I received a client email that was riddled with misinformation someone had told them regarding SSL. This post has been on my mind for a long time and this seemed to give me the perfect opportunity. This also a timely topic with hacking being in the news and Google losing yet another 2+ Billion lawsuits in Europe, both of which related to this topic.
To understand the role of SSL in security and how it’s being co-opted, misused, as well as touted as the end game in cyber security as well as SEO, one must first understand how and what all these things are, as well as the proper application. Every day I see people throwing around a lot of words but most people don’t really know what they mean.
Hacking
So, let’s first look at what hacking actually is and how to avoid it. Of course, the most understandable definition is breaking into a computer, network, or account and gaining control, usually for nefarious purposes.
Brute Force Hacks
is when a username and password combo are sent repetitively to a computer or server in hopes to gain access. This can be done via Shell Logins, FTP Logins, Email Logins and Website Logins (such as WordPress and Magento).
By way of oversimplification, there a few ways to slow a brute force hack. Usually, this is seen when the end user experiences a lock out because they have logged in wrong too many times. This slows up the process because often users are blocked for a period and the system administrator is notified. And of course, using a secure password is mandatory. When someone uses a password of password or qwerty1234, it almost guarantees a break-in. No SSL encryption can save stupid.
FTP, Telnet, SSH
These three protocols are ways people access remote systems. And are also weak spots used to access and gain control of networks. Often malicious code is uploaded that will allow the servers to be compromised with things that monitor keystrokes, opening or exploiting security holes or running a spam mail zombie or phishing email campaign, usually with an accompanying website hack that fools users into turning over their usernames and passwords.
Using an SSL encrypted protocol (SFTP, and SSH) will slow hackers down and are a front line of defense, but the way to stop exploits of these protocols is great security policies, patching servers and a hardware firewall with intrusion protection that protects the entire network (something our web hosting accounts receive free of charge).
Virus Activity
Hackers use computer viruses to take over computers, networks and sometimes countries, such as the Ukraine experienced just this last week. Ransomware is just the latest iteration of virus that attacks mainly unpatched versions of Microsoft Windows and locks the owner out of the system until a ransom is paid.
In most cases, viruses are one of the simplest things to avoid. Unpatched systems and Email users are the two biggest failure points that allow the virus to infiltrate the computer or network. And in most cases, the viruses are designed to either help spread the virus or cause outages in things like DDoS attacks. I’m not even sure I want to say that SSL offers any level of enhanced security here because, in my opinion, most causes of a virus spreading are because of human ignorance or apathy.
So, what is encryption?
When speaking of encryption in regards to cyber security, the simple plain text is taken and scrambled so it is unreadable to a human. There are fancy words like ciphers involved in this process, but unless you’re a security wonk, there is no need to go into that.
Again, a way oversimplification (although important). Basically, when a file is encrypted, it’s scrambled and along with it is sent a key. If the file is intercepted it is of no value to the interceptor because they do not have the decryption key that is sent along with the file. Presently and 128-bit Encryption Key is the standard and believed not to be breakable, but as computing power and hackers advance in this war, it’s only a matter of time before we need to move to a 256-bit Encryption Key.
Encryption and SSL
SSL or Secure Sockets Layer is the connection that is opened between two computers, i.e. a website and your computer that allows sensitive data to be transmitted securely between the two computers.
The way SSL was intended to be used is when a website needs to pass sensitive data, the SSL is called (for a website its HTTPS, for FTP its using SFTP and so forth). Usually, that is things like credit card numbers and passwords. The SSL also confirms that the data that is sent is the same as what you receive, as well as validates the computer that is sending the data to your computer. Browsers are also programmed to alert end users when a connection is not TOTALLY secure, with totally being the operative word.
When SSL is activated on the page, it means that every file must be encrypted, including images and graphics or the browser will alert the end user if it is not. But Google has taken this to a whole new level.
Now before I go any further, I want to say that when SSL is used properly, it is a very good thing.
SSL SEO and Privacy
So, last week it was announced that Google was fined another 2.7 billion in the EU over manipulation and privacy concerns. This is the second time this has happened in the last few years and the lawsuits against Google continue to mount because of the amount of data it collects on each user, their query and how that data is used. And in my opinion, what in essences amounts to a demand of each website owner by Google that their sites be made secure is born out of this.
So let’s talk about the pros and cons of making your whole website secure regardless if you’re the one passing sensitive data. Nearly 2 years ago (and what seems to be around the time of the first EU ruling) Google came out saying that it was going to offer and organic SEO credit for any website that forced their website to respond as HTTPS in all cases regardless if sensitive data was being passed, such as a credit card or password. The whys they requested this is lost in the hyperbole of it all in my opinion.
So webmasters ran out, bought SSL certificates installed them, forced their site to HTTPS to activate the SSL in the browsers and their websites sunk like a rock. Word quickly spread that this was not a good idea after all and webmasters started to back off the idea.
Why Forcing a Website to HTTPS Breaks Organic Search?
Simply it breaks the link profile of a site for a substantial amount of time. It seemed that initially, there may not have been an adequate consideration of the effects on and impact of links in relation to how a website ranks. So, taking http and forcing it to https, even via 301, saw the effects of those links be devalued, thus causing smaller sites to tank. It is even possible that even Google underestimated the deduction a site would receive and did not provide adequate compensation via their magic SEO credit they said everyone would receive.
Eventually Google seemed to change the way the SEO credit and 301s and 308 codes were handled to give more credit for the process, trying to add better incentives to make the move to HTTPS. But it seemed that loss, although not as great was still not worth it.
So Google turned up the gas, and started using their browser, Chrome, to alert end users that the website was not safe. And even the simplest non-ecommerce websites were having end users alerted about the website not being safe. Now again on the surface, this sounds good but a small engineering first with 5 basic HTML pages that request no personal info really has no business being required to use and SSL connection without Google issuing a scary warning about internet security, especially when Americans are hearing nightly about hacking, ransomware and such.
