If you are a website owner or developer, website security is probably of the upmost importance to you. Despite all of your research on the topic you may still be wondering if you’ve done enough to keep your content secure. The constant need to stay on top of this topic is especially important if your website was built using a Content Management System (CMS) like WordPress, Joomla, or Drupal because hackers are always on the lookout for new vulnerabilities in these very commonly used CMS’s.
I recently sat down with Web Hosting Podcast host Tim Yardley for a lightning round QA on the topic of website security. Take a listen as we each answer 10 questions about the security of our own websites before taking a deeper dive into each of these 10 topics:
Compare our answers with your own and judge how well your website’s security stacks up?
Undoubtedly these 10 questions are a good litmus test and starting point for judging your website’s security. It is important to remember that each website may have it’s own unique set of needs and challenges when it comes to security. In addition, considerations like time and budget might also be factors. And, the topic of website security is an ever-evolving one so something that might be good practice today, might be useless tomorrow.
With all of this in mind, Tim and I added a couple of security measures to the list for your consideration:
Thanks to Inc.com for getting conversation started with their 10-topic online quiz.
Once you’ve made the commitment to have a website that will last for the longhaul, the next step is to gather good content rich material (CRM) for your website. If you are in a service industry this means writing original content about what you do and how you do it in a way that is unique from your competitors. Once you have gathered all of the relevant information and created a wireframe it is time to start thinking about keyword optimizing your content.
I’ve been meeting with small business owners for years now and about 25% of them are completely obsessed with Googling themselves. The pet store owner wants her website to be the top search result for the phrase “dog food”, the general contractor wants his website to to the top search result for the phrase “home builder”, and I want my website to be the top search result for the phrase “website developer.” But all three of us are in for a world of disappointment and here’s why…
Google doesn’t know just how amazing we are or how hard we have worked to put together our pet store, general contracting business, or web development firm. All Google knows is that there were hundreds of other websites built before ours with years and years of Search Engine Optimization and online reviews with Yelp and Google Places. If Google is choosing which website should be the top search result for the search phrase “web developer” is it more likely that the person conducting the search was looking for a large firm with thousands of clients and tens of web developers or me? That doesn’t mean I should give up working on Search Engine Optimization or be resigned to languishing on page 8 of the search results. It just means I need to work hard and be smart about how I present the content on my website to the world. It is time to starting thinking realistically about what I am trying to accomplish with my website’s SEO.
Your industry, the size of your business, and your commitment to your website all come in to play when picking website keywords. If you are operating a bakery and you are just getting started it is probably pretty unrealistic to think that you will build a nice 5 page website for your small business and the phones will start to ring from all of the website traffic you will get when someone searches “bakery”. This is because Google “thinks” that most people searching for a “bakery” are looking for a world renowned bakery, not your newly opened establishment. But fear not, there is something you can do with your website’s content/keywords that will help your website be found: rather than focus on generic keywords, you can focus on long tail keywords!
So what are long tail keywords? If you’ve ever searched for content on the internet, then you’ve probably used long-tailed keywords to help you find what you were looking for. Long tail keywords are the set of words (usually about 3-5 words) that you use to get more specific search results than can be achieved with a broad-based more generic search.
Let’s look at a real-life example: You’ve adopted a new cat and are on the lookout for information about different brands of cat food. So you go to Google and search for “cat food” but you quickly realize that your search isn’t specific enough and you are going to have to wade through pages and pages of results to find what you are really looking for which is a local pet shop that carries Science Diet brand of cat food. So you get more specific with your search results by searching “Science Diet cat food Portland pet store.” Now you are making use of a more specific search to fine what you are looking for which is something to keep in mind not only as you search the web but as you build a website.
So what some long tail keywords phrases that might be good for your business. If you are a cafe in Tigard, Oregon that specializes in bagels and Stumptown coffee then you might build a webpage that focuses on long tail keywords like “Stumptown coffee Tigard, Oregon” or “everything bagels Tigard, Oregon.” The odds of getting your cafe found will imprive if you can write content that focuses on specific products and/or a specific location. Emphasize what you specialize in and tailor your keyword focus accordingly and you will find yourself starting to appear in organic search results for those longer and more targeted phrases.
The reality of the world wide web (internet) is that there have always been hackers and there will always be hackers. If you own a website, the responsibility for its security is shared between the website owner and the website hosting company. Web hosts implement many lines of defense against hacking to keep the servers secure. But that is only half the battle. If website code is poorly written or not kept up to date by the hosting client/ website owner, a website is still vulnerable to hacking. That is why hosting companies ask the hosting client to do their part to keep their website secure. To this end, I want you to be educated about the need for and ways to keep your WordPress website up to date. ***This blog post is based on web hosting at Portland, Oregon’s Canvas Host which has both cPanel and Installatron for WordPress hosting clients.
Who – > You (or you have us do it for you)
What -> Get your WordPress update
When -> NOW
Where -> Installatron/ cPanel
Why -> To prevent your website from getting hacked and to prevent the rest of the websites on the server with you from getting hacked
You need to get your WordPress website updated NOW with Installatron/cPanel for two main reasons: first, to prevent your website from getting hacked and second, to prevent the rest of the websites on the server with you from getting hacked.
