Summer 2018 Website Changes

Posted on by

Share Button

The summer of 2018 is shaping up to have a lot of changes that impact website owners. In short order they are:

  • European Union’s new GDPR privacy policy which affects everyone worldwide
  • Chrome’s July release which will flag any site not using an SSL as “not secure”
  • Google’s July rollout of speed as an increased ranking factor
  • Google’s mobile-first indexing and preference for mobile-friendly pages

Read More

Share Button

How to build your privacy policy and stop breaking the law

Posted on by

Share Button

Here’s something most people don’t know: if you don’t have a privacy policy then you’re probably breaking the law and violating the terms of service of your analytics provider (like Google). Read More

Share Button

New GDPR law and what it means for website owners

Posted on by

Share Button

The European Union has a new privacy law, the GDPR, which goes into effect in May 2018, and unlike previous laws, these are extra-territorial. That means the new privacy law applies to countries outside of the EU. We’ve put together a breakdown of what it means for you as a website owner.

Read More

Share Button

How to Post an Announcement to Your Website in Under 5 Minutes

Posted on by

Example of Announcement Display with QuickieBar
Share Button

Lots of business websites need to post a quick announcement. Maybe you’re closing for a holiday, maybe a major storm is causing problems, or maybe you’ve got a limited time special to announce. Whatever the reason, we get a lot of requests to add a simple announcement to websites.

So here’s a simple and fast way to add an announcement to your WordPress website.

Read More

Share Button

5 Ways to Tell if Your Domain is Ready for the Holidays

Posted on by

Share Button

Did you know that most website owners have never actually checked a blacklist for their domain? And many people only find out that they have a problem when a helpful customer points it out to them. Wouldn’t you rather find out before your customers tell you?

Here are 5 steps to check your domain and website for health.

Read More

Share Button

Email Types & How to Actually Get Your Email Delivered

Posted on by

Share Button

Maybe it’s happened to you, one day your email is working fine and the next it’s not. You didn’t do anything, so how did your website suddenly go from reliably sending email to not. I’m regularly asked this question.

Trust me, I’d love to wave a magic wand and get rid of all your email woes. Unfortunately, I can’t.

The issue is that for your emails to get delivered they have to interact with literally hundreds of servers and thousands of filters.

And to add more complexity, these filters change literally every day. This is why things can suddenly stop working. They suddenly stop working because the filters changed.

Prefer to watch this article as a video? I’ve got you covered:

Why is it so hard to get email past filters?

Because of spammers.

Every year spammers get better at getting through spam filters, so the spam filters, in turn, get tougher for everyone to get through. This is why approaches that worked in the past to deliver email suddenly stop working.

The top spam filters are updated constantly and are personalized to each account based on that account’s behaviors. This is why you may reach some people at a domain but not others.

Personal email providers like @gmail, @yahoo, @aol, etc all make it much harder to get past their filters. Additionally, the owners of these personal accounts are usually clueless about how filters work.

How does email get from sender to recipient?

Let’s talk about the journey of a typical email (simplified some):

  • An email is created and sent (by a person, by an app, by a website, etc).
  • The email looks on the internet look for the recipient’s server.
  • It hopefully finds the recipient server and delivers the email to there.
  • The recipient server is a lot like a mail room. A piece of mail arrives and has to be sorted before delivery to a final destination.
  • The recipient server looks at all of the sorting rules and decides where to deliver it. This could spam folder, person’s inbox, or elsewhere.
  • In the email world, these sorting rules are frequently called filters.

How email filters work

Most email server’s filters (or sorting rules) are constantly changing. Literally, with almost every single email that they receive and how the account holder treats that email.

Account holders who don’t understand filters can easily take actions which have unintended consequences. For example, if they delete the first two emails you ever send them, that tells the filter you don’t want to read emails from that sender.

What are the possible things a filter can do with your email?

