Project Zero launched to help make a safer internet

Website malware distribution

Source: Google Security

Does your website have some protection against hackers or is it a sitting duck?
Just so we all understand how caustic is the internet can be, especially for unprotected websites, be aware of that:

Google has 12 to 14 million search queries per day with warnings flagging
that one of the websites in the search results were compromised.

To Google’s credit they have announced the launch of Project Zero  – a research commitment to find, investigate and report vulnerabilities etc. ultimately make the internet a safer environment.

I was surprised to see this chart in Barry Swart’s article showing the dramatic increase in ‘attack websites’ ie sites with nasty software that try to load malware onto your system when you visit them.  I imagine that many of these sites have been quietly infected with the owners blissfully unaware that their visitors (ie prospective clients) are at risk of being attacked by the website.

Its a bit like standing at the door of your showroom with a loaded shotgun… Do you think you might scare off a few prospective clients ?

Typically website owners don’t even know that their website has been hacked until either:

google-harm-your-computer

  • Google puts up a search result warning or
  • A client complains that their firewall software wont let them visit the site

Sadly often I’ve had to resort to restoring the website from a backup to remove a hack and get the site operational again, so make sure your website is backed up regularly too, otherwise no-one will be able to resource your site.

Succinct Ideas also offers ‘hacker resistant’ hosting and regular backups under our Website Concierge brand principally for WordPress sites – because they are most at risk.

New ‘Google My Business’ helps businesses ‘Get on Google’

Google My BusinessThere’s been a lot of recent changes in Google Places/Google Local Business lately, and the release of Google My Business brings it all together neatly. Google My Business is a unifying dashboard that  makes it “easier than ever to update business information across Google Search, Maps and Google+.” 

This is very important to small business because it provides localised, free exposure to your local clients.
Make sure you are presenting your business online as thoughtfully as you do your offline presence(s)

There’s even a cheesy US-centric video to introduce it…

Mobile Advertising is ramping up

Mobile advertising is increasing at a blinding rate, reflecting the dramatic increase in use of mobile internet devices to research and buy online.  eMarketer’s report says mobile advertising will be around $17.73 billion in 2014  so we should be considering how to leverage this massively increasing market going forward.

Yes the advertising spend is enormous, and notably Google is loosing marketing share (although not revenues as Greg Sterling adeptly points outs) because:

Google rules the desktop
On the desktop Google is the gate-keeper between you and the info you seek. If you want to find something you use a search engine, and most people use Google.

Apps rules mobiles
On a mobile, info is directly delivered to you typically by apps, effectively bypassing Google.

Advertising on  mobiles

So how do you get your advertising message onto mobile devices? App embedded Google AdWords of course!
The advertising that free apps usually display is often sourced from Google Adwords via its Display Network

As an advertiser the same rules apply: you can target adverts by geographical regions, demographics etc but they are mainly image ads.
The click prices on mobiles are currently slightly lower than Desktops – although Im sure that will change with increasing competition. 😉

Your next sales lead could come from a prospect who was using a mobile app and saw your ad, rather than a Google search…

European Courts take on Google re Privacy… Again.

The European Courts have taken on Google once again on the issue of privacy, this time on removing historical content if requested.While Europe does have its quirks – Eurovision a case in point 😉 – I have to admire their commitment to standing up global organisations like Google on behalf of their residents.

Even so, I’m a little confused about why Google became involved.
The case started with an unfortunate Spanish man who was trying to eradicate a 16-year-old newspaper article reporting his real estate debt, but the newspaper refused to remove the content.

Google does provide content removal in WebMasters Tools which would enable the newspaper from to remove the unwanted pages from Google, so I think it was the newspaper who was at fault, not Google ? Maybe they didn’t realise they could remove content, or maybe it’s just another European quirk…

Either way hats off to the European Courts for continuing to supporting their people!
Here’s how Bloomberg reports the issue:

Search Engine Land mentions the new Californian ‘eraser law‘, allowing individuals to have their “youthful indiscretions” (occurring before age 18) deleted or removed from the internet.

It sounds like an emerging online privacy revolution and that’s not a bad thing at all!
Ahhh wouldn’t it be great if we had a Government that wasn’t afraid of taking on multinationals to defend its people.
Imagine what more Australia could achieve…

Is your Business or Phone at risk from the Heartbleed Bug?

