Hello Happy Site Owners! This week I’ll be sharing my predictions and actionable tips on security, performance, SEO, and conversion and what it will take to run a successful site in 2015. They’re based on the trends I’ve been seeing all year and big changes I know are on the way faster than you may realize. So let’s dive in. Listen to the podcast.
I’m running a few year-end specials and you still have time to get in on them so you can write off the business investment on your 2014 taxes. They include:
- Site Audits – 3 new packages released
- Webmaster Training – Grand Opening Discount ends Jan 1
- WordPress | SEO | Genesis Video Library – starts with 30 videos for $1
- Membership Consults and Training – to help you make more money
For the site audits and membership consults, I normally invoice after, but am offering a pre-pay option so you can get it in on your 2014 taxes.
Okay, let’s jump right into the predictions and tips for 2015!
You knew I was going to start with this. Well, there’s a good reason for it.
We started 2014 with a massive DDoS attack that took down HostGator, BlueHost, and other major hosts on New Year’s Day.
And it went downhill from there.
In 2014, we suffered the largest sustained bot attack in history. And it’s not over yet. In fact, it’s getting worse.
By February, reports started coming in that Bot and Hacker Attacks were escalating rapidly. And I started creating more posts on what was happening and how to protect your site.
- Bot and Hacker Attacks are Escalating – Protect Your Site
- DDoS Attacks, Brute Force Attacks, and Site Security
- How Site Performance and Security Work Together
- 900 Botnets Ready to Attack Sites
- Disable XML-RPC in WordPress to Prevent DDoS Attack
- One Hacker Disables HootSuite in DoS Attack
- New XML-RPC Brute Force Attack
- The Great Bot Attack of 2014 and What to Do About it
- Real Site Security Goes Beyond Your Site
- WordPress XSS Cross Site Scripting Vulnerability Hits Plugins
- SoakSoak Malware Attack Reality Check
My entire business had to shift to accommodate the severe spike in security threats to sites.
And it’s about to get personal.
Security Action Steps – Secure Everything
The sustained DDoS attack was a mask for the hack attacks where all manner of personal information was stolen. By the fall, hackers started using that info to gain access to popular services and steal money and more personal info. They include Target, Home Depot, Amazon, Wal-Mart and more.
Here’s what you need to do.
- Backup – be sure you have a solid backup strategy for your site and all devices with data connected to the internet, and that you know how to restore them.
- Brute Force Protection – keep hackers from coming through the front door by giving them unlimited attempts to break your login. There are super light-weight plugins for your site (Login Lockdown is my fave) and 2-step authentication for many other products. Set tighten up login security for your phone and other personal devices.
- Use super strong passwords – my fave is PasswordGenerator.net
- Rotate your passwords annually – Get LastPass or OnePass or another service to make this easy
- STOP USING THE SAME EMAIL/PASSWORD COMBO EVERYWHERE!!!!! Seriously!!! This is the #1 way you make it easy for hackers to gain access to your online accounts. When they steal it from one, they’ve got it for all.
- Get over your false sense of security – so you installed a security plugin. Did you configure it? Do you check it? Is it eating up your system resources? How many security updates has it had this year? I don’t use any of those behemoth plugins for one reason – they don’t work well. Want more reasons? They introduce their own security and performance issues.
- Get a Site Audit – a real one – that checks your whole account too. Most of the security issues are there, not on the site. Things like abandoned sites, and no security in htaccess and other root files outside of WordPress. I find 26 security holes on average that no scanner can detect.
- Update all accounts – including your personal accounts like cell phone, wifi router, Xbox, smart TV apps, Craigslist, everything. These are the next big targets. They belong to the Internet of Things (IoT).
- Watch this DDoS and Cybersecurity – HOA hosted by Black Lotus where I was interviewed. It puts the whole situation in layman’s terms so you can really understand why you MUST GET SERIOUS about cybersecurity – now!
I don’t think we’re going to make it through March before something huge is going to hit. And I’ll be delighted to be wrong on this prediction and you be safe. But I don’t think I am.
Running a lean site is the new black.
The severe bot attacks of 2014 have brought to surface the weaknesses of sites, hosting services, and the hubs that all internet traffic runs through.
If you’ve been running your site for a while and trying every new shiny thing the gurus say you need to have, I guarantee that your site security and performance are both in danger now.
