Have you had your electronic ID stolen?

In other words, have you been pwned*. There have been millions of email addresses and passwords stolen in hack attacks and millions more that have been left exposed by incompetent website owners. However, it’s not just your email address that’s been stolen, your name will have gone with it, possibly your address and maybe even credit card (and other) data.

The stolen information is then made available for sale on the dark web and here’s a sample of the prices it can fetch

  • Credit/debit card number – $5-$11
  • With the CVV (3 digit) security code – + $5
  • “Fullz” (card, CVV, name, address, date of birth etc.) – $30
  • Bank account access – 10% of the credit balance in the account
  • Online Payment Services, such as PayPal – $20-$200

But how do you know whether your information is “out there” just waiting to be abused by cyber criminals? Well, I don’t know but I know a man who does, and he’s set up a rather useful website

Have I been Pwned?

There’s a website called Have I Been Pwned. This has been created by Troy Hunt, a Microsoft Regional Director & MVP (Microsoft Most Valuable Person for developer security). After data from a major cyber incident was “found” on the Dark Web Troy decided to put a database together – in his own time & at his own cost – as a way of allowing people to check whether their data was amongst stolen information and to “keep his hand in” from a programming perspective.

The site is now a comprehensive source of information about data hacks and data loss and is simple to use. All you have to do is enter your email address to see whether you have been “pwned”

And if you have been, as shown in the image above, it will also tell you which data breach (breaches) your email address has been found in.

Not every data breach leads to passwords being available. Some databases have encrypted passwords, making them worthless to the cyber criminal. However, many don’t and, like email addresses, there are millions (over 550) of passwords available on the Dark Web.

As he’s done with email addresses, Troy has now gathered all the stolen passwords that he can find and has created another searchable database dedicated to stolen passwords.

So, why is it so important to know whether your passwords are available to cyber criminals?

At this point, all the criminals have is a list of emails and and another list of passwords. They may not know which ones go together and they also don’t know which websites these email addresses and passwords relate to.

But, from our perspective, there’s a significant weakness. This comes in to play because a lot of people use the same password for many websites simply because it’s easier to remember one password than many. This use of the same password makes things a lot easier for the cyber criminals to put our data to fraudulent use.

Let’s say, for example, that the criminals target Amazon. You might have your credit card details already stored against your account so if a cyber criminal can gain access, all they have to do is change a delivery address and Bob’s their uncle.

They’ll use a “Credential Stuffing Attack” which means that they’ll load all the email addresses in to one database and the passwords in to another and start the attack. First they pick their target (Amazon in my example) and use software that will add an email address to the log-in box. They’ll then turn to different software to try all the passwords in the password database to see whether there’s a match. And once they’ve tried one email address they’ll automatically move on the next one. Once they’ve tried all combinations, and flagged those that work, they’ll move on to another site.

This sounds like a long, slow process but they’ll probably use a “Botnet” – a network of tens, hundreds or possibly thousands of hacked computers around the world that they have control over.

So, you should check “Have I Been Pwned” for both email addresses and passwords and if you’ve got a compromised password you should find the sites you use it on and change it – remembering to use a different one for each site.

Top 10 Passwords of 1018

Different, not similar – Password, PassWord, PAssword1960 and Pa55W0rd are NOT different to a cyber criminal. Criminals will also use these, and other variants of the world’s most popular passwords (2018’s shown in the image to the right) in their attempts to hack your accounts.

If you are concerned about your digital security, or need some help with your website, SEO or anything else online then just drop me an email, andy@enterprise-oms.co.uk , or give me a call on 01793 238020 for a free, no obligation conversation about your requirements

*Pwned – When a map designer in the online game called Warcraft beat another player he wanted to say “Player x has been owned”. Unfortunately, he mis-typed and actually said “Played x has been Pwned”. This is now a “thing”

Worries with WordPress and what happens if you don’t keep up with updates

WordPress LogoYou might have a website that’s been build using WordPress. No one will blame you, after all it’s free and has become probably the most used Content Management Systems (CMS) out there. In fact, in 2018 around one third of all websites were built on WordPress.

You might have built the site yourself or paid a developer to design and build it for you. You might not even know that your site has been built using WordPress.

It’s popular because it’s free and pretty easy to use – well it is when compared to some of the alternatives out there anyway. Although popular and free, it may not be the best and although it It is OK it does have a number of issues.

