TEXT SIZE
Advertisement
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5621.websitemagazine.com/B3286961.2;abr=!ie;sz=300x250;ord=[unique-string]?">
</SCRIPT>
<NOSCRIPT>
<a target='_blank' HREF="http://ads.websiteservices.com/adclick.php?bannerid=244&amp;zoneid=14&amp;source=&amp;dest=http%3A%2F%2Fad.doubleclick.net%2Fjump%2FN5621.websitemagazine.com%2FB3286961.2%3Babr%3D%21ie4%3Babr%3D%21ie5%3Bsz%3D300x250%3Bord%3D%5Bunique-string%5D%3F&amp;ismap=">
<IMG SRC="http://ad.doubleclick.net/ad/N5621.websitemagazine.com/B3286961.2;abr=!ie4;abr=!ie5;sz=300x250;ord=[unique-string]?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Click Here"></A>
</NOSCRIPT>
Advertisement
Paid Search Beats SEO Conversion Rates?
ShareThis
In a statement that will surely have SEO's up in virtual arms,
WebSideStory, a provider of digital
marketing and analytics solutions, today announced the results of a study
that shows paid search has a nine percent edge in conversion rates over organic
search. I can hear the furious typing of a million outraged SEO bloggers at this
very minute.
Via the news release, "In a study of leading business-to-consumer (B2C)
e-commerce sites during the first eight months of this year, paid search --
keywords bought on a pay-per-click basis at search engines such as Google, Yahoo
and MSN -- had a median order conversion rate of 3.40 percent at
business-to-consumer e-commerce sites using the company's award-winning HBX
Analytics technology. This compared to a conversion rate of 3.13 percent for
organic search results, defined as non-paid or natural search engine listings,
during the same January-to-August timeframe, according to the WebSideStory
Index, a compilation of e-commerce, site search and global Internet user trends.
The study analyzed more than 57 million search engine visits. Order conversions
occurred during the same session.
"For both paid and organic search, you have highly
qualified traffic that converts far above the overall conversion rate of about 2
percent for most e-commerce sites," said Ali Behnam, Senior Digital
Marketing Consultant for WebSideStory. "In the case of paid search, marketers
have better control over the environment, including the message, the landing
page and the ability to eliminate low-converting keywords."
Group items matching
in title, tags, annotations or url
1More
Paid Search Beats SEO Conversion Rates? - Website Magazine - Website Magazine - 0 views
Rel=Author for Businesses: Close, But No Cigar - Pure Visibility - 0 views
3More
Google Update 2019: Winners and Losers of the March 2019 Core Update - 0 views
-
Another clear trend resulting from this update seems to be Google favoring websites, particularly when users are searching for sensitive YMYL keywords, that are able to provide a higher level of trust. The main beneficiaries of this focus are websites with a strong brand profile and a broad topical focus. On the flipside, this has meant that niche websites dealing with these topics have seen their rankings fall.
-
An analysis conducted by Malte Landwehr, VP Product at Searchmetrics, suggests that Google’s algorithm has increased its weighting of user signals when calculating rankings. The results show that domains that improved their SEO Visibility following the Google Core Update have higher values for time on site and page views per visit, and lower bounce rates than their online competitors.
6More
How to Optimize Your Google My Business Listing [Updated May 1, 2018] - Moz - 0 views
-
Many business owners don’t realize that anyone can suggest a change (or "edit") to your business listing — and that includes your competitors
-
these aren’t just “suggested” edits — these user-generated changes can actually be made live on your listing without you even being notified. This is just one reason why it’s very important that you log in to your Google My Business dashboard regularly to ensure that no one has made any unwanted changes to your listing.
-
Google is beginning to index emoji-relevant search results.
- ...3 more annotations...
-
Google has said that upvoting questions can make them more visible. If someone has a particularly important question, go ahead and upvote it.
-
97% of consumers read online reviews for local businesses in 2017
-
No notifications of new questions show up in your GMB dashboard. To find out if you have new questions that need answering, you need to install Google Maps on your phone, log in, and check for questions/notifications. You can also go on a mobile browser, search for your business, and see if you have new questions that need to be answered.
4More
Embracing automation and maximizing SEO performance - Marketing Land - 0 views
-
Automation is critical in making informed, data-driven decisions in a world in which the amount of data companies are attempting to manage is unprecedented.
-
Automation in your SEO and content process can create efficiencies and ease the burden of redundant tasks, but we’ve evolved so far past that (and quickly). Today, automation alone is not enough. SEOs must automate intelligently — not only to complete tasks but to analyze data and make decisions about which tasks to prioritize (and how to carry them out), as well.
