© 2021 KevinKoop.ca
Security Tips to Protect Your Website

Security Tips to Protect Your Website

Stay Secure Against Hackers

You may not think your site has anything worth being hacked for, but websites are compromised all the time.

The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware.

Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top 9 tips to help keep you and your site safe online.

1. Keep software up to date

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.

Many developers use tools like Composer, npm, or RubyGems to manage their software dependencies, and security vulnerabilities appearing in a package you depend but aren’t paying any attention to on is one of the easiest ways to get caught out. Ensure you keep your dependencies up to date, and use tools like Gemnasium to get automatic notifications when a vulnerability is announced in one of your components.

2. SQL injection

SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.

Consider this query:

"SELECT * FROM table WHERE column = '" + parameter + "';"

If an attacker changed the URL parameter to pass in ‘ or ‘1’=’1 this will cause the query to look like this:

"SELECT * FROM table WHERE column = '' OR '1'='1';"

Since ‘1’ is equal to ‘1’ this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

You could fix this query by explicitly parameterising it. For example, if you’re using MySQLi in PHP this should become:

$stmt = $pdo->prepare('SELECT * FROM table WHERE column = :value');
$stmt->execute(array('value' => $parameter));

3. XSS

Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages, which then runs in the browsers of your users, and can change page content, or steal information to send back to the attacker. For example, if you show comments on a page without validation, then an attacker might submit comments containing script tags and JavaScript, which could run in every other user’s browser and steal their login cookie, allowing the attack to take control of the account of every user who viewed the comment. You need to ensure that users cannot inject active JavaScript content into your pages.

This is a particular concern in modern web applications, where pages are now built primarily from user content, and which in many cases generate HTML that’s then also interpreted by front-end frameworks like Angular and Ember. These frameworks provide many XSS protections, but mixing server and client rendering creates new and more complicated attack avenues too: not only is injecting JavaScript into the HTML effective, but you can also inject content that will run code by inserting Angular directives, or using Ember helpers.

The key here is to focus on how your user-generated content could escape the bounds you expect and be interpreted by the browser as something other that what you intended. This is similar to defending against SQL injection. When dynamically generating HTML, use functions which explicitly make the changes you’re looking for (e.g. use element.setAttribute and element.textContent, which will be automatically escaped by the browser, rather than setting element.innerHTML by hand), or use functions in your templating tool that automatically do appropriate escaping, rather than concatenating strings or setting raw HTML content.

Another powerful tool in the XSS defender’s toolbox is Content Security Policy (CSP). CSP is a header your server can return which tells the browser to limit how and what JavaScript is executed in the page, for example to disallow running of any scripts not hosted on your domain, disallow inline JavaScript, or disable eval(). Mozilla have an excellent guide with some example configurations. This makes it harder for an attacker’s scripts to work, even if they can get them into your page.

4. Error messages

Be careful with how much information you give away in your error messages. Provide only minimal errors to your users, to ensure they don’t leak secrets present on your server (e.g. API keys or database passwords). Don’t provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.

5. Server side validation/form validation

Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

6. Passwords

Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.

Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.

In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.

Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

7. File uploads

Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but it isn’t recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can’t be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

deny from all
    <Files ~ "^w+.(gif|jpe?g|png)$">
    order deny,allow
    allow from all
    </Files>

Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:

<img src="/imageDelivery.php?id=1234" />
     
<?php
      // imageDelivery.php
     
      // Fetch image filename from database based on $_GET["id"]
      ...
     
      // Deliver image to browser
       Header('Content-Type: image/gif');
      readfile('images/'.$fileName);  
     
?>

Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.

Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don’t have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.

If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.

If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimizing the risk of your data being exposed.

Finally, don’t forget about restricting physical access to your server.

8. HTTPS

HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees to users that they’re talking to the server they expect, and that nobody else can intercept or change the content they’re seeing in transit.

If you have anything that your users might want private, it’s highly advisable to use only HTTPS to deliver it. That of course means credit card and login pages (and the URLs they submit to) but typically far more of your site too. A login form will often set a cookie for example, which is sent with every other request to your site that a logged in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site.

That’s no longer as tricky or expensive as it once was though. Let’s Encrypt provides totally free and automated certificates, which you’ll need to enable HTTPS, and there are existing community tools available for a wide range of common platforms and frameworks to automatically set this up for you.

Notably Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. There’s a stick to go with that carrot though: Chrome and other browsers are planning to put bigger and bigger warnings on every site that doesn’t do this, starting from January 2017. Insecure HTTP is on its way out, and now’s the time to upgrade.

Already using HTTPS everywhere? Go further and look at setting up HTTP Strict Transport Security (HSTS), an easy header you can add to your server responses to disallow insecure HTTP for your entire domain.

