-
Recent Posts
Recent Comments
Archives
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- March 2011
- November 2010
Categories
Meta
Tag Archives: business
You Asked: Top 10 Questions about SEO from our webinar
The post You Asked: Top 10 Questions about SEO from our webinar appeared first on HostGator Blog . When you think about Search Engine Optimization, you probably think about how to increase your website’s ranking in Google. While that’s correct, it’s not as simple as it may sound, and there’s a lot that goes into the practice of SEO. HostGator offered a free webinar about the 5 Steps to SEO Success to help website owners get started with optimizing their website for search. We focused on on-page SEO and covered the following steps: Implement keyword research Set up metadata on all pages Create quality content Format URL structure and links Use schema, if appropriate Missed the webinar? No worries. Check out the recording below. Here are the top 10 questions about SEO that our webinar attendees asked. 1. Once you have a website, what is the #1 thing you should do to immediately increase your rankings? The easiest thing you can do to quickly impact your search results and rankings is to register your business with Google My Business. Google My Business is the official business profile listing from Google that integrates with Google Maps and Google search. GMB is Google’s way of allowing you to control what shows up in search by giving you the space to provide as much information as possible about your business. You’ll want to make sure that your Google My Business listing is accurate and matches all your listings online. 2. I don’t have a physical address or storefront. Do I still need a Google My Business account? Yes! If you want to be found online you should definitely have a Google My Business account even if you don’t have a physical address or storefront. In fact, when you set up your Google My Business account, you can note your business as a “ service area business ,” meaning you serve a certain cities or zip codes. When you set up your account, one of the first questions will be ‘do you have an address where customers can visit you?’ Follow these prompts to indicate that you do not have a physical location. If you already have a Google My Business account, you can edit your physical location from the dashboard. You will see that “service area” and “storefront address” can now be edited separately. 3. How important are sitemaps? Do I need one? Sitemaps help Google identify and crawl all of your site’s pages and URLs. Without a sitemap, Google might not be able to index all of your pages – meaning you could be missing out on a lot of organic traffic. A lot of CMSs automatically generate sitemaps; or if you use the Yoast plugin for WordPress, it will create your sitemap for you. Manually creating a sitemap is a fairly intensive process, especially if you have a lot of pages. So if your CMS has the functionality to create a sitemap for you, take advantage of it! It’s important to note that when SEO’s refer to “sitemaps” we’re typically referring to sitemap.xml not HTML sitemaps that you might find front-of-site. 4. How important are good Google reviews for SEO? Google reviews are important for SEO! Essentially, Google reviews show Google that your business is real and that people have interacted with it. Additionally, reviews frequently contain relevant keywords which add to Google’s understanding of your business. The more context you can provide to Google about your business, the better. 5. For SEO purposes, is it more important to update existing content or create new content? This is a great question and one that we debate at HostGator as well! You should do both! As content gets old, it may no longer be relevant, which then causes it to not rank well anymore (don’t forget, you want your content to be timely!) For example, an article about ‘top web design tips of 2015’ only holds value during 2015 because people always want the most current tips. To improve your rankings of that article, you should update the content to make it more evergreen and relevant to your readers no matter when they find the article. Updating older posts is great because they typically have more SEO value, since they have been indexed longer and have more backlinks. If you do have to delete a post or page however, you’ll want to do a 301 redirect to a new, highly-relevant article. A 301 redirect indicates to Google that the page has permanently moved and allows you to pass 90-95% of SEO value from the original article to the new one. 301 redirects allow you to both maintain your rankings and update your content. If you can, we recommend that you publish new articles on a regular basis to indicate to Google that your website is current, relevant, and active. 6. How many keywords should I have? And where do I put them? The number of keywords you need is really dependent on your business. You should have a mix of both long-tail keywords (phrases or questions that are fairly specific) and head terms (general keywords with high search volume). For HostGator, our head terms include our products, such as web hosting and shared hosting, while our long-tail keywords include phrases like what is web hosting, how expensive is web hosting, and how to keep my website secure. If you are a local business, be sure to include the city or state in your keywords to target people in your area. We covered keyword research in detail during the webinar – go back and watch from minute mark 7:05-12:45. As a reminder, you can target three to five keywords on any given page and the biggest tip we can offer is this – use your keywords naturally. Finally, think about keywords like topics. Don’t just “say” them, talk about them. Write as much as you know about the topic and make the conversation natural. 