DynamoDB provides a rich set of data types including Strings, Numbers, Sets, Lists, Maps etc. In the Go SDK for DynamoDB, the types package contains Go representations of these data types and the attributevalue module provides functions to work with Go and DynamoDB types.
This blog post will demonstrate how to handle conversions between Go types in your application and DynamoDB. We will start off with simple code snippets to introduce some of the API constructs and wrap up with an example of how to use these Go SDK features in the context of a complete application (including a code walk though).
Memory allocation is one of those things developers don’t think too much about.
After all, modern computers, tablets, and servers count so much space that memory often seems like an infinite resource. And, if there is any trouble, a memory allocation failure or error is so unlikely that the system normally defaults to program exit.
Registering a new domain through WPMU DEV? This Domain Security Guide provides all the information you need to learn how to keep your domains safe, secure, and protected.
Keeping your online presence safe, secure, and protected from hackers, malicious software, and unforeseen events that can compromise your business is complex. Web security involves many areas, including web hosting security, website security, password security, the security of WordPress itself, and domain name security.
In this article, we cover all you need to know about securing your domain name. You will learn how to keep your domain name(s) safe, adding another layer of protection to the overall security of your business for greater peace of mind.
Domain hijacking or domain theft, is taking wrongful control of a domain name from the rightful name holder.
Domain hijacking is usually associated with cybercrime. It involves the theft of a domain name via unauthorized access to the domain management account, or changing a domain’s name servers by illegally accessing the domain name system (DNS), also known as DNS hijacking.
Domain hijacking also takes place more often than you can imagine.
Verisign is a global provider of domain name registry services and internet infrastructure. They are not only the authorized registry for top-level domains (TLD) like .com, .net, .name, .cc, etc., but every quarter, they also review the state of the domain name industry and provide a brief highlighting important trends in domain name registrations.
According to Verisign’s Domain Name Industry Brief (DNIB), there are currently over 350 million registered domains around the world. Based on this figure and the number of domain transfer disputes and other claims related to domain hijacking handled by GoDaddy’s Domain Compliance and Advanced Support Team (DCAST) team, GoDaddy calculated that malicious cyber-criminals make around 170,000 attempts every year to steal domains from their registered name holder (RNH).
This means that every hour of every day, around 20 attempts are made to steal someone else’s domain name.
According to GoDaddy, criminals attempt to steal domains 170,000 times every year.
Why is Domain Name Security Important?
Devices connect and communicate with each other on the web using unique IP addresses.
As an IP address is just a string of numbers (e.g. 2607:f8b0:4004:815::200e), it’s difficult for the human brain to remember these, so we map domain names to IP addresses to make finding sites easier.
For example, the string of numbers shown above is the IP address for Google’s website. It’s much easier to remember Google.com than to tell someone searching for answers online to “just 2607:f8b0:4004:815::200e it,” wouldn’t you agree?
This example also illustrates just why domain names are so important and necessary to protect. Domains not only represent your brand and your identity online, they are also the primary method the rest of the world has to communicate with your business online.
If someone takes over your domain, they not only control your online brand and identity, they also control all email addresses based on that domain, and can wreak absolute havoc with your website and your business.
As ICANN, the organization responsible for managing domain names worldwide puts it…
“Domain hijacking can have a lasting and material impact on a registrant. The registrant may lose an established online identity and be exposed to extortion by name speculators.
Domain hijacking can disrupt or severely impact the business and operations of a registrant, including (but not limited to) denial and theft of electronic mail services, unauthorized disclosure of information through phishing web sites and traffic inspection (eavesdropping), and damage to the registrant’s reputation and brand through web site defacement.”
Once a hijacker gains access to a domain’s account and its control panel, they can make account administrator and password changes, and redirect the domain to a new server (“DNS hijacking”), effectively gaining complete control of the domain.
If you want to read about the kind of hassles you can expect to deal with if your domain name gets hijacked, check out this insider account of the domain name hijacking of perl.com.
So, what can you do to protect your domain from being hijacked?
To answer this question properly, first let’s look at who is responsible for ensuring the various aspects of domain security.
Next, we’ll look at industry-wide domain name security recommendations and what you can do to keep your domain name(s) safe and secure.
Domain Name Security: Who Is Responsible For What?
Domain name security involves many players. These include:
ICANN (Internet Corporation for Assigned Names and Numbers). This is the global not-for-profit public-benefit corporation responsible for ensuring a stable, secure, and unified global Internet and the authority in charge of overseeing the infrastructure that allows any browser to connect to any domain on the internet anywhere in the world. ICANN also maintains the global database containing all of the world’s IP addresses and domain names, called the Domain Name System (DNS) and often referred to as the phonebook of the Internet, connecting web browsers with all websites.
Domain Registry – Every allowed top-level domain (TLD) – e.g. .com, .net, .store, .site, etc. is supervised by an organization officially appointed by ICANN. Domain registries, then, are the official organization responsible for managing all domains under that TLD.
Domain Registrar – An ICANN-accredited entity that makes the purchase and registration of domain names available to businesses and individuals. Essentially, they are domain name providers who can make adjustments to the domain name’s information in the database maintained by ICANN. A domain registrar can source and sell domains from different domain registries.
Domain Reseller – These are also domain name providers but not ICANN-accredited. Domain resellers are a distribution outlet for domain registrars. They pass on information to domain registrars, who then update ICANN’s global database.
Domain Registrant – These are the entities (companies, businesses, or individuals) who purchase and register domain names. It’s important to note that domain names cannot be owned, only leased.
See the chart below if you need help understanding how the domain name world is organized.
Who’s who in the domain name zoo!
A report compiled by ICANN detailing incidents and threats of domain name hijacking found that domain name hijacking incidents often result from a combination of security failures that can involve all of the above parties.
These failures include:
Flaws in registration and related processes
Failure to comply with the transfer policy
Poor administration of domain names by registrars, resellers, and registrants
How Domains Get Hijacked
In the above-mentioned report, ICANN found that many security incidents leading to domain name hijacking occur when registrars and resellers fail to adhere to its transfer policy and their registrant identity verification processes are insufficient to detect and prevent fraud, misrepresentation, and impersonation of registrants.
ICANN, however, also plays a role in this. Its policy on transfer of registrations between registrars makes transfer contact email addresses an acceptable form of identity.
All a domain hijacker needs to hijack a domain is the domain name and an administrative contact’s email address.
Registrant email addresses and contact information are often accessible via the Whois service. This allows anyone with an email address matching the transfer contact email address to impersonate registrants.
From there, it’s not difficult for malicious users and attackers to apply their ill-gotten social engineering skills to target a domain. They can do this by gathering contact information using Whois services and by registering expired domains used by administrative contacts.
Given the above, it’s no wonder that so many domain hijacking attempts are made every year.
Consider just how simple it can be for a fraudster to obtain the information needed to impersonate an authorized account administrator and contact a domain registrar hoping to gain access to a domain’s control panel:
It can be an “inside job” if someone in the company has access to the owner’s account information.
It can come from security breaches and compromises such as hacking the owner’s device or email account, or from the theft of personal documents containing account information.
It can even be someone calling up the registrar with a made-up story feigning a dire need to gain immediate access to the account as a result of an “emergency.” For example, by pretending to be a family member or an employee of a business that has closed down or saying that the account owner has died and the business needs urgent access to the domain to continue trading.
Other contributing factors to the high incidence of domain hijacking attempts mentioned in ICANN’s report include:
Registrants allowing registration records to become stale
ICANN’s policy requires registrars to request registrants to update their records annually, but registrars have no obligation to take any action other than to notify registrants.
A lack of accurate registration records and Whois information in the transfer process makes a domain name vulnerable to attacks.
Domain resellers can become “invisible” to ICANN
ICANN and registries deal with domain registrars, but have no relationship with domain resellers.
