Web Savvy Marketers

Announcing New Web Services Provider

Web Savvy Marketers is excited to announce that we have partnered with Jonesen to provide you a whole new level of web hosting, web design, security, and development services.

Web Savvy Marketers partners with Jonesen for web services

We recently transitioned our focus from web design, development, and hosting to Marketing, specifically: copywriting, blogging, SEO, and PR.  Since then, we decided to partner with Jonesen to ensure you were given the best care possible going forward, and to allow us the ability to focus our full efforts on our Marketing services.

Jonesen is a web agency with over 15 years of experience delivering creative solutions to clients coast to coast. We have been working together behind the scenes to ensure that this will be a step up in service and security for your business.

Here’s what to expect next:

  1. First rate service from the Jonesen team
  2. Over the next few weeks, the Jonesen team will be evaluating your websites and reaching out to go over your plans for the future and how they can assist with getting you there
  3. Future invoices for website services will be generated by Jonesen and all future payments should be routed to them as well

If you have any questions please feel free to reach out to either us or Charles Elliott at Jonesen. Existing web hosting customers have been sent an email with contact information for Charles. Please contact us if you have not received the email or if you need us to resend the contact information.

The Need for Speed. How to check your website to see if it needs a speed tune-up.

Web Traffic SpeedometerWhen you drive a high-performance vehicle and step on the gas you can feel the acceleration. Quick acceleration makes it easy to merge onto a fast-moving freeway safely or outrun a high-speed chase (just kidding – we’re not recommending anything illegal in this blog post).

Just as it’s important to have a fast, responsive automobile on the highway to have the best driving experience, it’s also important to have a fast, responsive website on the internet if you want optimum user experience for your website visitors.

Why is website speed important?

  1. It will make your visitors happy and more likely to buy from you. Slow websites equal frustrated visitors who leave and go check out your competitors’ websites.
  2. It may improve your website rank on search engines and that will provide greater opportunity for more people to get to your zippy, refreshingly speedy website.

How do you know if your website is fast?

There are numerous free tools online that can measure the speed of your website. Here’s a few to get you started:

There are more. You could test all day long. But the important thing to do is to run a few tests and see where your weaknesses lie. Common problems that might be slowing you down are:

  1. Slow server response time
  2. Images need resizing/optimization
  3. Eliminate render-blocking JavaScript and CSS in above-the -fold content
  4. Leverage browser caching
  5. Minify CSS

So NOW WHAT?

There can be a lot of technical information to comprehend in the reports. The good news is that the reports provide you with links on how to fix the problems. But even with that it can be overwhelming for the average website owner to understand the problems and make the corrections.

Just like most people take their cars to a shop for a regular tune-up, it’s a good idea to have your website tuned up on a regular basis too. So whether you’re the kind of person who changes their own oil or you prefer to drop it off at the shop, it makes sense to run a few reports to check out your score and either make some of the improvements on your own, or give your website maintenance team a call to see what they can do to help you out.

Feel the love, speed and SEO all swirled together.  

Website Security You Didn’t Know You Needed

passwordwordcloud

You’re a small business and you can’t really afford to pay big bucks for website security. Besides, who’s going to bother hacking your site when there’s big businesses to mess with?

We covered seven fallacies to website security in the last post, beginning with having a false sense of security simply because you’re a small- or medium-sized business. This actually makes you a prime target because hackers know small companies don’t have the same resources available for protecting their business online. The good news is there are some great free and low cost options to keeping your website safe.

Get A Website Security Plugin

If you don’t already have Wordfence, you’re one plugin download away from an improved security firewall and malware scanner, its two core security capabilities. Wordfence scans for any new malware and provides new firewall rules to protect against attacks, using real-time data for paid premium accounts and a thirty-day delay in updates for all free versions.

The forensic detection work is ongoing so the latest malware threats are constantly being optimized. If you’re a free Wordfence customer, your site is currently getting 364 free malware scan signatures, with another 118 in the signature line-up to be added. Last month alone nearly 140,000 websites were found infected with malware. Don’t wait to be one of them. Get your site secured with a reputable plugin, or ask your web hosting provider for help with one of their security services.

Give Up Your Username, Your Password, and Your False Sense of Security

When it comes to site security, the point of entry that serves as an easy break-in is your site’s front door. If you’re using a username that includes admin or administrator, or the name of a site author or contributor, you’re making it too easy for a hacker to determine exactly half of your front door’s access information.

Follow this post on How To Change Your WordPress Username using Cpanel to secure the front half of your website’s entry portal. The other half involves changing your password to something that doesn’t fall into the most commonly used or worst password list .

