As an account manager of several web marketing clients, my goal is for them (and us) to be successful in growing their businesses. And we do that by aligning our strategy with their company goals, becoming partners who work together in this mutual aim.
Most of my customers want to sell more widgets or get more sales leads, and so we get them more website traffic so they can do just that. Who doesn’t like more customers, right?
If your company website leads or sales are growing, especially by having a content and search engine optimization (SEO) strategy, then continue to work your plan. That’s good business sense.
But let’s not stop at just continuing to do what works. There’s always more. It’s time to try new things.
When it comes to making money, one of my favorite things to do is to try new ideas. It’s fun to test them out and see if you can get a return on investment. Online marketing is no different: Find something that works and expand it. Then, find something else that works and expand it, too. Repeat the process.
Let’s assume you have an SEO and content strategy working for your business. Have you tested some paid digital advertising, yet? What about social media marketing; is that right for your business? And by social media marketing, I mean true strategy that drives results – not just playing on Facebook. How about email marketing to current customers – might you get them to spend more with your company with repeat orders?
There are so many avenues to explore when it comes to growing your business. If you haven’t gone down very far down those roads, there are likely goldmines to uncover.
Making the transition from HTTP to HTTPS is not as simple as adding an extra letter to the URL. It requires adding a SSL (Secure Sockets Layer), which is generally found on e-commerce sites or others that offer secure transaction pages. Switching a site to HTTPS has some heavy SEO obstacles.
Henshaw gives nine steps to follow in transitioning a WordPress site to HTTPS. Outside of the difficulty of obtaining private keys and certificates, there are a number of other obstacles to hurdle over in maintaining SEO. It’s important to first understand that HTTP sites and an HTTPS sites are considered to be different sites, not extensions of one another. Next is the need to redirect traffic from the old HTTP site to the new HTTPS site. Enter the wonderful process of de-indexing. The old HTTP pages will need to be removed, which luckily, Google will do once your new redirects are set up. This will take care of the regular HTTP, or non-secure, pages.
One last tip from Henshaw is that he doesn’t recommend switching to an HTTPS site if your site is performing well and bringing in a large volume of conversions. This secure site SEO factor is another best practice to be added to a lengthy list that online marketers need to address, or at the very least be aware of.
What does this mean for your site?
Don’t panic if your site is not entirely HTTPS. As with many other changes to SEO best practices, which change constantly, you won’t want to jump straight on the wagon. Take some time to evaluate the process involved in switching from a site in HTTP to HTTPS. Make sure any kinks are worked out of the process if you decide to switch. Have a plan of action (see above steps from Jon Henshaw). How intensive will it be for your site? If your website is new, you may want to go ahead and start the transition as this change would be easier to make, and you won’t have to make the change once your site is established in organic Google searches.
I agree with Henshaw when he makes a point about successful sites with high traffic and goal completions not needing to make an immediate switch. Though being proactive is not a bad thing:
Are you creating a new signup feature? Make sure it is secure.
Are all of your e-commerce transaction pages already HTTPS? If not, that’s a change you need to make.
Security needs for your site are directly related to how much information you are collecting. If the main goal of your site is only to push content, you have much less of a need for security additions; however, if you are collecting a range of personal information or credit card info, you absolutely need secure pages.
Be sure to watch your website’s statistics in the coming months. Is there suddenly a sustained loss in organic traffic? Have you noticed a dip in overall site performance? If you are having these issues, it would be worth evaluating the switch to HTTPS.
Ahh, data centers. Fancy name, but do you know what they really are? Data centers make websites work, and TKG has its very own! In this blog post, I’d like to show you around our data center at TKG to give you an idea of what goes into bringing your website to life from behind the scenes. It’s more than just blinking lights and wires (really)!
Pictured below is our backup natural gas generator. This generator will automatically kick on in the event of an extended power outage. It works alongside our battery-powered UPS to ensure 100% power uptime!
Did you know that over 90 percent of the almost 500 websites that TKG hosts run off of two servers? Well, you do now! We utilize the latest virtual machine technologies to bring you improved uptime. Our host servers are configured for high availability, which translates to increased redundancy for your website! Here they are, in all their beauty.
Fact: the internet IS just a series of pipes, and most places only have one pipe feeding their data needs. But, TKG has two pipes supplying our data center with cool refreshing bandwidth! Both of our pipes are fiber optic, which can be way faster than a traditional copper connection. We only use one of our pipes at a time, and we keep the other one ready in a failover state – just in case.
The final stop on our data center tour brings us to the air conditioner. It’s pretty cool (pun intended). Running servers 24/7 gets really hot, so we have a dedicated HVAC unit to keep our data center nice and cold (with a low relative humidity).
We hope you enjoyed our tour. Who has a question about the TKG Data Center? Ask in the comments!