While resellers can operate with the privileges of a registrar when registering domain names, it is the responsibility of the registrar to ensure that policies are enforced by resellers and that records of domain name transactions are accurately maintained.
This “gap” in the business relationship chain leading from registrants to ICANN has been identified as an area with potential opportunities for attackers to exploit.
Dispute mechanisms are not designed to resolve urgent issues
ICANN’s Inter-Registrar Transfer Policy is not designed to prevent incidents requiring immediate and coordinated technical assistance across registrars and has no provisions to resolve the urgent restoration of domain name registration information and DNS configuration.
Registrants also have a part to play
ICANN, registries, registrars, and resellers need to do everything in their power to ensure that domains remain secure and protected.
As we’ll explore later in this guide, however, registrants also have an important part to play in keeping their domains secure.
After all, as the saying goes, a chain is only as strong as its weakest link, and often domain name registrants become the weakest link by failing to take all the necessary precautions and then falling prey to social engineering tactics (e.g. phishing emails, domain spoofing, etc.) leading to identity theft or impersonation. Once this happens, hackers can easily hijack and take control of a domain name.
Domain Hijacking – Common Scenarios
Before we move on to what can be done to improve domain security, let’s look at some of the most common types of domain hijacking scenarios and then briefly discuss what to do if you experience any of the incidents described below:
Domain Name Transfer
Typically, when someone attacks your domain, they are usually aiming for one of two (or both) outcomes:
Change your domain registration contact information to gain control of any domains registered under your account, or
Modify the DNS settings so that your domain name’s resolution is handled by another server (this is called DNS hijacking and we cover it further below)
If the aim of the domain thieves is to maintain the name, they may update the registration data (WHOIS) linked to the domain name, change payment details, and then attempt to transfer the domain name to a new registrar so as to erase the history of their registration activity.
As mentioned earlier, once a hijacker gains access to your domain’s account and its control panel, they can take complete control of your domain by making account administrator and password changes, redirect the domain to a new server, and wreak havoc in your business.
In worse case scenarios, a hijacker can cause significant loss of revenue and damage to your brand.
This is exactly what happened to ShadesDaddy.com in 2015 when hackers took over their registrar account and transferred the domain to an account in China which sold counterfeit merchandise, causing the company to suffer great loss of traffic, revenue, and damage to their brand.
The hijacking of ShadesDaddy.com illustrates what can happen when malicious users gain control of your domain name.
Domain Takeover
If a hijacker takes over a valuable domain name, they can sell it or extort the owner by holding them up for ransom.
Business Disruption
As was made clear in the hijacking of Perl.com article described earlier, if your domain account email contact details are tied into your domain and your domain is hijacked, all business communications over email are effectively hijacked too.
Domain hijackers can do anything from disabling and interfering with communication channels like your website and email to sending out fake emails, to completely blanketing out all business communications online.
DNS Hijacking
As explained in this article, if a hacker is able to modify the information in the DNS server, they can potentially send someone to an IP address that isn’t necessarily where they thought they were going.
There are many ways to do this, most of which involve taking control of the DNS server. This is called DNS hijacking or DNS poisoning.
With domain hijacking, hackers don’t need to change anything in the existing DNS server. They can simply change the domain information in the domain registration account (where all of the primary DNS information is input) and point to a domain server that they control.
Pharming
Pharming is when a hijacker takes control of your website and points it to a malicious site or posts offensive content on your site. This can cause serious damage to your reputation, as all traffic is directed to content that you have no control over.
Phishing
Domain hijackers can cause even wider damage when taking over your domain by using your website to collect valuable information from users such as credit cards, social security numbers, logins, etc. and engage in serious criminal activities that can impact the lives of many people.
What To Do If Your Domain Is Hijacked
Recovering a hijacked domain may take time and involve a lot of hassle and expense, but it is possible, so if it happens to you, don’t despair…take action!
In the previous section, we mention the hijacking of ShadesDaddy.com. Here is a first-hand account from the domain owner describing what it took to recover their domain.
As Pablo Palatnik, owner of ShadesDaddy.com states in the article, it’s important to understand the role that companies like ICANN and Verisign play in domain names.
We have covered ICANN quite a bit in this guide. If you are the victim of domain hijacking, ICANN recommends contacting their Security Team for guidance. They will then ask about the circumstances relating to the attack.
It’s also important to note, that as mentioned in the above article, Verisign is the only organization with the authority to transfer a domain name in the case of a hijack (with a court order or ICANN compliance notice).
As the article also points out, as soon as you become aware that your domain name may have been attacked, the first step is to alert and inform your domain registrar immediately and push them to take immediate action and start putting ICANN procedures like the Registrar Transfer Dispute Resolution Policy in place to communicate with the registrar that currently has your domain name.
Request that the transfer be revoked right away. Registrars usually apply a 60-day transfer lock to the transfer procedure, so if your domain has been transferred to an internal account with the same registrar, you have a better chance of recovering it.
Don’t wait too long, as the domain thief may attempt to move the domain name several times to cover their tracks and this will only complicate things and make recovering your domain more difficult.
Next, you should change all of your passwords to prevent the hacker from getting into your other accounts.
If you have a registered trademark, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a contract that all ICANN-accredited registrars must follow to handle disputes about domain name ownership. It permits quick banning of the domain, preventing its data from being modified or moved to another registrar, and also preventing internal transfers between registrar accounts.
Keep in mind, however, that the UDRP was primarily developed as a way to counter cybersquatting or trademark breaches, so if your domain name is not associated with a trademark, it may not be very helpful.
Since it is crucially important that you be able to demonstrate to your sponsoring registrar that the registration or use of the domain is rightfully yours, ICANN provides a list of documentation you should maintain to create a “paper trail” should a dispute ensue over domain ownership with whoever is listed as the registrant in a hijacked domain name.
Some of the basic documentation you should be able to provide includes things like:
A domain history (copies of registration records that show you or your organization as the registrant, billing records, email receipts, web logs, archives, tax filings, etc.).
Financial transactions linking you to the hijacked domain name (e.g. credit cards or bank statements showing purchase details)
Correspondence from your registrar relating to the hijacked domain name (e.g. domain renewal notices, notices of DNS change, telephone call records, etc.)
Legal documents mentioning the domain name (e.g. a contract for the sale of a business listing the domain name as being included).
Some additional things you can do, according to Pablo Palatnik (who eventually did manage to get his domain name back) is to get an experienced lawyer, try to expedite things with a court order, and start making some noise about what happened to you (e.g. post about it on social media).
Reverse Domain Hijacking
One more thing to keep in mind is that if you own a valuable domain name, you may also become a victim of “reverse domain hijacking” (RDNH).
This is where a trademark owner attempts to obtain your domain name by initiating a domain name dispute and fraudulently claiming that you are cybersquatting (i.e. registering domain names that are identical or similar to trademarks, service marks, company names, or personal names in the hope of reselling them at a profit.)
Where domain name hijacking (which is also known as reverse cybersquatting) is usually associated with cybercrime, reverse domain hijacking is basically acting in “bad faith” to attempt to deprive a registered domain name holder of their domain name.
Now that we have seen just how damaging and serious domain hijacking can be, let’s take a look at what can be done to minimize and prevent the threat of incidents.
Domain Name Security Improvements And Recommendations
ICANN’s report not only points out factors that can result in domain hijacking incidents but it also offers registries and registrars various recommendations for improving domain security and helping to protect and safeguard registrants from having their domains hijacked.
These recommendations cover areas like:
Strengthening identity verification requirements in electronic correspondence
ICANN recommends raising all identify verification requirements to the same level as used when verifying by mail or in person.
Improving records
ICANN recommends investigating additional methods to improve the accuracy and integrity of registrant records.
Registrar-Lock and EPP authInfo implementations and best practices
A registrar-lock is a status code set on a domain name by the registrar to prevent unauthorized, unwanted or accidental changes to the domain name.
When set, the domain registry prohibits certain actions from taking place, such as modifying, transferring, or deleting the domain name, changing domain name contact details, etc.