-
Last year, research by BrightEdge (my company) revealed that 80-plus percent of queries return universal search results. Optimizing, structuring and marking up your content to show Google its relevance for queries of varying intents helps increase your visibility when and where it matters most.
9More
Getting Started - schema.org - 0 views
-
More specific items inherit the properties of their parent.
-
Actually, a LocalBusiness is a more specific type of Place and a more specific type of Organization, so it inherits properties from both parent types.)
-
In general, the more content you mark up, the better. However, as a general rule, you should mark up only the content that is visible to people who visit the web page and not content in hidden div's or other hidden page elements.
- ...6 more annotations...
-
Links to 3rd party sites can help search engines to better understand the item you are describing on your web page.
-
it is also fine to embed an item that is a child type of the expected type. For example, if the expected type is Place, it's also OK to embed a LocalBusiness.
-
To make dates unambiguous, use the time tag along with the datetime attribute. The value of the datetime attribute is the date specified using YYYY-MM-DD format
-
Sometimes, a web page has information that would be valuable to mark up, but the information can't be marked up because of the way it appears on the page.
-
In these cases, use the meta tag along with the content attribute to specify the information
-
Only use meta with content for information that cannot otherwise be marked up.
9More
How to Research, Monitor, and Optimize for Questions - Moz - 0 views
-
Using questions on your landing pages and / or social media will improve engagement
-
Most basic and how-to questions are going to have informational intent (simply due to the essence of the question format: most people asking questions seek to find an answer, i.e. information). But there's always a chance there's a transactional intent there that you may want to make note of
-
"People Also Ask" boxes present more SERPs real estate which we may want to dominate for maximum organic search visibility
- ...6 more annotations...
-
There's a workaround that forces Google to autocomplete the middle of the query:
-
Quora is undoubtedly one of the largest sources of questions out there.
-
Type [brandname ?] (with the space in-between) into Twitter's search box and you'll see all questions people are asking when discussing your topic / brand / product.
-
You can use Cyfe to monitor the #redditama hashtag in combination with your core term. Or you can set up an alert inside My Tweet Alerts.
-
Create a separate FAQ section to address and explain basic questions Identify and optimize existing content to cover the identified questions Add Q&A to important landing pages (this may help get product pages featured in Google).
-
Researching questions is an ongoing process: You need to be constantly discovering new ones and monitoring social media for real-time ideas
2More
FAQ - schema.org - 0 views
-
Schema.org markup can be used on web pages written in any language. The site is currently available in English only, but we plan to translate to other languages soon. The markup, like HTML, is in English.
-
As a general rule, you should mark up only the content that is visible to people who visit the web page and not content in hidden div's or other hidden page elements.
2More
Understand how structured data works | Search | Google Developers - 0 views
-
You should not create blank or empty pages just to hold structured data; nor should you add structured data about information that is not visible to the user, even if the information is accurate.
-
JavaScript notation embedded in a <script> tag in the page head or body.
5More
Everything You Need to Know About Spammy Structured Markup Penalty - 0 views
-
According to Google, spammy structured markup penalty exists. On Webmasters Forum there are a lot of people that received a message in Search Console; Manual actions saying that the website’s schema code is spammy and it violates Google’s quality guidelines.
-
Use structured data for visible content only; Check and fix any warnings with Google’s testing tool; Use different markup for the pages within your website;
-
John Mueller said that, in most cases, the site’s ranking might not get affected by the loss of structured markup data.
- ...1 more annotation...
-
In practice, if the structure data team takes action on a site it will get affected only the rich snippets. So, the spammy structured data doesn’t affect the rankings of a site. The rest of your site is still normally shown in search.
-
5More
Beyond conventional SEO: Unravelling the mystery of the organic product carousel - Sear... - 0 views
-
How to influence the organic product carouselIn Google’s blog post, they detailed three factors that are key inputs: Structured Data on your website, providing real-time product information via Merchant Center, along with providing additional information through Manufacturer Center.This section of the article will explore Google’s guidance, along with some commentary of what I’ve noticed based on my own experiences.
-
Make sure your product markup is validatedThe key here is to make sure Product Markup with Structured Data on your page adheres to Google’s guidelines and is validated.