Don’t let weak passwords allow hackers access to your website. Strengthen your passwords by changing them occasionally, using password strengthening tools like Strong Password Generator or Norton Password Generator, storing them in password managers, and forcing other WordPress users on your site to use better passwords with the Force Strong Passwords plugin.

Your Biggest Source of Security Trouble Is An Update Away

Check WordPress.org to see the last update of your plugins and delete or replace the ones that you’re no longer using and those that haven’t been updated in the last year or so. While you’re there, also check the plugin’s rating and how many people have contributed to the rating. The more people who use it and like it, the more likely it will be safe to use.

Finally, look to see if it’s compatible with the current version of WordPress. If a plugin has its own website, there’s a better chance it is being well maintained. Once you’ve done the basics of plugin selection criteria, your main concern is to keep all plugins updated. Never download a plugin unless it’s from the  official WordPress plugin directory.

Clever SEO Tactics That Land You In Google Time-Out

Honest mistakes made in an effort to improve your search engine ratings and boost traffic are still that—mistakes. You need to know what you shouldn’t do to boost SEO or Google will blacklist you. Blacklisting is like getting the monopoly “go to jail” card, and no one comes to visit.

Buying Links or Linking to Spam

This is going to lead to unnatural, spammy linking because most of these offers for paid links are from disreputable sites and social media accounts. Even if they promise you first page ranking, because eventually you’ll be totally unranked, and it’s not worth it.

Always check before you link to another page. If it’s a malicious webpage, it’s only a matter of time before your site could be infected with malware or Google blacklists you for the link. You don’t want Google to ever discover you’re linked to any of these malicious cyber spaces.

Broken Links

This might not land you on the blacklist, but it’s definitely going to hurt your SEO. If you have a page with several broken links, Google is less likely to see it as updated and a page without any broken links will easily outrank yours.

Yet broken links are a dime a dozen. Sites move, go out of business, undergo remodeling, and once intact links are no longer viable. So what do you do? Spend hours going through hundreds of pages checking?

Who has time for that? Go straight to Google Webmaster Tools (and make an account if you don’t already have one) and fix any broken links that it gives you.

Copyright Offense

Violating copyright is not only unethical. It’s a big Google no-no. This will send you right off the Google radar and into a black hole of oblivion. You’ll eventually get caught and lose your ranking. 

Keyword Stuffing and Masking

Whether it’s irrelevant keywords or hidden text or links, Google is very clear about the repercussions. Either you’ll harm your site’s ranking or you’re violating Google’s Webmaster Guidelines. Create quality content and stick to the high road where you’ll see authentic and lasting returns on your efforts.

A blacklisted site might show the warning “This site may be hacked” when you search for it in your browser. Go to Google’s Safe Browsing Site Status to check for blacklisted sites. Get help for blacklisted or hacked sites on Google’s help page

 

Small Businesses Make Big Targets for Hackers

cybercrime
Out” by bradhoc, used under CC BY / Modified from original

If you’re a small business, don’t be under the illusion that you’re too small for singling out by hackers. You could be one of the growing number of small businesses who have moved into the cyber crime spotlight.

According to Symantec Security Response, 50% of all targeted cyber attacks are on businesses with fewer than 2,500 employees. In 2012, businesses with fewer than 250 employees saw an increase in attacks from 18% to 31% in just one year.

The top businesses and occupations targeted are:

  • Manufacturing –  received the greatest number of attacks in 2012; at 24% of the attacks, they got twice the number as government organizations.
  • Finance, Real Estate, and Insurance – hit with 19% of the attacks.
  • Research and Development – highest target for job occupations at 27%.
  • Sales Representatives – 24% of targeted job occupations.

So what are cyber criminals looking for? When you look at the use of the stolen data, the information tells us they want trade secrets, products plans, and customer and employee data. All your proprietary information that can be used to help competitors gain an advantage or be sold to unscrupulous organizations. Your social security and driver’s license numbers, addresses, credit card numbers, health and financial history, purchase information, and other private details are up for grabs.

The news is continually warning us about data breaches that occur at all levels and includes major retailers, hotel chains, government organizations, and other businesses. In July the headlines were about the breach on government systems affecting 21.5 million people and is related to the previous month’s government breach compromising an additional 4 million with stolen sensitive information.

This government incident is “not without precedent,” and “cybersecurity in both the private sector and the public sector” must be raised, said Michael Daniel, the White House cybersecurity coordinator.

