The Importance of Updates, Backups, & Security Hardening

It is all too easy to put a website online, get caught up in the day to day running of the website, and forget about maintenance. Unfortunately, when running a self-hosted website, your maintenance job never really ends. If you ignore software updates and other security and maintenance tasks, you may find your site compromised; you could be unwittingly hosting thousands of spam pages, infecting your visitors with malicious software, be flagged with a warning in Google, or find your entire site deleted.

In order to prevent security breaches, website hijacking, and spamming, it is very important that you or your website manager maintains an attitude of preventative security; while some security hardening should be done during a site’s initial setup, it is very important to stay regularly and continuously vigilant and aware of what is happening on your website & server.

Your regular security routine should include (but not be limited to):

  • Off-server backups of your website files and databases (weekly, monthly, or quarterly, depending on how static your content is)
  • Installing software updates in packages running on your website (it’s best to do this at least monthly, immediately after a backup)
  • Checking your SERPs for unknown or suspicious looking URLs (you may find hidden spam content)
  • Checking your website file system for unknown directories or files
  • Checking your website’s source code for unknown or hidden content
  • Changing your FTP and web hosting administrator passwords at least every 6 months
  • Checking your website’s status in webmaster tools through Google, Yahoo, and Bing

Security Hardening

In addition to a good security routine, it is also important to have a few bases covered ahead of time; I recommend everyone read Dr. Neal Krawetz’s “Better Than Nothing Security” blog post series, found on his Hacker Factor Blog. In this blog series, Neal provides very practical and easy to implement security ideas for all webmasters. Neal is a local Fort Collins computer security expert, and his blog is a great resource.

A few additional tips for good security:

  • Whenever possible, use trusted networks when connecting to your web server or logging in to manage your website – coffee shop wi-fi is off limits!
  • If not on a trusted network (or even if you are), use SFTP to connect to your web server, and make sure you are using an encrypted (https) connection when logging in to any type of website control panel (hosting, WordPress, etc).

By performing some initial security hardening, sticking to a regular security routine, and using good website management security practices, you can rest easy knowing that your website is very unlikely to be hacked or hijacked, and in the event that it is, you have a recent backup ready to restore.

Do you have additional security tips and resources for webmasters? Please let us know about them in the comments!

GetListed.org Denver Local Search University

Internet Marketing, SEO, & Local Search Workshop – Thursday October 21st, 2010


Local search expert David Mihm and GetListed.org are bringing their “Local University” to Denver next week, Thursday October 21st. A natural extension of the hands on Local Search Workshop that we hosted in Fort Collins last month, the GetListed.org event is a half-day workshop focusing on SEO and marketing your business through Local Search services such as Google Places.

This is a great opportunity for Northern Colorado business owners to expand their knowledge and expertise on Internet Marketing, SEO, & Local Search Marketing. The “University” is described as, “an intensive four-hour crash course in Internet marketing that will help you navigate the possibilities for marketing your business on the web.”

Some of the nation’s leading online marketing experts will be presenting at this workshop including Mike Blumenthal, Mary Bowling, & David Mihm. The agenda includes a variety of presentations and Q&A sessions.

We invite you to join CCSEO’s Cecily, Kevin, and Colt at the event, with a special discounted agency price. Please contact us for further information on the workshop, and to sign up with our agency discount.

The Local Search University will take place at the Sheraton Denver Tech Center from 12:30pm to 5:00pm. You can review the website for the full agenda and details.

Web Design – More Than Just a Pretty Face

It seems like these days any Tom, Dick or Harriet can design a website, however all websites are not created equal.

Just because it looks lovely it doesn’t mean it’s going to help you meet your business goals. Your website has to be found, used and enjoyed, if it’s going to generate the leads and sales you’re hoping for.

Let’s say you want to create a new website, or update your current website. You have a logo and a color scheme. You have a pretty good idea of the content you want on the site. You’ve found a web designer who you’re confident will create a lovely looking website for you; you’ve seen their portfolio and they have lots of lovely websites in it.

But before you go ahead with the project, before you sign off on anything, in fact, before you even settle on your web designer, you should find out how they take account of the following:

  • Web Standards
  • SEO
  • Usability
  • Metrics

To get an idea of their awareness of these elements of web design and development, here are some useful questions to ask:

  1. What programming languages will you be using to build my website, and how will this effect search engine crawlability and indexing, user experience, and download time?
  2. How will my website be optimized for the search engines?
  3. (If a redesign) How will you make sure that the search engines and users can find my new website pages when the page names change?
  4. How will my website be optimized for users? Can I be confident that visitors will have a clear understanding of what my website is about, be able to navigate my site easily, and take the actions I want them to take?
  5. How will we measure results after the site is launched?

