Expression Engine: An Overview of a Developer-Friendly CMS

After the arrival of WordPress in 2003, an abundance of CMS systems appeared on the scene. One of those was ExpressionEngine, and it soon earned a reputation of being both flexible and developer friendly, and with great support directly from its maker, EllisLab, and a growing developer community.

History of ExpressionEngine

Founded in 2002 in Bend, Oregon, EllisLab first foray into software development was pMachine Pro, which was weblog software. It was basically a precursor to what would become a CMS.

A few years later, ExpressionEngine followed. It became EllisLab’s core product, a CMS made to deliver all types of content, not just for blogging, even though EllisLab released two other products called CodeIgniter and MojoMotor. The former is now supported by a different organisation while MojoMotor was retired in 2015.

Free and Open Source

For 16 years, a paid license was the only way to get a full version of ExpressionEngine until at the end of 2018 when Rick Ellis, Founder of EllisLab, and Derek Jones, CFO of ExpressionEngine, announced the CMS would be re-licensed as open source.

The reason for this change, according to Jones, is the “potential it has to drive incredible growth and opportunity for everyone in the ecosystem… And it will bring ExpessionEngine to new customers all around the globe.” Another reason for the change, Jones states, is that open source “has become…such a dominant and overwhelmingly popular licensing model.”

And Rick Ellis’s view is similar. He states that even though EllisLab saw “open source as a viable licensing model when we launched our first CMS in 2002, it was not apparent then how dominant open source would become on the web.”

ExpressionEngine by the Numbers

ExpressionEngine’s usage has been steadily climbing since 2011 with a reported 146,193 websites using the CMS as of December 2018, 33,808 of those considered as being live, and 18,304 sites in the United States.

ExpressionEngine Features

Developers building websites with ExpressionEngine rave about the wide array of features the CMS offers.

Like most software companies, ExpressionEngine explicitly lists the features of its CMS, such as spam prevention, that it is infinitely extensible for solving difficult developer issues, powerful templates, flexible content types, and strong security.

What developers really like is how the CMS can be customized, how it uses Channels and Fields for different types of content and template groupings, powerful user/ membership management, the ease of updates, and, last but not least, security. To see a deep dive into the CMS, watch ExpressionEngine’s 10 minute primer.

Real World Use

While a large amount of ExpressionEngine’s user base exists in the United States, the CMS is finding usage in other countries around the world like Australia. Right now, there are close to 1,300 live websites in Australia using the CMS. Some prime examples are for The Australian Ballet, a Christianity website, and a digital agency called Happy Content.

Web Developer Review of ExpressionEngine

Ben Bailey, a web developer with Happy Content here in Australia, states what he likes most about ExpressionEngine, in general, is the ability to customize the build.

Some businesses update their content once or twice a year and can forget how to use a “do everything” interface. They end-up contacting their developer for help [to make] updates and that’s no good for anyone. Being able to customize/ simplify the publishing process [as a web developer] is important and this is something ExpressionEngine does well.

Building Client Websites

As far as from the developer side of building websites with ExpressionEngine, Bailey likes the “long list of custom fields that you can mix and match to build your content. I also like how it stores information in channels, which can be related and displayed in different ways.” He goes on to say that ExpressionEngine is “more flexible than a typical page-based CMS…ExpressionEngine was one of the pioneers in this way of thinking and one of the best at doing it.”

Of course, the website build process has to lead to a completed project for delivery to a client. From that standpoint, Bailey praises ExpressionEngine by saying it is “a stable and secure system, so on-going maintenance is straightforward.”

Maintenance and Support

Since ExpressionEngine is not a typical CMS and requires some knowledge of coding, the company sells support plans to those who feel they might need it with focus on the pro web developer. Although skilled at what he does, even a pro developer might encounter some anomaly with the software.

According to Ben Bailey, it’s great to obtain the software “at no cost [as well as] having the option of going to EllisLab…for paid support.” He states that even though he has built sites with ExpressionEngine, he’s glad to know he can “get timely support “from the horse’s mouth” should I need it.”

ExpressionEngine Hosting Support

Building a website is only part of the process. Web pages need a web server with a dedicated network address that is obtained from a web hosting company. Not only that but depending on the software used to build the website, there may be other backend (server) requirements.

That is the case with ExpressionEngine, which requires that the latest versions of PHP and MySQL be installed along with their extensions. In fact, PHP is required and the latest version is recommended, although a website may run fine with a slightly older version. The problem with older versions of PHP aris that they are no longer being supported.


ExpressionEngine has come a long way in 16 years from the days when pMachine Pro was its main product. ExpressionEngine is making headway into the CMS marketplace, and the decision to change licensing to free and make the software open source are both positives. It’s too early to know yet if these changes will be beneficial over time.

CraftCMS: Rising Star of the CMS World

As of early 2019, 32% of the internet is running on WordPress built sites. But while WordPress built its success on its ease of use, it has also garnered heavy criticism for it security (when site owners don’t update their plugins), resource-intensive plug-ins and stiff web design driven by themes.

