Checking Out ImageInject, a Tool for Adding Images to Blog Posts

By David Innes, | June 6, 2016

I’m really enjoying playing with ImageInject, a new-to-me WordPress plugin from Thomas Höfter at WPScoop. Both users and search engines seem to prefer blog posts with nice featured images. But choosing the right image can be a huge obstacle for many bloggers (including me!) If you’re a business blogger it’s even harder to find images that are free to use for commercial purposes. Thomas’s plugin makes it very easy both to find and use these images in your posts and pages.

One tiny quibble would be the way the plugin inserts “attribution information,” the names and links of the artists and photographers who’ve made their work available for use. In my case I wanted to add an even bigger thank-you to the artists. Luckily the plugin has settings that let you do it your way.

I’m not quite ready to add it to every website I build for clients. But that’s likely only a matter of time.


Ideal Client: Do-It-Yourselfers Who’ve Run Out of Gas

By David Innes, | June 6, 2016

The cool thing about WordPress is that you really can do it yourself. Signup for a SiteGround or Dreamhost hosting account, use the “One Click” install button, pick a theme, add some text and upload some images and…  And seriously, you can be up and online very quickly!

That’s one of the great things about the web today.  Success really can be right around the corner!

So if it’s so easy, why is a successful do-it-yourselfer an ideal client for RealBasics?

I’ve got two answers for that really, because there are two ways to run out of gas on your website

  1. You see you could be even more successful if you could do something you don’t know how to do
  2. You’re so successful you could do it but you never have time!
    (You’l notice this website falls into category #2 so I know how you feel!)

Your website doesn’t come with a gas gauge, though, so what are some of the warning signs you might be running out of gas?

  • You know you should be updating your software, backing up your site, and running security scans… but don’t
  • You want to add ecommerce, event management, or really anything more complicated than a contact form;
  • You’d like to figure out why your menu or banner images look awful on tablets and phones
  • Your site’s taking a really long time to load each page
  • You got a warning from your hosting company that your site might have been hacked
  • The copyright mark at the bottom of your page still says it’s 2013 and you don’t know how to fix it
  • You keep meaning to blog but you never get around to it…

Most important indicator that you might be running out of gas though?

  • You keep finding yourself saying “I know I really should…”

If you or someone you know is in that situation?  That’s an ideal client for us.  We don’t want to take over the world wide web, we just want to get you back on the road.



Three out-of-date plugins are responsible for 25% of all WordPress hacks

By David Innes, | May 19, 2016

Rusty lock hanging open on an old wooden gate

Serious advice from the makers of the iThemes Security plugin

A very interesting and helpful article was published by Sucuri that looks at security vulnerabilities. The article identifies the top 3 plugins that are left on sites OUTDATED and cause nearly 25% of the total WordPress compromised sites they see: TimThumb, Revslider, and Gravity Forms. Remember to ALWAYS, ALWAYS update your WordPress sites and plugins.

Source: iThemes WordPress Weekly Recap

It can be hard to tell whether your site uses TimThumb (a now-obsolete technology that used to help images resize automatically) or Revolution Slider as they were often built into themes rather than added by users.  Which means you might not see them in your plugin list.

While TimThumb tech was widely used by many free theme builders, Revolution Slider is a for-pay plugin that was often added to paid-for themes.  GravityForms is a very good form-building plugin that’s usually bought by end users or their webmasters.

While good premium themes and plugins are often worth the money, most require a yearly renewal fee to keep their licenses, and software, up to date.  Almost by-definition an out-of-date website is going to have let its licenses lapse.  That can make updating harder.

The alternative, however, is it also makes sites more vulnerable.

The solution?  Three good ones would be

  • Update your site if you can
  • Re-license your older themes and plugins
  • Switch to newer themes and plugins and keep those up to date.
  • Use a hosting company, CDN or other firewall service, or install a security plugin to help block access to these particular vulnerabilities.

You don’t have to hire RealBasics to do these things if you’re not sure how (though of course we’d be happy to help.)  But either doing it yourself or finding someone who can help you check for vulnerabilities and fix them if necessary.


The Days of Adobe Flash-Driven Websites are Seriously Numbered!

By David Innes, | May 17, 2016

Screen shot of "uninstall Flash" popup box

Image via tech site Ars Technica

According to the venerable tech website Ars Technica, Google has announced by the end of the year its Chrome browser will display Adobe Flash animations only if you actively click on them. By the end of the 2016 Chrome will disable Flash altogether!