9. Website security tools

Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.

There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers will use in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL injection.

Some free tools that are worth looking at:

  • Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS

  • OpenVAS. Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.

  • SecurityHeaders.io (free online check). A tool to quickly report which security headers mentioned above (such as CSP and HSTS) a domain has enabled and correctly configured.

  • Xenotix XSS Exploit Framework – A tool from OWASP (Open Web Application Security Project) that includes a huge selection of XSS attack examples, which you can run to quickly confirm whether your site’s inputs are vulnerable in Chrome, Firefox and IE.

The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren’t a concern for your site.

If you wish to take things a step further then there are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.

So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then I would try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or to upload a server side script.

Hopefully these tips will help keep your site and information safe. Thankfully most CMSes have a lot of inbuilt website security features, but it is a still a good idea to have knowledge of the most common security exploits so you can ensure you are covered.

There are also some helpful modules available for CMSes to check your installation for common security flaws such as Security Review for Drupal and Wordfence Security for WordPress.

If you found this information helpful or have any security tips of your own, let us know!

Tips for Awesome Website Content

Tips for Awesome Website Content

Compelling and Informative

Many companies miss the point of having a website. Too often a grand marketing vision gets in the way of presenting useful information. The copy must be written with your customer in mind.

Here’s how many websites are developed. The decision-makers gather around the conference table and begin brainstorming. “Our website should include our mission statement so visitors know what guides us,” says one executive.

“It should look and sound professional, so let’s use stock photos and have Mary write the copy because she was an English major in college,” says another.

“We should have a page with all our products. But let’s not put too many details or prices because we want visitors to have to contact us,” says a third.

Someone from the sales department adds, “On the Contact Us page, let’s use a form with lots of questions that will help us make a sale. Have visitors tell us their budget and how soon they intend to make a purchase. And let’s be sure to get their full name, mailing address and phone number so we can have a salesperson pursue them.”

Are you cringing as you read these website suggestions? If not, you should be. They’re off-base and sure to alienate visitors.

The Visitor Must Come First

While all these ideas have merit for the company, they don’t make much sense for visitors. And that’s a big mistake. If you don’t put your visitors first, your website won’t be effective. Bottom line, it’s not about you!

The best websites are customer-centric. They’re designed to provide the information visitors seek and to present it in an interesting, organized fashion. They let the customer see the real you, which then builds trust.

They make it easy for visitors to complete whatever action they have in mind, whether it’s to buy a product, subscribe to a newsletter, or contact you for more details.

Your visitors don’t want cute or clever. They won’t take the time to decipher your meaning. They simply want to know how you’re going to solve their problem. Or, put another way, what are you selling and why is it right for me NOW?

Here are 15 tried and proven tips to help make your website successful:

  1. Start with a clear navigation.
    Organize your pages into logically-named categories and use standard terms on your menu. Visitors don’t want to guess where to go. They don’t want to analyze what you mean. And they don’t have the patience to embark on a scavenger hunt for facts.
  2. Use conversational English.
    Despite what your high school English teacher may have thought, nobody wants to read text that sounds like a term paper. Yawn. Write copy as though you’re speaking directly to the visitor. Use second person like “you” and “we.” Contractions are fine. And a friendly, informal tone is better than stiff, corporate-speak.
  3. Avoid industry jargon.
    Don’t use words or phrases that your visitors may not recognize. Use familiar terminology.
  4. Provide all the relevant information.
    When people search the web, they’re seeking answers. If your site doesn’t provide the facts, the visitor will move on to the next one in the search results. Don’t be afraid of sharing too much, and that includes prices. Studies show information-rich websites are the most effective in converting visitors into serious prospects.
  5. Leave out the hype.
    Visitors don’t want spin. They expect honesty and transparency. They crave facts so they can make an educated decision. Place all your cards on the table and let visitors draw their own conclusions.
  6. Make your home page a to-the-point summary.
    Since your home page is the most common entrance to your website, it should describe how customers will benefit from your content, products, or services. If visitors can’t quickly figure out what’s in it for them, they’ll click that back button. Poof, gone!
  7. Create unique landing pages for specific topics.
    While you might want everyone to come through the front door, the home page of your website, that might not be the best strategy. A more targeted approach is to create landing pages that speak to specific subjects. If someone is looking for information on say your product’s military application, he should land on your page that is dedicated to that subject. Landing pages convert at a higher rate than do home pages.
  8. Let pictures help tell your story.
    Stock photos are pretty, but do they tell visitors about the real you? No, they’re too generic. You can use them in some places on your site to help break up what would otherwise be a copy-heavy page, but when it comes to products and people, real photos work best. Visitors want to see what they’re buying and who they’re buying it from.
  9. Include trust-building content.
    Explain why your company is uniquely qualified to provide its products or services. Provide some details about your company’s history and achievements. Include a photo of the founder if it’s relevant. Consider dedicating a page to testimonials or case studies. These third-party endorsements hold weight. Customers buy from companies they trust.
  10. Keep your website up to date.
    If visitors notice that your content isn’t current, then your site loses all credibility. Continually update your site, add to it and remove any information that is obsolete. The last part of that sentence is critical, so I hope you didn’t miss it. You shouldn’t only add content. You need to also delete anything that’s no longer relevant. If the good information is buried, your visitor might never find it.
  11. Use a straightforward layout.
    Nobody likes clutter, and that includes visitors to your website. Clean, simple and organized works best. The more intuitive, the better, so visitors can easily find what they need.
  12. Make it easy for visitors to contact you.
    Put your contact information in multiple places so it’s easy to find. It should always be just one click away. Don’t make visitors work too hard to reach you. They might not bother, and you’ll lose them.
  13. Keep forms simple.
    If your website includes a form, such as on your Contact or Quote page, ask the fewest questions possible. Visitors hate completing all those fields, (don’t we all?), and they likely don’t trust you enough to provide all the information you’re requesting. Yes, you’d love to obtain their detailed information, but it’s what they prefer, not you!
  14. Include a call to action on nearly every page.
    Tell visitors what you would like them to do next. Lead them down the path to a sale or to contacting you. It’s great to be a quality source of information, but you also want visitors to know they can make a purchase.
  15. Make it perfect or as close to it as you can get.
    Spelling and grammar mistakes make you look like an amateur. So does poor wording. Review your work closely, or better yet, consider hiring a professional copywriter to craft your content.

