Speculation is rife that Penguin 4 will rollout any day now…
Read more on removing unnatural backlinks
Read more on removing unnatural backlinks
I’ve gained a new SuperPower – I can see hackers attempting to break into websites. No I wasn’t bitten by a radioactive spider or zapped by an alien – all I had to do was install the WordFence plugin for WordPress.
…and now that I see the enormous amount of hacker activity, it’s frightening!
WordFence has revealed that my client’s sites are being peppered almost continuously from would-be hackers across the globe, and the chances are, so is your website.
Here’s just a couple of the hack strategies being used to break into sites based on the Wordfence firewall reporting:
Attempts to guess a userid and password and log into the site. Some hackers have managed to lock onto a login ID’s and now are trying 1,000’s of different password combinations to break into the site.
The lesson here is to:
The lesson here is to:
Keep in mind that this activity is not from a person furiously typing at their keyboard, but from 100’s or even 1000’s of disassociated people who purchased and are operating hacking software. The software runs day and night, loaded with all known exploits – once it breaks into your site, who know what will happen.
The frightening adjunct to this story is that WordFence can only sees the ‘public facing’ hack attacks to your website. As previously reported hackers are also targeting other entry points such as your web hosting account eg smtp (email) ssh (host console) and more.
If your web host is not actively managing the security of these systems your business web site is at risk of being hacked/vandalised/defaced or worse, visitors to your site unknowingly getting a computer virus infection.
Online Marketing is the discipline of connecting a business with their prospective clients using the online medium.
Principally this involves
SEO is the process of making a website appear in Google searches. To achieve the Google ranking, the internet marketer undergoes a series actions:
Google claims over 200 factors influence the rank results for one of their searches. Google wants their users (ie people using Google) to have a good end user experience. If you site doesn’t give users this, it will not appear in searches as much as a site that does.
Google issue example – Mobile ranking
Mobile ranking is a recent example of this. Google will ‘de-rank’ a site in searches on a mobile phone if that sites isn’t ‘mobile friendly’.
Google ‘mobile usability tests‘ can be used to determine if a site is mobile friendly or not. If pages in your site fails Google ‘mobile usability assessment’ they are likely to rank less than otherwise.
This discovery process lets you find out what words your clients are using when they are searching for your products and services. Fortunately Google provides access to this information with it’s Keyword Planner tool. Here’s a simple guide for using this tool and a strategy document to help you find the best keywords.
Targeting your site ensures Google will use it in for the searches that you now know are used by prospective clients. This process involves integrating your target keywords into the website using strategies covered in this keyword white paper.
Online advertising in Adelaide has evolved from simple Adwords campaigns to sophisticated multi-channel online marketing
Adwords has evolved from simple search based campaigns to now offering
Display Network advertising – image, animation and video advertising across a diverse range of on-topic websites
Remarketing – Show ads to recent website visitors to remind them of your brand or offer
Facebook has now joined the online advertising fray with a model that is rapidly maturing. Facebook can tightly target ads using profile data.
A recent entrant into online advertising, LinkedIn advertising has the ability to highly targeted business professionals
Not actively maintaining your WordPress site? That lackadaisical approach may have lead to the Mossack Fonsec breach.
What damage could a hacking incident could bring to your business…?
The widely publicized Mossack Fonsec data breach has exposed sensitive information for high profile clients with catastrophic consequences for Mossack Fonsec and their clients.
WordFence’s investigation of this high profile hacking has identified an ‘innocent’ out of date WordPress slideshow plugin was the point of entry (ie the ‘exploit’) hackers used to gain access to Mossack Fonsec’s computer system. From here the hackers also hacked into the organisation’s email server and so to 4.8 Million emails.
Closer to home, this week my PC’s personal firewall alert ‘lit up’ when reviewing a website. It turns out that a ‘Mass Injection’ ‘trojan’ in another website linked to the site I was reviewing tried to compromise my PC. Wow! I didn’t even visit the remote site and it was attacking my PC! Thankfully I had a good personal firewall installed. The client representative didn’t…
I immediately advised the client representative, but got a rather complacent response to my recommendation to immediately shutdown their website.
