Big thank you and shout out for WordFence for monitoring, managing, education and publishing key invaluable articles that help webmasters, website developers and website managers around the world protect their clients and their websites! 🙂
1. As always, before I do anything, ensure back-ups of website & database are in place so that a safety net is created.
2. Audit each hosting plan to ensure upgrade easily implemented
3. Audit each website to ensure theme, plugins and widgets are compatible
4. Sanity Repeat – Just to check your ego at the door, double check that you didn’t miss anything. Feel free to call an expert like Jeremy Broekman or hire a programmer on Codeable.io to help out!
READ MORE: broekmancomm.com/wordpress-maintenance-and-security/
Using PHP 5 Becomes Dangerous in 2 Months
WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, these sites are in a precarious position and will become exploitable as new PHP 5 vulnerabilities emerge without security updates.
This post is in a FAQ format and describes why PHP 5 is reaching end-of-life, what the timeline is and what to do about it. The Wordfence team is working to create awareness of this issue in the WordPress and broader PHP community. You can help by sharing this post with your colleagues that manage PHP websites or use WordPress.
What is End-Of-Life or ‘EOL’ in Software?
When a software product reaches EOL, it is no longer supported by software developers. That means that, even if someone finds a security hole in the software, the developers will not fix it.
If a development team is productive, they will release many versions of the software they work on over time. It becomes impractical to support every version of the code ever released. So a compromise needs to be made.
This compromise is that the development team will only support their software for a certain amount of time. After that time has elapsed, the development team suggests that the user community upgrade to a newer version of the same software, which usually does things better than the old versions and is fully supported.
Is PHP Version 5 going to be EOL soon?
Yes. PHP version 5 will be declared End-Of-Life on January 1st, 2019. That is, in approximately two months at the time of writing.
The PHP development team’s policy with regards to end-of-life is as follows: each release of PHP is fully supported for two years from the date of release. Then it is supported for an additional year for critical security issues only. Once three years has elapsed from the date of release, the version of PHP is no longer supported.
PHP 7.0, the very first PHP 7 release, was released on 3 December, 2015, almost three years ago. PHP version 5 is rapidly approaching end-of-life and will no longer be supported starting on 1 January, 2019.
The final branch of PHP version 5 that is still supported is PHP 5.6. Because this is the final PHP 5 branch, the PHP team chose to extend the security fix period from the usual one years, to two years. That extended security support will end on 1 January 2019.
The following table includes the important dates for PHP 5 and PHP 7 branches. You can find this table on this page on the PHP website.
Why Should I Upgrade to PHP 7?
As mentioned above, PHP 5 will no longer be supported with security fixes, starting on 1 January 2019. That means that even if a vulnerability is discovered, it won’t be fixed, leaving your website vulnerable.
PHP 7 has many improvements over PHP version 5. These include performance improvements. PHP 5 has many known bugs that relate to performance, memory usage and more. PHP 7 is actively supported and developers are therefore able to implement those improvements and make your website run faster, be more stable and use your expensive resources more efficiently.
As an added benefit, PHP 7 also allows the use of more modern programming structures, which is a nice benefit for software developers.
How can I find out my PHP version?
If you are using WordPress and running the Wordfence security plugin, simply go to “Tools”, then click on the “Diagnostics” tab at the top right. Scroll down to the “PHP Environment” section and you will be able to see your PHP version on the right side of the page.
Alternatively you can install this extremely basic plugin on your WordPress site which will display your PHP version. Please note that this plugin is not produced by the Wordfence team and we do not endorse it.
If you have FTP access to your website, you can create a file with a name that is hard to guess. Then add the following two lines:
Save the file in your web root directory and then visit the file in your web browser. Your PHP version will be displayed at the top of the screen. Don’t forget to delete your temporary file once you’re done.
Which specific version of PHP 7 should I upgrade to?
Ideally, you should upgrade to PHP 7.2 which is the newest version of PHP. This version will be fully supported for another year and will receive security updates for a year after that.
