Browsing articles in "Web Design"

WordPress.org Security Alert

Jun 29, 2011 by Buzz Throckman   Hosting, Security, Web Design

A few days ago WordPress.org announced another server-level security breech at the WordPress.com servers… WordPress quickly made moves to mitigate any security risks.

The original post is at http://wordpress.org/news/2011/06/passwords-reset/

“The WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavoury.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)”

Some people have interpreted this to mean that WordPress itself has security problems which has caused concern from some of our users.

Please note that this exploit does NOT impact individual WordPress installations that individuals have installed through their cPanel or had Net Solutions install for them.

If, in the last week or so, you have installed updates for the WPTouch, AddThis or W3TotalCache I would suggest you check your copy from the repository (or plugin search) ASAP. The particular exploit gained access to WordPress.org and the plugin repository.

There are always risks associated in hosting any CMS but many of these risks you can mitigate through good password management, security updates and choosing a great web host that offers WordPress maintenance.

You also must not forget to do frequent off-site backups to deal with any potential catastrophe.

Google Places not friendly for P.O. Box users

Apr 29, 2011 by Olya   Web Design

This time last year Google announced that Google’s Local Business Centre will become Google Places. Now Google have made some changes which punishes small businesses who operate using P.O.Box. This may not have been the intent but certainly is the case for some.

It is not unusual for self employed individuals such as web-designers, plumbers and electricians to operate using a P.O.Box. They don’t want users to know where their office/bedroom is located if they must publish their home address. To simply assume that businesses who operate using a P.O. Box is illegitimate is just not helpful to small business owners, who are the very people that Google to help.

Lina Paczensky from Google explains this decision as follows:

“Google Places is meant to facilitate customer interaction with brick-and-mortar businesses and service providers. Therefore, the business owner or employee who is officially authorised to represent their particular business location must have a physical address in order to comply with our quality guidelines. P.O. Boxes are not considered accurate physical locations. Listings submitted with P.O. Box addresses will be removed.”

With a major shift towards online local search, a free business listing in Google Places is very helpful.

So what does one do? A few small business owners I know have simply lost their Google places listings as their address was a P.O.Box Numbers?

They were not given the opportunity or notified to edit their listing, instead it was removed and they had to go through the process of recreating a new listing. They need to lease an office or publich the location of their bedroom/office.

Since SMS verification has also removed during the application process, you need to wait for your postcard to arrive.

Have you suddenly found that your Google Places listing has been removed?

If so, we would love to hear from you.

Why do websites need to be maintained?

Feb 22, 2011 by Buzz Throckman   Hosting, Security, Web Design

There is a commin misconception that once your CMS website has been built, you don’t need to do anything more to it other than add content. This may be true if you have purchased a managed hosting account where someone looks after your website, but if you manage the website yourself, you have to maintain the software properly. There are four major reasons why websites must be maintained.

Updates

The only constant thing is change, so as Operating Systems and Virus definitionas get updated, Softwares must also be updated. The Internet is made up of the good, the bad and the ugly. People will attempt to break into your website on an hourly basis and if you fail to secure your website, they will get in. You have to take proactive measures to check and update all software used on your website.

Check

Despite all your attaempts to keep a site perfect some site errors are just inevitable. Broken links, slow page loads, codes or pieces of software that suddenly stop working. All these things can affect the browsing experience for your users. Aside from these, and perhaps even more important, is to check for security loopholes or areas where a website is vulnerable for malicious attacks. This is critical especially if important transactions are being conducted through the website.

Repair and Clean Up

if errors and other defects are found, they must be addressed right away. Installing security patches, new tools and softwares, removing unnecessary programs or even re-writing code maybe needed to keep the website in optimal state.

Back Up

E-commerce and business websites often keep a database of sensitive information. Nobody wants to lose such a valuable asset that’s why having a backup is a must. Websites run on servers and servers are not immune to disk crashes and other faults leaving the webmaster powerless. For this reason proper backups should be performed on a regular basis regardless of maintenance schedule. This is to ensure that when the unwanted happens, a backup will come in handy to save the day.

What is Website Maintenance?

Website maintenance is an activity that aims to keep a website maintained and running as expected. Regular maintenance is critical to the function of a website. Websites, like cars and computers, must be tuned-up and checked for errors to ensure that it will serve its purpose well. Ideally Website Maintenance should be performed on a regular basis.

What Goes On During Website Maintenance Period?