-
Submit your product feed to Google via Merchant CenterThis is where it starts to get interesting. By using Google’s Merchant Center, U.S. product feeds are now given the option to submit data via a new destination.The difference here for Google is that retailers are able to provide more up-to-date information about their products, rather than waiting for Google to crawl your site (what happens in step 1).Checking the box for “Surfaces across Google” gives you the ability to grant access to your websites product feed, allowing your products to be eligible in areas such as Search and Google Images.For the purpose of this study we are most interested in Search, with the Organic Product Carousel in mind. “Relevance” of information is the deciding factor of this feature.Google states that in order for this feature of Search to operate, you are not required to have a Google Ads campaign. Just create an account, then upload a product data feed.Commentary by PPC Expert Kirk Williams:“Setting up a feed in Google Merchant Center has become even more simple over time since Google wants to guarantee that they have the right access, and that retailers can get products into ads! You do need to make sure you add all the business information and shipping/tax info at the account level, and then you can set up a feed fairly easily with your dev team, a third party provider like Feedonomics, or with Google Sheets. As I note in my “Beginner’s Guide to Shopping Ads”, be aware that the feed can take up to 72 hours to process, and even longer to begin showing in SERPs. Patience is the key here if just creating a new Merchant Center… and make sure to stay up on those disapprovals as Google prefers a clean GMC account and will apply more aggressive product disapproval filters to accounts with more disapprovals. ”– Kirk WilliamsFor a client I’m working with, completing this step resulted in several of their products being added to the top 10 of the PP carousel. 1 of which is in the top 5, being visible when the SERP first loads.This meant that, in this specific scenario, the product Structured Data that Google was regularly crawling and indexing in the US wasn’t enough on it’s own to be considered for the Organic Product Carousel.Note: the products that were added to the carousel were already considered “popular” but Google just hadn’t added them in. It is not guaranteed that your products will be added just because this step was completed. it really comes down to the prominence of your product and relevance to the query (same as any other page that ranks).
- ...2 more annotations...
-
3. Create an additional feed via Manufacturer CenterThe next step involves the use of Google’s Manufacturer Center. Again, this tool works in the same way as Merchant Center: you submit a feed, and can add additional information.This information includes product descriptions, variants, and rich content, such as high-quality images and videos that can show within the Product Knowledge Panel.You’ll need to first verify your brand name within the Manufacturer Center Dashboard, then you can proceed to uploading your product feed.When Google references the “Product Knowledge Panel” in their release, it’s not the same type of Knowledge Panel many in the SEO industry are accustomed.This Product Knowledge Panel contains very different information compared to your standard KP that is commonly powered by Wikipedia, and appears in various capacities (based on how much data to which it has access).Here’s what this Product Knowledge Panel looks like in its most refined state, completely populated with all information that can be displayed:Type #1 just shows the product image(s), the title and the review count.Type #2 is an expansion on Type #1 with further product details, and another link to the reviews.Type #3 is the more standard looking Knowledge Panel, with the ability to share a link with an icon on the top right. This Product Knowledge Panel has a description and more of a breakdown of reviews, with the average rating. This is the evolved state where I tend to see Ads being placed within.Type #4 is an expansion of Type #3, with the ability to filter through reviews and search the database with different keywords. This is especially useful functionality when assessing the source of the aggregated reviews.Based on my testing with a client in the U.S., adding the additional information via Manufacturer Center resulted in a new product getting added to a PP carousel.This happened two weeks after submitting the feed, so there still could be further impact to come. I will likely wait longer and then test a different approach.
-
Quick recap:Organic Product Carousel features are due to launch globally at the end of 2019.Popular Product and Best Product carousels are the features to keep an eye on.Make sure your products have valid Structured Data, a submitted product feed through Merchant Center, along with a feed via Manufacturer Center.Watch out for cases where your clients brand is given a low review score due to the data sources Google has access to.Do your own testing. As Cindy Krum mentioned earlier, there are a lot of click between the Organic Product Carousel listings and your website’s product page.Remember: there may be cases where it is not possible to get added to the carousel due to an overarching “prominence” factor. Seek out realistic opportunities.
10More
RankBrain Judgment Day: 4 SEO Strategies You'll Need to Survive | WordStream - 0 views
-
The future of SEO isn't about beating another page based on content length, social metrics, keyword usage, or your number of backlinks. Better organic search visibility will come from beating your competitors with a higher than expected click-through rate.
-
In “Google Organic Click-Through Rates” on Moz, Philip Petrescu shared the following CTR data:
-
The Larry RankBrain Risk Detection Algorithm. Just download all of your query data from Webmaster Tools and plot CTR vs. Average Position for the queries you rank for organically, like this:
- ...7 more annotations...
-
Our research into millions of PPC ads has shown that the single most powerful way to increase CTR in ads is to leverage emotional triggers. Like this PPC ad: Tapping into emotions will get your target customer/audience clicking! Anger. Disgust. Affirmation. Fear. These are some of the most powerful triggers not only drive click through rate, but also increase conversion rates.
-
No, you need to combine keywords and emotional triggers to create SEO superstorms that result in ridiculous CTRs
-
Bottom line: Use emotional triggers + keywords in your titles and descriptions if you want your CTR to go from "OK" to great.
-
Bottom line: You must beat the expected CTR for a given organic search position. Optimize for relevance or die.