Cybersecurity has been a documented issue going back to 1997. In a cover letter to the President on the Report of the President’s Commission on Critical Infrastructure Protection, it reads, “We did find widespread capability to exploit infrastructure vulnerabilities. The capability to do harm—particularly through information networks—is real; it is growing at an alarming rate; and we have little defense against it.”

So what are we doing about it? What measures should you be taking to protect confidential business data and private personal information?

INTERPOL, the world’s largest international police organization with 190 member countries, is committed to becoming a global coordination body on the detection and prevention of digital crimes. They advise that we do two things to protect our business and personal data.

Update your OpenSSL.

For website owners, it’s important that you have an updated OpenSSL. The Heartbleed vulnerability in encryption software which is used by the majority of online web servers is leaving nearly everyone open to one of the biggest cyberattacks in the internet’s history.

Heartbleed lets its attacker anonymously download a random chunk of memory from the server, including secret keys, passwords, and other personal information. The secret keys are the most problematic because this opens the door for even more secret information to be revealed.

The bug went undiscovered for two years until being uncovered in April of 2014, and it’s predicted that the ripple effects could continue for years. Vulnerable versions are still being used on websites, most likely small e-commerce sites that don’t have the administrative support to patch things up.

If you’re concerned about a website, you can use this handy Heartbleed checking tool to check if it’s vulnerable.

Speaking of updating, keep all your software programs and websites up to date and backed up for added security.

Change your passwords.

INTERPOL says to use unique passwords for each of your online accounts and to change them often. While this may be wise in theory, in reality it’s difficult to carry out. Start by changing important accounts, ones that have financial information on them, for example.

Create strong passwords that are at least eight characters long and use a combination of letters, numbers, and symbols. Don’t use words from the dictionary (the use of symbols comes in handy here) and don’t use personal information that is readily available, such as your name, birth date, or apartment number.

What else can you do? Here are a few more preventative measures to use in protecting yourself from cybercrime.

Get two-factor authentication.

When a site offers this step, use it. If you are a site owner, enable it for your customers and subscribers. One of the largest attacks on banks occurred in 2014 when failure to enact two-factor authentication at one of the bank’s servers caused a weak point in the bank’s security, allowing the hackers to access 90 other servers in their network.

Be careful what you click on.

One of the ways hackers manage to steal information is through infecting your computer. Malware such as remote-control Trojan programs, worms, viruses, and botnets can affect computers using sophisticated techniques.

Spam email, infected files on downloads, and malicious pop-ups and links can all infect your computer, which in turn can be used by hackers to launch DoS attacks or send spam with even more malware.

Always think twice before going to a website that’s unknown to you, and if you do, type a legitimate address in a new browser tab instead of clicking on a suspicious link. Never trust an email from an unknown source.

Put barriers in place.

Utilize the best tech barriers you can afford, like this cloud-based security app for mobile phones. Anyone operating their computer without some serious security software is taking a huge risk. Install and regularly update virus protection and adware/spyware removal software programs to keep malicious applications from invading your privacy.

Good luck — it’s a digital wild west out there.

More WordPress Security Mistakes (Yes, You’re Making Them)

WordPress security
Meow Wars” by Kevin Dooley, used under CC BY / Modified from original

You’re making more WordPress security mistakes besides those updates you keep neglecting to do. Avoiding regular updates is the most common security mistake, but there are more mistakes that also put your site at risk for attack.

Because WordPress is open source, those miscreants who wish to do harm can easily obtain the source code and study it for ways to hack in. Combine this with the popularity of WordPress and it’s like you have a bulls-eye target on you.

The good news is you don’t have to do anything drastic, like change to a much less user-friendly CMS that doesn’t have all the fabulous plugins and themes, all for free. All you have to do is follow these tips to button down your site and stay safe from attacks.

Lacking a First Line of Defense: No Security Plugin

There are many security plugins to choose from with different pricing, including some free options. While it’s true that having too many plugins can be a bad idea, having one that actually protects your site is a no-brainer.

This list of the Top 10 Essential WordPress Plugins is a good place to start. It includes Wordfence, a personal favorite of mine. These give you an extra layer of security by addressing the issues most prevalent, leaving you free to run your business worry-free.

Installing Bad Plugins and Themes

If a plugin is available for free that you would normally have to pay for, consider this a giant red flag. A pirated plugin or theme may be free, but it’s also going to be potentially rife with dire consequences.

Disreputable plugins and themes come with a catch. Not only are they dishonest and often stealing from hard-working developers, they can be infected with malware that will inject malicious code into your website. Once they’ve made this connection to your site, it’s like a backdoor where they can get in and do all kinds of damage.