7. How do I get backlinks? Essentially, a backlink is when another website links to yours. The absolute best way to get backlinks is to develop quality content, like blog articles, and wait for other websites to link to your articles. If your content is helpful and original, this should happen naturally. If you want to take a more proactive approach to building backlinks, you can find a website that might find your information helpful for their readers and actually ask them to link to it. If you are a local business, you can consider partnering with another business on a promotion and exchanging links in return. Think of this like networking in real life – meet people who have similar interests and ask them to link to your articles, specifically if the content is helpful for their readers. 8. What are the best SEO plugins for WordPress? Yoast is well-known as the best SEO plugin for WordPress. With a few short configurations, Yoast will manage your metadata, canonicals, sitemaps and your robots.txt. While Yoast automatically selects certain configurations for you, you also have the ability to fully customize your selections. Check out this article for eight more awesome SEO plugins for WordPress . 9. If I’m working with a contractor for SEO, what questions should I be asking my SEO person each month? I always want to see metrics. While it’s important to note that SEO changes usually take a long time to see results, there are still analytics your SEO contractor could be sharing with you. Things you might be interested in seeing are: Month over month, or year over year keyword changes The number of keywords you have ranking on pages one and two Organic traffic, transactions and revenue Top organic landing pages Chances are that your SEO contractor is already pulling this information to guide their strategy, so it shouldn’t be too much effort to share that information with you. You and your SEO contractor should also be monitoring your competitors and any changes they may be making to their sites that could impact their rankings and therefore affect your organic traffic. 10. Are SSL certificates important to being found on Google? An SSL certificate is very important for a few reasons! To provide context, an SSL certificate prevents a “middle man” from stealing information as it is passed through to your website. This is especially helpful for eCommerce websites where customers are entering their credit card information. Even if you don’t have an online store, an SSl certificate can protect the contact forms on your website. SSL certificates are also essential for ranking highly in the SERPs. For many years Google has indicated that the presence of an SSL certificate will help your site rankings. Google further proved this statement in July 2018 when Google Chrome started flagging websites without SSL certificates; as of last summer, website visitors started receiving notifications when they visited a site without an SSL certificate. Obviously when visitors see this alert, they will quickly leave your website, which will increase your bounce rate and decrease your rankings. Luckily, HostGator offers free SSL certificates with all hosting plans . Follow the steps to set yours up today! Want to learn more about SEO? Check out our SEO blog articles or download our free ebook , the Beginner’s Guide to SEO. Find the post on the HostGator Blog Continue reading
Posted in HostGator, Hosting, VodaHost
Tagged business, chrome, city, credit, organic, rankings, search-engine, seo, seo marketing, web hosting, webinar
Comments Off on You Asked: Top 10 Questions about SEO from our webinar
How to Find Your Side Hustle
The post How to Find Your Side Hustle appeared first on HostGator Blog . Did you know that over 44 million Americans already have a side hustle, according to CNN Money? Something that’s also worth mentioning? 36% of those side hustles are bringing in at least $500 extra dollars a month. Owning and operating your own independent business, apart from your full-time job, is a great way to hone your skills, make some extra cash, and build a business that could end up replacing your full-time income. 5 Steps to Finding Your Side Hustle With a multitude of side hustle opportunities out there, how do you decide which one is perfect for you? Here is a checklist to help you get started. 1. Find your why You’ve heard the idea of “finding your why” from thought leaders like Tony Robbins and Simon Sinek. If not, the basic idea is once you know why you are doing something, it’s possible to accomplish your goals. Here is a relatable example. It’s January 1st and you are going to get in shape this year. After all, that’s what people resolve to do, right? You go to the gym every day until January 12th. Then, your interest and motivation start to stagger, until you find you haven’t been to the gym in weeks, and finally, you don’t really care. If this is you, you’re not alone. Only 8% of people actually accomplish their New Year’s Resolutions, according to research by the University of Scranton. The reason? It’s safe to say it’s because these goal setters don’t have a defined why, or an underlying motivating reason to keep going when the going gets tough. Starting a side hustle may be one of your greatest desires, but to be successful, it’s important to determine your ultimate why. Is it because you want to pay off consumer debt that is eating at you every day? Do you want to transition from your full-time job to doing what you really love? Do you want extra cash for luxury vacations instead of staying in yucky hostels? Dig deep to determine whatever deeply motivates you, write it on a big poster board, and mount it on your wall. When things get hard, look at your poster and you will remember exactly why you made this goal of starting a side business in the first place. 