Skip to main content

Home/ DISC Inc/ Group items matching ""site code" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
jack_fox

The Ultimate Web Server Security Guide @ MyThemeShop - 0 views

mythemeshop.com/...web-server-security

site code & design

shared by jack_fox on 16 Oct 20 - No Cached
  • They could insert links into the site to boost their SEO rankings. Hackers can make a killing selling links from exploited sites. Alternatively, a hacker could deface the site and demand money to restore it (ransom). They could even place ads on the site and use the traffic to make money. In most cases, an attacker will also install backdoors into the server. These are deliberate security holes that allow them to come back and exploit the site in the future – even if the insecure plugin has been replaced.
  • Unfortunately, under WordPress, every plugin and theme has the ability to alter anything on the site. They can even be exploited to infect other apps and sites hosted on the same machine.
  • Theme developers are often relatively inexperienced coders. Usually, they’re professional graphic artists who have taught themselves a little PHP on the side. Plugins are another popular line of attack – they account for 22% of successful hacks. Put together, themes and plugins are a major source of security trouble.
  • ...102 more annotations...
  • Each person who uses your system should only have the privileges they need to perform their tasks.
  • Don’t depend on a single security measure to keep your server safe. You need multiple rings of defense.
  • Security exploits exist at all levels of the technology stack, from the hardware up. WP White Security revealed that 41% of WordPress sites are hacked through a weakness in the web host.
  • While it’s important to use a strong password, password cracking is not a primary focus for hackers.
  • the more software you have installed on your machine, the easier it is to hack – even if you aren’t using the programs! Clearly, programs that are designed to destroy your system are dangerous. But even innocent software can be used in an attack.
  • There are 3 ways to reduce the attack surface: 1. Run fewer processes 2. Uninstall programs you don’t need 3. Build a system from scratch that only has the processes you need
  • A really good authentication system uses multiple tests. Someone could steal or guess your password. They could grab your laptop with its cryptographic keys.
  • If you want to run multiple processes at the same time, you need some way of managing them. This is basically what a kernel is. It does more than that – it handles all of the complex details of the computer hardware, too. And it runs the computer’s networking capabilities
  • programs exist as files when they are not running in memory
  • SELinux’s default response is to deny any request.
  • SELinux is extremely comprehensive, but this power comes at a price. It’s difficult to learn, complex to set up, and time-consuming to maintain.
  • AppArmor is an example of a MAC tool, although it’s nowhere near as comprehensive as SELinux. It applies rules to programs to limit what they can do.
  • AppArmor is relatively easy to set up, but it does require you to configure each application and program one by one. This puts the onus for security in the hands of the user or sysadmin. Often, when new apps are added, users forget to configure AppArmor. Or they do a horrible job and lock themselves out, so their only option is to disable the profile. That said, several distributions have adopted AppArmor.
  • Generic profiles shipped by repo teams are designed to cover a wide range of different use cases, so they tend to be fairly loose. Your specific use cases are usually more specific. In this case, it pays to fine-tune the settings, making them more restrictive.
  • GRSecurity is a suite of security enhancements
  • In the future, this could become a viable option. For now, we’ll use Ubuntu and AppArmor.
  • Apache is a user-facing service – it’s how your users interact with your website. It’s important to control this interaction too.
  • If your Apache configuration is bad, these files can be viewed as plain text. All of your code will be visible for anyone to see – this potentially includes your database credentials, cryptographic keys, and salts.
  • You can configure Apache to refuse any requests for these essential directories using .htaccess files. These are folder-level configuration files that Apache reads before it replies to a request.
  • The primary use for .htaccess files is to control access
  • If an attacker knows your WordPress cryptographic salts, they can use fake cookies to trick WordPress into thinking they have logged on already.
  • If the hacker has physical access to the computer, they have many options at their disposal. They can type commands through the keyboard, or insert a disk or USB stick into the machine and launch an attack that way.
  • When it comes to network-based attacks, attackers have to reach through one of the machine’s network ports.
  • For an attacker to exploit a system, they have to communicate to a process that’s listening on a port. Otherwise, they’d simply be sending messages that are ignored. This is why you should only run processes that you need for your site to run. Anything else is a security risk.
  • Often, ports are occupied by processes that provide no real valuable service to the machine’s legitimate users. This tends to happen when you install a large distribution designed for multiple uses. Large distros include software that is useless to you in terms of running a website. So the best strategy is to start with a very lightweight distro and add the components you need.
  • If you see any unnecessary processes, you can shut them down manually. Better yet, if the process is completely unnecessary, you can remove it from your system.
  • Firewalls are quite similar to access control within the computer. They operate on a network level, and you can use them to enforce security policies. A firewall can prevent processes from broadcasting information from a port. It can stop outside users from sending data to a port. And it can enforce more complex rules.
  • Simply installing and running a firewall does not make your host machine secure – it’s just one layer in the security cake. But it’s a vital and a powerful one.
  • First of all, we need to configure our software to resist common attacks. But that can only protect us from attacks we know about. Access control software, such as AppArmor, can drastically limit the damage caused by unauthorized access. But you still need to know an attack is in progress.
  • This is where Network Intrusion Detection Software (NIDS) is essential. It scans the incoming network traffic, looking for unusual patterns or signs of a known attack. If it sees anything suspicious, it logs an alert.
  • It’s up to you to review these logs and act on them.
  • If it’s a false alarm, you should tune your NIDS software to ignore it. If it’s an ineffective attack, you should review your security and block the attacker through the firewall.
