Blog

Should you make the transition to HTTPS?

Web browsers and search engines prefer secure web site URLs (using HTTPS) over standard web site URLs (using HTTP). Browsers now show warnings on a non-secure site that has a username and password prompt or a credit card field, hinting that your information could be stolen in transit. If it sounds scary, it’s meant to. Chances are low (but not impossible) that someone is going to be snooping your traffic on a wired Internet connection at home. But switch to WiFi and the risk increases. Browse at a coffee shop or on public WiFi and there’s a very real danger that someone sitting next to you could be logging into whatever site you’re logging into as you. It’s even worse if you use the same password on multiple sites — you’ve now potentially given someone the keys to your kingdom! Switching to a site to HTTPS prevents this information from being intercepted in transit.

In addition to added security and privacy, switching to HTTPS can come with an added performance boost if your hosting provider supports it. A new protocol, HTTP/2, which is only available via HTTPS, uses an optimized binary format, allows multiplexing, and allows servers to proactively push images and page assets to the browser. I won’t bore you with all the technical details here, but it’s much faster than using the standard version of HTTP/1.1.

Studies on the effects of switching to HTTPS on SEO are a mixed bag because SEO is such a complex beast, but most show a slight increase in ranking of an HTTPS site versus an HTTP site assuming all other things are equal. There are many, many factors that influence SEO ranking, so don’t expect that this one change will suddenly move your site from page 3 to page 1 … but given all the other benefits of using HTTPS, it certainly can’t hurt you if done properly.

Done properly, huh? What are the dangers? For one, you want to ensure you’re not creating “duplicate content”. If your site used to live at http://www.example.com/ and you enable HTTPS so that your site is now available on https://www.example.com/, there is a possibility that you could have both sites serving content from their respective URLs. This can create confusion for search engines as they will be seeing the same content and the same tags in two different places. Your “two” sites are potentially competing against each other for rank!

Whenever we transition a client from HTTP to HTTPS, we put the proper techniques in place to ensure their new site will be both user friendly and SEO friendly. We accomplish this through the use of 301 redirects and canonical tags. It may also be necessary to update your database and image tags to ensure content is being served from the correct URL.

It has been our standard procedure to setup any new sites we host with HTTPS enabled and forced on by default. We handle existing sites on a case-by-case basis, but almost all are eligible and would benefit from the upgrade.

PNT Turns 4!

PNT-Birthday-Card-2016

Ok, we should clarify. Play Nice Together as a name isn’t 4 years old, but The Branding Buzz (PNT’s former alias) began in the spring of 2012! Ahhh, 2012, what a great year. A perfect time to launch a web design agency that would marry the strict rules of tech and the zainy free-flowing lifestyle of design. Sure we could say that it all came together without a hitch, that everything just formed like a Lego Pirate Ship. But we would be lying…

Thanks for sticking with us this long. Keep the challenges coming and we promise we’ll share some cake with you. 😛

Hey, It’s January…

HelloJanuary

Ahh, the first month of the new year! January is kind of like the silence after a really crazy storm. We’re not used to it being so quiet, no matter how many times we deal with it. As a small business owner, there are a few things you can be doing, in this notoriously slow month, to prepare for the rest of the year. January is a time to reflect, reassess and recuperate. Here’s how:

Analyze last years ups and downs

Let’s start with reflection. Here’s hoping last year was an extraordinary success for you and your business. If so, analyze why you did well. What caused this surge in your business, how can you repeat this and maybe even increase it one way or another? If you felt you could have done better than last year, what changes are you willing to make to get there. Did you take too many risks? Try dialing it back a little, or flip that if last year was rather conservative for you.

Imagine you are playing a game of tennis. You either win the game or lose (I consider tying to be losing FYI). If you won the game, that’s great. Figure out ways to keep winning more. If you lost, then the only thing to do is to figure out what you did wrong and fix it for next time.

Take a deep breath

It’s time to reassess your business and your plans for the future. Just because you had a successful year prior doesn’t mean you should just rinse and repeat. This is the perfect time to grow! Plan a new ad campaign, work on a new product, work on gaining more impressive clients. This is the time to figure it all out. You’ll be too busy later on in the year to think about this stuff. Take this slow month to figure out ways to make this year better than the last. I mean, look what Uber is doing!

