Your new web design or web development project is finished… or is it?
In a sense, maybe your web design or web redesign project is coming to a close. You’ve covered everything that is within scope, satisfied every need that was laid out in the project planning, web design quote, or purchase order. The end of project meeting answered all remaining questions, employees were trained on how to use and manage their new website, and it looks like you can call this a job well done and *finally!* launch your new corporate website.
From here, ideally, your new site will impress visitors, generate new leads, make sales, and yield much better search results. You finally have a site that is well-optimized for search by today’s standards, including being responsive/mobile-friendly. You even made sure to make it a secure (HTTPS/SSL) site.
Yep, your site is completely, at this very moment, modern and will serve you well for 2 to 5 years, until you need to completely replace it again, as business from the site begins to slow, and visitor counts dwindle…
and when that time comes, you may wonder…
“Our last web design is only a few years old, why is this happening?”
Here are some of the most common reasons a great website can fail over time:
Occasionally, when we are working on a new client’s website, whether that is redesign, minor changes to make it responsive/mobile-friendly, repairing a broken site, or moving it over to our hosting, we’ll run across a few previously-unknown issues. Actually we’ve come to expect this.
When people leave their old hosts or developers, there is usually a reason. We’ve had clients come to us with sites that were patched together to operate in substandard environments, and sites built on CMS that are no-longer supported – patched together over the years to operate in standard environments to the point where there is more patch than there is software.
We also tend to gain clients who want their site hosted someplace where their site is not one in a few hundred, or one in a few hundred-thousand sites hosted. They can’t afford for their site or email to go down, and to go a day without notice.
Sometimes we’re just liberating a client from a pointlessly expensive or otherwise problematic situation.
This is a story about in many, many site moves of this past year…. all of them interesting in their own way, but I took some extra time out to document this one…
Before the Big Move
Generally, if their site is not working – I’ll try to fix their site before migrating it over. I’ll at the very least update the software and run a security scan before downloading and exporting. In some cases, however, where the server/host is the problem, the site cannot be worked on in place.
How to be a Bad Web Host: Taking the “Control” out of “Control Panels”
A new client of ours had a website that had suddenly stopped working. When I took a look at the control panel, well… first thing I found was that I did not like the Host’s control panel – it was a proprietary mess, laid out horribly, very limited in functionality compared to most, and many of these functions did not work at all. Another thing I found was that the client’s files were still there and intact, just that PHP processing had been turned off for the entire site.
Typically, when a host just turns functionality off for a site, it is a pretty-good sign that the site has been hacked, or is otherwise misbehaving. Hosts will switch off/disable infected sites or sites that are causing issues with the server, but… one would hope that if they switched it off, they would have noted why. In this case they didn’t email the customer to tell them that they disabled this site, one the host was still billing for. I suppose making notes was also just too much work, because they apparently had no idea why it was turned off, and non-ceremoniously turned it back on.
By the time they managed this, I had already downloaded the site, and exported the database, but it was good to have the site working again while we went through the process of transferring the domain. When I ran into some problems with the domain administration in their control panel not working, I read up about the host. From there I knew was going to be a very and slow painful process… which it was. I think the former host’s only strategy for keeping customers is to make it very hard, near-impossible for customers to get away.
WITH ICANN, YOU CANN
Having mentioned my willingness to go through ICANN to make the switch happen, suddenly we had cooperation and the domain was unlocked. I still had to wait another 7 days for the former host to not contest the final transfer, because of course they were not going to use their energy to approve it – but that gave me a little time to set the site up in its future home.
By then, I had already created a new database, imported the tables, set up database users, set their permissions, pre-configured the domain pointing, and uploaded their site so that everything could be perfectly in place when the domain switched hands.
Watch Where You Put that WebSite – You Don’t Know Where it’s Been!
Since the hosted site was not working on the server when I downloaded the site and exported the database, and I hadn’t the chance to upgrade the software or run a security scan, I decided it might be good to look through some of the files before the site went live. Looking for possible backdoors is pretty important at this stage, because we definitely don’t want to bring those over to our server.
When doing this, hunting for back doors in-particular, one would think the easiest solution is to look for the most common signature: Base64_decode, but as you see below (what I found on the old site) – this is often scrambled like a sunday morning word jumble, strtolower is used to select characters from the jumbled letters in the first string into commands.