WordPress Editing screenBecause it’s so popular it’s become a top target for hackers. This means that the people behind WordPress have to be on their toes, always on the lookout for weaknesses & flaws that the hackers can exploit to break into a website and create mayhem. When the WordPress developers come across such a flaw they create a patch and release a new version of WordPress. As an example, the current version is 4.7. However within the next couple of weeks there will probably be a new version. 4.7.1 and then 4.7.2 and so on and so on and so on, releasing updates as and when flaws are discovered.

You and your web developer need to be on top of this by making sure that you’re running the latest version of WordPress. The newer versions, if setup properly, should update themselves automatically but you need to keep an eye on things just in case. Older versions had to updated manually, by clicking the ‘Update Now’ link so it all seems pretty straightforward. But it’s not!

Why things may not be as easy as they seem

WordPress MenuMost websites using WordPress use a number of Plug-Ins, small pieces of software that add extra functionality to the website and make it easier to manage. However, you need to exercise caution when updating – especially if you use a lot of plugins to manage different elements of your site because some of the plug-ins may not have been updated to work with the latest version of WordPress. This means that hitting the WordPress Update link might cause a plugin to stop working and this could break your website.

But what happens if you don’t update WordPress?

Well, you might find that your website gets hacked and will start to do things that you would’t want to be associated with. It could start to download malware to the computers of all the people who visit your site – siftwre that could monitor their keystrokes and pass banking details back to criminals in Eastern Europe or China, for example.

Or you could find – as one news website found out to their embarrassment – a lot of unsavoury spam being inserted into the first paragraph of every news story on their website.

Hacked WordPress pageHow did this happen?
The company were very lax – their site was built using WordPress and was last updated in June 2012. Since then, there have been 114 updates to WordPress, some to improve performance and some to improve security.

By failing to keep up to date this gave the hackers and “easy in”. The hackers were able to use automated tools to find websites using WordPress and to find out which version was being used. From there, it would have been simple for the hackers to target a known weak spot and break in. From there, it would have been the work of moments to install their own spammy code.

What should the website do?
It’s easy to cure – all they have to do is identify and delete the malicious software and then update to the latest version of WordPress, although they are so behind with their updates that they might find their site gets broken by the update so they might be caught between a rock and a hard place.

If you are worried about WordPress, then don’t hesitate to get in touch. Give me a call on 01793 238020 or drop an email to andy@enterprise-oms.co.uk for a free, confidential and obligation free chat.

The Deep Web and Dark Web. What are they?

The Deep Dark Web

The “Dark Web” has been in the press frequently over the past couple of years, associated with tales of hacking, the sale of personal information, credit card data, drugs, weapons and other illicit items. However,  there’s been very little by way of explanation as to what the dark web is and how you go there and this item looks to answer that, purely for research purposes of course.

A number of news stories have also referred to the “Deep Web” which has lead to a degree of confusion, as if the media consider the two to be interchangeable.

So, just to clear up any confusion here’s an explanation of the differences between the Deep and the Dark Web.

Let’s start at the top

The “Surface Web” is the web we all know and love, the websites we visit and the sites/pages that we find using Google/Bing/Yahoo and other search engines. And there’s the key, it’s only the parts of the internet that the search engines know about.

Just visit any website and click a few links, you’ll be doing the same thing that the search engines do, visiting websites and following links to find pages that they can present to you when you’re looking for things.

What is The Deep Web

Simply put, the Deep Web is just the area of the internet that is beyond the reach of the major search engines.

As an example, just go to www.britishairways.com and try to find a holiday to the Nautic Hotel between 7th and 14th October in Mallorca without using the search facilities.

It’s not that easy, in fact it you might find it confusing/difficult/impossible. You’re not alone, the search engines do to because they can’t get much further down than the first 3-4 layers. At least this is getting better because Google, Bing and the like are always looking to improve the way they manage such challenges but it’s still a struggle for them.

Websites can use code, called robots.txt, to actually block the search engines from certain pages so that they are difficult to find, deliberately. Websites with members only pages may choose to do this, for example.

As you can see, the Deep Web is neither illicit nor scary, it’s just out of reach of the major search engines.

What is the Dark Web

This is where things get really interesting. The Dark Web is a small portion of the web that is intentionally hidden and encrypted and which cannot be accessed through your typical web browser.