  • Deliver it to the inbox
  • Put it into a folder (Gmail Promotions)
  • Put it into Spam
  • Put it into Spam Quarantine
  • Delete it
  • Bounce it
  • Forward it somewhere else (yes, you then go through the whole process all over again)

Email filters have become increasingly complex and also increasingly stubborn. They generally learn to treat something as spam much easier than to treat something as desired.

Once an email filter starts to dislike an address, it will usually dislike everything from that address. Once they get in a habit, they are very hard to break of that habit (personal email providers like @gmail, @yahoo, @aol, etc are the most difficult).

This is why it’s a good idea to have different email addresses for different purposes. Many businesses will have a website address for just website related emails, a marketing address, a billing address, a general inquiry address, etc.

Getting past the filters: types of email

There are basically 3 types of email:

  • Marketing: Items like email newsletters where one person is sending to many. These may be automated through email newsletter provider.
  • Transactional: Automated emails, typically from a website or app. Where the website is sending to just one person. This is emails such as thank you for filling out a form, purchase receipt from eCommerce.
  • Direct: These are the emails that one person sends to specific people. For example, most of your business correspondence, emails between coworkers, questions from customers.

How do I get my email delivered to the inbox?

Marketing:

  • Have a dedicated email address for marketing, so if the filters decide it is spam, your other messages may get through still. Some companies take this a step further and use a separate domain for marketing only emails.
  • Use an email newsletter provider and make sure it’s connected to a real domain address (not @gmail, @yahoo, etc). Make sure to read the newsletter provider’s guidelines on maximizing deliverability.
  • Avoid known spam words in your emails: bit.ly/emailspamwords

Transactional:

  • Have a dedicated email address (same domain as your website)
  • Don’t use built-in mail() function (this is the default on most servers)
  • Make sure your email is authenticated (via OAuth or SMTP)
  • Use a delivery service (MailGun, SendGrid, SendinBlue, etc) – delivery services are basically an alternate way to get your email there. Delivery services act very similarly to how a courier service works in the real world for delivering physical mail.

Direct:

  • Don’t send marketing emails from the addresses you use for direct email.
  • Make sure you are sending them through an email client (not a third party service).
  • Don’t include lots of links (even 3 links can be a sign of spam)
  • Don’t include large attachments (use wetransfer.com for large attachments)

Some additional items for ALL email types – these are technical items and you should contact your email hosting provider or a developer for help with them. I don’t expect most website owners to have any idea what these are, and you don’t need to know.

Just know that they are important for your email delivery:

  • Make sure you have a DKIM record
  • Make sure you have an SPF record
  • Make sure you have an rDNS

Some additional items for ALL email types – these are non-technical items you can check yourself, and you should check every couple months:

  • Use mxtoolbox.com to check if your domain has any blacklists
  • Check your reputation on https://sitecheck.sucuri.net
  • Check your reputation on https://www.mcafee.com/threat-intelligence/domain/popular.aspx and check website with URL scanner
  • Check your reputation with http://www.brightcloud.com/tools/url-ip-lookup.php
  • Check your Google Search Console for any notices

Any other tips?

When someone signs up for something on your website (such as an email list subscription), make sure to give them a thank you message telling them to check their spam folder if they don’t see an email within a few minutes.

This might be the first email they are receiving from you, it may end up in spam. If they remove it from spam, that tells their inbox that they like this email.

It can take a couple of spam removals to train an inbox to like something (filters can be stubborn, especially those on personal accounts).

What about “white-listing”?

You may see a number of emails that ask you to “white-list” a particular email address or domain.

White-listing is basically telling your email service that you want to skip all spam checks on an email from the address and always deliver it to the inbox.

This is a great tool for getting emails into an inbox.

Unfortunately, very few people actually know how to white-list. Since so few people actually know how to white-list, this generally is useless and just creates more confusion with already confused people.