During website maintenance, any one or all of the following may be carried out:

  • Check for errors and broken links
  • Check for security holes
  • Install new tools, plugins and functions
  • Update contents
  • Update back-end platfom and software patches
  • Back up database and content

Because of this, a website may be required to temporarily shut down in order to facilitate these maintenance activities. If this is the case, a webmaster can send notifications to users and readers, put up a “maintenance page” whenever someone views the site, or redirect the visitors to another site or page providing them with limited but important functionalities to ensure that business or transactions will be not halted completely.

Why do websites need to be maintained?
The answer is obvious. A website needs regular website maintenance to function properly amidst update and changes on the internet, malicious attempts and attacks, data server crashes and other online issues.

What is this SEO thing anyway?

Nov 24, 2010 by Buzz Throckman   Web Design

Here are the top two questions around SEO once people understand the relationship with SEO and Google

Why aren’t I coming up first on Google?
We used to be ranked higher, now we are lower, why?

Search engine optimization (SEO) is a technical process that optimizes Web pages to rank high in search engine returns. This is accomplished by optimizing certain sections of web pages so that when read by search engines and, depending on the level of optimization, can create a greater probability of free referral traffic.
Once an high degree of understanding of how search algorithms work, SEO becomes a powerful marketing tool. The end goal is to create pages that contains words for which people will likely search when looking for information such as that contained on your site.

Also, it important to note that when I say search engine, I mean Google. It appears as though the others don’t matter anymore, especially sensis.com.au.

SEO can be a 60-minute job or a recurring activity. For instance, if you are a leader for rare keywords, then you do not have a lot to do in order to get good placement. But in most cases, you will need to pay special attention to keywords used in your pages, because in the eyes of Google, you are an individual just like everybody else.

Here is some free advice

Since SEO relies so heavily on these keywords, the most important keywords and key phrases should be used liberally in the first two paragraphs of the content of each page. They are then sprinkled throughout the body and once again be keyword rich in the last paragraph of every page.

A suggested rule of thumb is to reach for keyword density between 5-15%. Judgment must be used to invoke keywords liberally without getting too repetitive. It may also help to use bold or italics on a keyword or two, but avoid doing this to excess. Another important placement for keywords is in the H1 and H2 header fields of each page. The most important keywords or key phrases should be found here.

Other strategies include naming image files and anchors with keywords. Anchors, also called crosslinks, are references to other pages within the site. Finally providing links to and from external sites, called backlinks is also important, as search engine spider bots navigate by links.

Sounds really easy doesn’t it. Well thankfully there are many SEO companies that will provide this as a service. However, caution should be used in securing a contractor to make sure that what is being promised is feasible, realistic and cost-effective.

But even if you engage a contractor to do your SEO, don’t just expect to be ranked at the top Unless you have keywords that standout ahead of everyone else on the internet.

WordPress 3 released

Jun 18, 2010 by Buzz Throckman   Web Design

WordPress 3 has been released and although the new version isn’t an entirely new animal there are a couple of improvements that I have noticed.

Firstly, the MU (multi-user) version is now merged into the mainstream product. WordPress MU enables you to install a single version of WordPress for multiple sites. The multiple sites would then have the features same plugins. This seems to be aimed at organisations that want to offer users/members/staff their own blogs.

Version 3 now has “Custom Post Types”. Previously this was restricted to Posts and Pages. For example, let’s say you want to have a Parts catalogue: in 3 it’ll be possible to create a new type of post called “Parts” that will contain the appropriate fields. This is a significant improvement in capability and also allows wordpress sites to resemble a CMS without the need for hacking the back end.

WordPress 2.9 has an option allowing you to create category templates using the slug, i.e category-slug.php. In WordPress 3.0, you can create specific templates for each author. The function get_author_template(); has been expanded in wp-includes/theme.php.

The menu system has been enhanced with Ajax so that you will be able to drag and drop pages, posts and categories in a similar way to the widget management screen.

The existing default theme, a study in boredom, is much smarter, easily customisable and a long overdue improvement. The theme has Custom header, Custom Background, Clean Design, Multiple Widget Areas, Cascading Menus and a lot more.

Version 3 includes a number of other more minor changes, including allowing you to change the default user from “Admin” to your choice and easier management of a theme’s background graphic.