2. Find your element Now that you know why you want to start a side hustle, it’s time to find some feasible options of what you might do. There are several options for a side business, but not all of them are for you. Some side hustles may bring in more money, but if you have zero interest, then it’s not a good fit. Similarly, you may be interested in a certain type of business, but if you lack talent, it also might not be a smart way to spend your extra time in a day. In the book Finding Your Element: How to Discover Your Talents and Passions and Transform Your Life by Ken Robbins, he talks about the magic space that is your element. In short, your element is the place where your passions and your talents meet. To find the perfect side hustle, you need to find your element. Do this by brainstorming all of your talents and all of your passions. When you find a job that caters to both your talents and your passions, you’ve found your element. For example, you may love jewelry, but if you don’t have an artistic eye, an Etsy custom jewelry shop is not your element. However, let’s say you could spend all day writing, you know a ton about content marketing and everyone tells you how much they enjoy your articles. There you have it. Freelance writing or blogging might be your element, and a good starting point for finding your perfect side hustle. 3. Evaluate how much time you have Another factor in finding the right side hustle is to get a realistic hold on how much extra time you actually have. Everyone has 24 hours a day, but not everyone has the same responsibilities and priorities. How much time you have will provide valuable insight into what type of business you can start. The best way to find out how much time you have is to spend a week or two tracking your schedule. Here are some questions to consider when tracking your schedule: When do you wake up? Could you wake up earlier? How much time in the morning do you need to dedicate to your physical health, mental health, and family? Do you have any down time during the day? How are you currently spending that time? What time do you get off work? How long does it take you to get home? When do you settle down for the evening and start engaging in “me time?” How do you spend your “me time?” Are you spending any time on activities that don’t bring you joy or invigorate you (hello…Netflix browsing)? What time do you go to bed? Could you push bed time one hour later? Once you know how much time you have, it will be easier to pick a side hustle that works within your schedule. 4. Do your research up front The last thing you want to do is pick a side hustle, register your business, get started and then find out months down the road there is a better option for you. Before getting started, take the time to learn about every side hustle option that is available. Start out by reading blogs about different types of side hustles and using Google for additional research. There are also several side hustle resources that will provide insight into what side hustles are out there. Here are 3 favorites to help you get started: Side Hustle School – Side Hustle School provides daily podcast, in-person workshops, and a book to help you develop a successful side hustle. Side Hustle Nation – Side Hustle Nation is a podcast and blog filled with advice on hustle business ideas, how to get started, and how to build your business. Ryan Robinson – Ryan Robinson is the king of side hustle advice. He offers excellent guidance, resources, and tips. Once you have a good idea of what side hustle businesses are out there, you’ll be able to make the right choice from the get-go. 5. Research income potential This step brings the process full circle. In other words, it brings you back to your why. If your ultimate why is to pay off $2000 of credit card debt, you can opt for a side hustle that is more enjoyable but pays less (e.g. dog walking, rideshare driving, etc.). If your ultimate why is to replace your full-time income, then you need a side hustle that brings in more money (e.g. affiliate marketing, freelance design, blogging, etc.) The resources listed above will not only help you understand what side hustle options are available, but also how much you can make with each side hustle, and how you can maximize your earning potential with strategy. Finding Your Side Hustle When starting a side hustle, remember the most important piece of advice: to get customers, you need to tap into the online search world by putting up a solid website. Check out Gator Builder , our intuitive website builder, to get started. Find the post on the HostGator Blog Continue reading
Posted in HostGator, Hosting, VodaHost
Tagged business, credit-card, element, hostgator, mental-health, ultimate, vodahost, web hosting
Comments Off on How to Find Your Side Hustle
On-Site vs. Off-Site SEO: What’s the Difference?
