Web Design

We have been working on numerous projects over the last few months and all of them came to an end in this last two-week window. We successfully launched 7 new, beautiful custom wordpress websites that were designed and created by me and my team.

From Truckee and Graeagle, CA, to New Hampshire and New York, these projects had us working with clients from all over the U.S. Some required photo galleries, other requested unique quizzes, and some required eCommerce. Take a peek at these new websites in my website portfolio and be sure to drop a line welcoming these new businesses.

The web has been seeing another spike in hacking attempts on websites lately. It’s important for you to do your part to help keep your site safe. Hacks can be a real pain to remove, and unaddressed malicious content on your site may even result in your site being removed from search engine results.

You can think about protecting your site as being a lot like protecting your house. If a criminal is smart enough, and motivated enough, they are going to break into your house, no matter what you do. However, taking a few basic precautions can help protect your house against most would-be wrong-doers.

Most important & best practices:

• Choose a strong password. Passwords should contain at least one lower-case and one upper-case letter, one number, and one symbol (!, #, *, etc.)
• Never use the same password for more than one site/account. If one of your passwords is compromised, attackers may try to access your other accounts using the same credentials.
• Keep your passwords safe. Never write passwords down where someone can find them, and don’t keep passwords in an accessible document on your computer. Avoid transmitting passwords by email, whenever possible.
• If you have to share your password with someone who doesn’t normally access your site or hosting account, consider setting up a sub-account for that person, and deleting it when they are done. If you must share you password, change it immediately after that person has finished work. Consider having your web developer/designer manage and administrate your accounts for you.
• Keep your site up-to-date. Always make sure that your site is running the most current version of your CMS software, plugins, theme, server control panel, and anything else your site utilizes. Updates to these core functions often close loopholes and security venerabilities that have been found since the last version. When these updates are released, hackers often try to exploit these loopholes, hoping to find a site that hasn’t been updated yet.

This is just a short list of the most important best-practices for the management of your site and information. If you have any questions or concerns about your site security, please don’t hesitate to contact me.

If you have a blog on your content management website, you will have the option to enable or disable commenting. For bloggers who plan to blog at least once a week, commenting provides an interface to interact with your viewers. However, some small business owners are noticing the malicious nature of spammers and are receiving more spam than actual comments. In this case, disabling commenting may be a better option, especially if blogging is done less than once a month.

To help you decide, here is a rundown of the pros and cons of allowing commenting on your website:

PROS:

• If you are an active blogger, the comment system can open your blog up to interacting with your users and readers, sometimes allowing valuable feedback on your posts.
• Comments discussions on your posts can often lead to increased traffic on your site.
• Trackbacks and Pingbacks are comment links from other blogs. Allowing these types of comments can help create a network of links to and from related blogs around the internet.

CONS:

• Spammers love the comment system. By allowing comments on your blog, you open your site up to the exploitation of spammers.
• In order to rid yourself of SPAM comments, you will need to regularly moderate the comments on your blog, and you must learn to be proficient at spotting SPAM and removing it.
• Comments on your blog are likely to take up your time, even if you don’t get large amounts of SPAM.

Making your decision:

When deciding whether or not to allow commenting on your blog posts, the most important decision to ask yourself is “Do I plan on blogging regularly, and will my posts benefit from the potential feedback of my readers?” If the answer is yes, it is probably worthwhile to enable comments on your blog. If your answer is no, and you only plan on using your site’s blog to post periodic updates about your company, or other “read-only” posts, you can save yourself a lot of time and trouble by disabling comments on your site.

As always, if you have any questions or concerns about comments on your site, please don’t hesitate to contact me.

Each year updates are needed to keep your website working its best, and to keep it safe and secure. The updates your site needs will vary according to the changes made over the year to web standards, web browsers, mobile devices, and, most importantly, to attempt to close any potential security holes which may leave your site open to attackers and hackers.

Websites need maintenance, just like cars

Websites need maintenance, just like cars do. When you purchase a new car, you drive it around, have some fun, show it off, and don't think about its needs too much at first. After a certain amount of time and miles, you bring it in for an oil change, rotate the tires, change other fluids and filters, change out the belts, wash it, maybe even get it detailed. Generally this type of maintenance will help keep your car running smoothly and will provide reliable transportation.