A good, knowledgeable web designer should be able to not only answer these questions, but also explain them in a way that makes sense to you.

Although elements like SEO, Usability and Metrics are huge subjects on their own, your designer should have a solid understanding of how they relate to web design. They should also have a professional support network to help fill any gaps in knowledge he or she might have, and to whom they can refer you for more specialized services if necessary.

With these concerns addressed, moving forward you can be confident that your website will not only look lovely, but will also more likely become the business asset you are hoping for.

What other knowledge/experience would you expect a web designer to bring to the table for your web development project?

If you are a designer, how do you feel about being involved in these additional aspects of building a website?

Website Usability Testing

usability-choices-arrowsDuring the web development process, it is sometimes easy to lose sight of the ultimate goals of usability: conversions, and happy visitors. Developers, designers, and clients can all be sidetracked by minor features, small design changes, and general project hiccups; everyone is susceptible to losing perspective after being intimately involved in a project for a long period of time.

Usability testing can be the tool that brings focus to a project, and gives everyone involved an unbiased, outside perspective on how a finished website will actually be used by web visitors. Despite their value, usability tests are often overlooked. Some teams have never facilitated a test, some teams believe their projects are too small, and some teams believe the time and cost involved in testing is too high. The good news is, a usability test doesn’t have to cost a lot of money or time, can be done for any size project, and can be quite easily administered by anyone.

The simple concept behind a usability test is to bring in test subjects who fit the target demographic of the web project, allow them to use the website naturally (hopefully as they would at home) and record/observe their actions and thoughts during the process. This provides clear feedback for the team about how the site will be used by visitors, what problems people run into, what functions are intuitive (or frustrating), and what changes need to be made, if any. Making a recording of the test allows for careful study of the website interaction and resulting feedback by everyone on the development team.

A usability test doesn’t need to be an overwhelming production – at minimum a test can be conducted with one test subject, a computer workstation, a microphone, and a well written usability test script used to guide you through the interview and stay on point. Using screen capture software and a microphone, you will be able to record the conversation between the test facilitator and the subject, the subject’s thoughts, and their actions on the screen during the test.

usability-woman-at-computerThe most important part of a usability test is the facilitation. A well prepared script allows the facilitator to clearly explain the idea behind the usability test, and the importance of free-flowing, vocalized thoughts, and natural web surfing patterns from the subject. It also allows for a fun and low-pressure environment, to help elicit a good deal of natural feedback from the subject. The script should explain to the subject that they are being recorded, and that the recording will help the development team evaluate the site’s usability. It is also useful to gather basic information about the subject, and allow them to ask questions.

After introducing the idea and setting the tone for the test, it is important to have at least one task for the subject to complete, to initially direct their actions, but don’t be afraid to tailor the task to something they are naturally interested in trying. You may have a series of tasks for the subject to complete, in order to test a variety of functions on your website. Make sure to interact with your subject, in order to keep them thinking out loud. If your subject seems stuck, remind them to surf as naturally as possible, and remember to ask questions that keep them thinking like, “What part of this page initially draws your attention?” and, “What elements on this page are you tempted to interact with?”.

If done right, usability testing can be inexpensive, fun, and eye-opening. Usability tests are the only true way to provide your development team with unbiased outside information about your website project. If you are a web developer or designer, I encourage you to gather the needed supplies, and try a usability test on your next web development project – you may be amazed at how much information can be gathered by watching someone use your site.

Google Excludes SEO & Web Companies from Local Results

local-search-man

'Dang it, I could have sworn I saw an SEO business around here somewhere!'

About a month ago we received a letter from Google congratulating us on the number of times Google users found our business listing between July 1 and September 30, 2009.

They said ‘Because you’re so popular, we’re enclosing a window decal that shows customers you’re a “Favorite Place on Google”.’

I know of at least two other local web design companies who received the same letter and decal. Google concluded the letter with ‘Congratulations on your popularity on Google. We look forward to providing you with more and better ways to grow your business.’

Well, we’re not a favorite place on Google anymore, because Google has decided to exclude SEO and web design/development local listings from the web results (see Google Maps forum thread).

Before exclusion our local listing averaged:

  • 894 impressions a month
  • with 77 click-throughs

Since exclusion we’ve averaged:

  • approx. 52 impressions a month
  • with just one click-through

If Google felt it appropriate to congratulate us on how popular we are with their users, which indicates the local interest in our services, why are they now ‘intentionally showing less local results for web design / SEO queries’?

