How secure is your password?

Government Communications Head Quarters (GCHQ) – where the UK spooks provide signals intelligence to the UK’s government, military and Military Intelligence and the Department for Digital, Media and Sport (DCMS) carried out their first UK Cyber Survey and the results didn’t make for great reading.

Apparently

  • 42% of us Brits expect to lose money to on-line fraud
  • 23.2 million worldwide victims of cyber breaches used 123456 as their password
  • 15% say they know how to properly protect themselves from harmful on-line activity
  • 33% rely on friends and family for help with their cyber security
  • Young people are the most likely to be cyber aware, privacy concious and careful of the details they share on-line
  • 61% of internet users check Social Media daily, 21% say they never look at it
  • More than 50% use the same password for their email that they use elsewhere
Hacker Inside

Dr Ian Levy, NCSC Technical Director said “Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.” whilst Margot James, DMCS Minister said “We shouldn’t make their (cyber criminals) lives easy so choosing a strong and separate password for your email account is a great practical step. “

Most Regularly Used Passwords

RankPasswordTimes UsedPasswordTimes Used
1.123456 23.2mashley432,276
2.1237567897.7mmichael425,291
3.qwerty3.8mdaniel368,227
4.password3.6mjessica324,125
5.11111113.1mcharlie308,939

It’s a shame that the top password list hasn’t really changed for at least 10 years – it shows how complacent a lot of us are with our on-line security.

I used to have 3 passwords, a simple one that I used really casually for newspaper sign-ups etc – name123 (not my real passwords, merely examples) a medium security one that I used on shopping sites, n@m3123 and a more secure one, used for banking etc – c3ler0n! (and all of the ones that I used feature on the Have I Been Pwned list).

log on box

About 5 or more years ago I switched to a Password Manager. I have 801 log-ins and 801 different passwords. All of them are at least 16 random characters long and comprise upper & lower case letters, numbers and symbols (where permitted).

My Password database is stored securely in the cloud and is replicated on my PC, Phone and Tablet and accessible from my Chromebook too. I use LastPass but others exist and here’s a review of some of the top ones.

As you can see, I do my best to stay on top of my security but if you feel adrift, or need some help, just give me a call on 01793 238020 or email andy@enterprise-oms.co.uk for a free chat.

You’re thinking of PPC Advertising – but where should you place your money?

In my experience, when thinking about advertising on the the web, most people think of Google and Facebook Ads and that’s about it but there’s a wide range of Pay per Click (PPC) opportunities available and the key to success is deciding which are the platforms most likely to deliver the best results.

In this post I’ll be looking the top 8 platforms that you should think about,

  • Bing Ads
  • Facebook Ads
  • Google Ads
  • Linkedin Ads
  • Pinterest Ads
  • Twitter Ads
  • Yahoo Ads

Bing Ads

Run by Microsoft, Bing is the search engine that seems to be forgotten but is in daily use by millions of people. My experience is that clicks are cheaper than those from Google and frequently of better quality. It gets better because if you have a Google Ads campaign, Bing Ads have a tool that will import all of your campaigns at the click of a button.

Bing also powers the Yahoo Ad network so you’ll have the added benefit of your Ads appearing across Yahoo too.

Look hard and you’ll also be able to take advantage of £100.00 credit to get you going (there are terms, of course but essentially, it’s free advertising)

Facebook Ads

Facebook, largest Social Media platform on the internet. 2.2Bn users worldwide and about 32m in the UK so why wouldn’t you want to advertise here. Well, if you have something to sell to consumers then you should give it some thought. You can have image ads, text ads, video ads, sponsored updates and much much more. 

Not only that but you can target specific audiences and markets through the demographic data that Facebook hold, making it a far more targeted campaign than other platforms.

However, if you are in the Business to Business market, Facebook may not be the ideal platform for your ads.

Google Ads

Not the longest running Ad platform but certainly the most well established, the most popular and the one with the greatest reach, with more than 3.5Bn searches taking place on Google every day!

Google ads can be placed on Google, YouTube, the Content Network as well as Google Search Partners.

You can have simple text ads, image ads as well as responsive ads targeted at mobile phone users.