Beware also of WordPress themes that look totally safe. If the theme isn’t from the WordPress Theme Directory, or isn’t from a source you know and trust, then you shouldn’t install it. There are hundreds of themes available, and they all have to pass selection criteria that includes possessing no unsafe code.

Surfing In Public Wi-Fi Waters

Sure, you’ve heard it all before, but do you really avoid using your credentials and private information on the internet when using a public Wi-Fi hotspot? These places include high-density areas such as airports, libraries, hotels, cafes, and, of course, Starbucks.

The ease with which attackers can steal your information is due to the fact that, according to Public WiFi, public WiFi networks are “almost always unencrypted, which means that anyone with cheap, easily available software can listen in and access everything being sent over the network.”

The hacks in a public WiFi hotspit can include Sniffers, Evil Twin, Man-in-the-Middle Attacks, and Sidejacking. The names are almost enough to steer you away from exposing your website and other information to attack.

Using “Admin” For Your Username

Your WordPress site has an automatically generated username with the Administrator role. This role has permissions that are referred to as admin, which allow this user to do anything they want. An Administrator has total power over the website, including deleting your whole site.

The last thing you want to do is keep the original username “admin” as the name for someone who has total access. This is the first thing a hacker will use when trying to break into your site. Once they’ve figured out your username, then all they have to do is guess your password. You’re giving away half the access information with admin still intact. See the list of targeted usernames in the recent brute-force attack here. Clearly admin is a common guess.

You can do one of two things:

  1. Don’t use or, even better, remove your admin username. But before you do this, create a new user with the admin role. Functioning under this new username, you can delete the old username of admin.
  2. If you want to do this in C-panel, read this user-friendly post on How To Change Your Username. If I can do it, you can too.

The Wordfence plugin allows you to block any IP address you want, so if you find one is continually attempting to log in using the admin username, block it.

Using Really Obvious Passwords

The list of top passwords for 2014 contains the same weak passwords, with “123456” and “password” holding the top two spots. It appears that all the advice on the internet about using strong passwords is going unheeded.

Use your imagination when creating your passwords and follow the Google’s tips, use a password generator, or take Edward Snowden’s password advice to John Oliver and use “pass phrases” that are easy for you to remember, but difficult for computers to crack. Try one of the top five password managers to help you remember them all.

You can always sign up for a worry-free program with your web hosting company and let them take care of all your site’s security. If you’re running a small business, it’s a huge timesaver as well. Good luck — it’s a Digital Wild West out there.

Are You Making This WordPress Security Mistake?

OLYMPUS DIGITAL CAMERA
OLYMPUS DIGITAL CAMERA

All it takes is one security mistake on your WordPress site for disaster to strike. Yet users continue to make this single most common security mistake — even though it’s easy to avoid.

To avoid this mistake, you need only do one thing. Don’t ignore your WordPress Updates. It’s that easy. Go directly to updates. Do not pass Go. Do not collect $200. Or it will be game over.

Even the big guys are vulnerable. Microsoft had one of their sites hacked because the WordPress site in question was running an older version of WordPress. Turns out the attackers hacked the content to promote online casinos, including adding links and new pages that were injected to show embedded content from other gambling websites. Supposedly it was a scammer and not a group of “professional” hackers, demonstrating how easy it is for someone to attack your site on the basis of outdated software.

Why Ignoring WordPress Updates Is Like Driving In The Wrong Lane

When you ignore your WordPress updates, you are eventually going to run into trouble. Sooner or later, that oncoming vehicle is going to show up in your headlights. It’s best to stay out of the way of potential trouble and keep your WordPress site updated.

Here are a few things that can go wrong:

  • Your site can be infected with malware. This malware will then infect any visitors to your site.
  • If you have a membership only site with people who are paying to get content, they will also get their computers infected.
  • Visitors to your site can be redirected to an offensive spam site, leaving them to forever associate you with this unhappy experience.
  • Your email list can be stolen and all your subscribers sent spam, with the potential for other hackers to purchase your list and spammed by them as well.
  • Your search engine ranking can fall when Google determines your site to be infected with malware. Getting your site blacklisted takes time and effort to recover from.
  • All your hard work goes down the drain with one bad slip-up when your reputation is damaged.

Get Your Updates – They’re Free!

Every day there are developers out there discovering new bugs and security loopholes in existing software. There are graduate students assigned to the task of hacking into various accounts to test the site’s viability (and the student’s prowess).