If you are unable to upgrade to 7.2, then at a minimum you should upgrade to PHP 7.1. Full support for PHP 7.1 will end in 1 month. However, you will continue to receive security updates for another year after that.
Do not upgrade to PHP 7.0. This version will also become end-of-life in one month.
Does PHP 5 have any vulnerabilities?
Security vulnerabilities are continuously reported in PHP. Some of these are serious. Viewing this page on CVEDetails.com will give you an idea of the volume and severity of PHP vulnerabilities that have recently been reported.
Many of the vulnerabilities reported in PHP were discovered this year. Many more will be discovered in PHP version 5 next year, after security support for all versions of PHP 5 have ended. That is why it is critically important that you upgrade to a version of PHP 7 that is supported and is receiving security updates.
Will anything break if I update to PHP 7.2?
You may discover incompatibilities that need to be fixed by a developer if you update to PHP 7.2. PHP has undergone some changes since version 5 which has improved the language and made it more secure, but may result in warnings or errors for code that has not been made compatible with PHP 7.
If you are a WordPress user, WordPress core is fully compatible with PHP 7.2 and greater.
However, it is very important that you make sure that your themes and plugins are also compatible with PHP 7.2. If you are using an unmaintained theme or plugin, you may encounter warnings or errors due to incompatibilities. For this reason, we recommend you test your website on a hosting account or server that is running PHP 7.2. If you encounter any problems, contact the developer of the theme or plugin and ask them for an urgent fix. Remind them that PHP 5.6 reaches end-of-life in just two months and that you must update to PHP 7.2 by then.
This page has a list of deprecated functions under PHP 7.2 and will be helpful to a developer that is migrating code from PHP 5 to PHP 7.
What if my hosting company does not support PHP 7?
Your hosting account should include some kind of control panel or options and settings page. If you’re not seeing an option to upgrade to PHP 7, you should contact your hosting company’s support team to see what your options are. If none are available, we recommend you transition to new hosting before the end of the year.
What if my developer does not support PHP 7?
PHP 7.0 was released two years and 10 months ago. If your developer’s plugin, theme, or other PHP product does not support PHP 7 at this point, it is quite likely that the project is unmaintained. If the project was being maintained, then they would have had users who are using PHP 7 report problems within the last 2 years and 10 months, which they would have fixed.
Using unmaintained software is a bad idea because it means that security vulnerabilities are not being fixed. So if you do encounter incompatibilities when upgrading to PHP 7.2, this may be a red flag and may indicate you should move on to using an alternative product that is being actively maintained.
What is the easiest way to upgrade to PHP 7.2?
Many hosting providers offer a one click PHP version change in CPanel. This allows you to switch to PHP 7 and check your site for problems. If something doesn’t work, you can switch back and create a plan for addressing the issues you found.
If you can’t find where to update your PHP version, your hosting provider can advise you how to update PHP in their environment. It may mean them making a change on their end or even moving your site to another server.
Remind me again why I need to update to PHP 7.2?
The really good news is that you are probably going to see a nice performance improvement when you update your site. Sure, you may need to deal with a few, hopefully minor incompatibilities. But once you have updated to PHP 7.2, you can rest assured that you will continue to receive security updates until November 30, 2020.
If you remain on PHP 5.6, you may find yourself dealing with a hacked site some time next year when a vulnerability is released for PHP 5.6 and no fix is released by the PHP team because PHP 5.6 is end-of-life.
How can I help?
This deadline is coming up fast. All versions of PHP 5 will stop receiving security updates in 2 months. There are a huge number of websites that are still on PHP 5. As soon as security updates end, attackers will be highly motivated to find vulnerabilities that they can exploit, because those vulnerabilities will not be fixed and will be exploitable for a long time.
To help transition the global web community to PHP 7, please spread the word by sharing this post and helping create awareness about this tight deadline and how to transition to PHP 7.Read More »
We’ve seen a surge in proposals from referrals. There are many common variables to our collaborations.
Below we have compiled a quick preliminary scope of work list that any good digital marketing agency should provide to tease “THE WORK” that lies ahead as a team!
DIGITAL MARKETING AGENCY
Preliminary Scope of Work PROPOSAL =====
Brand Activation Set-up.