-
Let's say you work for a tech company. Your visitors, on average, are bouncing away at 80% for the typical session, but users on a competing website are viewing more pages per session and have a bounce rate of just 50%. RankBrain views them as better than you – and they appear above you in the SERPs. In this case, the task completion rate is engagement. Bottom line: If you have high task completion rates, Google will assume your content is relevant. If you have crappy task completion rates, RankBrain will penalize you.
-
4. Increase Search Volume & CTR Using Social Ads and Display Remarketing People who are familiar with your brand are 2x more likely to click on your ads and 2x more likely to convert. We know this because targeting a user who has already visited your website (or app) via RLSA (remarketing lists for search ads) always produces higher CTRs than generically targeting the same keywords to users who are unfamiliar with your brand. So, one ingenious method to increase your organic CTRs and beat RankBrain is to bombard your specific target market with Facebook and Twitter ads. Facebook ads are proven to lift mobile search referral traffic volume to advertiser websites (by 6% on average, up to 12.8%) (here’s the research). With more than a billion daily users, your audience is definitely using the Social Network. Facebook ads are inexpensive – even spending just $50 dollars on social ads can generate tremendous exposure and awareness of your brand. Another relatively inexpensive way to dramatically build up brand recognition is to leverage the power of Display Ad remarketing on the Google Display Network. This will ensure the visitors you drive from social media ads remember who you are and what it is you do. In various tests, we found that implementing a display ad remarketing strategy has a dramatic impact on bounce rates and other engagement metrics. Bottom line: If you want to increase organic CTRs for your brand or business, make sure people are familiar with your offering. People who are more aware of your brand and become familiar with what you do will be predisposed to click on your result in SERP when it matters most, and will have much higher task completion rates after having clicked through to your site.
-
UPDATE: As many of us suspected, Google has continued to apply RankBrain to increasing volumes of search queries - so many, in fact, that Google now says its AI processes every query Google handles, which has enormous implications for SEO. As little as a year ago, RankBrain was reportedly handling approximately 15% of Google's total volume of search queries. Now, it's processing all of them. It's still too soon to say precisely what effect this will have on how you should approach SEO, but it's safe to assume that RankBrain will continue to focus on rewarding quality, relevant content. It's also worth noting that, according to Google, RankBrain itself is now the third-most important ranking signal in the larger Google algorithm, meaning that "optimizing" for RankBrain will likely dominate conversations in the SEO space for the foreseeable future. To read more about the scope and potential of RankBrain and its impact on SEO, check out this excellent write-up at Search Engine Land.
7More
When Choosing Marketing Channels, Visualize the Curve | SparkToro - 0 views
-
a dangerous myth running around the entrepreneurial, small business, and marketing worlds perpetuating the idea that you can take a small/new brand and profitably, reliably acquire customers through either content+SEO or ads alone. Don’t get me wrong: it’s not impossible.
-
if they invest in content+SEO without any existing coverage, traction, brand awareness, or audience, the odds of getting visitors to see that content, or Google to rank it, are vanishingly small.
-
As you build up a marketing engine, earn traction, grow your brand, and build audiences that know you, like you, and prefer you when they see your ads/content/website/name, both ads and content tend to work better. That’s because the major platforms reward brands that earn higher-than-average engagement (in organic results and ads) with higher rankings, lower costs-per-click, and more visibility.
- ...3 more annotations...
-
chances are, you’ll need to build your brand first, then slowly dip your toes into advertising, likely starting with re-targeting audiences that have already visited your site via organic channels or given you their email.
-
most of the time with new ventures, local businesses, and small organizations, neither the ranking authority nor the audience are present yet. Thus, content and SEO become long-term, slow-investment channels (and, tragically, most give up on them long before they start paying dividends).
-
“Influence Marketing,” is what I’m calling the process of finding sources of influence (blogs, websites, email newsletters, social accounts, podcasts, YouTube channels, events, webinars, etc) that already reach your target audience and pitching them for coverage, publishing opportunities, or sponsorship.
-
"a dangerous myth running around the entrepreneurial, small business, and marketing worlds perpetuating the idea that you can take a small/new brand and profitably, reliably acquire customers through either content+SEO or ads alone. Don't get me wrong: it's not impossible. "
2More
Why Pagination is Important - Here's Why #215 | Stone Temple - 0 views
-
if you are going to keep them on your pages, make sure they are implemented correctly. You do have to take the time to learn how to follow the specs carefully and get it right. Putting aside the prev/next tags for a moment, let’s think about how you should implement pagination otherwise on your page. Our first preference is to implement that pagination in clean HTML tags that are visible in the source code for the pages on your site
-
The second choice would be to implement it in a way that isn’t clinging to the source code, but you can actually see it in the DOM or the Document Object Model. That means that your links are going to be anchor tags with a valid href attribute, not span or button elements with attached JavaScript click events.
