Cash Is King 👑

How often do you review your business spending?

I was quite blasé about it previously spending hundreds of pounds every month. It wasn’t until an unfortunate set of events kicked in that made me think.

It was August 2021 when I had an idea to centralise the database to allow the websites to have no negated functionality when the site switches to a failover server.

The cost of an AWS database was about £100 per month, which I was happy to pay as it included redundancy and it would mean there would be no difference between servers.

As there was a family holiday due, I implemented the solution and monitored it for a week before I went away. All was good 👍

Then on the last day of the family holiday, I became ill after eating some fish and chips. It transpired I had a small bowel obstruction so I was in hospital for 6 weeks.

In this time the costs for AWS had reached £1,500 per month 💰🤯

This was a hard lesson for me to learn, I double checked the quoted amount by AWS and it was right at £100 per month. When I investigated further I found the small print – data transfer to non-AWS services is chargeable.

After reverting the solution, I then looked at all other spending.

I cancelled all non-necessary services which include a BT phone system & Social Media posts.

Have you gone through a similar process to review your spending?

Brotli, anyone?

You’ve all heard of Brotli, right? If not, in short, Brotli is a form of compression which surpasses Gzip making websites smaller in size and therefore quicker to load.

Here, at Codo Digital, we use WP-Rocket for our caching, annoyingly it does not come with Brotli support. However it is on their feature list. I found a huge amount of articles suggesting using Cloudflare as it comes with Brotli support. That goes against our ethos as we limit the use of 3rd party services unless absolutely necessary.

Currently we use Gzip to compress the HTML, CSS and Javascript which drastically reduces the size of the assets. After seeing that Brotli can make these assets even smaller, it makes sense to offer that option to our clients as well. 

As I mentioned before, WP-Rocket does not yet support Brotli, which I found odd as Brotli isn’t new by any stretch.

I started by trying to install Brotli on the server on the hope of using one process to compress all assets across all clients. Now, this ended up being scratched off as the Synology server seems to have intentionally removed Brotli from it’s in-built Apache 2.4.

I decided to do this in two stages.
1) compress cached HTML files
2) Let Apache compress assets on the fly

I wrote this python script which will compress cached HTML files generated from WP-Rocket. There was a lot of trial and error with this script, specifically around encodings.

import brotlicffi, sys, getopt, os
from charset_normalizer import from_path

def main(argv):
    inputfile = ''
    try:
        opts, args = getopt.getopt(argv,"hi:",["ifile="])
    except getopt.GetoptError:
        print('test.py -i <inputfile>')
        sys.exit(2)
    for opt, arg in opts:
      if opt == '-h':
        print('test.py -i <inputfile>')
        sys.exit()
      elif opt in ("-i", "--ifile"):
        inputfile = arg
    /* Do not process if Brotli file already exists */
    if not os.path.isfile(inputfile + '_br'):
        file_data = from_path(inputfile)
        /* Have we managed to get the encoding */
        if file_data.best() is not None:
            print('Processing ' + inputfile + '(' + file_data.best().encoding + ')')
            thefile = open(inputfile, 'r', encoding=str(file_data.best().encoding))
        else:
            print('Processing ' + inputfile)
            thefile = open(inputfile)
        file_contents_decoded = thefile.read()
        /* Compress the file into Brotli format from the UTF-8 encoded contents */
        data = brotlicffi.compress(file_contents_decoded.encode('utf-8'))
        thefile.close()
        /* Save the file with the _br extension appended, eg. .html becomes .html_br */
        file = open(inputfile + '_br', "wb")
        file.write(data)
        file.close()
        /* Fix ownership permissions */
        os.chown(inputfile + '_br', 33, 33)
    else:
        print('.', end='')
if __name__ == "__main__":
    main(sys.argv[1:])

A cron is run to find the relevant files and compress them hourly. If the Brotli version does not exist, the Gzip version will be used instead.

find /path/to/files \
-type f \
-size +1b \
\( -name "index-https.html" \) \
-print0 | \
while IFS= read -r -d '' path; do \
if [ ! -f "${path}_br" ]; then \
python3 /path/to/generate-brotli-files.py -i $path; \
fi \
done

This scripts finds all files named “index-https.html” and generates a Brotli version for it.

Next, was to modify Apache Vhost configuration to serve the Brotli version of the file if the browser supports it. Now, I should point out that Brotli is widely supported, a full list can be found at https://caniuse.com/brotli.