Key Takeaways

  • Every year email delivery gets harder.
  • What worked in the past may not work in the future.
  • There are three types of email: marketing, transactional, personal/direct.
  • Each email type should be handled differently for deliverability.
  • It’s important to check your domain’s black-list status and reputation regularly.
  • It’s always easier to get something marked as spam than to get it marked as not spam.

 

Share Button

7 Reasons Why You Can’t Get a Good Google PageSpeed Score

Posted on by

Share Button

You’ve all heard that Google factors their PageSpeed score algorithm into rankings. But, you just haven’t been able to score well on it. So what are the reasons that you score poorly, and what can you do about it?

1. You don’t understand what Google wants you to do

Google gives you a bunch of recommendations. But, if you aren’t well versed in techie speak, they are basically a foreign language.

Let’s start with the headings:

  • Possible Optimizations – this is where Google says you could, in theory, improve. Possibly.
  • Optimizations Found – this is what you’ve already done right and Google is happy with. Good job!

Here are a sample site’s PageSpeed results. You’ll see these two sections. Possible optimizations are on top with a list of 4 items. Optimizations found is lower on the page with the details hidden. Since you don’t need to improve items that are already optimized, those results are hidden.

The last item on the page is the Download optimized image, JavaScript, and CSS resources for this page. That gives you the ability to download already optimized files.

results of google pagespeed test

On the possible optimizations, if you click on Show how to fix, then it will expand and show you the details of the complaints. Below you can see that the images loaded from external twitter feed could be compressed.

optimize images recommendation expanded

If you’re on WordPress and you’d like your PageSpeed & YSlow results explained to you with actionable things you can do, you can Get a WordPress Speed Audit.

2. Your images are huge

Images are the most common reason for low PageSpeed scores. On most sites images account for more than 50% of the downloaded content, so you can get some really big wins by optimizing your images.

As a general rule: most images on your website should be under 100KB. Large full-size backgrounds will frequently be larger than this, but definitely, keep all images under 500KB.

You’ll know if your images are bigger than they need to be if you see Optimize images.

Here Google is thoughtful, they give you the ability to download the already optimized images at the bottom of the PageSpeed report. Then all you have to do is upload those images to replace the ones on your site.

If you are using WordPress, WP Smush is a great plugin. It also includes the ability to automatically resize your images as well as compress them. If you have multiple people contributing to your site and they do not resize and compress their images before uploading, this plugin can save you a ton of grief and significantly speed up your site.

Note: if you have a social media feed displayed on your website, then likely every image in the feed will be complained about. Some methods of displaying feeds allow you to remove images from displaying.

3. Internal vs external resources

There are two types of resources that a page can load, internal and external.

  • Internal resources – these are resources on your own site that you have control over.
  • External resources – these are resources that you load from elsewhere on the internet and have no control over.

These resources will most commonly show up in the Eliminate render-blocking JavaScript and CSS in above-the-fold content and Leverage browser caching.

Here’s what you can do about render blocking resources:

  • Internal resources you can frequently combine into one by just downloading the optimized JavaScript and CSS files at the bottom of the PageSpeed report. Or, if you have a CMS like WordPress, use a plugin like Autoptimize to handle combining items for you. Some resources when combined may stop working though, so make sure that your changes are reversible.
  • External resources you may be able to make internal. If you are loading fonts from the web, you can frequently load them from your own server instead.
  • Some internal resources you can remove from loading. Themes or plugins on your site may load resources they don’t actually need because you aren’t using that feature. So, you can add some code to your site to specifically prevent those resources from being loaded.
  • Some resources you can replace with something else that requires fewer things to be loaded.
  • Other resources there may be nothing you can do about. If you need the external resources and can’t substitute anything, then you’re stuck.

Here’s what you can do about browser caching:

  • Add some code to your .htaccess file or contact your hosting company about enabling browser caching for internal resources.
  • Nothing you can do about external resources and browser caching.

Resources can be a bit confusing, so if you’d like some help, you can Get a WordPress Speed Audit.