Google Ads is also a great way to waste money if you don’t think carefully about where your Ads are displayed, to whom they are targeted and the way your search words are formatted and used. Campaign management (either in-house or outsourced) is essential to get the most from your Ads investment.

Linkedin Ads

Linkedin is home to over 520m professionals and so if your business is focussed on selling things to, or providing services to, a business market place than Linkedin is the natural home for your ads.

You can focus your ads on almost any of the demographic metrics that Linkedin collects, whether geographically, job title, seniority, job role and much more.

Traditional ads are shown on the right hand side on your Linkedin home page and across the top whilst promoted posts appear in the newsfeed and hate works best are hints, tips and white papers.

Pinterest Ads

Pinterest is quite new to the paid advertising market but is rapidly catching up, as demonstrated by it’s initial valuation before going public on the 18th April 2019 at $19/share valuing the company at $12.7Bn.

With more than 200m active, monthly, users who are researching trends, looking for ideas and inspiration it’s an ideal place to sell “things” – especially if your target market matches the key Pinterest demographic with 70% of Pinterest users being women and 40% earning more than $100,000 or more

Twitter Ads

Twitter is used by 330m people every month and is recognised as a key source of breaking news. 

Unlike a lot of the platforms mentioned here, Twitter ads stay on Twitter and so can be particularly effective and remain fully under your control. Your ads can be simple text but photos work better and videos are event more effective.

Yahoo

Yahoo was one of the original sellers of search ads and was the model that Google based Adwords on. Yahoo still stumbles on as part of the Oath network (Yahoo, AOL, Huff Post and Tumblr). 

Yahoo has a partnership agreement with Bing which means that your Bing Ads will also be displayed on the Yahoo network (and vice versa) and your ads can be simple text, images, video and any other supported media across the network

Conclusion

There are numerous Ad networks fighting for your advertising spend. My advice is to start small, test AND measure. If, after a couple of months, it seems that one of the platforms isn’t working for you then stop and switch to a different one until you find the right platform for your business.

And, if you need any help, I’ve been doing this since 2003 so give me a call on 01793 238020 or email andy@enterprise-oms.co.uk for a free, initial chat to see whether I can improve your existing campaigns or help you launch something new.

What to do when launching your new website

It’s a scenario I come across almost every month, a website gets relaunched after a major rebuild, perhaps the migration from an old site to something that’s (finally) mobile friendly or that’s the result of a corporate rebranding or a migration to e-Commerce or, or……well, you get the picture.

Then the problems start. Google Analytics starts reporting high Bounce Rates, the site falls down in the search engine results and visitor numbers start falling.

So, what’s happened?

Unless your relaunch is carefully planned, there’s a lot that can go wrong but one huge problem is Google. Your old site might have built a lot of respect with Google that hopefully translated in to great results when people were looking for you. However, if you just launch a fresh new site it’s highly likely that all of that respect is lost.

Not only that, but your old pages will keep popping up in search results, people might have added your old site to their favourites and when they visit – they are met with a 404 (page not found) error

404 Error

What you need to do

And yet, it’s so easy to prevent this. Before you press “go” to launch your new site you need to create a list of all of the pages on your existing site.

Next thing to do is to remove all of your previous site from the internet (or just make it inaccessible). You can do this by deleting your web files or simply by copying them to a new folder. Keeping a copy is essential, just in case anything goes wrong with your new site you can always revert back to your old one provided you have a copy of it but you need to take it off line to avoid any confusion.

Next thing you do is to map your old pages to new. So, for example, mywebsite.co.uk/about on the old site should be mapped to mywebsite.co.uk/about-EOMS on the new site. I use a spreadsheet with two columns to make this process easy to manage.

Then you ask your web developer to put “301 Redirects” in place that map the old pages to the new. What now happens is any visit to one of your old pages will automatically transfer the visitor to the relevant new page.

Not only that, but a 301 redirect also carries forward a fair percentage of that Google respect I mentioned earlier,

If you need some help with the relaunch of your new website, need a new website, need help with your SEO or anything else to do with your online marketing then don’t hesitate to drop me an email andy@enterprise-oms.co.uk or give me a call 01793 238020

How to optimise your YouTube videos

You can watch the video, listen to the podcast or read on


YouTube, great isn’t it – more cat videos than you can watch in a lifetime!