1More
1,000+ Winners and Losers of the December 2020 Google Core Algorithm Update | Path Inte... - 0 views
-
The most striking aspect of this update is the dramatic reversal in visibility among several of the sites that were the biggest winners of 2020 in the days prior to the update, such as Amazon, Pinterest, CDC, Overstock, CNN, New York Times, and other sites that greatly benefitted due to the coronavirus pandemic, mandatory quarantines, and other breaking news in 2020. Maybe Google decided it was time to give some of the smaller players a chance to compete against the big guys – an unexpected holiday gift, perhaps?
105More
The Ultimate Web Server Security Guide @ MyThemeShop - 0 views
-
They could insert links into the site to boost their SEO rankings. Hackers can make a killing selling links from exploited sites. Alternatively, a hacker could deface the site and demand money to restore it (ransom). They could even place ads on the site and use the traffic to make money. In most cases, an attacker will also install backdoors into the server. These are deliberate security holes that allow them to come back and exploit the site in the future – even if the insecure plugin has been replaced.
-
Unfortunately, under WordPress, every plugin and theme has the ability to alter anything on the site. They can even be exploited to infect other apps and sites hosted on the same machine.
-
Theme developers are often relatively inexperienced coders. Usually, they’re professional graphic artists who have taught themselves a little PHP on the side. Plugins are another popular line of attack – they account for 22% of successful hacks. Put together, themes and plugins are a major source of security trouble.
- ...102 more annotations...
-
Each person who uses your system should only have the privileges they need to perform their tasks.
-
Don’t depend on a single security measure to keep your server safe. You need multiple rings of defense.
-
Security exploits exist at all levels of the technology stack, from the hardware up. WP White Security revealed that 41% of WordPress sites are hacked through a weakness in the web host.
-
While it’s important to use a strong password, password cracking is not a primary focus for hackers.
-
the more software you have installed on your machine, the easier it is to hack – even if you aren’t using the programs! Clearly, programs that are designed to destroy your system are dangerous. But even innocent software can be used in an attack.
-
There are 3 ways to reduce the attack surface: 1. Run fewer processes 2. Uninstall programs you don’t need 3. Build a system from scratch that only has the processes you need
-
A really good authentication system uses multiple tests. Someone could steal or guess your password. They could grab your laptop with its cryptographic keys.
-
If you want to run multiple processes at the same time, you need some way of managing them. This is basically what a kernel is. It does more than that – it handles all of the complex details of the computer hardware, too. And it runs the computer’s networking capabilities
-
programs exist as files when they are not running in memory
-
SELinux’s default response is to deny any request.
-
SELinux is extremely comprehensive, but this power comes at a price. It’s difficult to learn, complex to set up, and time-consuming to maintain.
-
AppArmor is an example of a MAC tool, although it’s nowhere near as comprehensive as SELinux. It applies rules to programs to limit what they can do.
-
AppArmor is relatively easy to set up, but it does require you to configure each application and program one by one. This puts the onus for security in the hands of the user or sysadmin. Often, when new apps are added, users forget to configure AppArmor. Or they do a horrible job and lock themselves out, so their only option is to disable the profile. That said, several distributions have adopted AppArmor.
-
Generic profiles shipped by repo teams are designed to cover a wide range of different use cases, so they tend to be fairly loose. Your specific use cases are usually more specific. In this case, it pays to fine-tune the settings, making them more restrictive.
-
GRSecurity is a suite of security enhancements
-
In the future, this could become a viable option. For now, we’ll use Ubuntu and AppArmor.
-
Apache is a user-facing service – it’s how your users interact with your website. It’s important to control this interaction too.
-
If your Apache configuration is bad, these files can be viewed as plain text. All of your code will be visible for anyone to see – this potentially includes your database credentials, cryptographic keys, and salts.
-
You can configure Apache to refuse any requests for these essential directories using .htaccess files. These are folder-level configuration files that Apache reads before it replies to a request.
-
The primary use for .htaccess files is to control access
-
If an attacker knows your WordPress cryptographic salts, they can use fake cookies to trick WordPress into thinking they have logged on already.
-
If the hacker has physical access to the computer, they have many options at their disposal. They can type commands through the keyboard, or insert a disk or USB stick into the machine and launch an attack that way.
-
When it comes to network-based attacks, attackers have to reach through one of the machine’s network ports.
-
For an attacker to exploit a system, they have to communicate to a process that’s listening on a port. Otherwise, they’d simply be sending messages that are ignored. This is why you should only run processes that you need for your site to run. Anything else is a security risk.