In today’s information-saturated world, visitors to your website are likely to be impatient. If they can’t quickly find what they want, they’ll move on. They’re skeptical of anything that sounds “salesy.” If they could speak to you, they’d say, “Just the facts, please.”

To be effective, your website must deliver true value. Put your visitors’ needs and wants first as you create its content and watch your conversion rate soar!

If you found this information helpful or have any content tips of your own, let us know!

Internet Marketing Tips

Internet Marketing Tips

Increase Online Traffic and Revenue

Increasing revenues and profits for your business will take strategy and effort.

Here are four tips to help you as a business owner increase your traffic and profits.

Update Your Website

It’s 2017, so if you’re like most businesses, you have a website (if not, what are you waiting for?). In fact, odds are good that you’ve had the same website for several years. This can be a blessing and a curse, and is something business owners should address in 2017.

Websites that have been around longer have an SEO advantage over newly created sites. However, the longer a site has stayed the same, the more likely it becomes that certain information on the site is inaccurate or out of date.

A recent study found that the majority of consumers encounter multiple erroneous sites in their daily internet browsing. There are few faster ways to lose a customer than having them drive to the address listed on the website, only to find that the business has moved across town.

Updating a site is also a good time to upgrade security features. Feeling secure is essential to building consumer trust. Similarly, improving the site’s mobile friendliness can also lead to tangible improvements in business performance.

Utilize PPC and Social Media Ads

Many business owners have a false impression about the way that the internet and social media work. While it’s common for large websites or popular social media business pages gained their massive followings organically, this is almost never the case.

Rarely there are cases of something just going viral. In most situations things that get a lot of publicity and attention paid for advertising and promotion to get the ball rolling. True, all the money in the world isn’t going to help bad content, but without paid promotion on the internet, getting noticed can be slow work.

It’s important to realize that social media can be just as useful as Google in directing traffic to websites. While fans for a page don’t necessarily equate to customers, Facebook’s utility as content distribution network makes the platform as useful as search ads on Google or video ads on YouTube. Investing in both forms of paid advertising can produce good returns for a business.

Integrate Marketing Tactics

Another goal business owners should pursue is using multiple marketing tactics in a coordinated way. A long time ago, the only way people learned about information was through gossip or the town crier. Now, there are a large variety of ways to get information to consumers, and the better these methods are used in conjunction, the more effective the results.

This integration can fall into two categories. First, businesses that use multiple forms of internet advertising should coordinate them to ensure that one consistent message is being sent to target consumers. Using email advertising, social media, PPC and video ads in tandem makes it hard for people to miss the message.

The other form of integration is when businesses coordinate their online marketing with their offline marketing. The methods mentioned before are effective on their own, but imagine how much more effective is when the online ads are reinforcing what they’ve seen on local billboards, TV ads, etc. Making an effort to coordinate all the various advertising and marketing channels can be tricky, but it is worth it for business owners to make the effort or to hire people who can handle this coordination and implementation for them.