Google will be taking another step towards an HTML5-only Web later this year, as the systematic deprecation and removal of Flash continues.

In a plan outlined last week, Flash will be disabled by default in the fourth quarter of this year. Embedded Flash content will not run, and JavaScript attempts to detect the plugin will not find it. Whenever Chrome detects that a site is trying to use the plugin, it will ask the user if they want to enable it or not. It will also trap attempts to redirect users to Adobe’s Flash download page and similarly offer to enable the plugin.

Source: Ars Technica

I’m mostly fine with this. I appreciate that some games are available only in Flash, but I imagine you’ll always be able to open those games in special, non-web-browser apps. Like, oh, say the Adobe Flash Player!

But otherwise the only remaining uses for Flash tend to be ads, malware, and really, really old websites.

Forgive me for putting in a plug here but if your website is still using Flash animations in its main content — in splash pages for instance or, worse, for menus it’s time to update your site.

This might be the place where I’d make a pitch for hiring to rebuild your site… and sure, we’d be delighted. But instead I’d like to say that if your site is old enough to still be using Flash you should hire any credible, local web developer or designer.

Preferably before the end of 2016 and definitely before the end of 2017!


One missed checkbox can lead to 47,000 spam users!

By David Innes, | April 26, 2016

One site owner got more than 47,000 spam user signups!  Yikes!

Did you know that if forget to click one checkbox during setup and anybody can create a visitor’s account on a WordPress website.  Anyone or ,unfortunately, any spambot.  Or, even more unfortunately, all of them!

Most people, even beginners, figure out they should click that checkbox.  And theoretically it’s no big deal.  By default new accounts are just for “subscribers,” which only lets them add comments a little more easily.  Not a big deal, again, since you can easily write comments without an account.

Theoretically.  In practice it can be a giant, performance (and possibly SEO) sapping drain on your site.

The other day I was doing an assessment of a new client’s existing website and found not one, not 10, but more than 47,000 of these spam user accounts!

I was already logged into their site so even though they weren’t yet a client I turned that option off for free.

To disable spam account signups:

  • Went to their dashboard
  • Chose General from the Settings menu
  • Scrolled down to “membership”
  • Unchecked “Anyone can register”
  • Scrolled the rest of the way down and clicked “Save Changes.”

That was the easy part!  Deleting those 47,000+ members took quite a bit longer!

I try not to beat our own drum very often but in this case?  Sometimes it’s a very good idea to let a professional web developer check your site out to make sure all your performance and security i’s are dotted, t’s are crossed…

And checkboxes checked!


Should you use a slider or carousel on your website?

By David Innes, | April 21, 2016

"Abandoned Carousel" by Flickr contributor Jason Rogers.

Very simple website with both a title and URL that answers itself: Should I Use A Carousel?

Slideshow widgets were an instant hit on websites when they came out years ago.  They were fun, they moved, and especially they were new!  And so people landing on a site would watch them.

Now?  Not so much.  According to usability researcher Eric Runyon says that sliders might really slow down your site and consume a lot of your visitor’s mobile bandwidth but less than 2% are ever clicked on.  And 89% of those clicks are the first slide.

  • Homepage visits: 3,755,297

  • Percentage that clicked a feature: 1.07%

    Source: Eric Runyon

To be honest there are places where a slideshow can come in handy.  But you want to put them in context and you really want to have a reason.  A quickie demo slideshow on an inside “how to” page?  Where the thing to be demonstrated is actually to simple to make a video for?  Sure.  A quick demo of several uses or applications of a product on a page that goes into more detail?  That could be good too.

Point being that the answer isn’t always no.  It’s just usually no.

(Crystal ball prediction: those full-size homepage “hero” images were cool too.  And maybe they still are.  But I predict users will start scrolling past them almost as fast as they’re scrolling past sliders and carousels now.)

“Abandoned Carousel” photo by Flickr contributor Jason Rogers.


Why we keep your backups on another server…

By David Innes, | April 17, 2016

Image of smoking network cable

The phone call from a former client that made us take long-term maintenance seriously: “Do you have a backup of my website?  I accidentally deleted my site from my server!”  It’s not that easy to delete your whole site, but from time to time people do.  Not as catastrophically as the owner of a web hosting company managed to.  (He deleted his site and all his client’s sites too!)  But still possible.

Luckily we did have a backup of his original site.  Even more luckily his hosting company had a 24-hour backup.

