You can see image sizes using right click and Properties in both Internet Explorer (Right Click  Properties) and Firefox (Right-click View Image Info).  In Chrome, the easiest way to see an image size is to install an Extension to View Image Properties – there are quite a few options there (I used this one).

The old Windows XP powertoy resizer allowed you to right click on an image and resize it very quickly and easily, if you needed smaller size images for the web. Unfortunately it no longer works on Windows 7. However, the powertoy has been rewritten for Windows 7 and made publicly available.

Resizing the easy way …

To resize images the easy way, you simply:

• Download and install the resizer program first from http://imageresizer.codeplex.com/
• right click the image in your Windows folder,
• choose Resize Image
• select Medium or Small, or choose a specific size if you need one

If you still have XP, you may like the Windows PowerToy which you can find by Googling for "Windows PowerToy Resizer".

More options with the powerful Gimp tool …

Alternatively, you may want to use the much more powerful (and more complex) free software "Gimp" which is described in Haleemon's article at Resizing images for your website.

You can install this very easily using the installation system at www.ninite.com – tick "Gimp" then click the green download button and follow prompts from there!

After a 3 month upgrade and expansion program affecting many of our servers, we’re super excited to be able to announce that we will be doubling our disk space allocations on all hosting accounts, both new and old.

This disk space upgrade will be applied to all accounts across all of our servers over the course of the next month. In the meantime, if your account is running low on disk space, let us know by sending a quick email and we'll bump you up immediately.

You may be interested to know that one of the reasons this took a while to execute was that we keep something like 16 – 20 copies of your site in various forms of backup.

This is our way of thanking each and every one of you for being a White Dog Green Frog customer. We truly value your business.

Enjoy the extra space!

A quick snippet that came across our desks today, talking about Steve Jobs the man – just a lovely article …

http://lisenstromberg.wordpress.com/2011/08/29/my-neighbor-steve-jobs/
My neighbor, Steve Jobs, has been in the news lately. The talk of the town is the recent announcement he will be stepping aside to let other seeds grow at Apple. The business press, the general press, the blogosphere, and just about everybody else has waxed poetic about the .greatest CEO of all time. saying that this .boy wonder. has shaped the very nature of our lives with his genius.

It's all true, but here in Palo Alto, Steve Jobs isn.t just an icon, he.s also the guy who lives down the street.

Quick tips on Newsletters and best practice

Three quick and well-written points on putting together winning newsletters…

http://mashable.com/2011/08/31/email-newsletter-best-practices/
Does anyone actually look forward to email newsletters? Debatable. But it doesn’t mean your business has to fall to the bottom of the email heap….

PayPal

Firstly, no discussion on payment processing could be complete without discussing PayPal; one of the oldest and most well known methods of accepting money on the internet. PayPal can be driven from a website in a number of ways, and accepts payment on your behalf. Originally, payment was taken from a "virtual" balance and credited to your business's balance with PayPal. One of the significant weaknesses of PayPal for many years was that it required your customer to create an account with PayPal and to login to that account to pay subsequently, even if they were trying to use their credit card with your store.

Modern PayPal now allows charges directly to credit cards, without requiring your customer to login to pay. This has greatly increased PayPal's usefulness and removed one of the major obstacles customers faced using PayPal. However, probably the biggest advantage of PayPal is that it is very easy and simple to setup – for sale of one or two items, without a shopping cart, setup takes less than a few hours.

An important point to understand about PayPal is that they only takes payment through their own website. When setting up your website to take payment through PayPal, your developer passes the transaction through to their website which accepts the payment and credits your account, notifying your website of the successful transaction through a mechanism called a "callback" or “IPN”. As the payments come in, Paypal puts them in your account and to get access to the funds you need to make a periodic withdrawal. In the past, PayPal has been vulnerable to locking merchant accounts for little reason (for example, sufficient reason can simply be a sudden large rise in business!), so this may be one reason mature businesses tend to avoid Paypal. To be fair, my impression these days is that well run businesses have few problems with PayPal.

PayPal does offer great eCommerce flexibility, including the ability to have recurring or automated subscription payments, use of their own eCommerce facilities, and a variety of ways of taking payments including through simple links and buttons. It's degree of flexibility

A significant downside of having PayPal as the only means for accepting payment is that it indicates strongly to your users that you are only a small business. However, if users in your target market don't understand that, or don't care, this may not apply to you.

Strengths? Easy, cheap and quick to setup. Relatively secure. Powerful and flexible. Handles credit card security for you.