Create More Content

While this may seem like an anticlimactic piece of advice, this may be the most important. Advertising still works, there’s tons of evidence to support that, but consumers are becoming more capable of avoiding and ignoring ads if they want to. Content marketing is a good way to reach audiences while showcasing the knowledge base of a business.

For example, some consumer have begun using ad blockers to prevent them from seeing ads while browsing websites (though Facebook is designed so that these technologies don’t work on their site). If people aren’t going to see your banner ads about your plumbing business, writing blog posts about common plumbing issues would be a good way to attract your target audience without relying on ads. It may be indirect, but content marketing works.

And if there’s one thing that business owners should strive to do is use every available form of advertising and marketing to promote their business.

How to Make Your Nonprofit Site Effective

How to Make Your Nonprofit Site Effective

Creating a Strong Presentation

Your nonprofit’s website is a tool that should be used to engage, interact with, and mobilize your audience – a tool that should ultimately inspire action.

1: Know Your Audience

If you don’t know who your website is serving, you’re at a serious disadvantage. No matter how hard you try, it will be nearly impossible to create an effective nonprofit website – one that meets the needs of your constituents and helps you achieve your mission.

  • Focus on their needs – Who are your key groups and what do they care about? How do they interact with your site?

  • Use the right language – Know that writing is an art and a science. Every bit of content should showcase your mission. Avoid industry jargon and acronyms. Keep it simple, but include descriptors for clarity and improvement of search engine optimization.

  • Keep mobile in mind – Mobile browsing is the #1 method users use to access the internet. Is your content completely accessible?

2: Focus on Your Home Page

Your home page is your first opportunity to make a strong impression. Within the first few seconds of arriving, your users will form an opinion.

  • Prioritize content – Create visual hierarchy. What content elements are most important and deserve the best location? Remember your goals as well as your audience’s during this exercise – not everything everyone wants fits, or even belongs, on the home page.

  • Make sure people can scan through easily – Use of headers, content blocks, and visual design will allow users’ eyes to follow the right path of content.

  • Provide choices – Not everyone accesses your site in the same way; make sure you provide different ways to access information to accommodate this.

  • Test – Show your home page to audience members, and then ask them a series of questions about your organization and its mission. If they can’t answer them, consider refocusing and prioritizing your home page.

3: Share Your Mission

Sixty percent of all donors check out your nonprofit’s website before donating, and therefore you should tell them why they should give and what impact it will make. And, you should do it quickly, before they change their mind. Share your mission clearly and succinctly and make it actionable!

“Feeding Children, Growing Community”. This isn’t just a catchphrase, and it’s not just a mission statement. Seeing this tagline immediately informs the user that they will find compelling information on what your organization is about, how they can help and who is being served.

4: Use Compelling Imagery

Design controls what users see and how they process your content. Compelling imagery can mean many different things based on your audience but it’s critical for driving users to important content.

  • Infographics are fantastic. They allow you to visually show all types of content – from stewardship to impact to mission fulfillment to campaign progress – unmistakably and concisely. They are attractive and engaging, which are two key elements to successful imagery on any website.

  • Engage with eye contact. Photography that uses eye contact will allow you to make a personal connection with your user. Personal connections, trust, and emotional engagement are keys to fulfilling your mission! Which would better share the amazing impact Habitat for Humanity has on the community – an image of five volunteers building a Habitat Home with their backs to the camera? Or the eyes of the man for whom the house was built?

  • Share real stories of impact. Sharing stories of how others are affected by your work, your outreach, and your mission will build credibility and encourage empathy.

5: Ensure Ease in Navigation

If your users can’t figure out how to find the information they’re after, it might as well not exist.

  • Provide multiple interaction paths – not everyone accesses information in the same way, so make sure key content is accessible multiple ways – navigation, search, calls to action, etc.

  • Test yourself – Access your own site in different ways, see how easy it is to find key content, and adjust accordingly.

  • Two clicks or less for key tasks – (Hint: Effective nonprofit websites follow the two-or-less rule.) If not, revise your structure. You can’t have two clicks to everything, but you can prioritize and make sure key tasks and content are the easiest to reach.

6: Include Clear, Bold Calls to Action

Without a strong call to action, it doesn’t matter how brilliant your content is.

  • Remove all obstacles to action. If someone clicks “donate now,” they should not be taken to another landing page with all of the ways they can give. Effective nonprofit websites take people directly to the donation form where they can give that gift!

  • Provide both tangible and intangible options: Please give 10 meals to your community today; please give $10 today.

  • Calls to action should be clear and compelling.

  • Never say “click here.”