However, it’s also a great source of information AND a really powerful way to reach web users who prefer to watch videos rather than read stuff. Imagine you want to learn how to fly fish. Just go to google and search “learn how to fly fish” for example, and Google shows you that there are 135 million results and the top is dominated by YouTube videos .

Google search results for Fly Fishing

Getting Started

Making videos has never been easier with great quality cameras in our phones, our tablets, our digital cameras – the list of devices goes on.

Before you start recording, however, you need to make sure that your video has a purpose. Then you need to make a short list of keywords that are relevant.

As you record your video and add your commentary you need to make sure that you use these words and phrases from your list.

For the video accompanying this blog I’ve concentrated on “optimising your video”, “making your video easy to find” and “SEO for YouTube”

Watch your video, does it look OK? Does it sound OK? If you are happy then you’re ready to move to the next step.

Uploading your video to YouTube

Once you’ve recorded your video and checked to make sure that you are happy with it the next step is to upload it to YouTube. Now you need to make the video easy to find and and make it easy for Google to understand what it’s about so that your video stands a chance of appearing in Google results, not just in YouTube search.

Next on the “to-do list” is to do is give your video a name that includes the types of words that people might be using when searching – so for the video that goes with this blog I’ve called the video “How to optimise your YouTube video”

Then you need a description so that YouTube can understand what the video is about.

Finally you need to add captions, in other words translate your speech in to text so that watchers don’t have to turn their speakers up or plug their headphones in. YouTube will automatically create the captions but you need to check that their speech t text translation has translated accurately and if there are errors you can go in and correct them.

Vimeo.com

Although powerful, YouTube has a number of annoying traits – not least
1/ The ability to show “People who watched this video also watched……”
2/ The ability to place annoying adverts on your video – ads which might come from your competition if you’re not careful.

So, before you embed your video in your website or share through your Social Media channels and email campaigns get on over to https://vimeo.com and set up a free account.

Vimeo is a “YouTube for professionals” and doesn’t take Ads and won’t recommend similar videos so your viewers wont get dragged away down the YouTube rabbit warren and forget where they started.

As a professional video platform it is mainly funded by subscription accounts but the free account should be more than adequate for your use.

Use the Vimeo embedding tools to add your video to your website, your blog, any email marketing that you conduct and your social media

And that’s it. If you have any problems with recording your video, optimising your video or anything else to do with your digital marketing then just give me a call on 01793 238020 for a free, obligation free, chat or drop me an email to andy@enterprise-oms.co.uk

What the FA is 2FA and do I need it?

Let’s answer the easy question first, “do I need 2FA”? The simple answer is “yes”, you do need Two Factor Authentication (2FA). Now read on to learn more about what it is, how it works and how it can secure your data and online activity

I’ve written in previous posts about passwords, hacking, identity theft and the threat to our privacy, data and businesses from cyber criminals. As you might imagine, the number of attacks is increasing, as is the sophistication.

Why are Cyber Attacks increasing

Simple! The number of websites that we log-in to continues to increase and
many people use one password across many websites. As you can see from the list on the right a lot of people use passwords that are less than ideal. The cyber criminals know this which makes it a gift for them.

Some people think they are safe because they have 3 passwords. A simple one for common sites where they don’t see a threat (posting comments to newspaper websites for example), a medium one that they use for on-line shopping and Cloud storage sites (DropBox for example) and a really complicated one for their “secure” sites, such as bank access etc.

After all, just trying to remember pWa#eeAS7uNggK49 is a challenge but if you have to remember a different one for every single website it becomes a real challenge. You might jot them down in a notebook or diary but what happens if you loose your book, or just leave it on a train. Not only have you been frozen out of your accounts (until you work your way through all those “forgotten password” routines) but your security has been seriously compromised.

Some people, like me for example, use password manager. These apps create a secure password for ever site that you log in to and make it available across desk-tops, lap-tops, phones and tablets and don’t cost very much at all. But even if you use one how secure are you, actually?

chocolate teapot

If a site that you use your super strong password on is penetrated and data stolen, your strong password is about as much use (from a security perspective) as the infamous chocolate teapot. And if you have used this super-strong password on more than one site you are at an even greater risk of becoming a victim of data theft. With more than 6,474m email addresses in the wild for cyber criminals to use and 551m passwords stolen in security hacks the criminals job gets ever easier.