To access the Dark Web you need a specialised web browser that enables you to tap into the the TOR network. TOR, short for ‘The Onion Router’, so called because it uses many layers to both encrypt the data that moves around and to make it almost impossible for the authorities to trace internet activity back to a particular user and location. Great for security and anonymity which is why TOR was originally designed by US Intelligence agencies to enable American spies to securely communicate with their parent organisation and not reveal their location and identity.

The code was officially released to the public in 2004, and it’s still used by human rights groups and the like in repressive and unsafe countries to communicate with the outside world, but like almost everything it has also been subverted by those with criminal tendencies and put to a darker use.

You might recall that a couple of years ago the media was full of stories about a Dark Web website called Silk Road. This was like an eBay for criminals, a place where you could buy illegal items such as drugs & weapons and engage criminals to carry out illegal activities on your behalf, hacking for example.

The Silk Road was eventually closed down by the authorities but similar sites still exist if you know where to look and how to access them.

The first step is to download the TOR software, it’s free and pretty easy to find. However there’s no Dark Web version of Google – you have to know your way around if you want to find the illegal stuff – I don’t and wouldn’t broadcast it even if I did know.

I may not be able to help with your journey to the Dark Web but if your Surface Web needs improving or your Deep Web needs surfacing to make it easy to find, then get in touch, andy@enterprise-oms.co.uk or give me a call- 01793 238020 and I’ll dive in and see what I can do.

4 plug-ins every WordPress site should have

WordPress Logo

A Content Management Systems (CMS) is a tool that business owners, web developers and others use to build their websites. There are loads to choose from, depending on your specific requirements, and WordPress, Joomla, Drupal, Magento, Umbraco, Squarespace, and Wix are some of the most popular.

If your website uses WordPress(WP) then you find yourself in good company. It’s by far and away the most popular CMS, being used by 32% of all websites. WordPress is popular for a number of reasons, the software is free (but you’ll still need hosting that will cost), it’s pretty easy to use and there are thousands of “themes” (designs and templates) that you can use to define the way your website looks and many of them are free to use. There’s lots of places you can turn to for advice and support and lots of professional developers who can customise your site so that is does exactly what you need.

Customising WordPress

WordPress is not perfect though, it may not do everything that you need. However, it’s an open system which means that if you understand how to write software you can create your own enhancements. You don’t even need to be a software developer to benefit. Somebody, somewhere has probably already had a similar need to yours and written something to do the job. Thousands of people have created additional enhancements and have made their tools available to everyone. These enhancements are called plug-ins. A lot are free whilst others require a payment, although the majority of these are inexpensive.

Plug-Ins

The downside to plug-ins is that each one you use makes your website run a little slower, and with Google beginning to penalise slow sites the speed of your website is something you need to keep an eye on. This means that you shouldn’t just keep adding plug-ins. You should make your choice, install your plug-in, give it a test and if it doesn’t do what you need then uninstall it.

Example of WordPress Menu

Not only should you keep your plug-in count to a minimum but each plug-in MUST be kept up to date. The authors regularly update them, some updates patch security flaws, some improve performance and/or add extra functionality and some updates are required to make sure the plug-in runs with the latest upgrades to WordPress itself – so you need to be regularly checking, unless you have a program that monitors then for you. Best case scenario is that nothing happens, worst case scenarios are that the unpatched plug-in breaks your website or a security hole lets a hacker in .

Three Ss and a B

Security, Speed, Search Engine Optimisation (SEO) & Back-up

Security

WordPress Plug-in Menu

Your WordPress site needs to be secure so that hackers can’t break in and do their hacking thing. Which could be to use your website host malicious software and force it on the computers of all that visit. They might create pages with links to their web pages, or look to capture details identifying visitors to your site. Thankfully, there’s a plug-in that will fortify your WordPress website against attack.

Speed

Your website has to be fast. To stop people drifting away, your pages need to open within 3 seconds. Slower that that and people will not wait. Slower than that and Google may start to penalise your site by pushing it down in their search results pages. There’s a plug-in that will keep WordPress running as fast as possible.

Search Engine Optimisation

In order for your customers to be able to find you in Google (or Bing, or Yahoo or one of the other search engines) the search engines have to be able to understand what it is your website is offering. The discipline that enables the search engines to understand your website and hopefully put your site on Page 1 of the results is called Search Engine Optimisation. There’s a plug-in that makes it easy to search optimize your site – so long as you know what you are doing.