The EPP authInfo code (also known as an Auth-Code, EPP code, authorization code, transfer code, or Auth-Info Code), is a generated passcode required to transfer a domain name between domain registrars and indicates that the domain name owner has authorized the transfer.
ICANN recommends that the same EPP authInfo code not be used for all domains by a registrar and that registries and registrars provide resellers and registrants with Best Common Practices describing appropriate use and assignment of EPP authInfo codes and risks of misuse when unique EPP codes are not used.
Improved communications
ICANN recommends investigating whether making pending transfer notices between registries and registrars to registrants mandatory instead of optional would reduce incidences of domain name hijacking.
Providing emergency channels and procedures
ICANN recommends that registrars should obtain emergency contact information from registrants and share emergency support staff contact information with other registrars, resellers, and registries to provide 24 x 7 access to registrar technical support staff in an emergency situation.
Additionally, ICANN recommends emergency procedures and policies to be defined by registrars for allowing registrants to obtain immediate intervention and restoration of their domain name registration information and DNS configuration.
Improving public awareness
ICANN recommends providing better education to registrants on areas like:
Threats of domain name hijacking and registrant impersonation and fraud.
Procedures for requesting intervention and obtaining immediate restoration of a domain name and DNS configuration.
Keeping registration information accurate.
Protection mechanisms like Registrar-Lock, EPP authInfo, etc.
Improving accountability
ICANN recommends investing stronger enforcement mechanisms for dealing with registrars that fail to comply with the transfer policy, and holding registrars more accountable when working with resellers.
Domain Name Security Best Practices: What You Can Do To Keep Your Domain Name Safe
Now that we have covered all that is being done and proposed by ICANN to improve domain security for registries, registrars, and resellers, let’s turn our attention to what domain name registrants can do to keep their domain names safe.
Choose a Reliable Domain Provider
Ideally, you want to purchase your domains from an accredited registrar or a reputable domain name reseller offering a secure DNS management panel and 24×7 technical support.
Having access to an online support team focused on protection and security is important, as they will be your first point of contact if you experience any issues with your domains and need immediate help or assistance.
Assign Your Domain Ownership To A Business Entity
Always register domains to a business or corporate entity. Avoid registering a domain name under an individual’s name. This ensures business continuity regardless of the individuals who may come and go from the business.
As an example, suppose your business manager registers a domain name under their own name and then leaves the company. Your business risks losing the domain, being disrupted, or if there are any issues involved, going through a lot of hassle to reclaim domain name ownership.
Lock Your Domain Name
Domain locking (Registrar Lock) provides extra protection to domain names by preventing the transfer of your domain to another registrar by unauthorised third parties.
Leaving a domain “unlocked” creates an opportunity for domain hijackers to try and transfer your domain name or redirect your domain’s name server without your permission, so lock your domain name through your domain name management system immediately after securing your domain registration.
Activate Domain Privacy
As mentioned earlier, all a domain hijacker needs to hijack a domain is the domain name and an administrative contact’s email address.
It’s critically important, then, to protect the email account associated with your registered domain. The best way to do this is to consider using private domain registration when registering your domain.
Private domain registration (also referred to as Domain Privacy, Domain Privacy & Protection, WHOIS Privacy, or WHOIS Privacy Protection) provides a simple and inexpensive way to hide your name, phone number, and email address from public viewing within the WHOIS database, ensuring online anonymity.
Domain privacy makes hijacking domains so much harder…Google it and you’ll see!
Note: Some domain registries do not allow domain privacy services.
For example, when registering .com.au domains or any other .au extensions, auDA‘s (the authorized .au name space overseer) notes in section 2.4, clause b) of its Registrant Contact Information Policy that:
“registrants must not do anything which may have the effect of concealing the true identity of the registrant or the registrant contact (eg. by using a private or proxy registration service)…”
Choose A Strong Password
In today’s world of rampant cybercriminal activity, we shouldn’t even be discussing password security anymore. Weak passwords, however, remain one of the top threats to data security, so don’t choose weak passwords for your registrar account. You will only be inviting trouble.
Choose a strong password instead so that guessing it becomes next to impossible. Follow basic password security recommendations: Generate a password that’s at least 8 characters long (the longer, the better), with at least one numeric value, one symbol and randomly selected letters.
Regularly Update Your Passwords
This is another basic but important area of password security. Despite all security advice, many businesses end up sharing passwords internally with team members, who may then share it with other team member. Over a period of time, having the information being shared around multiple times can present a real security threat, especially if people who are no longer with the company have access to it.
So, make sure to regularly change your domain registration account passwords. A good time to do this is when registrars send out requests to verify and update your contact details, as they are required to do per ICANN’s policy.
While still on the subject of password security…
Never Share Your Domain Registrar Login Details
The less people who have access to your domain registration account, the less chances of security breaches coming from inside the organization.
If possible, try to restrict access to your domain registrar login details only to those who absolutely need to know it. And if they are no longer part of the organization, then change the login details immediately.
Register Your Domain Name For 10 Years
Choose the maximum registration period available. Many registrars allow you to secure your registration for up to ten years.
If you plan to be in business for a while, consider registering your domain for the next 10 years.
Turn On Auto-Renew
If you miss your domain name renewal reminder and forget to renew your domain name, you run the risk of having it expire and having someone else register it.
You can avoid losing your domain name by choosing maximum registration periods and turning on auto-renew.
Provide Backup Payment Details
If your domain name account allows more than one payment method to be input, then provide details for a second payment method.
This will minimize the risk of losing your domain name due to a failed domain renewal charge (e.g. an expired credit card).
Provide Backup Contact Information
If your domain name account allows you to provide backup contact information (including a backup contact email address), this helps to make it easier for authorized users to retrieve access to your domain name account if anything happens to the main contact email.
Which brings up another important point…
Use A Different Contact Email Address Than Your Registered Domain’s Email
As the domain hijacking case of Perl.com illustrates, if your registration account’s contact email address is tied to the same registered domain name, your entire organization could be “incommunicado” if your domain is hijacked (i.e. the hijackers will have complete control of your domain AND your email).
For this reason, it’s best to use a different email address than the one associated with the registered domain. Also, having a backup contact email address on the account helps.
Regularly Monitor Your Domain Name Status
One of ICANN’s recommended practices for registrants to protect their domains includes routinely monitoring domain name status and performing timely and accurate maintenance of the domain’s contact and authentication information.
Making proactively monitoring your domain name registration status a part of your regular business reviews will help you detect any issues sooner rather than later.
Additional Domain Security Tips
Here are some other options to explore to keep your domains and online presence secure:
Register Domain Name Variations
Scammers and hackers often look to register domain names similar to other known domains so they can impersonate the brand or trick unsuspecting users into providing confidential details like login details, banking information, etc.
Registering popular variations of your domain name not only protects your brand, it also creates an additional layer of protection against common hacking techniques like phishing or domain name typosquatting (a type of social engineering attack that targets internet users who incorrectly type a URL into their web browser and land on another registered domain name containing a typo, mispelled variant, alternative spelling, singular/plural variant, or a different domain extension. Typosquatting is also known as domain mimicry, URL hijacking, sting sites, or fake URLs).
Use Domain SSL Certificates
Adding an SSL Certificate to your domain prevents hackers from being able to “listen in” to encrypted connections between user’s devices and your website and steal sensitive data such as credit card numbers, bank login details, contact details, email addresses, etc.
Use Multi-Factor Authentication
Multi-factor authentication (MFA) is a security measure that requires at least two or more proofs of identification in order to grant users access.
A 2-step verification method like two-factor authentication (2FA) adds an extra layer of protection by making sure that only you can sign in to your account.
2FA adds another layer of security and protection to online accounts.
Use DNSSEC
Domain Name System Security Extensions (DNSSEC) is an advanced DNS feature that strengthens DNS authentication using cryptographic digital signatures and adds an extra layer of security to domains by attaching digital signature (DS) records to their DNS information to determine the authenticity of the source domain name.