PHP Alphabet Soup
How this word jumble works is to use the help of the command ‘eval’, to make this:
With this in place, a bot or hacker, can send parameters through HTTP POST such as: n764b3b='ZWNobyAnMW9rMScuIlxuIjtleGl0Ow==', which becomes: base64_decode('ZWNobyAnMW9rMScuIlxuIjtleGl0Ow=='), which becomes: 'echo '1ok1'."n";exit;'
Now whoever has sent this command knows their exploit is in place, because instead of the page they are ‘visiting’ is a blank page that just says “1ok1”.
This allows them, and others know that they can send pretty much any command they please through your site. This can include writing new files, using your mail server, any number of things, but any number of these typically ends up in damaging your domain’s search reputation or your domain’s email reputation. In most cases I’ve found SEO Spam (mostly Pharma Hacks), Malicious Redirects, but in some cases I have found Malware Delivery Systems, Attack Site or Referrer Spam automations, Phishing Pages, and Email forms to send Spam by. Wordfence covers that list very well here.
Searching… Seek and Destroy!
When searching for more instances of this infection, you could do a search for the whole PHP script – but you’ll likely only find the one infected page that way, the one you are already viewing. There could be hundreds of infected files in root folders, upload folders, theme/template folders and many other places.
In some cases, the original word-scramble string changes order and often name and the order in the strtolower command changes accordingly, and there could be twenty to a hundred parameter names for the the hacker to use on your site. In others, the variable names change, or there are multiple parameters that can be passed to the site (a different script for each one).
There are ways through SSH to use commands such as ‘grep’ to seek and replace this section of code out with wildcards. It can be handy in a pinch, if your host allows you this level of access, and if you formulate your command very well. Otherwise: in one shot you could accidentally remove many important lines of code from many important files across your domain; You could also end up leaving snippets of code in place that also end up breaking the site. The linked example is a how-to on fixing an infected Drupal site, but the same technique could be used for just about any CMS. Of course if you have a WordPress site that is up and running, and can install Wordfence, that is one of the quickest ways to find and remove these infected files.
One downside to working on the site in place on the server, is that backdoors could be exploited while you are fixing the site. Missing just one could put you right back in the same place again weeks, days, minutes later. If you are using Wordfence – just do a new scan after you fix the infected files and you should be fine. If you are seeking out the files and changing them by hand, you should download the site and edit files locally. You can upload the fixed website in place of the infected one when done and know that no new files were infected while you were working.
When doing this, I tend to start by searching for ‘eval’ – it’ll bring up a number of false positives, because eval is fairly-commonly used, but it will also bring up all the infected files for this type of infection. Once you’ve found all these files, then look through those files and look for commonalities in the infection other than ‘eval’.
A Common Thread… or Rather String…
In this case, I found that all of the infected files did use two common string names: $s20, and $s21. Both are present in all instances, so I only needed to look for $s21 from here, and this filters out all of the false positives.
Above: Searching an entire folder with the “Find All” command (do not do “Replace All”). This will open all files infected. You don’t need an expensive WYSIWYG, but it is nice to have this one. Any open-source text editor with a Find/Replace function should do. If you are looking for an open-source WYSIWYG, such as Brackets, that should also do.
I found around 40 files that were infected, so I just opened them all and cut this line of code out by hand. If there were more of these, say hundreds (which I have found before) – I’d have put the site into a test/quarantine server, and used SSH to search and replace.
Of course when sites are in WordPress, there are a lot of shortcuts you can take when fixing by hand, which come down mostly to where the infections reside:
If the infected files are mostly in “uploads”, one can delete all the php files found in that folder and subfolder, and put a blank “index.php” file back into each folder. There is no reason php files should be in this place. Searching this folder on your mac or pc means just being able to highlight all the found php files and delete them.
If they are mostly in the wordpress install itself: Delete the admin and includes folder and upload new. Upload new versions of the files in the root folder. Delete any files in the root folder that do not belong (php files that were not replaced by the new wordpress files, excluding config.php). Check config.php for malicious code.
In the above: You’ve just saved yourself from searching the root, admin, and includes folder. This should leave only the wp-content folder, for which you’ve already taken care of the uploads. The upgrades folder should be empty, so only the themes folder remains.
Delete Themes. I tend to delete every theme I am not actively using. This means less themes to search for infections now, less themes in the future to keep updated, less themes to provide vulnerabilities to new/unknown exploits.
With those steps, you’ve saved yourself a lot of time searching through folders and files… but, if your WordPress site is hosted, and running, just install Wordfence and run the scan. You’ll save a lot of time now, and later.
