Call today: 01376 322782

Password Security: Why Mine are Complicated

Password Security

Password security is essential. So when I configure a website for a client, rest assured that I will give you a complicated password. It will include upper and lower case, numbers, special characters and normally more than once.

This doesn’t always go down so well: I get moaned at, or requested it is changed to a simpler or one that the customers uses everywhere else. I say no.

So if you do find yourself in this situation, where I dig my heels in, these are my reasons:

Unauthorised logins on websites happen – a lot

If you have any type of security software on your website, you may get an email alerting that someone has tried (and failed) to get into the back of your website.

Now I should explain these logins aren’t people, they are mainly automated bots. Basically little programs that try to guess your user’s passwords. They would like nothing more than to get into the back of your website, look for vulnerable code or outdated software. If they do, they will unleash total mayhem.

More can be read about failed logins here

The record I have seen for the most automated logins in one day is around the 600 mark. Please do comment below if you can beat that.

Cleaning up hacked websites is just horrible

I have had to clean up a few hacked websites, everything from rogue files sending out phishing emails to redirects to spammy /malicious websites. It is a very long, tiresome and expensive process.

The few times I have had to undergo this arduous task, I have no doubt that the client would rather have put the money to better use. It is also quite stressful and has me looking over my shoulder for some time afterwards.

I would not be a very good (or professional) web designer

I pride myself on the quality of my work and going by the nearly 20 years I have been up and running, my customers agree. If a client’s site was hacked, that would reflect badly on me. If it happened often, then no doubt my reputation would go down. Not on my watch.

It doesn’t reflect well on the customer

Depending on how quickly it is detected, if your website keeps getting hacked, then in turn you may get a reputation with your customers: “Oh X’s website is down yet again.” This can be offputting and can result in your customers going elsewhere.

Although these constant logins will not effect your website performance they can slow it down considerably.

Conclusion

So all in all, I would rather be moaned at a bit for choosing a long and complicated password than all of the above.

As a basic security measure, you should have a strong password, but you should also:

  • Include security and firewall software on your website. This should also provide an activity log that flags unauthorised behaviour. It can also block or blacklist the culprits.
  • Install an SSL certificate (secure socket layer). This encrypts any transmission between the browser and your website preventing your credentials from being discovered by the wrong eyes.
  • Consider 2 factor authentication (2FA). Not only do you log into your login page, you also have to provide a code. This is provided either by text or an phone app that creates a random code.

Just one last thing: If you are going to write your passwords down store them securely. For added security, invest in password software.

How to Seek (and Destroy) Online Plagarism

In the past I have written about image copyright and how you should read any small print to ensure that you don’t leave yourself vulnerable to a nice big fat royalty bill from a disgruntled photographer. But your website content can also be vulnerable to plagiarists.

Just before I start, the actual definition of Plagarism according to The Oxford Dictionary is this:

The practice of taking someone else’s work or ideas and passing them off as one’s own

From the Latin plagiarius ‘kidnapper’ (from plagium ‘a kidnapping’, from Greek plagion) + -ism.

Yes, basically someone who kidnaps your content and passes it as their own. You don’t really need me to tell you how unethical a practice that is?

So is Someone Duping your Content?

You can check for duplicate content by going to Copyscape.com. You simply add your page URL and they search for websites that have similar content. It then gives you a percentage of how similar the page’s content is to yours.

Copyscape - to check duplicate content

The free service allows you 10 searches per day, which is adequate for a small website. For larger websites, it might be easier to subscribe to their premium service.

How it was about 10 years ago

I originally performed a search about 10 years ago, before web copyright was being taken seriously . I noticed my web rankings had gone down. I used Copyscape and found to my horror that a web design company up north had swiped my content and shamelessly added it to their website.

I rang up their company and had to leave a message. I went out for a moment and on my return had quite a snotty message left back on my website. The guy in charge basically thought it was socially acceptable to swipe content from other websites and then palm it off as their own content.

So I rang back this little Herbert to set him straight, but in the time between leaving his answerphone message and the phone ringing again, he either realised that the Essex girl wasn’t backing down or (more than likely) he didn’t actually have a leg to stand on. So he turned from snotty MD to noble and apologetic MD.