An additional consequence of Google’s decision is that since helping businesses with their local business listings is one of the services we offer we can no longer use the ranking of our own local listing as an example of our capability and knowledge. In fact it’s possible that our potential customers may wonder whether we have a good understanding of how Google local listings work since we no longer appear in local searches.

Ultimately though, my main concern is that Google is arbitrarily filtering information with no convincing rational behind their decision. Do we really want to use Google Maps as our primary source of local business information if they can’t provide the same fair and balanced results that they supposedly do for their search product?

How Websites Work

A website is a collection of web pages, documents and multi-media files that are hosted (stored) on a server (computer) on the Internet. The server can be in your own town, in another part of the country or in another part of the world.

All of the public Internet servers throughout the world are interconnected. When a person goes online with their personal computer, they connect to the Internet and are then able to access all publicly available documents and files stored on the World Wide Web.

The location of a website and its files on the Internet is usually identified by a domain name.

When you type the domain name for a website (website address) into a browser address field, or click on a link to the website via a  search engine results page, you are requesting to view that page and the related files stored on the server at that location (the domain).

Your request is sent from your computer to the server of your Internet service provider, which then passes on your request. The request is passed through a series of interconnected servers until it gets to the ‘host’ server where the website files are stored.

The host server responds to your request by sending the content back to you along a similar path of Internet servers. You are then able to view the web page and related files via your web browser, e.g. FireFox or Internet Explorer.

website-diagram

Since these terms are somewhat abstract some people confuse their website ‘domain name’ with their website ‘hosting’. In my next post I will go into a bit more detail about what a domain name is, and how it relates to your website and hosting.

The World Wide Web (WWW)

The World Wide Web (WWW)Many people think that the  Web and the Internet are the same, but they are not. The Internet is the foundation the Web is built upon.

The Internet is a global network of interconnected computers. These interconnected computers are able to share data (information), however not all the data on the Internet is available via the Web. When you get online with your computer, you become part of the Internet, i.e. your computer becomes one of the interconnected computers on the Internet.

The World Wide Web is a system of interconnected servers (computers) that support specially formatted documents (web pages) that contain HTML (Hyper Text Markup Language), and hyperlinks. The key elements here are the markup of the documents and the linking within the text and graphics. When clicked upon, these links (hyperlinks) give a user immediate access to additional web pages and multi-media items such as image, video and audio files.

Software applications called ‘browsers’ enable us to access the information on the Web. Two of the most popular browsers are Internet Explorer (Microsoft), and FireFox (Mozilla). Other browsers commonly used are Safari (Apple), Opera and most recently, Chrome (Google).

It is the specially formatted documents, the linking within them, and the related files, all accessible via a browser, that make up the World Wide Web.

In a nutshell, without the Web the Internet would still exist, without the Internet the Web could not exist.

Stay tuned for our next post where I will talk about websites and how they work.

The Merits of the Mini-CMS

construction-worker-with-planIn today’s world of readily available, fully-featured, open source content management systems, it can be argued that every website should be built using a CMS (content management system). Many of our counterparts in the web development industry use Drupal, Joomla, or WordPress for their website builds. This is a formula that works well in many situations, and for many clients, but is WordPress the answer to every project?

We find that it is best to ask some key questions before planning a site build around a CMS software package:

  • Will a large portion of pages on the website be updated regularly?
  • Is the client comfortable making their own updates?
  • Will the client maintain the SEO work that has been implemented when they later edit the website?
  • Will sections of the site require customization and features that require special edits in the CMS back-end code?
  • Will the website benefit from options like a built in blog or widgets, or would they remain unutilized and end up being dead weight?

We have found that in a majority of situations, a full CMS package is overwhelming, and unnecessary for the project requirements. Often the client only wishes to regularly update one page out of 15 (e.g. a news page), and doesn’t need the extra overhead that a package like WordPress imposes. For example, if one page on a site is being updated every two weeks, should the client pay for the extra time it takes to install, setup, search optimize, and customize a CMS installation, just for this functionality? Additionally, using a CMS package requires occasional software updates, and can expose a website to security holes that wouldn’t otherwise be an issue.

As an alternative, we have had great success using a custom-coded “mini-CMS” implementation for many of our clients. Not only does a custom-coded CMS keep things simple, it eliminates exposure to widely known security exploits, keeps costs down, allows for easy implementation of special features, and allows for direct control of all search optimization efforts.