I’m a huge fan of WordPress but I don’t believe that this update, useful though it is, does enough to open it up to non-technical users. There’s still a lot to be done to encourage users to customise their blogs more radically and effectively – it’s still all too easy to identify a WordPress site within moments because even simple design changes require knowledge of CSS.

Lets see what WordPress 4 promises!. To stay updated with WordPress Development follow: http://wpdevel.wordpress.com/

Geo-targeting by IP Address

Apr 21, 2010 by Buzz Throckman   Hosting, Web Design

Geographic location has become an essential model for targeting end users including dynamic site content, search, social media, etc.

The existing geo-targeting practices for search and display media focus on targeting by country, state, region and city. This is all based on IP addresses many of which are dynamic or inaccurate.

You can however custom target by entering a street address and defining a radial boundary a mini Google Maps interface. Getting down to detail there is the option of using longitude/latitude coordinates which can be as accurate to within 100 meters.

So, how do you put in place an alternate solution bypassing the inherent limitations of IP targeting? In search, we often develop a second campaign, ideally with a larger targeting radius and implement geo-specific keywords. While the geo-targeted campaign may have the keyword “pizza” this may only hit a portion of the intended geo-targeted audience. To reach the remaining audience, we typically extend the geo-target radius within a completely new campaign with extended keywords such as “Fitzroy pizza”.

But let’s look at how this works when we use IP address location as the basis of location based targeting.

Google uses MaxMind’s database for mapping IP addresses to a geographical location. They claim it is 99% accurate. What is in the fine print, is that it is 99% accurate in determining the country. This figure will not improve, but drop dramatically with the rise in mobile devices, wireless connections.

Accuracy is also defined as being within 40km which means Melbourne and Frankston are local to each other. So searching for a local Pizza Hut while you are in Frankston might give you Universal Pizza in Lygon Street. Still, probably worth the drive as their pizzas are great. ;-)

But from an end user point of view, is this considered local? Well no, not to me, I consider local to be within 5km. Like the ads for local businesses in your local newspaper.

The real happening place for location-based targeted marketing is clearly in mobile and mobile applications; in particular, social media applications that emphasize check-ins and connect you to places and people nearby. There is a world of difference, opportunity, and data between marketing location to where a computer resides and marketing location to the person who self identifies, checks-in, and announces their preferences and next stops.

Google has emphasized that location is an immediate and important relevance enhancer. However as the technology continues to evolve it remains both a limiting factor and a promise. HTML5 can allow permission-based, location-targeted ad delivery to consumers browsing on the mobile Web. Currently, it is supported in Chrome and Firefox, but not in Internet Explorer. The use of location-based data remains a point of debate, and just last week Apple posted a warning in its developer forums that if they use location-based data primarily for targeting ads the app will be rejected. Many apps already ask your permission to use your GPS location for app functionality, like the Google toolbar and Foursquare. You can even optionally geotag your tweets.

Likewise, the sharp increase in smartphone adoption all over the world raises both opportunities and challenges. Not only are more people using smartphones, but the devices now cover more of their needs and their day with a multitude of rich, engaging applications – many GPS driven.

Today the database at MaxMind states that it is 83% accurate for the USA and 62% for Australia. I believe this number is overstated and will only get worse which is why the data has not been updated since 2008.

All this makes geographical location services based on IP address unpractical and obsolete.

Google SEO Starter Guide

Mar 19, 2010 by Olya   Web Design

All webmasters want high search engine rankings to list their site on top of search engines search result pages. There are hundreds of sources providing information about search engine optimization to drive more site traffic. Google just made it simpler to master these SEO techniques.

Google webmaster tools has released an official Search Engine Optimization Starter Guide that covers many areas that webmasters might consider optimizing to get better Google ranking and indexing. Here is the index of contents that should interest you.

  • Create unique and accurate page titles
  • Make use of the ‘description’ meta tag
  • Improve the structure of your URL’s
  • Make your site easier to navigate
  • Offer quality content and services
  • Write better anchor texts
  • Use heading tags appropriately
  • Optimize your use of images
  • Making effective use of Robots.txt
  • Be aware of ‘nofollow’ tags for links
  • Promoting your website in the right ways
  • Make use of free webmaster tools
  • Take advantage of web analytics services

Download the Official Google SEO Started guide (.pdf) today and see what Google expects from your site structure and functionality.

Publishing your website using Fireftp

Oct 3, 2009 by Olya   Hosting, Web Design

The process of transferring a file from your computer to your website is often referred to as “uploading”. This guide only deals with how you can transfer a file to your web server using a free FTP client known as fireftp. Fireftp is a great add-on for the Firefox web browser. There are many other free FTP programs but this guide will only deal with fireftp.