Heartbleed logoRecently my wife announced that the  ‘internet had been hacked’.  She had been watching the TV News which featured a story about the ‘HeartBleed’ bug and in true popular media style,  the story was blown out of proportion… Or was it?

What is the Heartbleed Bug?

Its technical so hold onto your hat and I’ll do my best to de-geek it. Heartbleed relates to Open SSL (Secure Socket Layer protocol)  SSL is used for internet connections that need to be secure; say between your PC and your online banking service, or providing credit card details when shopping online. SSL encrypts and so protects the information you pass back and forth ‘on the wire’ from unscrupulous eyes. Open SSL is an Open Source implementation of SSL.

The Open SSL Heartbeat Extension maintains encrypted connections with a communication ‘heartbeat’ . The Heartbleed bug stems from a software glitch in the Heartbeat Extension that unfortunately exposes some memory on each ‘heartbeat’ – hence the name ‘heartbleed’.  That piece of memory could be examined for unencrypted information like userids, passwords etc, and then more memory for each subsequent heartbeat.

How does that impact your website?

If your site uses SSL (e.g. for ecommerce etc) via Open SSL you may be exposing your clients to the risk of having their userids, passwords and other secure information they’ve entered stolen.

Your Android phone/tablet might be at risk too

It is possible for a malicious server to use a “reverse Heartbleed” attach to gain access to the client memory (ie for usernames and passwords. Notably Google has confirmed that Android version 4.1.1 (Jelly Bean) has the Heartbleed bug – this affects approximately 50 million Android devices. 

This YouTube video shows how Heartbleed can be used to silently hack into your Facebook and other online services on your Android:

How is Heartbleed fixed ?

There is a web server patch available, but even I’ve discovered several commercial web hosting servers that are still not updated. Jelly Bean Android’s are still exposed at this stage…

Takeaways:

 References:

Why you should keep your WordPress website updated

Wordpress is a hacker target

WordPress is a hacker target

WordPress is a fabulously convenient and functional blogging platform, but it is very important to understand that it is not a set and forget system. Updating the core WordPress system and other software modules in your site is key to minimising your site’s exposure to being hacked.

WordPress is popular…

WordPress is used widely for building websites – Wikipedia says it is used by more than 18.9% of the top 10 million websites as of August 2013 and there is no doubt the number is growing – but WordPress is also an easy target for hackers, especially if it has not been updated. 

It’s complex….

Despite its apparent simplicity, WordPress has evolved into a sophisticated system. In addition to the core WordPress software, maybe 10 plugins and a theme, your website becomes a complex software environment – with lots of scope for hackers to find exploits and then gain access to, or to compromise your site.

It’s open source…

Part of WordPress’ appeal is that its ‘free’  – it is ‘Open Source’ software put together by a committed team of enthusiasts, but that also means the internal workings are publicly accessible for all including hackers to review and explore. When new updates are published, exploits addressed in that update can be traced. So it is possible to quickly find out how to compromise certain versions of WordPress, a plugin or a theme. Hackers load this information into their scanning software and go hunting for potential victims…

Trusting your neighbours…

Often hackers use exploits to gain access to the web server via another website, then they go from account to account inside the web server.
Some web servers contain 100’s of co-located websites, so there’s an increased chance that one of the sites is exposed to hackers and so leaving your site exposed as well.

So you not only have to keep your site up to date, but all of the websites in your ‘neighbourhood’ also need to be kept up to date too for optimal hacker protection.

BTW You have no friends if you get hacked…

Succinct Ideas have developed a reputation for de-hacking WordPress, so I get quite a few calls from desperate website owners. My experience is that Web Hosts are unlikely to assist other than blasting your site away and restoring from your backup. Backup ?! You keep a library of recent off-line backups of your site. Right !? If you haven’t got a recent off-line backup then you’re in a real pickle.

Often website owners rely on their web developer who may not necessarily have skills in this area or maybe they don’t have a website maintenance provider.
If that’s you, you may be interested in our Website Concierge Service

If you have a hacked WordPress site then by all means contact us.
Please note that the amount we can assist you depends on access to a recent backup.