Often a mini-CMS is as easy as a MySQL database connected to a password-protected WYSIWYG editor, allowing the customer to edit a desired page without having to learn and navigate a CMS backend. We have also used other creative mini-CMS solutions quite regularly, for example, allowing the client to add images to an SEO-optimized image gallery or add entries to a company news page, etc.

Using these customized CMS solutions, we are able to implement functionality requests without having to rely on plugins and widgets that may only accomplish part of the desired result; instead we are custom coding features exactly as required.

Sometimes it is easier to keep web development projects simple and custom – and we often find that customers are happily surprised by how easy it is to add to and edit their content with a custom mini-CMS solution.

How To Twitter Primer

Getting Started

tweeties

Tweeties by Chris Wallace

  1. Sign-up for a Twitter account by clicking the ‘Sign Up Now’ button on the www.twitter.com home page.
  2. You’ll need to give them your full name, a username (that will become your Twitter name), your password and an email address.
  3. In your account settings, at the very least, add a ‘One Line Bio’ (160 characters), your location, and a unique picture so that others can learn a little bit about you when viewing your profile.

What to Tweet

  1. You can tweet something that you’re thinking about, have read about, are doing, have discovered, developed, blogged etc. Anything that you think is pertinent, topical, entertaining etc., and that you think your followers will find interesting too.
  2. You can retweet something someone else has said.
  3. You can reply to someone about something they’ve tweeted or that they’ve tweeted to you, i.e. have a conversation with someone.

How to Tweet

  1. You have 140 characters & spaces within which to write your tweet (like a text message). Typically Twitter users don’t use text message abbreviations to fit their tweet into the 140 character limit.
  2. You can retweet someone if you see a tweet of interest and want to share it with your followers, use rt: then put their Twitter name with the @ sign preceeding it, e.g. rt: @username ….  You can also use variations on this e.g. rt, RT, RT:, some people put (via @username) after the tweet they’ve retweeted.
  3. If you want to put a link into your tweet, you can use a service like bit.ly http://bit.ly/ that will shorten the URL (web address) of the link you want to share. That way you don’t use up too much of your 140 message limit.

Connecting with Others

  1. To reply to someone, whether or not they are following you, you can put the @ sign in front of their username at the beginning of your tweet. This is public, all of your followers can see your reply. You can read more about @ replies and mentions here: http://help.twitter.com/forums/10711/entries/14023
  2. If you are following someone and they are following you back, you can Direct Message them. You can either use the ‘Direct Message’ link in the right hand column of your Twitter page, click on the ‘Reply’ link which you’ll see if you hover over their tweet, or you can put d + username in the message box before your message. You can read more about Direct Messages here: http://help.twitter.com/forums/10711/entries/14606
  3. You can find people to follow by using the Twitter search box and searching on something you are interested in and checking the profiles of people who have tweeted on that topic. Also, you can check out who the people you are following follow, and who your followers follow.  Here are ‘9 Useful Sites for Finding People to Follow on Twitter’ – http://www.makeuseof.com/tag/9-useful-sites-for-finding-people-to-follow-on-twitter/

Some Ways to Twitter

  1. You can tweet via your account at www.twitter.com
  2. You can tweet from your cell phone, just send a txt message to Twitter at 40404. Go to account Settings > Mobile > Device Updates > On.
  3. You can download a Twitter application like TwitterFox or Tweetdeck to your computer.

Search Engine Ranking Tool – Check your keyword ranking in Google, Yahoo & Bing

Search Engine Man

We’re excited to share a search engine ranking tool we’ve recently created and have just added to CCSEO.com.

This tool uses the search APIs from Google, Bing, and Yahoo to find the rank of a specified domain URL (website addresses) in the search results for a given search query (keyword/search term).

For example, if we enter the search term “seo” and the domain “wikipedia.org” the search results show that Wikipedia ranks first in each of the three search engines for the keyword “seo”. (The number of results checked is limited to 50 listings, owing to parameters set by the search engine APIs.)

We allowed for domain URLs both with and without the www prefix, it checks for both regardless of what is entered in the domain field. This functionality can alert you to whether any of the search engines have a website’s pages indexed with and without the prefix. In which case if it’s your website, you can take steps to rectify the matter.

Search Engine Ranking Tool

Additionally, (if the website is listed for the search query you entered) the tool shows the complete URL (web page address) of the ranking page, and gives you a link to click through to the SERP (search engine results page) to see the listing live at that search engine. This gives you additional information about how the listing appears, and who the surrounding competitors are.

We welcome you to use this tool to help you research domain ranking for target search terms in your SEO strategy, and your competitors’.  We hope that you find the interface simple and usable.

If you have any feedback, thoughts or suggestions, please leave a comment!