Relax

All work and no play…

Want to know what the best thing for your brain is after working its butt off? Rest. January is a great time to take a well deserved break. Whether it’s just a day or a couple of weeks, give your self time away from the office to just do nothing but relax. Sit by a pool, go on a cruise, spend time with your family. When you get back to work you will feel so refreshed and ready to take on the world! Time to recuperate.

That’s it, so simple, right? No, of course not. If running a business were simple, we would all be doing it! These are just some helpful tips to keep you moving forward. Here’s to another year filled with good fortune and success!

Happy 2016!

PNT-NYE-Card

2015 was a fantastic year for us. Not only did we meet (and get to work with) some fantastic clients, we also successfully rebranded into the agency you see today! we are so very thankful for all of your support in helping us create amazing things. Stick with us and we won’t disappoint. Onward to 2016!

Our New Year’s resolutions are to eat less dairy and to stop prank calling the supermarket down the street asking for Crystal Pepsi.

Happy Holidays!

PNT-Holiday-Card1

No matter what your plans are for the next few days, whether it’s opening presents with friends and family, or grabbing some takeout and watching Star Wars (if you haven’t seen it yet, come on), make sure to spend that time with those you care about.

Stay warm and have a happy holidays from all of us at PlayNiceTogether.

WordPress Importer plugin Content-Length problem solved

File-Compression

As a WordPress developer, I’m often tasked with migrating web sites and content between different WordPress installations. There are a variety of reasons this is done — maybe the client wants to switch hosting providers, or maybe we’re pushing from a test environment to a production environment, or maybe a new developer has started and they need a working copy of a site.

There are, of course, also a number of ways to perform a task like this: backup plugins, migration plugins, cloning plugins, database dumps, file archives, and more. I’ve used each of these with varying levels of success, so depending on the specifics of what needs to be done, I choose the tool that is most appropriate for the job. Most of the time I just end up using the WordPress Importer plugin because it’s quick and easy.

Despite it being easy, every once in a while I encounter an issue importing photos and other media using this tool. It’s usually a minor problem and I end up manually fixing the missing images … but I always wonder why the problem is so sporadic. It usually only happens with a few of the files, not all of them. I thought, perhaps, it was due to a crappy hosting provider on the remote end being unable to serve the images properly.

After encountering the problem while doing maintenance on our own site, I knew that hosting could not be the issue. I was importing about 100 images and over a third of them were failing. Repeating the import would yield the same problem, with the same exact images. That led me to believe there was something very specific about this certain group of images that was causing them to fail.

As a developer, there’s only one thing to do: look at the code and narrow down where the problem is. So I dug into the wordpress-importer.php file and searched for the “Failed to import Media” error I was seeing. Based on that section of code, I found the IMPORT_DEBUG option. I turned it on and tried the import again. Now I was able to see more information about the failure; the enhanced logging showed the message “Remote file is incorrect size“.

Okay, so images are being loaded from the remote server fine, but there is a mismatch with the file size that WordPress is expecting to receive. This error is thrown when a comparison of the Content-Length HTTP header versus the size of the file actually downloaded to disk does not match. After some head scratching and Internet research, I came across a post on the WordPress support forums from another gentleman having the same issue.

I tested the import again using his proposed changes and was able to get the importer to load all of my images 100% of the time. That still left me wondering why this was originally only failing for some images and not all of them, so I attempted to load a few of the failed images and a few of the successful images in my browser to compare the headers. I figured out that all of the images that were failing were very small in size. Since they were small, the web server could send them all in one chunk and therefore set a Content-Length header in the response. The reason the Content-Length was not matching the actual file size is because the remote server is using HTTP compression and the Content-Length header it’s sending is the size of the compressed file, not the original file size.

The larger images were being chunked (sent in several small pieces), and when chunking is involved, no Content-Length header is sent because the server cannot determine in advance what the final Content-Length will be. Since no Content-Length header was being sent for this group of images, the importer plugin was not doing a size comparison and let these images in without an issue.

Based on this testing, I determined that the WordPress Importer plugin is not compatible with remote servers that use HTTP compression. This led me to dig deeper into the WordPress core code to determine how WordPress handles compression compatibility in general. The WP_Http class sends an Accept-Encoding request header by default if the PHP installation can support deflate, compress, and/or gzip.