While all platforms are prone to the same challenges, CraftCMS aims to help developers reclaim and control the web design process, and for that point alone the company is getting lots of attention and are becoming a viable alternative to WordPress.

Who is Behind CraftCMS

Pixel & Tonic, founded by Brandon Kelly in 2010, is responsible for the creation of CraftCMS with the mission of helping developers and other web professionals build better websites. Additionally, the company wanted to offer something WordPress was not: better use of “Element Types, Live Preview, Matrix, and a practically limitless plugin architecture.”

Kelly, who is CEO and President of CraftCMS, started the company in 2011 and launched its first version of the product in 2013 known as Craft 1.0. The software is now at version 3.0. After many years spent working with content management systems, Kelly states he wanted “to build…our own CMS that did things differently under the hood.” While that seems like an understatement, CraftCMS has done just that.

Who Uses CraftCMS

The response to Craft CMS from developers, web professionals, their clients, and the business community has been astoundingly positive. Awards like Best CMS for SMB, Best CMS for Developers, and Best WordPress Alternative further solidifies CraftCMS’s place as a rising star in the CMS world. For Craft, these are the people for who the company built its CMS.

In fact, Craft specifically targets developers responsible for building complex websites for companies with large budgets from $35,000 to $500,000. While market penetration is nothing like WordPress’,  40,000 websites have been built using CraftCMS, some of which were for major retailers like Oakley, Ikea, and Netflix. Some other sites built with Craft CMS are Barefoot Contessa, Grill’d, Samuelson, Flipbox Digital, Mixmag Media, Vector Media, and Lemonade.

Dion Wise, the CEO of Melbourne digital agency Lemonade, says he likes using Craft CMS:

Craft has the benefit of being the relative new kid on the block (2012) built by people who have done the hard yards building the best plugins for another great CMS we use (ExpressionEngine). Being a relatively younger product (but now mature enough to be at version 3) it allows them to not have to deal with the same level of legacy as WordPress. While there is a massive WordPress community to lean on, it creates a bit of a wild-west when it comes to developers and plug-ins.The maintenance and security problems that come with it’s legacy and architecture cannot be understated. WordPress originated as a blogging platform (and a very good one at that), but Craft wins by taking a content first approach and not leaning on the theme mentality of WordPress.

In our experience Craft CMS is loved by all: designers, developers and editors alike. It also has a first-party eCommerce option – very handy.

What Makes CraftCMS Successful

The primary reason is that CraftCMS gives developers and web professionals control over websites they build. But look a little deeper and it’s the abundance of features that come with the CMS that wins over its users.

Key tools in CraftCMS like allowing developers to write and use their own HTML, custom templates, the ability to manage multiple sites with one Craft installation, complete control over the content and categories, regular releases and bug fixes, live preview during the website build, and hundreds of Craft mediated plug-ins managed through the control panel of the CMS illustrate how Craft supports and favors developers.

To help developers get up and running quickly with the platform, CraftCMS have developed an online course called CraftQuest with unlimited access to video-based learning.

CraftCMS As a WordPress Alternative

While CraftCMS’s has elements of WordPress, it is definitely not a site builder and requires more than a few mouse clicks to have a functioning website. But that’s just a basic overview. Here are the major reasons CraftCMS is a viable alternative to WordPress.

First, there’s the issue of plug-ins. WordPress allows and uses third-party, pre-packaged plug-ins and themes. The problem is that a lot of them are not updated and, in the long run, may cause more problems than they solve. This is especially important from a security perspective. Craft has its own plug-in marketplace it regulates and can be managed with the control panel of the CMS. That means better security overall. For a recurring yearly fee after the first year (depending on the license purchased), Craft supports one-click updates for its large plug-in library.

Then there are themes. Craft doesn’t use them and believes in a content-first approach to website building. WordPress comes with licensed themes and plug-ins that don’t offer much visual variation. Add to the fact that WordPress was created as a blogging platform for users who don’t know how to code and where page design is probably a secondary consideration.

CraftCMS Licensing and Pricing

Although WordPress is free to download, install, and use, other costs can escalate costs quickly. The cost of premium plugins can add up. CraftCMS starts with a free license version called “Solo” and it is also free to download here. It comes with all the core components and a single admin account so you can experiment to see if CraftCMS is right for your needs. The next step up is the “Pro” version for a client or development team, which is listed at $299.00 per project. This version comes with unlimited user accounts, system branding, developer support, and free updates for a year, then $59.00 a year after that. There is also an “Enterprise” option that doesn’t list any price structure, but the benefits are SLA contracts, procurement, custom development, and custom licensing.

If your company is interested in e-commerce, there are two license options: “Lite” and “Pro.” The “Lite” version is $199 per project with a year of updates, $39 a year after that. It includes products, subscription, custom payment gateways, and custom checkout process. The “Pro” version includes everything the “Lite” version has, including taxes and shipping, shopping cart, multi-step checkout flow, and sales and discounts for $999 per project with a year of updates, $199 a year after that.


CraftCMS is definitely a rising star in the CMS world and may, at some point, give WordPress some competition. It is well-liked by developers, web professionals, and clients. With CraftCMS already at version 3.0, it will be interesting to see what the future brings for the company of five employees.

