The second is adding in PHP 7.2. PHP 7.2.1 was launched on the 4th of January 2018 and offers a 15% page load time improvement over PHP 7.1. PHP 7.2.1 is available on all STORM servers and will be automatically updated with future updates.
A couple of STORM users have contacted us recently about making sure their servers are as secure as possible. Although STORM is secure by design there are a three additional methods for improving your security.
Independent User Access
Make sure you don’t share your STORM login with anyone else. Instead you can invite users to your server with just an email address. Unless they’ve been upgraded by one of the Nimbus team a user cannot invite anyone else to STORM.
Should a user leave, rather than resetting all your passwords, you can remove their access by clicking the X against their email address. All their actions will remain in the log for future viewing but access is completely removed.
Keep an eye on the list of users who have access and remove users who are no longer relevant.
Two Factor Authentication
For additional login security you can use two-factor authentication under each user profile. STORM supports any TOTP based app like Google Authenticator, Authy or even 1Password.
Once enabled on each login you’ll be asked for a one-time password alongside your usual password.
By enabling the PCI Compliance setting in STORM it makes a number of changes to improve security. Firstly it disables the old and rather insecure TLS 1.0 encryption method for https. Secondly it only allows access to FTP from the IP addresses under the Security Tab.
If you need any help with these options please contact the Nimbus Hosting Support Team.
We’ve therefore made it really easy to set the Browser Cache Expiration time with just a drop down menu. This feature is available under Configuration of each web site. At the moment this feature is only available if you have NGINX set to serve your static files. However we are looking to expand this functionality shortly to include Apache too. The default cache time is 1 month although can be changed from Never to 12 Months.
Internationalised Domain Names (IDNs) have been available since 2003 although more commonly used in the wider EMEA hosting market rather in the UK. However following feedback from a customer we’ve implemented Internationalised Domain Names (IDN for short) support inside STORM. This means you can use domains that use characters including é or ß. A full list of supported characters is available here.
From a technical perspective any IDN domain names are converted into Punycode before being stored in the database and configuration files. The Punycode makes the code easy to read and less likely to cause script errors.
One of the key benefits of STORM is improving work flow in digital agencies in particularly reducing deadlines and removing bottle necks. However sometimes it’s difficult to see those benefits without playing with the product first. That’s why we’ve now launched a fully fledged online demo of STORM, nick named internally as fake STORM. More on the nickname later.
You can sign up with just an email address and immediately emailed a password to login with. The trial isn’t time limited so you’re welcome to use it for long as you like for as many times as you like. You can try many of the great features including one click functions, easy to use user interface and fast page loading.
The reason we call it fake STORM is that it doesn’t actually make any changes even though it looks like they complete successfully. Any changes you do make will disappear from the interface when you reload the page.
Try a demo of storm here – https://storm-demo.nimbushosting.co.uk/register
We’ve been a little quiet on development of STORM with lots of changes happening in the background ready for a raft of new changes happening soon. We’ll be updating up on these changes in the coming weeks. However, this week, we’ve launched a two page login. A few industry leaders have recently changed over to two page logins including Google and Offic365 and we’ve decided to follow suit for a number of reasons.
Firstly, we can improve the login process by checking the email address exists in our database before proceeding to the password stage. This allows STORM to confirm if the user is registered and completed the signup process before proceeding to the next step. If the user hasn’t registered the appropriate actions will be offered to the user to proceed with the login or signup. This will mean any users who login with the wrong email address will quickly identity the problem before moving onto the password stage which will speed up the login process.
Secondly, it allows us to offer a demo version of STORM with a more simplified sign up process. The demo version of STORM will be launching very shortly.
Finally, now that we’ve implemented the two step login, we’ll be implementing some additional functionality to improve the login process over the coming few weeks. We’ll keep you informed when this launches.
We realise that a two step login can be quite a change especially if you’re using a password manager. Therefore please do let us know your feedback or software conflicts this might create. You can email us at email@example.com.
Launching today, STORM now supports multiple domains with Let’s Encrypt. These additional domains are also known as Subject Access Names or SANs. This means that we can encrypt and secure multiple domains pointing to the same web site using a free Let’s Encrypt Certificate.
We’ve made it really easy to secure additional domains. All you need to do is add an additional domain under the Domains tab on the Web Site configuration. Then under the Let’s Encrypt toggle on the SSL Configuration page you’ll see a smaller toggle for each domain. Just toggle the domains you would like added to the SSL and within a few seconds they’ll be added to the SSL Certificate. Should the process fail STORM will give you a reason why it has failed.
You’ll need to make sure the DNS for the domain is pointing to the STORM server, password protection has been disabled and there isn’t a redirect for this site.