Hello Happy Site Owners and Webmasters!
Tips this week include:
- Uh oh! My email got spoofed and I’ll tell you how plus how you can avoid it
- The Power of In-Person Video interview with Denise Wakeman is this Thursday
- Rebranding Your Site – interview with Kate Ahl date is set for next Wednesday
- Content Revamp Strategies Workshop for the DIY SEO course is this Thursday
- My theme speed tests are underway
- Why I’m asking you for a little Elementor help
- Google Introduces Web Vitals and what that means for your site
- Web Vitals showing up in WebPage Test
- Google Search Console has a new Core Web Vitals tab
- Why I suggest that everyone consider leaving VaultPress for UpdraftPlus now
Listen to the Podcast
Podcast: Play in new window | Download
Subscribe: RSS
Join me Live to Discuss Tips Tuesday
I hope you’ll join for tonight’s livestream at 8pm ET / 5pm PT on the BlogAid Facebook Page. It’s a great way to get the deeper story on what’s reported in Tips Tuesday. And, I almost always have breaking news for the day too. So come join us live for the party.
Replay
Who I Help
All tips, advice, and suggestions in this, and all BlogAid posts and tutorials, are intended to empower DIY site owners who are not on hosting that is restrictive in what you can and can’t do with your site and hosting setup.
BlogAid Happenings
There were two big news stories this week.
First is the new Web Vitals Essential metrics released by Google to evaluate user experience. I’ll tell you more about that in a moment.
The other big news was that one of my email accounts got spoofed.
My email account got spoofed
Five or six years ago I hired a GSuites certified person to help change my domain-related emails over from Outlook Express to GSuites. Actually, I think Outlook Express had already been toasted and I was using something like Thunderbird or such.
And I had an email address for every type of thing I offered like classes and services and trainings and such. And that’s how I kept everything organized. I needed help learning how to use aliases instead, and with transferring all of those emails over and putting appropriate labels on them and such.
Well, during all of that change and education, I totally forgot about the mailboxes at the host.
So, they never got deleted and passwords and such were never updated.
All these years later, one of those emails got hacked and spoofed.
It looked like a legit pest control company hosted on HostGator trying to update their contact list for real estate management agencies and such. All of them were legit companies. So, it’s not like they were sending out ransomware or such. They were just making use of my server resources to send the email because they had a severe limit on how many emails they could blast out through their server.
We don’t know how it happened, but it’s likely due to a lack of updating passwords on those email boxes.
Of course, I’ve deleted all of them, as none are needed since the domain-related email is going through GSuites. And that stopped the whole problem. Plus, there was no real damage to my account.
And I’ll be contacting the pest control company as it’s likely they outsourced this task and have no idea that the spoofing is going on. Or, maybe they do, and want to have a word with them.
Update ALL Passwords
The point is, lack of updates and rotating passwords and security keys are the top ways you can get hacked.
If you have any forgotten test site or staging site or such, get rid of it.
If you have unused accounts, ask to be deleted.
And update every password on every online account you have at least once a year.
Be sure to make them 16 characters of gobblty goop.
And never use the same password twice.
LastPass is a fantastic service that will generate and keep track of passwords for every account.
It’s free, but if you want to have it available on multiple devices, it’s $1/mo.
That’s super cheap peace of mind.
Unfortunately, I can’t use it because I’m constantly logging into vendors for multiple clients and that confuses the crap out of it. LastPass is really made for one user for their own accounts.
So, it’s good for you.
For me, I have to manually rotate all passwords, and I’ve got well over 100 online accounts.
All of them get updated. I just take them in 10 minute chunks a day until done.
I normally do mine in July, but thinking I want to get a head start this year.
Put yourself on a yearly schedule to do it too.
Site Audit Checkup
This is also why I advise my site audit clients to get a checkup every 12-18 months too.
Security changes all the time.
Rotating your SALT keys in WordPress is one of the things I do during that checkup.
These are the encrypted keys to check login credentials and they serve as a master key.
There are 40+ other checks I do in that audit checkup.
I’ll be taking my own sites through an audit in July too.
Migration Security
SALT keys are also one of the things I change immediately after a migration too.
Plus we change the cPanel login that got overwritten with the one at the old host.
And I delete everything at the old host, which is way more than just the WP files.
I get the database and user, plus the FTP accounts, and empty the host’s cache and backups, plus the trash bin all of that was thrown into.
You would not believe how long hosts let terminated account data site unattended on their servers!!!!
It’s ripe pickings for hackers and then they have the master key for your site at the new host too.