  • That’s why it’s essential to have an automated backup system. Finally, you need to understand how the attack succeeded, so you can prevent it from recurring. You may have to change some settings on your Firewall, tighten your access rules, adjust your Apache configuration, and change settings in your wp-config file. None of this would be possible without detailed logs describing the attack.
  • Every web server has a breaking point and dedicated DOS attackers are willing to increase the load until your server buckles. Good firewalls offer some level of protection against naive DOS attacks
  • a tiny number of sites (less than 1%) are hacked through the WordPress core files
  • Major DNS attacks have taken down some of the biggest sites in the world – including Ebay and Paypal. Large hosting companies like Hostgator and Blue Host have been attacked. It’s a serious risk!
  • Right now, due to the way the web currently works, it’s impossible to download a web page without the IP address of a server. In the future, technologies like IFPS and MaidSafe could change that.
  • So there are 2 benefits to using a CDN. The first is that your content gets to your readers fast. The second benefit is server anonymity – nobody knows your real IP address – including the psychos. This makes it pretty impossible to attack your server – nobody can attack a server without an IP address.
  • When CDNs discover a DDOS attack, they have their own ways to deal with it. They often display a very lightweight “are you human?” message with a captcha. This tactic reduces the bandwidth costs and screens out the automated attacks.
  • If any of your DNS records point to your actual server, then it’s easy to find it and attack it. This includes A records (aliases) and MX records (mail exchange). You should also use a separate mail server machine to send your emails. Otherwise, your email headers will expose your real email address.
  • If your hosting company refuses to give you a new IP address, it may be time to find a new service provider.
  • WordPress uses encryption to store passwords in the database. It doesn’t store the actual password – instead, it stores an encrypted version. If someone steals your database tables, they won’t have the actual passwords.
  • If you used a simple hash function, a hacker could gain privileged access to your app in a short period of time.
  • The salt strings are stored in your site’s wp-config.php file.
  • Salts dramatically increase the time it would take to get a password out of a hash code – instead of taking a few weeks, it would take millions of years
  • You keep the other key (the decryption key) to yourself. If anyone stole it, they could decode your private messages! These 2-key cryptographic functions do exist. They are the basis of TLS (https) and SSH.
  • the most secure systems tend to be the simplest. The absolute secure machine would be one that was switched off.
  • For WordPress sites, you also need PHP and a database.
  • A VM is an emulated computer system running inside a real computer (the host). It contains its own operating system and resources, such as storage, and memory. The VM could run a completely different operating system from the host system – you could run OSX in a VM hosted on your Windows machine
  • This isolation offers a degree of protection. Let’s imagine your VM gets infected with a particularly nasty virus – the VM’s file system could be completely destroyed, or the data could be hopelessly corrupted. But the damage is limited to the VM itself. The host environment would remain safe.
  • This is how shared hosting and virtual private servers (VPSes) work today. Each customer has access to their own self-contained environment, within a virtual machine.
  • VMs are not just for hosting companies. If you’re hosting multiple sites on a dedicated server or a VPS, VMs can help to make your server more secure. Each site can live inside its own VM. That way, if one server is hacked, the rest of your sites are safe.
  • Even with all these considerations, the benefits of VMs outweigh their drawbacks. But performance is vital on the web.
  • Containers (like Docker) are very similar to VMs.
  • Because we’ve cut the hypervisor out of the loop, applications run much faster – almost as fast as processes in the host environment. Keeping each container separate does involve some computation by the container software. But it’s much lighter than the work required by a hypervisor!
  • Docker Cloud is a web-based service that automates the task for you. It integrates smoothly with the most popular cloud hosting platforms (such as Amazon Web Services, or Digital Ocean).
  • With containers, you can guarantee that the developer’s environment is exactly the same as the live server. Before the developer writes a single line of code, they can download the container to their computer. If the code works on their PC, it will work on the live server. This is a huge benefit of using containers, and it’s a major reason for their popularity.
  • A complete stack of these layers is called an “image”
  • The core of Docker is the Docker Engine – which lives inside a daemon – or long-running process
  • another great resource – the Docker Hub. The hub is an online directory of community-made images you can download and use in your own projects. These include Linux distributions, utilities, and complete applications.
  • Docker has established a relationship with the teams behind popular open source projects (including WordPress) – these partners have built official images that you can download and use as-is.
  • when you finish developing your code, you should wrap it up inside a complete container image. The goal is to put all the code that runs your site inside a container and store the volatile data in a volume.
  • Although Docker can help to make your site more secure, there’s are a few major issues you need to understand. The Docker daemon runs as a superuser It’s possible to load the entire filesystem into a container It’s possible to pass a reference to the docker daemon into a container
  • The solution to this issue is to use a MAC solution like SELinux, GRSecurity or AppArmor.
  • Never let anyone trick you into running a strange docker command.
  • only download and use Docker images from a trustworthy source. Official images for popular images are security audited by the Docker team. Community images are not
  • there are the core WordPress files. These interact with the web server through the PHP runtime. WordPress also relies on the file system and a database server.
  • A service is some software component that listens for requests (over a protocol) and does something when it receives those requests.
  • Using Docker, you could install WordPress, Apache, and PHP in one container, and run MySQL from another. These containers could run on the same physical machine, or on different ones
  • The database service container can be configured to only accept connections that originate from the web container. This immediately removes the threat of external attacks against your database server
  • This gives you the perfect opportunity to remove high-risk software from your host machine, including: Language Runtimes and interpreters, such as PHP, Ruby, Python, etc. Web servers Databases Mail Servers