Updates aren’t always easy

Some tips for young players on updates who might think WordPress updates are trivial:

  • Sometimes an update will break your site.
    Occasionally an update will not be compatible with other systems in your site and may break the site.
    Plugins usually provide compatibility information, but theme updates can be problematic.
    I find the best approach is to review the update(s) and their support information; do a site backup; then run the update(s) and check the site for correct operation.
    90% of the time you’ll be fine. On the other occasions be prepared to restore the backup, refer to your website maintenance people and/or generally panic 😉
  • When to do updates
    WordPress will automatically change into maintenance mode while the update is running. Visitors to your site will see a message that the site is down for maintenance, please come back later.
    As some people may not come back later, I’d suggest carefully plan WHEN you run the updates. Don’t run updates during the site’s peak activity hours – typically between 10am – 4pm
    If your update crashes (it happens) the site will stay in maintenance mode – so it’s effectively offline – and can stay that way for days until someone notices.
  • Updating Premium Plugins and Themes
    There’s lot a excellent premium plugins and themes available to make your site look fabulous or give it amazing functionality.
    These may require manual update downloads, requiring a password or other proof of your entitlement to the premium license and so will not update through the normal WordPress update system.
    Check with your web dev if they have used a premium theme or plugin and clarify the update procedure with them.
    Of course ensure you have access to the premium licence serial number.
  • Automatic Updates aren’t always automatic
    WordPress 3.7  introduced automatic updates for WordPress core software. Notably it doesn’t include plugin and theme updates, so its important to continue to monitor your site’s update status.
    Sometimes the automatic updates won’t run properly because for example it ran out of disk space, or encountered permissions conflicts on the web server etc
    Automatic Updates will send a confirmation email to the site’s admin email address to let you know the update completed, or if it didnt what happened
    If you aren’t receiving these emails check with your web dev.

WordPress Update Takeaways:

  • WordPress Updates Outstanding

    WordPress Updates Outstanding

    Check if your WordPress site is up to date:
    Login into your WordPress site’s Dashboard and check the Updates section under Dashboard | Updates
    The number of outstanding updates is shown next to the menu in a red circle and they are listed on the updates page.

  • Who is receiving your WordPress Admin notices?
    There are a range of important (and some less important 😉 notices that WordPress emails to the admin email address.
    Login into your Dashboard and go to Settings | General to check where these notices are currently being sent.
    Ensure that the email address is checked regularly and the recipient understands that there maybe important messages coming through.
  • Find your web server neighbours:
    Use a Reverse IP website to find the co-located websites on the same IP.
    NB This is not a complete list as web server likely has multiple IP addresses as well.
    If there’s some dubious looking co-located sites you might want to discuss this with your web host, perhaps even ask to be moved to a more secure server.
    If they aren’t prepared to help you then contact us to see if we can help out with our Website Concierge Service

 

SEO vs SEM Budgets

My candidate for Thought of the Week is this quote from Warren Lee in his post on SEO Strategies in 2014

Prioritizing SEO & Paid Search Integration

It never ceases to fascinate me that, in general, although organic marketing drives 90% of traffic and paid efforts drive less than 10%, no matter where you go, organic marketing remains heavily under-invested compared with paid marketing activities.

No comment needed from me…

 

Now Adwords is going Dark too…

Business website owners who closely monitor their site’s performance are painfully aware that Google has been increasingly masking the searches visitors used to find your site. In a further development Google announced yesterday they are now applying search term masking to AdWords as well.

I’m steeling myself to not fall into a rant about Google controlling the internet for their own COMMERCIAL PURPOSES and will now CALMLY describe how this might impact your Adwords campaigns…

How AdWords search terms are used currently

Adwords matches your declared target terms to as many searches as possible (keyword matching syntax will influence this**), so lets say I wanted my ads to be shown to folks searching for Internet Marketing Adelaide. Adwords may match and show my ads to searches like:

  • cheap marketing ($8.25 a click)
  • seo adelaide ( $43.29 a click!)
  • marketing courses ($ $15.08)

I wouldn’t want to pay for the clicks for cheap marketing or marketing courses because they don’t relate to my business, but unless you can see the actual searches (usually via the AdWords Search Term Report) and negative these terms out of your campaign you would be blithely unaware and simply pay more money to Google for even more clicks hoping to get some real sales leads…

 ** An astute Adwords operator will use Keyword Matching to reduce the probability of this sample of mis-matching – but even after thoroughly doing this, you still can’t be certain what other mis-matches Adwords will make to reduce the effectiveness (read ROI) of your campaign unless you know what the punters ACTUALLY searched for. At that point you need to make a business decision about whether the matched search is sales-relevant and then use negative keyword(s) to eliminate that search from re-occurring in the future.