Naturally it was one of his employees was responsible for the content and would be “having words” with him and asking him to change it that day. It did get changed that day.

How it was 2 weeks ago

Fast forward 10 years later, and online copyright infringement is quite rightfully taken very seriously.  Also action is taken more quickly, even to the extent of the hosting company taking action or, even worse Google.

So, when I came to writing this guide, I ran a check on my website. My content is about 3 years old so I checked my pages and this time I find that not only one but two websites have copied my content: One had copied a section about e-commerce on my services page, but another had blatantly swiped my content from the ecommerce page.

Duplicate Content [/caption]

Step 1 – The Cease and Desist letter

It is very tempting to rip chunks out of the website owner, but that could just get messy. So instead I looked up their contact details and dropped them a polite, but firm email.

Ceast and Desist

I did indeed check both sites after a few days: The website that copied the small section from my services page had taken the offending content down and either copied someone else’s or wrote it themselves.

But after one week the duplicate page was still there. Nothing had changed and this little twerp wasn’t taking my email seriously (he hadn’t even told me to get lost!). So it was time for the next stage.

Step 2 – Contact their Hosting Company

So if the web owner wasn’t going to take their content down, then maybe a polite word to their hosting provider would do the trick. So a quick look on http://who.is for the domain name and I can find out the hosting company. In this case one in the Netherlands.

The hosting people not only need to know the whole story but also need evidence that one of the websites they allocate space for is doing anything wrong. It is also worthwhile to prove that you were the originator of the content. https://web.archive.org/ takes regular captures of your website. It doesn’t take regular updates, but in this case it proves that my web content has been on my site for a couple of years.

Hosting cease and desist

I sent them a polite email explaining the situation and that they should take down the page (or even better the site) as they are infringing copyright. Again I have given them a deadline to do something about it.

In this case I didn’t have to wait very long. Within a few hours I had a reply. Short but polite.

Quick reply

And on that same afternoon, their website (and at the point of writing this) the website is still down.

Site taken down I wonder if they are aware?

So it was resolved with slightly less stress than the case 10 years ago. But if the hosting company hadn’t responded, then there is a step 3.

Step 3 – Tell Google all about it

This is a last resort: Get onto Google Webmaster Tools and file a DMCA (Digital Millennium Copyright Act)

Big ‘G’ provide a lot of support and information about this process and guide you through the entire process. Take the time to read the support on offer and answer the questions and provide as much info as possible. Google will then in turn review your DMCA and decide which action to take. For a straightforward act of plagarism, that should resolve it.

Google DMCA page

Can we stop this from happening again?

No not really. Online, you are always going to get hackers, spammers, scammers, cheapskates and general weirdos, and there will always be some imbecile with minimum brain activity, that thinks they just might get away with swiping someone else’s content for use on their own website. The key is to check your content regularly and to take appropriate action.

There are a few workarounds, especially for blogs, but I will cover that in a separate article.

New Year, New Website

If you own or are responsible for a business website, it makes good sense to perform an audit at least every 6-12 months to ensure that your web pages are still alluring and your content is still up to date. A lot of advances have been made online, so even if your website has been revamped in the last couple of years, your good intentions already look dated.

Tend to your website like you would tend a garden: Sure you don’t have to be in it every single day, but regular tending to keep it fit for purpose. For example, remove the weeds and the plants that didn’t take. Maybe once a month add something fresh.

So many times I have seen unattended websites that are the garden equivalent of overgrown grass, thriving weeds and the rusting remains of an old car!
But before contacting any web designer, with a long list of what needs to be done, have a look at what you currently have online and perform an audit on your website. Here’s a quick how to guide:

Feedback

You know something is amiss with your website when you (or your sales team) stop referring people to the website for further details. You may instead be using Twitter or Facebook to keep your client base updated on the latest buzz. That is fair enough, but don’t forget they will out of curiosity look at your website as well. And what’s to say you cannot include social media updates on your actual website? You can.