-
Often, ports are occupied by processes that provide no real valuable service to the machine’s legitimate users. This tends to happen when you install a large distribution designed for multiple uses. Large distros include software that is useless to you in terms of running a website. So the best strategy is to start with a very lightweight distro and add the components you need.
-
If you see any unnecessary processes, you can shut them down manually. Better yet, if the process is completely unnecessary, you can remove it from your system.
-
Firewalls are quite similar to access control within the computer. They operate on a network level, and you can use them to enforce security policies. A firewall can prevent processes from broadcasting information from a port. It can stop outside users from sending data to a port. And it can enforce more complex rules.
-
Simply installing and running a firewall does not make your host machine secure – it’s just one layer in the security cake. But it’s a vital and a powerful one.
-
First of all, we need to configure our software to resist common attacks. But that can only protect us from attacks we know about. Access control software, such as AppArmor, can drastically limit the damage caused by unauthorized access. But you still need to know an attack is in progress.
-
This is where Network Intrusion Detection Software (NIDS) is essential. It scans the incoming network traffic, looking for unusual patterns or signs of a known attack. If it sees anything suspicious, it logs an alert.
-
It’s up to you to review these logs and act on them.
-
If it’s a false alarm, you should tune your NIDS software to ignore it. If it’s an ineffective attack, you should review your security and block the attacker through the firewall.
-
That’s why it’s essential to have an automated backup system. Finally, you need to understand how the attack succeeded, so you can prevent it from recurring. You may have to change some settings on your Firewall, tighten your access rules, adjust your Apache configuration, and change settings in your wp-config file. None of this would be possible without detailed logs describing the attack.
-
Every web server has a breaking point and dedicated DOS attackers are willing to increase the load until your server buckles. Good firewalls offer some level of protection against naive DOS attacks
-
a tiny number of sites (less than 1%) are hacked through the WordPress core files
-
Major DNS attacks have taken down some of the biggest sites in the world – including Ebay and Paypal. Large hosting companies like Hostgator and Blue Host have been attacked. It’s a serious risk!
-
Right now, due to the way the web currently works, it’s impossible to download a web page without the IP address of a server. In the future, technologies like IFPS and MaidSafe could change that.
-
So there are 2 benefits to using a CDN. The first is that your content gets to your readers fast. The second benefit is server anonymity – nobody knows your real IP address – including the psychos. This makes it pretty impossible to attack your server – nobody can attack a server without an IP address.
-
When CDNs discover a DDOS attack, they have their own ways to deal with it. They often display a very lightweight “are you human?” message with a captcha. This tactic reduces the bandwidth costs and screens out the automated attacks.
-
If any of your DNS records point to your actual server, then it’s easy to find it and attack it. This includes A records (aliases) and MX records (mail exchange). You should also use a separate mail server machine to send your emails. Otherwise, your email headers will expose your real email address.
-
If your hosting company refuses to give you a new IP address, it may be time to find a new service provider.
-
WordPress uses encryption to store passwords in the database. It doesn’t store the actual password – instead, it stores an encrypted version. If someone steals your database tables, they won’t have the actual passwords.
-
If you used a simple hash function, a hacker could gain privileged access to your app in a short period of time.
-
The salt strings are stored in your site’s wp-config.php file.
-
Salts dramatically increase the time it would take to get a password out of a hash code – instead of taking a few weeks, it would take millions of years
-
You keep the other key (the decryption key) to yourself. If anyone stole it, they could decode your private messages! These 2-key cryptographic functions do exist. They are the basis of TLS (https) and SSH.
-
the most secure systems tend to be the simplest. The absolute secure machine would be one that was switched off.
-
For WordPress sites, you also need PHP and a database.
-
A VM is an emulated computer system running inside a real computer (the host). It contains its own operating system and resources, such as storage, and memory. The VM could run a completely different operating system from the host system – you could run OSX in a VM hosted on your Windows machine
-
This isolation offers a degree of protection. Let’s imagine your VM gets infected with a particularly nasty virus – the VM’s file system could be completely destroyed, or the data could be hopelessly corrupted. But the damage is limited to the VM itself. The host environment would remain safe.
-
This is how shared hosting and virtual private servers (VPSes) work today. Each customer has access to their own self-contained environment, within a virtual machine.
-
VMs are not just for hosting companies. If you’re hosting multiple sites on a dedicated server or a VPS, VMs can help to make your server more secure. Each site can live inside its own VM. That way, if one server is hacked, the rest of your sites are safe.
-
Even with all these considerations, the benefits of VMs outweigh their drawbacks. But performance is vital on the web.
-
Containers (like Docker) are very similar to VMs.