The post On-Site vs. Off-Site SEO: What’s the Difference? appeared first on HostGator Blog . Search engine optimization (SEO) comes in many shapes and sizes. It’s not limited to one technique or a single tool. If you’re just getting started with SEO , you will want to know the difference between on-site and off-site SEO. Each type offers benefits to help your business acquire more website visitors. While some strategies take a few hours to execute, other tactics will involve extra time to plan. Take this opportunity to attract people to your site. Learn the difference below. On-Site SEO Strategies On-site SEO focuses on optimizing individual pages to earn organic search traffic. By implementing these techniques, it’s easier for search engines to categorize your content. 1. Keyword Research All businesses desire more website traffic. To gain those visitors, it starts with understanding keyword research. Consumers enter keywords in search engines to find specific information. They search for everything from holiday gift ideas to cute puppy videos. Knowing your potential customers’ search intent will help you craft content with targeted keywords. That way, you receive qualified visitors, not just every curious person online. Keyword Planner and Moz’s Keyword Explorer are effective platforms for conducting keyword research and keeping track of trends. Garnering this insight gives you an edge over your competition. Stay away from broad terms. For example, if you sell women’s clothing, stick to distinct, longer-tail keywords that describe your products. Aim for “high-end winter plaid skirts,” rather than “women’s skirts.” 2. Internal Linking When an individual lands on a web page, it’s quite likely that she will want to learn more about the specific information mentioned. Internal linking gives you the chance to act as a tour guide, sending the visitor to another appropriate page. Linking boosts your SEO performance. Serial entrepreneur Neil Patel outlines the advantages: “One of the corollary benefits of internal linking is that it improves user engagement on your site. When a user sees an informative link that truly matches the context of the content, they are likely to click on that link. It can be an external link, as long as it’s something that the reader will be interested in.” Internal linking helps search engines crawl your site. So, direct visitors to another relevant page on your site. 3. Page Speed A few years back, search engines announced that a site’s page speed would impact its ranking. This guideline still influences SEO today. As a result, you should monitor your pages’ load time. According to Google , it takes on average 22 seconds for a mobile landing page to load. However, “53% of mobile site visitors leave a page that takes longer than three seconds to load.” Their free PageSpeed Insights tool analyzes the content of your web page and generates suggestions to make your page faster. It’s user-friendly and only takes a few seconds to receive your speed score. Large image files can negatively impact page speeds. You can solve this problem by using a tool like TinyPNG to reduce the file size and following image SEO best practices . Consider the number of widgets connected to your site, too. Excessive social buttons, comment areas, and pop-up ads can slow down page speed. Off-Site SEO Strategies Off-site SEO is the process of improving your search rankings through referral traffic. These techniques include driving brand awareness and creating remarkable content. 1. Public Relations The perception of your business informs customers’ decisions. Public relations coupled with SEO serves the purpose of increasing your inbound links and brand recognition. Earning coverage in online publications and news outlets starts with developing an enticing story around your business. Jeremy Knauff , founder of Spartan Media, explains: “[Public relations] focuses on getting real humans who work at legitimate, authoritative publications genuinely interested in and talking about your story. It’s about truly adding value, which in turn tends to generate inbound links, as opposed to simply producing garbage links on websites that no one visits.” To catch an eye of a journalist, you’ll want to highlight a newsworthy activity. Maybe you’re partnering with a charity to donate funds, or you’re releasing groundbreaking research that supports your brand. You can generate buzz by writing a press release and initiating a social media campaign with a unique hashtag. 2. Guest Blogging Content writing is another way to obtain backlinks for your website. Through guest blogging, you can become a thought leader in your industry as well as maximize your SEO potential. Guest blogging involves crafting content for non-competitive sites with similar audiences. You’ll gain powerful relationships and site traffic. When guest blogging, it’s key for you to follow the rules described by the specific website. Below is an example from Mention , a social media monitoring tool. You’ll also want to choose a topic that will resonate with readers. If possible, tell a narrative about a recent experience, spotlight a customer story with humor, or even grab people’s attention with stunning statistics. Guest blogging is a perfect time to add your expertise to a larger conversation. You should aim to satisfy the publication and its readers. 3. Influencer Outreach You’re only as good as the community around you. To upgrade your circle and earn inbound links, influencer outreach offers a step in the right direction. Influencers are individuals who shape consumer buying habits. They can persuade people to visit websites, try products, and join social communities. For businesses, this engagement transforms into a huge benefit. Michael Quoc , founder and CEO of Dealspotr, gives his insight: “When your business engages with a new social audience, it unlocks the potential for more followers and engagement. This can lead to more site traffic, backlinks, and other factors that improve SEO.” Do your research when selecting influencers. It’s important that their values match your brand and their audience possess some interest in your products. Influencer partnerships will build your brand reputation faster. Plus, it gives bloggers another reason to link back to your website. Focus on SEO Knowing when and how to apply on-site and off-site SEO strategies matters. Each type holds a different solution for your website to attract more visitors. Find the post on the HostGator Blog Continue reading
Posted in HostGator, Hosting, VodaHost
Tagged business, content, difference, gator-website, industry, insight, products, seo, social-media, specific, vodahost
Comments Off on On-Site vs. Off-Site SEO: What’s the Difference?