When the vulnerability is serious, the developer will issue a release for an immediate update. When this happens, it means update now before the hackers find out and attempt to take advantage of your website’s security loophole.

So instead of ignoring your theme and plugin updates, get them as soon as they come out, and get them regularly. Like a reliable vaccine to a new epidemic, don’t wait around to see how things pan out before you get inoculated. Act proactively before your WordPress website gets infected.

Remember, even deactivated themes and plugins are vulnerable to attack. If you’re not using them, it’s best to delete them. 

The Best Remedy For Your Update-itis

You know you have update-itis if you’re constantly avoiding or forgetting to update your WordPress site. It’s okay, you can admit it. It’s not contagious (I hope), but it is risky business.

The number one thing to do is come up with a back-up method as your safety net. By backing up your site before you do any updates, you’re covering your keister in the event that something goes wrong. This is a good precautionary measure because sometimes plugins or themes can have wonky

There are a few things that will make updates even easier:

  • Automatic Background Updates is a recent feature that came out with WordPress 3.7. Please tell me you have updated to 3.7. If not, do that first. Then you can rest easy knowing you automatically have background updates happening for maintenance and security to your WordPress site. Whew.
  • The WordPress security team is working to give you more automatic security updates for plugins. Once you have WordPress 3.7, these updates will be supported as they are offered. The automatic security updates for plugins will be voluntary by the end-user, unless the WordPress security team deems it “an issue severe enough to warrant” a required opt-in.
  • Set up Google Webmaster Tools to alert you if Google finds malware on your website in the event all your updating has failed you somehow.
  • Install the WordFence plugin and get email alerts when your installed plugins need updating.
  • WordPress makes it very easy to keep your website up to date. Just be sure to make a current and complete backup of your database and your files before you do any updating, or have it done automatically each week.

There are many ways to backup your website, but two of the easiest ways are:

  1. Create a backup from your web hosting cPanel.
  2. Use a backup plug-in that you can install in your WordPress dashboard that will automatically backup your site at set intervals.

Don’t let update-itis cause your website to suffer. Stay updated and stay safe!

Don’t Make These 5 Domain Name Mistakes

domain name
Sad Brown Cat” by Francis Victoria Gumapac, used under CC BY / Modified from original

Your domain name is a critical component to your online presence. As your internet address, it points visitors to your website. Without it, you have no visitors, no readers, and no customers.

Don’t make these domain name mistakes and risk the safety of your domain name and website.

Mistake #1: Falling for the Fake Renewal Notice

Because all domain names must be registered with ICANN, the Internet Corporation for Assigned Names and Numbers, they are there for the taking by spammers and marketers who do Whois searches. By doing a ICANN Whois search, you can get a domain name’s data, including the owner’s name, address, phone number, and email address.

Having this one global internet has its drawbacks. After registering your domain name, you might start to receive marketing spam to the email address you used to register it with.

Watch out for the renewal notice sent by fake registrars (or very unethical ones). If you pay the renewal invoice to these fraudsters, you are not only losing money, but you could be initiating a domain name transfer. Your website and email, if you have it through your registrar, will crash and your original domain name provider will no longer be in effect.

Use extreme caution when you receive a renewal notice. Make sure you know who your registrar is and when your domain name expires. A quick check Whois search will answer these questions.

Any unsolicited domain name emails inviting you to either register for a new top-level domain name or to renew an existing one should be treated as if it is spam until you verify the information.

Mistake #2: Thinking You Own Your Domain Name When Using a Privacy Service

Whois privacy services are designed to protect your domain records from public viewing. Instead of our personal contact information, you will see the registrars (or whoever is selling the service). What most people don’t realize is that the name listed in the domain Whois record as the domain registrant is the owner of the domain.

In a rare dispute case, the owner of the case isn’t you, regardless of anything written in a contract of terms of service agreement. You have no legal rights to the domain.

Another concern is that some domain registrars will sell your private contact information for a small fee to anyone who asks. Also, if a law enforcement or government agency wants it, it’s as good as theirs. (This doesn’t seem like a problem, but the rumor mill has it that they will give out this information at the first mention of the word “infringement.”)

A simple way to handle this if you’re concerned about privacy issues is to have your web hosting company list their name and information. Having a good relationship with your web hosting company can help you solve a lot of potential website problems!

Mistake #3: Forgetting to Renew Your Domain Name.

Make sure you have a valid email address for your Whois records. Not only will this be used to contact you to verify any changes that are made, but to warn you of impending domain name expiration.