Where do we go from here ?

The critical thing with Adwords tuning is eliminating mis-matched keywords to get the best possible outcomes (ie conversions)
It’s really easy to waste heaps of clicks (ie your $$$) on terms that are close to, but are not, sales lead generators.

I think Google is in a really compromising situation here and needs to demonstrate clearly that they are not trying to rip us off, because it looks like Google has chosen to mask data that helps reduce your advertising spend with them…

Diagnosing poor website performance

Why should your website load quickly ?

  • A slow website can impact your Google rankings.
  • A website that is down is also at risk of loosing rankings too
  • Visitors get sick of waiting for pages to load so abandon you and go to your competitors

All very good reasons to have a site that loads consistently fast.

If you think your business website is displaying sluggishly, here’s a few tips on how to diagnose it:

Slow at times

Your web servers might be overloaded at peak times during the day, typically around 10am and 12 midday but this is specific to your industry. Servers can also bog down when they are running backups. Backups are necessary but not if they loose you sales!

Slow Pages

Just a few pages slow? Check for over-sized images on the page, or services loaded on that page that may be dependent on other sites – eg a Social Media plugin etc

Generally just slow

If your site seems slow across all pages, check it using a performance tool.We use GT Metrix website performance testing as it provides a detailed breakdown of page load related issues. Here’s a couple of examples of Performance Summary from GT Metrix:

GT Metrix website Performance Summary gt metrix good

Unfortunately rectifying some performance issues can be very technical indeed.  If the issues are buried inside your website’s CMS then there will be little you can do about it. Contact us if you encounter an issue you can’t resolve.

Coding Bugs

There is a double SEO whammy if your site has coding errors.

  1. Google considers defects as a poor user experience and there is a real risk of you loosing some ranking as a result.
  2. Often coding defects cause the page to take loader to load.

Cheap hosting costs you more than you think!

Be aware that some Content Management Systems (CMS) need more than just your cheap or average web hosting package to perform well.

Providers of low cost hosting work on a commercial model of having lots of sites all on the one server – a thousand sites on one server is not uncommon in these situations. While these hosting packages they might be OK for a flat HTML site, when loaded with multiple WordPress sites there’s a problem especially at peak times which is when you need you site operating snappily to generate sales or sales leads.

The performance problems also stem from the increased use of CMS based websites (WordPress is now used in 21.8% of sites), so even your flat HTML site might be impacted because of all your CMS neighbours on your shared web server – this will load its overall performance considerably.

You might pay 10’s of time over in lost sales for the few dollar you save on cheap hosting…

Find out:

Some of this information was sourced from Zoho Site24x7 website monitoring service which we use for Website Concierge Business and Premium websites’ performance and outages alerts.

 

Its harder than ever to promote your business using Facebook.

There’s a couple of forces at work to make it even harder for your business to get visibility in Facebook.

Facebook is getting ‘noisier’

Marketing Land recently quoted Will Cathcart, Facebook’s News Feed Director of Product Management: The number of Pages Liked by the average Facebook user has increased by more than 50% in the last year.

This means the average Facebook user is seeing more stuff (‘noise’ if you like) in their news feed. That in turn means you have to up the ante to get visibility in your clients news feeds, but of course you also run the risk of spamming and being un-liked or ignored. This is not new in SEO circles either, because as online competition has ramped up over recent times, so has the ‘authority’ needed to return a commercially viable ranking outcome has also increased.

News Feed ‘Filtering’

Back to Facebook, and why its getting tougher for you as a business to get coverage in news feeds, it might also be because Facebook has been tweaking their feed filter algorithms to reduce feed ‘noise’ – that means your ‘advertorial’ post gets filtered. This data from Edge Rank Check supports this, showing ‘Organic Reach’ per Fan in decline over the last two years.

facebook organic reach per fan

Read the Edge Rank Checker article here

Where’s it all going?

Finally read Eat24’s (a US food delivery service) very public spit at Facebook and its threats to delete its business page with 70,000 likes.
Looks like Facebook and Google are both pushing to re-aligning their ‘traditional free services, to get more profits through advertising.