Now imagine that you do NOT do the regular scheduled maintenance to your car, and instead wait 5 years to do anything. Your car will most likely be running poorly (if at all) and will need a ton of work, which will most likely cost more than it would had you done regular maintenance. A website is just the same, needing regular scheduled updates. The longer you wait, the more likely your site will be working poorly and will cost more to overhaul, and the more likely it is to have major issues.

WordPress Website Updates

For content management websites using open-source platforms, such as WordPress, the cost of updating your site generally depends on the theme and plugins you use, your site’s functionality (eCommerce, etc.), how customized the features, functions and design of your site are, and how long it has been since your site was last updated.

If updates are done, the site will continue to be seen as intended in newer browsers and mobile devices, will have heightened security, and will, most likely, run a bit faster. If updates are not done, some elements of the site may not be working correctly in certain new web and mobile devices, or in newer versions of desktop browsers. Most importantly, any bugs and security loopholes that have been found since your site was last updated, in any elements that your site utilizes, are much more likely to be exploited by hackers and attackers. Failing to update your site leaves it extremely venerable to attacks.

Don't Update Your WordPress Site Yourself

Some updates may break your site, create conflicts between site elements, and/or write over customizations, if not done properly. If you choose to attempt to update your site by yourself, please be aware that the process is usually considerably more complex than clicking on the automated “update” buttons, which simply writes any available new, updated, files over your existing site files. If you make a WordPress update by yourself, you may very well shut your entire website down. Some fixits to incorrectly updated sites have cost upwards of $500, in addition to the other work that needs to be done, because the site was updated incorrectly by the client. Please be 100% sure of what you are doing before you click “ok” or “update.”

What to do if Your Website Has Been Hacked

If your site is infiltrated by a malicious attacker, it must be restored from the most recent “clean” backup, or manually cleaned of whatever attack has infected the site. This process can be very time consuming, in the event of a complex hack. While it is, theoretically, possible for a site to be hacked at any time, leaving your site running old versions of WordPress, theme cores, and plugins, is like leaving the doors and windows to your house open. Your house may still be broken into if you lock the doors and windows, but it is, certainly, less likely.

If your site has been flagged as a "malicious" site, and your web browser displays a safety warning when visiting your URL, it is extremely important to "take down" your site, and do your part to stop malware. Until your site is clean of malicious attacks, it should not be accessible on the internet.

eCommerce Website Updates

If you have an eCommerce site, keeping the site up-to-date becomes even more critical. As an e-merchant, you are responsible for the safe transfer of the payment information of your clients. Leaving an out-of-date eCommerce site on the web is not only irresponsible, but likely violates the terms of your Merchant and Gateway agreements.

Update Your Passwords At The Same Time

Additionally, during this time, I recommend updating all passwords, which your web developer can help you with at the same time.

Conclusion

Updates are needed every 6-12 months. Updates are required by your web hosting provider, are essential to keeping your site running smoothly, and are mandatory for the security of your site. YOU are responsible for asking for updates to be done on your website. Contact your web developer to get a regularly scheduled maintenance contract.

Google recently launched its Penguin update algorithm that "is aimed at decreasing search engine rankings of websites that violate Google’s Webmaster Guidelines" [http://en.wikipedia.org/wiki/Google_Penguin]. What this means is that Google is trying to remove those websites that have over-indulged in search engine optimization and schmarmy keyword techniques that appear in your Google results even though you are not really searching for them. What this also means is that if you are a website owner and have taken your SEO over the top, you will be wanting to be sure that you are abiding by the Google Penguin recommendations so that your site is not blacklisted.