Weaknesses? PayPal stigma. Receiving payments into their account can be prone to issues, including locking of accounts.

Credit Card payment through a gateway

Generally speaking, most internet businesses tend to prefer to take payment through payment gateway companies, due primarily to the cheap software setup costs (often ready to go).

The use of a payment gateway requires you to setup a specialized “merchant account” allowing you to take payments over the internet – often called something like an “Internet Enabled merchant account” though the exact term varies depending on the bank. A substantial advantage of accepting payments through this method is that the payments are in your account the next day (or the day after).

To pay through a gateway, you’ll need to setup an account with the payment gateway as well as the Internet merchant account. During the process of setting this up the bank will want to know that you have a legitimate website selling real products and that you are an honest and ethical business with such things as delivery and return policies to essentially protect themselves against complaints and chargebacks (refunds from customer complaints) against your business. They will usually want to approve your website first and, frankly, some banks have been very much harder to deal with over the years than others. Unfortunately, already having a normal merchant account (cards processed by a card swiping terminal, helps a little but doesn’t guarantee your application will be successful. The bank may charge you for setup, as well as an annual fee (usually about $300) and may also require you to sign an agreement which includes an exit penalty, so read carefully! You can sometimes negotiate to reduce exit penalties, particularly if you have an existing non-internet merchant account. You should allow at least 2 months for setting up a merchant account – the banks will tell you it’s a few weeks, but every site we’ve been involved with has taken longer!

The two main payment gateway companies in the Australian context are eWay and SecurePay. We’ve dealt mostly with eWay for 6 years now and can highly recommend their attention to detail and customer service as second to none. eWay in particular have worked hard to have their system well supported by nearly all of the major eCommerce systems out there, so they will just work out of the box. Additionally, eWay provide ready-to-go code fragments in several common languages so implementing payment through them is actually pretty easy.
The payment gateways usually charge a per-transaction fee, which you can negotiate down as your number of transactions increase. Additionally, your merchant facility will subtract a small percentage (usually 1.25% – 2%) of the payment amount, and a little more for Amex and Diners. There is also an annual fee, and possibly a setup fee. Ask carefully what fees apply when talking to the payment gateway companies to ensure you are comparing apples with apples.

Just a small point – the payment gateways all have associated websites, allowing you to login and run reports against the day’s transactions, and to take actions such as refunds, rebills, and searches. A second small point is that many gateways will store credit cards for you, providing you with a secure token for rebilling.

Strengths? Direct card billing (no PayPal); Faster processing into your own account; Easier and cheaper to setup initially; Reporting tools tend to be strong. Lower costs.

Weaknesses? Some fees.

Direct Bank implementations

Most banks will tend to suggest you implement your payment processing through the bank’s own gateway (terminology: a few of the banks call the system they use for this “MIGS”). As each bank tends to have their own code, and little is out there in the public domain, this can require some code to be written. In the early days the banks used to just supply you with a 2-inch thick document to read but my understanding is that some do provide code fragments these days.

You will need to setup a merchant account as you did above, which will also be subject to ongoing fees. The most common pathway for small businesses is that they setup a payment gateway initially and then move to a direct bank implementation as their turnover grows large enough. One of the advantages with the Direct Bank payment processing is that you don't have to pay gateway fees. Check with your bank to ensure there are no other fees involved as charges vary widely.

Depending on the bank and how helpful it is, you're likely to be up for development costs to implement the website code required to send your transactions to the bank. Some banks provide sample code for this, and it seems to be gradually getting easier for developers (and thus cheaper) over time.

A significant cost to this approach is that the bank is likely to require you to prove that your website and transaction processing is secure, and may require you to be certified for “PCI Compliance” – particularly in this era where even large companies such as Sony’s Playstation Network have been compromised with stolen credit card information. As this costs the banks millions (estimated $30 per replaced card) the banks try to ensure you are taking appropriate care with customer card information. Ironically, in my experience, it’s often the older websites that tend to cause many of these problems, as aging code tends to develop security faults over time! PCI Compliance has a number of levels and can impose restrictions and costs, particularly at the higher levels where certification alone costs $20,000 or more. If you have a website compromise that results in card information being exposed, banks will probably require that you be certified before allowing you to process transactions again. As part of getting your website developed, you should talk to your developers and ensure that they actually understand the security issues involved and have taken appropriate measures to keep card information safe, as a failure here can put your business at risk.

Strengths? Less fees and lower costs.

Weaknesses? Bank tools can be inadequate; Costs more to implement; Much stricter security generally required.