First, is it colocation, collocation, co-location?
Just spelling the word often poses a challenge! But, what is it?
Colocation is a server hosting option that might be a good fit for smaller businesses that don’t have their own IT infrastructure or want the headache of implementing and maintaining a server.
It allows you to essentially rent space in more robust environment that typically contains large amounts of bandwidth, redundant power, dedicated cooling, etc.
At TKG, we are fortunate enough to have our own data center within our walls. That’s pretty unique for a business our size in our industry. With our colocation services, you can provide your own server or we can even spec one out for you to meet your needs. Either way, you own your equipment.
You then rent the amount of rack space needed in our data center to fit your server(s). We provide the power and the required bandwidth for your needs.
An added benefit of TKG colocation services is that we also have a dedicated IT staff to facilitate set up and maintenance for you, if needed. Often customers looking for colocation not only don’t have the physical resources to support their server, they typically do not have the staffing resources either. This makes TKG a great fit to partner with these businesses to help out in that area.
Some uses of colocation are:
To support high-use/high-demand websites and related applications
Offsite backup of data to ensure protection
Hosting of software applications remotely
Do you think colocation might be a fit for you? If you are currently hosting your website on a PC under someone’s desk or back up all of your critical client and business files to a jump drive, a colocation solution might be a good fit for your business.
Let us know if we can answer any questions for you or if you want more information about colocation.
Sometimes disasters happen… It’s an unfortunate reality. In the IT world the name of the game is reducing down time, and the best way to ensure that you reduce downtime during a disaster is to have a backup and disaster recovery plan. Here at TKG, we have a nerdy saying we like to throw around: “Secure data equals peace of mind.”
That’s why we are currently in the next phase of our (always evolving!) backup strategy to include a disaster recovery plan that ensures we can provide uptime even if our data center is wiped off the map! (We had a massive storm and tornado warning last week that made us a little fearful that might actually happen!)
This is great news for our clients, and a service that very few web hosts/data services providers can claim.
The best backup strategies include an offsite backup location to move data to, but sometimes it’s not enough to just move data offsite… It’s important to plan for a disaster, and figure out a way to put your data back in “play” after one occurs.
With VMware as the backbone to our hosting environment we are going to be able to utilize our offsite backup server as another VMware host to ensure the best possible uptime for our clients in the event of a disaster.
Virtual machines give users unprecedented flexibility to backup and restore virtual machines. There are some really great software packages that allow users to backup virtual machines such as Vranger and Veeam. I’m not going to recommend one of the other (I’ll leave the homework up to you), but it’s important to find a backup solution that fits the needs of your virtualization environment.
There’s no way around it.. Disasters suck (especially for IT people), but with good planning it is possible to ease the pain of a disaster. To learn more about what makes an ideal hosting environment, head over to the Data Services section of TKG.
The recent uproar regarding the government ordered hand-over of Verizon business customers phone metadata has many wondering what is being gathered and for what purpose? We live in an information age, but many of us don’t understand exactly what “information age” means in terms of what you are actually passing along and what is being saved for later analysis. Just as our phones contain metadata, so does the web.
“Metadata” as it relates to the web
In simple terms, it is general information encompassing further details about the actual item. You can think of it as the envelope you drop into the mailbox. The contents of the envelope are unknown to those that look at it, but the envelope itself contains details that anyone is able to read. This includes information like the origin (your address) the destination (who you’re sending it to), date it was stamped by the post office, size and weight of the package, etc.
Translating this metadata concept into modern terms, every single user of the Internet freely hands over metadata to strangers every single time they click a link. In a web request, similar envelope information is required to make sure the server gets you the information you requested. This data is passed from network to network and anyone along the way could capture this data and develop patterns on their own.
For example, as I write this I’m able to observe activity on our web server and can tell you that someone in the country of Senegal is currently interested in finding out about wedding day diamonds from one of our clients. That activity is anonymous, but it gives enough detail to observe and develop patterns of activity over a period of time.
If the thought of metadata collection makes you uneasy, the quickest and easiest way to reduce metadata sharing is to update your browser’s privacy settings. You have the ability to disable tracking cookies and browsing history for each session. For example, holding “CTRL-SHIFT-N” in chrome starts this mode. This is also available for mobile privacy through the specific mobile browser you use. Go into your settings to turn off cookies, access to your location, etc.
What are your thoughts on metadata sharing? Will you be adjusting your privacy settings? Photo credit
Virtualization is a key component to many data centers around the world today, and why shouldn’t it be? At TKG we rely on a world-class virtualization platform to house many of our critical hosting servers. Virtualization gives us the flexibility to allocate resources on-demand to different machines as needed, and it gives us a backup solution that will help decrease down time in the event of an emergency.
So, what is virtualization?
