Web

For as long as there have been search engines there has been search engine optimization.

The idea of “free” search traffic has an innate appeal to everybody with a website. Many of these people have sought to get a piece of that traffic in one way or another.

You used to be able to build a bunch of links to a web page using the keyword as the anchor text and rank. This came to an end in the spring of 2012 with Google’s first Penguin update.

Penguin targeted spammy anchor text specifically, and continues to evolve to better identify and penalize manipulative link building tactics.

Panda, another algorithm update, has focussed more on website quality. Panda initially used human reviewers to train the algorithm to recognize “quality” websites.

Which is a long winded way of saying two things:

1. Google wants to show the best results possible for a search query because ultimately that’s their core product
2. Google will work tirelessly to protect their core product from threats (i.e. spammy link builders, low quality websites, etc)

It’s pretty simple, but unfortunately a lot of people have responded to natural evolution with this tired refrain and dismissed the practice entirely.

SEO is dead!

In reality, nothing could be further from the truth. Search engine optimization should be a core part of any new website development.

Many existing websites are a complete disaster in terms of SEO, and most have lots of room for improvement.

While an in depth discussion of SEO could and does fill many blogs, books and forums, doing a basic SEO audit on your website is pretty easy.

Much like a speed test, an SEO audit will give you a lot of insight into how much attention was given to optimization when your website was built.

Also like a speed test, if your website fares poorly here, chances are good there are other problems.

1) Pick one version of http and one of www

In short: you only want one version of your website to exist. You want to pick either http or https (secure), and you want to pick either www or non-www.

The first one is a no brainer: use https. Google has been very clear how they feel, and their Chrome browser is even showing non-https as “not secure” now, which is a bad look.

If your website is not using https, you should get on that as soon as possible. It is not something you want to overlook. It’s not rocket surgery to make the switch, but it is a bit of work.

As far as www vs. non-www, you make the call. It doesn’t make any difference SEO-wise, so it’s really a style choice more than anything.

But how do you know if you’re doing this right?

The key is to have everything redirect to the specific version you choose. For instance, the url of this website is https://erim.net. I use https, and I don’t use www.

So, if I enter www.erim.net or http://erim.net into my browser’s location field, it should redirect automatically to https://erim.net. The secure, non-www version of the url should always serve when viewing a web page on erim.net.

We can get a bit more in depth in the following step.

2) Use the site: query to test how Google indexed your website

A simple trick that can be very revealing is to use the site: search operator to view all the pages of your website that Google has indexed.

Just search for site:yourdomain.com in Google and voila.

Now that you have that handy, try this.

site:yourdomain.com -inurl:https (show me all indexed pages for my domain without “https” in the url)

If you’re using https, then you shouldn’t have any results returned from this query. If you do, then you may have multiple versions of the same content indexed, which is bad. It’s also one of the low quality signals Panda will penalize you for.

Try these as well:

site:yourdomain.com -inurl:www (for a www domain)

site:yourdomain.com inurl:www (for a non-www domain)

Again, both of these queries will return indexed pages that don’t follow the rules from step one. These should be fixed so they redirect to the correct version.

Here are a few queries you can use to find other problems.

site:yourdomain.com “lorem ipsum” (your web developer forgot about pages with dummy text)

site:yourdomain.com “hello world” (your web developer didn’t delete the default WordPress post)

site:yourdomain.com filetype:pdf OR filetype:doc (Google is great at indexing PDFs and Word docs. Make sure nothing sensitive is in here.)

Once you’ve done that, let’s return to where we started and the simple site:yourdomain.com. How does it look?

The makeup of the search results is pretty simple. The first bold line is the title of the page, followed by the URL, followed by descriptive text.

Is the title clear and compelling. Is the URL short and to the point? Is the description clear and accurate? Would all three together make you want to click?

Because that’s the key, right? And here are two important facts that many people don’t realize.

1. People clicking on your link will (probably) make it rank higher
2. You can control all three of these components (title, URL and description)

Now that we’ve established that these things are important, let’s delve a little deeper.

3) Do a site crawl with Screaming Frog SEO Spider

This one is going to require you download some software. But it’s free, or at least it has a free version. And it has a pretty cool name. The free version will only crawl 500 URLs, but that’s plenty for our purposes.

https://www.screamingfrog.co.uk/seo-spider/ 

Once you download and install Screaming Frog, enter your full URL from step 1 (http or https/www or non-www) and click start.

Check internal pages and links

When the crawl is complete, click the Internal tab and select HTML from the filter drop down just below that tab. You should see something like this.

