2 Factor Authentication now available for all our clients

2faXYZulu take security very seriously and we want you to do same. We are pleased to announce that 2 factor authentication (2FA) is now available to all our valued clients.

To activate two factor authentication, please visit our support article: Enabling two factor authentication (2FA) for your XYZulu Customer Portal login

What is 2FA?

Please read this post: Why do I need 2FA?

Another security essential is using a password manager. Please be sure to read this post: Overwhelmed with passwords?

Let us help you to stay safe online!

3 mobile security tips

Do you have a mobile phone or mobile device? If so, this post is for you.

We often don’t stop to think about the important role our mobile security plays in protecting our digital assets. But just think about what issues you might face if your mobile was stolen and the thief was able to access your apps/data. Would they be able to transfer money out of your bank account? Use your email to reset your email password? Could they have a sms with a verification code sent to your phone so they could reset the password to a number of other services you are subscribed to?

Here are our top 3 simple steps to secure your mobile:
  1. Have a numeric PIN of at least 6 digits set. A PIN of 4 digits is relatively easy to guess. With a day or 2 to spare a thief or hacker could easily guess your PIN, not so with a 6 digit PIN.
  2. Use TouchID or fingerprint access for any apps that support this method of login. If your device comes with a built in fingerprint reader, use it, whenever you can. This can provide an extra layer of security without the hassle of a password or PIN code when you open a banking app.
  3. Enable a “find my phone” option on your mobile device. For example see the options on iOS and Android. You need to enable these options BEFORE your phone is stolen, do it now. Once this is enabled, you can remotely wipe your phone if it is stolen.

Do you have any tips of your own? Any questions regarding the ones mentioned above? We look forward to hearing from you.

7 reasons YOUR business needs US


XYZulu have been in the hosting business since 2000. Our offerings are aimed at people who are proficient enough to manage their own website, but may also require some help with setting up DNS, Email, CDN etc.

7 reasons YOUR business needs US
  1. We own and operate our business. This means we personally monitor all areas to ensure our valued customers are being provided the highest level of service.
  2. Support. Via our help desk we will provide you prompt support. Prefer to talk? We’re happy to chat with you.
  3. Our regular posts will teach you to keep safe online. Here are some recent examples:
  4. Extensive experience. We have many years experience in the webhosting field and have a broad knowledge of other complementary products and services to help your business reach its full potential. For example: We also offer advanced features like free SSL/HTTPS and multiple versions of php.
  5. Need a new website or maybe just a redesign? Our design partners On Time Marketing can make it happen.
  6. Domain name registration and renewals? No problems, we offer both. We offer more than just .com domains, see: Is the .com all there is? We can transfer your domain to us (a free service) so you can manage your domain and hosting all in one convenient place.
  7. We accept a wide variety of payment methods (Paypal, VISA, MC, AMEX and even Bank Transfer) with no surcharges.

Our regular posts will teach you to keep safe online

What are you waiting for? Join us now!

3 Reasons why you should use Google Inbox instead of Gmail

No doubt you have heard of and are probably well acquainted with Gmail. It’s an email interface most of us have used. You may be less familiar with Google’s “other” email offer: Inbox

What makes it better than Gmail?

It’s much faster at reading/processing emails than Gmail, especially when it comes to newsletters. Inbox provides you a quick summary of the newsletter before you even open it. What exactly makes it better or different to Gmail?

  1. Inbox groups (or bundles) emails in a far more intuitive way than Gmail. This is especially useful if you receive automated emails that you later simply delete or archive. Inbox allows you to do this with a single swipe or click.
  2. Integrated into Inbox is a smart reminder system. For example, if you receive an email that you need to deal with, but not at this time, simply “snooze” the email until the time or place (yes, location is another new option in Inbox) and it will reappear in your Inbox then, or in the case of a location choice, when you arrive at that location.
  3. Inbox has smart replies built in. Have a look at it in action below:

Thought has been given to the layout of all emails on mobile as well as computers. You’ll find the interface different, but also familiar if you are familiar with using Google services.


How do I use it?

It’s simple, just visit Inbox while you are logged into your Gmail account and you will be on your way.

To see what Google themselves have to say about Inbox, visit this page: www.google.com.au/inbox/  and take the time to watch the video they have put together. There are a number of other features we have not touched on in this post, so let us know if you would like to hear more about a particular feature and we’ll be happy to explain.

It seems likely in time Gmail will evolve into Inbox, or the features will be integrated. So there is no better time to see the future of Gmail/Inbox.

Opera – a free VPN Browser

Opera Browser (free) now includes a free VPN. Apart from the security benefits, this can also be handy when it comes to testing your own website from another location, especially when doing web development.

