Internet of Things: Conveniently Open (to attack)
The relentless goose step of technology over the past decades has lead to the eventual invasion of the microchip into almost every product in the first world. This has left many astute observers asking what unintended consequences we might be overlooking. As the IoT (Internet of Things) becomes more prevalent, security has taken a back seat to progress. We should be mindful of where this trend may lead.
Smart Devices Everywhere!
In a relatively short period of time, there has been an explosion of IoT devices entering the consumer facing marketplace. They have increasingly entered homes and infiltrated our daily lives. Techopedia defines these “Smart Devices” as electronic gadgets which are able to connect, share and interact with their user(s) and other smart devices. While interactive speakers such as Google’s Home or Amazon’s Echo come to mind, smart devices have a far wider reach. To complement these popular AI personalities, we are now seeing smart light switches, wall outlets, security cameras, and televisions. There are even smart ovens, refrigerators, toys, light bulbs, window blinds, scales, watches, wallets, and key rings – to name a few!
There is something inherently creepy about inviting an artificial personality into your home (I’m sorry, Dave). However, the real danger of these technologies comes as a consequence of how many of them were rushed to market. Manufacturers, seeing more profit from a quick entry had left any consideration for security in the waste bin throughout device development. As a result, the IoT has been left wide open to attack with virtually no barrier to entry. Once an attacker gains one foothold in a network, it is easy to pivot from there and grab control of everything connected to it. This includes every smart device and computer therein.
A House of Unlocked Doors
Is your smart coffee machine having problems? It could be because these connected brewers open up a non-encrypted hotspot every time you turn them on, making them easily compromised by hackers. Remember the KRACK vulnerability we wrote about nearly a year ago? Many printer manufacturers, including big names like HP and Brother, have since decided to do nothing to patch the vulnerability. This lack of response leaves most printers in the wild today wide open to attack. Most IoT devices are even further down the priority list. Manufacturers rarely see any economic benefit in patching them, or in building security into them from the beginning.
It is largely because of these lax standards that attackers have been specifically targeting IoT with their botnet attacks at an alarming rate. By infecting a few vulnerable devices across millions of homes, black hat hackers are able to amass multiple supercomputers worth of combined processing potential from the comfort of their homes. All of this power can then be utilized to unleash attacks, or to amass wealth from mining cryptocurrency at their victims’ combined expense (in the form of higher electricity bills). Researchers have noted that our power grid could actually be taken down by hackers taking control of “smart” appliances, that’s scary.
What Can Be Done?
At Appletree MediaWorks, we always take a proactive approach to information security – our clients depend on it. Given the state of devices on the market today, we recommend doing some research before purchasing any new smart device. It only takes a minute to search “Device Model” vulnerabilities in Google, but it could save a lot of pain down the road. Furthermore, as companies begin taking security seriously, it will pay dividends to support the responsible ones with your purchasing power.
Already have a bunch of devices? There are still several steps you can take:
- Create a separate network for IoT devices
Many new Wi-Fi routers support guest networks. Set this up with a different password from the one you connect your computers to. Then make sure your IoT devices only connect to the guest network. This step will help to isolate your data from some of the worst security holes. - Disable UPnP
If your devices support Universal Plug and Play, disable it. This is a convenient feature for easily connecting to networks, but it is also highly insecure. Not worth the risk. - Keep firmware up to date
Even though manufacturers aren’t always quick enough in reacting to threats, it is still good to keep your devices current. This gives you the best possible chance against emerging threats. Make sure that updating device firmware is part of your regular routine. - Use good passwords
Furthermore, every device on your network should have a unique password. This will limit the damage in case an attacker does manage to get in. - Don’t connect anything you don’t need connected
Okay, so the new fridge can send you text alerts when you run out of eggs. But do you need text alerts like this? Do you mind someone in Russia also knowing that you’re out of eggs? What if they decide to turn on your oven while you’re away at work? - Turn off Bluetooth when not in use
This prevents other nearby bluetooth devices from pairing with yours and stealing data. It also has the added benefit of preserving battery life.
Help Alexa and Siri Find Your Business During Voice Search
You Can’t Just Tell Voice Search About Your Business
Voice search is when a human tells Alexa or Siri or another voice activated device to go on the internet and look for an item or information rather than typing their query into a search engine browser themselves.