In both cases, there is often a time limit imposed by the registrant, and if not met, your domain name will be suspended. Trying to recover a lost domain name involves financial costs and a few headaches.

Consider signing up for automatic renewal with your registrar. Your web hosting company can also be responsible for your automatic domain name renewal, leaving you without the worry of following through on a reminder from a registrar.

Mistake #4: Paying Registrar Transfer Fees

You are free to transfer a domain name registered in a generic top-level domain to another registrar, assuming you meet none of the exclusions as outlined in ICANN’s policy on transfers between registrars. These include waiting more than 60 days from domain name creation, no evidence of fraud, and no reasonable dispute over the identity of the Registered Name Holder or Administrative Contact.

If you pay a transfer-out fee, which can be more than double the cost of the domain name registration cost, then you’re paying for a charge that’s in violation of the ICANN transfer policy. Ask your credit card company to reverse the charges, and be glad you’ve transferred out.

Mistake #5: No Registrar Change Protection

Unauthorized domain name transfers are easy to avoid by taking preventative measures. The registrar lock, once set by your registrar, prevents unauthorized, unwanted, and unintentional changes to your domain name.

Unless it is unlocked, no one can modify, transfer, or delete your domain name. While locked, you are still able to manage your domain name by renewing it. Only certain top-level domain names can have registrar lock, including .com, .net, and .org.

Another added security layer is auth code. Some of the top-level domains require an eight character authorization code before you can transfer it. The auth code is supplied by the current registrar, and you will need it to transfer to another registrar.

These protections are generally offered for free by your registrar, and are often put in place automatically. If you have a transfer complaint, go to ICANN and fill out their ICANN transfer complaint form.

The work of managing your domain name can be turned over to your web hosting company, leaving you worry-free. But it’s good practice to be aware of the mistakes to avoid as well as who is responsible for making sure your domain name is safe.

Domain Name Management and the New Name Extensions

top-level domains

What is a domain name?

Your domain name is the unique name to your website using letters from the alphabet. It’s easy to remember, whereas the IP address (Internet Protocol address) associated with your domain name consists of a string of numbers that is difficult to remember.

There are two parts to your domain name: the top-level domain (TLD) and the second-level domain. The letters that come after the dot are called the top-level domain or extension, and the letters preceding the dot are called the second-level domain or the label. When you refer to a website, you use the label or second-level domain.

Registering Your Domain Name

Because your domain name is your online address, it must be registered in order for your website to be found. There are many domain name registrars. To find out what registrar your website uses, you can search using a Whois search for your domain name using InterNIC.

For more information about your website, such as who the registrant is, try doing a Whois search using http://whois.icann.org/. ICANN is the Internet Corporation for Assigned Names and Numbers. They coordinate the internet’s address book by making sure the domain names all over the world can find each other. By keeping the Domain Name System (DNS) operating, we are able to have one global internet.

You can check to see if your registrar is an ICANN-accredited registrar. If it’s not, there is a simple procedure to follow to transfer to another registrar.

Managing Your Domain Name

The registrant of your website is the person who owns the domain name. There will also be an administrator and technical contact. A registration service provider might also be listed. Any or all of these could be your web hosting provider.

Having a domain name management plan in place is essential. This will assure that your website remains registered for your domain name without interruption. You should know who your domain name registrar is, how it is renewed, and whose name it is registered under. It is also important to know where the domain name points, or to what site it takes you.

As a business owner, records should be kept indicating all this relevant information in the event of any change, such as an employee leaving the company. Knowing who is responsible for what to do with domain names will ease any transition that might occur.

A clearly defined policy includes indicating which employees are designated for each of the following:

  • Domain name registration procedure
  • Who is named as registrant
  • Who is the technical contact
  • Who is the administrative contact
  • Which registrar or domain name company is used for registration
  • Renewal of domain name
  • Confirmation of where each domain name points
  • Password preservation and recovery

The New Domain Name Extensions

Did you know there are many new top-level domain names or extensions?

You might be surprised to find out that there are many other extensions besides .com, .edu, .net, and .org. New generic top-level domains are fast becoming available, with over 1,300 new names predicted over the next few years.

All the TLDs shown in this post’s picture are the real thing. Your imagination is the limit to what you can create.

Are the New TLDs Better?

Top-level domains have been under the control of ICANN, but in 2014 the creation of these URL extensions was opened to entrepreneurs. TLDs now comprise an endless number of possibilities as business owners can pay to have their website end with a specific TLD, such as jewelry, cafe, wedding, diet, and dentist, to name just a few.