Price of their product looks prohibitive for smaller businesses, compared to WordPress, but that’s a strategy to attract well-resourced organisations.

For more information about CraftCMS visit their website:

Elementor for Drupal Release and Why It’s Important

Software for content management systems (cms) helped to change the ever-evolving landscape of the internet. Instead of the internet being used for just finding information, software like Drupal (released 2000) and WordPress (released 2003) allowed individuals, small businesses, and start-ups the ability to interact with, create, and manage their own content. 18 years later the number of websites built with these systems has exploded. Even large-scale enterprise companies realize the importance of digital content.

Website with a Competitive Edge

What makes one website stand-out from another is not only the content but its design and the layers of security. Although easy to use and packaged with its own page builder, WordPress plug-ins are vulnerable to hackers.

Drupal, on the other hand, requires more technical savvy. It also comes with beefier security features. But up until Elementor for Drupal’s release, Drupal’s design elements had been lacking. And although Elementor was created for WordPress, it’s available now for Drupal page builders gives it a competitive edge.

What Is Elementor

Elementor is a free and open source page builder plug-in for WordPress. It can be used for creating, designing, and updating content management system websites. Although thanks to the company Linnovate, Elementor has been ported over for use on Drupal with the exact same tools. Elementor comes with many features, including widgets, powerful design templates, mobile editing ability, and a history of design updates, and that’s just to mention a few.

What makes the Elementor plug-in unique is its drag and drop interface, which allows for quick design of new pages, and with the use of Elementor Pro (an additional plug-in), it is possible to update live web pages. This plug-in favors developers and professional web designers. And as mentioned previously, because Elementor is open source, it is adaptable to suit specific needs.

Elementor Makes Drupal Even Better

With Elementor plug-in installed, an even stronger case can be made to switch from WordPress to Drupal, especially if you are a web professional or blogger who works at the enterprise level. Here are just a few reasons why Elementor for Drupal is significant and make a strong content management system even better:

  • Drupal is better on mobile devices: it offers better content fields on each page.
  • While it doesn’t offer a native app like WordPress, Drupal does have easy administration and is responsive.
  • It’s great for use with web apps or where user permissions are important.
  • There are platform specific applications, such as Acquia and Pantheon, that help with managing security risks.
  • You can manage image sizes within the admin console.
  • And most importantly, if you are a blogger and have the Elementor for Drupal plug-in installed, you can manually control fonts, color, background colors, graphics, and pick from over 53 widgets, all elements which will make your blog more attractive to a visitor.
  • Elementor is easy to obtain and the UI is intuitive. Instead of going through several areas to choose the style on a website, Elementor puts it all right there in front of you with drag and drop. Best of all, a developer doesn’t have to be involved. In fact, not one line of code needs written.

How to Get Elementor for Drupal

Elementor for Drupal is available now and is a free download from, click here to give it a try. Installation instructions for the plug-in are also on the site. You’ll need to have Drupal 8 installed. Watch a demo of Elementor for Drupal by clicking on this link.


The fact that blogged content and a sturdy content management system are important for websites is an understatement. Websites for the BBC, NBC, Amnesty International, and even the Whitehouse count on Drupal, for instance, not only as good place to deliver its content but also security against hacking. These businesses also count on Drupal to deliver a responsive design and tools like Elementor now make that easier.

Why Choose Paid Business Email Service Over Free Email Client

Email communication in both B2B and B2C markets is crucial, hence the need for a reliable and secure business email service provider.

Email is one of the most influential sources of information for business audiences. About 59% of B2B marketers said that email is the most effective channel in terms of revenue generation, and 86% of professionals preferred email as their means of business communication.

Through email, you can place orders, make product/service enquiries, send correspondence to your clients or customers, and even import/export files and images. However, a missed email is a missed opportunity, a lost sale, mistaken communication and a risk of bad reviews.

Email has been a reliable (and cheapest) channel of communication in this data-rich digital world. It should not be taken for granted. That’s why businesses start switching from a free email client to a paid business email solution.

Free, advertising-supported webmail

Yahoo Mail, Gmail and AOL Mail are the popular free email clients with unlimited storage. Users can access their emails via third-party programs through POP or IMAP protocols, synchronising email contents. Aside from having built-in spam filters and virus protection, they integrate with your calendar, tasks and notes.

However, these email services are funded by advertising and marketing arrangements. You can see context-sensitive ads here and there, which trigger data retention, security and privacy concerns. You definitely don’t want that in your B2B and B2C correspondence.

Paid business email

As opposed to free email clients, premium or paid business email supplies everything you need to manage and monitor your business email.


  • You have a professional email address with your domain name
  • Premium spam and malware protection
  • Ad-free
  • Secure and private email
  • Uptime guarantees
  • Hosted on large-scale, tried and tested infrastructure
  • Significant email archive and storage space
  • You can access your emails via a third-party app (Outlook, webmail, mobile, etc.)
  • Fully integrated with your calendar, tasks, notes and other collaboration- and business-based tools


  • It’s a paid service. There is a monthly/yearly subscription fee
  • It can be tricky to set up accounts but nothing IT can’t handle

G Suite and Office 365 are the most prevalent, feature-rich Saas-based email management and productivity tools.