7: Showcase Your Stewardship

At least 60% of donors will visit a nonprofit’s website before donating. Create a strong presentation to show what impact they will have if they participate.

  • Show the impact of the support visually through infographics.

  • Be transparent – share your annual report and show how much of the support goes to the cause.

  • Say “thank you.” This seems simple, but it’s often forgotten. Your website is a great place to say it publicly.

8: Keep Content Fresh

People in general have incredibly short attention spans. This is even more relevant on the internet where information is constantly available.

If you don’t consistently update your content, people will assume that either you don’t have anything new and important to present or that you can’t be bothered to put in the time or energy. Neither of these are good scenarios, both of which could cause them to forget about you and never come back.

Fresh content is crtically important to driving traffic to your nonprofit website.

  • Utilize automatic feeds.

  • Add dates to content posted to the home page.

  • Gather user-generated content via blogs, forums, or posts and let your audience help keep content fresh!

9: Be Social

More and more, people are looking to engage with organizations through the various social media platforms. Utilize this direct communication to help promote, engage and provide a constant source of dynamic content

The world of social media is changing. It’s not enough to have a Facebook page or a Twitter account. The real power of social media is in harnessing its viral capabilities as an integrated channel with reach beyond the limits of your database and lists.

  • Incorporate social sharing on your site. It will contribute to website traffic and brand exposure.

  • Tweet, blog and post. Often. Make it a priority.

  • Use the Facebook and twitter widgets to pull social posts to your website for fresh content and relevant, engaging activity.

10: Provide a Personal Touch with Multimedia

Your users’ preference for consuming content varies, just as their browsing and navigation styles do.

  • Allow users to consume information in multiple ways – video, imagery, text, interactivity, and audio.

  • Invest in interactive design elements like virtual tours or maps – it helps bring a personal touch to your users, even through the web.

5 Ways Web Design Impacts Customer Experience

Impact Your Customer Experience

5 Important Aspects of Design

Web design is one of the most important parts of any Internet marketing strategy.

It has a huge impact on the digital customer experience in several different ways. Your site’s aesthetics, usability, and other crucial factors are essential to your company’s long-term online success.

But how dramatically does it actually impact your bottom line?

In this post, we’ll take a look at five major aspect of web design and how you can improve all of them.


1. Appearance

Web design most obviously impacts your site’s appearance. You choose how your site looks, which plays a huge role in your company’s first impression on new online visitors.

Often, you’ll hear marketing experts (including us) talk about web design in two extremes:

  • Older websites that look like they were made in 1996

  • Newer, sleeker websites that adhere to modern web design standards

Many websites fall between those two options, but they represent opposite ends of a spectrum.

It’s possible to have a site somewhere in the middle — one that looks attractive, but maybe it was last updated in 2007.

Regardless of how your site looks, the goal is to have it as current and up-to-date with modern design trends as you can.

Modern web design trends include:

  • Responsive design

  • Parallax scrolling

  • Big, bold fonts

  • Eye-catching “hero” images

  • Multimedia

Responsive design means using code on your website that makes it look and function the same, regardless of the device someone uses to access it.

So whether someone comes to your site from a smartphone or a desktop computer, they’ll get a great experience and find the information they want.

Parallax scrolling means overlaying two visual elements on a page and moving them at different speeds as someone scrolls.

Then, when someone looks through a page on your site, they’ll get a cutting-edge visual experience that keeps them engaged and reading.

Big, bold fonts have been in vogue for a few years now. Essentially, the concept refers to using sans-serif typefaces that are easy to read on screens.

That makes your customer experience smoother, and it lets your readers get the most value out of every sentence on your site.

Eye-catching “hero” images are giant, full-width graphics at the top of articles that give you a summarizing visual representation of the text below.

They got the name “hero” because these images champion the article with which they’re associated. They’re great for generating clicks for social media, and they’re ideal introductions to concepts on your site.

Last, multimedia refers to images, videos, interactives, and other visual elements that help break up text and educate your visitors.

Multimedia is fair game for just about any page on your site from a blog post to a 100-page downloadable guide.

When you include it, you make your content much more scannable, engaging, and enjoyable for readers.

But this all has to do with your site’s appearance. Web design impacts a lot more than just how a website looks.


2. Professionalism

Professionalism refers to the impression you make on your site’s visitors before they ever start reading your site.

When someone arrives on your site, you want them to understand that you’re a modern, respectable business. This impression is largely based on how your web design represents you.

Several web design elements contribute to professionalism, including:

  • A culture page

  • Photos of staff

  • Customer results

A culture page is part of your site that’s exclusively dedicated to talking about your company’s approach to daily operations.

Do you have certain values at your company? Do you maintain certain traditions? Do you celebrate anything unique?