This of course lowered conversion and forced many webmasters to convert to HTTPS, regardless of the reduction in organic search. Google continues to be aggressive in warning chrome users of sites that are not using HTTPS.
It has taken approximately 18 moths for our lower trafficked sites to stabilize after conversion.
From an SEO standpoint, there isn’t’ a great reason to do it. From a conversion standpoint, there are many reasons to do it. But from a system admin side, the side that is often overlooked there is a lot of negatives.
4 Sides of the SSL Discussion:
- SEO Viewpoint – To convert a site to SSL, there still isn’t enough ‘credit’ being offered to make this be worthwhile. Expect at least 8-12 weeks minimum of upheaval.
- Conversion Viewpoint – Big scary warnings about your website, make this an absolute slam dunk as to why this need to be done and outweighs all the other reasons in our opinion.
- Website Owner – There are security benefits from using SSL on parts of websites where passwords are involved, but to secure the whole site for a password is not necessary.
- System Administrator – They are not thrill with this improper use of SSL. SSL should only be used with something needs to be encrypted. So, if buying a product, and adding a credit card SSL great. Logging into a web account would be another great use. But using SSL just for the sake of doing it, it is a unnecessary burden put on any server and slows websites down. Honestly, from the hosting side of this, the imposed use of SSL really is maddening. It is an unnecessary blanket use of something. So why would Google go to such lengths to force webmasters to use SSL? Great question, isn’t it?
Why Google Why?
Noticeably missing from my viewpoints of SSL is the end user and that is where the truth lies. This is all being done to protect the end user so seems to be how the story goes.
But what are we protecting the end user from? Remember the proper use of SSL is to stop the user data from getting stolen. Google is going to great lengths to force website owners into the use of SSL, so much so they are using Chrome to cajole SEOs and website owners into using SSL by making the warnings about entering an http website more and more visible. And offering credits for better organic SEO results seem to reinforce that Google can manipulate search results by rewarding certain behavior that is unrelated to punishing people who operate outside its guidelines. It would seem this issue is very important to Google. And in my opinion, it transcends the ability to buy something on the internet.
One hypothesis and opinion may be that this is an actual legal strategy or defense. SSL protects user data. So with the myriad of lawsuits Google is facing all involving user privacy would the universal use of SSL blunt the privacy lawsuits? Will this still allow Google to collect and sell user data, but yet now be able to argue they are doing this securely? It would explain the big push to force everyone on the planet to make their websites SSL.
So is the juice worth the squeeze. From a pure SEO standpoint, no. The credit is not large enough to offset the loss of link juice on lower level sites and with Google now using your traffic as a ranking variable it’s a recipe for disaster. However, if Google is going to put big scary warnings on websites via Chrome which is now the most used browser coming in at just under 50%, website owners have little choice but to implement SSL on their sites.
So, this story caught my eye because of the domain registration aspect of it. The story seems at its core to be written to embarrass or implicate the President as opposed to giving business owners good sound advice. There is a definite lesson for business owners to learn from this story.
The people managing the Trump brand must be applauded for proactively protecting it. The purchase of negative domains is a smart choice with huge implications that small business owners should understand and act on.
As any successful small business owner knows, not all customers are above reproach. Some have an unrealistic expectation or standard. Or, they have gone out of the way to create a circumstance. I was waiting tables back in college and I will never forget the family of 14 that orders 14 lobster dinners. When they were done, we watched them open a matchbox and let a few roaches out on the table, call the manager over and demand their dinner for free. That was so 1980s. But in 2017, the issues are far more complex and far reaching and longer lasting. The internet has a memory, and as anyone can tell you deciphering the truth at times can be difficult.
History of Domain Registration
Back in the 90s domains were expensive. From 1992-1999, domains were provided by Network Solution on a private government contract. In 1998, ICANN was born to oversee the deregulation of the domain market and by 1999, there were 15 companies approved to be a domain registrar, with ICANN making the rules to keep the peace and protect the consumer. During this period, you didn’t see people registering thousands of domains. And frankly, businesses weren’t too savvy about this.
2000: The Year That Changed How to Buy a Domain
In 2000, domain buying changed forever. The marketplace became competitive and the 15 new registrars hit the street. Register.com, Domain.com and of course Networksolutions.com were now selling domains and pricing dropped almost immediately from $75 a year to $35, and then into freefall. Standard domain registration still costs $11 for the rights to buy them from the registry and then resell them back to you. But you will find them anywhere from free on up to $40 depending on the company. Often companies use domains now as a free promotional item, ACTWD being one of them.
With cost no longer a consideration, this change brought with it a lot of other challenges that no one ever really considered.
- Domains were bought as investments – Many folks thought domains that were not previously registered was because of cost. Windows.com, Business.com were amount the few biggies and they became instant lottery tickets.
- Domains were bought to extort money – Domains were often purchased to elicit a payday. People would pay high dollar to recapture a domain that was important to their brand. This is known as cyber squatting.
- Domains were bought to confuse – Domains were sometimes bought to cause brand confusion and misdirect people to erroneous pages.
- And some domains were bought – to defame, complain or disparage.
ICANN did step in and make some terms of service that stopped people from buying domains to confuse people or allowing them to squat on domains that they were not entitled to. However, in many cases it did force a legal action. In most cases, the resolution left the domain with the original owner, not the perceived owner.
For example, a Texas senator’s name was used for a domain that in fact pointed to a website for another political party. It is our opinion that registering any domain related to the brand is the right move. If you can think of it, so can they. Read on.
After Market Domains
The next cottage industry that sprung up in this wild west of domain ownership era is what has become known as the aftermarket. These are domains that expire accidently and are picked up by someone else. Now initially, it was not uncommon to grab a domain within a day or two of it expiring.