Back-up

Hopefully you regularly back-up your business data. Well, you also should be backing up your website too. If you make an editing mistake and break your site, you can restore a working version, if something else breaks your website then you can restore a working version and if you have a problem with your host then a back-up will make it relatively easy to move your site to a new host. Guess what, there’s a plug-in for that too

So, which are the best plug-ins to use?

I can’t tell you that because there are thousands of the things but I can tell you which are the first ones that I install and configure on every WP website that I work with, in my mind they are essential and should be installed before you even think about developing your WP website

4 free plug-ins every WordPress site should have

WordFence for security

WordFence is a security enhancer. It is an “endpoint” firewall which means it cannot be bypassed, unlike a Cloud Firewall. This means that everybody trying to access the admin area of your site (both you as the site admin and the bad guys – the hackers) have to get past WordFence first.

It defends against “brute force” attacks, where a hacker attempts to guess usernames and passwords and after a certain number of failed attempts (you set the limit) it blocks the attacker, effectively making your website invisible to them. WordFence keeps a blacklist of known hackers (by their IP address) and automatically blocks them. WordFence also sends you an email when one of your plug-ins requires updating, making plug-in management a whole lot easier.

It scans your WP files for malicious software and if you need even more functionality (most users won’t) then the Premium version is just $99

Learn more about WordFence

Updraft Plus – for back-ups

Updraft Plus is a back-up plugin for WP. Now that you have secured your site from external threats you should look to guard yourself from internal problems, accidentally deleted pages, server/host issues, and (in the unlikely event of an intrusion) issues caused by hacking and penetration. It could even be something as simple as a WP, or plug-in, upgrade that breaks your site

To do this you need to be making regular back-ups of your WP installation and your content. Updraft Plus will do this for you. You can set a schedule so if you want an automatic hourly, daily, weekly back-up you just set the plug-in and it does the rest. You can even save your back-up to your Google, Microsoft or one of many other Cloud accounts,

Should you need to restore your WP site, Updraft Plus makes this easy too.

Find out more about Updraft Plus

WP-Rocket – for speed

WP-Rocket is the only plug-in on this list that doesn’t have a free version. However, the cost for a single site won’t break the bank at just $39.

What WP-Rocket will do for your website is make it faster to open on a visitors computer.It uses a number of tools to achieve this. It compresses your site for faster transmission across the internet, it manages images so that the only images downloaded are those that are visible on screen, if allows a web browser to cache key elements of your site so that they don’t have to be reloaded every time a visitor navigates to a different page. You can see everything that WP-Rocket does here.

Yoast – for SEO

In order to stand a chance of being found on the internet, your website needs to be “Search Friendly” which means that Google, Bing, Yahoo, Duck Duck Go etc can find your site, visit all the important pages, understand what’s on offer and (hopefully) put your site on the first page of the search results when someone is looking for your products, goods or services.

However, WordPress doesn’t make it easy and this is where the YOAST plug-in comes in to play. As long as you understand the requirements for effective SEO then the YOAST plug-in makes it easy to implement key SEO requirements.

Find out more about YOAST

So, there you have it, four essential plug-ins for your website before you start working on the design, the look, the feel and your content and if you need more help with your website, no matter what CMS you are using, your SEO or digital marketing then all you have to do is pick up the phone and give me a call on 01793 238020 or send andy@enterprise-oms.co.uk an email

How long does SEO take?

Hourglass - representing the time that SEO takesSEO, easy isn’t it. Write some content, mess with the Meta Tags, get your image names and Alt Tags right and Bob’s your uncle, right? Instant SEO love from google and a rush up the search engine results pages (SERPs)

Wrong………SEO takes time. Despite the amount of technology and artificial intelligence devoted to managing Google’s (other search engines are available) search results it actually takes some time for your changes to search to actually take effect.

If you are not familiar with key SEO terminology then pop across to my SEO Glossary

But how long does it actually take?

Google certainly isn’t telling but a number of people have carried numerous experiments and a number of conclusions have been reached.

The first is an answer that you don’t want to hear – “it depends”. And it depends on so many things, more than 200 according to Google.

Like everything, SEO should be planned and can be broken down into a number of phases, the first of which is

Research and Discovery

Audit your website to see what needs to be done, have a look at your competitors, think of the ways that people might be looking for the things you do.