- Audit, Assessment & Intake Interview
- New Logo Development
- Business Card Development
- Develop e-Signature email + e-Letterhead
- Facebook Fanpage Development
- LinkedIn Profile Development
Dedicated Website Brand Development.
- Research and Acquire domain matching brand and with search engine optimization (SEO) potential
- Set-up hosting and install WordPress
- Acquire WordPress theme that provides current and future functionality/design
with ability for growth, integration of tools, expansion, serviceable by theme author, etc.
- Create Site Map / Table of Contents and Website Menu- Create landing pages with strategic content
- Include Security Protocol package to minimize any hacking and seal website
- Include Website Analytics & SEO package to maximize website search success
- Determine rich keywords and SEO friendly terms to maximize impact
- Complete a “Googlization” of the site including Google Webmasters Tools, Google My Business set-up, Gmail account set-up, Search Console integration, Google Analytics set-up an integration, etc.
- Onsite SEO package to get us started – Yoast Plugin, sitemap submissions, per page optimization
- Offsite submissions and SEO – back-links included
- Ensure Social Sharing integration – FB like, promote on Linkedin, tweet, etc.
Lead Generation Program
- Develop lead generation / marketing plan
(minimum 2-3 hours to develop together). Marketing can and SHOULD include other elements including website banner advertising, key organization/business-to-business/trade advertising, sponsored email advertising, sponsored advertising via social media channels, influencer marketing, blog advertising.
- Social Media channel marketing
Including specific campaigns for Facebook, Instagram, Linkedin, Slideshare, Pinterest, YouTube, Google+, Vimeo, etc.
- Pay-Per-Click advertising
Strategy, copy writing, keyword selection, image/asset collection and set-up of accounts.
- Facebook Set-up
Minimum 3-4 hours set up first campaign with 3-4 rotating ads/variations. Requires Facebook Ad Budget – minimum $100/wk – $400/mth
- Google set-up
Minimum 5-6 hours set-up campaign with 40 keywords and variations of ads). Requires Google PPC Ads Budget – minimum $400/mth
- Blast Email Marketing.
List cultivation. Design email blasts. Oversee distribution. Report Opens/Clicks. Monitoring leads/website visitors. Determine Return on Investment (ROI) AND Return on Engagement (ROE)
- Direct Mail targeted campaigns. Could include EDDM (direct to door) marketing.
Strategy, Design, Print & Oversee Fulfillment.
- Develop lead generation / marketing plan
Who Are We?
Digital Marketing Agency specializing…
• MARKETING & BRANDING – CAMPAIGNS & STRATEGY •
• ADVERTISING • PR, PUBLICITY & PROMOTIONS • SOCIAL MEDIA •
• WEBSITE DEVELOPMENT • SEO • SEM • PAY-PER-CLICK •
• LEAD GENERATION • IN-BOUND MARKETING • BUSINESS DEVELOPMENT •
What We Do
MARKETING & BRAND MANAGEMENT
Build & repackage brands leveraging integrity/history making them relevant, viable and competitive.
We transform brands and professionalize corporate culture. We bring visionary creative services. We encourage collaborative environments. We tap creativity by getting into the heads of your leadership & management and translate that vision into tangible results.
Brand Design & Management. We bring savvy ‘studio branding’ tactics, corporate marketing/PR initiatives, visionary creative services, and solid BizDev optics/perception-building tools to take you to the next level.
BRAND ARCHITECTURE & STRATEGY
Marketing Director + Publicist + Social Media Director + Creative Director/Graphic Designer in ONE
Delivering high end high impact marketing firepower, brand strategy, creative identity platforms and promotional might for luxury companies throughout U.S., Europe, Costa Rica and Middle East. We will redesign your corporate identity – from logo, business card, website and social profiles to setting virtually all your print collateral, advertising, investor relations, public relations & digital collateral needs.
CORPORATE IDENTITY PROGRAMS.
