How to Arm Your Site for Every Screen and Every Platform: An Introduction to Responsive Website Design

What is responsive design?

Responsive design is the concept of building a website so that the layout of the site adapts and changes according to the resolution of the user’s browser. In plain English, employing responsive design allows you to build a single site that will look just as good on a monitor that’s 2048 pixels by 1080 pixels as it will on an iPhone that’s 320 pixels by 480 pixels and all browser sizes in between without the need to build a separate dedicated mobile or iPhone-specific version of your website. The best way to get a feel for responsive design is to see it in action, and one of the best examples is the Lancaster University website. If you simply open the site in your desktop browser, you won’t immediately notice anything extraordinary. However, if you slowly adjust the size of your browser window, you’ll begin to see how the design adapts to the width of the window on the fly. The change is more than just a straightforward scaling effect; rather, certain key elements within the design shift and transform according to the resolution of the browser. For example, this is what the website looks at 1024 pixels wide. And this is what the website looks like at 640 pixels wide. As you compare the two, you’ll notice that in the smaller version, the two stats next to logo disappear, allowing the quick links, search bar and logo to fit into the width of the browser and remain usable. Also, the “Find a Course” box and the two information boxes are now displayed alongside “Latest News,” which preserves the usability of the tab-based navigation in the main feature. This is what the website looks like at 480 pixels wide. You’ll now notice that the primary navigation transforms from one row of six links to two rows of three links, which ensures that these links remain large enough to be easily pressed with a finger on a touchscreen phone. The quick links are reshaped into a drop-down-style menu that takes up less real estate on the screen but still allows the user to easily access these important links. The search box moves to the bottom of page, and the “Find a Course” box disappears and is replaced with a link to the course search page. On the main feature, the slider changes from tab-based to next/previous-style navigation.

Why is responsive design important?

As you can see from the Lancaster University example, adapting the layout of the site based on the browser’s resolution ensures that all content is easily accessible no matter where or how a user might be browsing. With the explosive growth in tablets and smartphones, IDC predicts that within the next four years, more people in the U.S. will access the Internet via mobile devices than via desktops or laptops. As a result, it’s important to take steps now to make sure that your website is not only accessible but easy to navigate and use on any device and any screen size in order to keep pace with the ever-changing browsing preferences of your clients and customers.

---

SPF for Your Website: Three Simple Steps to Protect Your Online Presence

As the days get longer and the mercury rises, we’re reminded yet again of the importance of remaining vigilant when it comes to applying sunscreen to protect ourselves from summer’s damaging rays. It’s a simple yet necessary precaution that if neglected has both short-term consequences – the painful agony of sunburn – and long-term ramifications – skin damage and increased risk of skin cancer. The same holds true for our websites. If we are not proactive in taking the necessary precautions to keep our online presence safe, problems will inevitably arise. Here are three simple measures you can take to apply SPF to your website that will safeguard the integrity not only of your brand’s online presence but its reputation as well:

(S)ecure your site against SQL injections.

Websites that feature data-driven applications can be vulnerable to attacks known as SQL injections, whereby malicious code is added to an entry field, then run and executed. These attacks exploit security vulnerabilities in problematic code, attacking your site’s database and performing any number of actions, from adding unapproved content to your public-facing site to allowing the hacker to download your entire database. This is a prime example of why rigorous testing is absolutely critical prior to launch. If your site is already up and running, consult with your web team to make sure that it has undergone thorough testing and is protected against such hacks. If you want to take additional precautionary measures, there are also security companies that specialize in detecting these types of website and database vulnerabilities, and they can provide you with a security audit.

(P)rotect your domain name.