There are over 5 million websites with new TLDs. Despite their obvious unique appeal, a study by Moz on generic TLDs showed that users weren’t likely to trust a domain based on its TLD. “A new gTLD is probably not a silver bullet.”

As for SEO, TLDs don’t offer any improvement. Search engine algorithms don’t include the new TLDs as a ranking factor.

According to John Mueller from Google, “There still is no inherent ranking advantage to using the new TLDs. They can perform well in search, just like any other TLD can perform well in search. They give you an opportunity to pick a name that better matches your web-presence. If you see posts claiming that early data suggests they’re doing well, keep in mind that this is not due to any artificial advantage in search: you can make a fantastic website that performs well in search on any TLD.”

Your first move in domain name management shouldn’t be worrying about your TLD. It should be checking the list to see that you know exactly who is responsible for each item, and keeping the information in a secure spot.

How to Stay Safe With WordPress Updates

 

wordpresssecurity

WordPress is a fantastic content management system and blogging platform, but like most popular open source software it can be vulnerable to certain malicious activities–especially if your software, theme and plug-ins are not kept up to date and running the most current version.

What kind of malicious activities might occur?

  • Someone could install files with malicious scripts within your WordPress installation that send out SPAM. This could lead to an exceptional load on the hosting server causing it to slow down website performance and the volume of SPAM can cause the mail server to be blacklisted. The blacklist could prevent other folks from receiving your emails that you send causing you to lose business. And it can be time-consuming to get a server off a blacklist.
  • A malicious script redirects your site to another (SPAMMY) location causing you to lose business, damage your reputation and hurt your search engine rank.
  • Any number of other mean-spirited activities the hackers decide to wreak upon your site that will cause you to lose business, or your reputation or both.

It’s important to protect your website.

We’ve talked about WordPress security before (and will probably talk about it again).  See No-Worries Website Security , More Password Hacking Methods and How to Stay SafeHow to Change Your WordPress Username, and How To Prevent Zombie Hack of Your WordPress Site, and 6 Ways Your Site Is Hacked and What To Do About It for some previous posts.

There are many tools and plug-ins useful for keeping you site secure, but today we’re going to talk about managing WordPress updates. Let’s get started.

How to Manage Your WordPress Updates

WordPress makes it very easy to keep your website up to date. The most important thing to ensure is that you have a current and complete backup of your database and your files.

There are many ways to backup your website, but here are the easiest and most common.

  1. You can create a backup from your web hosting cPanel.
  2. There are backup plug-ins that you can install in your WordPress dashboard that will automatically backup your site at set intervals.

Once you ensure that you have a current backup, it’s very easy to complete the updates from within your dashboard. All updates for plug-ins, themes and WordPress versions will be noted under WordPress updates in your dashboard. Simply click the update links and in most cases the site will begin updating.

The Order of Operations

In my experience I find it best to start with the plug-ins and update all the plug-ins that have updates available. Once those have updates have completed, move on to the theme (see theme warning below) and update it, then update WordPress itself.

Theme Warning – Why it’s important to use child themes.

Ensure that your theme hasn’t been modified or your updated theme may not display your website the way you want it to look. We usually build websites with all the style modifications made to the child theme so it’s less likely to cause a problem when updating the theme.

OOPs! Something went wrong!!!

You’ve made your updates but now…

  1. Your website doesn’t look right – See theme warning above.
  2. You can’t even see your website and you see a “Fatal Error” message(s) instead.

Now what do you do?

Disable Plug-ins.

Sometimes a plug-in doesn’t play well with the current versions of WordPress. If that’s the case, it might actually make your website unavailable. Instead of seeing your website, you’ll see a fatal error message.  So, if you’re seeing a fatal error message, the first thing to do would be to disable all the plug-ins. Probably the easiest way to do that is to login to your cPanel and find your plug-ins directory and disable it. An easy way to disable it is just change the name on the plug-in folder. Use something like Disabled-plugins.

Did that fix it?

If yes, continue reading this section. If not, continue on to restore your website from the backup.

You’ve determined that your website works with plug-ins disabled so you know that one (or more) of the plug-ins caused the problem. You need your plug-ins so you’re going to enable them one by one to find out which plug-in caused the problem. To do that create a new folder in your cpanel called plugins (don’t get creative here – put it in the same location as the old plugins folder was located.) Copy over each plugin folder from the disabled-plugin folder to the plugin folder. Check after moving each plug-in to the active plugin folder to see if the website is still working. When the website breaks – you’ll have discovered which plug-in broke the website. Now you need to consider whether you really need that plug-in or not.