Hosts have lowered the ceiling on account resource usage in an effort to strongly encourage site owners to pay attention to just how bloated and unsecured their sites are.
More and more site owners are hitting the resource limits every day. And the host has to cut off site availability until the overages cease.
What that means is:
- Visitors cannot see your site during blackout limit cycles
- Your hosting account can be terminated if you don’t fix the issue
- You won’t always see the notices from the host that your account is in trouble. It’s up to you to check.
Some hosts are better than others about notifying site owners that the account is in trouble. Those are the ones that send emails out. But far too many hosts do no such thing. They expect you to log into your hosting control panel and see the problem for yourself.
I’m betting many of you don’t even know what your hosting control panel log in is anymore.
Ignorance is no longer an excuse or bliss.
Most of my Site Audit clients are shocked at how bad off their site and hosting accounts are. They had no idea. The reports I send out are full of screen shots that they could have checked themselves at any time. I’m not using any special tools for that part of the audit.
The main reason site owners don’t check their hosting account is because they don’t understand what they are seeing. Most of the live chat time after a site audit is to educate the client on what is meaningful in the reports. Those numbers and charts stop looking like a bunch of geek speak and start looking like a plan of action.
File Size Overages – performance is not just about speed, it’s also about size. Most of the sites I see during audits have tons of bloat.
3GB – that’s how much junk I take out of sites regularly.
There’s a limit to how many files you’re allowed to have in your account, regardless of size.
They’re called inode connections.
Here’s what causes all of that bloat and what can get your hosting account terminated:
- Old emails – while it’s convenient, and free, to run your emails through your hosting because of the way domains work, it’s getting to be a bad idea on many levels. It unnecessarily takes up room on your host, is a spam filtering problem, and is usually not set up to be secure, meaning that it is prone to man-in-the-middle spy attacks. And, it’s a real issue if you want to change hosts. You’re limited to a cPanel migration to bring over emails too.
Performance Action Steps – Trim Down Everything
Following are real steps that you can take that will have real results in improving your site’s performance.
- Get a Site Audit – a real one – that checks your plugins for performance drains, conflicts, and requests in and out of your site. Plus, checks your image optimization, bot hits that are chewing up resources, and more.
- Make a Plugins List – do you even know what plugins you’re using where on your site? Have you checked the ROI on those plugins? Are they just a resource drain or are you getting real benefit from them? And can you prove that? Get data to backup your claim, not 2 year old advice from a guru that’s no longer true.
- Move your emails – consider getting a Gmail account, or better, a Google Apps account, and running your emails through POP or IMAP so you can still use your @mydomainname for them.
- Remove orphaned files, folders, and database tables – I see this A LOT during site audits. Just because you delete a plugin from your plugins list doesn’t mean it’s gone. Far from it. Many plugins leave behind folders and files and database tables that are now orphaned. Database cleaners don’t touch them either.
- Turn off logs – several popular plugins come with logs turned on by default. Unless you’re actually making use of them, turn them off. The worst offenders are those behemoth security plugins (no webmaster worth their salt ever use them), and link related plugins like redirects and link cloaks.
- Turn off outside sources – Most forward-facing plugins bring in info from the outside to your site. These mainly include social media related plugins that show your latest posts on those platforms, share counts, and more. Everything that comes from outside your site is an open-door invitation to hackers and can put a significant resource and performance drain on your site. Unless you’re in the business of social media and can prove they have ROI, get rid of them.
All of these things affect site speed and that affects ranking.
If your site is not quick on the draw, you’re losing visitors. And that affects your bottom line.
Your site should be your 24/7/365 sales partner.
If you’re not converting, you’re leaving money on the table. Or worse, you’re giving it to your competition.
Conversion comes in many forms, including:
- Newsletter and blog post via email opt-in
- Social media shares and follows
- YouTube and podcast subscriptions
- Entry-level offers (low-cost, get a taste products)
You don’t have because you don’t ask. That’s really what it all comes down to. There are lots of places on your site, and off your site, to ask for more conversions.
Be careful with pop-ups. In late 2014, Google decided it didn’t like pop-up opt-in boxes that kept it from fully indexing site pages.
Missing upsell opportunities – this is particularly problematic on membership sites. There’s one level and nowhere else for members to go, and perhaps no reason to stay.
Conversion Action Steps – More is Better
Here are just a few of the steps you can take for more conversion in 2015.