CalendarImplementation

The next step is to take the results of your research and start to build it in to your website. The “Technical SEO”. You should be auditing your back-links to make sure that they are of a high enough quality

Next up you need to start creating new content. Writing blog posts, creating FAQs, writing white papers etc. You should be sharing these through your Social Media channels, email campaigns etc.

By month four you should begin to see some improvement in your position in the search results – an indication that your work is paying off – but don’t stop.

Management and Tracking

You should be paying attention to Google Analytics to see how much traffic is visiting your site and how many leads, sales, enquiries are being made. If traffic has increased but actions haven’t then you are either reaching the wrong people, sending the wrong message or your site is not working particularly well. Now is the time to look at all of the issues and put resolutions in place.

Continue with your content creation. Too many companies opt out of SEO after 3-4 months because they don’t feel that it’s working for them. The reality is that their SEO may only just be getting going. A time frame of 6 months to a year is where you should be aiming. SEO is not a sprint, it’s a marathon. The more you work at it, the better things will get but the marathon never ends.

But remember

It’s no good being number 1 in the search results if your website isn’t playing its part in the role and converting those visits in to leads, enquiries or sales.

Not only that but SEO is just part of your marketing mix, you also need to be effective with your Social Media, email and Video marketing and everything else that you do to promote your products, services and your brand.

And if you need some help with any aspect of your SEO, from a site review to a full package just get in touch for a free, no obligation conversation and we’ll see where it takes us.

If you need help with your search engine optimisation (SEO), your website or anything else to do with your marketing all you have to do is pick up the phone and give me a call on 01793 238020 or send andy@enterprise-oms.co.uk an email

Posted in SEO

Chromebook diaries – Should you buy a Chromebook?

Dell Chromebook, a viable Windows alternativeIn July 2014 I bought a new laptop. It wasn’t a Windows device, nor an Apple Macbook- it was a Chromebook. Having been a business/power user of Windows since the mid-90s it was a major leap. Although it was less of a leap than it might seem because I  still kept my main PC in the office for most of my work, my laptop being used for working away from the office, making presentations, delivering coaching and use at home.

I wrote a number of posts on the subject,

So, as the end of 2018 approaches, and my Chromebook is 4.5 years old – how has it been?

Well, 1st off, it’s the longest time I’ve ever kept a laptop.

From a software perspective, it’s totally up to date, still receiving automatic updates from Google central and, what’s more, unlike every one of my previous Windows laptops, performance has not fallen off. I can still open more than 10 tabs in my browser without any slowing down. I can access all of the Google Docs suite for word-processing, spreadsheeting and presenting, I can use Office 365 in the cloud for MS Word, Excel and PowerPoint, still read the news, play a few games and do whatever I need to do.

The only thing that has slipped is battery life. I reckon it’s down to about 4.5 to 5 hours now so I cant go a full day anymore. However, that’s a battery issue, endemic to all devices and a simple battery swap would soon restore the status quo

Do I need a new laptop yet?
No.

Would I like a new laptop?
Of course, I’m a techie and a geek and we thrive on new stuff but it’s not a priority.

When it comes to a change, what would I do?
Now, that’s a tough question. I still use Windows in the office and still have a need to work when out and about so nothing has changed in that respect. There are many more lightweight Windows laptops around with long battery lives but to get any decent performance the price is still too high. Way beyond any value that I would obtain so, when it’s time it’ll be another Chromebook although I would go for one with a higher resolution screen. And that’s it – that’s all that I’d ask for.

And if you need any help with technology, websites, SEO or marketing all you have to do is pick up the phone and give me a call on 01793 238020 or send andy@enterprise-oms.co.uk an email for a free, zero obligation chat about your needs.

How many words is enough?

A lot of you will know that I keep my finger on the pulse of SEO, it is what I do 60% of the time, after all.

I always push the need for “fresh content” on website because it’s well known that it really helps with your SEO. However, I am often asked how long a blog post or web page should be.

Graph showing Total Word Count Vs Google PositionIf you search on Google for the answer, you’ll find that people are recommending 1,000 to 2,000 words as the minimum for “optimum SEO” and in a recent post Backlinko quote research that indicates that the average piece of content that ranks on Page 1 of Google contains 1,890 words.

However, just because you can write the magic amount of words doesn’t mean your post will gain a P1 ranking and here’s why.

There are over 440m blogs across the internet but if you take Medium and Tumblr in to account then there must be over 1 billion blogs and with billions of searches conducted every day, and thousands of new updates posted everyday, there’s an awful lot of competition so, how do you win the content war?