“As far back as 2014, Google’s official blog reported that 55 percent of teens and 41 percent of adults in the U.S. were already surfing the Web with voice search. Now, Google predicts that half of all search traffic will use voice search by 2020.” – Website Magazine.
This is great for Google, Apple and Amazon, but it also means websites need to be sure their search engine optimization is prepared for voice search.
Long Tail Search Keywords
People tend to talk naturally to their devices, generally they are asking a question, contrary to just typing in a few keywords and a city to find results traditionally. This is known as “long tail search terms” versus “keyword terms”.
Example:
Voice Search: “Okay Google, find a union printer near me”
Google Web Browser: “Union Printer Pittsburgh”
Local Search Optimization
Mobile device searches frequently are for services or products “Near Me” so it’s vital that your local listings are up to date and fully optimized. The big directory sites are also starting to be sources for the voice search engines, so make sure your listings are accurate and up to date on the credible directory sites.
Online Reviews
Siri wants to send users to the best rated organizations near their users. This means online reviews are vital to help your site be the answer Siri gives, rather than your competitor.
Mobile Optimized
Google started penalizing website that were not search engine optimized a few years ago. We still have unions and organizations coming to us to get their old websites up to 2018 standards so their website loads quickly and is responsive on devices. If someone is on the move doing a mobile search they are not going to wait for heavy images or files to load on your website.
Alexa, Where’s My Business?
When we launch a new website for a client or perform SEO services our packages include submitting the websites to the biggest search engines our list, that list includes making sure Alexa and Siri have the information and tracking codes they need to find the website.
Let’s Get Visual
Visual marketing continues to be on the rise, this makes sense as people are more likely to remember what they see compared to what they read. Keep in mind 90% of the information transmitted to the brain is visual. Social media now places an emphasis on visual content hosted (uploaded) directly to it. Even Twitter got in the game and started allowing photos to be added to Tweets.
Evolution of Website Content
Facebook “Live” videos are the craze right now, this makes sense as we’re seeing video content represent almost 70% of internet traffic. Two Million videos are uploaded every day! A recent survey showed that consumers prefer to watch a video about a product or service over reading about it 4 to 1. One would have never imagined making a career out of videoing yourself playing video games, but that is now a viable career for many of today’s YouTube stars.
Video backgrounds are one of the biggest requests we’re getting from our clients looking to update their websites.
Be a Show Off
If you’re part of an organization get your phone out at every event and training. Capture some pictures of your event, let people see your organization in action. Share those photos to your social media and add them into articles on your website about the event. Mark them as featured images too so that when visitors share your articles your photos show as social media thumbnails.
Keep an area on your cloud storage for just photos. If you use a program like Dropbox invite members to add their photos to a “deposit” folder, then move them to your permanent photo storage folder. Organize them by year and rename them by event and date to make them easier to search for later.
What to Be Aware Of
There are a couple of things to keep in mind while creating visual content for your website.
Keep This Confidential
Some trainings and workplace photos and videos may also be prohibited for confidentiality and business trade reasons. Always double check with those in charge or a facility manager before taking and posting footage in a private business. On a side note, unless posted you generally can take photos and video of public events.
Anti-Socials
Not everyone wants to be on social media or on webpages. Maybe announce when taking a photo that you’re going to add it to your organization’s website or social media. Those that don’t want to be featured will likely tell you. Or better yet include a clause about photos in your membership documentation so you have permission to use images of the membership. Keep in mind many families do not want their children’s pictures and names on the internet, so be sure to ask families before taking pictures of children.
Sound Off
A whopping 85% of videos are watched on Facebook with the sound off, so consider adding captions to your videos you’re posting on Facebook.
Visual Marketing
With today’s phones and tablets equipped with great cameras its easy to capture video. Many affordable programs have come online that help newbies create compelling images without a graphic design background. Programs like Stencil and Canva make visual marketing easy for everyone. You can also turn your photos into videos with free software like iMovie.
KRACK Wi-Fi Attack and What You Need to Do
KRACK Wi-Fi Attack is Whack
A security weakness has been discovered in the Wi-Fi protocol which allows attackers to intercept passwords and do much more damage. This weakness is being referred to as a KRACK attack (Key Reinstallation Attacks). KRACK works by targeting the four-way handshake that occurs when a device connects to Wi-Fi. KRACK tricks the vulnerable device into reinstalling an already-in-use key that the attacker has access to.