  • If a new version of MySQL is released, you can update the database container without touching the web container. Likewise, if PHP or Apache are updated, you can update the web container and leave the database container alone.
  • Because Docker makes it easy to connect these containers together, there’s no reason to lump all your software inside a single container. In fact, it’s a bad practice – it increases the security risk for any single container, and it makes it harder to manage them.
  • If your site is already live on an existing server, the best approach is to set up a new host machine and then migrate over to it. Here are the steps you need to take:
  • With a minimal Ubuntu installation, you have a fairly bare-bones server. You also have the benefit of a huge repository of software you can install if you want.
  • If access control is like a lock protecting a building, intrusion detection is the security alarm that rings after someone breaks in.
  • Logging on to your host with a superuser account is a bad practice. It’s easy to accidentally break something.
  • Fail2ban blocks SSH users who fail the login process multiple times. You can also set it up to detect and block hack attempts over HTTP – this will catch hackers who attempt to probe your site for weaknesses.
  • With multiple WordPress sites on your machine, you have 2 choices. You could create a new database container for each, or you could reuse the same container between them. Sharing the DB container is a little riskier, as a hacker could, theoretically, ruin all your sites with one attack. You can minimize that risk by: Use a custom root user and password for your database – don’t use the default username of ‘root’. Ensuring the db container is not accessible over the internet (hide it away inside a docker network) Creating new databases and users for each WordPress site. Ensure each user only has permissions for their specific database.
  • What are the benefits of using a single database container? It’s easier to configure and scale. It’s easier to backup and recover your data. It’s a little lighter on resources.
  • you could also add a caching container, like Varnish. Varnish caches your content so it can serve pages quickly – much faster than WordPress can
  • Docker has the ability to limit how much processor time and memory each container gets. This protects you against exhaustion DOS attacks
  • A containerized process still has some of the abilities of root, making it more powerful than a regular user. But it’s not as bad as full-on root privileges. With AppArmor, you can tighten the security further, preventing the process from accessing any parts of the system that do not relate to serving your website.
  • Docker Hub works like GitHub – you can upload and download images for free. The downside is that there’s no security auditing. So it’s easy to download a trojan horse inside a container.
  • Official images (such as WordPress and Apache) are audited by the Docker team. These are safe. Community images (which have names like user/myapp) are not audited.
  • a kernel exploit executed inside a container will affect the entire system. The only way to protect against kernel exploits is to regularly update the host system
  • Containers run in isolation from the rest of the system. That does not mean you can neglect security – your website lives inside these containers! Even if a hacker cannot access the full system from a container, they can still damage the container’s contents.
  • Under Ubuntu, AppArmor already protects you – to a degree. The Docker daemon has an AppArmor profile, and each container runs under a default AppArmor profile. The default profile prevents an app from breaking out of the container, and restricts it from doing things that would harm the system as a whole. However, the default profile offers no specific protection against WordPress specific attacks. We can fix this by creating a custom profile for your WordPress container.
  • The net effect is that it’s impossible to install malware, themes or plugins through the web interface. We’ve already covered this to some degree with the .htaccess rules and directory permissions. Now we’re enforcing it through the Linux kernel.
  • There are versions of Docker for Mac and PC, so you’ll be able to run your site from your home machine. If the code works on your PC, it will also work on the server.
  • Tripwire tends to complain about the entries in the /proc filespace, which are auto-generated by the Linux kernel. These files contain information about running processes, and they tend to change rapidly while Linux runs your system. We don’t want to ignore the directory entirely, as it provides useful signs that an attack is in progress. So we’re going to have to update the policy to focus on the files we are interested in.
  • Now we should install an e-mail notification utility – to warn us if anything changes on the system. This will enable us to respond quickly if our system is compromised (depending on how often you check your emails).
  • Rootkits are malicious code that hackers install onto your machine. When they manage to get one on your server, it gives them elevated access to your system
  • Tripwire is configured to search in key areas. It’s good at detecting newly installed software, malicious sockets, and other signs of a compromised system. RKHunter looks in less obvious places, and it checks the contents of files to see if they contain known malicious code. RKHunter is supported by a community of security experts who keep it updated with known malware signatures – just like antivirus software for PCs.
  • If your hosting company offers the option, this would be a good point to make an image of your server. Most cloud hosting companies offer tools to do this.
  • With an image, it’s easy to launch new servers or recover the old one if things go horribly wrong.
  • We’ve hidden our server from the world while making it easy to read our content We’ve built a firewall to block malicious traffic We’ve trapped our web server inside a container where it can’t do any harm We’ve strengthened Linux’s access control model to prevent processes from going rogue We’ve added an intrusion detection system to identify corrupted files and processes We’ve added a rootkit scanner We’ve strengthened our WordPress installation with 2-factor authentication We’ve disabled the ability for any malicious user to install poisoned themes or plugins
  • Make a routine of checking the logs (or emails if you configured email reporting). It’s vital to act quickly if you see any warnings. If they’re false warnings, edit the configuration. Don’t get into a habit of ignoring the reports.
  • Virtually everything that happens on a Linux machine is logged.
  • You have to make a habit of checking for new exploits and learn how to protect yourself against them. Regularly check for security patches and issues in the core WordPress app: WordPress Security Notices Also, check regularly on the forums or mailing lists for the plugins and themes you use on your site.
  • network level intrusion detection service – you can fix that by installing Snort or PSAD.
  • The only way to guarantee your safety is to constantly update your security tactics and never get complacent.
jack_fox