Think of it as multiple personalities for a computer. There are many different operating systems out there, and each system has its own strong suite. Linux is great for web hosting, Windows has Active Directory and Exchange, the Mac has… well the Mac actually doesn’t have the ability to be virtualized in a production environment! Virtualization software allows users to run multiple operating systems on one computer or server. You could have your Exchange server on Windows running right next to your Linux-based web hosting server on the same hardware! Think of the savings (hardware, energy, etc)!
There are two major platforms for virtualization that come to mind when dealing with server virtualization: VMWare and Microsoft.
Each system has pros and cons, and I have had experience with both. Personally, I prefer VMWare ESX over Microsoft Hypervisor simply because Hypervisor requires Windows Server to be installed on the server before being able to virtualize a system (full version of Windows = more overhead). VMWare ESX is a light-weight operating system that you install on a server and control with a program that runs on your desktop PC.
If you’re new to virtualization or just want to see what it’s all about you can download a copy of VMWare Player. VMWare Player is a FREE virtualization program that installs right on top of Windows (sorry, Mac users you have to purchase VMWare Fusion). Player allows users to run Linux, Windows or any other OS you can throw at it right on top of your current system.
I’d be happy to answer any questions you may have about virtualization, just put them in the comments!
Mobile device security has become a hot topic with the explosion of smartphone and tablet sales in recent years. Think about all of the information that is kept on your smartphone… email, calendars, personal contacts, payment information and every app that you have with saved login info is all in one easy-to-lose place – ripe for the picking! So, the question becomes, “what can I do to secure my device’s data?”
iOS (iPhone, iPod Touch and iPad) users have the luxury of Apple’s iCloud offerings and the ability to remotely lock, wipe and geo-locate a missing device right from iCloud’s website. iOS users can enable “Find My iPhone” in the Settings app under the iCloud settings. If you’re not an iOS user don’t worry, because there are third party services like Lookout for Android that give users similar functionality on different platforms.
Another must for mobile device owners is to enable a passcode before using the device, and it can be as simple as a four-digit PIN. Some devices will give users the option to have their iOS or Android device automatically wiped out after so many failed login attempts. Windows 8 has a neat feature that presents a user with a picture at the login screen, and the user must use gestures to unlock the device.
Did you know smartphones and tablets can get viruses? According to a recent CNN article Android accounts for 97% of all malware on mobile devices. Moral of the story: make sure you only download apps from trusted sources, and be sure to read the reviews of each app you download. I would encourage device users of all platforms (iOS, Android, Windows, etc) to take this to heart. Another way to prevent malware from infecting your smartphone or tablet is to refrain from jailbreaking it.
Taking a few easy steps could save you time, money and headaches if your phone or tablet comes up missing. I’ll be the first to tell you I have left my iPhone at Starbucks, but I was able to find it and secure it using iCloud. Share your lost phone story with us in the comments!
The recent Chinese attacks against various US websites as well as the security breach at Facebook and Apple has put hacking and security back in the spotlight.
While these attacks were quite focused and sophisticated, the simple fact remains that the majority of attacks target simple holes in website architecture that can be proactively closed by developers and server admins making your website safer.
Hollywood likes to make hacking look easy and instant, but this isn’t always the case.
At the end of the day an attack usually results from a series of miniature fact-finding pokes that can tell the attacker what they are dealing with. There use to be a time that this sort of information gathering required dedicated tools like Fiddler, WireShark, or NetStumbler.
Today this isn’t necessarily the case since modern web-browsers include a lot of built in developer tools meant for good, but can be used to find out enough information to attack.
For example, starting at a target’s website the first thing an attack may do is to look at the additional information the server is freely telling them. Here they find out that they are dealing with an ASP.net site, running version 2.0.50727 on IIS 6.
That may not seem like much, but it instantly focuses efforts on exploits in Microsoft technologies as opposed to blindly attacking the site with techniques that don’t apply to that environment. A quick Google search reveals this further information:
“Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. “
How do you protect yourself from this sort of fact finding?
It’s really a very simple solution; configure the server and application to not send this information. There may be unavoidable clues like file extensions for your website, but at least that isn’t delivering exact version information to a curious set of eyes.
Another easy form of attack simply involve URL manipulation. On a website that may be presenting small thumbnails of images for purchase; an attacker would able to use the same developer tools to spot a request like the one below.
Wanting to get the image without purchase, he may notice the “width=70″ in the URL. What happens if he makes that “width=200″? He then discovers that the website has given a version of the image that is 200 pixels wide. What happens if “width” is removed? It serves back the full sized image, ready for download. If he puts a little more work into putting all of those URLs into a list, the attacker would then be able to use a small program that goes through that list requesting each image 1×1 — free of charge.
How do you protect yourself from this?
The best thing to do is to have your developer validate ALL input and set default values in the programming for values that may be missing.