10 Ways to Boost Online Store Sales with Wishlists
The post 10 Ways to Boost Online Store Sales with Wishlists appeared first on HostGator Blog . Adding wishlist functions to your online store can help turn more window-shoppers into paying customers, if you make your wishlist visible and easy to use—and maybe don’t call it a wishlist. Here’s how to choose your wishlist tools, put them in the right places on your site, and make the most of the marketing opportunities wishlists deliver. 10 Steps to Wishlists That Work Why do wishlists work for online stores? Saving items for later reduces cart abandonment, and it makes it easy for your shoppers to pick up where they left off later, even on another device. Shareable wishlists can also reach new customers who are shopping for gifts or want to copy a social media influencer’s style. Follow these steps to boost sales for your online store with wishlists. 1. Choose your wishlist plugin The best wishlist plugins make it easy for your customers to use them. Look for guest wishlist options, social shareability, privacy options for individual wishlists, and easy to use admin tools that show you which products are the most wished-for. Two of the best-rated options for stores that run on WordPress with WooCommerce are WooCommerce’s own Wishlists plugin and YITH WooCommerce Wishlist . Both cost $79 for a one-year, single-site subscription. YITH also offers a pared-down free version. 2. Decide what to call your wishlists Wishlist—as in, “add to wishlist” may seem like the obvious term to use in your store. But UX-research group Nielsen Norman Group has found that some shoppers feel “greedy” about adding things to a list to share with others. NNG recommends alternatives like Favorites or My List. 3. Choose where to put wishlist tools on your site There should be an add to wishlist (or favorites or my list) button on every product page. Google’s Retail UX Playbook lists wishlist-related calls to action on product pages to reduce friction for shoppers who are browsing or who want to complete their purchase later, on another device. You can also add a wishlist button—usually a heart—to product photos on your category pages. West Elm does this, and lets shoppers start marking favorites without signing in or creating an account first. Shoppers can review their My Favorites Gallery and sign in if they want to save those items for later. It’s also a good idea to make wishlists visible and easy to access from the shopping cart and during checkout, to encourage shoppers to add items from their lists. 4. Customize your store’s wishlist tools You should be able to customize your wishlist buttons, colors, messages, and more to blend in with your site design. You may also have the option to require that shoppers register in order to make a wishlist, although NNG recommends against that because it adds friction to the shopping experience. You may also be able to customize the sharing options you want your store’s wishlists to support. Make it as easy as possible for shoppers to share their lists, especially on social media. One study found that online stores without “clear social sharing options” consistently miss out on potential sales . 5. Preview and test your store’s wishlist features Navigate through your store the way shoppers do and add things to test wishlists to make sure that everything looks and works the way you want it to. Preview the new setup on different devices and pay special attention to how your customizations look on mobile phones. And follow our recommendations for other UX testing best practices . 6. Activate your new wishlist capabilities Make your wishlist functions live, let your shoppers know they can make wishlists, and then listen for their feedback. You may need to tweak things as customers start building and sharing their lists. Wishlist implementation done, right? You’re just getting started. You’ll get much more value from your store’s wishlists if you go beyond relying on customers to keep and share their lists. The next steps are all about making the most of the marketing opportunities wishlists give you. 7. Use wishlist data in your marketing campaigns Use your wishlist admin dashboard to make your marketing more effective. You’ll see how often list owners post. You can see which products are on the most wishlists and promote them. You can personalize email offers to customers based on specific items on their lists. And you can create holiday promotions that offer deals on users’ wishlist items and incentives for sharing lists. You can also send personalized offers of similar items at different price points, along with cross-sell offers. For example, if a customer has a pair of jeans on her list, you can offer cheaper and more expensive jeans from the same brand. You can also offer tops, belts, and shoes that would look good with her wishlist jeans. 8. Test your wishlist-based marketing efforts We’ve talked before on the blog about A/B testing for email marketing , and your wishlist marketing messages should get A/B tested, too. Sometimes the color or placement of a button or a small change to the wording of a subject line can make a significant difference in engagement and conversions. So, test early and often. 