whenever you have used anything from an app on your phone, to a word processor, Facebook or anything in between, all of these have been through a test phase, to iron out any issues before reaching you, the end user. If you were to make changes to your website and publish them straight away, you may very well publish errors without knowing, which in the best case would seem unprofessional.
Creating an environment in which you can test new or updated features of your website is very important; it means you are able to break things without any repercussions, allowing you to find potential issues before the end users do, resulting in a much better user experience.
If you or your organisation has a website, the chances are that you will have someone, such as a website manager or webmaster, whose job it will be to look after the website. This person will have the standard tasks of updating content every so often, writing blogs, adding new products to an e-commerce store etc.
However, when activities outside of that norm are required, which could include training up a new webmaster, or familiarising yourself with an updated system, a staging environment can essentially become a training ground. This would mean that whoever is managing the website can have more confidence when carrying out any sort of website-related tasks, helping to avoid any mistakes.
That’s where a staging environment comes in. It can perfectly mimic your live website, feature for feature, allowing you to implement all of your new features, demonstrate them to others within your organisation and make iterative changes, without anyone else seeing them. That way, you can be sure that you’re only publishing the perfect end product, that looks great and integrates seamlessly with everything else on your website.
I always liken a website to Russian (Matryoshka) dolls. Whilst your visitors will only see the end product (your website, the innermost doll) in reality there are many layers beneath that. Firstly, your website is installed on a host, which will have an interface, such as cPanel. Installed within your host is your content management system (CMS). Some of the most common ones you will have heard of are WordPress, Joomla, Wix, GoDaddy and even something like Squarespace, which I often use for clients. Going further, within your CMS, you will have installed your theme and any plugins you decide to use. All of these layers are individual pieces of software, often open-source and developed by many different parties. As a result, it is quite logical that there could be conflicts between them, especially if updates are required.
That’s where a staging site comes in handy. It provides you with the perfect environment to update any particular one of the pieces of software used on your website, with zero associated risk. If there’s an issue when you update something, you can fix it before it is published to the live site. If there are no issues, then you can just publish the changes straight away.
Third party scripts on websites are very common. So common in fact, that you might already be using them without being aware. For example, you might be using Google Analytics to assess where your visitors are from and which of your pages are the most popular. These types of third-party programmes have many uses and can be very useful. However, they can also be quite dangerous, facilitating cyber-attacks, such as the ICO’s crypto-mining attack, which affected the NHS and the British Airways attack.
When you install any third-party script, you need to test how it works, from its basic functionality to the data it collects. Staging sites are perfect for this, as you can use all manner of dummy data, which poses no risk at all, even if the code you’ve installed does turn out to be malicious.
In reality, there are many more reasons why a staging site is a must for anyone. However, I hope that these reasons have been able to persuade you to use one, if you aren’t doing so already.
For all my clients, no matter the size of the website, I will set up and use a staging environment to make any significant changes or additions, before publishing them to the live site. That way, you can be sure that whatever the change, it works perfectly and you love the look of it, before your visitors see it. Get in touch now to start your digital journey with me, be it building a brand-new website or improving an existing one. I am looking forward to hearing from you!
Not only am I proud to have joined the Women in Aviation and Aerospace charter as a supporting organisation, I am excited to share that I am now supporting their website, with everything from building new features to search engine optimisation and maintenance. You can find out more about them and get in touch with them here: https://www.wiaacharter.com/.
If you’re thinking of getting a website built, or upgraded, for any purpose, from a business to a club and anything in between, please don’t hesitate to get in touch!
To kick off the birthday celebrations, I am offering a huge 20% discount to the first person who can correctly guess the answer to this riddle. The offer is valid until midnight on the 2nd March and you must ensure you send me your answer privately. You can get in touch with me here. Happy guessing!