Read more about the VPN security features in this post discussing the release of Opera Browser 40: www.opera.com/blogs/desktop/2016/09/free-vpn-in-opera-browser-40/

How does this work?

A VPN routes all your traffic via the VPN server. Opera Browser allows you to choose the location of the VPN server. For example, you could choose a USA located server and test your own website from the USA. Currently VPN server options are: Netherlands, Germany, USA, Singapore, Canada.

There is also an ‘optimal location’ choice which in my case, uses a VPN server in Australia (closest to me).

Opera Browser is not a new player in the Web Browser space and while it’s not as well known or popular as Google Chrome for example, it is a solid product with an excellent mobile app on many platforms.

How could you use this?

You may wish to use this to browse the internet anonymously, or avoid the security policies your workplace/office or ISP has in place. As I see it, a more ‘useful’ option is to use this to test your website from various locations around the world.

You might want to do this just after updating your DNS, or after updating something on your website to check how it’s being seen by everyone else. Often time, your own ISP’s DNS server (which you probably use by default) may take up to 24hrs to update when changing your websites DNS or nameservers. Using Opera Browser might be handy for you in a situation like that.

Why not download and give it a test today. It’s a free download of course. Grab it here: www.opera.com/download

Is your email authenticated? If it’s not, will recipient’s trust you?


When people receive an email from you, do you want to them to see this image in place of your avatar/profile picture? Do you want people to think your business hasn’t setup email correctly?

Currently, if you are sending emails and not providing SPF or DKIM records in your DNS zone, Gmail/Google users will now see the following warning image next to EVERY email of yours.

This is a recent change from Google, and it affects anyone who doesn’t use a Gmail account as their email address (Google has configured this for all Gmail accounts automatically – not to be confused with Google Apps accounts which still need this configured)

Don’t be confused with a spammer, configure this asap

If you don’t host your email with us, you should contact your current email provider to check if your email is being sent correctly authenticated with SPF or DKIM.

If we host your email, you can configure your SPF and DKIM records yourself directly from cPanel. See more here: Enable Email Authentication

Please see more on this important change from Google here.

You may also enjoy this article we wrote on Email Essentials.

Email is important, make sure you have it set up right

Email essentials

@_symbol.svgWe all use email, and probably these days simply take it for granted. Are there some things to be aware of when choosing how to setup your email? Yes! Let’s explain.

Email is like a mobile phone number, it’s not something you want to change often (if at all) and it’s also something you want to move with you, wherever you may work or live. Do you want to have to manage 2, 3 or more phone numbers? I doubt it, the same goes for email addresses. Therefore, give some careful thought to your email address.

Give some careful thought to your email address

Gmail is probably the most widely used free email service, and to be honest, you can’t get much better. If an @gmail.com email address is one you think suits your needs, go for it. There is no better spam filtering email service out there.

Here’s why this could be a wise and versatile choice: Gmail allows you to check other email accounts. You can have multiple email accounts behind the scenes, but can check them all in one single place, namely your Gmail account. For our existing customers, you can follow our Knowledgebase Article on this subject here: Checking Your Email From Your Own Gmail/Yahoo/Hotmail Account

You can have multiple email accounts behind the scenes, yet check them all in one single place!

If a Gmail account is not quite the ‘personalized’ email address you want, why not consider purchasing your own domain name and then setting up an email address (or as many as you like) on that domain. That way, you can have me@yourowndomain.com as an email address and that never needs to change. There are a huge range of domain names available now. See an article we wrote on this subject Is the .com all there is?  for more details.

Pro tip: Google offers an excellent product called Google Apps. Essentially, Gmail and all other Google tools @yourowndomain.com. For as little as $5 per month, per email address you could have the power of a Gmail account (including world leading spam protection) merged with the personalization of an email address @yourowndomain.com. This is the setup we recommend. Contact us for help in setting this up, we can make it happen for you.

UPDATE 13 Oct 2016: Google Apps is now called G Suite but the features are the same as mentioned above

Outgoing email (sending)

Your email has to be sent by a server somewhere, usually the one that hosts your domain name, or via your internet service provider (ISP). While this is the default setup for most people, using a proper outgoing email service can allow you to track email deliveries and even if emails have been opened/viewed or not. For newsletters as well as transactional emails (such as the ones we send from our helpdesk my.xyzulu.hosting ) you should use a service like Sendgrid or Amazon SES (simple email service). These systems can easily be integrated with your website to ensure any “contact us” emails and newsletters sent via your website, are going to be delivered correctly.

Some configuration is required, but we’re equipped to handle this for you. Why not contact us today to discuss how we can help you setup your own business outgoing email system. For a very small cost, you’ll be able to track your email deliveries and ensure your emails are arriving where they need to.