Take a look at the last three columns: Status Code, Status and Indexability. Most everything should have a Status Code of 200, which means everything is ok. A 301 or 302 means that URL is redirecting, and there should be a good reason for that.

The indexability column shows whether that page is asking to be indexed or not. Some pages shouldn’t be indexed (privacy policy, t&c, etc), but if you see a lot of these and you don’t know why, it could be an issue.

Lots of 404 codes means you’ve got broken internal links. That looks bad and lessens the quality of your site in the eyes of the Big G. These should be fixed post haste.

Check external links

Click on the External tab, select HTML again and have a look.

Look at the status codes again. You want to see mostly 200s, with maybe some 301s and 302s. You definitely don’t want to see a lot of 404s, which again means broken links (external in this case). These are another sign of low quality and should be fixed.

That 999 status code from LinkedIn just means they don’t like Screaming Frog and so they block it entirely.

Check your title tags

Click on the Page Titles tab and you’ll see something like this.

Like the site:yourdomain.com search query we did earlier, this will show you each of the titles of the pages crawled.

There’s one very important difference though. The crawl shows the actual title element in the page, which can differ from what Google displays in its results.

But the title element is the thing you actually have control over.

Is the title of your homepage something like “Home yourdomain.com” or “homepage” or “yourdomain.com”? That’s bad. That’s very bad from an SEO perspective and a good indication that nobody paid much attention to optimizing for search when they built your site.

Here’s mine: “WordPress Development & Support for Engaging Websites | Erim.net”

It’s simple but descriptive, and it includes both keywords and branding. That’s what you want to shoot for. You have about 65 characters to work with.

Check your meta-descriptions

Click the Meta Description tab and you’ll see this screen.

Meta descriptions are the other key element displayed in the search results. It’s also one you have control over. Make these concise, and throw in a keyword and/or a call to action.

Think of these as working in conjunction with the title to both accurately describe the page and entice the searcher to click.

If these are all blank or non-sensical, that’s another good sign that SEO was not high on the list of priorities when your website was built.

These last two I’ve covered in other posts, but they’re critical for good SEO.

4) Make sure your website is mobile friendly

I addressed this in my other post on mobile website testing. Making sure your website works well on phones and tablets is crucial for SEO these days. Mobile traffic to your website probably accounts for around 60% of the total.

Google has even started indexing web pages from a mobile-first perspective.

Mobile-first indexing is exactly what it sounds like. It just means that the mobile version of your website becomes the starting point for what Google includes in their index, and the baseline for how they determine rankings. If you monitor crawlbot traffic to your site, you may see an increase in traffic from Smartphone Googlebot, and the cached versions of pages will usually be the mobile version of the page.

Again, take this seriously for both SEO and user experience.

5) Make sure your site loads fast

Speed is another issue I addressed before in my website speed test post, as well as my post on how to speed up WordPress., and it can also result in lowered search rankings and irritated users. Google has confirmed that page speed is a ranking factor, particularly on mobile.

A slow loading website probably means the overall build quality is low and there are probably other issues that should be addressed.

A slow site can also mean you’re using poor web hosting, in which case read my post on WPX Hosting, my favorite hosting company.

When a web developer overlooks performance, mobile responsiveness or search optimization, they’re not taking a long-term perspective.

They’re taking a short-term perspective that involves them finishing the project to the extent that you’re satisfied so they can get paid and move on to the next project.

But problems arise when serious underlying issues such as search, performance and mobile friendliness are totally overlooked or ignored.

Search rankings and user experience suffer, and the website you invested all that time and energy into works at a fraction of its capacity.

I hope this was informative and helped you understand some of the basics of SEO and how to audit your website. If you have any questions, let me know in the comments below or contact me any time.

According to W3Techs, WordPress now powers a full third of all websites. That’s a pretty insane level of market penetration, but if you look at the platform’s past growth it’s not terribly surprising.

While WordPress’ popularity speaks highly of its ease of use and reliability, there are a few downsides to being so widely used. One of the main issues is that it’s an common target for hackers because there are literally millions of sites on which to run automated attacks.

WordPress is inherently very secure, and when security holes do come up the core team is very prompt about patching them. The vast majority of hacked WordPress sites come from outdated versions of the core software or one of the many plugins available. Which leads us to our first tip.

Keep everything updated!

This is probably both the easiest and most important step to keeping your site secure. If your site gets hacked and you discover it was because you never applied that security patch from six months ago, or you installed a bunch of plugins but never bothered to update them, you really have nobody to blame but yourself.