When DNSSEC is enabled, DNS lookups use a digital signature to verify that the source of your site’s DNS is valid. If the digital signature doesn’t match, web browsers won’t display the site.
Although DNSSEC can improve domain security, protect your domains from potential cache poison attacks and DNS spoofing, and is useful if you have valuable data to protect, it is not automatically enabled as implementation often requires significant effort and expense and needs to be specifically enabled by network operators and domain name owners.
DNSSEC can also reduce site performance, make DNS more prone to failure, and some domain extensions (e.g. country code domains) don’t support it. Hence support and adoption of DNSSEC worldwide is currently slow.
Use A VPN
If you have the need to be extremely security-conscious about your site, you can use a Virtual Private Network (VPN) to access your domain name account and stave off hackers on the lookout for unsecure connections where they can siphon valuable data.
A VPN hides your public IP address and adds security and anonymity when connecting to web-based services and sites.
Don’t Let Your Security Guard Down
In addition to all of the above recommendations, it’s important to also use common sense and remain vigilant to scams, malware, and other attempts to trick you into giving up valuable details that could see your domain name account being hacked and hijacked.
Some basic precautions you can take include:
Don’t share logins, passwords, and email addresses. Especially not for administrative accounts.
Use SPAM filters. Yes, spammers have ways of getting around filters, but any suspected spam you can automatically send into a junk mail folder will provide at least a modicum more protection than not using any spam filters at all.
Never open attachments sent from unknown sources. Unfortunately, even family and friends can forward you emails with attachments containing viruses, so it’s important to be extra vigilant. If you are unsure about an attachment, check with the sender to make sure it’s legit.
Don’t click any links inside spam messages. Not even the “Unsubscribe” link. It not only makes you vulnerable to viruses and malware, it also confirms to spammers that your email address is active.
Make Your Domain Name Security A Priority
Hopefully, this guide has helped to increase your awareness of how important it is to keep your domain name safe, secure, and protected. The security of your entire digital presence depends on it.
As mentioned at the beginning of this article, keeping your business secure is a complex undertaking. It requires hardening on many levels, and working with trusted partners and solutions.
At WPMU DEV, our aim is to become more than your all-in-one WordPress platform provider. We want to be the business partner you can trust and rely on to grow your business profitably and securely.
When you register a domain with WPMU DEV either for your own business or on behalf of your clients as a reseller, you get the following security features to help keep your domain safe and protected included at no additional cost:
Registrar Lock
Privacy Protection
HTTPS (if your site is hosted with us, we provide free SSL and force HTTPS).
Longer Registration Periods (up to 10 years)
Contact Info Update Verification (whenever you update your contact information, we check our database and if we don’t have that data, you will receive a verification email before updating the information.)
2FA Options For Members (should your WPMU DEV account password ever become compromised, unauthorized users will still require a 2FA code to be able to login).
24/7 Technical Support. Receive expert support on all things WordPress, hosting, and domains any time, any day.
If your goal is to create a WordPress site that’s both successful and user-friendly, you probably already know that you need to focus on aspects such as your site’s load speed, proper page layouts, navigation, and SEO elements. What you may not know, though, is that you also need to make your site ADA compliant. […]
There’s a lineup of 12 awesome speakers — including Chris Coyier, Cassidy Williams, Kevin Powell, and Angie Jones — each discussing various front-end and web dev topics. It’s like the 12 days of Christmas, but wrapped up in a four-hour session for web nerds like us.
It’s a real good cause, too. The event is free, but includes fundraising Doctors Without Borders with a goal of reaching $20,000. You can donate here any time and anything you give will be matched by the event’s sponors. So, come for the front-end fun and help a great cause in the process.
Say you like how a particular element on a website looks and interacts. You can pluck it right off that site, HTML and CSS included, and pop it over to CodePen using the plugin CSS Pro. Watch me try it here:
The browser extension is not free, so you’d better be sure you’d use it! Exporting to CodePen is just one of many features. It seems like the core of it is more front-end developer-friendly inspection and alteration of sites.
There used to be a DevTools extension that would do this called SnappySnippet, but that appears to be dead now, so long live CSS Pro!
The reduce() JavaScript array method may seem really complex at first glance but I will break itdown for you so you can understand it and comfortably use it in your projects going forward. So let’s get started! First off, what...
Ever wondered if an array included a specific value? There is an easy way to check this by using a JavaScript array method known as includes(). Follow along as I go over this method and show you how to use...
Technology is constantly evolving. A solution that was great just a few years ago can be irrelevant today, giving companies many reasons to “make the jump” to something more modern. This is even more true for software that is a few decades old — while many such solutions are often constantly improved, even after all these years, they still are as optimal as a new technology created with the needs of today in mind.
The continued support is usually enough to keep things stable, but sometimes it’s better to rip the band-aid off and migrate to something new. One such case is the good old Oracle Forms which has a natural successor in the form of Oracle’s low-code platform – Oracle Application Express (APEX).
If you're using a traditional software development life cycle (SDLC) you may have questions about where DevOps fits in. Can the 2 exist together, or are there too many conflicts?
This post addresses the differences between the 2 approaches.
Are you wondering how to pick the best theme for your WordPress website?
When starting a blog, choosing the right theme is crucial for your success. During the process, you will likely have to decide between free WordPress themes vs premium WordPress themes.
In this article, we will cover how to choose the best premium WordPress theme for your site.
Free WordPress Theme vs Premium WordPress Theme
One of the main reasons why a lot of users choose a premium WordPress theme over a free one is that you get guaranteed support.
Free WordPress themes are often built as a passion project, so you are not guaranteed to get support or updates. These themes can become outdated with new WordPress releases or don’t work with different plugins.
On the other hand, when you pay for a premium WordPress theme, you get good documentation, access to support, and regular updates. Some theme shops even go beyond and offer video tutorials, demo content, and even a free blog setup service.
Aside from that, premium themes make your WordPress website more unique because free themes are being used by everyone.
Having said that, here’s what you need to look for when selecting a premium WordPress theme.
When you select a theme, you will probably be using it on your website for quite some time. This allows users can become accustomed to it and easily consume content.
That’s why you need to choose a theme that is aesthetically pleasing and can be used for a long time without requiring any significant changes.
There are certain elements of design that all good designers use to create beautiful websites. These include:
Good Color Combination
Awesome Typography
Clean Layout
Beautiful Images
Together these elements create a beautiful harmony and consistency that appeals to your users. It not only looks great, but it also helps you achieve your business goals.
Most premium themes come with unlimited color choices and built-in tools to select fonts. You need to make sure that your premium WordPress theme uses better typography out of the box.
For example, Astra offers lomanyustomization options, even in the free version. You can edit different elements like colors, fonts, buttons, and more. Plus, there are options to change the header and footer layout and edit the appearance of your blogs and sidebar.
Don’t just look at the homepage. Go deeper into the theme demo and explore other sections. For example, if you are building a portfolio site, then check the theme’s demo for the portfolio. If you will be adding testimonials, then check out how testimonials look in the theme demo.
Make sure that there are plenty of page templates and layouts to use. Examine the homepage, single pages, posts, and blog sections to ensure they all maintain the same design consistency and appeal.
2. Features vs Presentation
The main difference between WordPress themes and plugins is that themes handle the presentation part of your website, and plugins handle the functionality.
However, the premium WordPress theme market is highly competitive, and sometimes theme developers cannot resist the temptation to add more plugin-like functionality to their themes.
Why is this considered bad practice?
When a WordPress theme crosses over into the plugin territory, it becomes difficult to switch themes. For example, if a WordPress theme is using a custom post type, then switching to another theme would make those custom post types disappear from the admin menu.
Shortcodes defined by a theme would also stop functioning, which also makes switching a difficult and time-consuming process.