G Suite’s email system allows you to sync your contacts, calendar and notes for easier collaboration. Each member of your team can utilise your organisation’s email address with G Suite Gmail, an enhanced version to provide business-grade performance, security and functionality. Organise emails into folders or use the email search tool to track down missing and old messages. Just type a keyword, sender’s name or email address. You can also identify sender and recipient IP addresses and troubleshoot mail delivery issues.

Powered by Google, G Suite has three premium plans, starting at $5 USD per month.

Meanwhile, Office 365 has a multifunctional email solution – Outlook. Aside from its integration across your email, calendar and contacts, you can access them even when you’re offline. Browse your emails and respond to them because when you’re reconnected to the Internet, it will automatically send the messages.

Organise your emails by setting up a rule to filter incoming emails so that they will go directly to their assigned folders. You can also sort emails by date, sender, recipient, subject, etc., simplifying your search.

Office 365, developed by Microsoft, offers Business (starts at $8.25 USD/month) and Enterprise (starts at $8 USD/month) plans.

Both G Suite and Office 365 allows you to create mailing lists so you can send emails in bulk or send emails to a selected group of contacts. They still have other features that help streamline your business communication.

Zoho Mail is a good alternative, too. It’s one of the best ad-free email service providers out there.

But it all comes down to

Whether it’s a free or paid business email solution, choose which one that works best for your B2B or B2C communication, protects your data, helps you improve end-users’ experiences and keeps your organisation productive.

Got your own recommendation? Let us know in the comments.

Chrome 66 To Distrust Symantec SSLs, Secure A New Certificate

When Chrome 66 is released, it will invalidate Symantec-issued SSL certificates – but we have a plan.

According to the recent update (31 January) of Google’s Security Blog, Chrome 66 is scheduled to be released in Beta on 15 March and a stable release on 17 April. The new version will push the decision made by Chrome team and the PKI community to distrust Symantec SSL certificates, including from its brand names: Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL.

Symantec SSL certificates issued prior to 1 June 2016 are no longer be recognized and need to be replaced. Those who are impacted are advised to secure new certificates from any Chrome-trusted Certificate Authority before Chrome 66 is up and running. Symantec’s old infrastructure and all of its issued certificates will be fully revoked once Chrome 70 is released on 23 October.

That being established, it is best to have your SSL requirement up-to-date as soon as possible. And Network Dynamics can help you obtain a legitimate, Chrome-approved SSL certificate.

Our SSL certificates are issued by Comodo™, one of the most trusted and Chrome-approved SSL Certificate Authorities with over 700,000 customers from a diverse range of businesses worldwide.

SSL certificates come in three types: Standard, Domain validated UCC SSL and Wildcard.

To order, please visit this page or just click the list of packages below.

Comodo™ SSL Certificates

Get in touch with us for any questions and clarifications regarding your SSL certificate.

Three alternatives to WordPress: Ghost, October CMS and Craft CMS

Although WordPress is the most popular, easy-to-use, and free platform, there are other CMS-based programs that can also have a good run for your money.

When it comes to content management systems (CMS), WordPress is the dominant player, hosting about 25%  of all sites. However, WordPress is trapped by its own success: a typical WP site needs at least a dozen of PHP-based plugins to handle SEO, caching, and spam. There is also a bland sameness to WP sites due to its restrictive theming structure.

There are excellent modern alternatives to WordPress such as Ghost, October CMS, and Craft CMS. In this post, we will cover the pros and cons of each platform, compare them to WordPress, and offer some guidance – especially to IT managers, CTOs, and agency partners who support some form of a content management system.

Ghost CMS

If you’re in the market to add a content marketing platform to your digital presence, consider Ghost as an alternative to WordPress. Kick-started by a former WordPress team member in 2013 as a blogging-focused CMS system, Ghost has been steadily growing. More and more sites are using this platform, as well as plugins and themes.

From its default support of Markdown to its JavaScript codebase, Ghost is a timesaving blogging and publishing tool for people who are comfortable around codes. It is packed with live preview editor; and built-in support of Google AMP pages, canonical tags, support for Twitter cards and clean markup. This platform is an excellent choice for technical content marketing.

While there are volumes of free and premium themes on WordPress, Ghost has plenty of both, and even provides theme developers with a far richer environment.

Where Ghost really wins is speed – built on NodeJS, ExpressJS, and Handlebars.js. It is almost as fast as a pure static page site and considerably faster than a typical WordPress site.

Another thing is that Ghost sites tend to require minimal ongoing maintenance compared to WordPress sites. This is due to fewer plugins to update constantly, more flexible theming, and a robust community to turn to when things go wrong, which leads to fewer support hours.

Ghost is meant for developers who are skillful in working from the command line of a Linux environment. Even so, it is not a good choice for an online store or community, and it can’t compete with Shopify or Discourse.

If you are looking for a writing-centric system, Ghost is an excellent go-to platform.

October CMS

If you’re someone who opts for a PHP/Laravel alternative with lesser maintenance and security issues than WordPress, consider October CMS.