Wrapping Things Up
If there were backdoors found on your site, there is a chance that the site could have been used for more than just running commands through. You’ve stopped them from getting in this way, but there can still be email forms and phishing pages, other remnants of the infection you’ll want to find and get rid of.
Don’t expect the created or last-modified dates on these files to be accurate – these can faked.
Your best bet is always being very familiar with whatever CMS you prefer to use – familiar enough to know how to wipe most files clean, replace them with new, and spot files that are out of place.
I choose to use WordPress in most cases because of my familiarity with it. I install, design, and manage a lot of WordPress sites – and have been doing this since its earliest versions.
In other cases, I often recommend managed CMS solutions where such security headaches are for the providers of the service (we build a lot of WordPress sites, but we use Hubspot for ours, and offer development and maintenance of Hubspot sites, as well as managing Inbound Marketing campaigns). There are by the month fees for these, but in many cases these can come with incredibly handy Marketing tools for the money, and save you the cost in time or money that occurs when your site is hacked.
Consider how You Might have been Hacked and Prevent It
Oftentimes, this could be as simple as having installed a plugin or a patch. Here are some tips to avoid that:
Download plugins only from respected sites that monitor for malware plugins.
Try to find plugins that have thousands of active users and are regularly updated.
Don’t add a patch you’ve found on the web unless you are sure of what it does and why, or at least make sure the site you found that patch on regularly monitors for people posting malicious code as fixes.
When it comes to Internet Marketing the phrase “Content is King” is tossed around quite often, but when it comes to Internet Marketing, and especially Search Engine Optimization, it is important to remember that only the right content, the most relevant content to connect your business to your potential customer should reign supreme.
In considering how to streamline your site to attract visitors who match your several-to-many buyer personas, and when optimizing your site so that search providers can point these visitors your way, it is necessary to realize that there is no way that one or even a handful of pages could ever manage to cover all of this. Trying to gear even a forty-page site toward even one target audience, when so many possible keywords and long-tailed keywords are needed, will surely only result in a loss of keyword saturation per-page and hurt your search engine optimization.
Other Advantages of Fresh Content over a Static Page Site:
Static pages, though essential later in the decision-making process, do not make for the sort of content potential customers crave when seeking solutions.
Search providers are also on the hunt for fresh content in order to direct their users to the most relevant and most up-to-date information.
Having a larger site, allows for more-specialized content, each page with its own content geared toward a smaller, more-precise sample of the larger target audience, with content geared more-specifically toward their needs.
Blogging is not only the best approach at White-Hat SEO, it is a great way to avoid the pitfalls of Black Hat SEO
In order to understand why that last bit is so incredibly-important, one must first know a little bit about both White Hat and Black Hat SEO.
What is White-Hat SEO and What is Black-Hat SEO?
Search engine algorithms are constantly changing, and sometimes staying on top of it all can seem daunting, but when you think this work from a point of view outside that of a marketer, developer, or site owner, it all becomes much, much more simple:
The goal of the search engine is to connect users with the most useful, most precise, most specifically-targeted content to fit their needs. Site owners can benefit from this in that those who visit their site are more likely to be doing so intentionally, in search of related products, services, or solutions. Visitors also benefit from information relevant to the problem they are seeking to solve. These people may become return visitors or even customers, especially if they are brought to the correct page of the site to begin with, which is another important part of your site’s relationship with search providers.
Ideally, these visitors will land on that perfect page to encourage them to stay and read. If that content is informative and interesting, that content likely to be shared or bookmarked as a part of the visitor’s decision-making process. If that content does not offer valuable information, and does not give the visitor any feeling that they may be in the right place, the visitor will often return to the search provider and try other search results. You may never see them again, even if they were looking for services you offer.
Like visitors, search engines pick up on these things too. Search providers’ algorithms are streamlined more and more every day to help their users find what they are looking for, and avoid sites or pages that misrepresent or fail to represent what they have to offer. This is why you need to learn how to recognize and avoid Black-Hat SEO tactics.
Some Signs of White-Hat SEO
You are looking to bring the right visitors to your site, which are visitors who have problems or needs that you can solve.
You are seeking to reward their visit with information valuable to their decision-making process.
You use accurate keywords in your content’s description, title, and url.
Keywords can be easily found within the visible content of your page, and make sense in their context, because they are an actual part of the content.
Inbound links come from satisfied visitors, leaders in your industry, or magazines and blogs related to your industry.