First off, throw away the word count target.
Why?

Because if I tell you to write 1,890 words you’ll aim to do precisely that and a short update will be padded and padded with unnecessary filler which means that even if it does rank – people just won’t read it. On the other hand if you need 3,000 words to do a subject justice you’ll edit it so heavily that it just won’t wont make sense. So here’s my first tip.

Tip 1 – make your content as long as it needs to be
Obviously, from an SEO perspective, the longer it is, but you also need to write really well to maintain reader engagement.

Tip 2 – Be Original & Ride The Wave
Sounds contradictory I know but If you piggyback on a news article you’ll simply be one of many “me too” writers, so use your knowledge, skill and experience to approach a topic from a different angle. Tools such as UberSuggest, BuzzSumo and Google Trends will help you find popular topics to use your skills and experience on.

Tip 3 – Ask your readers
You could use Social Media and Survey Monkey to actually ask your readers what they would like to know about. I know, daring isn’t it!

Tip 4 – get writing
Remember, once you have written something, find some relevant images to illustrate your message and then re-read what you have written to make sure it makes sense. Use tools such as the Hemmingway App and Read Able to ensure readability (aim for a reading age of around 12-13) and then, finally, read it out loud to yourself. If you read in your head, you’ll read what you think yo have written but by reading out loud your brain has to analyse every word and translate the visual signal in to an audio signal and you’ll frequently find yourself thinking “I’d never say things like that” and every time to reach that point then go back to the edit screen and revise.

All that I would like to add is a hearty “good luck and good writing” and if you need any help with your content just get in touch – andy@enterprise-oms.co.uk or 01793 238020 for a no-fee, obligation free chat.

Oh, and how long is this article? It’s just 568 words

And if you need any help with technology, websites, SEO or marketing all you have to do is pick up the phone and give me a call on 01793 238020 or send andy@enterprise-oms.co.uk an email for a free, zero obligation chat about your needs.

What information do I have to publish on my website?

Andy, checking out websites as part of his workAs you might imagine, I spend quite a lot of time looking at websites. I look at client sites to see what can be improved, I look at potential client sites to put bids and proposals together and I look for sites that I can prospect to. I also look at other sites to keep my knowledge up to date – and that’s just during the working day.

I see good sites, OK sites, indifferent sites and some real shockers but it does not matter how good (or how poor) the site, whether pennies, pounds or thousands was spent on the development loads miss out on the provision of basic information. A lot of which is a legal requirement when a business is using a website to promote themselves.

As an example, a lot of businesses provide a web form as a means of communication despite the fact that a lot of people don’t like forms – especially ones that ask for too much information. Part of the dislike is due to the fact that sending a form leaves no record of what was sent, nor when it was sent, unless it automatically forwards a copy to the senders email address but there’s no way to know this – until you’ve sent the form (unless the form actually informs you of this)

Gavel - representing a legal requirementThere was a piece of legislation passed in 2002 called the eCommerce Regulations that applied to ALL companies using the internet, not just those selling online and perhaps that’s why a lot of businesses don’t comply. Either that or it’s simply a lack of knowledge either within the organisation or by the web developer. Either way, ignorance of the law is no excuse – as the law says.

So, what does the law require you to publish in an “easily, permanently and directly available location” on your website?

Minimum information to be provided on your website

  • The name of your business, which might be different from the trading name and any difference MUST be explained. For example, ABC.co, is the trading name of ABC Enterprises Ltd.
  • The geographic address of the business must be provided
  • Your email address. A “Contact us” form without providing an email address is not sufficient
  • Your Company Registration Number, if yours is a Registered business, together with the place of registration
  • Your VAT Registration Number, if you are VAT registered
  • If you are subject to an overseeing body, such as the FCA, then you need to provide the governing agency AND your registration number.
  • Prices – if you are quoting prices (or selling) online your pricing should be clear, unambiguous and state whether prices are inclusive of tax and delivery costs, or not.

If you need help with compliance, or with anything else relating to your website or marketing activities then give me a call for an initial, free and zero obligation chat on 01793 238020 or email andy@enterprise-oms.co.uk

How much should you budget for SEO services?

How much does SEO cost?