-
Because we’ve cut the hypervisor out of the loop, applications run much faster – almost as fast as processes in the host environment. Keeping each container separate does involve some computation by the container software. But it’s much lighter than the work required by a hypervisor!
-
Docker Cloud is a web-based service that automates the task for you. It integrates smoothly with the most popular cloud hosting platforms (such as Amazon Web Services, or Digital Ocean).
-
With containers, you can guarantee that the developer’s environment is exactly the same as the live server. Before the developer writes a single line of code, they can download the container to their computer. If the code works on their PC, it will work on the live server. This is a huge benefit of using containers, and it’s a major reason for their popularity.
-
A complete stack of these layers is called an “image”
-
The core of Docker is the Docker Engine – which lives inside a daemon – or long-running process
-
another great resource – the Docker Hub. The hub is an online directory of community-made images you can download and use in your own projects. These include Linux distributions, utilities, and complete applications.
-
Docker has established a relationship with the teams behind popular open source projects (including WordPress) – these partners have built official images that you can download and use as-is.
-
when you finish developing your code, you should wrap it up inside a complete container image. The goal is to put all the code that runs your site inside a container and store the volatile data in a volume.
-
Although Docker can help to make your site more secure, there’s are a few major issues you need to understand. The Docker daemon runs as a superuser It’s possible to load the entire filesystem into a container It’s possible to pass a reference to the docker daemon into a container
-
The solution to this issue is to use a MAC solution like SELinux, GRSecurity or AppArmor.
-
Never let anyone trick you into running a strange docker command.
-
only download and use Docker images from a trustworthy source. Official images for popular images are security audited by the Docker team. Community images are not
-
there are the core WordPress files. These interact with the web server through the PHP runtime. WordPress also relies on the file system and a database server.
-
A service is some software component that listens for requests (over a protocol) and does something when it receives those requests.
-
Using Docker, you could install WordPress, Apache, and PHP in one container, and run MySQL from another. These containers could run on the same physical machine, or on different ones
-
The database service container can be configured to only accept connections that originate from the web container. This immediately removes the threat of external attacks against your database server
-
This gives you the perfect opportunity to remove high-risk software from your host machine, including: Language Runtimes and interpreters, such as PHP, Ruby, Python, etc. Web servers Databases Mail Servers
-
If a new version of MySQL is released, you can update the database container without touching the web container. Likewise, if PHP or Apache are updated, you can update the web container and leave the database container alone.
-
Because Docker makes it easy to connect these containers together, there’s no reason to lump all your software inside a single container. In fact, it’s a bad practice – it increases the security risk for any single container, and it makes it harder to manage them.
-
If your site is already live on an existing server, the best approach is to set up a new host machine and then migrate over to it. Here are the steps you need to take:
-
With a minimal Ubuntu installation, you have a fairly bare-bones server. You also have the benefit of a huge repository of software you can install if you want.
-
If access control is like a lock protecting a building, intrusion detection is the security alarm that rings after someone breaks in.
-
Logging on to your host with a superuser account is a bad practice. It’s easy to accidentally break something.
-
Fail2ban blocks SSH users who fail the login process multiple times. You can also set it up to detect and block hack attempts over HTTP – this will catch hackers who attempt to probe your site for weaknesses.
-
With multiple WordPress sites on your machine, you have 2 choices. You could create a new database container for each, or you could reuse the same container between them. Sharing the DB container is a little riskier, as a hacker could, theoretically, ruin all your sites with one attack. You can minimize that risk by: Use a custom root user and password for your database – don’t use the default username of ‘root’. Ensuring the db container is not accessible over the internet (hide it away inside a docker network) Creating new databases and users for each WordPress site. Ensure each user only has permissions for their specific database.
-
What are the benefits of using a single database container? It’s easier to configure and scale. It’s easier to backup and recover your data. It’s a little lighter on resources.
-
you could also add a caching container, like Varnish. Varnish caches your content so it can serve pages quickly – much faster than WordPress can
-
Docker has the ability to limit how much processor time and memory each container gets. This protects you against exhaustion DOS attacks
-
A containerized process still has some of the abilities of root, making it more powerful than a regular user. But it’s not as bad as full-on root privileges. With AppArmor, you can tighten the security further, preventing the process from accessing any parts of the system that do not relate to serving your website.
-
Docker Hub works like GitHub – you can upload and download images for free. The downside is that there’s no security auditing. So it’s easy to download a trojan horse inside a container.
-
Official images (such as WordPress and Apache) are audited by the Docker team. These are safe. Community images (which have names like user/myapp) are not audited.
-
a kernel exploit executed inside a container will affect the entire system. The only way to protect against kernel exploits is to regularly update the host system
-
Containers run in isolation from the rest of the system. That does not mean you can neglect security – your website lives inside these containers! Even if a hacker cannot access the full system from a container, they can still damage the container’s contents.
