Manager Monday - Marc Cornish

WordPress is one of the most popular Content Management Systems currently being used on the Internet.  In fact, more than 60 million websites currently use the popular CMS.  For the average user who does not have a strong technical background, WordPress is an ideal back-end for a website because it allows users to easily update and maintain the content on their websites. From an SEO-perspective, WordPress has tons of great features built in, or easily added with one of the many plugins that have been developed by their network of open source developers.  But just as with any popular piece of software, there are risks.

Recently a massive attack was launched against websites running WordPress and Joomla CMSs.  Characterized as a ‘brute-force’ attack, the method of infiltration was to use as many different computers as possible to try as many different username/password combinations as possible.

The attacker was able to utilize over 90,000 unique IP addresses from all around the world in a coordinated attack on the default login pages of the popular content management systems.  Using the standard username ‘admin’, the automated attack then attempted to gain access by trying thousands upon thousands of different passwords.

The result was a huge strain on hosting servers, which caused many websites to go down or load poorly.  In worst-case scenarios, the attacker was able to gain access to website owners’ CMS dashboards where they can do as they please.  Preventing and stopping attacks in progress was a task that each hosting provider handled differently. Many opted to change the URL of the default login pages that the CMSs use, or to remove them completely.  For many people though, the biggest question is “What can we do to prevent this from happening again?”  The answer may be easier than you think.

While it is nearly impossible to prevent some lunatic from launching a wide-spread hacking attack on any website he/she/it wants to, there are steps you can take to make this task exceedingly difficult for them.  With a brute force attack such as this one, the prey was websites with weak passwords. ‘Password’, ‘12345’, ‘login’…if your password resembles any of these, then you have a weak password.  Strong passwords are crucial to keeping your site secure.

You may be wondering “What is a strong password?”  Generally, you want the password to be at least 8 characters, and a good mix of letters, numbers, and special characters, with some capitalizations thrown in as well.  Many CMSs come with a built-in password strength checking tool, but if you find yourself wondering, you can use one provided by Microsoft: https://www.microsoft.com/security/pc-security/password-checker.aspx.

You’ll also want to make sure you have a unique username as well.  ‘Admin’, ‘User’, ‘Manager’…avoid simple usernames such as these.  Try to pick a username that is a mix of letters and numbers. Case sensitivity is normally not important when setting these up, and special characters are often not allowed. Pick something that is unbiased and does not have anything generally in common with the website it is being used for.

These tips are great for your CMS logins but can be applied to all aspects of your life.  Applying these simple principals when signing up for bank accounts, customer accounts at ecommerce websites, or loan or credit accounts can save endless amounts of frustration in the future.  When it comes to your personal information, privacy is key.  Having a strong set of login credentials will help you keep your personal information out of the hands of hackers.  If you do not have strong credentials, take some time today to update them, you (and your wallet) may thank you later.

Internet browsers, like the rest of the technology world, are on a relentless march forward. An industry that was once dominated by Microsoft’s Internet Explorer, is now one of the most competitive and fastest growing markets. Major competitors have emerged and offer consumers more choices than ever. Mozilla’s FireFox, Google Chrome, and Apple Safari are all major challengers to the old giant’s reign.

But what does all of this mean for you, your business, and most importantly: your customers?

In this article, I will touch briefly on a few aspects of online technology and what they mean for your company’s online presence.

What are Web Standards?

Recent years have seen big gains in terms of online coding standards. The World Wide Web Consortium (W3C) has lead the charge in establishing clear guidelines, gathering public feedback, and promoting online coding standards when it comes to the development and dissemination of online content. Their research includes everything from design standards, coding standards, and the development of new coding standards and practices. Ultimately, their goal is to make the web an easy and friendly place for all users, devices, and software.

It is important to remember that implementing new standards does nothing to change existing technology. As an example, if a new standard on airbags is issued for the automotive industry, all of the cars manufactured up to that point likely will not be in compliance. Moving forward, provided that there is adequate enforcement of the new standard, all cars will adhere to the new standard. This is the same for web standards. As new technologies and standards are implemented, older technologies may not have the resources to support them. When the latest round of web standards was established, the impacted technologies include operating systems, PCs, laptops, mobile devices, but perhaps most importantly: internet browsers.

What is an internet browser? 

