If you’ve been working mostly in print,
chances are security hasn’t been at the forefront of your mind. But as soon as
you venture online, that has to change. If you’re lucky, none of the sites you
work on will ever be hacked; but then if you’re lucky, you’ve probably won the
lottery and instead of reading MacUser are at this moment rolling around on a
pile of fifty-pound notes, just because.
Secure
your site
First and foremost, sort your passwords
out. Wherever you use passwords to get into the systems you use online – FTP,
databases, social networks and other services linked through to sites–make sure
the passwords are always strong and unique. Avoid using the same password, or
even a variation on one, for multiple accounts or services. Follow the advice at
accounts.google.com/PasswordHelp.
If you’re working for a client who’s used
‘password’ for their FTP password, or routinely creates employee logins
consisting of ‘firstname_surname’ with the password set to ‘surname1’,
encourage them to change their ways. Where possible, change passwords every few
months –this helps to avoid ex-staff logging in for the lulz after a few too
many beers, among other benefits.
Keep an eye on both remote and local files
to see if anything has a suspicious modification date. This can be a sign of a
hacked file, a common tactic being to ‘inject’ scripts that write hidden spam
links into a web page. Spotting a dodgy date is easier than spotting small
changes in a mountain of content files.
Sites that allow customers or other members
of the public to create their own logins, which will then give access to their
personal accounts and information, need to take serious care to comply with
data protection rules and best practice to avoid the risk of large fines. Using
of-the-shelf services with suitable security features can take some of the
weight of you, but read up and make sure you understand what you’re doing.
Don’t hesitate to take professional advice if this isn’t your area.
Where online systems can provide backups
and exports, ideally on an automated basis, take advantage. Many web hosts are
offering increasingly sophisticated services in this area. Be clear what you’re
getting: don’t confuse redundancy with backup, for example. At worst, or as a
backstop, back up your server manually every week. Plug-ins such as AntiVirus,
Block Bad Queries, Login LockDown, Secure WordPress and WordPress File Monitor
can help to protect WordPress installations, and other platforms may have their
own equivalents.
Block
Bad Queries
Finally, some sites try to secure page
content–blocking text copying, for example, or right-clicking to download
images. Don’t do this unless you want users to hate you. It screws up their
experience and won’t stop plagiarists or pirates.
Test across browsers
The web has always been a moving target.
Browsers and related standards evolve at a blistering pace, as do the devices
they run on. Time was you merely had to check that a site worked in a couple of
resolutions on a Windows PC and give a cursory glance to it on a Mac. Today,
there are 27in desktop monitors, a plethora of laptops, tiny MacBook
Air-inspired Ultrabooks, the iPads – and that’s before you consider phones. In
terms of traffic, smartphones make up a fifth of the market in the US and 40% in
China.
This rapidly shifting landscape should tell
you three things. First, you need to aim to design in a manner that’s flexible;
second, the day of the one-size-fits-all pixel-perfect design is gone; and
third, unless you test your site across arrange of browsers, chances are it’ll
fail in some, making you (or your client) look a mug.
Unless
you test your site across arrange of browsers, chances are it’ll fail in some,
making you (or your client) look a mug.
In a sense, Mac users are fortunate.
WebKit, the guts of Apple’s Safari browser and the power behind many a web
design app’s preview window, is popular. It’s also the foundation of Google
Chrome, along with stock iOS and Android browsers. But that’s not to say
implementations of WebKit are identical, because they’re not. So while it’s
fine to start out testing in Safari (despite its relatively low overall market
share – about 7%), you should also install Chrome and test in it.
Internet Explorer, Firefox and Opera are
the other major desktop browsers that warrant a look, and their engines are all
different. Firefox and Opera have Mac versions, but Internet Explorer requires
a PC or virtual machine (Windows on your Mac); virtual machine options include
VMware Fusion, Parallels Desktop and VirtualBox. It’s also worth noting that
old versions of IE cling on, and so you should test in at least two previous
releases. Either install different versions of Internet Explorer into separate
virtual machines, or use IE Collection (utilu.com/IECollection/). For one-off
layout sanity checks, Adobe BrowserLab (browserlab.adobe.com) is sufficient,
but you get no interaction.
When it comes to mobile, even pros often
focus on Safari for iPhone to the exclusion of other options. It’s a good
starting point, but you should also try Opera Mini, which is popular on cheaper
hardware. Where possible, also test on Android. If you can afford to buy a
range of devices, use Chrome on the Mac and Adobe Shadow (adobe.com/shadow) to
simultaneously browse across multiple devices. Beyond browser compatibility,
test edge cases: turn of images or CSS and see if what remains is usable. Where
possible, try your site out on real people, to check your assumptions. And
after you make the necessary changes…test again.