Person looking confusedThe real answer is “how long is a piece of string” but you don’t want to hear that, you want to nail down your costs so that you can shop around and get the best deal for your business – note that I did not say “cheapest”

The first problem is that every SEO requirement is different, there are many variables that impact on the amount of work required and here’s a small selection;

    • How up to date is your website?
    • How SEO “friendly” is your web design?
    • How fast do you need SEO to take effect?
    • How does your site compare to the competition?
    • How many competitors do you have?
    • How well optimised are their sites?
    • What’s their likely budget?

This latter is not about understanding their absolute spend, more about an overview based on the simple fact that the larger the competitor the more likely that they will have a greater budget than you.

Good, Cheap, Fast. Yoou can have any 2 but not all 3Looking at the Quality, Fast, Cheap Venn, you’ll see that you can have

  • Cheap & Fast
  • Fast & Good
  • Cheap & Good

but you can’t have Cheap, Fast AND Good, it’s just not possible

In reality, it’s not about how “good” your SEO is, it just has to be better than the competition. I’ve worked with a couple of businesses where the competition was clueless about SEO so it was a relatively simple task to push them higher in the rankings but most businesses these days are aware of SEO so the task is tougher.

Expectations & Reality

A recent survey reported that less than half of all small businesses have an SEO budget. Of those with one the majority (71 percent) spent less than £100/month. That’s right – 71 percent of small businesses budget £0 – £99/month for SEO.

This is further supported by the inquiries I receive from prospective clients. Here’s the breakdown for a pretty typical quarter in 2017

Monthly SEO enquiries/budget

This is why your in-box is spammed with promises of “guaranteed first-page results” for £99. SEO spammers know the market. Their promise of first page results is hard to resist and, in my experience, most business owners have no idea how SEO works, they are far too busy running their businesses to spend time learning SEO and so may very well opt for the least expensive quote.

Most businesses are process driven, to get from A to B you follow certain process to get there. A lot of people assume SEO works in a similar way, they tend to treat it as a commodity and, as a consequence select their SEO on price, frequently choosing the least expensive [cheapest]

The Cost of Cheap SEO

I’ve been doing SEO since 2001 and over the years I been a member of many internet marketing groups on Linkedin and I never cease to be amazed by the number of people with a little knowledge who pose as SEO professionals and take on clients. How do I know they lack experience? It’s questions like “I have just taken on a client that wants to rank for “keyword x” – how do I do it?” that tends to give the game away.

A close second to asking “how” is the use of link schemes, specifically private blog networks (PBNs), without ever explaining the risk to clients. If you were to simply throw your money away by hiring an incompetent to carry out your SEO that would be bad enough. The problem is that the damage does not stop at the waste of money – it’s far more serious than that. The damage that someone who does not know what they are doing can go much deeper. It could attract a Google penalty and virtually wipe out a website’s visibility on the web.

As a consequence, even if you don’t choose EOMS to conduct your SEO I would encourage you to insist on using tactics that comply with Google Webmaster Guidelines, as I do.

Managing Your Resources

With Google using more than 200 ranking factors it’s easy to become intimidated and paralysed. However, there are some key areas that, if properly managed, will go along way towards great SEO results. Your site should 

    • be easily accessible to search engines.
    • follow Google Webmaster Guidelines for SEO best practices.
    • perform quickly (pages opening in 3 seconds or faster).
    • work well on all devices, mobile, tablet, and desktop.
    • feature content that is unique,interesting and of value
    • have regular fresh content added

Set Goals

As with everything in business, Goals are good. They help focus the mind and ensure that everybody knows what’s expected.

When setting goals, it’s important to keep a few things in mind.

  • Your goals need to be SMART
      • Specific
      • Measurable
      • Achievable
      • Realistic – Stretch goals are fine, but pie in the sky benchmarks can actually work as a disincentive.
      • Timed – You need to give the campaign time to work. According to Google, “in most cases, SEOs need four months to a year to help your business first implement improvements and then see potential benefit.”

    At one time, success was measured solely by where your website would be featured on the Search Results Pages. While this remains an important metric, it’s no longer the most important metric. The most important are those that deliver real value, such as:

    • Improving organic sessions by x percent.
    • Increasing conversions by y per month.
    • Increasing revenues by z percent.

Developing a Budget

And here we get to the nub of the matter. Your goals will define the strategy required needed to succeed. This will then provide the information required to develop an action/implementation plan which defines the work required and, consequently, the budget necessary to achieve the desired goals.

Remember though, that the budget needs to take account of the time to properly plan, implement and tweak a campaign in order to evaluate its success.