On the other hand, there are WordPress themes that behave exactly like a plugin. Offering functionality needed to create very specific niche websites, like real estate themes or hotel themes.
Some of these themes are really useful, but if you use those themes, then you need to understand that it will be difficult to switch themes later because other themes may not have similar functionality.
3. Security and Performance
Many WordPress beginners don’t pay much attention to speed and good coding practices when choosing a premium theme.
In the race to win new customers, theme developers can integrate unsafe and quick solutions that can compromise your site’s security. The insane amount of features can cost you speed and performance issues.
Now the problem is that most beginner-level users do not have the skills to study code. How do you know that the code behind a premium theme is of good quality?
First, you need to buy your premium themes from trusted and well-reputed WordPress theme shops. Some of the theme shops that we trust and recommend are:
Secondly, look around for reviews and customer testimonials. See who else is using themes developed by that particular theme shop or developer. Are there any big websites or blogs using their themes?
Check out the testimonials page on the theme shop or search for their reviews on Google. You can also view the ratings of any theme on WordPress.org website and look at the reviews.
4. Compatibility Check
Before you start browsing for a premium theme, take a few moments to write down all the features you are looking for. For example:
Many premium themes come with built-in templates and support for popular eCommerce platforms like WooCommerce and Easy Digital Downloads.
If a theme you are looking for is not available in your language, then ask the theme developer to see if a translation is in progress.
Some users may want to use veparticularlugins to create niche websites like job boards and question-answer websites. Feel free to ask the theme developers if their theme would work with a specific plugin.
You need to make sure that you are investing your money in the right place.
5. Opt for a Custom Theme
A good premium WordPress theme would help you easily build high-quality websites. However, there are still many things you might want to customize, but it is not possible.
This is where creating a custom WordPress theme can help you out. It provides a lot of freedom and flexibility over the layout and design of your website. That said, the cost of creating a custom theme may vary based on the level of features and customization options you want.
There is a good chance that your next "local development environment" won't be local, it will be cloud-based, and all you will need locally will be a browser and an internet connection. You might already be using a Cloud IDE for certain projects. This exciting evolution of the local dev environment has a lot of advantages but also brings some new risks. This article will help you stay safe as you embrace the cloud for your coding needs.
What Is a Cloud IDE or CDE?
Simply put, a cloud IDE is an integrated development platform, IDE based in the cloud.
Q. Did any part of your education require you to read the building regulations? A. No, I don’t recall, but I don’t think so. Q. What about fire safety of building materials? A. No.
— Witness testimony, the Grenfell Tower inquiry, day 22
As the hard copies of Understanding Privacy begin to ship all over the world, the brilliant team at Smashing, who helped me bring my book to life, have asked me to share a few thoughts on what it might achieve in the months and years to come.
I wrote the book for two broad audiences, and if you’re reading this, you probably fall into one of them. The first audience is designers, developers, and project managers already working on the open web, either professionally or in side projects. The second audience is students and future professionals in those fields, whether they are in secondary schools, undergraduate courses, vocational training, or code academies.
The reason I structured the book in the way I did is that these two audiences, and you, tend to have something in common: you’ve never received any previous training or education on positive foundational privacy, either as a concept, a legal issue, or a professional practice, either in your formal education (assuming you had any) or in your workplaces.
What you have been told about privacy, by contrast, has been defined by a lot of high-level legalese jargon, compliance scaremongering, and terrifying headlines about the surveillance society that exists around us — whether we know it or not.
That means that an entire generation of professionals like you have been introduced to privacy by being thrown into advanced legal compliance headaches or reactive fixes to the problems created by others, with no knowledge of the basic concepts and principles about what privacy actually is and how to achieve it.
I hope that Understanding Privacy can go some way towards giving people like you a confident understanding of those foundational concepts. Indeed, it’s my hope that teachers and educators will use it as the basis for a curriculum on privacy so that a healthy approach to privacy becomes baked-in from the start rather than retrofitted at the end.
That, of course, raises two further issues.
The first is how teachers and educators find the book in the first place;
The second is how the lessons in it reach developers (both current and future ones) who have never had a teacher and never will.
The question of how we teach privacy, what we teach, and where we teach it, has troubled me for years. That’s a hard enough problem to crack. After all, web development is an unorganized field. In fact, in the strictly legal sense, it is not a profession.
What do I mean by that? Professions are defined by industry-based organisations, common paths of entry, common educational requirements, continuing professional development, and even certifications that require refresher training every few years. Being a professional, in the strictly legal sense, means that there is a body made up of your peers who make sure that you bring a common body of knowledge to the work you put into the world and that the work you do meets externally verifiable standards.
Web development, on the other hand, is an unorganized and unstructured field that anyone can enter, at any time, with any form of formal training or with none at all, and without any external certifications or approval. A software engineer who went through a four-year bachelor’s degree program in computer science can be working on the same team, doing the same work, as a former airline pilot who learned code for fun. It’s that occupational diversity that has contributed to the growth of the open web as a whole; indeed, I find that the best teams contain people who approach their work from the diverging perspectives they gained doing something completely different.
But it also means that the knowledge of privacy that we bring to our work is, quite simply, all over the place. If that knowledge is there at all. And without a common pathway of education, whether that’s access to training and continuing professional development or work towards a standard of foundational knowledge, we will continue to bring the contrasting social, legal, and cultural differences to privacy which I discuss in Part One to the work we put into the world.
And our users will continue to pay the price for that.
As I write in the book, we can’t wait for educators, employers, and institutions to fill the gaps in our knowledge. Educating ourselves on privacy has never been more important. It pains me to know that the book is the first and only education on privacy that most of its readers will ever have, but something is better than nothing. Unfortunately, it won’t be enough.
Because the dilemma of how we teach a positive foundational approach to privacy — in an unorganized and open industry — has taken on a whole new urgency through my pivoted career into the politics of tech. And that situation is far scarier than you can imagine.
Much of my time in recent years has been spent retorting various regulatory plans for personal liability regimes in digital regulation. That means that politicians increasingly want to hold the people who make the open web legally and even criminally responsible for any misuse or unintended consequences of their work.
Some of this is born out of pressure to “do something” about the mess that the open web is today; sometimes it’s about “reining in the tech giants” (and I can tell you that politicians absolutely think Facebook is the Internet); sometimes it’s about barefaced moves for political power (hello from Brexit Britain); and sometimes it’s about cracking down on public discourse and interaction, delegating the requirement for censorship and control to the tech sector and therefore to workers like you.
Whatever reasons are behind these proposals, they are not going away. In fact, they’re only getting louder.
Many of these proposed liability regulations have been borrowed from traditional health and safety regimes. But these draft regulations, and those who support them, fail to understand that human discourse cannot be regulated as if it was fire-retardant cladding on a building that wasn’t fire-retardant at all (as I noted in the quote which began this article). By trying to shoehorn human interactions into a “risk assessment” model, these regimes risk creating an unworkable legal standard where a person who misuses a service is not deemed liable, but the person who built the service is.
These proposed liability regimes, for what it’s worth, have been drafted in a highly obsessive and vindictive manner to target a handful of high-profile American billionaires and celebrities in a handful of American big tech companies. (To be precise, these proposed regimes target three specific individuals in two companies, as if their arrests and imprisonment would fix all the problems on the Internet.) For the purposes of this discussion, those men’s guilt or complacency is neither here nor there.
That’s because, for a range of obvious reasons, once those laws are on the books, the celebrity billionaires will be able to afford to duck and dodge the charges. But because politicians insist that “something has to be done” and “someone needs to pay for this”, those laws will be used, instead, to go after the little guys and the easy targets. That means you.
What I am saying is that policymakers across all societies and cultures are turning their attention to people like you, the knowledge you bring to the table, and the work you put into the world. They’re not doing that because they want to support you into the next phase of your career. They’re doing that because they’re looking for someone to blame. They need someone to blame.