Use the Have I been Pwned website to see whether your passwords have been stolen by cyber criminals or nabbed in a data breach and read more about the risk, and how the criminals use this stolen data in a previous post.

What’s the Solution

It’s actually fairly simple. It’s called two factor authentication [2FA] or multi-factor authentication. This is where another layer of authentication is required, beyond your user name and password.

In the early days of 2FA sites would send you a text with an access code so you could only log-in if you had your phone with you [and had a mobile signal]. This extra layer of security hit the cyber-criminals hard, until they realised that intercepting text messages was not particularly difficult if you were tech-savvy so something else was required.

Image result for hsbc internet banking device

The banks solved this problem by providing you with a device like the one to the right, this one’s from HSBC. At the website you enter your user-name and pass-code as normal, enter a PIN in the device and then enter the displayed number from the device in to your banks website. It may feel like a pain but it really does have a positive effect on the security of your on-line banking. A criminal needs a your user name/password, access to a device as well as your device PIN

Microsoft Authenticator

Having a device for every website is pretty clunky so Microsoft and Google released authentication apps for Android and iPhones. The way they work is they generate a six digit code, as can be seen in the image on the right, and the website that you are looking to access requests this code after you have entered your user-name and password – as demonstrated in this screen-shot of my LastPass password manager.

Two Factor Authentiaction

All I have to do is launch my Authenticator App and enter the six digit password. For additional security, the code changes every 30 seconds or so

Hardware Security

Hardware 2FA security solution

The final security solution is the physical “Key” such as this one from Yubikey. This is a USB device that simply plugs in to a USB port on your computer and allows you access to secured sites – or even your computer itself.

If you are worried by your security, or need any help with your internet activity, from a new website through social media and on to other online marketing opportunities then just send me an email – andy@enterprise-oms.co.uk or give me a call on 01793 238020

Have you had your electronic ID stolen?

In other words, have you been pwned*. There have been millions of email addresses and passwords stolen in hack attacks and millions more that have been left exposed by incompetent website owners. However, it’s not just your email address that’s been stolen, your name will have gone with it, possibly your address and maybe even credit card (and other) data.

The stolen information is then made available for sale on the dark web and here’s a sample of the prices it can fetch

  • Credit/debit card number – $5-$11
  • With the CVV (3 digit) security code – + $5
  • “Fullz” (card, CVV, name, address, date of birth etc.) – $30
  • Bank account access – 10% of the credit balance in the account
  • Online Payment Services, such as PayPal – $20-$200

But how do you know whether your information is “out there” just waiting to be abused by cyber criminals? Well, I don’t know but I know a man who does, and he’s set up a rather useful website

Have I been Pwned?

There’s a website called Have I Been Pwned. This has been created by Troy Hunt, a Microsoft Regional Director & MVP (Microsoft Most Valuable Person for developer security). After data from a major cyber incident was “found” on the Dark Web Troy decided to put a database together – in his own time & at his own cost – as a way of allowing people to check whether their data was amongst stolen information and to “keep his hand in” from a programming perspective.

The site is now a comprehensive source of information about data hacks and data loss and is simple to use. All you have to do is enter your email address to see whether you have been “pwned”

And if you have been, as shown in the image above, it will also tell you which data breach (breaches) your email address has been found in.

Not every data breach leads to passwords being available. Some databases have encrypted passwords, making them worthless to the cyber criminal. However, many don’t and, like email addresses, there are millions (over 550) of passwords available on the Dark Web.

As he’s done with email addresses, Troy has now gathered all the stolen passwords that he can find and has created another searchable database dedicated to stolen passwords.

So, why is it so important to know whether your passwords are available to cyber criminals?

At this point, all the criminals have is a list of emails and and another list of passwords. They may not know which ones go together and they also don’t know which websites these email addresses and passwords relate to.

But, from our perspective, there’s a significant weakness. This comes in to play because a lot of people use the same password for many websites simply because it’s easier to remember one password than many. This use of the same password makes things a lot easier for the cyber criminals to put our data to fraudulent use.