ICANN has also passed regulations to deal with this as well and I’ve written about domain redemptions in the past. But once a domain falls out of redemption it can be auctioned. These auctions can be expensive.
And There are Those Who Suck
And then there are individuals that buy out domains with the word sucks in them. Some corporations do own those names. Famous people, even recent former presidents seemed to have allowed those domains to remain unclaimed, or missed the boat. It is stunning to me how many corporations do not have their name and the word sucks, stinks, fraud or scam after it in their domain portfolio, and therefore not within their control.
A Good Defense is an Aggressive Offense
So, for any small to mid-size business that reads this post, please register your domain with any negative connotations that can affect your bottom line. If you are a down line marketing company, retail energy provider or greeting card company, you might want to consider your company name and pyramid scheme or adding the word fraud, scam or sucks. Be as vindictive as you can and come up with any variant. The more variations you can come up with the more protected you are against a disgruntled employee or customer who can make a lot of trouble for your company.
As for the Trump Organization, kudos to them for being proactive and shutting down rogue websites that bear the name. It is not an indictment or admission of guilt. Rather, it is a proactive blunting of someone who may want to harm his family’s company. The only thing it makes him is smart. Best of all, he is leading by example and teaching the nation’s businesses a lesson in branding that all business leaders need to learn regardless of their size. Love him or hate him, this is the proper course of action for anyone in charge of protecting a corporate brand.
Every day when I come to work, my mailbox is flooded with people that have domain issues. Two years ago Tucows came to me and asked if we would help with all the problems domains out in the marketplace. To give a little back story on this, Tucows is a wholesale domain registration company, meaning only people like me, you know a web hosting company, can buy from them, and those resellers then service the clients. Tucows is not allowed to interfere in the relationship. But, as many have experienced, not every company is like ACTWD, committed to its customers. So we were a perfect fit for Tucows, because had been with them as a vendor 15 years, and we knew the ins and outs of domain ownership.
So as with most of my blogs these days, they are customer inspired. And so it goes with this particular blog. I received an email from a customer who didn’t want to pay redemptions fees and explained to me how his domain was worth $1.
First, let me explain about domain name renewals and how that process works. Domains are ‘purchased’ from the registry. In the early days, the government ran that registry, and you basically purchased or really leased that name from the government. They maintained the name servers which then translates the domain from letters to ultimately land at its numeric home. After all, servers work off IP addresses, not names. The basics are still the same but in 2001, domains were deregulated and allowed to be sold by multiple companies, with Tucows being one of those companies. These type companies are called Registrars. Not to be confused with the registry and its governing board ICANN. The registry is above the registrar, and they set the rules.
The rules go like this. You have to pay your domain fee annually. Prices wildly, because some use the domain to incentivize purchase, so this is where domain pricing under $10 happens. Know anything under $13 total price, the company is taking a loss on a .com/.net/.org domain. You can buy(and I really mean lease) that domain for up to 10 years. Yes, I know some folks sell 20 and 100-year domains. It can only be renewed up to 10 years at any one time. The rest of your money will be disbursed (if the company is still around) down the road.
If your domain expires you have 40 days to reclaim this domain for its normal renewal rate. HOWEVER, I have had it happen that domains were taken almost immediately and sold to the highest bidder before they should have been. That has not been the normal course with Tucows, but I personally bought one from a competing registrar that was expired for 5 days. Bluntly, domains have value, regardless if you as the domain owner recognize that. I will explain how later in this article. You should never let your domain expire or depend on your web hosting company to just handled it. If you cannot be billed, your card on file is bad, or any combination there of, the domain will not be renewed.
At the end of the first 40 days, the domain will fall into a period called redemptions. This is where things can get expensive. The registry retakes the domain and places a hold on the domain until approximately day 61. In doing so they charge the Registrar a large fee to have the domain back. And this is where I see a lot of customer confusion when we give pricing. Depending on the extension that fee can be over $500 to reclaim the domain. There are now hundreds of domains extensions and each one has their own redemption policies attached. Canada or a .ca charges just the one-year renewal. And .i0 charges $300+ USD to redeem the domain. There really is no way around this.
At the end 90 days, that domain can (notice I said can) be released back into the general population and become available for ‘normal’ registration. Most never make it to this point. What most domain owners don’t realize is there is an entire cottage industry out trolling for aftermarket domains, which is a fancy way of saying previously owned domains. Our SEO411.com was purchased for $5000 in that exact manner. So why would we spend crazy money like that on a domain when we could have just bought something else.
Why would anyone want your domain? What happens to Domains that are not Renewed on time?
There are many reasons why people want aftermarket domains.
#1 The domain Is catchy or sounds great, or could be developed into a great brand.
I personally hold domains like Mixed-up.org, that I was given to me by a client years ago. Great domain. Not sure what i want to put on it. But great domain. I have named whole companies based on domains I’ve purchased aftermarket. SEO411 is one of them. Exclusively Commerical (sells commercial lighting), Basic-Natural sells all natural organic products. When I look at aftermarket domains, I get the best branding ideas when I walked among expired domains.
But why bother with that exercise anyway? That leads us to the next reason.
#2 Old Expiration Dates
Those of you that have met me know that I often say that my eyeglasses have Google prisms in them. Meaning everything I do I look at it through Google’s eyes. There was a time that there was a feeling that Google would sandbox domains, meaning they would stop a brand new domain from ranking organically for a specified period of time. There was a time that people would spin up websites, rank them using black hat techniques until Google caught them. Buy a new domain, move the content and do it again so this was Google’s defense. But for new business owners, most can’t afford to sit in a sandbox for a year waiting for traffic to come.
So in the mid-2000s when we would onboard a new customer, we would look for an after marketing domain to give the client the best chance at quicker successes. Somewhere in my psyche I still view domains registered prior to 2004 as special. And ones that are 1990-something are rare and I scoop ’em up anytime I see them for a reasonable price.