Our former client had simply deleted what looked to him like a copy of his site in a former employee’s folders that turned out to be an alias to his main site.  Deleting that deleted all his on-site backups too!  Yikes!

Other simpler can lose your whole site including your on-site backups?

  • You get a new credit card and forget to update with your host, who then terminates your account.
  • Your site ends up hacked, corrupted, or encrypted by “ransomeware.”

That’s why we don’t just regularly backup our clients websites but back them up to secured, encrypted cloud servers.  And hold on backups for up to 6 months (and use a less frequent backup system and store those backups for years.)


Can you be too personal with “Personal Security Questions?”

By David Innes, | October 10, 2015

Short answer?  “Personal security questions” aren’t secure.  Irony, right?  Don’t use personal information to answer those”Personal Security” questions.


Nihilistic Password Security Questions image from the awesome "This isn't Happiness" blog

Nihilistic Password Security Questions image from the awesome This isn’t Happiness” blog.

Mother’s “maiden” name? Hospital where you were born? First school you attended? Best friend in high school?

Hmm. Let’s say someone was, oh, say, an identity thief. And let’s say they happened to have access to any of the 5,000+ lists of nearly one billion hacked user accounts from the likes of Target, Home Depot, Experian, the Office of Personnel Management, T-Mobile, Ashley Madison, and (well, it’s a very long list.)  And let’s say nearly all of those hacked sites stored your personal security questions in plain text?

How hard would it be for them to gain access to your other email addresses?  Your tax records?  Your school records?  Your work accounts?  Your social media accounts?  Your bank, and brokerage, and mortgage and… again, well, another long list?  Yikes!

You might change your password regularly, but how often does your mother’s “maiden” name change?

So… my advice when answering “personal security questions?”  Be anything but personal when answering them!

So what to do instead?  Sort of like passwords pick to or three random words, a nursery school name, or (if you’re sneaky) something that’s absolutely not true about you.

Example #1

  • Mother’s maiden name? “old mother hubbard”
  • Best friend in school? “old mother hubbard”
  • First phone number you remember? “old mother hubbard.”

(Note: in addition to often being stored as plain text security questions are rarely checked for repetition.)

Example #2

  • Favorite team? “go cougars” (especially if you’re a Huskies fan)
  • Mother’s maiden name? “go cougars”
  • Make and model of your first car? “go cougars”

Answer personal questions anyway you want, in other words, as long as you don’t give personal answers.


Ideal Client: Established Materials Sciences Sub-contractors

By David Innes, | September 20, 2015

Ideal clients for Website Updates: Materials Sciences Subcontractors

Well-established materials science sub-contractors might have thousands of clients for their specialized products and services… or if they’re in aerospace they might only have one or two!  Their marketing might be low-key, even word of mouth, and once established they may even have been doing business with the same procurement reps year after year.

Times change though.  New markets open up, and so does new competition.  And sometimes even old contacts retire or move on.  Sooner or later someone up the chain of command, often an upstart, is going to say “who are these guys and why, exactly, are we…”

Their usual contacts might have the answer but sooner or later someone’s going to open a browser and search for a little information.  That’s when it’s a great idea to have a clean, responsive, contemporary, and professional-looking website so when they ask the question, on their phone or tablet, from a bedside or business lunch, the answer’s clear, crisp, and concise.

We love updating old-school websites for well-established companies.   If you’re an established materials sciences sub-contractor with an out of date website, or if you know someone who is, have them give us a call.


Ideal Client: Mid-sized Local Ad Agencies

By David Innes, | September 20, 2015

Ideal client for website maintenance: Mid-sized ad agenies

Ad agencies know the value of offering full service to their clients.  And so in addition to designing and placing their television, radio, and billboard advertising it’s no surprise agencies like offer their clients website designs as well.  That way the client’s branding and messaging is consistent across all media.

Agencies often aren’t as crazy about managing the nuts and bolts of website management.  That’s where we come in.

At we love to keep other people’s websites safe, secure, backed up, and up to date.  We love updating other people’s pages and posts when they send us new web content designed to coincide with new video, print, and even social-media ad campaigns, newsletter mail blasts, and press releases.

Because we specialize in website development and support an ideal client for us is an agency that needs to support multiple websites for multiple clients, but doesn’t have the in-house staff to cost-effectively manage the task.

If you’re a mid-sized local ad agency with responsibility for clients websites, or if you know someone who is, have them give us a call.  We’d love to help!