October gets right a number of things that plague WordPress sites:

  • Plugins go through the review process, much like iOS apps. A plugin needs to meet certain stated criteria for quality, be malware/spyware-free and plays well with October CMS before it’s listed in the October CMS MarketPlace.
  • Based on Laravel PHP, October’s use of Laravel PHP means fewer updates and concerns for IT Managers or support personnel.
  •  Reusable and easy to maintain partials and components, which can be used anywhere when needed, in October is a more flexible structure than “widgets”.

October’s disadvantages are typical of any CMS that’s not WordPress:

  • There are 472 plugins for October versus 53,319 WordPress plugins.
  • October has, as of now, 100 themes. WordPress, well, no one knows for sure, but there’s ThemeForest, a popular source for premium WordPress themes with over 11,000 templates.

Bottom line: If there’s a specific theme or plugin that is a must-have, October CMS is not likely to be in the running. On the other hand, if you want a fast performing, PHP-based content management system with secure plugins and has a good range of themes, definitely pick October CMS.

Craft CMS

Do your clients find WordPress burdensome with its endless plugin updates and “almost right” themes? If so, you need to take a look at Craft CMS.

Craft is designed to simplify the process of building custom CMS implementations. Some of the leading brands on the web like NetFlix have used the platform already. Created by longtime ExpressionEngine developers Pixel & Tonic, Craft focuses on easing up the creation of complex pages.

It has two key features – Advanced Custom Fields and Matrix page builder – that help agencies to deliver complex turnkey content environments cleanly and easily.

Compared to WordPress, Craft goes the extra mile to reduce security concerns.

Craft has some flaws, though. To create a perfect CMS, expect to put some extra time and effort into Craft. For example, if you want a premium theme, ThemeForest presently has only 33 Craft themes available.

Another comparative disadvantage is that Craft is not free. Unlike October CMS, Ghost or WordPress, a client needs to throw down a one-time fee of about $199 to $299 in order to unlock Craft’s awesome features. The cost is not a hard sell on the agency level, but freelancers may have a second thought.

So, what should you pick?

While WordPress is a powerful CMS, there are better options depending on your site requirements.

If you are a technically-minded writer looking for something better, cleaner, and much faster than WordPress, Ghost is an excellent choice.

If you want a CMS that is simpler, easier to set up and maintain, and not so prone to hacking than WordPress, October CMS is definitely worthy of your consideration.

Yet, if you’re running or setting up an agency and want to build both custom company sites and in-house expertise in a single CMS, Craft CMS is going to be on your shortlist of options.

Any thoughts about this article, leave us a comment below. As for your hosting needs, drop us a line.


What is HSTS and should I implement it?

HTTP Strict Transport Security (also know as HSTS) is a powerful browser and server security mechanism to increase security on your site.

This technology removes the ability for your SSL encrypted session (HTTPS) to be degraded to HTTP, ensuring all information exchanged is secure. Implementing the features of HSTS can significantly reduce the likelihood of some attacks such as ‘man in the middle’.

This technology has been available in both Google Chrome and Mozilla Firefox since version four of their browsers and since version eleven of Internet Explorer.

How does it work?

There are two main security features that strict transport security implements. These two are centred around preventing a man-in-the-middle attack from taking place in order to steal sensitive information such as credentials to a website.

The way that HTTP Strict Transport Security works is by forcing all communication to be sent via HTTPS by instructing your web-browser that no traffic ever should be sent via the HTTP protocol when requesting assets from the website being protected via this security mechanism.

The two primary protections are as follows:

* HSTS will automatically redirect any assets (images, css, javascript) that are referenced in the HTML generated by your website to be called via https:// rather than http:// (Which will then ensure that the content is coming from a source with a valid SSL certificate).

* If the website is being protected by Strict Transport Security presents an invalid SSL certificate, the browser removes the ability for a visitor to override the certificate warning, preventing access to the website.

HSTS Subdomain Namespaces

In addition to this, the HSTS mechanism also provides website owners with the ability to force all subdomains of their domain to also have HSTS enforced. This enhances protection of their domain namespace but can also be an implementation hazard for some organisations that may have reliance on subdomains without HTTPS implemented for external resources.

HSTS Preload List

HSTS also has an opt-in preload list of which rather than being initiated by the web server you are contacting, will query a list that is built-in to all modern browsers to see whether or not a domain should be using HSTS. This further enhances the protection provided by HSTS, by forcing all queries to be sent to a domain to be sent via HTTPS:// without having to query the associated web server in order to find out whether or not strict transport security should be in use. If you have implemented HTTP Strict Transport Security and want to include your domain on the preload page, the submission form can be found at

Should I implement HSTS?

The use cases for HSTS are dependant on the information you are protecting. If you are a bank and protecting your clients online net banking facility then you should be definitely using HSTS across your services. If you run a small personal blog site with no personal information being stored in the backend of the website then the use case is significantly diminished.

As a rule of thumb, we would recommend any E-Commerce based store to strongly consider the use of HSTS in conjunction with TLS/SSL in order to protect their online presence, especially any that are dealing with cardholder data.