For the purposes of building a site on the domain, always check to see if it has a Dmoz Listing, make sure that google hasn’t banned the domain, and how old is the domain. Just so we are clear there are a lot of banned domains out there. Domains with a bad link profile that can’t be salvaged Or pages that were used to spam are often why domains are banned from Google. (sticky note reminder on why domains get banned blog post).
#3 Pick the Carcass
I know a little graphic huh? Paints the right picture though. Well as many SEO folks know link aquisition is pretty hard these days. The days of reciprocal links are over. The days of setting up a directory long enough to make the links, done. Site are penguined all over the place. But out in the world are these domains with great PA or PageRank (yeah yeah, know its dead) that are just sitting out there for $19 that can be bought after market. Some have Dmoz links, although those sometimes have a higher value. Some have sought after hard to aquire links. So sometimes people go in and move that link credit to a domain that they are trying to promote. It takes alot of time to do this, but sometimes its just easier to just do this rather than write good content, and build a proper link. We don’t advocate this, but this is another use for an after market domain.
#4 Build a Private Blog Network
Did you know that there are people that by after marketing domains so they can build websites, get link credit to it and then link to their client websites. These are called private blog networks (PBN) and in my opinion, this is a link building technique that is just primed to be penalized when they can identify it. They host at multiple webhosts so they is no apparent affilation. Then strenghten those websites to build links to their own websites that need links. Google knows this is going on and my guess is they will eventually figure out a way to stop this practice but for now, old expired or abandoned domains are very very valuable to the web marketer.
What is the Value of a Domain?
So the customer that inspired this emailed telling us his domain is worth $1 and that was all he was willing to pay for it. But what value does a domain really have. I was just looking at a website we run that is ranking on 26,000 terms organically with an estimated traffic value of $394K a month. That’s not the norm. But there are other hidden costs. Business cards, email and brand value. Even if your a tiny guy. If your customers know you, its hard to rebrand.
Rebranding has to be thought out and shouldn’t be inspired by not paying for your domain renewal. And if a big enough company the cost for this can be extermely expensive. Things like Google My Business hates conflicting information so mixed up domain info can cost you in in SERPs too.
When I appraise domains, I look at things like age and their links. The Google rankings and if there is keyterms on it. If there are, what are they. But a domain exceeding 5-7 years old, always has an interinsic value to an SEO firm and they are out trolling for them. You may have heard stories like business.com being sold for $8M. There are two domains we have recommend purchasing that were $25K plus. We have bought some really good ones for $2500-$5000. And to me every dollar was well worth spent. So look at your domain as an investment.
One alternative should you find yourself in domain redemption is to use a service like Snapnames that trieds to claim the domains as it comes out of deletion. You may lose some of your street cred because it will issue the domain as newly registered. But it may be better than the alternatives. There is also a real chance you dont get your domain back. Bottom line renew your domain redeem your domain. And don’t let someone else snatch it out from under you. The absolute beset advice we can offer is renew and if you have to redeem. Its the only way for you to maintain your value.
The concept seems so simple, doesn’t it? Backup your website. In addition to web hosting, we also register domains and have been with Tucows for nearly 16 years. About two years ago they asked us if we would be willing to handle all the people that have bad web hosting companies and domain resellers that don’t handle their responsibilities to customer properly. So we agreed.
Since then we have seen and heard some of the craziest domain and hosting screw ups. This morning a gentleman called Bernie called, and Bernie lost his domain because of one of these bad domain resellers and that’s how he ended up on our phone. Very long story short, he spent hours building a website for his church only to have that website just vanish. So I thanked him for today’s blog post idea. Why and how anyone should back up a website.
So first let’s establish why backup your website. It seems so basic I shouldn’t need to say it. However, there are a few circumstances that should be considered. First off as I am saying have a backup, I mean outside the web host or your office building. Having a backup on the servers hard drive does not count. Having one in Dropbox/One-Drive
So here are a few reasons why you need a good backup:
#1. Most web hosts do not back your website up, especially low-cost solutions
#2. Your web hosting company goes dark
#3. If your web host has a copy, their version may be corrupt, or doesn’t include recent updates.
#4. You need a copy if you ever want to move elsewhere
#5. Acts of God, think tornado or Explosion. You need an off-site backup
The first three items are the issues we normally see. Something bad happens and bam the website is gone. It is one of the reasons that I don’t like the wix/weebly/web people either. You cannot back those sites up to move your site elsewhere. It puts anyone at the mercy of their web host.
On alternative that I talk a lot about Wordpress and WordPress hosting. And that too has its own set of issues, but I think this makes a far easier set of circumstances. The first thing to understand is the difference between hosting a WordPress site (.org) vs. Free WordPress (the .com site). If you build on .com, you are using a free version that does not allow some of the most popular
If you build on .com, you are using a free version that does not allow some of the most popular plugins, but it’s a great learning tool. The only issue is when your ready to graduate the site can be moved via importing and exporting posts. The .org version allows you to have cool tools like the Updraft Plus backup solution. That migrates your site. Migration moves the site in tact, where as the import/export function will only keep your content.
Updraft is really a great tool. It allows you to backup your site prior to making changes. It also allows you to easily restore a site if you make a huge mistake. I found this out the hard way when I tried to change the theme on this site and blew up my navigation. Had I taken my own advice I could have easily reverted the site. Instead, I had to get my system admin involved to help me recreate the parts of the site that got decimated.
If you aren’t running a WordPress site you need to investigate what backup methods are available. I am a big proponent of using Dropbox as an offsite backup solution for both Computer and a website. It can be as easy as downloading your files to a folder that will sync with Dropbox.
And if your a mid-size or large corporation, you should have a disaster recovery plan. Again Explosion or Earthquake. Flood or Failure of hardware. As I type this you would again be surprised at large corporation that does not have proper backup systems in place. One system we are high on is Datto. It allows quick server restores in the event of failure. But there is a cost and many businesses shy away from it.