Granted, updates can be a bit of a pain. They should be done on a regular basis, at least every week or two, and much sooner if an important security update comes out. And if you have a highly-trafficked site, you should ideally test your updates on a staging site first before updating everything on your live site.

But in the interest of simplicity, let’s assume you’re going to do this yourself and don’t want to complicate things. I would recommend setting up a calendar reminder for a certain time every week to log into your WordPress admin and check the Dashboard >> Updates page in the upper left of the menu.

This would also be a good time to do a backup of your entire site. You’re not doing any backups, you say? For shame. I really need to write another post on backups, but for now check out a free plugin like Updraft Plus so you can do this easily and not risk losing all your work.

Once you have that complete, just do the core, plugin and theme updates as needed and you’ll be all set. You can actually ignore any theme updates if you’re not using that particular theme (such as the default Twenty Nineteen). I usually do them anyway so the little orange icon goes away and I can clearly see how many updates are needed.

Change the default admin username to something other than ‘admin’

Here’s an easy one, and something that really shouldn’t be the common problem is usually is. Typically, when you first set up WordPress the main admin user is called “admin”. This seems obvious, but also means millions of sites out there are using the same default username.

This makes it quite easy for all those nefarious hackers to run brute force attacks using “admin” combined with a bunch of passwords. Of course, you want to use a strong password too, but it’s best to avoid the use of “admin” in the first place, thus thwarting said annoying hackers.

Fortunately, there are a few fixes for this problem. The easiest method, and one that doesn’t require a plugin or manually editing the database, is to create a brand new admin user (with a strong password of course).

Then, log out of your original admin account, log back in with the account you just created and delete the old account. Warning: be sure to attribute all of your existing content to the new user.

Use a security plugin to limit login attempts

Like I said earlier, there are a lot of hackers out there trying to log into your website using the default admin username combined with various passwords. Changing the default admin username is a good start, but how about blocking those nerds so they can’t hammer your site in the first place?

Excellent idea. I good security plugin will accomplish this for you, and I highly recommend using WordFence. This plugin will track failed login attempts and block the IP address of the offending user after the number you specify.

Wordfence also runs a web application firewall that tracks and identifies malicious traffic, does security scans of files, maintains an IP blacklist, enforces strong passwords and a bunch of other stuff that helps keep your site safe and secure. I install Wordfence on all the WordPress sites I set up. It’s a no brainer.

Use strong passwords

This one might seem obvious, but it’s really amazing how many people still use ridiculously insecure passwords for a variety of things. You’d think the barrage of news about hacks and surveillance would change their views, but such is not the case.

If your username is “bob” and your password is “bob123” this is bad. So is “passw0rd” and “123456” and “qwerty”. It sounds silly, but the reality is these are not uncommon.

WordPress will create a strong password by default when you add a new user. That’s an easy solution. Another is to use a password generator and stick to it. Like many things, the key is consistency. Just one admin user with a lame password can ruin your whole day.

A good overall security technique is to use different passwords for all of your accounts and then store them with a tool like 1Password or LastPass. Check out this excellent post for a good rundown of the dangers of re-using passwords, password managers, how to tell if your password has been compromised and more.

I know it’s convenient to use the same password for multiple sites. I used to do it. But all it takes is for one of those websites to get hacked and your email/password combination stolen. Next thing you know it’s published on a hacker board and all kinds of sensitive information is potentially exposed.

Use quality web hosting

I’m always amazed when, after spending lots of time and money creating a website and content, people will then look for the absolute cheapest hosting available. Makes no sense, but it’s surprisingly common.

Good managed hosting for a WordPress site can be had for $25 – $30 per month, which is next to nothing in the grand scheme of things, especially when it’s representing your organization.

I love WPX Hosting and have been using them for several years. In addition to the best tech support I’ve ever experienced, free SSL and their own CDN, they also provide enterprise-level DDoS protection, daily malware scans firewalls, and spam protection.

So, using WPX offers another level of security on top of what you provide yourself, hopefully by using a plugin like Wordfence.

On top of that – and this is pretty remarkable – WPX will do free malware removal if your site is hacked. I don’t know of another hosting company that offers this service, and it’s a testament to WPX and their commitment to going above and beyond for their customers.

WPX also does 28 day automatic backups, just in case you’re not on top of that yourself or your own backup gets corrupted for some reason.

If you’re looking for excellent hosting, I really can’t recommend WPX highly enough. I’ve lost track of the number of hosting companies I’ve used over the past 20 years or so, but none of them compare to WPX. They’ll even move your site for free.

I hope this has helped give you an idea of how to keep your WordPress website safe and secure. There’s a lot more to it, of course, but these tips are a great place to start. They’re also all within the realm of the average user without having to get into code or config files.