In fact, I have encountered politicians who are desperate to actually arrest, prosecute, and imprison developers, hopefully in front of the TV cameras, as punishment for the sins of their celebrity bosses. Those policymakers are in ascendancy, and they are not going away.
And when they’re looking for someone to blame for the problems on the open web today and need an easy target to take down for a quick political “win,” there you are, with no qualifications or foundational training or formal education, making things that millions of people use.
I think you see where this is going.
I wrote Understanding Privacy to contribute to a better open web, and I wrote it in the most positive and constructive tone possible (and hey, that was hard going in lockdown). But I would not be serving the people I wrote it for if I pretended that the book’s teachings exist in a happy bubble where the fixes are easy. The book’s teachings exist in a political climate where the people who make the web, including you, are now a target.
I want the book to contribute to a better standard of privacy for the people we build the web for. By reading the book, you’ll learn how to protect them in everything you do, regardless of the presence or absence of any privacy legislation. But in the political climate that exists around us all, by reading the book, you’ll learn how to protect yourself too.
In the absence of any formal curricular and educational path, workplace training, professional body, or legal standard, the book will help you to create an accountable and documented framework around privacy in your work — no matter who employs you or what you’re working on. That framework, and for that matter, the book, can’t protect you on its own. But the lessons you learn from it might just help you when the day comes that it’s you and your team in your co-working lounge, and not the celebrity billionaires and their teams in Silicon Valley, who become the target for an ambitious politician’s campaigning.
During life in lockdown, we all became familiar with the “oxygen mask” rule: secure your own mask before putting one onto someone else. In other words, you can’t support others if you’re not supporting yourself. As you use Understanding Privacy to build a better web for your users, take some time to think about the ways you can use its lessons to protect yourself, especially in light of policymakers’ obsession with getting ad-hominem revenge on Big Tech celebrities — an obsession which views you as expendable collateral damage. And as I write in Part Four, think about the developers who will come after you and what sort of world they can build if they are given a better education in foundational privacy.
Or, at the very least, given more than just one book.
From recruiting and onboarding new employees to managing payroll and benefits, there is a lot that goes into keeping your team happy and healthy. If you’re not careful, it can be very easy for HR to drain your time and resources.
The time wasted on HR-related tasks in the United States and the United Kingdom adds up to 40 million hours each month, equating to about $8.16 billion in productivity losses.
And here’s the kicker: most of these tasks can be automated or outsourced—an HR employee or manager no longer needs to spend their time dealing with the administrative headaches of monitoring and managing employee data to the extent that they used to. Read on to learn the best ways to outsource your HR tasks and get back all that lost time.
The 9 Best HR Outsourcing Services for Saving Time and Lowering HR Costs
We’ve tried countless HR outsourcing services over the years. Here are our top 9 recommendations for anyone who wants to save time on HR:
Paychex — Best HR outsourcing for complex payment cycles
Insperity — Best HR outsourcing service that runs itself
ADP — Best HR outsourcing to handle some (or all) of your HR needs
TriNet — Best for big business benefits on small business budgets
Zenefits — Best HR platform to wrangle your current HR systems together
Engage PEO — Best HR outsourcing for unique compliance needs
G&A Partners — Best HR outsourcing for employee training and development
Tandem HR — Best HR outsourcing for minimizing your risk liability
What Is HR Outsourcing?
The human resources department is responsible for various important functions within a company, from payroll and benefits administration to recruiting and training.
Managing these functions internally can be challenging for small businesses, which is why many companies outsource their human resources needs. In some cases, large companies may even outsource specific human resources functions, such as benefits administration.
HR outsourcing is the process of hiring an external firm to handle all or some of the human resources functions for a business. By outsourcing these functions, businesses can save money and free up internal resources to focus on other priorities.
In addition, HR outsourcing can help to improve company compliance with employment laws and regulations. Because of its time-saving, pain-killing, and cost-saving benefits, this model can be an attractive option for businesses looking to streamline their operations.
How Outsourcing HR Works
How HR outsourcing works depends on how you choose to outsource it. In general, you have two options:
HRO: When you outsource some aspects of your HR program to an external individual or team
PEO: When you outsource your full HR program to an external provider
The big difference here is that, with HRO, you’re partnering with a company to supplement your internal HR team. With PEO, your employees are still under their employer, the PEO partner.
HR Outsourcing (HRO)
When you use the HRO model, you won’t need to worry about the day-to-day tasks of HR. You’ll have a dedicated team of HR professionals working on your behalf to manage as many of the HR tasks as you need.
HRO services can be a great option if you don’t have the internal resources to dedicate to HR or if you want to free up your current HR team to focus on strategic initiatives.
With an HRO, there’s also flexibility in what services you can outsource. For example, you might only want to outsource your payroll function, or you might want to outsource the entire HR function. It all depends on your needs.
Payroll is often one of the most popular functions to outsource because it’s complex and time-consuming. But benefits administration, recruiting, and employee onboarding are also popular functions to outsource.
Partnering with a Personal Employer Organization (PEO)
If you don’t have the resources to handle most HR duties internally, partnering with a PEO might be a better option.
Partner with a PEO provider like Rippling to manage time-consuming HR tasks.
The co-employment model used by PEO providers means your employees will appear on the books of your provider for tax and legal purposes. However, you still maintain control over employee work assignments, promotions, firings, etc.
A PEO manages your HR tasks and responsibilities. Some PEOs permit you to pick the specific services related to employment that you want them to handle. If you utilize this model, then the PEO has control over all of your company’s legal and financial practices associated with employment.
This model is most commonly used by small to mid-sized businesses that don’t have the internal resources to dedicate to HR.
When to Use a PEO and When to Use an HRO
Both PEOs and HROs can be great options for businesses looking to outsource their HR needs. But how do you know which one is right for you?
In most cases, the answer is to use an HRO to supplement your internal HR team and a PEO to outsource HR liability.
However, there are some exceptions to this rule.
For example, a PEO might be a better option if you’re a small business with very limited resources because they can lower your insurance premiums. Although they may seem expensive at first, PEOs might actually save you money in the long run.
That said, companies that use PEOs usually hire contractors or contract-to-hire team members rather than W-2 employees. They are also popular among companies that need employee visa sponsorships or other international HR support.
Who Is HR Outsourcing For?
The truth is, almost everyone could benefit from outsourcing their HR function to some degree.
Here are a few boxes that you can check off to see if HR outsourcing is right for your business:
You spend a disproportionate amount of time on HR tasks.
You’re growing quickly and don’t have the internal resources to keep up.
You want to free up your internal HR team to focus on strategic initiatives like employee engagement, interviews, or hiring.
You want to supplement your internal HR team with experts in specific areas like benefits or payroll.
You have a complex payroll, commission, and/or benefits structure.
You want to reduce your exposure to HR liability.
You find that HR duties are spread across employees from other departments.
Even if none of the above apply to you, there’s a good chance that outsourcing at least some of your HR tasks can help improve efficiency and reduce costs.
Any business that isn’t enterprise-level (i.e., they don’t have a network of employee relations, complicated salary variations, and numerous locations that would be challenging to explain to an outsourced provider) can likely find a way to outsource some part of their HR function.
What Functions Do HR Outsourcing Services Provide?
There are plenty of services that HR outsourcing services provide. Here are a few of the most common.
Payroll Processing and Administration
One of the most commonly outsourced HR functions is payroll processing and administration. This includes tasks like calculating hours worked, withholding taxes, and issuing paychecks or direct deposits.
It can also include more complicated tasks like managing 401(k) contributions, calculating commissions, and dealing with garnishments.
Payroll is often outsourced because it’s time-consuming and requires a high degree of accuracy for bookkeeping and liability purposes (in addition to employee retention). It’s also a compliance-heavy task, meaning there’s a greater risk of error.
Mistakes made on employee payroll can be minuscule—maybe a few dollars were left off an employee’s commission check.