“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. “The attack works against all modern protected Wi-Fi networks.
Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
What Can Happen to Me?
KRACK attacks are not limited to recovering login credentials (i.e. e-mail addresses and passwords). In general, any data or information that the victim transmits can be intercepted and decrypted. Depending on the device being used and the network setup, it is also possible to push data to the victim (e.g. changing the contents of a website). “Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations.
Can I Just Change My Wi-Fi Settings?
The exploit is being advertised as affecting WPA2, but this also includes WPA2-AES with WPA-TKIP and GCMP being even more vulnerable! So pretty much any type of Wi-Fi connection you have in your home or office is vulnerable until devices are patched.
How Scary Is KRACK?
As scary as this attack sounds, there are several mitigating factors at work here. First off, this is not an attack that can be pulled off remotely: An attacker would have to be within range of the wireless signal between your device and a nearby wireless access point. This still makes the use of public Wi-Fi extremely dangerous until your devices are patched.
More importantly, most sensitive communications that might be intercepted these days, such as interactions with your financial institution, are likely already protected end-to-end by Secure Sockets Layer (SSL). This type of encryption is separate from any encryption added by WPA2 — i.e., any connection in your browser that starts with “https://”. But keep an eye out for the incorrect certificate warnings that you occasionally see while surfing the web. If you see one, close the website.
What Do I Do?
Hardware manufacturers were made aware of this issue a couple of weeks ago, so they’ve been working on patches and most of them already have updates available to fix this issue. If yours does not have the proper update available, you can try to mitigate attacks against routers and access points by disabling client functionality (which is, for example, used in repeater modes) and disabling 802.11r (fast roaming).
Steps to Take:
- Stay off Public Wi-Fi until your device is properly patched.
- Update the firmware for your router. If you’re not sure how, use a search engine to look up “how to update the firmware for my BRANDNAME HERE router”.
- Update ALL devices you own that connect to Wi-Fi. Update your phones first, then laptops, and then any additional Wi-Fi connected devices. Don’t forget gaming consoles, Echo & Dots, Dash buttons, iPods, smart Blu-Ray players, smart TVs, tablets, some kids toys, possibly even your fridge or washer/dryer, doorbells, etc. Everything that connects to the Internet in your home or office needs to be patched. Tip: After making a list of all our vulnerable devices, our family then changed our Wi-Fi password. This doesn’t fix the KRACK problem, but it stops our in home devices from being able to connect to Wi-Fi until we can get them all updated. Our kids also let us know immediately about the devices we had forgot since their precious devices were no longer connecting to the Internet.
- Finally, although an unpatched device can still connect to a patched access point (AP), and vice versa, both the client and AP must be patched to defend against all attacks!
- Once everything is updated this is a good time to update your Wi-Fi password as well. This is good practice anyways, and there is a chance it may have been intercepted.
How to Update Your Devices
Windows
Windows issued a patch on Tuesday October 10, 2017 that fixes the vulnerability in Windows. However even when patched, affected Windows systems may offload the vulnerability to installed Wi-Fi hardware. Windows users should also use Device Manager to update their Wi-Fi device drivers.
Linux
This effects Linux as well. The process of updating Linux varies by flavor. User friendly varieties such as Ubuntu and Mint come with a graphical “Update Manager” tool which automates the process. These also push notifications to the task bar when important updates are ready to be installed. If your version doesn’t come with a friendly tool like this, it can still be done using the command line. Linux utilizes a powerful “package manager” tool to manage and automate software updates from the web. Your particular package manager will vary depending on which type of Linux you’re using. If you don’t see your exact variety listed below, one of the other commands will most likely work just fine (doesn’t hurt to try them all). Keep in mind that some of these will prompt for a password:
RedHat
yum update
Debian/Ubuntu
sudo apt-get update && sudo apt-get upgrade
-or-
sudo aptitude update && sudo aptitude safe-upgrade
Gentoo
emerge -puv world
Android
Note that currently 50% of Android devices are still vulnerable to this devastating variant of attack. You’ll want to use Google to find out how to update your particular Android device.
Mac OS
According to a report from AppleInsider citing anonymous sources at Apple, the patch to remove this hardware vulnerability was added to previous beta versions of iOS, tvOS, watchOS and macOS.