An internet browser is a piece of software that is used to retrieve, interpret and display information on the web. As previously mentioned, some major internet browsers include: Internet Explorer, FireFox, Chrome, and Safari. Much like the cars, all of these products have different ‘engines’. That is,  they have their own processes for rendering data and displaying information on your computer or mobile device screen. Then we can consider browser add-ons, such as Flash or Javascript. This adds yet another level of complexity, as these features may integrate with each browser differently, or sometimes not at all.

The browsers must comply with web standards, right?

Wrong. Unlike the automotive industry, there is no formal regulatory agency that enforces these standards or imposes fines upon the offenders. It is left up to the browser developers themselves to offer upgrades or add-ons that have the new technologies integrated. The most recent browser releases have seen a much greater deal of cooperation between the browser developers in terms of adopting these standards, but this does nothing for older versions.

There is, however, a very powerful force that is pushing browser developers toward further compliance: you. Internet browser trends are a closely monitored set of statistics. When new technologies or standards are released, the first to implement them will more than likely see a swell in consumer demand, which then spurs the other browser developers to implement the same. A competitive market at its finest.

Below are current browser usage trends:

2012

Internet Explorer

Firefox

Chrome

Safari

Opera

December

14.7 %

31.1 %

46.9 %

4.2 %

2.1 %

November

15.1 %

31.2 %

46.3 %

4.4 %

2.0 %

October

16.1 %

31.8 %

44.9 %

4.3 %

2.0 %

September

16.4 %

32.2 %

44.1 %

4.2 %

2.1 %

August

16.2 %

32.8 %

43.7 %

4.0 %

2.2 %

July

16.3 %

33.7 %

42.9 %

3.9 %

2.1 %

cite: http://www.w3schools.com/browsers/browsers_stats.asp

So what do we do with the older browsers?

You should upgrade. Websites that are built on the new standards will not be compatible with older browsers and thus will not display correctly. If you prefer using Internet Explorer, you should make sure your browser is up to date. Being one of the oldest contenders in the market, there are still some very old versions of the program in use out there. Internet Explorer is also a prime example as to why an online standard was needed. For several years, each version of IE was so radically different than its predecessors and from other competitors that were on the market that many web developers were forced to develop ‘IE only’ versions of the websites they were working on.

Below are some usage trends specifically for Internet Explorer:

2012

Total

IE 10

IE 9

IE 8

IE 7

IE 6

December

14.7 %

0.6 %

5.9 %

6.8 %

1.1 %

0.3 %

November

15.1 %

0.4 %

6.5 %

6.8 %

1.1 %

0.3 %

October

16.1 %

0.2 %

6.8 %

7.6 %

1.2 %

0.3 %

September

16.4 %

0.2 %

6.6 %

7.9 %

1.3 %

0.4 %

August

16.2 %

0.1 %

6.1 %

7.8 %

1.8 %

0.5 %

July

16.3 %

0.1 %

5.9 %

7.9 %

2.0 %

0.6 %

cite: http://www.w3schools.com/browsers/browsers_explorer.asp

What we can see here is that IE7 and IE6 are nearly obsolete, and with good reason. When it comes to standards compatibility, IE6 offers next to none. Users viewing the internet with IE6 will have a difficult time navigating nearly every website that they come across. One major issue with IE6 is that it will not render .png files. These files are a current image standard which offers faster load times and more versatile image files. The reason for this is simple: .png files are allowed to have a transparent background, which is somewhat unique in the image file-format world. The benefit of this is basically an ‘absence of data’. With less data being downloaded, image sizes are smaller and can be transmitted quicker. A transparent background also allows designers and developers to use the same image in multiple locations on the website, without a messy look/feel.

Coming in at a close second to IE6, IE7 does render .png files, but does not support many of the design coding features used in today’s websites. CSS (Cascading Style Sheets) is used to describe the appearance of specific elements of a website. Individual pieces of CSS define the entire website. CSS can tell the browser what Font to use, what size the text should be, what the background color of a box should be, whether there should be a shadow or stripe…you get the idea. IE7 does not support many of the design features that are used in today’s websites, such as having a shadow on text, rounded corners on boxes, and various other text and formatting effects.

So how do we reach ALL of our potential users?