Getting Started - schema.org - 0 views

schema.org/gs.html

seo site code & design

shared by jack_fox on 08 Mar 19 - No Cached
  • More specific items inherit the properties of their parent.
  • Actually, a LocalBusiness is a more specific type of Place and a more specific type of Organization, so it inherits properties from both parent types.)
  • In general, the more content you mark up, the better. However, as a general rule, you should mark up only the content that is visible to people who visit the web page and not content in hidden div's or other hidden page elements.
  • ...6 more annotations...
  • Links to 3rd party sites can help search engines to better understand the item you are describing on your web page.
  • To make dates unambiguous, use the time tag along with the datetime attribute. The value of the datetime attribute is the date specified using YYYY-MM-DD format
  • it is also fine to embed an item that is a child type of the expected type. For example, if the expected type is Place, it's also OK to embed a LocalBusiness.
  • Sometimes, a web page has information that would be valuable to mark up, but the information can't be marked up because of the way it appears on the page.
  • In these cases, use the meta tag along with the content attribute to specify the information
  • Only use meta with content for information that cannot otherwise be marked up.
Rob Laporte

SEO Starter Guide: The Basics | Google Search Central - 0 views

developers.google.com/...seo-starter-guide

seo site code & design

shared by Rob Laporte on 16 Nov 21 - No Cached
  • To tell Google not to follow or pass your page's reputation to the pages linked, set the value of the rel attribute of a link to nofollow or ugc. Nofollowing a link means adding rel="nofollow" or a more specific attribute such as ugc inside the link's anchor tag, as shown here:
  • Use the HTML <img> or <picture> elements
Rob Laporte

Effective Internal Linking Strategies That Prevent Duplicate Content Nonsense - Search Engine Guide Blog - 0 views

www.searchengineguide.com/...rnal-linking-strategies-th.php

seo site code & design

shared by Rob Laporte on 21 May 08 - Cached
  • Rob Laporte on 21 May 08
     
    The funny thing about duplicate content is that you don't really have to have it for it to appear as if you do have it. But whether you have duplicate content on your site or not, to the search engines appearances are everything . The engines are pretty much just mindless bots that can't reason. They only see what is, or appears to be there and then do what the programmers have determined through the algorithm. How you set up your internal linking structure plays a significant role in whether you set yourself up to appear if you have duplicate content on your site or not. Some things we do without thinking, setting ourselves up for problems ahead. With a little foresight and planning, you can prevent duplicate content issues that are a result of poor internal link development. For example, we know that when we link to site.com/page1.html in one place but then link to www.site.com/page1.html in another, that we are really linking to the same page. But to the search engines, the www. can make a difference. They'll often look at those two links as links to two separate pages. And then analyze each page as if it is a duplicate of the other. But there is something we can do with our internal linking to alleviate this kind of appearance of duplicate content. Link to the www. version only Tomorrow I'll provide information on how to set up your site so when someone types in yoursite.com they are automatically redirected to www.yoursite.com. It's a great permanent fix, but as a safety measure, I also recommend simply adjusting all your links internally to do the same. Example of not linking to www. version. In the image above you can see that the domain contains the www., but when you mouse over any of the navigation links, they point to pages without the www. Even if you have a permanent redirect in place, all the links on your site should point to the proper place. At the very least you're making the search engines and visitors NOT have to redirect. At best, should y
Rob Laporte

The Importance of Site Speed in 2018 | Power Digital - 0 views

powerdigitalmarketing.com/...portance-of-site-speed-in-2018

seo site code & design

shared by Rob Laporte on 18 Feb 19 - No Cached
  • Site Speed’s Impact on SEO Site speed is a ranking factor and an even larger ranking factor for mobile pages. Google is rolling out a Mobile First index moving forward, which will officially take effect in July 2018, meaning now is the time to optimize for mobile site speed so you’re not on the losing team when it officially rolls out. With that being said, we have already seen the direct impact that site speed has on our clients’ websites’ SEO rankings and organic traffic. The reason why site speed is a ranking factor is that it is, first and foremost, a sign of quality user experience. A fast site speed will result in a better user experience, while a slow site speed will result in a poor user experience. A user is typically staying on a site longer if the site speed is faster and they also convert better and bounce less. For those reasons, Google has made it a ranking factor. Related: Improve Website Speed with these 5 Quick Tips We view three to four seconds or less as a good page load time. This varies slightly based on the type of site and industry but typically if your web pages load in under three to four seconds, you’re doing well. Once you exceed that load time, we start to see less optimal rankings as well as a poorer user experience. Conversely, if we brought this page speed down to sub-three to four seconds we would likely see better rankings. We have seen the effects of this first-hand with a client. We implemented site speed optimizations on a client’s website and the client’s developer accidentally removed the work we had done. The website with the site speed optimizations went from a four-second load time to a 12-second load time after the optimizations were removed, which caused rankings to plummet. We went back in and updated the site with the proper site speed optimizations again and got the website back to a four-second load time and rankings went back up. This illustrated in real-time that site speed has a direct link to SEO and keyword rankings. This is rare, as almost nothing happens in real-time for SEO, it’s a slow and steady wins the race scenario, but we saw the ranking impact in just a few days when site speed optimizations were stripped and then re-implemented. It was a great experiment because we already knew site speed made an impact on SEO, but this really showed the emphasis Google is placing on it for mobile and desktop from a search perspective. The benefits of site speed on user experience impact other digital channels as well, like paid search.
Rob Laporte