If you do choose to implement Strict Transport Security across your site it is recommended that you understand the implications of doing so. If HTTP Strict Transport Security is not configured correctly, there can be major negative impacts on your organisation. We would always recommend engaging a hosting professional to do some pre-requisite checks before deploying this across your web presence.

Get in touch with us.

Email Comparison: Office 365 vs G Suite vs POP/IMAP

It appears that G Suite and Office 365 offer a set of robust web applications, but can they really replace POP/IMAP?

The concept of ’email’ is a very old mechanism of communication, in that the first email was sent back in the 70’s and for a long time, the one and only method of communicating with an email server to retrieve emails was through the POP protocol. This began to change over the last 10 years as different email services have begun to gain more importance in our lives.

We will compare the ‘conventional’ email technologies POP and IMAP versus the newer and more powerful offerings from Google and Microsoft, G Suite and Office 365, respectively.


Post Office Protocol (POP) gained popularity during the 80’s as email became a more readily accessible form of communication – users were able to send emails to a remote server where they could later be retrieved and downloaded for viewing.

The concept of POP is accurately described in the name – the server acts like a ‘post office’ to temporarily store your mail. When you access the server to retrieve the mail, it is then removed from the server and the only copy left is that on your local device (computer, phone, etc). Obviously, this makes working from multiple devices extremely difficult because not all messages will be stored on one device, instead of being spread randomly across multiple devices according to when you use them.

Other disadvantages of POP:

  • Extremely basic connection type, many POP servers only support non-encrypted connections
  • Sent emails are not synced up to the server
  • No mail contacts are synced.

IMAP (Internet Messaging Access Protocol) has grown to become almost the de facto standard in email communication due to its flexibility in application and relative simplicity of operation. IMAP operates very differently to POP in that it stores all your email information on a central server, and you as a user can log in and view what is stored there as you need to.

This allows for multiple devices and multiple users to connect to the same mailbox and all see the information that is stored there – greatly increasing the applicable use in a business’s daily operation.

These positives aside, there are still some drawbacks to the IMAP that you should be aware of:

  • Depending on your connection speed, large mailboxes can be very unwieldy and difficult to manage.
  • Usually quite slow – depending on the hosting provider
  • A loss in the connection may lead to all viewable messages dropping offline unless cached locally
  • Message storage may be limited

G Suite (Google Apps)

This is the umbrella term for all Cloud-based computational tools available for businesses from Google consisting of tools for email, word processing, spreadsheets and presentations.

G Suite is very like the consumer offering Gmail, however, the extra tools that are included in the price per user of $5AUD per month is well worth the investment.

The first criticism that users have when accessing mail frequently is that they always run out of space, and this is immediately addressed through G Suite – each user’s mailbox is permitted 30GB of storage with opt-in additions for further expansion and long-term archiving if required.

Removing this bottleneck allows for significantly larger attachments to be shared with multiple users and emails retained for longer periods of time before being archived off for cold storage.

The other advantage of G Suite as a ‘premium’ email platform is the ability to easily create and share contacts and calendars with other colleagues that are using the same G Suite account. This will dramatically increase the ability to collaborate and share your tasks with users without requiring extra tools to complete basic tasks such as shared calendars.

The disadvantages of G Suite are:

  • Often intimidating to setup
  • Web interface can be confusing – no traditional ‘folder based’ structure, tags are utilised instead.
  • Web-based office productivity tools can be too basic or alien to users experienced with Microsoft products.

Office 365

When it comes to communicating and working online, there isn’t much of a better choice than this. Combining all the best parts of having standardised Microsoft software on your local computer and in the cloud, Office 365 takes advantage of one of the most powerful email technologies available – Exchange.

Microsoft Exchange is a proprietary enterprise-class email technology which allows for the highest performance email experience available for purchase in a retail environment. By maintaining a constant connection to the server, the Exchange client will ensure that all data (email, contacts and calendars) are synchronised with a centralised server (or cloud in this case) immediately and without any delay. This behaviour can be replicated on many devices for an almost instantaneous delivery of information across all devices within the network.

Most large enterprises have run Exchange servers ‘on premise’ for a long time however with the introduction of Office 365, users without massive equipment or IT department budgets can also benefit from this powerful technology an investment of only around $7AUD per user per month.

Other advantages of the Office 365 platform include:

  • Large 50GB mailbox per user, eliminating the need to delete any email
  • 1TB file storage per user for easy sharing of files and documents.
  • Familiar folder based structure
  • Seamless integration into Microsoft Outlook
  • Ability to easily upgrade to full retail copies of Outlook, Word, Excel and Powerpoint for use as long as the subscription is active, and up to 5 devices at a time for only $10 more per user per month.

In conclusion, if email is a critical part of your daily business you should really consider upgrading to either G Suite or Office 365 –- both have positives and negatives but whichever you choose you’ll be happy that you did.

Testing your website with a local hosts file

A hosts file is used to map hostnames (ie. to IP addresses (ie. . You can change the IP to which you resolve a certain domain name by adding entries to your local hosts file on your computer.