But sometimes, payroll errors can result in lawsuits, legal trouble with the IRS, or employee termination.
In other words, outsourcing payroll is a good idea if you want to minimize the risk of making a mistake.
Benefits Administration
Another popular HR function that’s often outsourced is benefits administration. This includes tasks like enrolling employees in health insurance, calculating premiums, and managing retirement accounts.
Benefits administration is often outsourced for the same reasons as payroll—it’s time-consuming, detail-oriented, and compliance-heavy.
However, there’s an additional reason that benefits administration is commonly outsourced: because it can be infinitely complex.
Especially if you offer a lot of different benefits (like health insurance, dental insurance, vision insurance, etc.), managing them all internally can be a daunting task.
Enrolling employees in the right benefits, calculating premiums correctly, and keeping up with ever-changing regulations is a lot to handle—especially if you’re not a benefits expert.
Legal Compliance
Worker’s compensation regulations and EEO (Equal Employment Opportunity) laws are critical to any business—but they’re also ever-changing and difficult to keep up with.
That’s why many businesses choose to outsource their compliance needs to experts. These experts can help you stay up-to-date on the latest compliance issues, ensuring that your business is protected from legal trouble.
Employee Training and Onboarding
Sometimes, the employee onboarding and training processes can be tricky, especially if you have many new employees or your business is growing quickly.
In these cases, it can be helpful to outsource employee training to an expert. These experts can help design and implement training programs that will ensure that your employees are properly trained and equipped to do their jobs.
Recruiting
One of the most popular HR functions that companies outsource is recruiting and staffing. This includes tasks like posting job openings, searching for candidates, screening them, conducting interviews, and background and reference checks.
Recruitment agencies often have a large network of candidates they can reach out to, which saves businesses the time and effort of finding candidates on their own.
They also often have expertise in screening and interviewing candidates, which can help businesses find the best employees for the job.
Performance Management
Quarterly reviews, annual performance evaluations, and setting goals are all important aspects of performance management. But they can also be time-consuming and difficult to keep track of, even if there is a manager who can take care of everything.
Outsourced experts can help design and implement incentive programs, bonuses, and other ways to improve employee productivity and motivation.
They can also help with setting goals and objectives and measuring and tracking progress. Especially if an organization lacks the expertise to go about these challenges on its own, outsourcing performance management can be a great solution.
The Pros and Cons of Outsourcing Your HR Program
Of course, like anything else, there are pros and cons to outsourcing your HR program.
Benefits of Outsourcing HR
Outsourcing saves money. It may seem counterintuitive that paying someone else to do something would save your company money. But when you factor in the cost of training, benefits, and compliance, it’s often cheaper to outsource HR than to do it yourself.
It frees up time. Time is money, and with HR outsourcing, you’ll save both. By offloading the time-consuming tasks of HR to an outsourced partner, you and your team will have more time to focus on other aspects of running your business.
It offers expert help. When you outsource HR, you’re getting the expertise of a whole team of HR professionals. This is especially helpful if you don’t have an in-house HR team or if your team is small.
Your benefit premiums will be lower. When you outsource HR, your business will often be able to take advantage of the economies of scale and get lower benefits premiums.
Cons of Outsourcing HR
Offloading certain activities makes the overall employee experience impersonal. When recruitment or performance management is outsourced, it can often feel like a cold process. This is because the people conducting these activities are often doing them for multiple clients and won’t have the time to get to know each employee.
It can be difficult to build trust with an outside partner. This is especially true if you’re outsourcing HR for the first time. It’s important to do your research and find a reputable HR outsourcing partner that you can trust.
You might lose control. When you outsource HR, you’re giving up some control of the process. This can be difficult for businesses that like to have a lot of control over their operations.
HR corrections will take longer to make. Since you won’t be handling HR in-house, there will be an inherent lag time that comes with making changes. For example, if you need to change your benefits package, it will take longer to implement when you outsource HR.
What to Look for In an Outsourced HR Partner
If you’ve decided that outsourcing HR is the right decision for your business, the next step is choosing an HR outsourcing partner. Here are a few factors to keep in mind when making your decision.
Compatibility
It’s important to find an HR outsourcing partner that is compatible with your business. This means they should understand your industry and your company’s culture well.
Keep in mind that this will require some input from you. Before you start looking for an HR outsourcing partner, take some time to document your company’s culture and what you’re looking for in your new hires. This will help you find a partner that is compatible with your business.
Cost
Of course, you’ll want to find an affordable HR outsourcing partner. But be careful not to choose the cheapest option. The most important thing is to find an HR outsourcing partner that provides good value for the price.
Reputation
When you’re entrusting someone with your HR needs, you’ll want to ensure they have a good reputation. Do some research and read online reviews to get a sense of what other companies think about the HR outsourcing partner you’re considering.
Industry Expertise
In some cases, it can be helpful to find an HR outsourcing partner with expertise in your industry. Some HR outsourcing service providers offer tailored services based on the niche or industry you operate in. This is particularly true for industries with complex HR needs, such as healthcare and emerging tech spaces like mobile app development.
Final Thoughts About Outsourcing HR
When outsourcing your human resources operation, there are a lot of moving parts. You need to inform your new partner about your company culture, values, and important things to your business.
Outsourcing HR can be a great way to free up time and resources so you can focus on other aspects of your business. It can also help you lower your benefit premiums and access the expertise of a team of HR professionals.
But without an effective communications plan, it can be easy for things to fall through the cracks. Establishing a good relationship with your new HR outsourcing partner is critical to the arrangement’s success.
And if you want to maximize employee retention, you’ll need to put a little extra effort into making sure your employees feel valued and appreciated.
Gartner estimated that end-user spending on public cloud services would grow 20.4% in 2022 to a total of $494.7 billion. That is up from $410.9 billion in 2021. In 2023, end-user spending is expected to reach nearly $600 billion.
Interestingly enough, cloud computing, one of the major buzzwords in the last decade, has not yet been established as a term in the Oxford dictionary.
In Part 1, we explored general patterns of creating responsive and accessible tables depending on the design, use case, and data complexity. In this article, we’ll cover a few more complex and more specific examples, check out how we can improve performance on larger tables, and cover some JavaScript libraries that can further enhance tables with various functionalities like pagination, filtering, search, and others.
A quick note on accessibility before we start: The following examples lean more toward the design aspect of responsiveness compared to the previous article. I’ve used the same approach to accessibility as I did in the examples from the previous article. Still, as these are more complex and specific examples, further testing and adjustments might be required for these use cases, and I strongly encourage them.
That being said, let’s dive into the examples.
Working With Complex Enterprise Tables
Enterprise data tables display a large amount of complex data across lots of columns, and they rely on searching and filtering to quickly find the data we’re looking for. We’re not going to cover those actions in this article because they do not affect responsiveness and only serve to reduce the number of displayed rows.
The responsive patterns that we covered in the previous article won’t completely solve the UX issue here. The stacking and accordion pattern, for this case, might be too clunky for mobile use, and the scrolling pattern would make the table unusable and difficult to scan.
Lalatendu Satpathy suggests in his article about designing enterprise tables to use the stacking context but display only the critical data that the user will most likely want to search for.
Once users have found a row they were looking for, either by scanning, searching, or filtering, they can open up the details view by tapping the row.
Notice how we’re utilizing the limited screen space to the fullest extent for each operation — we’re showing as many data rows as possible, which contain only primary information, and then we are using an off-canvas element, a full-page element to display all data for a single row.
We’re using the recommended markup for the table element and ARIA labels that we’ve covered in the previous article, so let’s focus on the off-canvas element. First, let’s create a hidden off-canvas element and add empty elements where we’ll append row data for the row that has been clicked on.
We’re using CSS to make sure that this element only displays on smaller viewports. On larger viewports, even though the off-canvas element could be activated, it won’t be displayed. Alternatively, we could have also used JavaScript’s match media element to prevent the function from running.