However, the site’s source noted that fixes for AirPort, Time Machine, AirPort Extreme Base Station and the AirPort Express have not been made available yet. Not coming out with a patch for its routers may not be a huge issue for Apple. In order to work, the KRACK Wi-Fi hack needs to take advantage of a vulnerable router and client device. If your iPhone, iPad or Mac is already patched, it doesn’t matter if your AirPort router is vulnerable.
Apple Devices
Use the Settings > General > Software Update Feature to install the newest updates.
Echo Devices
Amazon is still working on a fix for their Echo devices.
There are obviously thousands more devices out there that connect via Wi-Fi, it will take a very long time for the world to get up to date on this issue, and it’s likely that during that time many other exploits will be found. Our best advice here at Appletree is to keep a running list of your devices that connect to Wi-Fi so you can track them all down for updates when as soon as vulnerabilities such as this one are found.
For more information visit: KrackAttaks.com
The Evolution of Search Engine Marketing
Clients often ask us whether they should invest in SEO (Search Engine Optimization) or SEM (Search Engine Marketing). The answer often depends on the client’s individual needs, but essential to making that decision is truly understanding the difference between the two.
SEO is a long term investment. It involves making tweaks and adding content with the goal of gaining ground on organic (free) search result pages. We at Appletree often compare SEO to buying a home, rather than renting it. Organic search results typically change very slowly, so the results may not be immediate. However, when they do set in, they last longer and take fewer resources to maintain (once you’re on top). Even after you stop investing in SEO, residual traffic will continue pouring in long after.
SEM, on the other hand, has traditionally involved directly paying listing services and search engines for ad placement. Like a rental, as soon as you stop paying, traffic stops immediately. You are not building any equity. SEM has been growing a lot lately; let’s take a closer look at just how it has evolved.
Paid Search
[space10]
Most search engines sell ad campaigns on a pay-per-click or pay-per-view basis. Basically, you set a monthly budget which determines how often your ad appears or how many clicks it can receive before the ad is taken down. While much of this remains the same in 2017, the number of these campaigns targeting local searches has grown significantly. A 2016 study by Search Engine Watch found that “near me” searches had grown 15-fold since 2013. Even as recently as 2016 the number of these searches was still doubling every year. All this new traffic has attracted a lot of competition for locality-based SEM campaigns.
Paid Link Building
[space10]
While building an SEM strategy, it’s tempting to blow your entire budget on Google pay-per-click campaigns. But it’s important to consider that search engines are not the only way people can find your website. Rather than dumping every resource into one basket, good SEM managers have been investing in less traditional forms of online advertising to supplement their search engine budget.
For example, you might contact a relevant blogger, podcaster, or radio personality and offer them compensation in exchange for talking about your business. Some will even grant an interview in exchange for traded services or monetary compensation. This type of “influencer marketing” can be extremely valuable to your brand, helping to build trust among new audiences.
Likewise, online publications often write about businesses in their area. For example, they might write an article about the “Best Union Shops to Work for in Pittsburgh”. Of course you can’t usually pay to appear in an article like that, but it can pay off to become familiar with the publications which might write about you at some point. Paying for advertisements on their site might land you near the top of the picks next time they’re compiling such a list. As a bonus, search engines love articles that contain lists of links since they answer questions while also giving the searcher some choices.
Link Farms
[space10]
On the web, a link farm is any group of sites that all link to every other site in the group. Farmers typically charge a fee to list your site. You might have even seen some of them advertising via junk mail, claiming something like, “Pay Just $99 and Get Your Site on 2,000 Websites”. Usually back links are a good thing, but stay far away from link farms. Search engines caught on a long time ago and consider link farms to be a form of spam. If your site appears in a known link farm, Google will actually downgrade your SEO score. If you continue to advertise in this manner, you may be removed from search results altogether.
Directory Sites
[space10]
Like the local yellow pages, directory sites simply list businesses, usually divided by category and/or location. Directories display information about your business. Though they do provide back links, they are much more useful and reputable than link farm operations. Many popular directory sites, such as Hotfrog, will list your business for free. Most of them also offer a paid premium slot. Paying can float your business to the top of the list. This can be good for getting leads, but beware of spending too much for these – the results can be difficult to track.
A good web company can help build up your listings. They’ll help you encourage the type of reviews that will put your listing on top without breaking the bank. Just like with other SEM, when you stop paying for a premium listing, your business goes back to the bottom.
Is SEM Enough?