Official Google Webmaster Central Blog: Using site speed in web search ranking - 0 views

googlewebmastercentral.blogspot.com/...eed-in-web-search-ranking.html

seo site code & design

shared by Rob Laporte on 12 Jun 10 - Cached
  • If you are a site owner, webmaster or a web author, here are some free tools that you can use to evaluate the speed of your site:Page Speed, an open source Firefox/Firebug add-on that evaluates the performance of web pages and gives suggestions for improvement.YSlow, a free tool from Yahoo! that suggests ways to improve website speed.WebPagetest shows a waterfall view of your pages' load performance plus an optimization checklist.In Webmaster Tools, Labs > Site Performance shows the speed of your website as experienced by users around the world as in the chart below. We've also blogged about site performance.Many other tools on code.google.com/speed.While site speed is a new signal, it doesn't carry as much weight as the relevance of a page. Currently, fewer than 1% of search queries are affected by the site speed signal in our implementation and the signal for site speed only applies for visitors searching in English on Google.com at this point. We launched this change a few weeks back after rigorous testing. If you haven't seen much change to your site rankings, then this site speed change possibly did not impact your site.
Rob Laporte

Problem with Google indexing secure pages, dropping whole site. - Search Engine Watch Forums - 0 views

forums.searchenginewatch.com/showthread.php

seo site code & design

shared by Rob Laporte on 04 May 09 - Cached
  • Coincidentally Google e-mailed me today saying to use a 301 redirect for the https page to http. This is the first thought I had and I tried to find code to do this for days when this problem first occurred-I never found it.
  • Rob Laporte on 04 May 09
     
    04-25-2006 Chris_D's Avatar Chris_D Chris_D is offline Oversees: Searching Tips & Techniques Join Date: Jun 2004 Location: Sydney Australia Posts: 1,103 Chris_D has much to be proud ofChris_D has much to be proud ofChris_D has much to be proud ofChris_D has much to be proud ofChris_D has much to be proud ofChris_D has much to be proud ofChris_D has much to be proud ofChris_D has much to be proud ofChris_D has much to be proud of Hi docprego, Set your browser to reject cookies, and then surf your site (I'm assuming it's the one in your profile). now look at your URLS when you reject cookies..... /index.php?cPath=23&osCsid=8cfa2cb83fa9cc92f78db5f4 4abea819 /about_us.php?osCsid=33d0c44757f97f8d5c9c68628eee0e 2b You are appending Cookie strings to the URLS for user agents that reject cookie. That is the biggest problem. Get someone who knows what they are doing to look at your server configuration - its the problem - not Google. Google has always said: Quote: Use a text browser such as Lynx to examine your site, because most search engine spiders see your site much as Lynx would. If fancy features such as JavaScript, cookies, session IDs, frames, DHTML, or Flash keep you from seeing all of your site in a text browser, then search engine spiders may have trouble crawling your site. Allow search bots to crawl your sites without session IDs or arguments that track their path through the site. These techniques are useful for tracking individual user behavior, but the access pattern of bots is entirely different. Using these techniques may result in incomplete indexing of your site, as bots may not be able to eliminate URLs that look different but actually point to the same page. http://www.google.com/webmasters/guidelines.html You've also excluded a few pages in your http port 80 non secure robots.txt which I would have expected that you want to be indexed - like /about_us.php From an information architecture perspective, as Marcia said - put the stuff that n
Rob Laporte

Google's New Snippet Controls Rolling Out In A Few Days With More Changes To Google France - 0 views

www.seroundtable.com/ontrols-rolling-out-28378.html

seo site code & design

shared by Rob Laporte on 11 Nov 19 - No Cached
  • Here are the new controls:"nosnippet"This is an existing option to specify that you don't want any textual snippet shown for this page.  "max-snippet:[number]"New! Specify a maximum text-length, in characters, of a snippet for your page. "max-video-preview:[number]"New! Specify a maximum duration in seconds of an animated video preview. "max-image-preview:[setting]"New! Specify a maximum size of image preview to be shown for images on this page, using either "none", "standard", or "large".You can use this as standalone meta tags or combine them, so you can use something like this:There is also a new data-nosnippet HTML attribute for this that looks like this:We've seen samples of Google not showing anything but the URL in search, we assumed it was a bug. But probably it was Google testing this. Google did send out emails to publishers who would be impacted by this French law.Anyway, you should see the new snippet controls and French change starting Friday and as it rolls out through next week.
jack_fox

Blocking URLs: Unmask Googlebot's Real Server Response - 0 views

gentofsearch.com/...ooglebots-true-server-response

seo usability & CRO

shared by jack_fox on 15 Nov 21 - No Cached
  • HTTP errors bring down average response time – 4xx and 5xx errors can bring down the average in crawl stats.Blocking client and server errors can “increase” reported avg. response times – Blocking unimportant 4xx and 5xx errors can reveal the true average for your website in crawl stats report.Page load resource higher crawl rate on lower priority sites – A high percentage (%) of page resource load resource UA requests might indicate that refresh and discovery crawling isn’t a priority for Googlebot on a particular host.Blocking URLs in robots.txt doesn’t shift crawl budget – Googlebot doesn’t reallocate or shift crawling to another area of the website just because you block unimportant resources (unless Googlebot is already hitting your site’s serving limit (which usually happens on large websites)).
Dale Webb