As I am sitting in my office, I hear my staff on the phone with yet another person without a backup asking if we can help them move their site. We have no problem doing things like this, but the reality is if people would simply have a backup, their lives woudl be much easier.
So this week it seemed was Google Speed week. So as both
the web hosting company and the SEO company, we get a lot of how do I fix questions. Inevitably, it’s not usually a web hosting problem as first presented to us. (‘Google says my site is slow. Fix my hosting”) Most times it’s a design question When these calls come, the first thing we do is look at the Google Page Speed Test, which can be sparse on solutions. Also, Pingdom, gives oodles of information and usually is more helpful in addressing issues and the one I like the best, however, is Webpagetest.org. 
The waterfall gives you a clear picture of any issues you may have and a graphical way to understand the slowdowns. Now on ACTWD, I know those slider headers have to be minimized and because I have a whole redesign sitting on desk I’m not bothering with addressing it until it rolls out but at minimum I understand the cause of some of my failures and they are acceptable at the moment because the site is still scoring @ 89 despite them.
Now without a doubt, the one thing that is required to pull a passing score with Google if you are using WordPress is a caching engine. What we use here is W3 Total Cache as well as Auto Optimize. When configured properly this clears up a majority of what Google complains about with predominately WordPress sites. Now I say WordPress, not because I’m singling it out but yesterday I ran a bunch of tests across our entire network. I was looking for any ‘hosting-caused’ failures.
Additionally, I have added an extra layer to our network intentionally that most normal folks don’t have which is intrusion prevention. This literally inspects every packet and confirms if its is known hack and stops it. So I needed to make sure that this procedure was not causing issues. So I randomly pulled sites from each of our servers and here were some of the observations.
Customers with very old websites, most built in MS FrontPage 100% passed the speed test.
Customers running custom CMS systems (and we have quite a few), 100% passed the speed test
Customers running OSCommerce 100% passed the speed test.
Customers running Magento 100% failed the Server response times.
And most importantly every WordPress site not running Cache failed 100% of the time.
So what we learned from our test is that the added layer of security had no negative impact on sites ability to load quickly. But more importantly, the DIY website builder or a customer with a less experienced web designer, need to understand that they must use a caching plugin or suffer a diminished speed.
Additionally one of the reasons we use the W3 Total Cache, because it addresses issues that google keep displaying about scripts and image compression. The plugin helps minify HTML and CSS. This is two sticking points with Google. Minification is a process that removes unnecessary or duplicate code. This is stuff normal people don’t know how to do.
Leveraging browser cache may be a little harder to control for the average user. When we see this, it usually is coming from third parties, Facebook, Google to name a few. You may choose to run those scripts locally to be able to control them better, however you will need to monitor this. You will to be notified about structural changes and things make break so it will require some level of diligence.
And then we saw this one yesterday. We disabled Google-fonts because we were taking a hit for using them. Now if you stop and consider why the answers goes all the way back to when I rookie back in ’97. The first thing we were all confronted with was not to use non standard fonts. If you did, the website reverted to time’s new roman, which is really ugly. So while we were cleaning up the speed on a site we had recently stood up their brand manager called saying that the fonts weren’t right. “Their Font” was having to be rendered and impacting the loading speed of the site. So although this sounds so 1997, it still is advisable to use standard web safe fonts and not pick fonts that require rendering.
As I thought about the font situation, it struck me that as far as we have advanced in web development, personal devices, pads/tablets. These speed concerns, which are valid only arose because people got sloppy with their websites. The younger groups don’t remember the days when a 1 meg took minutes not second. And as we try to be cooler with our design, some are forgetting the basic principles of running lean and quick. WordPress makes it easy for the average user to integrate items that in the past would of been costly but unless you utilize caching and minification techniques. You are going to have a slow bloated website that is not streamlined, making it slow and awkward for the end user.
From the Web Hosting side. I don’t want to minimize something, you web host can ultimately slow your website down. Servers that are overloaded, hacked or just not optimized right will cost you points on your speed. So picking a dependable web hosting company is extremely important. I”m fortunate here, I could take web hosting bottleneck, poor configuration and hacks off the table because we had already addressed the server part of this and continue to do so with every server we stand up.
I often read articles about what it takes to be successful at SEO. Content, Links, and Social are all the usual suspects. But the one thing that is constantly overlooked is a sound technical understanding. And I think this is where many SEOs are lacking, and to me the one benchmark that often shines a light on the pretenders. Here are some reasons why more than average technical skill is needed to make a page rank.
#1 Know How To Avoid a Hack – 
I know it sounds so simple, right? But hacked websites are now denoted in the Google listings. See my example to the right. Who is going to click though to that site or pick them as their web host? How damaging is this? And it takes several weeks to process a re-inclusions request. Depending on the depth of the hack, you may have errant pages published to a directory that you end up with many bad links pointing to you. Some day I’m going to write a WordPress Security Survival guide, but one of the best tips I can give in the meantime is to keep your WordPress install up to date. A hacked website will definitely cause you problems, and having a good tech background will help you.
#2 Understand WordPress Plug In and Themes and the Impact They Have on Your Website
WordPress is a great, but it sometimes allows designers to exceed their expertise and sell a bad product to their client. Over bloating with plug-ins makes the site run slow. Simply cleaning up the saved copies of your posts will speed things up. But when there are too many plugins the site runs slow, and Google does not like slow running websites. Plugins also make more ways for your site to get hacked (Yoast has this last year), so it makes a lot to keep up with.
But even bigger is themes. You truly have to watch 3rd party themes. They are often bloated and have embedded links back to their own site that you can’t see unless you turn the style sheets off. Firefox still allows you to do that, and it’s a very easy thing to check. When I have done this on sites we are bidding I have found all sorts of trash. One in particular was funny because it had a built-in address in the stylesheet that had the address as the MilkyWay Galaxy and links to Apple. This was hurting that companies website as they asked me why they don’t rank here in Houston.