[space10]
In general, SEM is good for getting fast results. It works best when supplemented with a long-term SEO strategy. This way, as your SEO gradually builds, you’ll be able to scale back that costly SEM budget over time.
Courts Challenge Internet Speech
Many people view the Internet as a vast playground where they are free to express their online speech without consequence. Recent legal trends, however, seem to be leading us down a different path. US Corporations have been coming down hard with litigation – and often winning – against individuals for offenses as seemingly harmless as writing negative reviews or downloading public information.
It has become more important than ever to track these cases and understand what can get you in trouble. We’ve been compiling a list of recent and classic cases regarding your online freedom of speech.
Sticks and Stucko
Since June, Zillow has been threatening to sue a blogger, McMansion Hell, for using some of its images for parody. The blog pokes fun at the poorly conceived architecture often featured throughout Zillow’s real estate listings. Although the blogger was not even badmouthing Zillow itself, the company still took offense, stating in an absurd cease-and-desist letter that the blog may interfere “with Zillow’s business expectations and interests.”
This is frighteningly broad language from a legal perspective. Must citizens consider the ‘business expectations and interests’ of any company they happen to discuss in public? Furthermore, the images technically fell under “fair use” because they were used for parody.
For now, this exchange has been limited to threatening letters, but keep an eye on this issue. Facebook, Instagram, and Twitter have made similar claims about their content. Several social media giants have even claimed that uploading content to their service transfers ownership to them.
Like It or Shut It
[pullquote align=”right”]…courts may interpret negative online reviews as full on defamation.[/pullquote]Another recent case began when it appeared that a wedding photographer was holding a customer’s photos hostage, pending payment of a disputed fee. Rather than paying the fee, the newlyweds took to social media and began publishing negative reviews about the photographer. In short, the bad reviews ruined the photographer’s reputation and she eventually had to close up shop.
The photographer then came back and sued the couple for publishing the negative reviews, stating that the reviews amounted to defamation. Sure enough, the court sided in the photographer’s favor and awarded more than $1 million in damages. This sets precedent going forward that courts may interpret negative online reviews as full on defamation.
Before you write that negative review, make sure to read through any contracts you may have signed with the company. Lately, vendors have been including verbiage in their contracts which waive your rights to write online reviews – good or bad. Specifically, keep an eye out for phrases such as “non-disparagement” or “agreement not to disparage.”
Really Silly Syndication
Generally, companies publish information on the web to spread the word – usually to as many people as possible. To this end, web gurus developed RSS (Really Simple Syndication) as a standard way of sharing information across websites. People can also subscribe to these feeds to receive updates. So what’s the problem with consuming all this free information? Generally, nothing – but if a company doesn’t like what you do with their information, they may have grounds to sue.
Take the 2011 California court case of Craigslist vs. 3Taps for example. In this case, 3Taps had been feeding publicly syndicated information from Craigslist to its own service. Craigslist decided that they didn’t like what 3Taps was doing with their information and blocked their IP addresses from accessing Craigslist. In response, 3Taps simply changed its IP addresses to get around the block. This eventually lead to a court ruling that changing your IP address in order to access a public website from which you had been blocked is illegal.
A similar court ruling determined that Power.com had violated an anti-hacking law when it changed its IP addresses in order to regain access to Facebook.
Don’t Scrape Me
Presently, a small company called hiQ is locked in a high-stakes battle over its practice of “scraping” information from LinkedIn. Scraping is a type of activity whereby bots gather and index large amounts of information for use elsewhere. Archive.org, for example, scrapes millions of pages of information from all around the web and indexes them for tomorrow’s nostalgia.
When LinkedIn sent hiQ a cease-and-desist letter warning that their behavior violated the Computer Fraud and Abuse Act (CFAA), a controversial 1986 law that makes computer hacking a crime, hiQ responded by suing LinkedIn.
This lawsuit could determine whether courts can use the CFAA to curtail the use of scraping tools across the web. The CFAA makes it a crime to “access a computer without authorization or exceed authorized access.” Courts have been struggling to figure out what this means ever since Congress passed it more than 30 years ago.
One plausible reading of the law – the one LinkedIn is advocating – is that once a website operator asks you to stop accessing its site, you are committing a crime if you don’t comply. The contrary interpretation is that by running a public website, a company is implicitly giving the general public authorization to access it and those permissions cannot be rescinded on a case-by-case basis. Both are plausible interpretations of the law, which makes this a very interesting case to track.