Google Analytics - Profiles vs. Accounts - 0 views

www.google.com/...answer.py

statistics

shared by Dale Webb on 11 Jun 09 - No Cached
  • Dale Webb on 11 Jun 09
     
    Profiles have same tracking code, so essentially show the same data in different ways. Accounts have different tracking code, so creating two accounts for the same site will essentially be treated by GA as two completely different sites. If a site (like L1ID) wanted to track two parts of its site separately, a cleaner way would be to create multiple profiles - this requires the separate parts of the site be in separate subdirectories though.
Rob Laporte

Official Google Webmaster Central Blog: Make your 404 pages more useful - 0 views

googlewebmastercentral.blogspot.com/...our-404-pages-more-useful.html

site code & design

shared by Rob Laporte on 29 Oct 08 - Cached
  • Rob Laporte on 29 Oct 08
     
    This Blog Google Blogs Web Blog News This Blog Google Blogs Web Blog News Make your 404 pages more useful Tuesday, August 19, 2008 at 10:13 AM Your visitors may stumble into a 404 "Not found" page on your website for a variety of reasons: * A mistyped URL, or a copy-and-paste mistake * Broken or truncated links on web pages or in an email message * Moved or deleted content Confronted by a 404 page, they may then attempt to manually correct the URL, click the back button, or even navigate away from your site. As hinted in an earlier post for "404 week at Webmaster Central", there are various ways to help your visitors get out of the dead-end situation. In our quest to make 404 pages more useful, we've just added a section in Webmaster Tools called "Enhance 404 pages". If you've created a custom 404 page this allows you to embed a widget in your 404 page that helps your visitors find what they're looking for by providing suggestions based on the incorrect URL. Example: Jamie receives the link www.example.com/activities/adventurecruise.html in an email message. Because of formatting due to a bad email client, the URL is truncated to www.example.com/activities/adventur. As a result it returns a 404 page. With the 404 widget added, however, she could instead see the following: In addition to attempting to correct the URL, the 404 widget also suggests the following, if available: * a link to the parent subdirectory * a sitemap webpage * site search query suggestions and search box How do you add the widget? Visit the "Enhance 404 pages" section in Webmaster Tools, which allows you to generate a JavaScript snippet. You can then copy and paste this into your custom 404 page's code. As always, don't forget to return a proper 404 code. Can you change the way it looks? Sure. We leave the HTML unstyled initially, but you can edit the CSS block that we've included. For more information, check out our gu
Rob Laporte

Are 5 Sites Better than One? - Search Engine Watch (SEW) - 0 views

searchenginewatch.com/3634330

seo site code & design

shared by Rob Laporte on 09 Jul 09 - Cached
  • Consider Dedicated Hosting If you're using shared hosting for all of your sites, and you link them together, it's imperative you move each site to its own dedicated hosting. If you're not sure if you're using shared hosting or how your sites are configured, check out who else is on your IP with a tool like this one at Axandra.com. Shared hosting is traceable, and Google knows you own all of those sites – so they're going to either "ding" all of them, or only give one site credence in their results. In the scenario above with the bed and breakfasts, just putting each site on its own dedicated hosting set up sent the newer site from page five to bottom of page one in about three months. If you must interlink your sites, and you want to continue to do so, make sure you arrange your hosting correctly. So we learned that having multiple sites isn't a bad thing, if you've set them up correctly. Consider also the time and marketing investment five sites involves versus one site. You have to weigh the benefits of having five against the cost and judge for yourself. I certainly can't guarantee this will solve all of your problems, but it worked for me and I definitely think if you're working on more than one site in a niche or location, you should consider trying out this technique.
Rob Laporte

Deduping Duplicate Content - ClickZ - 0 views

www.clickz.com/3635050

seo site code & design

shared by Rob Laporte on 24 Sep 09 - Cached
  • Rob Laporte on 24 Sep 09
     
    One interesting thing that came out of SES San Jose's Duplicate Content and Multiple Site Issues session in August was the sheer volume of duplicate content on the Web. Ivan Davtchev, Yahoo's lead product manager for search relevance, said "more than 30 percent of the Web is made up of duplicate content." At first I thought, "Wow! Three out of every 10 pages consist of duplicate content on the Web." My second thought was, "Sheesh, the Web is one tangled mess of equally irrelevant content." Small wonder trust and linkage play such significant roles in determining a domain's overall authority and consequent relevancy in the search engines. Three Flavors of Bleh Davtchev went on to explain three basic types of duplicate content: 1. Accidental content duplication: This occurs when Webmasters unintentionally allow content to be replicated by non-canonicalization (define), session IDs, soft 404s (define), and the like. 2. Dodgy content duplication: This primarily consists of replicating content across multiple domains. 3. Abusive content duplication: This includes scraper spammers, weaving or stitching (mixed and matched content to create "new" content), and bulk content replication. Fortunately, Greg Grothaus from Google's search quality team had already addressed the duplicate content penalty myth, noting that Google "tries hard to index and show pages with distinct information." It's common knowledge that Google uses a checksum-like method for initially filtering out replicated content. For example, most Web sites have a regular and print version of each article. Google only wants to serve up one copy of the content in its search results, which is predominately determined by linking prowess. Because most print-ready pages are dead-end URLs sans site navigation, it's relatively simply to equate which page Google prefers to serve up in its search results. In exceptional cases of content duplication that Google perceives as an abusive attempt to manipula
  • Rob Laporte on 24 Sep 09
     