-
Under Ubuntu, AppArmor already protects you – to a degree. The Docker daemon has an AppArmor profile, and each container runs under a default AppArmor profile. The default profile prevents an app from breaking out of the container, and restricts it from doing things that would harm the system as a whole. However, the default profile offers no specific protection against WordPress specific attacks. We can fix this by creating a custom profile for your WordPress container.
-
The net effect is that it’s impossible to install malware, themes or plugins through the web interface. We’ve already covered this to some degree with the .htaccess rules and directory permissions. Now we’re enforcing it through the Linux kernel.
-
There are versions of Docker for Mac and PC, so you’ll be able to run your site from your home machine. If the code works on your PC, it will also work on the server.
-
Tripwire tends to complain about the entries in the /proc filespace, which are auto-generated by the Linux kernel. These files contain information about running processes, and they tend to change rapidly while Linux runs your system. We don’t want to ignore the directory entirely, as it provides useful signs that an attack is in progress. So we’re going to have to update the policy to focus on the files we are interested in.
-
Now we should install an e-mail notification utility – to warn us if anything changes on the system. This will enable us to respond quickly if our system is compromised (depending on how often you check your emails).
-
Rootkits are malicious code that hackers install onto your machine. When they manage to get one on your server, it gives them elevated access to your system
-
Tripwire is configured to search in key areas. It’s good at detecting newly installed software, malicious sockets, and other signs of a compromised system. RKHunter looks in less obvious places, and it checks the contents of files to see if they contain known malicious code. RKHunter is supported by a community of security experts who keep it updated with known malware signatures – just like antivirus software for PCs.
-
If your hosting company offers the option, this would be a good point to make an image of your server. Most cloud hosting companies offer tools to do this.
-
With an image, it’s easy to launch new servers or recover the old one if things go horribly wrong.
-
We’ve hidden our server from the world while making it easy to read our content We’ve built a firewall to block malicious traffic We’ve trapped our web server inside a container where it can’t do any harm We’ve strengthened Linux’s access control model to prevent processes from going rogue We’ve added an intrusion detection system to identify corrupted files and processes We’ve added a rootkit scanner We’ve strengthened our WordPress installation with 2-factor authentication We’ve disabled the ability for any malicious user to install poisoned themes or plugins
-
Make a routine of checking the logs (or emails if you configured email reporting). It’s vital to act quickly if you see any warnings. If they’re false warnings, edit the configuration. Don’t get into a habit of ignoring the reports.
-
Virtually everything that happens on a Linux machine is logged.
-
You have to make a habit of checking for new exploits and learn how to protect yourself against them. Regularly check for security patches and issues in the core WordPress app: WordPress Security Notices Also, check regularly on the forums or mailing lists for the plugins and themes you use on your site.
-
network level intrusion detection service – you can fix that by installing Snort or PSAD.
-
The only way to guarantee your safety is to constantly update your security tactics and never get complacent.
8More
New Things I've Learned About Google Review Likes - Moz - 0 views
-
allows anyone logged into a Google account to thumbs-up any review they like
-
Google doesn’t prevent anyone from hitting the button, including owners of the business being reviewed.
-
60 percent of the brands had earned at least one like somewhere in their review corpus.
- ...5 more annotations...
-
85 percent of the time, if a business had some likes, at least one liked review was making it to the front of the GBP.
-
If you found it curious that SEOs might disagree about whether or not paying for review likes is spam, I’m sorry to tell you that Google’s own staff doesn’t have brand-wide consensus on this either.
-
As a business owner, if you receive a review you appreciate, definitely go ahead and thumb it up. It may have some influence on what makes it to the highly-visible “front” of your Google Business Profile, and, even if not, it’s a way of saying “thank you” to the customer when you’re also writing your owner response.
-
If you suspect someone is artificially inflating review likes on positive or negative reviews, the Twitter Google rep suggests flagging the review.
-
In the grand scheme of things, I’d put this low on the scale of local search marketing initiatives.
4More
shared by Rob Laporte on 30 Jun 20
- No Cached
FAQ: Google's Popular Products and how to increase your organic product visibility - 0 views
searchengineland.com/-products-google-search-332880
seo ppc site code & design local & mobile marketing
shared by Rob Laporte on 30 Jun 20
- No Cached
-
With greater competition coming from marketplaces like Amazon, Google is adding more product discovery features to its search results pages.Here is everything you need to know about Google’s Popular Products section.
-
For now, this feature is only available for apparel and fashion products.
-
The Popular Products feature relies on tools you may already be using for your Shopping campaigns and rich results: product feeds and product schema.
- ...1 more annotation...
-
Can I measure traffic from Popular Products?