Let’s move onto the row click handle function, which populates off-canvas element slots and applies an active class. We are populating the off-canvas slots by iterating over columns and using an index to target the id-s. Additionally, we are removing the aria-hidden attribute and moving the focus onto the element. We can also use focus trapping to prevent the user from leaving the off-canvas element while it’s opened.
In these examples, we’re relying on additional elements outside of tables (like our off-canvas element) to help us make full use of the available screen space to fully display table data. Check out the following CodePen example and see how these elements work together to improve table UX on smaller screens.
Comparing this to the previous example, the only primary column is the title & platform column. We cannot pick any other column to include for comparison since they are equally important and depend on user preference. Using a stacked column approach is also not an option, as we want users to compare the review scores to different games and between the review sites. This table is also too complex for a scrollable table, as both the primary column and table headers are equally important. It would take too much screen space if we used the fixed-column approach.
Let’s tackle this problem with the approach described in Joe Winter’s article. First, let’s focus on vertical scanning.
Let’s give users an option to choose the additional column they’ll use for comparison — their preferred review game review site. We’ll use a select element in this case, but tabs and other similar controls work well. We can store their preference in local storage if we want to keep track of user preferences and store it for future use.
const allBodyRows = document.querySelectorAll("tbody > tr");
const mainHeadCols = document.querySelectorAll("thead > tr:last-child > th");
function filterChange() {
const value = parseInt(select.value);
mainHeadCols.forEach(function (col, i) {
const colIndex = i + 1;
// Skip the first (primary column).
if (i == 0) {
return;
}
if (colIndex === 1 || colIndex === value + 1) {
col.classList.remove("hidden");
} else {
col.classList.add("hidden");
}
});
allBodyRows.forEach(function (row) {
const cols = row.querySelectorAll("td");
cols.forEach(function (col, i) {
const colIndex = i + 1;
if (colIndex === value) {
col.classList.remove("hidden");
} else {
col.classList.add("hidden");
}
});
});
}
Next, we’ll implement the same off-canvas element as we did in the previous example to cover the horizontal scanning, where we display all column data for a selected row.
We’ll use a very similar function and go through the same motions of opening, populating, and closing the off-canvas element.
We’ve improved upon the previous example by giving users an option to select an additional primary column alongside the “Title & Platform” so users can select which column will be used for comparison between the rows.
But what about more complex calendars used for planning and schedule? They can contain a variable amount of information within the cells, and scaling them down for mobile is not always viable.
We could either use the stacking pattern or scrolling pattern, but they’re not ideal for this calendar project. User needs to see their schedule for today and at least for the next day and have a general overview (a summary) for a wider timespan.
We can divide the large calendar app into two elements on the smaller screens:
List element: the schedule for today and the next day;
Table element: general, high-level, 5-day overview.
There are too many differences between the large screen and small screen views, so there is no smart way of using CSS to transform between the two. We need to duplicate the element and make sure to hide the inactive element with CSS. This will also hide it from screen readers and make the element not accessible with the keyboard.
These two views can be easily generated with JavaScript or JavaScript frameworks like React and Svelte, but also with static HTML generators.
However, pagination is not an ideal fit for all tables and data types. Sometimes we just want to display the whole table and allow users to scroll the entire data table without restrictions or interruptions. What can we do if we need to display the whole table regardless of the number of rows and columns?
Virtualization
We can use virtualization. We keep the entire table data in memory but dynamically render table rows and columns that are currently visible to the user. We update the state while the user is scrolling and interacting with the table, all the while maintaining the illusion that every row and column is present by changing inner dimensions to compensate for missing elements.
This can be seen in the example below, where we render out only a handful of rows in DOM out of a total of 100,000 rows! Notice the inlined height style attribute on the second tr element.
The same approach can be used for large lists and various other HTML elements. There are some specialized virtualization libraries like Clusterize.js if you’re looking to implement just that in your project, but many popular JavaScript table libraries like Tabulator and component libraries support this out of the box.
If you want to read more about the effectiveness of table virtualization, Robert Cooper of Basedash published a case study on how table virtualization introduced significant improvements to their React project.
The root cause of the problem was that we were trying to render the entire table at once, even if most of the data for the table was off the screen/viewport. Also, the React code for rendering a single table cell was quite inefficient, so when we needed to render thousands of table cells on initial load, all those inefficiencies compounded. (…)
Overall, after implementing both virtualization and improvements to our table cell, we were able to speed up table load times by 4-5x in most cases and over 10x in extreme cases. All while increasing the default page size from 50 rows to 100.
Depending on the approach you choose, either by implementing virtualization yourself or by using an existing library, make sure to test if the solution is accessible for your use-case — both for keyboard navigation and for assistive devices.
CSS approach
Interestingly enough, there is a non-JS way to optimize table render performance. We can try to apply CSS contain: strict to the table element to signal that the massive table won’t affect the style or layout of any other elements on the page.
This is exactly how Johan Isaksson improved the performance (on his machine) of Google Search Console, which wasn’t using virtualization at the time, after experiencing issues browsing a table with 500 rows (which resulted in over 16,000 DOM elements being rendered).
However, this is not a universal and perfect solution, and depending on your use case, it might cause visual bugs, especially if you are dealing with a dynamic table that can be filtered, search, and reordered.
As the “strictest” of the containment values, this value should be used with careful consideration. This is due to the dimension requirements it imposes on the contained element. With these requirements, this containment value does offer the most potential performance benefits of containment.
If you are working with dynamic tables, which is often the case with enterprise data, you’d want to either use pagination or virtualization, depending on the design and use case, to create fully optimized complex data tables that perform optimally.
JavaScript Libraries For Enhancing Tables
Additional table features like searching, filtering, ordering, and others can improve table UX even on smaller screens by allowing users to easily scan the table and quickly find the information that they’re looking for. There are so many JavaScript-based solutions out there, both specialized and as part of a larger UI components library, and I’d like to highlight some of them here.
Tabulator is a zero-dependency vanilla JavaScript library for enhancing tables with a plethora of aforementioned functionalities and more. It also features separate NPM packages for React, Angular, and Vue. If you are working on a project that heavily features tables and requires lots of features and interactions, Tabulator can do a lot of heavy lifting for you.
As for the framework-specific libraries, I’ve only used react-table, which worked wonderfully on the projects I’ve worked on. It’s fully implemented with React hooks, so it’s fully customizable and doesn’t enforce any markup, design, or HTML structure.
As for table virtualization specifically, Clusterize.js is a solid vanilla JS solution that works well and has been recently updated in the last year at the time of writing. As for the framework-specific library, there is react-virtualized, but it hasn’t been updated for a while so make sure to test if it fits your use case before committing to using it on your project.
Keep in mind that you should always consult Bundlephobia to see package size and dependencies, and make sure to check out the package repository to see if the package is currently being maintained and if the issues raised are being actively addressed.
Conclusion
Creating responsive and accessible tables requires a careful and thoughtful approach, so the table remains usable even on smaller screen sizes. In this article, we’ve covered some highly specific use cases and approaches like an enterprise data table and a calendar. Large & complex data tables may introduce performance issues due to the DOM tree growing too large, so we need to use either pagination or table virtualization to avoid the potential issues. In conclusion, make sure that, regardless of the design and use case, your tables are responsive, usable, accessible, and performant on various types of devices and screen sizes.
I recently started studying styles of software architecture in different ways: by reading books by renowned architects and by trying to go a step further in my professional career. I have seen how different it is to be an architect from a developer; although these two roles have many points in common, the approach is different.
I don't want to describe what it means to be a software architect in this article. I will summarize what I have been reading and learning about the different styles of software architecture categorized as monolithic or distributed.
If your goal is to create a WordPress site that’s both successful and user-friendly, you probably already know that you need to focus on aspects such as your site’s load speed, proper page layouts, navigation, and SEO elements. What you may not know, though, is that you also need to make your site ADA compliant. […]