A Few Signs of Black-Hat SEO
Keywords are repeated over and over in the content, to the point of making the content difficult to follow or unpleasant to read.
Keywords are in content that is hidden, where it serves no use to the visitor at all.
Inbound links are from pay-by-link sites, comments on blogs, pages/sites that serve no purpose other than to provide indexes of junk links.
Image alt tags are not worded to inform the reader, who may be sightless or may be a search crawler, what the image actually contains.
Content is duplicated from elsewhere, or copied and reworded to seem like unique content.
Black-Hat SEO is very-easily recognized if you think of it: Black Hat SEO is any approach that seeks to trick or manipulate search providers.
White-Hat SEO is just as easy to sum up: White Hat SEO is about creating great content in order reward the right visitors, and minimize bounce rates.
Bounce rates help no one. High bounce rates will only serve to make your marketing a more frustrating process, and prevent you from fine-tuning your marketing machine to reward the ideal visitor for finding your site.
Good SEO, and a good inbound marketing strategy is all about quality links from search engines leading to quality content specialized for quality leads. Quality *and* quantity are essential toward good keyword saturation because good keyword saturation is no-longer just about a page or a post, but the entire content of a site or domain. Site-wide keyword saturation *and* content keyword saturation work together to bring a visitor to the right page of the right site.
Diagram: How to annoy with alt tags
Blogging and Site-Wide Keyword Density / Keyword Saturation
Blogging is most beneficial from an SEO standpoint, not just in garnering shares and other relevant inbound-links to expand your authority, but in adding to the overall keyword density of your site. Adding to the keyword density of the site as a whole is much more effective than filling individual pages or posts with keywords. New posts also expand the site with fresh, unique content to be indexed, which search engines love.
If your site has 2000 original posts, and 1750 of those posts are somewhat-related to gardening equipment, your post on selecting the right tiller has a good chance of ranking well. If it is useful enough to be shared by a few individuals, it will rank even higher.
The Value of Unique Content
I stress original because unique content is very valuable to your SEO, but shared or duplicated content can have the opposite effect, and serves mostly to give authority to the website(s) of the originating source(s).
Have you ever searched for information and only found the same point of view over and over again in near-identical wording over a few hundred websites? Frustrating, isn’t it? In order to eliminate this frustration, those sites that are sharing information, white papers, and other content provided to them, are far less-likely to get good search placement. – and reword as you will, it will likely be recognized as duplicate content. Doing this only serves to boost the search authority of the originator. Sharing, in moderation can be beneficial to your site’s overall keyword density, if you don’t overdo it, and remember to only share content that has value for your visitors.
Unique content through blogging (and blogging regularly) will allow you to have focused, targeted information on your site for the many individuals that make up your many prospective customers and will allow you to boost the authority of your site for all of those individuals as a whole.
Blogging has become the most essential on-site tool for inbound marketing, and is a must for anyone whose business model depends on being found through search providers.
If you are interested in our services for blogging, articles, news releases, advertorials, other content services or custom-building a CMS/COS for your web site, please don’t hesitate to give us a call at 513.961.1174 or contact us through our contact page.
How do ad words work? They work by displaying your ad in response to visitors searching on specific keywords.
We break up a product offering into ad groups which focus on general product category keyword groups.
A typical average bid would be $2. If it’s higher, we review whether the click results in the visitor going to your “Contact Us” page, spends more time than average on your site (2 minutes) or looked at more than the average number of pages (3 pages). For keywords that result in higher site interaction, we are willing to pay more, up to around $3 per click.
(This week’s guest post is from Scott Costa, Publisher, tED magazine. We weren’t able to go to AdVenture this year but it’s the best industrial marketing conference for the electrical manufacturing and distribution industry. Our Creative Guide is from a presentation we gave at 2004’s conference. We just got the 8-19-2016 NAED eNews with this article featured.)
The 2016 NAED AdVenture Conference brought together about 140 marketing professionals in the same room.
Lohre & Associates, Inc. is an Industrial Marketing Company, serving local companies and in business since 1934. We know industrial businesses, and we offer quality in-person service for Cincinnati-area industrial businesses.
Lohre Cincinnati Industrial NewsletterTips, Pointers, and News for Cincinnati-Area Industrial Leaders
Subscribe to our newsletter for news related to Industrial Machinery and Manufacturing for the Greater Cincinnati area. Offerings include marketing and advertising tips and pointers and well news about industrial companies in our area.