Since 2000, we’ve successfully created brand management programs, identity campaigns, creative platforms and style guides. We understand that our clients sometimes need guidance, copy, messaging & direction – the plan; and others, they need the deliverables and marketing collateral. We listen to what you want and deliver what you need.
We build successful brands.
We make things happen with our infectious enthusiasm, our will for immediate action and our passion to serve.
We Tap creativity by getting into the heads of your leadership, management & marketing leaders through situation assessments, creative briefs, recon and research.
We then export your corporate identity while manifesting brand strategy & marketing/PR initiatives.
You walk away with a strategic creative platform / a visionary launch pad to drive your business.
It’s RARE when work with a firm that can handle digital marketing and design/printing/traditional marketing well… let alone an agency with with sales, publicity, communications and marketing background in one.
IT IS ALL ABOUT PERCEPTION
As a publicist and communication/branding specialist, this is our daily mantra.
RATES & PROGRAMS – Please contact us and we’ll be happy to do a free consultation and give you a proposal based on your preliminary scope of work!
Did you know? We also….
LEADERSHIP & CORPORATE RETREATS
We are charismatic connectors, motivational speakers, master networkers, change facilitators & innovation creators.
We create opportunities for your team to think together, collaborate effectively and team build. Effective strategic leadership through charismatic, direct, clear, concise and assertive communication practices. Effective feedback. Strategic planning. Team building. Your management/leadership team will achieve a greater sense of personal buy-in, purpose and passion to drive the business successfully into 2018 and beyond.Read More »
TRANSFER AWAY FROM REGISTER.COM
For those that need help with transferring their website domain from Register.com to GoDaddy, here’s the link to a how-to page on GoDaddy.com…. conveniently copied here for your convenience.
Before you can transfer your domain name registered with Register.com to us, you need to prepare your domain name so it will successfully complete the transfer process. You must make sure of the following before you begin:
- The domain name has been registered at Register.com for at least 60 days.
- The domain name contact information has not been changed within 60 days.
Once you ensure that the domain is eligible for transfer, you must follow the basic steps for preparing a domain for transfer before you can begin the process with us:
|Step in the Process||Reason|
|Disable privacy settings||
|Confirm administrative contact info||
|Obtain authorization code||
Disable privacy settings
- As with most registries, you will need to contact Register.com directly for assistance removing privacy.
Confirm administrative contact information
- Log on to your account at Register.com.
- Click the domain you want to transfer.
- Under the My Account section, click Contact Information.
- Under the Administrative Contact section, click Edit.
- Update the contact information, click Continue, and then click Continue again to confirm Whois changes.
NOTE: Changes to contact information may take up to 24 hours to take effect.
NOTE: If your domain is already unlocked, skip ahead to the Obtain Authorization Code section.
- Click the domain you want to unlock.
- From the Enable/Disable Domain Lock section, click Disable Domain Lock.
- Click Continue, then click Continue again on the confirmation page.
Obtain Authorization Code
NOTE: Some domain name extensions, primarily country-code top-level domain names (ccTLDs), do not require an authorization code.
- Click the domain you need an authorization code for.
- Click Obtain Auth Info Code at the bottom of the page and click Continue Transfer.
- You will receive a warning message. Select the acknowledge box and click Continue Transfer again.
- Fill out the mandatory fields, then click Request Authorization Code. Your authorization code request will be verified.
NOTE: Your code will be sent to your email address within 4 – 5 days.
Once you’ve completed these basic steps at Register.com, you’ll need to shift your attention over to GoDaddy to complete the process by purchasing a domain name transfer and authorizing the transfer to us.
Purchase Domain Name Transfer
You must purchase a domain name transfer from our website. We send an email message to the domain name’s administrative contact after you purchase the transfer. The email contains the transfer IDs (transaction ID and security code) you’ll need to authorize the transfer in to your account with us.
NOTE: If the extension you want to transfer is not listed, you cannot transfer the domain name to us.
When you purchase the transfer, select one of the following nameserver options:
- Keep the existing nameservers — If you have a hosted website for your domain name (with us or another company), select this option to ensure that your site does not go down during the transfer.