4. Minify your HTML, CSS, and JavaScript

Minify is pretty much what it sounds like, making something smaller. This is done by removing extra stuff in the file. This extra stuff is generally tabs, spaces, and new lines. You know, all of the stuff that makes it easy for a human to read but it’s really important for a computer.

There are three basic types of things you can make smaller: HTML; CSS; and JavaScript. In an ideal world, you would send no more than one of each of these file types, and they would each be minified.

We don’t live in an ideal world.

Most sites have a lot of these files that get loaded. But, you can frequently combine a number of them together to make them smaller, and you can almost always remove the extra stuff.

If you are using WordPress, Autoptimize is a very good plugin for this. Most sites can use HTML & CSS minify without any problems. Whether or not JS minify works depends on exactly what plugins and themes you are using.

5. Compress with gzip

If you’ve ever compressed a file on your computer, you know that the compressed file takes up less space than the original one. The same principle applies on the web, compressed data takes up less space. And when you can make something smaller, it transfers faster.

So, what they want here is for you to turn on compression on your web server so that it can make the files smaller and then the smaller files will transfer faster. This means people visiting your website get the files faster, and are happier.

This one is typically a very easy win. On most web servers you can enable gzip compression with a small addition to your .htaccess file or by contacting your hosting support.

6. Avoid redirects & prioritize content

Redirects are pretty simple. They are a lot like a scavenger hunt. You go to a location and it sends you to another location. The more intermediate locations you have to visit, the longer it takes to get to your final destination.

So, if you see the avoid landing page redirects complaint, it means that visitors are having to go on a scavenger hunt to get to their final destination. This takes longer.

Generally, you can fix this one just by entering the correct final destination into the PageSpeed tool. If that doesn’t work, then there is likely something such as an A/B split test happening which is causing redirects.

Prioritize visible content is about the “above the fold” content of your page. Basically, they want the above the fold content to load quickly and with very few resources needed. If you are seeing this one come up, it’s likely because you need to load a lot of data above the fold, or because your design or theme requires a number of extra resources like CSS and JS.

7.  Your server is slow

If you are seeing Reduce server response time than Google wants you to reduce your server response time to under 200ms.

  • Optimize your database – most content management systems use a database, and over time that database can become bloated. It’s a good idea to regularly use a database optimization tool to clean up the bloat.
  • Cache, cache, cache – caching pages on your server pre-builds the page. This means that when someone requests it, the server delivers the pre-built page. That’s a lot less work for the server, so the server can fulfill the request and respond with an answer much faster.
  • Move to better hosting – let’s face it, some hosting providers are just crappy. Low quality, slow servers with a slow connection to those servers. That means even with a very lean site, you can’t get a fast response. A quick way to test if your server is just crap is to run a speed test on a simple HTML or txt file on the server. If that’s slow, then you need to move hosts. You can also do a whois lookup on your domain and see how many other sites are also on your server. The more sites on your server, the slower it is likely to be.

Want your site’s PageSpeed interpreted?

If you’re on WordPress and you’d like your PageSpeed & YSlow results explained to you with actionable things you can do, you can Get a WordPress Speed Audit.

Share Button

Chrome Browser to Flag non-HTTPS Sites as Insecure

Posted on by

Share Button

Chrome version 56 which is scheduled for release in January 2017 will be announcing to the world whenever it visits a webpage that transmits password or credit card information insecurely.  So what does that mean for you?

It means if you allow people to log into your website or you collect credit card information, you need to get an SSL certificate before that change goes into effect.

Here’s what the change is going to look like:

Google had previously announced in 2014 that HTTPS (SSL secured HTTP connections) was a minor ranking factor in search engine results.

For now it’s only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Back then in 2014, we were only recommending getting an SSL if you were accepting credit cards on your website because the rankings affected less than 1% of sites. However, with this new push to

However, with this new push by Google’s Chrome to start flagging sites as insecure, we are now strongly recommending anyone who has visitors logging in and anyone who does eCommerce to get an SSL certificate by January. 