What is FTP?

FTP stands for File Transfer Protocol.  Both HTTP and FTP protocols deal with transferring data across the Internet. FTP is used to upload and download files from your computer to a web server. Download http://fireftp.mozdev.org

Once downloaded follow the the on-screen intructions to install fireftp.

Using Fire FTP

  1. Click on Tools the select FireFTP
  2. Once FireFTP is open follow these steps to Connect to your Server.
  3. Click on Manage Accounts
  4. Select New…
  5. Go to the "Account Name" field and enter the hostname (usually the website name, i.e cityofmonash.com)
  6. Go to the "Host" field and enter the hostname (as above)
  7. Go to the "Login" field and enter your FTP username as setup in VHCS2 (ie (Aktiviere JavaScript, um die Email-Adresse zu sehen))
  8. Go to the "Password" field and enter your FTP password (please note this is case sensitive
  9. Click OK to save the account information and to close the dialog.
  10. Click on "Connect" to establish a connection.
  11. Click OK on the FireFTP pop-up and fireftp will connect to the FTP server

Once you have Connected, you will  find that the local files are on your left and the remote files on your right. You can click on a local file and press the arrow pointing to the right to upload a file to the server.

Similarly, you can click on a file on the right side and press the arrow pointing to the left to
download a file from the server to your computer.

Where should I publish the website content?

All website content files need to be placed in the htdocs directory or folder.

What filename should I use as the default page for my Website?

The web server will look for the following files when no page in the URL is provided.

index.html index.cgi index.pl index.php index.xhtml (all files are case sensitive)

What file permissions should I use?

The UNIX security model allows you to set different levels of access to a file for different groups of people. This allows you to let the web server modify a file via a CGI script, for instance, while preventing other users from having normal access to the file. There are three groups in terms of file access, and three different permission types they can receive.

File Permissions And Groups

The groups are:

  • User – the ‘user’ group consists only of the owner of the file (your account, in most cases)
  • Group – the ‘group’ group consists of the other users on the server — you can usually remove their permissions entirely if you think it is necessary
  • Other – the ‘other’ group consists of everyone else — most importantly, the web server falls into the ‘other’ category

The potential permissions are:

  • Read – the ‘read’ permission allows a user or program the ability to read the data in a file
  • Write – the ‘write’ permission allows a user or program the ability to write new data into a file, and to remove data from it
  • Execute – the ‘execute’ permission allows a user or program the ability to execute a file, if it is a program or a script

Setting Permissions

You can set permissions via FTP by right-clicking (clicking and holding for Mac users) on the file and select Properties in fireftp.

Most of your html files will do fine with a permission of 644 (Owner=Read+Write Group=Read Other=Read). Most script files will need a permission of 755 (Owner=Read+Write+Execute Group=Read+Execute Other=Read+Execute).

Can FireFTP resume downloads?

Yes it can. If you lose your connection, FireFTP will automatically try to reconnect and resume downloading. After this, you can resume a file just by trying to download it again. FireFTP will notice that you have a partial file already downloaded and will ask you whether you want to resume from where you left off click "Resume".

How do I rename a file/make a directory/delete files?

Right-click on the file lists. A context menu will appear showing the available functions you have, along with related keyboard shortcuts.

What is the "View on the Web" feature and what do you put in "Host" and "Prefix" for it to work?

The "View on the Web" feature is primarily designed for web developers so that they can preview images and webpages within FireFTP (using Firefox's latest Canvas technology). It can be found on the "Account Manager" dialog, under the Advanced tab.

If experiencing problems with your connection, follow these steps.

  • Do you have the latest versions of FireFTP and Firefox? The latest version can be found at http://fireftp.mozdev.org/
  • Are you behind a firewall? Try turning it off temporarily to see if it is the source of your problem. If so, you might have to configure your software to allow FireFTP to access the Internet.
  • Does your server allow only active mode? Try turning off "Passive Mode" in FireFTP under your account's configuration options. This is found on the "Account Manager" dialog, under the Connection tab.
  • Do you use a proxy? Try setting the proxy under Preferences in the Connections sub menu.
  • Have you been able to connect with other FTP clients? Please check to see if the problem is reproducible with other FTP clients.

This should allow your FTP client to establish a connection.