I was concerned about protect other website visitors from potentially having their PCs hacked, and also protecting the client’s liability in case this happened. Prospective clients visiting your website might remember your business if you crash their PCs, but will they do business with you anyway? – Maybe not…
With hack attacks on the increase including ‘ransomware’ – where you have to pay to unlock your hacked computers or file servers – now is the time to take action to review your business exposure, should you loose your computer systems, file and email server or even your website.
Consider your liability should your computer systems or website spread virus/trojans. Infecting your client’s computer network may not be good for the ongoing business relationship… You could even end up in a litigious situation.
Succinct Ideas provides high performance, ‘hack hardened’ website hosting and website maintenance services to help avoid embarrassing and potentially commercially disastrous situations like Mossack Fonsec data breach.
Contact me to find out more.
Wouldn’t it be nice to have so much income that I’d consider offshore tax ‘shelters’… Hmm. If Ive got that much money do I have to rip off the tax system to get even more?
Most hackers or hack attempts seem to be digital vandals. But then this hack target are tax cheats… Who is doing wrong? Maybe there’s a well-meaning ‘Robin Hood’ hacker out there exposing unjust activities. If there are, they are certainly the minority amongst hackers.
Its notable that Mossack Fonsec’s tax evasion strategies operate globally and it seems their business model was known to governments and tax enforcement agencies around the world. Immoral but legal…
If the same level of zeal was applied in policing these schemes as is used in scrutinising small business and individuals, wouldn’t the tax burden surely be eased for everybody? I was stunned to see recently circulated data on how little (some) corporations contribute to the local tax…
Wouldn’t the increase in tax funds from solving this issue take pressure off our political masters? Couldn’t they then concentrate on ‘real issues’ rather than the ongoing political pantomimes about finding budget for essential services?
It seems I’m just another dumb small business owner and don’t understand…
In October I wrote about Accelerated Mobile Pages (AMP) an initiative to dramatically improve website load times for mobile devices and hinted at its likely impact on mobile ranking as Google was one the players. AMP has arrived.
Google Search Console (previously ‘WebMasters Tools’) has released a new section under Search Appearance dedicated to AMP diagnostics.
My strong suggestion is that as Google’s SEO toolset now has these AMP settings, AMP is no longer some fluffy geek concept, but in fact should be seriously considered to maintain or improve your business website’s mobile ranking in Google going forward.
There’s very few market segments where mobile is not critical to online sales and for a while now Google ranks mobile searches and desktop searches independently. So if your marketplace uses mobiles when searching, then ideally your business site should maximise its mobile ranking to be seen by prospective clients.
Of course you could just throw money into online advertising to compensate for your website’s poor organic position too….
Google has made it abundantly clear that fast is good so expect to see AMP compatible mobile searches to float to the top of search results and non-mobile compatible, and non-AMP sites disappear into the ranking depths.
If your website, like the vast majority of websites today, uses WordPress implementing AMP may not as painful nor as expensive as you might think.
The folks from WordPress were part of the project that created the AMP standard and there’s already some early plugins and themes to ‘AMP up your site’.
Clearly there are limitations at this early stage, and the Automattic AMP plugin currently only processes posts – not pages. I’ll continue fiddling and report any relevant things here.
Well I wouldn’t wait for my competitors to get their sites AMP’d that’s for sure. Speak to your web developer about what’s involved to implement AMP for your website. If they aren’t sure, I’m happy to speak to you or them to help out.
Accelerated Mobile Pages (AMP) is an initiative to improve page load times for mobile devices.
Page load times are a key requirement on mobile devices where connection speeds vary with access to signal. Page load speed is also a Google ranking factor.
It seems inevitable that Google – one of the AMP initiative partners – will provide ranking preference to AMP compliant pages either on the basis of:
So as a business owner interested in attracting mobile visitors, the evolvement of AMP is something you and your web developer should keep a very close eye on. Early AMP adopters are likely to gain Google ranking advantages which will translate into business opportunities.
After the recent panic to ensure websites were ‘Mobile Compliant’ for Google’s underwhelming Mobilegeddon release in April, I can see there will be another round of web development frenzy to make sites AMP compliant to maintain or improve online commercial traction.