UPDATE: A judge ruled in hiQ’s favor, saying that LinkedIn cannot block the startup from accessing its public profile data. Furthermore, the judge ordered LinkedIn to quit blocking hiQ’s IP addresses. The fight isn’t over yet, however – LinkedIn plans to challenge the decision.
How to Succeed at Search Engine Optimization
Search engine optimization (SEO) is a constantly evolving art.
A successful SEO guru will constantly be learning and researching what makes search engines happy and take advantage where competitors have fallen short. A well trained SEO guru will help improve your site’s flow and content to improve your rankings. There are thousands of SEO gurus out there, and just as many tips. So we decided we’d compile those lists for you.
The bottom line in search engine optimization is Text, Links, Popularity, and Reputation, let’s take a look at each of these topics.
Text
Provide relevant, high quality, and informative content on your pages – especially your homepage. This is the single most important thing to do according to Google’s Steps to a Google-friendly site. This makes sense; if you give your visitors the information they’re looking for, then they will interact with your site longer which signals to search engines that your website has what visitors are looking for.
Content
- Update your website content frequently.
- Blog or write articles, adding a new article at least once a month (weekly is optimal).
- Answer a question for Google.
- Short and dense articles are preferred.
Access
- Your website should be setup logically in an organized menu structure.
- All images and content should be speed optimized.
- Your website must be mobile friendly.
Keywords
- Don’t over-saturate your page with a single keyword.
- Have your image ALT tags on all images that contain appropriate keywords.
- Title tags for the page should also start with the page’s keyword.
Images
- Don’t use graphics to display important content, search engines can’t “read” what’s on a graphic, only its name and ALT tag.
- Name your image something useful such as “Google-SEO-chart-image.jpg” not “DSC48523.jpg”.
- Enable “Enhanced image search” in your Google Webmaster Central account. Allowing Google to find your photos will help your SEO efforts.
Videos
Videos are very popular online right now, your business should be capturing them wherever you can.
- Make sure your website and host can handle playing videos smoothly.
- Videos that show up in Google blended search results don’t just come from YouTube. Be sure to submit your videos to other quality video sites like Vimeo and Yahoo to name a few.
- Make sure your video descriptions are complete and descriptive.
Links
- Internal links should be a clear call to action for users to make their next click.
- Get your website out on “natural links“, aka places you’d expect to find your website listed, such as trade magazines, affiliate sites and industry related blogs and forums.
- “Unnatural links” are those that appear on paid “link farms”.
- Directory listings are good for search results and local results, but again limit them to the big guys, not every link farm you can find.
- Backlinks are links that are made on other websites, they link “back” to your website. These can also be links in social media.
- Understand social media marketing. This is part of search engine optimization – your organization must be on social media.
- For extra credit, links from .edu domains are seen as extra votes by search engines, search for non-profit .edu sites that are looking for sponsors that provide links from their website to their sponsors.
Popularity
Face it: the more popular your website is, the higher its search engine ranking.
- Submit your sitemap through Google Webmaster Tools and other search engines such as Bing.
- Allow and encourage reviews about your business on Google, social media, Yelp, etc.
Local
There’s no doubt when you look around that mobile is growing. Therefore, so are “near me” searches. Get your business showing up in the “near me” searches by optimizing your Google My Business page.
Reputation
- Putting an SSL certificate on your website not only makes Google happy, but helps your reputation as a legit business.
- Don’t fall for “guaranteed” SEO website services, the providers likely are using black-hat tactics that in the end will get you unlisted by Google and other search engines.
- Build your SEO results through steady research and ongoing tweaks and updates.
Other Tips
- Pay-per-click or SEM are not bad things, they also build up your website traffic. But keep in mind, you are renting the traffic, not building the traffic like ongoing SEO does.
- Check out “rich snippets” they make your search engine listing stand out and few brands have implemented them.
- Take a look at your site through unbiased eyes. Turn off your Google Personalized Search results by logging out of Google and using an incognito browser, or Append “&pws=0” to the end of your search URL in the search bar.
- Beware of “black-hat” SEO tactics that attempt to fool search engines with hidden and inappropriate content. According to Google “be careful; if your domain is affiliated with one of these deceptive services, it could be banned from our index.”