    One interesting thing that came out of SES San Jose's Duplicate Content and Multiple Site Issues session in August was the sheer volume of duplicate content on the Web. Ivan Davtchev, Yahoo's lead product manager for search relevance, said "more than 30 percent of the Web is made up of duplicate content." At first I thought, "Wow! Three out of every 10 pages consist of duplicate content on the Web." My second thought was, "Sheesh, the Web is one tangled mess of equally irrelevant content." Small wonder trust and linkage play such significant roles in determining a domain's overall authority and consequent relevancy in the search engines. Three Flavors of Bleh Davtchev went on to explain three basic types of duplicate content: 1. Accidental content duplication: This occurs when Webmasters unintentionally allow content to be replicated by non-canonicalization (define), session IDs, soft 404s (define), and the like. 2. Dodgy content duplication: This primarily consists of replicating content across multiple domains. 3. Abusive content duplication: This includes scraper spammers, weaving or stitching (mixed and matched content to create "new" content), and bulk content replication. Fortunately, Greg Grothaus from Google's search quality team had already addressed the duplicate content penalty myth, noting that Google "tries hard to index and show pages with distinct information." It's common knowledge that Google uses a checksum-like method for initially filtering out replicated content. For example, most Web sites have a regular and print version of each article. Google only wants to serve up one copy of the content in its search results, which is predominately determined by linking prowess. Because most print-ready pages are dead-end URLs sans site navigation, it's relatively simply to equate which page Google prefers to serve up in its search results. In exceptional cases of content duplication that Google perceives as an abusive attempt to manipula
Rob Laporte

Combining Trust and Relevance - Search Engine Watch (SEW) - 0 views

searchenginewatch.com/3634096

seo link marketing site code & design

shared by Rob Laporte on 29 Jul 09 - Cached
  • What Happens When You Launch a New Site Section? If there's a close relationship between your new site section and the historical trusted aspect of the site, you'll likely pick up some traffic quite quickly. However, sites stall a bit after that. They get a little taste of the good traffic for their new section, but then it stops growing. Over a period of time, it will remain frozen, but then if you're doing the right things (developing quality content, link building), you may see a jump in traffic. My own conjecture is that a combination of quality inbound links and time raises the trust level of the new site section. Once you cross a trust threshold, you enable a new period of growth until you hit the next threshold. Then the cycle repeats. I've seen this behavior several times now during the development and promotion of new sections of content on existing sites. How Can You Speed Things Along? We already mentioned the two most important things above. Developing quality content was one of them. While search engine crawlers can't measure content quality in a direct sense, they can understand the relevance and depth of a Web page, provided you put enough text out there for them to chew on. Also, if a new site section is really thin on content, you can send negative signals to the search engines. The other thing you need to do? Our old friend, link building. At least some of the signals for evaluating trust are based on link analysis. Getting high quality links from high quality sites will help you establish that trust. The above is a sandbox scenario, but applied to new content section on an existing site, it operates much the same way. You benefit from the inherent trust of the existing domain, but still need to prove it to the search engines by getting new links to the new section itself.
Dale Webb

Pixelsilk: SEO-Friendly Content Management System | Search Engine Journal - 0 views

www.searchenginejournal.com/...14743

web programming seo site code & design

shared by Dale Webb on 17 Nov 09 - Cached
  • Dale Webb on 17 Nov 09
     
    Article I found about PixelSilk in my Blog rounds. It does look pretty slick and user-friendly. I'll be very interested to see how easy it is to work with from a development perspective, how it's coded, etc. This article is interesting and insightful because the person is unfamiliar with CMS/coding in general, but knows SEO, and finds it very easy to use and likes the SEO features.
Rob Laporte

Google SEO Test - Google Prefers Valid HTML & CSS | Hobo - 0 views

www.hobo-web.co.uk/...-google-prefers-valid-html-css

seo algorithms site code & design

shared by Rob Laporte on 29 Oct 08 - Cached
  • Rob Laporte on 29 Oct 08
     
    Well - the result is clear. From these 4 pages Google managed to pick the page with valid css and valid html as the preffered page to include in it's index! Ok, it might be a bit early to see if the four pages in the test eventually appear in Google but on first glance it appears Google spidered the pages, examined them, applied duplicate content filters as expected, and selected one to include in search engine results. It just happens that Google seems to prefer the page with valid code as laid down by the W3C (World Wide Web Consortium). The W3C was started in 1994 to lead the Web to its full potential by developing common protocols that promote its evolution and ensure its interoperability. What is the W3C? * W3C Stands for the World Wide Web Consortium * W3C was created in October 1994 * W3C was created by Tim Berners-Lee * W3C was created by the Inventor of the Web * W3C is organized as a Member Organization * W3C is working to Standardize the Web * W3C creates and maintains WWW Standards * W3C Standards are called W3C Recommendations How The W3C Started The World Wide Web (WWW) began as a project at the European Organization for Nuclear Research (CERN), where Tim Berners-Lee developed a vision of the World Wide Web. Tim Berners-Lee - the inventor of the World Wide Web - is now the Director of the World Wide Web Consortium (W3C). W3C was created in 1994 as a collaboration between the Massachusetts Institute of Technology (MIT) and the European Organization for Nuclear Research (CERN), with support from the U.S. Defense Advanced Research Project Agency (DARPA) and the European Commission. W3C Standardising the Web W3C is working to make the Web accessible to all users (despite differences in culture, education, ability, resources, and physical limitations). W3C also coordinates its work with many other standards organizations such as the Internet Engineering Task Force, the Wireless Application Protocols (WAP) Forum an
Stephen Kelley