So, if you’re thinking about moving to a new host, contact me. I’ll help make the process smooth and take care of your security.
The Power of In-Person Video: Interview with Denise Wakeman
Thur June 4 at 3pm ET / 12pm PT
I can’t wait to chat live with Denise Wakeman this Thursday about the sheer power of doing in-person, or talking head videos.
It is one of the most powerful and authentic ways to engage with your audience.
It’s also one of the most powerful ways to grow your audience and reach.
Plus, Denise will be sharing with us multiple ways you can repurpose that video content too.
So, mark your calendar now to attend live on the BlogAid Facebook page so you can ask questions.
And, I’ve created a Facebook Event so you can get reminders too.
Just remember that the livestream will not be on the Event page. It will be on the BlogAid Facebook page. I know, it’s just a quirk of the way FB does that.
Rebranding Your Site: Interview with Kate Ahl
Wed June 10 at 3pm ET / 12pm PT
I am also delighted to share that I’ll be chatting next week with Kate Ahl of Simple Pin Media about the right way to rebrand your site.
I’ll be covering the site side of things and Kate will be covering the Pinterest side of it.
We decided on the date just prior to me recording the Tips Tuesday podcast, so I’ll have a post and a Facebook Event link for you a little later this week.
But do go ahead and mark your calendar now!!
Content Revamp Strategies Workshop This Thursday
Before I go live with Denise, I’ll be meeting live this Thursday morning with my DIY SEO peeps.
Last week in the DIY SEO course we started our Content Audit series.
We saw how to gather data into spreadsheets so we can start sorting it out into manageable chunks.
That way we can work on the quick things and knock them out.
This week we’ll be going deep into strategies for what to do with posts, and whether to:
- Delete
- Rework
- Republish
And we’ll talk about the pros and cons of each way too.
Then next week, we’ll cover how to actually do all of these things the right way, the first time, so you don’t cause SEO harm from them.
If you haven’t run your data yet, please do, as you’ll need it for the next workshop.
I’m picking up where I left off last year and will be revamping every article on my Helpful Posts page.
That’s a big job that will take me the rest of the year to do, as so many of those posts are tutorials, and so many of those have videos too.
It really doesn’t take very long for these things to go out of date, and it’s hurting my business to not be able to send folks to tutorials that are current with that thing’s interface or choices.
So, it’s most definitely a high priority for me this year.
That also includes the posts with case studies, like best plugins to use too for things like function, speed, and SEO as well.
Theme Speed Tests Underway
And I’m thrilled to share that new case studies are back on track too.
I have all 3 of my themes set up to start speed testing. They include the exact same layout on:
- Astra
- Genesis
- Divi
I’m really looking forward to getting those results published soon.
Elementor Help
I also want to check the speed of a landing page built with Elementor compared to one built with Gutenberg, and both on the same theme.
I put out a call to both my Webmasters and Site Audit Plus client asking if anyone had experience with Elementor to help me build that landing page.
No takers.
So, I’m appealing to my whole audience for help. That means you!!!
You don’t have to be an Elementor expert.
I just need some help getting over the learning curve so I don’t have to waste weeks on this just to run a speed test.
It will be a fairly simply landing page.
So, if you have any experience with Elementor, I’ll pay you to help me.
That includes maybe just sorting through a few of their templates and tweaking.
I’ll be using an Astra theme with Elementor, if that helps too.
That’s all the news from around here. Let’s jump into this week’s tips.
Speed Tips
Google Introduces Web Vitals
The other big news from the past week was Google introducing new ways of evaluating sites with their new Web Vitals.
Here’s the first sentence in their announcement on the Chromium blog.
“Optimizing for quality of user experience is key to the long-term success of any site on the web.”
Folks, pay super close attention to the key words in that statement.
The entire focus is about user experience.
The new Web Vitals Essential Metrics are Google’s automated way of measuring that user experience.
The Lighthouse tester is an open-source tester that has a LOT of info on it, including some things for user experience.
The Google PageSpeed Insights tester changed over a couple of years ago to be based on the Lighthouse tester. They just showed you the parts of that much bigger test that they considered the most important aspects of your site.
Recently, they changed that focus and the metrics they are including.
Some of those are more of the user experience metrics from Lighthouse.
And Google has dubbed them as Web Vital Essentials.
They include:
- Largest Contentful Paint (LCP), which is one of the speed metrics
- First Input Delay (FID), which is the time between load and when you can scroll
- Cumulative Layout Shift (CLS), which is basically visual stability so that what loads first stays steady and doesn’t shift
- Mobile-Friendly, which is pretty self-explanatory
Changes to WebPage Test
I actually started seeing these new metrics in WebPage Test about 3 weeks ago.