This is particularly useful when you wish to see how a website will look when hosted on a different server, without having to wait for a DNS change to propagate, or to avoid making any DNS DNS changes entirely.

Many developers will opt to use a temporary URL to develop a website before they go live.  This is usually so the developer can work on a website, without impacting the live site.  However, developing a website on temporary URL can cause problems when is comes time to go live.  Many CMS and CRM applications require database manipulation to switch domains from temporary to live, which at times can break the website or application and make the switch over process quite time consuming.

However, by tricking your local machine in to thinking that the new site is already sitting in its new location, you can test the site before updating DNS. This ensures that what you see before your site is live, is what you will see after you update the DNS.

The Problem

Assets (css files, javascript, images and other media) when missing from your website can cause major site-rendering problems. Nearly every developer has come across an issue where a stylesheet isn’t loaded and the page looks like it has gone back to the late 90’s (a bunch of unformatted text with images splashed around or missing). Unfortunately when using a temporary URL to develop, the website or application can create hardcoded links in the database that reference the assets using a fully-qualified domain name.  Whether it be a CMS, CRM, theme or plugin creating these hard links, unless dealt with properly will cause your site to break when moving from a temporary URL to the production URL of a website.

Skilled system administrators and developers can use scripts or plugins to search and replace these in the database. Further to this, developers may even grep over the website contents in order to update these links, reflecting the correct production URL of the website. This can be time consuming and some applications actually serialise data making it difficult or nearly impossible to locate and change the offending asset links.

The Solution

Developing the website by using it’s destination domain (the domain it will be accessed on when it is live) eliminates these problems.  You can then modify your local hosts file to trick your local machine to thinking that DNS resolves to the IP Address of the server you have setup your account on.  You can then develop and test in your browser as if the site were live.  Once finished all you need to do is update the A records for the domains in DNS, at your DNS host for that domain.

In order to modify your hosts file, we have a couple of options below.

Every Operating System has a local hosts file and depending on your Operating System, can be found in the following location:

Linux / Mac OS X: /etc/hosts
Windows: %windir%\system32\drivers\etc\hosts

Editing the local hosts file is quite simple and all Operating Systems follow the same syntax. The IP Address you are masking followed by a space and then the hostname you want to masquerade.  You can edit these with any text editor (although you may need to elevate your privileges in order to do so).

If an easy to use GUI is more your style, here are a couple of handy tools we recommend to use in order to make the job easier.

Gasmask (Mac OS X):

Gas Mask for OS X is a free GUI based local hosts file editing tool. Rather than having to use terminal to elevate your privileges and then use a text editor to make the changes, Gas Mask allows for rapid editing of your hosts file from within the GUI.

Gasmask Application
Gasmask Application


Hosts File Editor (Windows):

Hosts File Editor is an Open Source GUI based local hosts file editing tool for Windows. The file permissions surrounding the hosts file on Windows are a bit harder to circumvent than they are in Linux or Mac OS X. This provides for a simpler way for Windows users to make modifications to their hosts file and reduces the risk of corrupting the file.

Hosts File Editor
Hosts File Editor

How to avoid 508 Resource Limit Reached errors

The ‘508 – Resource Limit is Reached’ error is one that leaves both website owners and people browsing the web a little bemused. In this article we focus on some tips for a website owner to be able to identify the cause and some practical remedies to this common problem amongst people using shared web hosting.

The history of 508 Errors and why they occur

First off, lets look at the history of where ‘508 – Resource Limit Reached’ errors came about. The 508 error was first ratified as a HTTP code in RFC5842, but known as HTTP Error code ‘508 – Loop Detected’ in 2010. Around the same Cloudlinux was being first released with the goal of being able to provide extra security and stability to shared web hosting servers. One of these technologies they introduced was ‘LVE’ or ‘Lightweight Virtual Environment‘ which is a Linux kernel module based off OpenVZ technology that was designed for the web hosting industry, having the core goal of ensuring that a single website cannot bring down a shared web hosting server.

LVE technology allowed shared web hosting providers to be able to limit the amount of resources that a website could consume on a shared hosting server before blocking the account from being able to use more. Back in the shared hosting days before this was in place, it was a common occurrence that a single website could crash an entire shared web hosting server because it had a sudden influx of traffic. When this happened, it would result in server downtime and effect all of the websites hosted on the server. As one could imagine, this wasn’t really fair to the other clients on the server, it being no direct result of their own actions that they had experienced downtime.

When Cloudlinux was released, the web hosting community adopted this new technology at a very rapid pace as it provided more stability for their infrastructure and a fairer system for their clients. All of a sudden, limits were being imposed on shared web hosting accounts that were not there in the past that would restrict the amount of system memory, CPU and PHP processes that a site could utilize at any given moment in time. Presumably, the closest code that Cloudlinux could find in the IANA HTTP codes that would match LVE detecting that a website was using all of it’s resources was the ‘508’ code that had been recently introduced. This became the code that Cloudlinux would use when resource usage was exceeding the limits imposed by LVE and from 2010 on-wards, shared hosting servers became a lot more stable, albeit at the cost of individual websites with high resource usage.