Many of the WordPress managed hosting companies like Flywheel and WP Engine are providing free SSL certificates from Let’s Encrypt to their users. So we recommend anyone on those services to go ahead and get a certificate now, as it’s just a matter of time until Chrome starts to flag all websites with any form fields as insecure.

I expect other hosting companies to start coming out with free SSL certificates from Let’s Encrypt or to start including SSL certificates in their hosting plans soon. In fact, WordPress has announced that they will start to only promote hosting companies which include SSL certificates.

How do you get an SSL certificate for an HTTPS connection?

If you are using a hosting company like Flywheel or WP Engine which is offering the free Let’s Encrypt certificates it is extremely easy. Here are some screen shots of just how easy it is as Flywheel:

First, go to Add-ons and click on “Add SSL”. Then leave the Simple SSL selected and click on Configure SSL.

lets-encrypt-ssl

Then enter your information and click on “Complete SSL Setup”.

lets-encrypt-ssl-2

Once the form is completed, I see most certificates ready to use in about 5 minutes. After you have gotten your certificate, go to the advanced options and turn on Force SSL. Force SSL sends all requests coming in as HTTP to HTTPS.

force-ssl

Now check that your site is properly delivering HTTPS.

To do so, enter your URL into Why No Padlock. If everything is properly setup, you’ll see a list of green check marks indicating that everything is good.

why-no-padlock-results

If you see red error messages, then there are some items on your website which are being called insecurely and you’ll need to find and fix these. How to fix those errors will depend on the details of your website — you should contact a qualified web developer to assist you.

How to get a paid SSL certificate

If you need a wildcard SSL (an SSL which applies to more than one URL) or your hosting company doesn’t offer free Let’s Encrypt SSLs, you will need to purchase an SSL certificate.

If your hosting company offers SSLs, it is frequently less hassle to just get your SSL from them. If not, you may need to purchase an SSL elsewhere, such as your registrar.

I’ve purchased SSL from various sources before and have received vastly varied processes. For example, SSL certificates from GoDaddy normally issue in 1-2 hours, whereas when purchasing an SSL from Network Solutions it took over a week.

Your hosting company may also have other requirements when installing an SSL — for example, many low cost shared hosting plans do not even allow SSLs to be installed. You need to upgrade your plan and/or purchase add-ons before the company will even allow an SSL to be installed.

The typical cost for a basic SSL is $40-$100 depending on where you purchase it. This is normally a yearly fee. If you need a wildcard SSL, it will cost more.

You also need to keep an eye on your certificate once you have it.

If your certificate is not setup to auto-renew or your certificate is not through your hosting company then when the certificate expires you may suddenly get a lot of flags on your website about the site being insecure. Many browsers are now displaying large warning notices if an SSL certificate expires.

What if I don’t get an SSL now?

If your website doesn’t upgrade to an SSL now and it does accept passwords or credit cards, you’ll be losing business in January when the Chrome update rolls out. People are getting far more cautious about internet security and leaving sites to never return if their browser gives them a warning.

If you don’t have any password or credit card fields on your website, you can hold off for now but you’ll need to keep an eye out for future updates from Google to start flagging more sites for being insecure. Google is making a very strong push to make the entire internet over HTTPS and it’s just a question of when the next update will come out.

Share Button

A/B Testing with Google Experiments on WordPress

Posted on by

Share Button

A/B testing is getting more and more popular, but typically in order to do so you had to add plugins to your site or use third party services. Now with Google Experiments, Google has integrated A/B testing right into their Analytics platform. What that means is you can easily test variations of your pages and have let Google use the data from your website to determine the winner.

Read More

Share Button

How to Perform 301 Redirects on WordPress

Posted on by

Share Button

You’ve been told by countless SEO guides & Webmaster Tools that if you move a URL you need to use a 301 redirect. But they usually don’t tell you what exactly it is or how to do it. This article will cover the what and how for 301 redirects on WordPress.

Read More

Share Button