- Change … to park nameservers — If you have an email account with us for the domain name, are using our Off-site DNS, or if you’ve created a Premium DNS transfer template prior to the transfer, select this option. For more information, see Managing Domain Names with Off-site DNS and
Authorize Domain Name Transfer to Us
- Log in to your Account Manager.
- Next to Domains, click Manage.
- From the Domains menu, select Transfers.
- Click Authorize transfer.
- Click Add now.
- In the Transaction ID and Security Code fields, enter the transfer IDs we sent to the administrative contact’s (admin) email address, and then click Add.
NOTE: If you did not receive transfer IDs, click Resend Transfer IDs.
- Do one of the following:
- Select the Basic tab, and then enter the Authorization Code from the current registrar (if applicable) in the field next to your domain name.
- Select the Bulk tab, and then enter one domain name and its authorization code per line. Separate each domain name from its authorization code with a comma, space, or tab.
- Select I authorize the transfer…, and then click Finish.
- Click OK.
NOTE: For most domain name extensions, a transfer between registrars takes five to seven days from the time you authorize it. The process and time required for transfer completion can vary for certain extensions, such as country-code top-level domain names (ccTLDs). For more information, see About ccTLDs (Country-Code Domain Names), and then click the Help article for your extension.
Why is my site slow?
Courtesy of GoDaddy!
Your site can feel slow for two reasons. It can take a long time to generate a given page on the server side or it can take a long time to load the site in your browser. It can also feel slow for both reasons combined! For more information, see Top 5 Website Performance Problems.
If you’re using WordPress®, you can try Troubleshooting Common Issues in WordPress. W3 Total Cache is a performance optimization framework for WordPress, that is designed to work in any type of site or web hosting account.
You can also use free third-party tools to troubleshoot the cause of your site’s slowness and to make a plan for your next moves.
OUR FAVORITE TOOL
Using Pingdom, you might be able to determine the cause of your site’s slowness.
To Use Pingdom to Determine Site Slowness
- Go to Pingdom Tools.
- Enter your website URL.
- Click Test Now.
Things to look for:
- If you see a large page size (more than 1 MB), then your site requires the browser to download a lot of files before it can display your site’s content.
- If you see any 4xx or 5xx errors on the Page Analysis tab, that means your site is referencing a URL that doesn’t exist (cannot be found), or otherwise is generating an error. You should investigate to see which URL is causing the error and fix it.
- If you see any 3xx statuses on the Page Analysis tab, that means you’re referencing a URL that is causing a redirect (an additional request). You should investigate to see which URL is causing the redirect and fix it.
- Under the Page Analysis tab, if you see a large amount of time spent on another domain under Time Spent per Domain, this means another site’s content could be slowing down your site in the customer’s browser. You should investigate this further.
If you’re still stumped, please try to find patterns in slowness before you contact help or tech support so we can handle your case quickly. Patterns to look for:
- Is your site slow only during certain hours of the day?
- Is your site slow only from certain geographic locations?
- Are only certain pages of your site slow?
- Do you host multiple alias domains on your account? If so, are they all slow, or just one?
- Do you run multiple Web applications on your account? If so, are they all slow, or just one?
- Do you run multiple plugins, modules, or themes for your Web application? If you disable them, does your site speed up?
- Is your connection to other websites slow?
Any additional information you can provide will help our tech support track down the issues quickly.
Top 5 Website Performance Problems
Courtesy of GoDaddy!
Knowing how to improve your website’s performance is important. We use tools like P3 Profiler, Yslow, Pagespeed, andWebPageTest.org to diagnose poor Web page performance. For more information on using tools to determine site slowness, see Why is my site slow?
It’s quite possible that your website is slow because of one of the five issues below. Check them out, and see how they relate to your site.
- Page Size — The bigger your page, the longer it takes to download, especially over slower connections.Big images are probably the number one cause of slow loading pages. Most image creation software has image compression options. There are also online tools, such as Smushit by Yahoo®! that can help you compress large images. You should make sure that each image on your website is optimized for the Web. Also, resize images to fit the width and height you want them to display on your page. We often see people upload giant 2000-plus pixels-wide images they snapped with their digital cameras and then use the width and height parameters to shrink them, like this <img width=”500″ height=”300″>. Don’t do that. If you say width=”500″ height=”300″ in your img tag, the image should be optimized and 500×300 pixels.