In conclusion, search engine optimization is constantly evolving, it takes time and dedication to help your website climb up in search engine result pages (SERPs). Even if you completed every step above, it will still take up to 6 months to see results from SEO. Think of it as building a house, where as Pay-Per-Click or SEM is renting the house. We have had clients run both services simultaneously and eventually were able to decrease their SEM budget when their SEO results were bringing in more continuous traffic at a much lower cost.
Should you build your website on WordPress or Wix or Weebly?
While deciding whether to build your new website with Wix, Weebly, or WordPress, there are several questions to consider.
What is your budget?
WordPress, Wix and Weebly sites all start at free. They each offer premium versions that allow for you to use your own domains, hosting and add-on features. Building and maintaining a WordPress site can be expensive depending on the company you use and what features you want. However, firms like Appletree offer affordable standard packages for WordPress that include all of the tools you need for a successful website.
What are your website goals?
If you just need a brochure type website, Wix and Weebly can meet your needs. If you want an online solution such as certification tracking, member portal, or online dues payments, then you’re going to need an open system like WordPress. When it comes to Wix and Weebly, your hands may be tied if you want to add some bells and whistles that aren’t part of their drag and drop program. They don’t allow custom embedding and API integration.
What’s your technical level?
Wix and Weebly are known for their easy drag and drop programs. There is no technical learning curve outside of their pre-built templates. Learning to use and maintain WordPress may be a struggle for some, and many people need a professional to train them to use WordPress. Again, this varies by the firm. Appletree always includes training hours for its clients to maintain their WordPress websites. We like to say that if you can use Microsoft Word, you can use WordPress.
What’s your traffic goal?
If you just need a short term website for an event or campaign where your traffic comes from a printed card or poster then you don’t need to worry about long term SEO. But if your goal is to build your way to the front page of Google you will find yourself hitting a wall with Wix and Weebly. Unfortunately, you cannot simply pack up your Wix/Weebly website and move it over to WordPress at a later date. You would need a fresh build or to use one of the wonky transfer tools out there. Without a doubt, WordPress wins for its SEO, plugins, and flexibility.
What are your security needs?
We’ve all heard about the hacking of WordPress websites leading to all sorts of trouble such as the US/Russia election scandal and other business vulnerabilities. WordPress can be secured, but you’ll need to press the “Update” button on the dashboard to make those updates happen. With Wix and Weebly hosted websites, security is handled behind the scenes by their technical team. Although, recently there was a cloud vulnerability that opened up Wix sites to hackers – no web solution is completely safe.
If you need a website that is more than a brochure site that will be updated frequently and prioritizes SEO, we recommend WordPress. If you need a simple site for a short term project then Wix and Weebly may be a better option. Website Builder Expert has this comparison to help you best prepare, depending on your website needs.
10 Steps: Protect Your Website From Hackers
A little bit of insurance advice for websites.
So you’ve spent a couple thousand dollars on a really nice website with all the bells and whistles, your organization has put in dozens of hours tweaking it to be just right but what have you done to protect your website from hackers? Just like with a vehicle or your other belongings, you need a plan to keep your investment safe.
Step 1 – Make daily/nightly backups.
[space10]
Automatic backups may already be available from your website hosting company, or you may need a third party program to do this for you. In our experience, some web hosts can restore your files from a certain point; some for a fee, some for free. Check with them to see what’s available and what the restore process is BEFORE you have website issues. If your host doesn’t offer anything, look for a reliable third party program or have your web developers do this for you. We include a full offsite backup service for every website we manage here at Appletree.
Step 2 – Keep your plugins and files updated.
[space10]
Some website content management systems will alert you when updates are available, some do not. When a website update becomes available, run it. We’ve talked over and over about how non-updated sites have wreaked havoc on organizations from information leaks to election hacks. Set aside time on your calendar to run updates, maybe check for them every morning during that first cup of coffee. Or sign up for an affordable maintenance package with a professional web firm.
Step 3 – Run security programs.
[space10]
If you’re on WordPress there are several security plugins available. Most are free, but some offer premium services for a charge. We recommend Wordfence. But again, if you don’t keep your security plugins updated, it can’t keep you safe from new vulnerabilities.
Step 4 – Watch for signs of website issues.
[space10]
If your website is broadcasting “Error connecting to database” or general “Error” messages there may be something going on behind the scenes. Perhaps your website is running slower than normal. It may be time to call in a website professional to take a look at website logs from the back end. Brute force login attacks sometimes go undetected until they kick in the door or a website professional spots them in a log and bolts the door shut.