While we take email for granted, knowing that your emails are being received (and filtered for spam) as well as being assured they are being delivered correctly, is something essential to your growing business.

We look forward to hearing your questions in the comments below.

Has your password been stolen?

Almost every week a new item hits the news about compromised computer systems and stolen passwords. Do you know that passwords are actually sold on the black market for real money? Why? Because compromised passwords can, and are, being used to steal real money from internet users.

compromised passwords are being used to steal real money

Here is just one recent news item: Millions of stolen passwords and email addresses sold online

Are you at risk?

Yes, if you fit into any of these 3 categories:

  • You use the same password on more than one website
  • You don’t use a password manager
  • You don’t have 2FA (two factor authentication) enabled

Lastpass has outlined more details on why passwords matter, and what you can do to protect yourself. Please read this important article here: The 411 on the Password Black Market

Another sobering reminder about why you should never use the same password on more than one website is explained in this video: Password Cracking

How CAN I protect MYSELF?

At the very least:

  • Never use the same password on more than one website
  • Use a password manager so that you are not overwhelmed with passwords
  • Enable 2FA (two factor authentication) on any accounts of yours that support it

Does you or your business need further help on your IT security? Contact us for more information on the consulting services we offer. If you have any questions regarding this article, please let us know below.


Secure messaging, how?

TextSecure_icon.svgSecure messaging on the internet, is this even possible?
Believe it or not, it is. Why should you be interested, and how can you also send/receive secure messages?

Secure messaging is actually possible

What is secure messaging and why should you be interested?

It’s fair to say that despite what you think or have been told, privacy on the internet is almost impossible. When it comes to security however, this is something within your reach. It is something you should be interested in.

Consider how end to end encrypted messaging works. You send a message to me, and only my device(s) can open/read your message. Even if the data was intercepted during the transmission process, it would be impossible for it to be deciphered. This kind of security is possible today.

Read more about end to end encryption here.

While you may not be discussing anything ‘top secret’, surely knowing that your message can only be read by the recipient is reassuring.


One free option is Viber (there are others). To see the details on how this works, see this Viber Support Article.

Basically, once you make a voice call and both parties click the secure padlock icon while on the call, an encryption key will be stored on both devices which ensures that all messages sent between these devices (your device and the other person’s device) cannot be read by anyone else. From that point on, voice and text messages with this person use full end to end encryption.

Do you need it?

It really depends on how securely you want to protect your information. When it comes to business, using secure messaging and data storage is essential to provide your customer with the assurance that you are doing your best to protect them and their data/information.

On a related note, do you offer your customers secure access to your website yet? If not, be sure to read our article on just how easy this is here: Do you SSL/HTTPS? You should. Find out why

Are there other messaging applications that you use and wonder if they are secure and also support end to end encryption? Let us know in the comments below and we’ll dig up the facts for you.

Does your web host offer multiple versions of php?

211px-Webysther_20160423_-_Elephpant.svgWhat is php? Why is having access to use multiple versions of php so important? Does XYZulu offer multiple versions of php?

What is PHP?

According to Wikipedia, “PHP is a general-purpose scripting language that is especially suited to server-side web development, in which case PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content or dynamic images used on websites or elsewhere.”

Why should you be interested in this?

your website will load faster, and run more efficiently if you are using PHP 7

Your website will load faster, and run more efficiently if you are using PHP 7. Think of is as the fuel that powers the engine your website uses. Use the right fuel, and your web site will run at it’s best.

Oh, and in case you were wondering, that elephant is the official PHP mascot. 🙂

Why is having access to use multiple versions of php so important?

PHP is constantly being updated and deployed on web servers around the world. Usually these updates are to patch security holes and optimize the delivery of website content. Each new version of PHP however, usually brings a greater jump in speed as well as well as additional features for developers. A case in point is PHP 7, which is a big jump forward in performance.

Most major scripts like Joomla, WordPress and Drupal already support PHP 7. Utilizing the performance improvements is as simple as ensuring your website scripts (Joomla, WordPress etc) are up to date and enabling PHP 7.

Aside from the benefits of PHP 7, having access to multiple versions of PHP also means that you can run scripts that support older versions of PHP as well as the latest version of PHP. The choice is up to you. A shared web host that is not running multiple versions of PHP yet, is probably one to avoid for security and performance reasons.

Does XYZulu.hosting offer multiple versions of php?

XYZulu Hosting offers multiple versions of PHP

Yes! You can choose your version of PHP from cPanel > Select PHP version. If you need a hand checking to see if your script or website supports PHP 7, please be sure to contact us from our Support Portal.