Security, Security, Security – You Can Never Have Too Much

Make sure you know about your own site's security policy.
Make sure you know about your own site’s security policy.

Security, you never realize how much you really should be thinking about it until your site is hacked. For business owners, let me caution you to not leave this most important aspect out of protecting your online presence to staff without some oversight.

Here’s what you as the business owner need to know about security.

  1. You need a back up and redundancy plan.
  2. You need to know what your webmaster is doing on security.
  3. You need to routinely monitor the Google Search Console for messages.
  4. Sometimes the Bing Search Console will notify you faster of a hack, so monitor there too.
  5. Look for weird URLs and strange activity in Google Analytics.
  6. Make sure you do regular back ups of your website files and keep several archives not just one.
  7. Back up your back up!
  8. If you use WordPress as the backbone for your site see below.
  9. Remain vigilant. If you have security plugins monitor the messages.

If you have WordPress…

I like WordFence as my security plugin. I am getting nice results and actionable message about access, updates to do to stay secure, and not too many messages that I get “security fatigue”.

I do use other plugins as well for WordPress. Below are the ones I will typically install for clients.

Login Lockdown
Locks out brute force attacks and bad passwords.

WordPress File Monitor
This plugin monitors the core files for changes and uploads.

Sucuri or WordFence
I have used this program but found that the number of messages was too overwhelming so at this time I am using WordFence instead. Just make sure you use something AND make sure to actually read the alerts!

If you need help with your website please feel free to visit ours and check out our services.

 

WordPress Web Design

Solutions for your business that make sense.
Solutions for your business that make sense.

I started out my business in 2001 as a web designer and then over the years moved into AdWords and social media; doing less website design over the years.

But, now I have come full circle and am back doing web design for key clients who want a heavy focus on design for organic search placement.

Here is a link to one of the sites I am working on right now for Imagine Insurance Advisors. I am finding out just what clients like about WordPress. You can preview it while it is in work.

1. The ability to update their own content at any time, even though they may not do this frequently, is a very big plus. The business owner of my most recent project says that her team is excited that when they have an open house or event, that they can put it on their home page themselves without a paid webmaster’s intervention

2. The ability to change the look and feel in the theme settings as they use the site is another feature that many like. Tired of your site set to fill the screen? With one click you can set the site layout to 1200 pixels wide and add a background image. Don’t like it? You can undo with one click! Once your theme is set up, small changes like this do not impact content or other design features.

3. Not every website is a good match for WordPress, but the ability to add functionality via plugins allows a site to stay relevant as the times change. One thing I really like is the integration of Accelerate Mobile Pages (AMP). I consider this a huge growth area and one that over time Google will be using in the mobile search space for placement. Google loves AMP and so should you as the pages are super streamlined but load almost instantaneously. This is the future for mobile. And WordPress plugins make it easy to start with AMP. Although some of the plugins still generate errors, they are a good start.

If you are looking for great content, smart solutions and an update to your legacy website, it’s time to take a careful look at WordPress and consider our design services.

Domain Don’ts

Confused senior man
Don’t Make a Big Mistake!

Thinking about buying a used domain name? Be careful, very careful, even if a domain is offered to you for a great price and it really looks like a great keyword match, take a deep breath and do your homework before you jump on buying that domain name.

Why should I be careful?

It today’s environment when great domains become available it is typically because they have been burned out by spammers. A domain will carry history, it is not just a name and when you take it over thinking you are getting a fresh start; it may be banned by spam registries, Internet Service Providers, and been used and abused by spamming or black hat SEO’s.

Even $200 is too much to pay for a domain that has been abused. You may never be able to use the domain name in an email address and the history may be so tainted that you will never be able to remediate it and place on any search engine with it.

My recommendation is – No Go.

My candid recommendation on buying a used domain, based on how things are, is that I would pass. A domain name does not assure SEO placement, and if you really love the domain you may be able to buy it fresh and clean and never used before as a .us or .biz.

If the price tag is even higher, hire an expert to do due diligence for you. I’ve seen domains go for $10,000. You’d hate to pay that kind of money and find out that the domain had been horribly abused making its value to you nearly nothing. Be careful and do some Google searches first before you consider buying any used domain names.

Webmasters Lock You Up for Their Benefit

Find out how to unattached yourself from a webmaster.
Find out how to unattached yourself from a grabby webmaster.

You may not know it, but in my industry it is a common practice to lock in a customer to create a long term cash flow. Some webmasters will even set up accounts in their own names for services for which you are billed just to make it difficult or nearly impossible for you to leave them and thus secure payment from you in perpetuity.

I do not believe in this particular business model and have helped a number of clients break these chains, but there are some things that you can do as an educated consumer to keep from getting in this position in the first place.

1. Make sure that all accounts set up for you are in your name, tell your webmaster that all accounts must use your email, and your preferred password. By this I mean your web hosting, your email, your domain name, your Twitter account, your AdWords account, and even your Facebook Business Page.

2. Once these accounts have been set up for you, make sure they are done properly and login once so you can verify that you have ownership. Review the settings in your account to verify that you are not just invited to login to the account, but you are the registered account owner.

3. Only allow your credit card, and not that of your webmaster, to be used to pay for these accounts if there are charges. A red flag to you would be where the account is supposedly in your name, but that your credit card is not tied to the account for payment. In actuality you may just be invited to see the account but may not own it.

4. If your web designer or webmaster refuses to do number 1, 2, and 3, I would recommend that you find another resource for your services.

Remember when your accounts are in someone else’s name, you own the rights to nothing. If your Facebook Business Page is set up as a page under the account of your webmaster and you decide to terminate your webmaster, your account, you thought you owned, is lost. It is not transferable. If your hosting account is set up as a child under the parent account of your webmaster and you have a problem, the hosting agent will not speak to you as you are not the account owner.

It is unfortunate that many clients actually do not know they do not own their own accounts until there is a problem and they want to fire their webmaster. Don’t let this happen to  you! It can be costly both in time and money to remediate if even possible.