Step 5 – Choose a good website host.
[space10]
Shared website hosting is the cheapest hosting out there, but sometimes it’s like living in an old apartment building with a fire in one apartment. If one site gets hacked, all sites are now vulnerable. Read the reviews on your webhost, check their Twitter and Facebook accounts for real user comments. Cloud hosting has been all the talk over the last couple of years, but with the latest “cloudbleed” blunder even cloud hosting is being questioned. Dedicated website hosting is a little more expensive, but depending on the type of information you’re storing about your users, its likely worth the cost.
Step 6 – Keep an eye on who has access.
[space10]
Limit not only the user accounts that have access your website, but also the programs that interact with your website. Apps that allow remote access to your website are easy targets for website hacking. These API programs allow for other programs such as social media to add content to your website. Unfortunately, they seldom encrypt your stored website login and password. This open door gets ignored by most website security programs because you granted access on purpose.
Step 7 – Update your computer.
[space10]
If you don’t keep your computer updated and always run antivirus software with updated virus definitions as well as a good spyware program and malware program then you’ve left the keys in the car to be stolen. If your computer has been compromised, a keystroke logger could be recording all of your passwords.
Step 8 – Don’t use the same password.
[space10]
It may be easy and convenient to remember one password for everything. However, if that password gets compromised on one service, it can be used to access your other services. You’d be surprised how many website databases do not store passwords as encrypted. Lax industry standards like this may leave your password open to prying eyes without you ever being aware.
Step 9 – Don’t store your passwords in browsers.
[space10]
Your internet browser seems so helpful when it offers to remember a website password for you, but those passwords are stored in your browser unencrypted and are easy to access if your computer itself is compromised. Use a program that encrypts passwords and stores them safely. We recommend LastPass. It also recalls those password for you when you visit a website but stores them behind the scenes in a fully secured, encrypted way.
Step 10 – Scan your computer periodically.
[space10]
Schedule a morning or afternoon every week to scan your computer for viruses and malware. Since this can take upwards of an hour maybe let it run during your phone calls for that day. If your software finds something, clean it up and scan again until all scans come back clean.
Feel Secure with Website Maintenance
Last week we celebrated Safer Internet Day. For many people it was just a hashtag holiday. For us website professionals it was a reminder of just what our jobs entail: keeping websites up to date and keeping up with security standards to avoid being part of the latest breach.
Let this sink in – 2 out of 3 people have already had their data stolen in a security breach. It doesn’t matter if they had a secure password or two step authentication, somewhere there was a breach. From Yahoo to Home Depot to the latest breach for Arbys patrons, 64% of Americans have had their data stolen through breaches according to WordFence.com.
Stolen credit cards are one thing – the repercussions can be minor (or HUGE). But if a hacker steals someone’s debit card number, they could empty that person’s bank account. This could leave their entire family homeless while trying to recover.
What about the even bigger problem of cyber hacks?
Election 2016 Hack Comes From WordPress
[space10]
Just days after Safer Internet Day the US Department of Homeland Security released a report that hackers used WordPress as a command and control server during the 2016 Election Hack. Yep, WordPress – the same website program used by businesses large and small – had an open door.
How did this happen? Basically, the site’s owner never updated a WordPress plugin even after its author released a security fix last year. A single click to update the plugin would have prevented this type of attack.
Website Defacements on the Rise
[space10]
It seems Safer Internet Day also became a competition to hackers with website defacements on the rise by over 26% in just 24 hours. To put that in numbers, that’s over 1 million websites defaced with messages from the hackers bragging about having breached your website. From small sites to the National American University, no website was safe. Not sure if your WordPress website is susceptible to this vulnerability? Get ahold of Appletree MediaWorks. We can determine the status of your website and help you get things updated and safe.
You Need a Website Maintenance Package
[space10]
There is a reason why good web development firms offer monthly maintenance packages to keep your website updated and running: security. The majority of our clients take advantage of our affordable maintenance packages. They trust in our union team to stay up on threats and updates. We’ve had clients that choose to save a couple of bucks each month and maintain their own sites. Some of them are diligent about running updates and stay safe. However many of them don’t, leaving themselves open to security holes like the websites we keep hearing about in the news.