That said, the right budget is one you can afford, without losing sleep, for a minimum of four (and ideally 12) months and the lower the budget, the longer the journey

How much should you spend on your SEO?

Well, £99/month just isn’t enough to do it properly. If you are hiring an SEO company expect to pay from £200-300 per month.

If you can’t afford to retain a top level SEO, there are some options. The most common being a one-time website SEO audit with actionable recommendations that you could implement yourself.

Just fixing your website will often lead to a meaningful boost in organic traffic. Content development and keyword analysis are other areas where you can get help from a pro for a one time fixed rate. Another option is to become an expert and do it yourself.

SEO Cost Calculator: Measuring Organic Search (SEO) ROI

Following is a calculator commonly used (incorrectly) for measuring return on investment for SEO.Best Widget Ever - ROI calculator


Of course, the above calculation has a major flaw,
it fails to take into consideration the lifetime value of a new customer.

Online businesses need repeat orders/sales in order to grow. By not calculating the lifetime value of a new customer the true ROI is grossly understated.

The right way to calculate ROI is to build lifetime value into the calculator as seen here:

Best Widget Ever - ROI over a customer lifetime

The Takeaway

Unlike Pay Per Click – (Google/Bing Ads etc) an organic search campaign won’t yield immediate results and, even when executed to perfection, it takes time for Google to recognise and reward these efforts.

That said, the traffic earned from these efforts is often the most consistent and best converting among all channels.

And if you need help with your SEO then please get in touch. Give me a call on 01793 238020 or send an email to andy@enterprise-oms.co.uk for a free, obligation free chat about your SEO and/or anything else to do with your website and digital footprint

To Carousel or not to Carousel, that is the question.

Carousels, (aka Image Sliders) the name given to those annoying sliding images that seem to feature on most websites these days. As you might have gathered, I’m not a fan but is my dislike subjective (taste) or objective (they don’t add anything).

It’s objective and here’s why

1/ the human eye doesn’t respond well to movement – or maybe it responds too well.
We may not live in the jungle anymore, but we did once. Our brains are wired to react to sudden movement, and this movement is called a saccade. It’s our retina’s uncontrollable response to movement, and the speed of movement during each saccade can’t be controlled. The eyes move as fast as they are able.

This might have been great when hunting prey in prehistoric times whilst trying to make sure the odd sabre toothed tiger can’t creep up on us, but today, it’s your slider fighting for your attention.

2/ They take control away from the visitor
Visitors like to be in control when they arrive on your website. They don’t want to see something they have no use for, and frankly, the whole point of your website should be to give your visitor what they came for.

When you put an auto-rotating image slider on your homepage you take control out of your user’s hands and give it to the slider. You know what follows? Disaster. Image sliders keep rotating, attention keeps being grabbed and web visitors loose patience. This is not only frustrating, but is terrible for usability according to UX Movement.

3/ They take up Space and hardly get clicked?
How many times have you watched a slider waiting for something useful to appear? If it’s more than once then you’re in the minority.

You already know image sliders are so fast and distracting, visitors tend to ignore them. Erik Runyon ran a study at Notre Dame University  to test and measure the number of clicks made on the sliders in comparison to homepage visits and you know what?

The study revealed a mere 1% of visitors clicked on a feature on the slider. That’s like the unicorn of bad conversions.

4/ They reduce visibility
The Neilson Norman group (founded by Jakob Nielsen, “the Guru of website usability” New York Times) group ran a usability study, where a user was attempting to search special deals on Siemens washing machines. The user arrived on the Siemens homepage that looked like this with a deal on a washing machine at the top of the page.

  • The user didn’t spot the deal
  • She ignored the offer placed in a small box in the left-hand corner.
  • Then she ignored the big banner splattered on the page, even though it had an image of a washing machine on it.

Because the image slider looked so much like an ad, she left the website without buying the machine, costing Siemens an easy sale.

Jakob Nielson also pointed out that international users and users with low literacy get easily distracted and frustrated by the image sliders, as they are unable to read through one offer before another slides into place.

The bottom line is image sliders are ineffective. And to reinforce this idea, here’s a slider by WebAIM. [If you only follow one link, you should follow this one]

Why you should not use an image carousel

And if you need help with your SEO and/or anything else to do with your website and digital footprint then please get in touch. Give me a call on 01793 238020 or send an email to andy@enterprise-oms.co.uk for a free, zero obligation chat.