Summary

This article has only been a brief introduction to the issues involved;  being only a brief overview of how eCommerce payments work, and we hope we've given you a useful roadmap for choosing a payment solution for your eCommerce site.

Some of the other issues include storing card numbers, security, increasing sales "conversion" rates on your site, finding reliable ecommerce hosting, and developing an actual website;  we'll touch on some of these in future articles.

Please let us know if you’ve found this article helpful, or have any questions you’d like covered, or would like to talk to us about the issues you have in getting your own eCommerce site up and running.

When we chose to use Fido 6 years ago it was 'state of the art', but slowly over time it has became lacking in several areas some of which are listed below:

1. The authors are not supporting it as much as necessary (in fact, not making new releases at all!)
2. Its functionality is getting quite old and outdated
3. Increasing security issues and regular site hacking, including hacking of many ecommerce sites using it

Because of these issues we have started to move our client base to the widely recognized and  far more stable WordPress  CMS (Content Management System).

WordPress has a customer base of well over 53 million (some estimate 200 million as realistic!), is much more powerful and has a considerably more intuitive and 'easy to use' user interface. When WordPress was developed, it was used mainly as a blogging platform, but over time it has evolved into a complete, powerful and easy to use content management system and can be used for so much more through the thousands of plugins, widgets, and themes.

Along with all this, WordPress has the advantage of being an Open Source project, which means there are many hundreds of developers all over the world working on it, extending it and customizing it – in fact, many more than most commercial platforms.)  WordPress typically release small updates every 2-3 months which means you have access to a technology that is gradually evolving and continually improving.  It also means you are free to use it for anything from your cat’s home page to a Fortune 500 web site without paying anyone a license fee.

Currently you are paying $100 a year for the Fido licence. With WordPress, there is a one off conversion fee (heavily discounted to $400) and no subsequent licence fees, which means you will be saving $100 per year by moving to the new system. Additionally, if you have paid your Fido licence in the last 3 months, we will credit your entire licence fee towards the site conversion.

As site conversions are done with such a huge discount, we hope you’ll understand that they are done on an as-time-permits basis; the turnaround is usually around 3 weeks but can be more. We supply a short "getting started" manual with the sites. One-on-one training or more detailed documentation is also available at additional cost.

If you would like to get started please either call us at 1300 760 850, or email us and we will send you information on how to get started.

Here is a link to articles about WordPress from our blog if you’d like to read up a little.

• credit card numbers stolen – your customer's card details can be stolen and sold to criminals.
• transactions intercepted – silent interception of your customer's details
• transactions completely stolen – you never see the transactions
• site vandalised
• industrial espionage or vandalism
• site used for phishing – google listed
• your site is hacked, and kept for later "use" in crime, bank fraud or illegal file distribution

We've seen most or all of these done to customers over the years – no-one is immune!  The sites involved varied from small sites to huge sites with thousands of products processing millions of dollars per month.

There are three costs that you will face when you do get hacked:

1. lost business while your site is down
2. the cost of repairing and ensuring you can't get hacked again
3. lost reputation and trust

The effort and money you spend on keeping your site secure should align well with the losses you could incur from the above!  One successful model for this is to consider it like insurance – pay a little now, or pay a lot later.

10 tips for keeping your site safe from hackers

All of these could be expanded into complete articles – and we've done so for some – but here are some short-form tips that will introduce the key concepts.

Credit Card Security – don't store credit cards at all, or use methods such as tokenisation (which we'll write about in a coming article).  The amount of effort you expend protecting your card numbers should relate directly to the volume of your transactions.  If you are processing millions, you should be spending regularly on reviewing and updating your security practice.  A major leak of credit card details is not merely embarrassing; it can actually cost your business millions.

SSL encryption to protect from snoopers should be a given.  This ensures critical form data is encrypted as it travels over the internet – a common method for stealing card data is via WiFi sniffing, and encryption protects against this almost completely.  This is an eCommerce basic; many customers will avoid your site if they don't see the comfort of a small padlock on the order screen.  They usually don't realize that the padlock only covers one small area of security!  In fact, most security problems actually occur on the client PC or the server, whilst SSL only protects the connection.

Secure hosting – most people don't realize that many hosts leave mysql open so that it's possible to view mysql databases belonging to other users.  On LAMP servers, this is a side effect of the way PHP is run; it can be run securely so that this isn't possible.  This mistake by your hosts is one reason shared hosting is considered insecure, but it can actually be very close to the security offered by a VPS.  As an example, one organization we rescued got hacked during critical periods every time, via this method.