If you are concerned with maintaining your ranking and visibility on Google, review these general guidelines for site owners:

1. First, don't panic. Google changes their algorithms all the time. And please do not start deleting a bunch of content.
2. Remove the over-keyword phrases in title or Htags, such as "great cookbook, cookbook recipes, greatest cook" and replace it with something like "Great cookbook recipes"
3. Go to Google webmaster tools to read through their recommendations and checklist for site owners.
4. Read more about what Google Penguin is and isn't. Here are some more resources:
   1. Search Engine Roundtable discussion
   2. Multiple posts from SEOmoz
   3. Post on Search Engine Land
   4. Top 10 tips on SEO news

   Again, Google regularly changes their algorithms so there is no reason to panic. However, if you have been overdoing it on your site, you will want to take certain precautions to be sure that the new Penguin updates do not negatively affect you.

Yep, most everyone starts getting spam once their WordPress websites are launched. It sounds funny, but that is actually a good sign that you are getting "seen" through searches. Yet, they're not the results you want, right?. Though it is annoying, please keep in mind there is an option in your WordPress settings that requires an admin to approve all comments prior to publishing (this means that none of the comments are actually available for the public to see on your site until you actually approve them). Regardless of hiding the actual spam, the redundant emails are still annoying.

As listed in the WordPress codex about spam, there is no "one size fits all" solution. Here are a few potential solutions:

1. One option is to manually go in and remove the unwanted comments weekly. You can select all and then choose a bulk action to delete the spam. Just schedule it on your calendar to go in and bulk delete spammy comments.
2. If you are tired of the comments and would like to invest in some spam-reducing options, there are some spam blocking options you can implement. Some require a monthly fee and some just take time to add and test. Most will require a recent update of WordPress prior to installation, which should be done by your webmaster to ensure that none of your site customization goes awry.
3. Review other options listed in the WordPress codex to be sure that you are combatting the type of spam you are actually receiving.

Again, there is no blanket solution to the spam dilemma, however there are some ways for you to combat the spam and keep your comments from backlogging.

Are you trying to increase the amount of traffic coming to your website? Socialmediaexaminer.com is a wonderful blog that recently published a post about doubling your web traffic.  In their case study of Block Imaging, they found that through some diligent efforts, the company was able to increase their organic search engine traffic by 150%! If you are interested in how Block Imaging was able to do this, read the website traffic-generating tips listed on SocialMediaExaminer.com.

Raise your hand if you use the same password for everything! You are not alone. Yet here is something to consider in doing so:

There are thousands of hackers working all around the clock using decrypting software to hack emails, firewalls, your website, etc. Sad thing is that they have great success when your password is not strong, if you are using a weak password with a free email account such as hotmail or gmail, and/or if you have a weak password on a website that is on a shared server. Yes, these people do not have a life and have terrible karma, but this is what they do for their living and they are serious about getting results. Therefore, if you have only one password for everything, and that password is discovered, then that hacker can essentially have access to all of your accounts.

Password Strength and Security Measures

So what can you do?

1. Create a new password for each account.
2. Create a secure password for each account with great password strength, such as something that is 8 characters long with at least 1 number, one upper case letter, and one punctuation mark.
3. Do not provide passwords to people who do not need to have access to your accounts; provide them the information they are trying to gain instead. If you are working with someone who does need to gain access, such as a web designer, send your passwords through secure methods, such as sending passwords by calling on the phone, or possibly by text or by fax. Do NOT send them through your email, especially through free email accounts on shared servers, such as your gmail, hotmail, aol account, etc.
4. Create a separate user account for other people accessing your accounts and limit their access so they cannot be an administrator.

It takes a little extra effort to ensure the security of your accounts. However, the effort in protecting passwords is often less than trying to deal with a hacker after the fact.

Managing Passwords

With 100+ passwords, keeping track of them can be challenging. However there are some password management techniques that can help keep your passwords in order. These include:

• Writing passwords down and keeping them in a safe deposit box or a locked cabinet file.
• Password management software with encryption options.
• Have one electronic file with all of your passwords on it that requires a master, strong password to access it.

These are just some ways to protect your accounts (and yourself) against the growing number of hackers. Take a moment to keep your email and web accounts secure now so you can avoid dealing with hacker-aftermath later.

Judy Cole is an esthetician and masseuse in Dallas, Texas who needed a logo, branding, marketing materials, and a website. Starting from scratch, I created all components for her that resulted in a consistent and professional look and feel that she can use in all of her marketing materials. Take a peek at the project and her new website.