Identify your quiet period

Every business has a quiet time: For business to business companies, this could be in the time between after Christmas and before new year; around March and before the financial year or during the 6 week Summer holidays. For online shops, this could be after both Christmas and the January sales. Whenever your quiet period where there are few distractions, this is when you should focus on this task and take the time to assess your website.

What needs to be changed

This is where you need to roll your sleeves up and look at your website objectively. Start at the home page: Does this still look stunning? More importantly does it still reflect your business?
From here, go through the other pages of your website: Do you still offer these products/services? Is the content still persuasive?

Also is your news page, portfolio and/or blog updated on a regular basis? How long ago was it updated? If they are not already, your social networks can be set to automatically update every time you post on your blog.

If your website performs an online function, (for example, completing a form, making a purchase, etc), does this still work ok?

In general, is your website easy to navigate? What is the general feel of the site? Is it still good? Try to put yourself in your customer’s position when going through your website: Would they be impressed or disappointed?

Check your stats

Any serious website owner should be set up on Google Analytics, as this can reveal a lot more about your website, how visitors find your website and how they behave on your website.

NB: If you are not on Google Analytics yet, then every hosting provider does provide basic analysis data from the control panel (but take this quiet time instead to get registered and setup on Google Analytics).

I could dedicate an entire article (even a few) to the various functions and filters of Google Analytics, but for now, The main areas to focus on should be:

  • Bounce rate this is where people click onto your website and then come off it within a short period of time. If this figure is high, then you definitely need to revise your website.
  • Time spent on website: There are two functions for this: The average duration that each visitor spends on your website or more usefully, a breakdown of the tally of people spending a fixed amount of time on your website (for example x% spending less than 10 seconds, x% less than 1 minute, etc) again the less time spent, the less engaging your pages and content are.
  • Number of pages on website Again provided as an average per visitor or a breakdown. Is your content compelling enough that people want to read more, or are your visitors visiting one pages and then leaving. Or have they found what they wanted on that one page?
  • Popular pages This section can be used to answer that question. There are 3 various breakdowns: Top content pages, which show the most visited pages on your website, Top Landing page (the first page one visits on your website) and Top Exit page (the last page visited on your website). This gives an indication of the path people are using throughout your website. The exit page may be your contact page, indicating that they are ringing or sending you an email.
  • Goal Analysis. Depending on the main focus of your website (for example, download a guide or make a purchase), take the time to set up each goal on your website, making sure to record every page in the process. This is the most worthwhile tool on Analytics because you can monitor the success of the whole process and see how many people are abandoning the process halfway. For example are people giving up on page 2 of your 4 page checkout process? if so why?

The WordPress version

The WordPress version as seen from the control panel (circled)

Responsive layout

Another area you should analyse on Google Analytics, is how people are viewing your website. There may only be about 30 people per month viewing your website using a tablet or smart phone, but this figure is anticipated to get bigger. Also these could be the visitors that want to buy from you or find out more information, so make sure that your website can accommodate the mobile user.
View your website on both a tablet and a mobile: How does your site look? Is it still easy to read and to navigate? Can you perform everything on a handheld device that you can from a desktop?  You should.

Security

If your website is set up using sophisticated software (for example WordPress, Joomla, etc), one final word about security: 2014 has been known for online security breaches from vulnerabilities in software to brute force attacks (link to 2014 hack list). Brute force attacks are automated but target your administration panel using simple passwords, and have been rife since the start of 2014 (ask your hosting provider, they may already have security measure in place to eliminate this).

So can your login be easily guessed? Now might be the time to create a more secure password.

Joomla Version

The Joomla Version as seen at the bottom of each page and the update notification (both circled)

Even better is your website software up to date? Software companies regularly revise the software to include all the latest security patches which keeps the nasties out. You can check the latest version of software by logging into your admin panel. Most software providers post a message on your admin panel when there is a new revision available.

These points alone should give you a clear idea on what needs to be improved on your website. Updates to the pages could easily be made by you or a members of staff, but the more involved areas, such as updating the software or re-development to accommodate mobile devices can simply be handed to your web developer or IT department.

