Blog

Website Security For Content Management Systems

Security / By /

Online security breaches have been national headline news topics regularly throughout the last year. WebWise Design & Marketing has always taken security seriously. We have used and stressed the importance of strong passwords, and we endeavor to keep the versions of the applications we use updated as quickly as possible.

As most of you know, websites with Content Management Systems (CMS), by their nature, present a far greater security risk than static websites. Simply having a user login facility creates a security challenge. Hosting companies and other companies that provide security products and services tell nearly everyone who will listen that, “In our experience most account compromises are due to weak passwords and/or outdated software.”

www.wordfence.comLast week we took another step in securing our client websites that were built on a WordPress framework. We have installed the Wordfence Security plugin on nearly all the WordPress installations we developed and manage.  While there are other similar products, we use and recommend Wordfence Security (we have no affiliation). Here are some of the features of the free version.

  • Real-time Security Network
  • Enforce strong passwords
  • Check existing passwords
  • Scan for DNS changes
  • Get detailed IP info
  • Track IP’s to their source
  • Block IP’s & manage blocks
  • Intelligently block networks
  • Block fake Googlebots
  • Block brute-force attacks
  • Scan Core, Theme and Plugin Files
  • Repair Files
  • Scan for known malware
  • Scan for hundreds of backdoors
  • Scan content for bad URLs
  • Real-time traffic shows hackers
  • Real-time view of crawlers
  • Includes a complete firewall
  • Rate limit rogue crawlers
  • View top content leeches

You may have noticed one of the features is “Enforce strong passwords.” By default, we use that setting for our client’s protection and recommend that everyone use the feature. Read our Secure Passwords Should Not Be Optional blog post.

While the free version of Wordfence Security does an excellent job across the board, we believe the investment in Wordfence Premium is a good investment in the security of anyone’s website. Take a look at it and decide for yourself. www.wordfence.com

Secure Passwords Should Not Be Optional

Security / By /

Password Security

A very large number of the security breaches we read about are because of weak passwords. Nearly all of us are guilty of using insecure passwords. Some of the time it isn’t a big deal. If someone steals your password to your favorite newspaper account, it likely doesn’t matter as much to you as it does to your newspaper company. Of course, if you stored credit card information there, it could be a bigger problem for you than you think.  The bottom line is if you don’t want any of your accounts and the information in them accessed by someone else, you need to use a very secure password.

So, what constitutes a secure password? Let’s start with the basics. The longer the password, the harder it is to crack. Consider using at least a 12-character MINIMUM. We like to see 20 – 24 character passwords. Okay, so we agree you should use long passwords.

What else? Before you create that first really secure password, make sure you protect your computer and network with up-to-date antivirus software and a firewall. The most secure password in the world is not secure if it is in an unencrypted file (Word document, text file, spreadsheet, etc.) on a computer that has been compromised.  If any of the accounts you access offer two-factor authentication, use it! Many experts recommend periodic (and somewhat frequently) password changing. I agree with Leo’s answer on Ask Leo to this question. Is a periodic password change a good thing?

Back to creating that long password.

  • Create passwords using a 12-character MINIMUM. Using 20 – 24 characters increases password strength exponentially.
  • Use at least one number, one uppercase letter, one lowercase letter and one special character (symbol).
  • Don’t use the names of your family members, friends or pets.
  • Don’t use dictionary words, including commonly used foreign words.
  • Don’t use common substitutions such as “$” for “s”, “@” for “a”, “1” for “l” and, well, you get the idea.
  • Don’t use zip codes, local street numbers, phone numbers, birthdates, ID card numbers, social security numbers, etc.
  • Don’t use the same password on multiple sites.

Password Generators

We recommend using a password generator, and creating them at least 20 characters long. There are several good secure password generators online. Here are a few.

Norton Identity Safe Password Generator
Random Password Generator
Online Domain Tools Password Checker
Perfect Passwords — GRC’s Ultra High Security Password Generator

For those of you who want to remember your passwords. It is possible to use really long passwords that are easy to remember. Here is an excellent blog post which includes methods to do that.

Password Managers

How to remember those long passwords? Well that is a challenge. We recommend using a password manager application. Because LastPass, one of most widely used password managers, was broken into last month (hackers didn’t access user password vaults because it uses a rigorous cryptography system), some believe using a password manager is not a good idea, but it is a very viable option. This blog post answers the question, “Am I An Idiot for Still Using a Password Manager?