#3 A Programmer Can Make or Break You
I love to tell stories, because they always highlight the points I’m trying to make. And after 18 years, boy do I have alot of them! So, I have a customer who has about 350,000 products on his website, and it used to knock it out of the park on SEO. Now they wrote the site custom, it used Windows, and I think the last time the code was updated was 2003. So he hired an outside firm to rebuild this site, and he knew enough that the 301s needed to be set. But he never verified that they were working. So he flipped the site in May and by August the traffic was off by about 60%. So he calls us to see if we can help him. Yup, never checked that the 301s were being issued correctly on the server. The pages refreshed to the right place, but were issuing the 301s.
Many times Web Designers don’t even do a 301. Those are amateurs, in my opinion. I can’t tell you how many people walk though my SBDC class saying that they had a website that ranked really well and they converted it, made it mobile friendly, which is code speak for moved it in to WordPress, and the entire site vanishes from Google.
I think we are very fortunate because we came of age in this industry. My system admin is a programmer too, and he not only helps ferret out code issues, but he makes the server dance. I can’t begin to tell you all the problems he fixes either with web servers, bad coding, or customers that are a bit befuddled as to what they are to do. I have customers that circumvent their own in-house people and come to Charlie first.
#4 Your Web Host Can Also Make or Break You
I always have trouble addressing this because I constructed a whole web hosting company because no one would do what I wanted and how I wanted it done. So maybe that tells you my opinion of web hosting companies. But let’s talk examples for a second because I don’t want this to be an infomercial for us.
- I have an SEO company in Tampa that uses us because Google picks sites up and caches pages through us almost instantaneously. This company had tried Network Solutions (web.com), Godaddy, HostGator, and no matter what, by simply moving a site to us the site ranked and cached.
- I took in a new client in the fall that flipped his site to WordPress and lost all his rankings. There really wasn’t anything wrong on the surface, other than out of 200 pages Google only picked up about 10 pages. He was with GoDaddy, and after a little digging, the server the guy was on had an overseas website on it and sites used for mail distribution. He moved to us and 199 out of 200 pages were indexed, with no other change made.
Because all we care about is Google, we built a great neighborhood. We don’t host porn, we don’t allow email distribution lists, we have firewalls that sit in front of the whole network that not only don’t allow the bad stuff in, it doesn’t let bad stuff out either. And then beyond that, I often see on SEO boards people trying to figure out ‘apache’ type things. Error in a 301 redirect. Site throwing a 403. And a myriad of other things that make you look bad. At most hosting companies your problems are your problems. Make sure your web host is willing to help you solve these problems or make sure you have in-house people that actually know how to do these things, where as we have run in to that too.
There are so many things that I do over the course of a day that I take for granted that require me to have a great tech background when it comes to SEO. I watch logs in real-time to help with conversion and to spot errors. This weekend I started to migrate an old website of ours and moved 40 pages, set up 40 301s directly in the .htaccess file. I know every page I’ve moved is issuing the right 301. I found several 403 errors that I need to fix. I have a few other places where the domain is appending itself to the end of the URL and creating 404 errors. These are all things that if left unfixed would affect how my site ranks, and most people don’t know how to find them let alone fix them. I truly believe that the SEO company needs to be a full-service company that understands all aspects from the pretty paint job on the website to what’s under the hood on the server level.
There is a new disease emerging in the web design world. It affects web designers, who through the power of WordPress, makes them look like programmers. It’s called Plug-initus, or the over use of plug-ins on a website. Fortunately there is a cure. First let me say we love WordPress and are one of the most knowledgable WordPress web hosting companies in the market place. Luckily, we have a programmer here that can repair many of the symptoms caused by those with Plug-initus. Some of the side effects of this disease are security threats, downtime, website slowness, and Google just hating you (this one can be fatal!).
What is a WordPress plug-in?
By way of a small history lesson, WordPress is an open source platform that allows developers to build elements of the website that are not included in the basic build and plug them into the website, thus the name plug-ins, and in fact really has become an entire cottage industry on its own. As I write this I realize I am showing how long I’ve been in this business. Initially WordPress had no guidelines to do this, so you would install one plug-in from one vendor and it would crash the website because it conflicted with another plug-in from a different vendor. You always had to make sure you backed your site up, because sometimes this would make the repair unrecoverable.
The reason for this is that the code is appended to the basic WordPress files, and because all the plug-ins were written by different people, they often would overwrite code that was needed by the others. This also made updating a WordPress install extremely difficult because the core files were changed, and an upgrade with the wrong plug-ins and Bam, no more website.
So WordPress came up with a core build and an API that standardized the plug-ins across the board, and the world of at least the web hosting company dramatically improved. And the end user could start adding standard type plug-ins with little thought of compatibility or affects on security, because WordPress themselves already stabilized a bunch of it.
As with any other “itus” type disease, the patient doesn’t realize they are causing their own issues. Many of these folks are younger webmasters or new business owners that weren’t around in the days before WordPress stabilized situation, so they just go crazy and install every plugin they can find that does something cool.
WordPress Plug-in Guide to help Cure Plug-intus:
#1 Stick to standard plugins
The way to tell a standard plugin is usually that they have thousands and thousands of installs. Yoast, Ninja Forms Silder Revolution, and W3 Cache are a few good ones. One exception, Jet Pack, in our opinion is insecure and should be avoided. There are some really good plug-ins out there, but you have to be smart when you select them.
#2 Add ONLY what you need
This little tip will be hard because to an addict to plug-ins person, you need them all. But understand the more that are added, the more there is to keep track of when the site is slow. You will likely also forget why you put the plugin there. So the best advice is to only use the most important ones. I will eventually share what we think are the needed plug-ins and the ones most sites will need. We know it will be hard, but it is important.