<IfModule mod_mime.c>
    AddType text/html .html_gzip
    AddEncoding gzip .html_gzip
    AddType text/html .html_br
    AddEncoding br .html_br
</IfModule>
<IfModule mod_setenvif.c>
    SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
    SetEnvIfNoCase Request_URI \.html_br$ no-brotli
</IfModule>
<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteBase /
        RewriteCond %{HTTPS} on [OR]
        RewriteCond %{SERVER_PORT} ^443$ [OR]
        RewriteCond %{HTTP:X-Forwarded-Proto} https
        RewriteRule .* - [E=WPR_SSL:-https]
        RewriteCond %{HTTP:Accept-Encoding} gzip
        RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}%{ENV:WPR_WEBP}.html_gzip" -f
        RewriteRule .* - [E=WPR_ENC:_gzip]
        RewriteCond %{HTTP:Accept-Encoding} br
        RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}%{ENV:WPR_WEBP}.html_br" -f
        RewriteRule .* - [E=WPR_ENC:_br]
        RewriteCond %{REQUEST_METHOD} GET
        RewriteCond %{QUERY_STRING} =""
        RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_.+|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
        RewriteCond %{REQUEST_URI} !^(/(.+/)?feed/?.+/?|/(?:.+/)?embed/|/(index\.php/)?wp\-json(/.*|$))$ [NC]
        RewriteCond %{HTTP_USER_AGENT} !^(facebookexternalhit).* [NC]
        RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}%{ENV:WPR_WEBP}.html%{ENV:WPR_ENC}" -f
        RewriteRule .* "/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}%{ENV:WPR_WEBP}.html%{ENV:WPR_ENC}" [L]
</IfModule>

That has sorted the cached HTML, but we still have a lot to do. The assets (CSS and Javascript) are still Gzipped as they’re not cached like the HTML. As I mentioned previously, the Synology server does not have Brotli support, so I ended up replacing the Web Station entries with Docker containers.

Here, at Codo Digital, we love Docker. Each website has a WordPress container, Database container and now an Assets container which is a pure and simple Apache container with some bespoke rules in order to output in Brotli format.

Instead of having to replace every single css and js file with a Brotli version, I only needed to add the following code

There you have it, a site running WordPress with Brotli compressed HTML, CSS and Javascript.

    # Dynamic Brotli:
    <IfModule mod_brotli.c>
        <IfModule mod_filter.c>
            AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css
            AddOutputFilterByType BROTLI_COMPRESS application/x-javascript application/javascript application/ecmascript text/javascript application/javascript application/json
            AddOutputFilterByType BROTLI_COMPRESS application/rss+xml
            AddOutputFilterByType BROTLI_COMPRESS application/xml
            AddOutputFilterByType BROTLI_COMPRESS image/svg+xml
            AddOutputFilterByType BROTLI_COMPRESS application/x-font-ttf application/vnd.ms-fontobject image/x-icon
        </IfModule>
    </IfModule>

    # Dynamic gzip:
    <IfModule mod_deflate.c>
        <IfModule mod_filter.c>
            AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
            AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript text/javascript application/javascript application/json
            AddOutputFilterByType DEFLATE application/rss+xml
            AddOutputFilterByType DEFLATE application/xml
            AddOutputFilterByType DEFLATE image/svg+xml
            AddOutputFilterByType DEFLATE application/x-font-ttf application/vnd.ms-fontobject image/x-icon
        </IfModule>
    </IfModule>

This will automatically send a Brotli compressed file (if the browser supports it) and Gzipped otherwise. At this point I was a bit cautious as what I didn’t want to do was cause a drain on the server for the busy sites.

<IfModule mod_cache.c>
    CacheQuickHandler on
    <IfModule mod_cache_disk.c>
        CacheRoot "/var/cache/apache2/mod_cache_disk"
        CacheEnable disk  "/"
        CacheDirLevels 5
        CacheDirLength 3
    </IfModule>
</IfModule>

This snippet of code will cache the headers and data to disk so repeated requests are not processed again.

There we have it, a Brotli supported website. I couldn’t say that was the easiest thing to achieve, which is probably why WP-Rocket haven’t yet implemented it, but I feel a sense of achievement.

High Table move their website to Codo Digital

Why code when GoDaddy isn’t the daddy anymore

When starting up my business and requiring a website like many other people the first place I went to was GoDaddy. The costs were attractive. Let’s be honest, that was only the driver. After about six months of running my website on GoDaddy I realised that I needed a little bit more. If I could get that more, for a similar cost then that was the ideal.

High Table is a website that is fundamentally an online store. That online store sells information security templates to businesses around the globe 24/7. Demand and traffic are high, performance is a fundamental. I just wasn’t seeing the performance with my current provider, and I had little to no control over it. 

It soon became apparent that I needed a world class hosting solution with 24-hour availability and the support of someone who knew what they were doing.

For me it was a no brainer to speak to Mark at Codo Digital and explore how they might be able to help.

Mark got it straight away. He fully understood my needs and was able to offer something in line with my GoDaddy costs but with so much more targeted at what I needed. 

It was one of the best decisions I ever made to move the High Table website from GoDaddy to Codo Digital.

Within the first week I saw significant performance increases that positively impacted on the website SEO, that positively impacted on the ranking of my site, that directly led to more visits and that directly led to more sales. A clear Return on Investment. 