Let’s say, for example, that the criminals target Amazon. You might have your credit card details already stored against your account so if a cyber criminal can gain access, all they have to do is change a delivery address and Bob’s their uncle.

They’ll use a “Credential Stuffing Attack” which means that they’ll load all the email addresses in to one database and the passwords in to another and start the attack. First they pick their target (Amazon in my example) and use software that will add an email address to the log-in box. They’ll then turn to different software to try all the passwords in the password database to see whether there’s a match. And once they’ve tried one email address they’ll automatically move on the next one. Once they’ve tried all combinations, and flagged those that work, they’ll move on to another site.

This sounds like a long, slow process but they’ll probably use a “Botnet” – a network of tens, hundreds or possibly thousands of hacked computers around the world that they have control over.

So, you should check “Have I Been Pwned” for both email addresses and passwords and if you’ve got a compromised password you should find the sites you use it on and change it – remembering to use a different one for each site.

Top 10 Passwords of 1018

Different, not similar – Password, PassWord, PAssword1960 and Pa55W0rd are NOT different to a cyber criminal. Criminals will also use these, and other variants of the world’s most popular passwords (2018’s shown in the image to the right) in their attempts to hack your accounts.

If you are concerned about your digital security, or need some help with your website, SEO or anything else online then just drop me an email, andy@enterprise-oms.co.uk , or give me a call on 01793 238020 for a free, no obligation conversation about your requirements

*Pwned – When a map designer in the online game called Warcraft beat another player he wanted to say “Player x has been owned”. Unfortunately, he mis-typed and actually said “Played x has been Pwned”. This is now a “thing”

Worries with WordPress and what happens if you don’t keep up with updates

WordPress LogoYou might have a website that’s been build using WordPress. No one will blame you, after all it’s free and has become probably the most used Content Management Systems (CMS) out there. In fact, in 2018 around one third of all websites were built on WordPress.

You might have built the site yourself or paid a developer to design and build it for you. You might not even know that your site has been built using WordPress.

It’s popular because it’s free and pretty easy to use – well it is when compared to some of the alternatives out there anyway. Although popular and free, it may not be the best and although it It is OK it does have a number of issues.

WordPress Editing screenBecause it’s so popular it’s become a top target for hackers. This means that the people behind WordPress have to be on their toes, always on the lookout for weaknesses & flaws that the hackers can exploit to break into a website and create mayhem. When the WordPress developers come across such a flaw they create a patch and release a new version of WordPress. As an example, the current version is 4.7. However within the next couple of weeks there will probably be a new version. 4.7.1 and then 4.7.2 and so on and so on and so on, releasing updates as and when flaws are discovered.

You and your web developer need to be on top of this by making sure that you’re running the latest version of WordPress. The newer versions, if setup properly, should update themselves automatically but you need to keep an eye on things just in case. Older versions had to updated manually, by clicking the ‘Update Now’ link so it all seems pretty straightforward. But it’s not!

Why things may not be as easy as they seem

WordPress MenuMost websites using WordPress use a number of Plug-Ins, small pieces of software that add extra functionality to the website and make it easier to manage. However, you need to exercise caution when updating – especially if you use a lot of plugins to manage different elements of your site because some of the plug-ins may not have been updated to work with the latest version of WordPress. This means that hitting the WordPress Update link might cause a plugin to stop working and this could break your website.

But what happens if you don’t update WordPress?

Well, you might find that your website gets hacked and will start to do things that you would’t want to be associated with. It could start to download malware to the computers of all the people who visit your site – siftwre that could monitor their keystrokes and pass banking details back to criminals in Eastern Europe or China, for example.

Or you could find – as one news website found out to their embarrassment – a lot of unsavoury spam being inserted into the first paragraph of every news story on their website.

Hacked WordPress pageHow did this happen?
The company were very lax – their site was built using WordPress and was last updated in June 2012. Since then, there have been 114 updates to WordPress, some to improve performance and some to improve security.

By failing to keep up to date this gave the hackers and “easy in”. The hackers were able to use automated tools to find websites using WordPress and to find out which version was being used. From there, it would have been simple for the hackers to target a known weak spot and break in. From there, it would have been the work of moments to install their own spammy code.