SQL injection attacks take place on websites that simply take the input from the user and apply it to the programming with no validation applied. In the case of the missing width, this developer should have set a width himself if one was not present to always return back a smaller version of the picture.
At the end of the day if someone really wants to affect your website they will. But taking a few relativity easy proactive steps will not affect your true user and will make that attacker have to work quite a bit longer to get in.
Have you ever been the victim of hackers? How did you recover and what do you put in place as protection against future attacks?
From its inception in 2003 WordPress has been downloaded more than 65 million times and powers 22% of all new websites.
WordPress owes a lot of its popularity to the fact that it is easy to use. It put publishing content on the Web within reach of people with diverse backgrounds. While WordPress is undoubtedly a good thing in that it allows mass sharing of information online, it has somewhat of a bad reputation in the information security community.
Part of the information security dilemma is the trade off between security and convenience. Systems that are highly secure are usually not very convenient to use, whereas systems that are convenient to use have a tendency of not being very secure.
WordPress users have to be aware of the fact that WordPress needs ongoing attention to ensure it is installed securely and remains secure. By following well established guidelines, WordPress users can make sure their websites remain a trusted and productive conduit to their audience.
Security Tip 1: Keep Your WordPress Site or Blog Up to Date
The most basic step to ensure security in the WordPress environment is to make sure you are keeping up with the version of WordPress you are running.
If you are running an old version then you are more at risk because you don’t have the latest code. This is no different from any other software. People are well aware of the monthly Microsoft patches that get released to keep your operating system secure. WordPress users need to be aware of when WordPress releases a new version and take appropriate steps to upgrade their WordPress installations.
This awareness should extend to the WordPress themes and plugins that you install inside of WordPress. To the credit of the WordPress team their base software has gotten better over the years regarding security. Often times a WordPress installation will get “hacked” because there is a vulnerability in one of the plugins or themes that have been installed inside of WordPress.
Users need to be aware of what themes and plugins they are using and pay attention to any new updates for those themes and plugins. Along the same lines, if you installed a plugin and then decide not to use it then it should be un-installed. There is no reason to leave a plugin installed if you aren’t using it when a vulnerability in that plugin could leave your whole site susceptible to an attack.
Security Tip 2: Choose Wordpress Plugins and Themes Wisely
While we are on the topic of plugins and themes – it may be tempting to install a myriad of themes and plugins when you are first getting started.
Pay attention to information about what you are installing. Don’t install a theme or plugin that has been downloaded only 10 times in the last 5 years and don’t install a plugin that was last updated in 2009.
WordPress.org does a great job displaying information about plugins that it offers. It will display the date the plugin was last updated along with the number of downloads a plugin has. While not universally true, for the most part a more popular plugin will have active developers that care about the security of their code.
Security Tip 3: Take Additional Steps
At the heart of information security there are a few guiding principles. One of these principles is “Defense in Depth.”
If one safeguard fails you can be sure there is another safeguard at a different level that will still keep you secure. Even if they don’t realize it WordPress users should practice defense in depth. It is a good idea to install a WordPress firewall that may protect you against any vulnerabilities in the base WordPress software along with issues in plugins and themes on your site.
WordPress users should also ask their hosting providers if they offer any sort of Web Application Firewall. This is also a way to protect your website if there happens to be a vulnerability in the WordPress environment.
Security Tip 4: Don’t Forget the Simple Stuff!
The very first step towards WordPress security may be the most important and yet the easiest.
Choose strong passwords for your WordPress administrator accounts. If you follow all the advice here and set your administrator password to “123456”, “qwerty” or even “123456qwerty” then the bad guys will just take advantage of your simple password and login to your administrator interface.
Passwords matter – again it is a trade off of convenience versus security. It is harder to keep track of complicated passwords but using those stronger passwords can be the most important step to take to secure your WordPress website.
We have talked about taking some steps to achieve a more secure WordPress installation. So why does this all matter?
It boils down to a few reasons. When a website gets hacked a lot of times the attackers will cause your website to infect visitors with malware – viruses and spyware.
Your website becomes a source of an infection for people who are visiting your website — and you want to be a responsible online “citizen” – keeping your website secure is a part of that.
There is no doubt you have made an investment (time and money) into your online presence. Running a WordPress website can be a very effective method for establishing your business online and communicating a message to your audience.
This can be hampered if you don’t take some precautions to keep your website secure. You can lose the trust of your visitors and you could also lose the trust of the various search engines. If your site gets compromised then Google could label your site as one that may infect visitors. You could fall out of the Google rankings and lose any momentum you have going with the search engines. At the end of the day it is about making an ongoing investment in your website to ensure it is helping you to reach your goals.
Have you ever experienced a WordPress security threat on your site or blog? Let me know in the comments…