The challenges that I presented to Codo Digital were

  • To support my global sales from countries ranging across the US, Europe, Middle East, and Australia
  • To support my efforts to maintain a Google page insight score of over 97 on both mobile and desktop
  • To ensure fast response times that were less than one second and ideally in the low milliseconds

It was great that Codo Digital were able to step up to the plate and provide me with a service that fully met my needs and exceeded those expectations.

Six months in and the site goes from strength to strength, performance maintains at the highest level, with 100% uptime and availability baked in.

Stuart Barker is an ISO 27001 practitioner at High Table. He has been in information security for over 20 years. Today he is making information security templates available to business. 

Did you say Internet Outage?

The focus to remove the reliance of third parties and avoid any other internet outage issues is here…

The words “Internet Outage” are not words we utter often. In fact – in this advanced day and age – they are words that we should never have to utter and yet, here we are.

Well, the outrageous prospect of an internet outage actually happened and in its wake knocked out many large scale businesses such as Amazon, PayPal, Reddit, Gov.uk and Twitch clean out. Nothing. Nada. Kaput. Computer says no.

The loading error brought the internet to a bit of a standstill and although rectified, it was highlighted that certain locations across Europe and the US were really affected. It also showcased the significant loss in terms of customers that was experienced by these large companies who rely heavily on their web host being stable and safe with little down time.

It boils down to the simple fact – the longer a website is dealing with an outage, the more likely they are to be losing potential sales. This is NOT good practice.

This major outage has made us think. 

Something like this can never happen again. You need to trust your website provider, you need to know that even though the fragility of the web is real, you’re in the hands of a provider that offers a fully managed and highly secure web hosting service, complete with off-site hourly back-ups. 

Oh hello, we think our ears are burning!

Are you searching for a website host which guarantees no downtime? Maybe you were affected by the outage this month, and have become unhappy with your website host performance? Whatever your reason for wanting to switch it up, you have landed in the right spot. 

Here at Codo Digital we’re passionate about creating lightning fast, responsive and high-performing websites that won’t ever let you down. 

How do we help with all things hosting, migration and super quick API?

Firstly, we are Cyber Essentials accredited, this means the websites we create are super safe and protected from cyber-attacks. 

We also don’t rely on third parties, we’re able to do that thanks to an investment in a BT leased line that provides a 20ms connection time UK wide. On top of that we offer an industry-leading 100% uptime guarantee (something we’re very proud of!) and a failover 4G network to help provide a backup network if needed.

Additionally, as we’re a bunch of professional web developers, we provide creative web design services and we can help with website migration services. So whatever you’re in the market for when it comes to making your website the best it can be, we’ve got you covered. 

Oh and here’s a little tip from us: stay clear of online web builders – Google isn’t a fan of them and a fully optimised website is what you need and what your business deserves to succeed.

ALLOWLIST moves their hosting to Codo Digital

I came across ALLOWLIST in 2020 after finding their content on LinkedIn. It very much resonated with me as they focus on security and I knew I had to get involved with the work they were doing.

At ALLOWLIST you search, compare, and engage with leading cyber security companies. It is a trusted, checked, and customer reviewed community of cyber security and data protection companies. Whether is be GDPR compliance, Penetration testers or Website hosting.

We are proud to be listed in their directory.

ALLOWLIST have been so impressed with our offering, they moved their website from GoDaddy Pro to us.

Now, I am all about making websites fast and I love seeing improvements when we migrate websites. Before the migration, to say it was slow, is an understatement. Averagely the site loaded in 4 seconds.

I should point out, that this test is timing the long way round. That means that we test the time to go http://www.allowlist.io to https://allowlist.io. That said, this should not take this amount of time.

I was quite excited to see what results would be after the migration, but as with all migrations it takes time to make sure everything is right before the DNS is changed. So, after changing the DNS locally and checking the website over – I was happy to go live.

Well, that made me happy! What a difference – the test is the same and to see the graph fall to the floor made my job worth it. Let us have a look at a full 24 hour period.

There is some key information here which highlights what Codo Digital can offer.

The average response time has gone from 4 seconds to 0.5 seconds and the network speed has gone from 57KB per second to 415KB per second.

Shortly after the migration was completed, Codo Digital was featured in their announcement video.

What is a Content-Security-Policy (CSP)?

In short, a Content Security Policy whitelists sources of approved content, you can prevent the browser from loading malicious assets.

Why is a Content Security Policy important?

This is the first line of defence to protect your site should the worst happen. It will prevent an attacker from loading malicious content to your users.

Do all browsers support a Content Security Policy?

Mostly, according to caniuse.com. it is widely adopted by browsers so it makes sense to implement this safety net.

What about updates ??

This is probably the most important thing to understand. You cannot just implement and forget about it.

What can Codo Digital do go help?

At Codo Digital we actively monitor and update where necessary. This is all part of our managed hosting solution. We’ll setup your content security policy from day one and maintain it going forward ?