9. Monitor your wishlist metrics Over time, you’ll send trends emerge from you wishlist data. How many of your shoppers have wishlists? Is the number of lists rising or flat? Are your customers consistently sharing their lists, or do you need to promote sharing more heavily? Pay special attention to how users are sharing their lists. Is email or social their preferred channel? If it’s social, which platforms do they use the most, and which platforms generate the most traffic to your store from shared lists? This data will help you decide where to focus your marketing efforts. It can also flag areas where you may need to improve UX. For example, if you’re getting a lot of click-throughs from lists shared on Instagram but very few conversions, you need to examine that pathway to see if there are obstacles you can remove to increase sales. 10. Keep optimizing your wishlist program Consumer preferences, technology, and social network popularity are always evolving. That means you need to keep tabs on what’s trending in online retail, in addition to watching your marketing metrics and A/B test results. Keep listening to your customers, too. Any opinions or requests they share about your wishlists when they contact customer service or post on social media are data you can use to build a better wishlist program. Ready to start granting e-commerce wishes? Build your online store with HostGator. Find the post on the HostGator Blog Continue reading
How to Secure a Website from Hackers [10 Step Guide]
The post How to Secure a Website from Hackers [10 Step Guide] appeared first on HostGator Blog . As a website owner, is there anything more terrifying than the thought of seeing all of your work altered or entirely wiped out by a nefarious hacker? We see data breaches and hacks in the news all the time. And you may think, why would someone come after my small business website? But hacks don’t just happen to the big guys. One report found that small businesses were the victims of 43% of all data breaches. You’ve worked hard on your website (and your brand) – so it’s important to take the time to protect it with these basic hacker protection tips. 5 Easy Steps to Secure Your Website from Hackers You may have worried when starting this post that it would be full of technical jargon that your average website owner would find baffling. Some of our tips further down do get technical, and you may want to bring in your developer for those. But there are a few things you can do on your own first that don’t involve that much technical know-how. Step #1: Install security plugins. If you built your website with a content management system (CMS) , you can enhance your website security with plugins that actively prevent website hacking attempts. Each of the main CMS options have security plugins available, many of them for free. Security plugins for WordPress: iThemes Security Bulletproof Security Sucuri Wordfence fail2Ban Security options for Magento: Amasty Watchlog Pro MageFence Security extensions for Joomla: JHackGuard jomDefender RSFirewall Antivirus Website Protection These options address the security vulnerabilities that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website. In addition, all websites – whether you’re running a CMS-managed site or HTML pages – can benefit from considering SiteLock . SiteLock goes above and beyond simply closing site security loopholes by providing daily monitoring for everything from malware detection to vulnerability identification to active virus scanning and more. If your business relies on its website, SiteLock is definitely an investment worth considering. Note: Our Managed WordPress hosting plan has SiteLock built in, along with other features to help secure your site. Step #2: Use HTTPS As a consumer, you may already know to always look for the green lock image and https in your browser bar any time you provide sensitive information to a website. Those five little letters are an important shorthand for hacker security: they signal that it’s safe to provide financial information on that particular webpage. An SSL certificate is important because it secures the transfer of information – such as credit cards, personal data, and contact information – between your website and the server. While an SSL certificate has always been essential for ecommerce websites, having one has recently become important for all websites. In July 2018, Google Chrome released a security update that alerts website visitors if your website doesn’t have an SSL certificate installed. That makes visitors more likely to bounce, even if your website doesn’t collect sensitive information. Search engines are taking website security more seriously than ever because they want users to have a positive and safe experience browsing the web. Taking the commitment to security further, a search engine may rank your website lower in search results if you don’t have an SSL certificate. What does that mean for you? If you want people to trust your brand, you need to invest in an SSL certificate . The cost of an SSL certificate is minimal, but the extra level of encryption it offers to your customers goes a long way to making your website more secure and trustworthy. At HostGator, we also take website security seriously, but most importantly, we want to make it easy for you to be secure. All HostGator web hosting packages come with a free SSL certificate. The SSL certificate will be automatically applied to your account, but you do need to take a few steps to install the free SSL certificate on your website. Step #3: Keep your website platform and software up-to-date Using a CMS with various useful plugins and extensions offers a lot of benefits, but it also brings risk. The leading cause of website infections is vulnerabilities in a content management system’s extensible components. Because