These are all great additions to a culture page since they show what your company does besides work. Even your customers will be interested to see that your employees are happy.

Speaking of employee happiness, photos of staff can also go a long way in reinforcing professionalism.

Whether you choose to show them together at a happy hour or hard at work is up to you. Either way, you’re adding faces to your business that shows visitors you’re more than a brand name — you’re a thriving company.

Last, you can showcase customer results. If you can quantify your work in any way — even if it’s how many air conditioners you repaired last year — you can highlight that information on your site.

This demonstrates professionalism because it shows that you have your customers in mind, even those who haven’t converted yet.

Visitors who see that will understand that you’re a customer-focused business that values itself in terms of what you can deliver.

Still, professionalism needs another element that web design can offer — and it’s essential no matter what kind of business you own.


3. Clarity

Clarity means designing your website so visitors can find what they want as quickly as possible. This is often an overlooked way to vastly improve the visitor’s experience.

Most often, this means improving your navigation. Intuitive and familiar navigation styles allow your visitors to quickly find the information they want.

Today, navigation comes in a few well-known styles:

  • Breadcrumb

  • Drop-down menu

Breadcrumb navigation is inspired by the story of Hansel & Gretel.

Whenever someone clicks to a new page, your site automatically adds their previous page to a navigation bar. Then, a user can click back to that page in an instant if they want.

A drop-down menu lets someone hover their cursor over a menu title and see the pages that category contains.

Then, they can click on the page that interests them to get the information they want.

These navigation strategies can work together, too. Your homepage can use drop-down menus, and once someone clicks to a new page, you can use breadcrumb navigation on that page to let users go back to where they were.

Naturally, you have lots of other options for navigation. But these are the two most popular and useful in the web design world.


4. Load time

Load time refers to how long someone has to wait for a page on your site to display on their device(s).

Load time is a major Google ranking factor, and it’s become crucial to online success as more consumers move toward using the Internet on mobile devices.

The modern Internet user is concerned with websites that load in the blink of an eye and — more importantly — use minimal data.

So how can you reduce your site’s loading time?

  • Optimize image sizes

  • Remove auto-play multimedia

  • Use white space

First, you can optimize image sizes on your website to make sure your site loads as quickly as possible.

To do that, use .jpg files for your images. This is the best way to show high-resolution photos or graphics while minimizing the size of the file.

Next, you should remove auto-play multimedia like video and audio.

That means your users won’t use big chunks of their mobile data when they go to your site on their smartphones.

Plus, auto-play multimedia is an irritating way to promote content anyway. Most users will leave your page if they get there and there’s automatically a video in their face.

Instead, make your multimedia require manual activation on every page.

Last, you can use white space more frequently to reduce data demand.

White space is any unused space on your pages. No text, no images, no videos — nothing.

White space spreads out your text and elements to make them easier to see, especially for mobile users.

This makes it easier for visitors to understand everything on a page so they don’t have to re-read content.

In a nutshell, that makes white space work on two levels. It helps your pages load in a flash and it makes them more readable.

Overall, that makes web design crucial to the speed of your site. You can also use these strategies together to help your individual pages load as quickly as possible.


5. Conversions

Conversions are arguably the most important part of web design.

After all, your business won’t thrive online without them.

Web design can impact conversions in a thousand different ways, and they’re all important, but these three are some of the most impactful:

  • Color

  • KISS principle

  • Faces

Color sounds general, but in web design, it refers to a color scheme that intelligently uses contrast to highlight selling propositions.

So if your site uses a cool color scheme, use warm colors like red or yellow for your calls to action. That helps them stand out so people can find them more easily and convert.

The KISS principle is an acronym for “Keep It Simple, Stupid.”

The idea is that simpler designs are better designs. When you have an easy-to-follow, organized website, you make it that much easier for visitors to convert.

You don’t need loud backgrounds or showy graphics to sell your company online — it’s actually better to stay simple.

Last, faces may sound a little odd as a web design principle. But the idea is that human faces help visitors relate to your business.

You could use stock images, but this works best when you use your own staff.

Essentially, you show someone the human side of your company to make them feel more comfortable contacting you.

It may not sound like much, but that goes a long way in establishing trust, fostering a positive relationship, and eventually earning a new customer.

By using all three of these concepts at once, you make your site much more efficient at earning new customers.


How does your site’s design impact customer experience?

Do you know of any other ways to improve visitors’ experience on your site with web design?

Let us know!

Responsive Web Design

Responsive Web Design

Unify Your Experience

When thinking about getting a redesign for your website or having a brand new site created, have you thought about the way it will look across all devices?