- Author Resource Box – if you don’t have one, get one. Besides telling a little bit about the person who wrote the post, author resource boxes are super places to put links to your opt-in and social media offers.
- Subtle Pop Ups – get over how you feel about pop-ups. They work. Most of us in the industry get tired of them. Most site visitors do not. Your site is for your visitors. But, you need to find more subtle ways of doing them that don’t block Google bots indexing your pages. Try one in the header or footer or a scroll triggered one.
- Ask – most folks forget to even ask. ALWAYS ASK. Folks are lazy when it comes to online surfing. Suggestions and prodding go a long way toward getting them to take action.
- Ask, ask, ask, and ask some more – if you put the same conversion point on a single page ten times, you’ll be lucky if folks see it twice. No kidding. All of those links only build up in your mind as too many. Put links in the content, in the sidebar, in the pop-up, in the author resource box, in your free downloads, and anywhere else you can think of. Ask folks to share your post right on the post. Thank folks who do share your posts.
- Make an intro offer – it can be as simple as a “10 Tips for Better Whatever” free download that leads to a paid offer. It’s called a sales funnel. Learn how it works. Then promote the beegeebees out of the free or low-cost offer. A foot in the door opens it to more.
Google has always moved the cheese, and often. And we race through the maze trying to get it. What Google has done a lot of in 2014 is shut down the holes in the maze that let cheaters and spammers get ahead.
See how up to date your SEO knowledge is:
- If you don’t know what semantic search is and how to use it, then you’re two years behind Google.
- If your site is not mobile optimized, you will be penalized. (This does not necessarily mean fully responsive, as there are 3 types of mobile designs.)
- If you’re using spun content, you will be penalized, heavily.
- If you’re scared of duplicate content penalties, you may be missing tons of shares and conversion on some social media sites.
- If you don’t know which social media sites have SEO components, you can’t make the most of them to boost your overall online footprint.
- If you never hooked up Authorship, and verified your other social media accounts and your site with it, and think it’s now dead because your happy face doesn’t show next to your posts in SERPs, you’re not keeping up with the latest guidelines. (You’re really super behind if you don’t know the difference in authorship and publishership.)
- If you’re relying solely on social and relationship marketing, or staying within your podcast or video world, you’re really missing the boat on visits and conversions, subscriptions, and money.
- If you haven’t verified your site with Google Webmaster Tools or taken a look at your Google Analytics, then you have no idea how much trouble your site may be in, or all the super things that are working best for you so you can do more.
And that’s the short list of SEO stuff you want to get up to speed on.
Why? Because it will impact your bottom line in every way. How would you like 100x more visitors? How does 10x more business from all those visitors sound? That’s why.
SEO Action Steps – Get with the program
Following are just a few of the steps you can take today to improve your SEO standing.
- On page SEO – there are 11 levels of SEO to be had, and easily, on every post you write. I get to the front page of Google over and over doing just these 11 consistently.
- No plugin magic bullets – the WordPress SEO plugin by Yoast wipes the floor with everything else out there, IMO. But it has to be configured, and then optimized for your site needs. You can’t just install it.
- HTML5 compliant theme – WordPress has been supporting HTML5 and semantic markup (microdata) for some time now. But, your theme has to support it too for it to work. Read my Microdata and Genesis Series for more.
- Verify your site on Google Webmaster Tools – and submit an XML sitemap. There’s a TON of valuable information you trade back and forth with Google about your site via this tool.
- Setup and check Google Analytics – if you don’t know what’s working and what’s not, you’re shooting I the dark with every post you write. Get the feedback and get on the fast track.
- Think beyond the podcast – podcasting seems to be a very insular way of getting the word out about what you do. For serious podcasters, their site is an after-thought instead of the hub of their online activity. Google can’t index audio. Put some show notes with key points on your blog. Write meaningful titles, not Podcast #208. Promote that post on social media.
The worst thing you can do for SEO is nothing. Start somewhere and work your way through the list of tips.
That’s a wrap for this week’s Tips Tuesday. If you’re listening on the podcast, be sure to jump over to the post with full show notes and links, and any news that may have broken after the podcast was recorded on Monday.
And thanks so much for giving this podcast a big star rating on iTunes, and please leave a review and let me know what you think of the show. I really appreciate it. And do drop by and say hey over on my Google+ page too. That’s where I hang out. Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.