many of these tools are created as open-source software programs, their code is easily accessible – to both good-intentioned developers as well as malicious hackers. Hackers can pore over this code, looking for security vulnerabilities that allow them to take control of your website by exploiting any platform or script weaknesses. To protect your website from being hacked, always make sure your content management system, plugins, apps, and any scripts you’ve installed are up-to-date. If you’re running a website built on WordPress, you can check whether you’re up to date quickly when logging into your WordPress dashboard. Look for the update icon in the top left corner next to your site name. Click the number to access your WordPress Updates. Step #4: Make sure your passwords are secure This one seems simple, but it’s so important. It’s tempting to go with a password you know will always be easy for you to remember. That’s why the #1 most common password is still 123456. You have to do better than that – a lot better than that to prevent login attempts from hackers and other outsiders. Make the effort to figure out a truly secure password (or use HostGator’s password generator). Make it long. Use a mix of special characters, numbers, and letters. And steer clear of potentially easy-to-guess keywords like your birthday or kid’s name. If a hacker somehow gains access to other information about you, they’ll know to guess those first. Holding yourself to a high standard for password security is step one. You also need to make sure everyone who has access to your website has similarly strong passwords. One weak password within your team can make your website susceptible to a data breach , so set expectations with everyone who has access. Institute requirements for all website users in terms of length and types of characters. If your employees want to use easy passwords for their less secure accounts, that’s their business. But when it comes to your website, it’s your business (literally) and you can hold them to a higher standard. Step #5: Invest in automatic backups. Even if you do everything else on this list, you still face some risk. The worst-case scenario of a website hack is to lose everything because you forgot to back your website up. The best way to protect yourself is to make sure you always have a recent backup. While a data breach will be stressful no matter what, when you have a current backup, recovering is much easier. You can make a habit out of manually backing your website up daily or weekly. But if there’s even the slightest chance you’ll forget, invest in automatic backups . It’s a cheap way to buy peace of mind. 5 Advanced Steps to Secure Your Website from Hackers All of the above steps are relatively painless, even for website owners with minimal technical experience. This second half of the list gets a little more complicated, and you may want to call a developer or IT consultant to help you out. Step #6: Take precautions when accepting file uploads through your site. When anyone has the option to upload something to your website, they could abuse the privilege by loading a malicious file, overwriting one of the existing files important to your website, or uploading a file so large it brings your whole website down. If possible, simply don’t accept any file uploads through your website. Many small business websites can get by without offering the option of file uploads at all. If that describes you, you can skip everything else in this step. But eliminating file uploads isn’t an option for all websites. Some types of businesses, like accountants or healthcare providers, need to give customers a way to securely provide documents. If you need to allow file uploads, take a few steps to make sure you protect yourself: Create a whitelist of allowed file extensions. By specifying which types of files you’ll accept, you keep suspicious file types out. Use file type verification. Hackers try to sneakily get around whitelist filters by renaming documents with a different extension than the document type actually is, or adding dots or spaces to the filename. Set a maximum file size. Avoid distributed denial of service (DDoS) attacks by rejecting any files over a certain size. Scan files for malware. Use antivirus software to check all files before opening. Automatically rename files upon upload. Hackers won’t be able to re-access their file if it has a different name when they go looking for it. Keep the upload folder outside of the webroot. This keeps hackers from being able to access your website through the file they upload. These steps can remove most of the vulnerabilities inherent in allowing file uploads to your website. Step #7: Use parameterized queries SQL injections are one of the most common website hacks many sites fall victim to. SQL injections can come into play if you have a web form or URL parameter that allows outside users to supply information. If you leave the parameters of the field too open, someone could insert code into them that allows access to your database. It’s important to protect your site from this because of the amount of sensitive customer information that can be held in your database. There are a number of steps you can take to protect your website from SQL injection hacks; one of the most important and easiest to implement is the use of parameterized queries. Using parameterized queries ensures your code has specific enough parameters so that there’s no room for a hacker to mess with them. Step #8: Use CSP Cross-site