Responsive web design tends to be overlooked by businesses when planning a new site. With new technology comes new screen sizes and greater probability that your website may not appear as you want it to across the board. Whether your viewer is using the newest high resolution retina display iPad or an old phone, you want your website to display clearly so your brand message can be perceived appropriately.

Unify Your Website’s Experience on All Platforms

Responsive web design is the idea of designing and developing a website with flexible layouts that adapt to each user’s device. Websites with responsive design will adapt and display on any device or screen size, making for an enjoyable experience for your viewers.

With responsive design, you pay for one build and get a custom website that not only looks great on desktops, but also netbooks, laptops, tablets, and smartphones. A responsive design is also prepared for the next big piece of technology that comes out, no matter what its screen resolution is.

Responsive designs for your website allow you to not have to create a custom site for each and every device out there. Devices may be in landscape while others are in portrait and some could even be just completely square. With most smartphones, you are also able to change your screen from being portrait to landscape at the flip of the device. One design is not able to handle all of that, unless it is a responsive design.

PixelForge is an Experienced Responsive Web Design Company

A responsive design site consists of a combination of flexible grids and layouts, along with images and strategically created CSS media queries. PixelForge has a team of experienced responsive web designers that know the best ways to create your website to display beautifully on screens of every size.

Our team stays current with all the responsive design best practices, and is constantly reading and learning about new ways to achieve the perfect kind of design for responsive and mobile sites. Our experience and knowledge helps keep our responsive web design cost low, since you won’t need to pay for any research, experimentation, or trial development. We can create amazing responsive sites right away, with no “trial and error” required.

An Example of Responsive Web Design by PixelForge

One example of the responsive design services that we have offered to clients can be seen for Manitoba Clinic. The Clinic needed a responsive design that could properly display its services, operating hours, and other relevant information to visitors on all devices.

The completed website makes it very easy for visitors to view the Clinic’s services or make contact from any device, no matter the size. The viewing experience is also very consistent, so if someone first accesses it from a laptop, then checks it again on their phone, they will have a very good idea of how to find the same information again. This seamless experience is one very big perk of responsive design for websites.

To see more responsive websites that we have designed for clients, refer to our portfolio.

Choose PixelForge for Your Web Design Project

PixelForge is a responsive web design agency with a specialized interactive team that will provide you with the complex design and development skills that are needed to make your website shine. As a full service Internet marketing company, we can help you create a website that renders properly on devices of every size, attracts more visitors, and results in higher conversions for your business. Contact us today to get a custom quote for our responsive web design service.


Curious about the cost of responsive design or how it can help you boost conversions? Contact us to get a custom quote for your own responsive web design project.

Residential Wireless Security Best Practices

Residential Wireless Security

Best Practices

Hello Everyone,

Today I would like to speak with you about best practices for securing your home wireless network from potential intruders. These simple few best practices will make your wireless network more secure and provide you with peace of mind that no one is using your internet connection.

Wireless Password Strength

Default MTS and Shaw modems come with a pre-generated 10-digit wireless password. While this seems complex it is relatively easy to break using number brute force (generating every potential pattern). In testing the password could be determined within 1 to 2 days. The simple fix for this is to change your wireless password to a combination of capital, lower case, number and special character (!,#,$ etc.) password of 10 characters or more. The longer the password the better. Do not use words or easy to guess passwords such as “Mrfluffy123”. This simple change will make it almost impossible to brute force your wireless password.

Wireless Network Type

Always use WPA2 or greater when available. Never use WEP password encryption.

Wireless Network Name / SSID

It is recommended to hide the SSID so that your network is not advertised.

Wireless Router

Always make sure your wireless router is up to date with the latest firmware. Most consumer routers will check for updates on your behalf and notify you on login.

Period Device Review

Periodically check your routers DHCP table to make sure the devices listed match known devices within your network. If you notice something strange immediately block it from the network.

I hope that some of these simple recommendations help you with your home network.

Please contact our IT Services wing to learn more about security alerts and best practices. If you found this information helpful or have any security tips of your own, let us know!

Why User Experience Matters to Marketing

Why User Experience Matters to Marketing

More Than Design

User experience, also known as UX, is made up of many moving parts that allow it to positively impact how users feel when they visit your website.

Without a positive user experience, your marketing tactics can be affected, so it’s important to understand what exactly makes for a great UX design.

In this post, we’ll look at the various elements that great UX includes and how UX impacts your marketing goals and strategies.

Successful UX Elements

UX is about more than the design and colors of your site.

Positive UX incorporates many factors, including value, usability, functionality, adaptability, navigation, and design. Each of these elements contributes to how functional your website is to users.

Value is determined based on whether or not potential buyers can easily see the benefit of your products or services. Your website design should clearly communicate the value of what you offer to visitors on your site.