Update your website software regularly or you will eventually get hacked.  You might like to consider the value of getting your website done using a technology that is regularly updated by competent developers.  Open Source products such as Magento and WordPress offer this advantage at very reasonable cost.  The key here is to choose a platform that will be around, and actively updated, for the foreseeable future – otherwise you can be left holding the proverbial baby when the updates stop and the hacking attempts continue!

Do regular backups using at least two separate methods, preferably complementing what your host does. Remember not all hosts do backups. Most don't guarantee your data.  At least some of your backups should be "offline", some should be off the server, and some on server.  Talk to your host about this.

Use a predictive firewall that blocks hackers.  Ensure your host's firewall is capable of detecting hacking attempts and banning perpetrators so they don't get a free run – which will often yield access as they work through their extensive libraries of techniques.  Your host might also virus/exploit scan uploads and prevent bad code being uploads, which helps delay or prevent many automated attacks.  Remember, most attacks these days are automated – when they succeed in getting into your site the hacker is alerted and then can "use" your site for mischief.

Ensure your website is well documented.  The more you have invested in developing it, the more you should expect to see documentation – one effective model adopted by many is the use of a "Wiki", the example everyone is familiar with is Wikipedia.  The searchability of a Wiki, plus the fact that it is always available online, add up to a good long term tool.  Often printed hardcopy documentation is just not read by anyone!

Keep your system software updated.  It's an illusion if you beleive that VPS is more secure.  It can actually be less secure than an actively maintained shared hosting environment.  Actively maintained usually costs more – skilled system admins aren't cheap.  These system updates are naturally done for you if you have quality shared hosting.  Even if you keep your site secure, if your server gets hacked at operating system level (kernel/commands/services) your site is completely open.

Keep up to date with security practices – in a year or two, this article will be out of date; similarly, what is adequate now will not be enough to keep you safe in only a few years.  As just one example, it's become best practice not to store unencrypted user passwords – yet many websites still store easily viewable passwords, which can be easily stolen. Without a built-in practice of reviewing security regularly, you'll find current practices will become insufficient over time,  And of course, if you have a small site, many of the things listed here can be done by yourself – and you may already have them if you host with us!

Remember to upgrade your hosting as your business grows - it's not uncommon to find people relying heavily on budget hosting for a business that has outgrown that hosting years later.  The budget hosting goes down and the business then loses a lot of money by being offline – hardly the fault of a budget provider who simply can't provide a cast iron guarantee at budget prices.

Summary – keep your perspective

It's important to understand that "preventing" hacking effectively means reducing your chances of being hacked.  No single practice by itself can completely stop your chances of getting hacked.  The trick is to combine the best practice common- sense methodologies listed above to get synergistic protection that means you are safe from all but the most skilled and determined hackers and luckily there are very few of those!

Some of you will have read of the recent demise of long term Australian company, Distribute IT. Vandalized by hackers in early June 2011, they were unable to get themselves back online and ended up selling to a larger registrar. Distribute IT were no small fish in the industry, with over 10,000 hosting customers and some 200,000 Australian domains.

So what went wrong? Firstly, the hack was unusually malicious, with the hacker partially formatting the system hard drives on all of Distribute IT's servers. Further, as time progressed, it emerged that Distribute IT had no available backups, possibly because they had been minimal and had all been hacked. It also appeared that their system and backup design had not allowed for emergency recovery scenarios. Additionally, Distribute IT struggled to communicate with customers who became increasingly desperate for information on their websites and email as hours stretched into days ,and days stretched into weeks, with little news or progress visible.

The invisible – and what it means to you as a customer

What can we take away from this episode?

• backups are really important – and they must be guarded against hacking
• security is important
• good simple system design can save a lot of issues – and requires real, on-the-ground expertise from your host

• it's worth paying – driving the price to bottom dollar will result in important loss of services, invisible until a serious problem occurs – then devastating in consequence
• Make regular backups – how often depends on how much your website changes

• all disks are redundant
• we run an intelligent firewall which, mostly invisibly, blocks a lot of hacking attempts
• all sites are backed up, on most servers in several ways

Luke approached us some months ago, as he has an active and interesting health business in a number of areas and wanted a site to allow him to write about that, and to attract new business while keeping existing clients informed. 

We thought we’d share the site with you as an example of one of the sites we do and also as an example of a very interesting health practitioner working in an unusual area – that of staying healthy over the long haul!