scripting (XSS) attacks are another common threat site owners have to be on the lookout for. Hackers find a way to slip malicious JavaScript code onto your pages, which can then infect the device of any website visitors exposed to the code. Part of the fight to protect your site from XSS attacks is similar to the parameterized queries for SQL injections. Make sure any code you use on your website for functions or fields that allow input are as explicit as possible in what’s allowed, so you’re not leaving room for anything to slip in. Content Security Policy (CSP) is another handy tool that can help protect your site from XSS. CSP allows you to specify which domains a browser should consider valid sources of executable scripts when on your page. The browser will then know not to pay attention to any malicious script or malware that might infect your site visitor’s computer. Using CSP involves adding the proper HTTP header to your webpage that provides a string of directives that tells the browser which domains are ok and any exceptions to the rule. You can find details on crafting CSP headers for your website here . Step #9: Lock down your directory and file permissions All websites can be boiled down to a series of files and folders that are stored on your web hosting account. Besides containing all of the scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write, and execute any given file or folder, relative to the user they are or the group to which they belong. On the Linux operating system, permissions are viewable as a three-digit code where each digit is an integer between 0-7. The first digit represents permissions for the owner of the file, the second for anyone assigned to the group that owns the file, and the third for everyone else. The assignations work as follows: 4 equals Read 2 equals Write 1 equals Execute 0 equals no permissions for that user As an example, take the permission code “644.” In this case, a “6” (or “4+2”) in the first position gives the file’s owner the ability to read and write the file. The “4” in the second and third positions means that both group users and internet users at large can read the file only – protecting the file from unexpected manipulations. So, a file with “777” (or 4+2+1 / 4+2+1 / 4+2+1) permissions is readable, write-able, and executable by the user, the group, and everyone else in the world. As you might expect, a file that is assigned a permission code that gives anyone on the web the ability to write and execute it is much less secure than one which has been locked down in order to reserve all rights for the owner alone. Of course, there are valid reasons to open up access to other groups of users (anonymous FTP upload, as one example), but these instances must be carefully considered in order to avoid creating a website security risk. For this reason, a good rule of thumb is to set your permissions as follows: Folders and directories = 755 Individual files = 644 To set your file permissions, log in to your cPanel’s File Manager or connect to your server via FTP. Once inside, you’ll see a list of your existing file permissions (as in the following example generated using the Filezilla FTP program): The final column in this example displays the folder and file permissions currently assigned to the website’s content. To change these permissions in Filezilla, simply right click the folder or file in question and select the “File permissions” option. Doing so will launch a screen that allows you to assign different permissions using a series of checkboxes: Although your web host’s or FTP program’s backend might look slightly different, the basic process for changing permissions remains the same. Our support portal has solutions for how to modify your folder and file permissions . #10 Keep your error messages simple (but still helpful). Detailed error messages can be helpful internally to help you identify what’s going wrong so you know how to fix it. But when those error messages are displayed to outside visitors, they can reveal sensitive information that tells a potential hacker exactly where your website’s vulnerabilities are. Be very careful what information you provide in an error message, so you’re not providing information that helps a bad actor hack you. Keep your error messages simple enough that they don’t inadvertently reveal too much. But avoid ambiguity as well , so your visitors can still learn enough information from the error message to know what to do next. Protecting Your Website from Hackers Securing your site and learning how to protect against hackers is a big part of keeping your site healthy and safe in the long run! Don’t procrastinate taking these important steps. At HostGator, we have created a set of custom mod security rules to aid in the protection of your website. If you’re looking for a new hosting provider, you can click here to sign up for a great deal. For new accounts, we’ll even transfer you for free! After you’ve created an account, you just need to fill out the form here . Don’t worry about getting tripped up in the process. HostGator has world-class support available around the clock! Our customer support specialists are available 24/7/365 via email ticket, chat, or phone. We can help you get secure! Find the post on the HostGator Blog Continue reading
Posted in HostGator, Hosting, php, VodaHost
Tagged birthday, browser, business, credit-cards, database, hackers, manager, php, search-engine, wordpress-hosting
Comments Off on How to Secure a Website from Hackers [10 Step Guide]