What should the website do?
It’s easy to cure – all they have to do is identify and delete the malicious software and then update to the latest version of WordPress, although they are so behind with their updates that they might find their site gets broken by the update so they might be caught between a rock and a hard place.

If you are worried about WordPress, then don’t hesitate to get in touch. Give me a call on 01793 238020 or drop an email to andy@enterprise-oms.co.uk for a free, confidential and obligation free chat.

The Deep Web and Dark Web. What are they?

The Deep Dark Web

The “Dark Web” has been in the press frequently over the past couple of years, associated with tales of hacking, the sale of personal information, credit card data, drugs, weapons and other illicit items. However,  there’s been very little by way of explanation as to what the dark web is and how you go there and this item looks to answer that, purely for research purposes of course.

A number of news stories have also referred to the “Deep Web” which has lead to a degree of confusion, as if the media consider the two to be interchangeable.

So, just to clear up any confusion here’s an explanation of the differences between the Deep and the Dark Web.

Let’s start at the top

The “Surface Web” is the web we all know and love, the websites we visit and the sites/pages that we find using Google/Bing/Yahoo and other search engines. And there’s the key, it’s only the parts of the internet that the search engines know about.

Just visit any website and click a few links, you’ll be doing the same thing that the search engines do, visiting websites and following links to find pages that they can present to you when you’re looking for things.

What is The Deep Web

Simply put, the Deep Web is just the area of the internet that is beyond the reach of the major search engines.

As an example, just go to www.britishairways.com and try to find a holiday to the Nautic Hotel between 7th and 14th October in Mallorca without using the search facilities.

It’s not that easy, in fact it you might find it confusing/difficult/impossible. You’re not alone, the search engines do to because they can’t get much further down than the first 3-4 layers. At least this is getting better because Google, Bing and the like are always looking to improve the way they manage such challenges but it’s still a struggle for them.

Websites can use code, called robots.txt, to actually block the search engines from certain pages so that they are difficult to find, deliberately. Websites with members only pages may choose to do this, for example.

As you can see, the Deep Web is neither illicit nor scary, it’s just out of reach of the major search engines.

What is the Dark Web

This is where things get really interesting. The Dark Web is a small portion of the web that is intentionally hidden and encrypted and which cannot be accessed through your typical web browser.

To access the Dark Web you need a specialised web browser that enables you to tap into the the TOR network. TOR, short for ‘The Onion Router’, so called because it uses many layers to both encrypt the data that moves around and to make it almost impossible for the authorities to trace internet activity back to a particular user and location. Great for security and anonymity which is why TOR was originally designed by US Intelligence agencies to enable American spies to securely communicate with their parent organisation and not reveal their location and identity.

The code was officially released to the public in 2004, and it’s still used by human rights groups and the like in repressive and unsafe countries to communicate with the outside world, but like almost everything it has also been subverted by those with criminal tendencies and put to a darker use.

You might recall that a couple of years ago the media was full of stories about a Dark Web website called Silk Road. This was like an eBay for criminals, a place where you could buy illegal items such as drugs & weapons and engage criminals to carry out illegal activities on your behalf, hacking for example.

The Silk Road was eventually closed down by the authorities but similar sites still exist if you know where to look and how to access them.

The first step is to download the TOR software, it’s free and pretty easy to find. However there’s no Dark Web version of Google – you have to know your way around if you want to find the illegal stuff – I don’t and wouldn’t broadcast it even if I did know.

I may not be able to help with your journey to the Dark Web but if your Surface Web needs improving or your Deep Web needs surfacing to make it easy to find, then get in touch, andy@enterprise-oms.co.uk or give me a call- 01793 238020 and I’ll dive in and see what I can do.

4 plug-ins every WordPress site should have

WordPress Logo

A Content Management Systems (CMS) is a tool that business owners, web developers and others use to build their websites. There are loads to choose from, depending on your specific requirements, and WordPress, Joomla, Drupal, Magento, Umbraco, Squarespace, and Wix are some of the most popular.

If your website uses WordPress(WP) then you find yourself in good company. It’s by far and away the most popular CMS, being used by 32% of all websites. WordPress is popular for a number of reasons, the software is free (but you’ll still need hosting that will cost), it’s pretty easy to use and there are thousands of “themes” (designs and templates) that you can use to define the way your website looks and many of them are free to use. There’s lots of places you can turn to for advice and support and lots of professional developers who can customise your site so that is does exactly what you need.

