Website Security For Content Management Systems

Online security breaches have been national headline news topics regularly throughout the last year. WebWise Design & Marketing has always taken security seriously. We have used and stressed the importance of strong passwords, and we endeavor to keep the versions of the applications we use updated as quickly as possible.

As most of you know, websites with Content Management Systems (CMS), by their nature, present a far greater security risk than static websites. Simply having a user login facility creates a security challenge. Hosting companies and other companies that provide security products and services tell nearly everyone who will listen that, “In our experience most account compromises are due to weak passwords and/or outdated software.”

www.wordfence.comLast week we took another step in securing our client websites that were built on a WordPress framework. We have installed the Wordfence Security plugin on nearly all the WordPress installations we developed and manage.  While there are other similar products, we use and recommend Wordfence Security (we have no affiliation). Here are some of the features of the free version.

  • Real-time Security Network
  • Enforce strong passwords
  • Check existing passwords
  • Scan for DNS changes
  • Get detailed IP info
  • Track IP’s to their source
  • Block IP’s & manage blocks
  • Intelligently block networks
  • Block fake Googlebots
  • Block brute-force attacks
  • Scan Core, Theme and Plugin Files
  • Repair Files
  • Scan for known malware
  • Scan for hundreds of backdoors
  • Scan content for bad URLs
  • Real-time traffic shows hackers
  • Real-time view of crawlers
  • Includes a complete firewall
  • Rate limit rogue crawlers
  • View top content leeches

You may have noticed one of the features is “Enforce strong passwords.” By default, we use that setting for our client’s protection and recommend that everyone use the feature. Read our Secure Passwords Should Not Be Optional blog post.

While the free version of Wordfence Security does an excellent job across the board, we believe the investment in Wordfence Premium is a good investment in the security of anyone’s website. Take a look at it and decide for yourself. www.wordfence.com

Secure Passwords Should Not Be Optional

Password Security

A very large number of the security breaches we read about are because of weak passwords. Nearly all of us are guilty of using insecure passwords. Some of the time it isn’t a big deal. If someone steals your password to your favorite newspaper account, it likely doesn’t matter as much to you as it does to your newspaper company. Of course, if you stored credit card information there, it could be a bigger problem for you than you think.  The bottom line is if you don’t want any of your accounts and the information in them accessed by someone else, you need to use a very secure password.

So, what constitutes a secure password? Let’s start with the basics. The longer the password, the harder it is to crack. Consider using at least a 12-character MINIMUM. We like to see 20 – 24 character passwords. Okay, so we agree you should use long passwords.

What else? Before you create that first really secure password, make sure you protect your computer and network with up-to-date antivirus software and a firewall. The most secure password in the world is not secure if it is in an unencrypted file (Word document, text file, spreadsheet, etc.) on a computer that has been compromised.  If any of the accounts you access offer two-factor authentication, use it! Many experts recommend periodic (and somewhat frequently) password changing. I agree with Leo’s answer on Ask Leo to this question. Is a periodic password change a good thing?

Back to creating that long password.

  • Create passwords using a 12-character MINIMUM. Using 20 – 24 characters increases password strength exponentially.
  • Use at least one number, one uppercase letter, one lowercase letter and one special character (symbol).
  • Don’t use the names of your family members, friends or pets.
  • Don’t use dictionary words, including commonly used foreign words.
  • Don’t use common substitutions such as “$” for “s”, “@” for “a”, “1” for “l” and, well, you get the idea.
  • Don’t use zip codes, local street numbers, phone numbers, birthdates, ID card numbers, social security numbers, etc.
  • Don’t use the same password on multiple sites.

Password Generators

We recommend using a password generator, and creating them at least 20 characters long. There are several good secure password generators online. Here are a few.

Norton Identity Safe Password Generator
Random Password Generator
Online Domain Tools Password Checker
Perfect Passwords — GRC’s Ultra High Security Password Generator

For those of you who want to remember your passwords. It is possible to use really long passwords that are easy to remember. Here is an excellent blog post which includes methods to do that.

Password Managers

How to remember those long passwords? Well that is a challenge. We recommend using a password manager application. Because LastPass, one of most widely used password managers, was broken into last month (hackers didn’t access user password vaults because it uses a rigorous cryptography system), some believe using a password manager is not a good idea, but it is a very viable option. This blog post answers the question, “Am I An Idiot for Still Using a Password Manager?

There are two types of password managers, those online that store your passwords in encrypted databases in the cloud, and applications that you install, and then store your encrypted password database on a file on your desktop computer, phone, or tablet. There are pros and cons to both types, and both can do the job for you. Here are some of the most popular password managers.

LastPass
Dashlane
1Password
KeePass

Here is how PC Magazine rates (June, 2015) paid and free password managers. Please remember that those ratings, as all ratings of software, are somewhat subjective and a matter of personal preference.

Start today with creating a new and different password for each of your email accounts. Most of us have easy-to-remember (and easier to crack) passwords for our email accounts that really should be changed.

Please remember,  Secure Passwords Should Not Be Optional, and using a password manager certainly doesn’t make you an idiot.