Let’s begin by stating that if none of this interests you, but you do acknowledge the necessity of having your website be secure, Canvas Host can look at your hosting package and provide a quote as to the feasibility and cost to enroll your website(s) with Installatron. Please be aware that your website may not easily import with Installatron (because of modifications to WordPress or permissions from a previous web host) so any quote for the work is based on the assumption that the import and configuration is standard and you will be notified if that is not the case.
For those of you who have been keeping your WordPress website updated on your own, you are probably aware that there are three components of your website that require regular/ semi-regular updating: the plugins, the theme(s), and WordPress itself. It is my preference that, if running updates manually, they are done in a specific order: Plugins, Themes, and WordPress. There is a whole discussion to be had about the reasons for this, but we will leave that for another time.
The first question to be asked is this: Is your website already in Installatron?
If you don’t know the answer to this question, you need to log in to your hosting account cPanel and go to the cPanel Section called Software. The Installatron Applications Installer link will be in this section.
If you see your website homepage next to a panel with your website details, then your website is in Installatron. If not, then your website needs to be imported into Installatron and please continue with this tutorial if your website is not in Installatron or skip down further if your website is already in Installatron.
If you have gone to cPanel and discovered your website is not Installatron you can set up automatic updates after importing the website into Installatron. At this point you should be in your hosting cPanel and you should have selected the Installatron Applications Installer. Since your website is not in Installatron you will be directed to the Installatron page where you can search for application. Here you will scroll down a select the WordPress icon/ option.
On the next screen you will select the option underneath the Install this application drop down (import existing install).
On the next page you will select the continue option in the “From this account” section.
Next you will select the domain and directory (if there is one) that you would like to import and push the import option. Your WordPress website should begin to import.
Now you can continue to the next step.
At this point we assume you are already logged in to cPanel and have clicked inside of the Installatron Applications Installer. Next you should identify which WordPress website (you may have more than one), you want to configure automatic updates for.
Check the checkbox next to the website you want to configure for automatic updates. Then select the wrench icon or push the edit option.
An overview of your Installatron settings for this website will load. Slide down on the page and configure the options that work for you. A good set of options is to select the following:
Scroll to the bottom of the page and make sure to press Save All in order to update your settings.
If you have premium themes or plugins for that require an update key or purchase, Installatron will not be able to run updates. If updates break your website Installatron should restore to a back up and (if you asked for email notifications) provide you with a message that there was an issue). Canvas Host cannot guarantee the software provided by Installatron however it was tested prior to this blog posting and has worked to keep several websites updated with no issues. Any customization you or your web developer may have done to your website might render different results. We encourage you to attempt to go through this process with any WordPress websites you have hosted at Canvas Host and if you would like us to go through the steps that is something our IT and Web Development Staff can handle.
Congratulations on a successful new website launch for Pat Dooris Media!
The Pat Dooris Media website features some blog posts where Pat shares some of his public speaking know-how and expertise as well as gorgeous photographs of Pat around town and hard at work putting together seminars to help individuals and organizations get their professional message heard. Pat Dooris is a veteran news reporter in Portland, Oregon and his years of work for KGW-TV give him the expertise and preparedness to help your organization. He coaches public speaking and provides presentations that will both inspire and educate your organization about messaging.
The Pat Dooris Media website also features videos, his KGW-TV RSS feed, testimonials about his past presentations, and a way to get in touch with Pat to schedule an event or presentation.
You may have heard it said that your business website needs good Search Engine Opitimized content in order for it to be found through organic search. It is true, there is a strong correlation between good website content and good results in Search Engine page placement. Of course, there is no substitute for jumping to the top of the page with Ad Words paid placement but that can require an extensive budget and commitment with a Search Engine Marketing specialist. In lieu of paid placement, the only legitimate way to get to the top of organic search results is the old fashioned way — with hard work. Understanding what Search Engines mean when they ask for Content Rich Material (CRM) is more easily understood by having an understanding of what good website content is. Once you know the “what” and “why” of how the search engines work, you will find that there is little mystery behind moving up in search results. It is empowering to know that improving your website’s place in Search Engine Rankings is in your hands.
One of the most overlooked parts of having a WordPress website is understanding the need to keep that website secure. Keeping a WordPress website secure is an on-going process. Central to the security is keeping WordPress updated. There are three parts to a WordPress install that need to kept updated — the theme, the plugins, and the WordPress files themselves.
Whether an experienced hacker or a WordPress newbie you can look at any WordPress website and make an educated guess at the URL of the login page — http://yourdomain.com/wp-admin. I have had the opportunity to watch bots and hackers attack servers with WordPress installs in real time. It’s a scary scene. Once they find a WordPress login URL they slam that login page with targeted username and password login attempts.
What does this mean for your website and how can you prevent the issue?
Imagery can be a very important element in the development of a website. Your ability to use professional photographs on your website may depend on your budget and the purpose of your website. While a family blog may be an appropriate place to display untrained digital camera/ smartphone photography, a business website is no place for unprofessional imagery to be on display.