Customising WordPress

WordPress is not perfect though, it may not do everything that you need. However, it’s an open system which means that if you understand how to write software you can create your own enhancements. You don’t even need to be a software developer to benefit. Somebody, somewhere has probably already had a similar need to yours and written something to do the job. Thousands of people have created additional enhancements and have made their tools available to everyone. These enhancements are called plug-ins. A lot are free whilst others require a payment, although the majority of these are inexpensive.

Plug-Ins

The downside to plug-ins is that each one you use makes your website run a little slower, and with Google beginning to penalise slow sites the speed of your website is something you need to keep an eye on. This means that you shouldn’t just keep adding plug-ins. You should make your choice, install your plug-in, give it a test and if it doesn’t do what you need then uninstall it.

Example of WordPress Menu

Not only should you keep your plug-in count to a minimum but each plug-in MUST be kept up to date. The authors regularly update them, some updates patch security flaws, some improve performance and/or add extra functionality and some updates are required to make sure the plug-in runs with the latest upgrades to WordPress itself – so you need to be regularly checking, unless you have a program that monitors then for you. Best case scenario is that nothing happens, worst case scenarios are that the unpatched plug-in breaks your website or a security hole lets a hacker in .

Three Ss and a B

Security, Speed, Search Engine Optimisation (SEO) & Back-up

Security

WordPress Plug-in Menu

Your WordPress site needs to be secure so that hackers can’t break in and do their hacking thing. Which could be to use your website host malicious software and force it on the computers of all that visit. They might create pages with links to their web pages, or look to capture details identifying visitors to your site. Thankfully, there’s a plug-in that will fortify your WordPress website against attack.

Speed

Your website has to be fast. To stop people drifting away, your pages need to open within 3 seconds. Slower that that and people will not wait. Slower than that and Google may start to penalise your site by pushing it down in their search results pages. There’s a plug-in that will keep WordPress running as fast as possible.

Search Engine Optimisation

In order for your customers to be able to find you in Google (or Bing, or Yahoo or one of the other search engines) the search engines have to be able to understand what it is your website is offering. The discipline that enables the search engines to understand your website and hopefully put your site on Page 1 of the results is called Search Engine Optimisation. There’s a plug-in that makes it easy to search optimize your site – so long as you know what you are doing.

Back-up

Hopefully you regularly back-up your business data. Well, you also should be backing up your website too. If you make an editing mistake and break your site, you can restore a working version, if something else breaks your website then you can restore a working version and if you have a problem with your host then a back-up will make it relatively easy to move your site to a new host. Guess what, there’s a plug-in for that too

So, which are the best plug-ins to use?

I can’t tell you that because there are thousands of the things but I can tell you which are the first ones that I install and configure on every WP website that I work with, in my mind they are essential and should be installed before you even think about developing your WP website

4 free plug-ins every WordPress site should have

WordFence for security

WordFence is a security enhancer. It is an “endpoint” firewall which means it cannot be bypassed, unlike a Cloud Firewall. This means that everybody trying to access the admin area of your site (both you as the site admin and the bad guys – the hackers) have to get past WordFence first.

It defends against “brute force” attacks, where a hacker attempts to guess usernames and passwords and after a certain number of failed attempts (you set the limit) it blocks the attacker, effectively making your website invisible to them. WordFence keeps a blacklist of known hackers (by their IP address) and automatically blocks them. WordFence also sends you an email when one of your plug-ins requires updating, making plug-in management a whole lot easier.

It scans your WP files for malicious software and if you need even more functionality (most users won’t) then the Premium version is just $99

Learn more about WordFence

Updraft Plus – for back-ups

Updraft Plus is a back-up plugin for WP. Now that you have secured your site from external threats you should look to guard yourself from internal problems, accidentally deleted pages, server/host issues, and (in the unlikely event of an intrusion) issues caused by hacking and penetration. It could even be something as simple as a WP, or plug-in, upgrade that breaks your site

To do this you need to be making regular back-ups of your WP installation and your content. Updraft Plus will do this for you. You can set a schedule so if you want an automatic hourly, daily, weekly back-up you just set the plug-in and it does the rest. You can even save your back-up to your Google, Microsoft or one of many other Cloud accounts,

Should you need to restore your WP site, Updraft Plus makes this easy too.