- Time to 1st Byte — An increased time to 1st byte means there are too many SQL queries or non optimized SQL queries. This can also include server-side calls to third-party API. If you’re running WordPress, get the WordPress Plugin P3 Profiler to discover what plugins are running what queries and how long each one takes.If you’re a WordPress user, there are a number of plugins you can check out. We’ve seen caching plugins affect performance both positively and negatively on customer sites and it’s largely dependent upon the traffic, and how dynamic the site is. Popular choices for WordPress are WP Super Cache, W3 Total Cache, Batcache and Tribe Object Cache. These plugins offer various page, database and browser cache features. Try each one out (one at a time, not all at once) and see what works best for you.
mod_pagespeedto help automate this for your site. For more information, see Which mod_pagespeed functions do you support? Also be wary of how many third-party domains you’re using. Too many social buttons cause problems. If you use WordPress, you might want to check out the WordPress plugin Lazy Social Buttons.
- Cached Objects — You want browsers caching your site. You need to instruct the Web server to enable expires headers on your static objects. This tells browsers to cache the site. This is not currently enabled by default on our Windows hosting plans, but is available for Linux plans. For more information, see Enabling mod_expires with Your Hosting Account.
- Text Compression — If you don’t have text compression turned on, your page is going to be slow. We turn this on by default on our Web Hosting plans, so your if your page is suffering from this, it’s either because of third-party objects, or it somehow got disabled on your hosting account. See Enabling mod_deflate with Your Hosting Account for more information.
And finally, use Website Accelerator to speed up your site. See Why should I use Website Accelerator? for more information.Read More »
How your site works
Your website is made up of a group of files and directories, much like the Documents folder on your home computer. In this case, though, everyone in the world can see some of your files. To give you an idea of how the directories and files work, we’ll look at a view of the File Manager.
Contents of /home/domain/
Above, you can see an example of the files and directories in your site. There are three main directories to be concerned with:
/home/domain/ – This is your home directory. All of your files are stored within this directory. Files placed directly in this directory will not be visible on the Internet. You will start out in your home directory when connecting by FTP, Web Disk, or the File Manager.
/home/domain/public_ftp/ – This is the directory used for anonymous FTP access. Any files in this directory can be downloaded by anyone if anonymous FTP access is enabled.
/home/domain/public_html/ (www) – The public_html directory contains the files for your site. Files in public_html and any subdirectories of public_html will be viewable by anyone on the internet.. (/home/domain/www/ is the same directory as /home/domain/public_html/).
When someone views a directory in your public_html area, they will see the index page for that directory. When creating your index page, you should use one of the following names (the first one found will be shown if the visitor doesn’t specify a page in the URL):
For your visitors to be able to visit your site, you will need to add some files to it. You can add files through the File Manager and the Web Disk.
The File Manager
The File Manager allows you to view the files in your site as well as to upload new files and modify existing files. You can access it on the main screen of your interface through the File Manager area. Once inside the File Manager, you can click on to upload files to your site.
If you need to move a lot of files at a time, or find yourself often making changes to your site, you can set up a Web Disk to easily access your site. A Web Disk allows you to add a link to your home computer’s desktop that goes to your website’s files. This means that you can view the files on your site just like you would the files on your home computer. The next step will allow you to create and set up your Web Disk.
You can use FTP to upload files to your site. To do this, you will need to create an FTP account. You can do this in the FTP Accounts area which is linked on the home page of this interface. Then, you will need to download a FTP client that works with your operating system so you can connect to that account.
The Web Disk allows you to easily drag and drop files to your hosting account. Once your Web Disk is configured on your local (home) computer, you can then drag and drop files to it, edit files, or view file information, just as you can on your local (home) computer.
Web Disks Subdomains are relative to your account’s home directory. The icon signifies your home directory which is: “/home/domain”.