If you have any questions or comments, please let me know below or contact me any time.

It shouldn’t come as a surprise to anyone who exists in the modern world that mobile devices have become close to surgically attached for many people. Whether they’re talking, texting or trolling on Twitter, you don’t have to look far to find somebody with their nose buried in a phone.

The number of people using mobile devices to access the web has been growing for years. According to Statista, mobile traffic accounted for 52.2% of the total in 2018.

The share is higher in many parts of the world, and will vary somewhat depending on demographics. If your user base trends older, you’ll probably see fewer mobile users. But it’s safe to assume 50+ percent of people viewing your website are doing so on mobile phones or tablets.

In other words, if you’re not clear about your website’s mobile usability you could very easily be annoying or frustrating a good chunk of your users.

Fortunately, there are a few basic and fairly quick tests that will give you a good idea of how you’re doing.

1) Let Google show you the way

Since much of what is considered good practice is determined by the Borg ship in Mountain View, a good place to start is by running your site through their mobile-friendly testing tool. Enter your url and hit the button, easy peasy.

Hopefully, you’ll see this message.

But you may see this one.

The second is the result of a test I did for the remarkably bad website of author Suzanne Collins. Sorry Katniss. She’s probably just been busy.

The main issue here, aside from obviously being built by her nephew back in 1998, is that the website is designed for the desktop and makes no adjustments at all for mobile clients.

In these days of nearly ubiquitous responsive design, websites will automatically adjust to smaller viewports and rearrange elements to fit the smaller screen. This one does not, and hence is ugly (uglier) and hard to use on a phone.

Exactly. But hey, we’re not here to pick on Suzanne. I’ve never written a series of incredibly successful novels about a fifteen-year-old girl who can shoot an arrow through a bunny’s eye at three hundred yards or whatever.

Still, making even a terrible website like this responsive would not be very difficult. Better yet, redo the whole thing with a visually beautiful and responsive WordPress theme and leave this relic in the dust. The long-suffering denizens of District 12 will thank you.

2) Use a mobile simulator to view your site

This is a great way to get an idea of how your site looks on a variety of different clients at different screen resolutions. There are many out there, but I like this responsive design checker because it’s intuitive and easy to use. Just enter your URL and click “GO.”

You’ll then see this screen with a simple menu on the left (desktop, tablet, phone) and your website loaded in the frame to the right. Just play around with the different clients/resolutions to get an idea of how your site looks.

You’re not going to see a super up-to-date list of phones but this is a good way to get the gist of things.

For instance, you might notice that your logo looks good at one resolution but it’s slightly off on a smaller screen. Or, there’s a bit too much or too little white space around the body text.

In the interest of science (and bashing on another terrible website) let’s run this Illuminati awareness site through our tool to see how it fares.

Ho boy. As you can see below, the site is cut off even at 768 pixels wide (iPod mini size, left) and on an iPhone 6 (right) you only see about a third of the content.

Again, this site is not at all responsive so instead of adjusting the content to the size of the screen it just cuts it off. Sorry, Satan or Putin or Kissinger or whoever happens to get the axe.

I’m just going to assume destroying man made religions and traditions and exposing the church’s lies, while also exposing Satan and his NWO and Waking People up With TRUTH keeps one very, very busy and website redesigns are not a top priority. I can certainly understand.

3) Use actual devices

As with many things, there’s no substitute for going directly to the source. In this case, the source is an actual phone or tablet, whether it’s yours or that of a friend or colleague.

The tests above are good, but they’re essentially simulations. They’re also not actually testing the functionality, such as whether your responsive menu works or if other script enabled doodads you might be using are working as intended.

Another advantage of having other people look over your website is they may notice things you don’t, using as they are different eyeballs and brains. You’d be surprised what other people see when they’re coming to your site fresh without the preconceptions you’ve developed by staring at it for hours.

The best case is to use phones and tablets in both iOS and Android. If you can find an iPhone and an iPad, as well as a Samsung phone and tablet, you’ll be doing pretty well.

Check your site in both portrait and landscape mode, and just click around and scroll up and down as if you’re a random user.

Here are a few questions to keep in mind:

• Does the navigation function as intended and is it easy to use?
• Is it easy to click links within text, preferably using one hand?
• Are all your hover effects working?
• Do your logo and other graphics look good or are they getting chopped off?
• Do your contact or other forms work?
• If you have a phone number on your site, is it linked so users can click-to-call?

Give this a try and you might be surprised at what you find.