#3 Learn to Backup –
I can’t tell you how many would-be’s call me because they blew up their site and they did not back it up. If your going to experiment with plug-ins, then please, please back up your site. We like Updraft. It does a great job. Backs up to your dropbox or Google Drive and will rotate for you if you set it up right.
#4 Set Up a Dev Site
This will allow the recreational plug-in addict a place to test a plug-in before they break their site. And when it all goes sideways it can easily be restored from a backup.
#5 Do not Customize Plug-ins Until You Kick the Habit
We have run into some folks who try to customize their plug-ins or use a developer to enhance a plug-in they have written. The issue with this is that the second you start to make customizations, you invalidate the API that keeps everything in compatibility. So the next plug-in explodes the site. So if you intend to have any custom plug-ins written, your days of a plug-in junkie need to be in the rearview mirror.
And remember, all these plug-ins easily can cause security issues. This is why Google will hate you and go as far as to mark your site as hacked. And remember to check your themes too. Often purchased themes have embedded issues as well. The best tip of all is use only what you absolutely need.
So lets go back in time a bit. Google announced they were going to give a ranking bonus for any site that used HTTPS and forced all occurrences of their URLs to it. It didn’t sound right to me at the time because Google usually doesn’t announce things so that for me should have been my first indication that something was odd about this.
As most of you know we own a hosting company as well as a digital marketing agency so it gives us a bit of a leg up on understanding how things are implemented and what their impacts may actually be. Things that sound good on paper sometime in reality are not. And this is one of those items I suppose. So I went to talk to my system admin his first reaction was how it was going to slow up the load time on a site unnecessarily and the have sites that get huge page views a day. So needless to say i had a very unhappy system admin.
I am glad he balked so hard at this because it allowed us to slow down, not just charge into a pool because i was thinking about how we wanted to implement and if the lift would be enough to off set the hardware costs for the busiest of customers and such. So a funny thing happened while i was thinking about this.
As you most of you know i do a lot of lecturing on SEO and in Houston, I have a pretty big following and my classes started having people who had websites that took huge dives in traffic. They came to the class to find out why. As I started to talk about encrypting the website (using SSL), hands starting going up saying that their sites started tanking after the switch to https, in other words, forcing all pages to be encrypted.
The biggest issue was the forcing of the HTTPS and 301 redirecting the main HTTP connection on Port 80 over the the encrypted port on 443. As most of you know Google had discretion as to whether or not they honor a 301. In our experience only 80 percent of the requests get honored and it is why if possible I don’t treat the 301 as a magic cure all for anything i want to do to a website. Rather, we advise making every effort to keep an existing URL in tact and not change it when making any platform type change to a website. This is a very long way to say we decided not to advocate forcing the use of the https switch.
Also what we found is that there was a loss on link juice. People naturally link to HTTP whether they realize it or not. When you say www.seo411.com your browser reads that link and sends it to the unencrypted version of the website, which is standard. Review your link profile and you will see that links are not to your encrypted site site, but rather your standard plain old standby http. So inevitably link profiles were disrupted for a site when a site is unnaturally forced into a HTTPS state.
Needless to say there was a lot of issues and the idea on Google’s part may not have been well thought though.
Well that was were my original post was to stop. I was again as with most things I do, was answering a question I received Friday and I said the the person, thanks for the blog post.
Google must of gained access to my correspondence and displeasure with the entire thing, because I just received an alert saying that they were going to start favoring sites that could be reached via HTTPS. They added a few conditions. They include things like your page has to be coded right; you have to have a valid certificate and a few other techie type things.
This move is at best puzzling. Maybe Google’s departments don’t talk to each other. But by forcing HTTPS on all web pages, it makes websites far slower because each file has to be encrypted prior to delivery. Things that make the web faster, they are slowing down by this move. The other thing that bothers me is that our busier sites will now require a high availability designation or need to be clustered depending on the platform. It’s a lot of extra horsepower and they are somewhat taking the decisions out of the site owners hands by priority indexing the HTTPS version of the site.
I don’t know if any one noticed but Amazon took off their forced HTTPS designation especially during this time of year. And as I tell customers who ask questions: What does Amazon do and that usually will give you the right answer for your question. I this case only the check out process is encrypted as it should be.
Overall, this is an improvement over the previous iteration of the HTTPS credit, but its still putting an big onious on the backs of IT departments to keep websites running quickly especially for mobile, yet encrypting them which intrinsically slow a website down regardless of the processing power.
On my Santa wish list. Being we now have privacy protected can we have our keywords back Mr. Santa Google.. pretty please?
It seems odd that I would put a blog up about a software that has been retired for 10 years now. Funny thing is there are still a whole lot of FrontPage users out there. And on the eve of Windows 10 (can you believe windows 95 was 20 years ago…wow), it seems like an appropriate topic.
First I want to tell you there are still people out there that offer FrontPage hosting. I would be very leery of those hosts. Its not possible to offer true FrontPage extensions and be running an up to date server. Sure there is Sharepoint but that’s not what the home user would be exposed to. What that means to you guys is that the server is far more vulnerable to attack.
Plus it seems that as the versions of Windows has marched on, how well FrontPage works seems to be diminished. Honestly I’m pretty shocked when someone can actually still install and license their old version of Microsoft 2003. My ability to register the software stopped sometime back in 2008. But, I change my computers a lot.
Now I have to admit it. I LOVED FrontPage. I was always better at it than Dreamweaver and making edits were a snap. I could make any type website you wanted with it and understood it inside and out. So I truly understand those of you out there that are reluctant to put the software down and step away. Its like loosing your childhood pacifier on some level. But and this is really big but, you cannot be a serious web marketer in 2015 using MS FrontPage.