There are two types of password managers, those online that store your passwords in encrypted databases in the cloud, and applications that you install, and then store your encrypted password database on a file on your desktop computer, phone, or tablet. There are pros and cons to both types, and both can do the job for you. Here are some of the most popular password managers.

LastPass
Dashlane
1Password
KeePass

Here is how PC Magazine rates (June, 2015) paid and free password managers. Please remember that those ratings, as all ratings of software, are somewhat subjective and a matter of personal preference.

Start today with creating a new and different password for each of your email accounts. Most of us have easy-to-remember (and easier to crack) passwords for our email accounts that really should be changed.

Please remember,  Secure Passwords Should Not Be Optional, and using a password manager certainly doesn’t make you an idiot.

Increase Conversions – Improve Your Most Popular Pages

Content, Marketing / By /

Improving the most popular pages on your website can increase conversions.  Take a look at the pageview data in Google Analytics (or other analytics provider) and make note of the top three pages (other than your home page) visited.

Improving ConversionsYou may not have intentionally created the most popular page on your website with the thought of it being specifically a landing page. More likely, it is a page you created some time ago that highlights services or products you offer. It may even be a nearly random blog post you wrote because you hadn’t published one lately.

Take a good look at your most visited web page, the time your visitors spend on the page, and where they go after viewing it.  Are they filling out your form, subscribing to your newsletter, or calling you?

  • Proof your page again. You may be surprised to find a typo or two. Fix them.
  • Update any outdated information.
  • If you don’t have a photo or visual, add one.
  • If you are talking about more than one topic, use sub-headers.
  • If you have other pages on your website related to the page topic, link to them.
  • List additional resources at the bottom of the page.
  • If you do not have a “Call to Action” on your page, add one.

Improving your most visited pages gives you more chances of increasing conversion rates.

Learn more about increasing conversions by calling us today!

1-800-281-9993 or 608-822-3750

Don’t feel like talking today? Use our convenient contact form.

 

Is Your Website Ready For Visitors?

Customer Service, Marketing, Tips, Web Design / By /

Is your website, the place you hope to convert prospects to customers, ready to receive visitors?

When we use links to our websites using Social Media, we essentially invite people to our website. When we invite people to our homes, we generally check to see if everything is in its place and that there is nothing seriously amiss. Is that true with your website? When was the last time you reviewed your website to see if it reflects your business and your products or services as they are today?

Here is a little check list to make sure your website is ready for visitors.

  • Know and state who you are, what you do, and the benefits of what you offer to your visitor.
  • Know who you would like to visit your website.
    • Knowing your audience is critical. If you believe your audience is everyone, you will likely fail.
    • Who are they? Why would they want what you offer? When would they want it?
  • Speak to your visitors from their perspective, not with an industry-speak sales pitch.
    • Explain that you know some of their challenges, and how they can benefit from your products or services. If possible, show some specifics.
  • Does your navigation present a clear and easy path to your most important content?
  • Is your contact and location information readily visible?
  • Is your website mobile friendly?

If your website looks as good as you would like, and you check off all the items in the list, your website should be ready for visitors.

Of course, we are always happy to help. Email or call us today! — 1-800-281-9993 or 608-822-3750

PPC – Why You Should Bid On Your Business Name

Ads - Pay-Per-Click, Marketing, Search / By /

Google AdWords Example AdThere are many excellent reasons to invest in a Google AdWords and/or a Bing Ads PPC (Pay-Per-Click) campaign. If you have read this blog or talked with us, you know we believe nearly every business should be taking advantage of PPC advertising. If you do nothing else, start a Google AdWords campaign and bid on your business name.

Here are a few good reasons why you should bid on your business name.

  1. Branding – Improve Brand awareness – Value without paying for clicks
  2. Double Exposure – Display in PPC Ad and Organic listings
  3. Improve your CTR using Google AdWords “Extensions”
  4. You control your ad content
  5. Often, competitors are bidding on your name
  6. Make it easier for returning customers and other visitors to get to you

Start doing cost effective branding today by bidding on your business name.

Call us about starting a Google AdWords campaign. 1-800-281-9993 or 608-822-3750