Establishing which limit is causing your ‘508 Resource Limit is Reached’ error

If you are a web site owner and you have detected that on occasion your site is issuing 508 errors to web site viewers, there are methods to identify what is the cause of the 508 errors you are experiencing. The majority of 508 errors are generated by cPanel based servers that are running Cloudlinux. The 508 error is generated by one of two things occurring on the server.

  • Memory usage (your account has exceeded the amount of memory allocated to your cPanel account and there is no available memory allocated to your account for the server to process your request as the memory is in use by other requests on the account)
  • Entry processes exceeded (your account has exceeded the amount of entry processes allowed that can be run simultaneously on the account at the time your request was sent to the web server)

Contrary to belief, CPU limitations do not cause 508 errors directly. If the CPU allocation of an account is reached, it will stay at this maximum and slow down other processes running on the server. This can cause the amount of entry processes to go up as requests cannot be fulfilled as quick as they would be without a limit in place, potentially causing the entry processes exceeded trigger of a 508 error.

If you have cPanel access to your shared web hosting account and the server is running Cloudlinux, there should be an option for you to be able to review your resource usage for the account and ascertain the cause of the 508 error you are experiencing. The option you should be looking for within cPanel is the “CPU and Concurrent Connection Usage” icon, under the “Metrics” group of options.

Once you have opened this up you are presenting with information that indicates whether or not your site has hit resource limits within the past 24 hour period and has a link to the ‘details’ of your usage of which will outline the cause of any 508 errors along with the the amount of errors that have occurred during that period of time as well as some additional historical data.

An example of the ‘Faults’ section of these graphs is below (taken from an account that is under-resourced):


As you can see, the website I have taken the above graphic from has had hundreds of 508 errors in the past 24 hour period. Both Entry Processes and Memory usage has been a factor in this site now being able to display to visitors who otherwise would be able to view the content. This will show you which limits have been reached but not necessarily why they were reached in the first place.

Possible Causes of 508 Resource Limits being Reached

There are many potential causes of the 508 error, some of the most common ones are listed below.

Your hosting provider has limits lower than the requirement of your website.

Many hosting providers have low limits so that they can fit many hundreds of hosting accounts on the one server. These limits may be well below the requirements for your website, especially if it is a heavy website (lots of plugins), or running a heavy E-Commerce CMS such as Magento or WordPress / WooCommerce.

The best thing to do in an instance like this would be to find out what limits your web hosting provider has in place (ask them) and perform some concurrency testing to see how many visitors your website can handle simultaneously before the resources are exhausted. If this limit is not high enough then look to either another web host, or another package where you are provided with enough resources to prevent this from happening.

Often it can be the case (if you have a really busy site) that you should not be on shared webhosting at all and that a dedicated solution without limits could be the best thing for your website and your business.

Website traffic spikes

Many times we have seen clients advertise on TV or Radio whilst still being on a shared web hosting package and receive 508 errors. If you are undertaking any activity that will send spikes of traffic to your website you will need to be on a dedicated hosting platform otherwise you may be wasting the valuable exposure that your website should be getting through the advertising you are carrying out.

If you ever are going to get large amounts of web exposure, make sure to be on a platform that can handle this well before the actual spikes occur.

You have rogue processes, back-end jobs or cron jobs that are impacting on your resource usage

Often it could be a backup job, a long query that has been initialised from the back-end of a website or a cron job that carries out high-memory tasks that could be causing your 508 error. Usually the events should coincide with the actions being carried out which makes this a little easier to detect. Especially if you have resource usage errors at the same time that the cron jobs are being carried out or an website administrator is performing tasks in the backend that are causing resources to be consumed.

Web Crawlers, Search Engines or Denial of Service Attacks

Web crawlers or automated scripts that are browsing your website can often be the cause of resource limit depletion. In addition to this, search engines indexing your site at a rapid pace can also cause your resource limits to be exceeded. In addition to this, sometimes malicious entities may be consistently accessing pages on your site that they know will be generating a lot of resource usage in order to Denial of Service your site. Looking through the servers access logs at the time the 508 error is being generated should be able to give you an idea of the activity on the site which has caused the issue and potentially be able to find the IP Addresses that are causing the issue and block them.

Google’s webmaster tools can be used to change the rate in which they index your site if you believe it is Google cause the issue when it is indexing your site. This can be adjusted to a lower rate of requests per second to prevent this from happening.

Poorly scripted plugins or code

Sometimes it can be badly written CMS plugins, theme or custom code that causes 508 errors. Being able to see which processes your account has running often assists in being able to identify files that the site gets stuck on that use up excess CPU or Memory. This is also a major cause of a site being slow when no one else is using the site.


Unfortunately the 508 limits are an essential part of being able to provide stable web hosting in a shared environment. There are many reasons you may get one and they are the result of your website or web hosting account using more resources than the hosting provider has allocated the account.

If you do receive these on a consistent basis across your site, the most logical thing to do is to move to either a bigger shared hosting package or look at alternatives such as virtual dedicated server hosting in order to ensure that limitations will not cause your site downtime. Sometimes the revenue you are losing as your site is down is far greater than the cost of upgrading to a suitable package for your businesses website.