Find out more about Updraft Plus

WP-Rocket – for speed

WP-Rocket is the only plug-in on this list that doesn’t have a free version. However, the cost for a single site won’t break the bank at just $49.

What WP-Rocket will do for your website is make it faster to open on a visitors computer.It uses a number of tools to achieve this. It compresses your site for faster transmission across the internet, it manages images so that the only images downloaded are those that are visible on screen, if allows a web browser to cache key elements of your site so that they don’t have to be reloaded every time a visitor navigates to a different page. You can see everything that WP-Rocket does here.

Yoast – for SEO

In order to stand a chance of being found on the internet, your website needs to be “Search Friendly” which means that Google, Bing, Yahoo, Duck Duck Go etc can find your site, visit all the important pages, understand what’s on offer and (hopefully) put your site on the first page of the search results when someone is looking for your products, goods or services.

However, WordPress doesn’t make it easy and this is where the YOAST plug-in comes in to play. As long as you understand the requirements for effective SEO then the YOAST plug-in makes it easy to implement key SEO requirements.

Find out more about YOAST

So, there you have it, four essential plug-ins for your website before you start working on the design, the look, the feel and your content and if you need more help with your website, no matter what CMS you are using, your SEO or digital marketing then all you have to do is pick up the phone and give me a call on 01793 238020 or send andy@enterprise-oms.co.uk an email

How long does SEO take?

Hourglass - representing the time that SEO takesSEO, easy isn’t it. Write some content, mess with the Meta Tags, get your image names and Alt Tags right and Bob’s your uncle, right? Instant SEO love from google and a rush up the search engine results pages (SERPs)

Wrong………SEO takes time. Despite the amount of technology and artificial intelligence devoted to managing Google’s (other search engines are available) search results it actually takes some time for your changes to search to actually take effect.

If you are not familiar with key SEO terminology then pop across to my SEO Glossary

But how long does it actually take?

Google certainly isn’t telling but a number of people have carried numerous experiments and a number of conclusions have been reached.

The first is an answer that you don’t want to hear – “it depends”. And it depends on so many things, more than 200 according to Google.

Like everything, SEO should be planned and can be broken down into a number of phases, the first of which is

Research and Discovery

Audit your website to see what needs to be done, have a look at your competitors, think of the ways that people might be looking for the things you do.

CalendarImplementation

The next step is to take the results of your research and start to build it in to your website. The “Technical SEO”. You should be auditing your back-links to make sure that they are of a high enough quality

Next up you need to start creating new content. Writing blog posts, creating FAQs, writing white papers etc. You should be sharing these through your Social Media channels, email campaigns etc.

By month four you should begin to see some improvement in your position in the search results – an indication that your work is paying off – but don’t stop.

Management and Tracking

You should be paying attention to Google Analytics to see how much traffic is visiting your site and how many leads, sales, enquiries are being made. If traffic has increased but actions haven’t then you are either reaching the wrong people, sending the wrong message or your site is not working particularly well. Now is the time to look at all of the issues and put resolutions in place.

Continue with your content creation. Too many companies opt out of SEO after 3-4 months because they don’t feel that it’s working for them. The reality is that their SEO may only just be getting going. A time frame of 6 months to a year is where you should be aiming. SEO is not a sprint, it’s a marathon. The more you work at it, the better things will get but the marathon never ends.

But remember

It’s no good being number 1 in the search results if your website isn’t playing its part in the role and converting those visits in to leads, enquiries or sales.

Not only that but SEO is just part of your marketing mix, you also need to be effective with your Social Media, email and Video marketing and everything else that you do to promote your products, services and your brand.

And if you need some help with any aspect of your SEO, from a site review to a full package just get in touch for a free, no obligation conversation and we’ll see where it takes us.

If you need help with your search engine optimisation (SEO), your website or anything else to do with your marketing all you have to do is pick up the phone and give me a call on 01793 238020 or send andy@enterprise-oms.co.uk an email

Posted in SEO