WordPress, the world’s most popular website system have announced they are supporting AMP. If AMP can be easily deployed in WordPress it will significantly strengthen WordPress’ CMS domination.
Paying good money to Google to show ads to attract prospective clients? Then it’s definitely worthwhile investing a couple of minutes to understand how Adwords Ad Extensions can attract more leads for you and your business.
Ad Extensions are small snippets of additional information added to your ads to encourage punters to click your Ad rather than a competitor’s. Here’s a brief video overview on Ad extensions:
Now you know more about Ad Extensions, this video shows you how to find out how well they are performing.
Cant see any Ad Extension data ? rush out and set them up now
Or maybe your Adwords Service Provider hasnt set them up for you!
Get them to do it now! Alternatively give me a call and Ill do it for you.
Even the best of us can trip up occasionally – even techos!
A technical associate was recently deceived by a phishing email and ended up handing over his hosting details.
These devious emails look like the real thing to try to steal information from you like credit card details etc., but on this occasional BlueHost account details. See the email below – it looks real doesn’t it ?
To quick way of exposing many phishing emails is to carefully review the link to see if it actually goes where it appears to.
While the link above appears to be from BlueHost if you hover your mouse over the link, in this example the link actually goes to my-taid.ru (a Russian domain)
I picked up a new project recently and was shocked and appalled to become embroiled in an ‘SEO Sabotage’ conducted by the previous SEO service provider – clearly an organisation with no professional ethics.
The client’s site was blocked from Google and instantly plummeted out of ranking. Site Users were deleted and worse a hacked file was installed into the site. With Simon Perrin’s valuable assistance we discovered code buried in the site that enabled the SEO service provider to remotely control the site’s Google performance as they pleased.
It all started shortly after commencing a new SEO project when my WordPress user ID suddenly disappeared. I restored access using the client’s hosting details to access the MySQL database. Then a horror story of blatant sabotage started to unfold.
Simple History – an activity logger plugin I had fortunately installed captured a activity log reflecting a frightening story of professional deceit. Someone located in Melbourne accessed the site; deleted all other users then installed WP-FileManager then 24 minutes later deactivated it.
My concern about what happened in that 24 minutes was vindicated when I found the site spirally out of ranking.
The original robots.txt had been overwritten with one configured to ‘block all’ crawlers – ie remove the site from Google. On further investigation I found two robots noindex metatags buried in the site’s code which did the same thing. Someone was serious about killing this site!
Remote control on the Site’s SEO performance
One blocking meta tag was removed from the site’s header template but I had to resort to expert WordPress help from Simon over at Duografiks to locate the second meta tag – This was very concerning as the meta tag was controlled remotely from a non-public area in the SEO service providers website; i.e. the SEO Service Provider could turn the site’s Google performance on and off remotely as they wished – I wonder how many other client sites they remote control like this ?
I’m still trying to come to terms with the ethics of a business that would do this. A debt management strategy perhaps? My new client claims he didn’t owe money.
Nobody wants the get tangled up in these situations, but clearly they do happen so what should you do to manage risk in these situations ?
Keep up-to-date off-line backups of your website – my personal favourite is BackWpUp a free backup plugin for WordPress. It allows backups to be automatically pushed out to DropBox which will in turn copy the backups onto your local PC. Importantly BackWPUp copies WordPress files as well as the database.
Simple History helped me identify what this person did, including time and date, activity and even IP and network details – somewhat naively the hacker used a fixed Telstra IP address in Melbourne – easily identifiable to authorities should my client decide to escalate the matter. Keeping track on what people are doing in your site is important.
Its abundantly clear this hack originated from the previous SEO Service Provider – there’s multiple layers of evidence including a direct tie to their website, but maybe this action was a disenchanted staff member and hopefully not company policy…
You’d hope its not a strategy they use to snare or blackmail clients – go else where and your ranking will fall – the embedded code to remote control Google ranking concerns me greatly….
Either way it’s a disappointing comment on my SEO industry. Client experiences reported to me suggest the SEO/SEM industry is increasingly plagued by dubious operators – local and off-shore.
Now we see evidence of blatantly unprofessional activity from an Australian multi-state SEO company. I’m very disappointed!