This is a brief guide to get you started. DVH Design will shortly be compiling a more in-depth step by step analysis checklist for you to use on your website every year. Please contact or comment below if you would like this document when it goes live.

Resurrect your Website from the Dead

iStock_000031214282SmallIt’s no big secret: I received funding from the government in the Summer and now I have a Business Coach working with me for a few months to improve certain areas of my business.

So far progress has been steady and it is quite a novelty concept to me as the business coach gives me homework to do each week. Last week I was asked to make a list of every prospective client that hadn’t proceeded forward. I did so and out of my own curiosity, I checked their websites. Except for one that had recently re-designed their website for desktop, tablet and mobile use, regularly updated their site and engaged in social media, had been pretty much left for dead: Some had not been updated since 2011, others had created a Facebook page, written 2 updates and then given up.

That is a shame because they are missing out on sharing their information with others, engaging with what could be potential customers and associates. All of this being vital stuff for any business. Also if people want to find out more about your company, product or service, a 3 year old post announcing your company’s now set up on Facebook is hardly a good sign!

The thing is, a lot has changed since 2011: For a start, there is way more competition out there, Google have got smarter at detecting websites that provide regular and useful advice (and filtering out the ones that can’t be bothered), and according to Google, mobile search may overtake desktop search by next year.

Even I have fallen under this category: I half-heartedly set myself up on Twitter and Facebook a few years ago, but its only really in the last 6 months that I’ve taken the time to set up a decent Company profile and now regularly take the time to share and converse on both. I’m still a long way off seeing any visible results, but the local community know that I’m out there and some of my customers have asked me more about the building work currently taking place on my new office.

Facebook image showing the DVH Design office in progress

A snippet of company information about the latest buzz in the DVH Design camp

 

In fact, here is a rundown of the best excuses I have heard and my answer to them:

I haven’t got the time

No one expects you to spend all day chatting on social media or writing up your latest blog post. But by allocating a small amount of time (about 1-2 hours) each day or week is time well spent. Even better if you opt for a time when you are at your most productive.

You can also use tools to save time. For example wouldn’t it make sense if you use a social network platform, such as Hootsuite or Tweetdeck to save you having to visit every social networking site you currently use? If you work late at night, you can also schedule posts and updates for the following day when people are more likely to read it.

For the larger task of re-designing your website or re-writing your web content, use your allocated time in steps, so for example write up your home page content during one session and maybe your services pages for the next. Or just outsource it altogether (Just saying!) 🙂

The calendar function on Hootsuite

Hootsuite comes with a nifty calendar function so posts can be scheduled for a more social hour.

 

I have no idea what to say

This mainly falls under the category of social media, but can be useful for web content. Offer advice, give tips, answer questions that other people in your community are asking. Give a top 5 list of the most useful tools that you use, share other people’s posts if they inspire you/ anger you/find amusing/find intriguing. Find a couple of online resources and share their stuff for the same reason. Give reviews, tag people, converse with them, share related news articles, the list is endless.

Or you could engage your followers to do the legwork on your behalf: For example hold a competition/prize draw like and share your post or hold a photo competition based around your product or service.

DVH Design twitter of rag doll prize

I recently won a rag doll in a prize draw. The selfie was retweeted by the Mumpreneurs Club, so both parties benefitted.

 

No one shares/likes/comments

Not everyone is going to hang on to your every word. If no one responds then don’t sweat it. Retweet or reshare your post at least once more, but if not then just try again. Take the time to interact with your followers online, engage with them. Keep going and…

Don’t give up! Ever.

It may not result in a sale or a conversion straightaway, but sharing your expertise in the long-term lays the foundation for people to recognise you as an expert and in turn will contact you when they need your product/services. Also Google recognise your expertise and will duly reward you.

So what of my ex-prospect list? Well, my homework this week is to get in touch with them and let them know that I can still help them and demonstrate how I have helped others. Normally I would be sceptical, but frankly, I can’t wait.

DVH DESIGN

8 Coopers Crescent
Great Notley
Braintree
Essex
CM77 7DG

CONTACT US

01376 322782
07986 472449
Click to email

FOLLOW US:

© 2000-2024 DVH Design. All rights reserved.