It’s common sense that you must pay to acquire the domain name where your business will reside online. However, it’s important to remember that you have to continue to pay in order to retain the rights to use that domain name. Essentially, when you purchase your domain name, you’re not buying it outright. Rather, you’re renting that name for a specified period of time. Most registrars (Network Solutions, GoDaddy, Register.com, etc.) allow you to secure a name for anywhere from 12 months to 99 years. If you allow your registration to lapse, however, the domain name becomes available for purchase again and is open to the public for anyone to acquire. Bear in mind that there are actually companies that profit handsomely from business owners who neglect their domain registrations. They monitor domains that are nearing expiration, taking ownership of them the moment they become available. If you have the misfortune of having your domain acquired by one of these companies, usually you can negotiate having ownership transferred back to you, but it will cost you dearly. Unfortunately, while this is a shady practice, it is not illegal. If you allow your domain name to expire, it is fair game for anyone to register it – including these types of companies. Before your domain name expires, your registrar will likely send you many notices prompting you to renew. I start getting domain name renewal notices six months or more before the scheduled expiration date, and as that date gets closer, the notices start coming more and more frequently. Still, despite this barrage of email notifications, there are still many companies that are unaware that their expiration date is approaching, and they either lose their domain name altogether or are forced to pay a king’s ransom to get it back. Often when this situation occurs, it is because the person who initially completed the registration process for the domain name is no longer with the company, and therefore the email address they used to register the name is no longer valid, so the multitude of email notices go unreceived. The company innocently thinks they are protected until one day they stop receiving emails (yes, your email is tied into your domain name), or a customer mentions that they tried to go to the site, and it was simply gone. Even though there is a grace period after a domain has lapsed that allows you to reclaim your ownership before it becomes open to the public, the lapse isn’t always discovered in time to take advantage of this safety net. To prevent this, it is critically important to keep the contact information for your domain registration up to date. Either contact your registrar directly or speak with your web team to make sure you know when each of the domain names you own needs to be renewed, and double-check to ensure that the contact information for your account is valid.

(F)ortify your forms.

Web forms are a staple of doing business online. In fact, rare is the site that doesn’t include a form of some sort that allows the user to input information to be transmitted to the site’s owner, whether its purpose is to make a contact inquiry, sign up for a mailing list, complete a purchase, apply for employment, etc. As anyone who has a form on their site can attest, however, not all submissions received via these forms are legitimate. This is called robot spam, which is created by spammers who write programs that send out spambots to indiscriminately fill out any and all different types of forms on the Web, looking for entryways to expose a site’s security vulnerabilities (see SQL injections above). If you find your inbox filling up with indecipherable junk submissions, it’s these bots who are to blame. To combat these spambots, you can install a CAPTCHA system on your form, which generates an image with a random combination of numbers and letters that the user must enter in order to submit the form. The spambots can't interpret these CAPTCHA images, so therefore they can’t complete the process of sending the form. While there is legitimate debate as to whether or not CAPTCHA is the most effective way to prevent bogus submissions, it still remains the most popular solution for web form security. However, the reason it’s important to block these bots goes beyond eliminating the annoyance of a cluttered inbox. A few months ago, my company decided to remove the CAPTCHA requirement from our contact form. We knew we would get a flood of spam submissions, but we decided we could deal with a little extra hassle on our end in exchange for reducing the inconvenience to legitimate users of having to interpret those squiggly letters in order to simply get in touch with us. As expected, the amount of spam we received increased dramatically, but it was still manageable. Then, all of a sudden, we stopped receiving any submissions at all. We also began seeing some of our emails to other people bounce back. What we discovered was that our web domain (which is where our emails originate from) had been blacklisted as spam by Microsoft (which is what powers our email platform). Apparently, all the bogus submissions from our website (which resides on our domain) to our email caused Microsoft to identify us as spammers. This is because our form submissions came from an email address associated with our own domain name (many web forms are configured this way). Obviously, we were not the ones generating the spam, but this strange series of coincidences conspired to get us blacklisted! Fortunately, it was an easy process to get our domain removed from the blacklist, and we quickly re-installed the CAPTCHA system on our contact form, but we certainly learned an important lesson about security and spambots along the way. If you allow those bogus entries to make it through, there is a risk that you, too, could find yourself blacklisted and unable to send email to some of your most important contacts.

Seize the day and stay safe.

Since summer is vacation season for many of us, business tends to slow down slightly as our clients and colleagues enjoy much-deserved time off. That makes this the perfect time to seize the opportunity to apply these S-P-F practices today to ensure that your online presence is well protected all year long.

---