We can first look at why Microsoft abandoned the software. Mostly it was aimed at the home user that wanted to build a website. As time has evolved, many folks use MS Word to publish docs to their intranet so its just not that necessary anymore in the business world. There are so many applications that would do what FrontPage would do and I think Microsoft could see the writing on the wall that FrontPage was going to go the way of the dodo.
More importantly the feature that we FrontPage junkies loved the most was the one thing that makes it extremely deadly for web server security. I could pull a file and edit it over port 80 and save it. For those of you that are tech types, it means its writes files over the same port that displays files for the web.
Not to get into a huge web security discussion, I hope its sufficient to just say, that’s not the best way to do things. But boy was it brilliant and probably why I’ve moved in the direction I have in web development.
So how do you kick the FrontPage Habit?
There are many different ways to approach this. Of course there is Adobe’s Dreamweaver, which really is a great piece of software, but complicated especially if you don’t have CSS down. It’s not easy to get the hang of out of the box. Really its for the pro’s.
The next path is one that makes me insane, I admit it. There is a whole group of people that offer web sites with this easy to use interface. It makes having a web site easy. But easy is not really what moves a business down the road. But there are HUGE drawbacks from these websites you sign up to and build your site on their platform. I have a mental block when it comes to SquareSpace, mostly because I”m a gamer and remember when SquareEnix was Squaresoft. SoI can never remember their name. But here’s my beef with these type sites, in my opinion, small business cant compete with large competitors using these tools. They are billed as such but I don’t really find that to be the case.
Not to get in a huge discussion but in my opinion you cannot control the software to the level that is needed to compete on Google. So I know what your thinking…your thinking, how can an old FP website be competing on Google. The navigation of a Frontpage website that is set up correctly, allows you to easily rank. So despite all the other reasons I don’t like cookies cutter, come here pick a template. We’ll give you 5 pages web builders. It’s just not in small business’ best interest to go down this road.
So What DO I recommend as the alternative to FrontPage? Why WordPress of course!
Let me lay out for you why WordPress is the perfect bridge from a Frontpage site and keeping your successful FP website successful. WordPress allows you to the ability to build your website in the same manner your old site was done. Once you wrap your head around the fact that you don’t have to build everything by hand, or add to the navigation, you’ll be off and running.
There also is not a sole alive that can tell me they can’t learn WordPress, there is a glut of WordPress help videos over in YouTube so you can get the hang of it. Yes I understand when your older change is hard. And I’m assuming if your refusing to give up your software from 2003, your now older. But once you get the hang of it WordPress is a fantastic and secure alternative to FrontPage, if you keep up with your patches (its easy, you just push a button)
From the hosting perspective, wordpress hosting costs you nothing extra. You have total control over your website and can edit it. And the day you decide you don’t like your web host, you can EASILY roll up your tent and move on without being stuck like you are with these Wix-Weebly-Square-Shopify models. Sure there are some people that want a 5 page brochure website.
If that is your goal, I can’t really argue that. But if you ever intend to rank in a search engine and have a website that your customers will take you seriously, those are not the roads to follow. Again that’s my opinion. And sure you can say I have a dog in the hunt. But really, because of all the mentoring I do though the SBDC here in Houston as well as HWCOC, I can’t tell you how many folks I run into that can’t do what they need to do to to have an effective (with the word effective being the operative word) website. One of the first things I cover in base SEO class is there is a need for 100 pages for the website to be perceived by the search engine that your a serious website.
You easily could have 100 pages in FrontPage. I once had a client with 250,000 pages built in FrontPage. In WordPress, easy to have 100 pages…And that’s what’s needed for you to be a serious contender on the web.
Lastly finding a WordPress web host is not hard. If your one of our clients, you already have it available to you. And of course, my staff is well versed and helps get things running. I don’t know that all web hosts do that. So if you need that extra support with the product I would recommend asking.
And just for that one tip. Ask your host to set you up a beta version of the website that you can easily move the copy of your website into, get all setup and moved over and go live.
Later this week I’ll blog on some of the best WordPress Plugins to help make your transition easier!
I know, I know. I’ve been falling behind here. Well in part it was because I kept waiting for the other shoe to drop and so far it hasn’t. We were all were warned and advised that the flip to mobile was going to be harmful to sites if you didn’t heed the warning and adjust your sites ahead of time.
Well so far one week in and I know its just one week in, all our rankings have gone up regardless of if the sites were responsive, a one page mobile site or not mobile friendly at all. To me that was all good news. I know more peril is on the horizon of course, but for now in week one, I’m very happy to report the state of our clients is great.
We made a lot of changes to our servers, to help improve how fast Google can grab a page. There were some pre-caching mechanisms that we put in place and they have helped dramatically. Over all our customer benefitted from our SEO expertise, something most web hosts don’t have.
We for years have all know that bad web hosting has a bad effect on web sites. Slightly off topic, I went to Pubcon last week in Austin and one of the points iI kept hearing over and over was how bad or cheap web hosting has a very negative impact on SEO and even more so web search. They recommended dedicated servers and companies that provide those services. I found that interesting because we’ve run our stuff here much differently, we run everything here as if it was dedicated and we often do things like tweek the servers so that they meet the Google standards, in this case a 200 millisecond load time. Yes you read that right. So that’s what we did here. I cant find any of our competitors that have that standard.
Anyway back on topic…
One thing that I did notice is that the breadcrumb trail seems to have taken on a new prominence. Google is showing more and more of that type information in both the desktop SERPs as wells as the mobile ones. Most of all it seems that Google is still showing the most correct listing far more than if the site is what they deem mobile friendly. Our non mobile friendly sites that had strong breadcrumbs, seemed to actually move up and even outpace ‘mobile-friendly’ sites. In one case, i have the top 2 spots and the first mobile friendly site is #3.
I have samples quite a few terms off multiple platforms and the ranking seem to be consistent. If you built your site with the great content and the user experience in mind, it seems that you came out of Mobligeddon, Mobilepocolyse or what ever you want to call it just fine.