Thankfully, WordPress has great support for filters and hooks which allow changing the behavior of core functionality without modifying the original source code. The WP_Http::accept_encoding() method uses the wp_http_accept_encoding filter. I reverted the wordpress-importer.php file back to its original state and instead told the WordPress HTTP client not to send any Accept-Encoding headers by using the following code in my theme’s functions.php file:

add_filter( 'wp_http_accept_encoding', function( $type, $url, $args ) { return array(); }, 10, 3 );

(Note: The above will only work with PHP v5.30 and higher since it uses a PHP anonymous function)

Bingo! Another successful import with no images failing. This is because compression is no longer being used and now the Content-Length headers match the file size on disk.

I have reported this bug to the maintainers of the WordPress Importer plugin, but until it is fixed, I will include this filter as part of my standard WordPress setup tasks so I can go on importing images in the future.

A New Take on the Classic Nigerian Money Scam

shutterstock_230178715_2000

Imagine this: you’re the owner of a web design agency and someone fills out your contact form asking for your services. Awesome, right?!

The email comes in as:

I hope this e-mail finds you well! This is Mardam Bay. I would love to know if you can handle website design for a new company and also if you do you accept credit cards ?? kindly get back to me ASAP so i can send you the job details.

The email is sent from Mardam Bay with an email address of mardambay@hotmail.com. I pause for a moment and recognize the not-so-great English, but not everyone speaks English so the next thing I do is check where the email originated from. It has an IP of 197.211.53.25, which is based in Nigeria.

Okay, orange flags start going up now. Hmmmm. Why would someone in Nigeria contact a New York-based design agency? There’s only one way to find out — ask for more information. So I reply with “Yes, we accept credit cards and we can handle web site design for a new company. Would you like to schedule a phone call to discuss the details of your project?

Within 40 minutes, I receive a reply back from “Mardam”:

Thanks for the prompt response. I need you to check out this site but i need something more perfect than this if its possible. [URL redacted]. the site would only be informational, so i need you to give me an estimate based on the site i gave you to check out, the estimate should include hosting and i want the same page as the site i gave you to check out and i have a private project consultant, he has the text content and the logos for the site.
Note:
1. I want the same number of pages with the example site i gave you to check excluding videos and blogs.
2. I want only English language
3. I don’t have a domain yet but i want the domain name as [domain redacted]
4. you will be updating the site for me.
5. i will be proving the images, logos and content for the site.
6. i want the site up and running before ending of next month.
7. My Budget is $3500 to $6000

Kindly get back to me with:
(1) an estimate
(2) your cell phone number
(3) And will like to know if you are the owner ??

Regards
Mardam Bay

Interesting. It sounds like he knows what he’s talking about. This is still all reasonable and consistent with someone requesting our services, so I quickly shoot off my next reply:

Yes, I am the owner of the company. The best number to reach me at is +1-914-347-2899.

This sounds like an exciting project! I’d be happy to have my team and I take a look and provide an estimate. Is there any way you can provide us with the logo, images, and text before we give the estimate? That will help us better understand what we’re working with in order to give you an accurate price. I’m happy to sign a Non Disclosure Agreement if you are worried about us having access to that information.

I see that the [domain redacted] domain is already taken by someone else. We can try to contact the current owner and see if they are willing to sell it. Or search for an alternate domain that is available.

We can handle hosting for you. Do you have an estimate of the number of people that would be visiting the site on a daily basis? That will help us determine the appropriate hosting solution.

Would you like to discuss this in more detail on the phone or via Skype?

I’m not in the habit of giving my mobile number to strangers, so I provide my office line (which is on our site anyway). And again I stress the desire to talk this through over the phone or Skype. It’s very difficult to get a gauge on a project solely based on a simple email exchange.

Within a few minutes, he replies with: “Let me have the estimate first then. The consultant will contact you along with the logo and images okay“.

At this point, in the back of my mind the foreign nature of this is still nagging me. So first I review the web site logs to see how he found us. It was through our YellowPages.com listing. Nothing suspicious there. Then I decide to search for him on Google and I find his email address listed on http://blog.ihenix.com/nearly-got-scammed/.

Bingo! I find dozens, if not hundreds, of other design agencies and service agencies being approached with similar messages dating back to February 2015. It’s from this site that I learn the real scam comes later in the conversation, after he agrees to the price quote that’s presented.