70 Expert Ideas For Better CSS Coding | CSS | Smashing Magazine - 0 views

www.smashingmagazine.com/...rt-ideas-for-better-css-coding

site code & design

shared by Stephen Kelley on 03 May 08 - Cached
  • Stephen Kelley on 03 May 08
     
    Great collection of CSS related code ideas.
Rob Laporte

301 vs. 410 vs. 404 vs. Canonical | LinkedIn - 0 views

www.linkedin.com/...s-410-vs-404-53266.S.173139363

seo site code & design

shared by Rob Laporte on 12 Oct 12 - No Cached
  • However, after looking at how webmasters use them in practice we are now treating the 410 HTTP result code as a bit "more permanent" than a 404. So if you're absolutely sure that a page no longer exists and will never exist again, using a 410 would likely be a good thing. I don't think it's worth rewriting a server to change from 404 to 410, but if you're looking at that part of your code anyway, you might as well choose the "permanent" result code if you can be absolutely sure that the URL will not be used again. If you can't be sure of that (for whatever reason), then I would recommend sticking to the 404 HTTP result code.
Rob Laporte

Domain Moving Day the Key Relevance Way | SEMClubHouse - Key Relevance Blog - 0 views

www.semclubhouse.com/ving-day-the-key-relevance-way

seo site code & design

shared by Rob Laporte on 29 Oct 08 - Cached
  • Rob Laporte on 29 Oct 08
     
    Domain Moving Day the Key Relevance Way by Mike Churchill So, you're gonna change hosting providers. In many cases, moving the content of the site is as easy as zipping up the content and unzipping it on the new server. There is another aspect of moving the domain that many people over look: DNS. The Domain Name System (DNS) is the translation service that converts your domain name (e.g. keyrelevance.com) to the corresponding IP address. When you move hosting companies, it's like changing houses, if you don't set up the Change of Address information correctly, you might have some visitors going to the old address for a while. Proper handling of the changes to DNS records makes this transition time as short as possible. Let's assume that you are changing hosting, and the new hosting company is going to start handling the Authoritative DNS for the domain. The first step is to configure the new hosting company as the authority. This should best be done a couple or more days before the site moves to the new location. What does "Authoritative DNS" mean? There are a double-handful of servers (known as the Root DNS servers) whose purpose is to keep track of who is keeping track of the IP addresses for a domain. Rather than them handling EVERY DNS request, they only keep track of who is the authoritative publisher of the DNS information for each domain. In other words, they don't know your address, but they tell you who does know it. If we tell the Root level DNS servers that the authority is changing, this information may take up to 48 hours to propagate throughout the internet. By changing the authority without changing the IP addresses, then while visiting browsers are making requests during this transition, both the old authority and the new authority will agree on the address (so no traffic gets forwarded before you move). Shortening the Transition The authoritative DNS servers want to minimize their load, so every time they send out an answer to a
Rob Laporte

What Google Thinks of Your Site - Search Engine Watch (SEW) - 0 views

searchenginewatch.com/3640693

seo site code & design

shared by Rob Laporte on 22 Jun 10 - Cached
  • Internal Links Listings Sitelinks have been around for years, about five to be exact. Another important SERP feature that has also been around this long are site's internal links in the SERP listings. The occurrence of this isn't always deemed by branded or domain related searches as well as having a first place listing. These horizontally placed links located between the SERP listing description and URL are most often a mirrored replication of the anchor text of the text links you possess on your home page. To perform optimally at getting Google to display these, make sure the text links are placed in the first few paragraphs of copy to help increase your internal page CTR. Also, ensure that the anchor text is identical to the destination pages overall keyword focus. Having placement of internal links in Google SERPs is Google's thumbs up that you have a proper internal linking to keyword strategy.
  • Hierarchical Category Links One of the most recent SERP listing features you can use gauge Google's perception of your site are the hierarchical breadcrumb links placed in the URL line of SERP listings. These began to appear half a year ago and, like the internal link placement above, also don't require first place ranking, brand, or domain related searches to appear in SERPs. Receiving the hierarchical category links are achieved by utilizing a network of breadcrumb navigation across the internal pages of your site. To create an optimal process of breadcrumb linking, make sure you've applied your keyword strategy alongside the information architecture of your site content. Your URL structure should include keyword rich and content relevant category/folder naming conventions and ensure that site content falls into the appropriate categories. Furthermore, having a breadcrumb navigation in which the category links closely mimic the folder path of the URL helps to indicate to Google how the content of your site flows and that you have taken steps to properly deliver site content to search engines as well as users. Taking into consideration these Google SERP features will allow you to gain insight as to how Google understands the most important elements of your site from an SEO standpoint.
1 - 20 of 644 Next › Last »
Showing 20 items per page