Of course this can always be done, but the hours it would take to develop each new website using current web standards, and also backwards-compatible for every previous browser can be a very costly endeavor.  As a standard for accessibility, many developers will create websites to accommodate the greatest audience with the greatest ease. This is a win-win-win. You win because you save money, you visitors win because your website is standards-compliant, and the developer wins by not spending countless hours troubleshooting issues that he/she may not be able to be rectified.

SO, WHAT DID WE LEARN?

If you’re developing or interested in developing a new website, these are issues you will have to consider. You will need to consider the balance between cost, accessibility and standards-compliance. Likewise, if you’re a casual internet browser and you’re noticing that websites aren’t loading properly, or things seem to not be working the way they should, check your browser to see if any updates are available. And lastly, if you’re using IE6 or IE7, consider yourself lucky that you made it this far. Then, stop everything you’re doing and upgrade RIGHT NOW.

One of the most common SEO mistakes I encounter every day is the mishandling of 404 errors. URLs that return a 404 HTTP response code are a normal part of the web; just about every site has them. 404 errors can be served for a couple of reasons. Maybe you are trying to access a page that has been moved or no longer exists on the sites server, or maybe you misspelled the URL for that particular page. Although 404 errors do not have a direct correlation to your sites rankings, it is believed that too many of these errors can act as a signal to search engines that maybe your sites content isn’t the best or most up to date for the query. The most important part is understanding how to approach them correctly in order to preserve user experience and link juice. This can be accomplished by creating a customized 404 page and installing 301 redirects when appropriate.

What Should I Do With Them?

The web is constantly changing and so are the sites that populate it. Many sites want to change content, and should often, in order to stay fresh. But what do you do in the case of retired pages or a change in URL structure? In many cases I see sites set up to redirect all 404 errors to the homepage. Unfortunately this is killing the site rather than helping it. Approaching 404s in this manner is essentially devaluing your homepage by sending the user and search engines to a page that is not relevant to the original URL.

Another problem I see often is when a site is set up to take the user or search engine to a custom error page but instead of returning  404 response it will return a 200 OK, this is known as a soft 404.

 Webmaster Tools Report

The goal here is to get the visitors to where they want to go, and to keep search engines from leaving the site and continue crawling once a 404 error is reached. So how do we accomplish this?

Well, there are a couple of ways to ensure that visitors and search engines stay on your site while also retaining some of that traffic and link juice from those retired pages.

  • Implement 301 Redirects: Redirecting all 404 errors is not recommended. 301 permanent redirects should be used in cases where your URL has changed. Pages that have been retired should return a 404 response header instead of returning 404-like content.
  • Custom 404 Page: If you retire product pages or pages with content that is no longer relevant to your site then it is perfectly fine to let those 404. Like I said before, 404 errors are perfectly normal. Your approach to them is what really matters. This is when a custom 404 page comes into play. A custom error page offers the user and search engines more options than just dead end.

It is also important to remember that if you do retire pages that will return a 404, you must remove any links to that page from within your site or they will still be indexed.

Importance of a Custom 404 Page

One of the most overlooked aspects of site design and SEO is the implementation of a custom 404 page. Too often I see sites using the default error page instead (shown below), which can result in lost visitors and keep search engines from crawling the entire site.

Generic 404 Page

What is wrong with the page above? Do you think the average user knows what a 404 HTTP Response Code is? This is why customized 404 pages are so very important. A customize page will allow visitors and search engines to continue navigating your website in the event of a broken link or deleted page. Remember, search engines do not have a back button. If you do not include links for the crawling process to continue then the spider will see it as a dead end and jump off site.

Custom error pages also offer the user a more personalized experience and a better explanation of what a 404 is. There are some important elements that every sites 404 page should contain that will keep visitors browsing and search engines crawling:

  • Maintain Consistent Design: The customized page should include the same basic design as the rest of the site. I usually look at this as a “gutted out” version of one of the sites pages. The header, navigation and footer should all be intact so the user has options when a 404 error is triggered.
  • Explain In Normal Words: Like I said before, the average user does not know what a 404 HTTP response code is. Try adding a simple message in the body of the page saying something like “Sorry, the page you are looking for no longer exists.”
  • Provide Links to Relevant Content: A common method I have seen quite often is the inclusion of links right below the error message that takes the user to the most popular product or content pages of the site. Including a search bar in this area is also a great addition that will enable the user to find exactly what they are looking for.