Armed with my newfound knowledge, I decide I’m now going to play along with the game and mess with him. I reply with “Okay, we have reviewed the [URL redacted] site you provided. That’s quite an elaborate site! I’m sorry we won’t be able to do it for the price you suggested. We would need at least $15,000 to complete a site like that.

Much higher than his “budget”, but why not see if he actually reads these replies or cares.

Three minutes later, I see the following in my Inbox: “Thanks for your responds, will like to proceed and am okay with the estimate, i will depositing $2500 using my Credit card so work can commence ASAP, I understand the content for this site would be needed as for the job to commence, so regarding the content i will need a Little favor?

I already know what his “little favor” is, but let’s indulge him: “What’s the favor?

And just as predicted, he comes in with the money shot!

The favor i need from you is….. I would give you my card info’s to charge for $5600. so $2500 would be a deposit payment for my website design and the remaining $3000 you would help me send it to the project consultant that has the text content and the logo for my website so once he has the $3000 he would send the text content and logo needed for my website to you also the funds would be sent to him via cash deposit into his account, sending of funds would be after funds clears into your account and also $100 tip for you stress. You will be charging my card for remaining balance upon completion of work. Kindly get back to me so we can proceed with payment ASAP!

Quite an elaborate scam, I must say! Even if I hadn’t already known the ploy at that point, the red flags would have definitely been going off. You want to send me money just so I can send it to someone else? Why not just pay them directly? Besides the fact that I would have needed business records and a lot more information from him before signing a contract or accepting a credit card.

I have learned that not all spam and scams are obvious from the start. Some are perpetrated by individuals with a lot of time on their hands and are willing to go for the “long con”.

I am publishing this in hopes that other people will not waste their time with this nonsense, like I did. And hopefully no one gets as far as actually accepting a credit card in this fashion!

Should I Stay Local?

Which one of these is a locally done logo refresh?

Which one of these is a locally done logo refresh?

It’s time for you to bite the bullet! You’ve finally accepted the fact that your brand needs a refresh. Your website looks like it’s the starting page of Netscape Navigator, and your logo would feel more at home on the side of an arcade machine from 10 years ago.

Despite having the coolest/trendiest logo out there, a brand refresh is almost required by any company that wants to stay relevant. With the resolutions of smartphones surpassing even what the eye can see, even the big ones like Coca-Cola and McDonald’s have to update their logo, albeit slightly, every once in awhile.

Shopping around for a design firm that you feel comfortable tackling this important task is hard enough. But, with the advancements in video chatting and file sharing, does it matter if the company is close to you?

Let’s look at the pros and cons of staying local. First off, the obvious pro is, well, they’re near you! You can meet face-to-face, establish a rapport, make sure they understand exactly what you’re looking for, collaborate side by side, etc. That sounds amazing! But it can’t all be roses and sunflowers can it? There are cons… Depending on your location, you might be dealing with an agency that, to be perfectly honest, is just not that talented. Well, maybe they are, but they’re not very experienced dealing with your industry. Did you go to school for design? How are you supposed to know if they know what they’re talking about?

This is not an attempt to puff my chest, but I’m going to go ahead and say it, “I’m a good designer!” There, that felt good! I’ll say it again, “I am a good designer.” And I’m going to be perfectly honest with you. Ryan (the quiet other half of this company) is an excellent programmer. Yeah, I said that too. Ok, Rick, enough, we get it, you’re awesome… Relax, that’s not what I’m getting at. Despite Ryan and my experience in certain aspects of design and programming, we will be the first to admit when something is out of our area of expertise. This is when we either bring in an outside expert or turn down the job all together (sucks, but what can you do?)

Several years ago, you had no choice but to work with local businesses. Unless you were willing to wait much longer for jobs to get done, that was the only way to work efficiently and effectively. Nowadays, it’s possible to get things done with design firms across the country, or, dare I say it, across the world! With the power of software like Skype and Dropbox, it’s almost like you and the firm you are working with in Australia are in the same room! Just be careful…

Make sure, no matter whether you decide to work locally or globally, that the design agency you are dealing with understands what you are looking for, and has a portfolio and/or the experience to handle creating the perfect website or logo you require. Don’t settle for something you are not thrilled with just because you are scared to venture outside your neighborhood.