Google Has Made Twitter More Important To Your Search Strategy

As some of you know, Twitter plays an important part of many Social Media marketing strategies. With a Google announcement on May 19, 2015, Twitter gained importance in search strategy and SEO, especially for businesses with audiences that are primarily mobile users.

Google + Twitter Agreement“Starting today, we’re bringing Tweets to Google Search on mobile devices. So now when you’re searching on the Google app or any browser on your phone or tablet, you can find real-time content from Twitter right in the search results.” Google

The most important part of this is that your Tweets (with a link to your website) potentially reach Google search users, not just your Twitter followers. When you think about it, this is much bigger than it seems. Now, it is possible Google search results could include a normal listing for one of your pages AND a Tweet that links to a landing page on your website as well.

Please remember, this is Google, so your Tweet still has to earn its way into the Google’s search results page listings. It is too early to know just how that happens, but it is a given your Tweet, the link in it, and the link’s landing page will have to be relevant to the searcher’s intent. Of course having a Twitter account with active followers who retweet your Tweets, is certainly a good thing. As this new Google-Twitter deal starts to take effect, real-time trending Tweets are what is showing most frequently.

For those of you yet to embrace the fact that your website visitors are just as or more likely viewing your website on a mobile device, here are a couple of blog posts to read.

In April, 2015, comScore reported, the “Number of Mobile-Only Internet Users Now Exceeds Desktop-Only in the U.S.

With phones the “central devices,” the number of “connected devices” is changing and growing rapidly.

Make no mistake, the Google-Twitter deal will beneficially impact many businesses that are using Twitter regularly and well.

If you are looking for more mobile visitors to your website, you should consider ramping up your Twitter presence and campaign. Of course, your website has to be Google mobile-friendly as well.

We can help! Contact or Call us Today at 1-800-281-9993 or 608-822-3750

Google Changes The Rules – Mobile-Friendly or Not

If Google does as stated, today is the day many small business websites disappear from Google Mobile Search Results. Of course, not only SMBs will suffer, but so will churches, associations, and other non-profits. A few major corporations will be surprised as well.

mobile-friendly-webwisteWe understand the importance of mobile in today’s world. Nearly all the new websites we create are device-responsive, and have a mobile-friendly version, as defined by Google, as well as a desktop version.

The vast majority of the websites we have created in the last few years look great and work well on desktops and tablets, as well as phones with “full-browser” capabilities. With smaller devices, the user will have to pinch and stretch some, but they will function. We did create fully mobile-friendly versions for some of our clients websites who chose to be out front in the mobile revolution. Even a year ago a mobile-friendly of a website was a hard sell for us and most other developers, especially those of us who have small businesses and non-profits among our clients.

Google seems to think everyone has deep pockets and/or a development team to create exactly the type of website they deem appropriate. They constantly tweak Google Analytics and Google AdWords. Sometimes the tweaks are amazing and time saving. Sometimes they are amazing and very time consuming.

Google wrote this Finding more mobile-friendly search results post on February 26, 2015, and followed with this announcement Rolling out the mobile-friendly update today.

Here is an excerpt from that post.

“April 21 st’s mobile-friendly update boosts mobile search rankings for pages that are legible and usable on mobile devices.

  • Affects only search rankings on mobile devices
  • Applies to individual pages, not entire websites

While the mobile-friendly change is important, we still use a variety of signals to rank search results. The intent of the search query is still a very strong signal — so even if a page with high quality content is not mobile-friendly, it could still rank high if it has great content for the query.”

You may check using Google’s Mobile-Friendly Test to see if Google classifies your website as mobile-friendly.

It is too soon to know the impact of Google’s latest forced mandate. Every website owner should review their analytics program to see what percentage of traffic is mobile. Remember Google separates tablets traffic from mobile, as most tablets display the desktop version of a website. Once you determine the percentage and number of mobile visitors (and what they do while on your site), you will have to decide if having fully mobile-friendly (as defined by Google) is right for your customers and prospects. Only you know what percentage of mobile traffic meets your pain threshold. Please remember that for this purpose, the mobile statistics, are only valid going backwards in time. Mobile search results change dramatically as of today!

If you have any questions, please contact us.

Increase Conversions – Improve Your Most Popular Pages

Improving the most popular pages on your website can increase conversions.  Take a look at the pageview data in Google Analytics (or other analytics provider) and make note of the top three pages (other than your home page) visited.

Improving ConversionsYou may not have intentionally created the most popular page on your website with the thought of it being specifically a landing page. More likely, it is a page you created some time ago that highlights services or products you offer. It may even be a nearly random blog post you wrote because you hadn’t published one lately.

Take a good look at your most visited web page, the time your visitors spend on the page, and where they go after viewing it.  Are they filling out your form, subscribing to your newsletter, or calling you?

  • Proof your page again. You may be surprised to find a typo or two. Fix them.
  • Update any outdated information.
  • If you don’t have a photo or visual, add one.
  • If you are talking about more than one topic, use sub-headers.
  • If you have other pages on your website related to the page topic, link to them.
  • List additional resources at the bottom of the page.
  • If you do not have a “Call to Action” on your page, add one.

Improving your most visited pages gives you more chances of increasing conversion rates.

Learn more about increasing conversions by calling us today!

1-800-281-9993 or 608-822-3750

Don’t feel like talking today? Use our convenient contact form.