Usability refers to the structure of your site and how responsive it is. Your site should be designed in a way that addresses your customer’s needs before they even realize they have them.

Functionality is a large part of UX because it ensures everything on your site makes sense. A potential customer should never have to ask themselves what the purpose of something on your site is.

Because we live in a world where people are constantly using their phones and tablets, adaptability of your site to any device is significantly important. The content on your site and its performance quality should be consistent whether the information is accessed from a desktop, iPad, or smartphone.

Navigation is about creating a layout that minimizes the number of clicks it takes for people to find things on your site. Users should not have to click more than two or three places to get to what they’re searching for.

The design of your site should draw visitors in without distracting them from your content. The goal is to grab their attention by creating an aesthetically pleasing design, without making them forget why they came to your site in the first place.

Return-on-investment (ROI)

Your ROI increases significantly when you invest in a strong, worthwhile UX strategy.

  • For every dollar invested in UX, there’s $100 in return – that’s an ROI of 9,900%.

  • In 10 years, a $10,000 investment in design-centric companies would yield returns 228% greater than the same investment in the S&P.

  • 86% of buyers will pay more for a better customer experience.

  • ESPN.com profits increased 35% after they listened to their fan base and incorporated suggestions into their homepage redesign.

So, if good UX increases your sales, what does UX mean for bounce rates?

Bounce Rate

Does UX affect the bounce rate on your site?

You bet it does.

UX done well can decrease bounce rates significantly for your website! The numbers speak for themselves:

  • 89% of consumers began doing business with a competitor because of a poor customer experience.

  • 39% of people will stop engaging with a website if images won’t load or take too long to load.

  • 47% of people expect a web page to load in two seconds or less.

  • Time.com’s bounce rate dropped 15 percentage points after they adopted continuous scroll.

Design

Throw a few colors you think are nice on your site and you’re good to go, right?

Not quite.

The design of your site should be well-thought out and researched to see what people respond positively to. Design goes along way; just let these statistics sink in:

  • First impressions are 94% design-related.

  • 88% of online consumers are less likely to return to a site after a bad experience.

  • Judgments of website credibility are 75% based on a website’s overall design.

  • 38% of people will stop engaging with a website if the layout is unattractive.

Mobile

People are constantly on their phones. Which means it’s a high possibility when they access your site, it will be from their phone.

Not having your site optimized for mobile may seem like no big deal, but the reality is it can make a huge difference. When a site isn’t mobile-friendly images become distorted or don’t appear, text is either too small to read or doesn’t fit on the screen, and information becomes difficult to find.

Optimizing your site for mobile matters because:

  • 74% of people are more likely to return to a site when it is optimized for mobile.

  • 67% of mobile users say they’re more likely to buy a site’s product or service when the site is mobile-friendly.

  • 61% of consumers have a higher opinion of companies with a positive mobile experience.

  • 52% of customers are less likely to engage with a company because of a bad mobile experience.

Are you doing UX successfully for your site?

In order to market your business successfully and accomplish your goals, user experience is a major part of the equation.

If you found this infographic helpful or have any UX tips of your own, let us know!

Don’t forget to share this infographic and remember to consider the various elements of UX when building your site!

Hardening Your Server – Best Practices

Hardening Your Server

Best Practices

Hello Everyone,

In today’s blog post we are going to discuss some of the simple best practices for hardening your servers. These tips can apply to any server environment.

Disable default/guest accounts

Most systems have default guest accounts which if they are not being used should be disabled. I have not seen a reason to keep these enabled in any environment.

Change admin username

Most systems have the ability to change or disable the default super user account. To harden the server it is recommended to change / rename this where able.

Change All Default Passwords

Always change your default passwords to a complex password.

Use complex passwords for privileged accounts

Always make sure your passwords use the following minimum complexity settings

  • Minimum 10 character length
  • Include a number, capitals, symbol
  • Do not use dictionary words
  • Lock account after 5 failed login attempts
  • Where able leave account locked out until reset.
  • Always run server behind a firewall or enable a firewall

This is just good practice as you want to be able to log any events and prevent people from gaining access via unknown ports. If possible run an active firewall which will automatically block IPs on login attempts and send out alerts.

Disable all ports not being used

Same as above. There is no reason to keep open ports which are not used.

Change Default Ports

Where possible change default ports to a non standard. For example SSH operates on port 22 which is common and known. Change this to a random non standard eg. 6022

Updates updates updates

Stay on top of security updates which patch potential security holes in your server. This is very important.

I hope these simple tips help you and keep your servers more secure.

Please contact our IT Services wing to learn more about security alerts and best practices. If you found this information helpful or have any server hardening tips of your own, let us know!