The dev who created WebPage Test actually went to work for Google a few years ago. I believe he still owns the tester outright, but he also has an inside scoop on what Google is looking at.
Hence, some of those tests show up in WPT sooner than they do in other testers.
In fact, GTMetrix just recently started testing with HTTP/2, which is what all HTTPS sites are delivered on. And Pingdom is nowhere near being a modern tester.
I’ll be going back to my Best Free Caching and Optimization Plugin case study and running the top 3 through the new tester metrics, just for comparison and how things are now weighted.
This will also help standardize testing across Lighthouse, GPSI, and WPT, which I am grateful for too.
Google Search Console Has New Core Web Vitals Tab
Google made a simultaneous announcement about all of this on the Webmaster Central Blog where they explained the new Core Web Vitals report in Search Console.
I’ll be going over the info in that tab this week and comparing to new test data to find all of the correlations.
I’ll be reporting these findings in depth to my DIY SEO course members as well as to my Webmaster Training for Designers members.
And, I’ll be making a summary post for the public.
So, give me a little time with this brand new thing that just came out and I’ll have the whole scoop for you as soon as I can.
Backup Tips
Leaving VaultPress for UpdraftPlus
In last week’s Tips Tuesday I reported on why you don’t want to even try Jetpack Backup.
One of my clients was on VaultPress and had super high CPU usage all day, every day. We contacted VaultPress and they said to try switching over to Jetpack Backup and we were never able to get that to work despite multiple support tickets.
I also reported that UpdraftPlus has made major improvements with hosting resource usage on larger sites. It used to simply choke trying to do a site over 5GB.
Well, not anymore!!!
It can now handle 10GB sites with no problem.
And the resource hit is only once a week instead of every day and still never causes a fault, at least at NameHero hosting.
So, I’m advising all clients who are using VaultPress to consider switching over to UpdraftPlus premium and storing their files at AS3.
You can read more on all of that in my UpdraftPlus and AS3 series of posts.
I’m very impressed with the improvements that UDP has made in the last year and now we have it as an option for large sites instead of just VaultPress, which doesn’t get everything you need to restore your site anyway.
The premium version of UDP does.
And if you ever do need to restore your site, you’ll be so happy for that!!!
Thank You for Supporting BlogAid
I did not charge my site audit client for all of the testing with these backups because that info helps me help you.
And now I have tested recommendations for you that are backed up by data.
So, if you get on the paid version of UpdraftPlus, I appreciate you using my affiliate link in that comparison post or on the Resources page as a way to support all of the free and helpful info you get here on BlogAid too!!!
Thank you to NameHero Support
I want to send another huge thank you to Josh at NameHero for his hero-level support on all of this backup hoohaa and monitoring the server logs so closely.
Through his help we were able to confirm the UDP tests on resources and know for sure that it will be fine on larger sites now.
I simply could not have done this without him looking deeply into the server logs, which is way above the call of duty for hosting support.
And I feel like I have a partner who is helping all of us site owners do better for our site speed and security too.
Move to Better Hosting
If you’re wanting to move to better hosting, thanks for using my affiliate link on the Resources page as a way to say thank you for all of the free and helpful info you get on BlogAid.
If you’d like help with your move, please contact me.
Wrap Up
That’s a wrap for this week’s Tips Tuesday.
Gimme some love!!
Share this post with all your blogger buddies to support all the free info and help you get on BlogAid – and help your buddies too!!
Get the BlogAid Tips Tuesday Podcast on iTunes or Stitcher
Subscribe to all BlogAid Posts via email so you never miss anything!
Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.
Except that LastPass isn’t really 100% safe either. I still remember the scandal when their database was hacked – back in 2015. Why should we trust any third party tools? What’s out there, connected to the internet, can be compromised.
It’s a shame that you don’t include GeneratePress in you theme test; I’d be very interested to know. Divi never looked tempting too me, despite the hype. If any of those builder themes I would choose X over Divi.
If you’re going to call something out, at least do your homework. NONE of the LastPass vault data was compromised in that hack. And it was the only security breach they have had in 10 years. See more here.
And yes, I would trust them with my passwords.
I chose the top 3 frameworks for my speed tests. GeneratePress is okay, and about as fast as Genesis, but they will likely be one of the first theme builders to drop off the planet when Phase 2 of Gutenberg hits later this year. So, I went with the ones that I believe most of my clients are using and to show why they need to be prepared to drop all them builders now.
I already give 3 months of non-billable hours to case studies. I can only afford to test what applies most to my clients.