Restore your website from a backup.

Here’s where it’s important to have you backup database and files.

In your cpanel:

  1. Overwrite or restore your WordPress files with the backup files you saved.
  2. Restore the old database you saved or create a new database and import your backup database into the new database. Change the wp-config file to point to the corrected database.

Your website should now be restored to the state it was in prior to trying to update it. So now you’re back to square one with a working but outdated WordPress installation. Chances are during the restoration you discovered if it was a outdated plug-in or outdated theme that created the havoc during updates. It’s likely you’ll want to replace the plug-in and/or theme with something that is compatible with the current WordPress version.

7 Tips for Your Content Management System

CMS
Photo a derivative of “Blank sign post, empty field” by Ano Lobb under CC BY.

A content management system (CMS) like WordPress is a software that lets you create, manage, store, edit and publish all of your of content without any serious HTML or programming skills.

Thanks to this ability to edit your content from any computer that connects to the internet, you don’t have to rely on a third party, like developers or web hosts, to stay up to date, right?

Well, sort of.

A CMS is designed to streamline your workflow, making life easier, while also reducing costs and increasing productivity.

It’s true that a CMS website gives you greater control. You get the benefits of overcoming technical barriers to adding content, allowing multiple people to add and edit content, and facilitate faster updates.

It’s also true that with greater control and power comes greater responsibility.

Just because a CMS gives you the flexibility to manage content whenever you want doesn’t mean it’s getting done and getting done right. At its most serious, mismanaging your CMS website is like hanging up a sign that informs hackers you’re open for attack.

Here are 7 tips to follow when you have the responsibility of a content management system.

1. Maintain Site Security By Updating

The developers and contributors are constantly updating plugins to keep WordPress efficient and secure. When a bug or vulnerability is discovered, they get to work on a solution right away.

If you’re not updating your WordPress site and its plugins on a timely basis, this means it’s unsafe and probably vulnerable to hackers. With a single click, you can maintain your website’s security by simply updating your theme, plugins, and the latest version of WordPress.

It’s always possible that a security hole exists somewhere on WordPress since it’s an open source software and highly targeted by hackers. However, keeping your data updated will greatly reduce the risk.

2. Perform Backups

Besides regular updates, part of keeping your CMS secure involves performing regular backups. Determine who will do this and how often you want it done.

There are several backup solutions available, including paid versions such as the highly touted VaultPress. Your web hosting provider will often offer backup plans as part of your hosting package.

3. Basic Updates of Site Content

When content needs to be updated, it is often confusing to people who are either not adequately trained or who aren’t using the site regularly. A CMS like WordPress isn’t difficult to use when you’re working with it on a regular basis.

If you know you need basic updates of site content monthly, for example, then be sure someone is trained and tasked to do so.

4. Configure Your Content Management System for SEO

SEO is user-friendly with plugins like the WordPress SEO Plugin by Yoast. Custom titles and meta descriptions are common elements with these plugins, but there are other important configurations as well.

Generating a sitemap file, customizing URLS, and eliminating duplicate content are just three ways to improve your site’s SEO, helping you gain more subscribers and elevate your rankings.

5. Blogging for SEO

If your website includes a blog, your CMS will make it simple to manage regular content curation. Manually posting and maintaining valuable content for your site’s SEO can be easily handled by the same people who write and develop it.

The only trouble is dedicating someone to this task and making sure it is regularly scheduled for consistent SEO results.

6. Not So Simple Navigation Changes

Making navigation changes may seem like a no-brainer in your CMS, but even the simplest changes can have enormous consequences.

Your navigation menu is like a road sign directing street traffic. Without it, your visitors will have difficulty finding their desired destination. This is one area where you should be well-informed with WordPress before altering things and dramatically affecting the user experience.

7. Keep Current With Comments

If you have a comment section for your blog, you will need to keep current with your readers’ comments and be prepared to write replies. Comments give your visitors a way to interact with you, creating a sense of community and encouraging return visits.

Setting your comments so they publish only when approved is a good practice, allowing you to weed out spam, a way for insidious malware to sneak in through your backdoor.

Make a plan to keep your CMS well-groomed and secure with either an internal process or with your web hosting company. Don’t let your CMS-based site appear shabby, out of date, or open to hackers.

Our Location

222 Pitkin Street, Suite 125
East Hartford, CT 06108
Phone: 860-432-8756

Talk to Us

Follow us, subscribe to us, email us, or call us at 860-432-8756. We’ll use our Super Savvy Tool Belt to stay in touch however you prefer.

Sign Up for Email Updates