And, as always, try to be aware of how fast the pages load. As I’ve said before, page load time is one of the most important factors in overall satisfaction and trust for the people using your site.

I hope this post was informative. If you have any questions or comments, sound off below or feel free to contact me any time.

You’ve probably heard the news about website speed, user experience and conversions. I wrote another post about it, along with instructions on how to solve some common problems.

That post is more focused on WordPress, but the same rules apply for any site. Here are some of the scary stats:

• A one second delay in web page load time can result in a 7% loss in conversions, 11% fewer page views and a 16% decrease in customer satisfaction.
• 1 in 4 people will abandon a website that takes more than four seconds to load
• The ideal load time for a web page is two seconds or less

In other words, you ignore website speed at your peril. And let’s be honest, there’s more than enough peril in the world right now.

Fortunately, figuring out if your website is up to snuff speed-wise is easy and should only take you a minute or so. Fixing potential problems is another story, but one step at a time.

The one minute (or less) website speed test:

1. Go to gtmetrix.com (my favorite speed testing app)
2. Enter the url of the website you want to test
3. Bang that “Analyze” button
4. Kick back and let it do it’s thing

How’d you do? Two seconds or less? PageSpeed score over 90%? If so, congratulations. While there might still be room for improvement, that’s a very respectable result.

If your results are worse than that, maybe much worse, don’t despair. Many problems have easy fixes, and many others will just require changing some code, optimizing images or caching.

Or, your slow website could be the result of using sub par website hosting. I’ve been using WPX Hosting for years. I think they’re the best WordPress hosting currently available.

Like I said, my previous post covers performance tuning for WordPress. But, if you’re just not that into techie stuff (I totally understand) or you think you should be focussing on what you do best (you’re probably right), hit me up with the form below and I’ll be glad to check it out.

When it comes to running a website, especially a website that’s used actively to generate leads for a business or organization, there’s nothing more important than quality hosting.

While web hosting companies are as plentiful as grains of sand on a beach, finding one with good performance and support at a reasonable price is not easy. But since this is what I do, I’ve spent a fair amount of time researching and experimenting.

The dilemma of shared hosting

For most websites, certainly those starting out, an economical solution means using what is known as shared hosting. Basically, your website lives on a server with dozens or hundreds of other websites. This is all well and good, unless one of these websites is poorly optimized or getting tons of traffic.

When this happens, the CPU resources and memory used by said website spike, the server slows to a crawl and so do all the other websites on the server, including yours.

This is a fundamental problem with shared hosting, and really unavoidable without switching to either a virtual private server (where you get an allocated portion of server resources and memory), a cloud hosting plan (you’re allocated a certain amount of resources across many computers), or a dedicated server (you get an entire server all to yourself).

All of these solutions are generally overkill for a new or low traffic website. When your traffic builds and you start hitting the limits of your shared plan, that’s the time to think about more robust hosting. Until then, your time and resources are best spent creating useful content and converting the traffic you do have.

The best option is to look for a shared host that is committed to speed and excellent tech support. They typically cost a bit more than the cheapest hosts out there, but it’s money well spent. It always amazes me that people will spend thousands of dollars to build a website and then try to save a few bucks a month on hosting.

WPX Hosting

WPX Hosting (formery Traffic Planet Hosting) is a company created by SEO “guru” Terry Kyle. I first heard of Terry back when I used to do affiliate marketing.

If you know anything about that industry, you know it’s rife with grifters and hacks, and I’ve always appreciated Terry as a seemingly decent and honest person committed to delivering quality products and education.

Terry created WPX because of his own need for a fast and reliable host for his money-making sites. Site loading time is an important ranking factor in Google, and typical shared hosts are woefully inadequate in providing it, especially under a significant load.

But I can tell you from personal experience, having moved my websites to WPX, that the performance is outstanding. I get less than 1.5 second load times on this website consistently, the tech support is incredibly responsive, and the price is quite reasonable for what you get.

The Business Plan for $25/month allows five website installations, compared to a similar managed WordPress solution like WP Engine which costs $25/month for just one site.

I also like the simple and intuitive control panel, which replaces the ubiquitous cPanel most hosts use. cPanel is effective, but the interface is less than stellar and it puts quite a load on the servers running it.

All in all, I’ve been very happy with WPX Hosting, and very happy I moved. If you want to invest a little extra in a superior web host that will make your site snappier and thus more enjoyable to use, you can’t go wrong with WPX.

Disclosure: The above link to WPX hosting is an affiliate link, and I’m paid a commission if you sign up and remain a customer past the trial period. Rest assured, it’s a very good company that I use and recommend regularly.