That little padlock and what it means to you

posted in: Web design | 0

This article is vital reading for anyone who has a business website and useful for anyone using the world wide web generally.

With almost 90% of all internet searches in the UK going through Google’s servers it’s not surprising that over the years, Google has, to some extent, led the way in softly dictating the way in which websites work and the way they are constructed. They have mostly done this through their search algorithms, ranking and de-ranking sites which meet or fail to meet certain criteria and, as good search rankings are important to any business website, web developers have had to comply. This is no bad thing. Google’s motivation is sound – to clean up the world wide web and help to prevent fraudulent or misleading websites from appearing in search results and also to make search results more relevant to the user.

Earlier this year (2017) Google raised the stakes somewhat and started to de-rank what they consider to be insecure websites and by early 2018 it is expected that they will raise the bar even further by actively notifying a user that a site is not secure and if your site is one of them, that will impact not only your search engine rankings but will also be detrimental to the image you portray to your customers and the likelihood of them doing any business with you.  It is the latter which I think we should be more concerned about in the long term.

The techie stuff

When a user visits your website, they do so from a browser and it is the browser that requests the contents of a website from the web server and displays it on your computer, smartphone or whatever.  This transaction and interchange between your browser and the web server on which your site is hosted is essentially plain text and can be read by anyone who may be snooping or trying to obtain your private data by nefarious means.  That’s not really a big problem if all you’re doing is reading the news or browsing information.  The problem comes when you are asked to enter secure information on a website such as a name, address, DoB and, of course, credit card details.  Another problem is fake websites – websites which look and feel like a trusted site but exists only to commit fraud by obtaining your personal information.  To illustrate how much of a problem that is, as web designers, we could turn to the dark side and build a website that looks just like that of your bank in a couple of hours and, while it wouldn’t fool the experts, it would be good enough to fool a great many casual users plus, we could capture bank account details of the unwary pretty easily too.

To reduce the risks and make things more secure the SSL Certificate was introduced way back in 1994 by Netscape.  An SSL (Secure Socket Layer) Certificate changes the nature of the transaction between browsers and web servers so that the electronic data flowing in both directions is encrypted – that is, it is no longer in human-readable form but a meaningless series of characters where the decryption key is only known to your web browser and the web server it’s communicating with for the duration of that single transaction.  It’s very clever technology but it’s not 100% secure as, just like any cypher code, it can be cracked eventually but, it is a deterrent which largely works well.

In theory, an SSL Certificate also requires you to confirm your ownership of your website in the real world – that is, you will receive a form by post that you sign and return to the issuing authority to confirm you are who you say you are.  I say “in theory” because in some circumstances that’s true but we know of ways to make your own SSL certificate in just a few minutes, install it on our server and spoof the user into believing their connection is secure and surely if we can do it, hackers can do it faster and better.  We also know that a basic level of SSL Certificate can be obtained legally which does not require real-world validation, this is called a “domain validation” certificate which is quite good enough for most websites to give their visitors and the search engines confidence but lacks the security of ‘real world‘ validation.  To do this, you need what’s called an Organization validated or Extended SSL Certificate.

SSL Certificates cost money

Cynics might say the sale of SSL Certificates is just a way for someone to make more money and if you own a business website you’ve probably already had emails from your hosting company warning you of what will happen if you don’t buy an SSL Certificate using fear, uncertainty and doubt to part you from your cash.  Generally, SSL Certificates for the three levels (DV, OV and EV) cost from about £20 to £100 to £200+ respectively and these are annual fees so it is expensive for a small business.

I should add that all websites we produce from October 2017 include a base-level DV SSL certificate free of charge as a service to our clients.

What it means to a user

All of the popular web browsers now indicate to a greater or lesser extent whether a website you’re visiting is or is not secure.  Generally though, if a website is deemed secure it features a small padlock icon either in the address bar itself or at the foot of the browser window, or both.

Browser padlock symbolThis padlock icon indicates that the website is secure and that it has a valid ‘domain varified’ SSL Certificate in-place.  If the padlock and the word ‘secure’ is in green it means the SSL Certificate is of the Organization or Extended variety – in other words, it has been checked and verified in the real world but, just because a site doesn’t have a padlock symbol doesn’t mean you can’t trust it.  Let me explain…

If a website doesn’t ask you to enter any sensitive information about yourself and, if for example, it’s just a business displaying its wares then arguably it doesn’t need and shouldn’t have to worry about needing an SSL Certificate.  Even if the website just asks for your name and address, doesn’t mean you shouldn’t trust them.  When you should be concerned is when you’re being asked for personal details and credit card information then, you should check you can see a ‘green padlock’ in or around the browsers’ address bar but, then again, if the business you’re buying from isn’t apparently secure does that mean you shouldn’t trust them?  Well, maybe, maybe not…

Payment providers and card processors

Most businesses, especially small businesses, don’t actually capture and store any credit card or customer details when you buy from them online.  Instead, they use a trusted payment processor like PayPal or WorldPay and while it may look like the payment buttons are part of the original website, the payment mechanism is not.  When you click of the “Go to payments” button you are transported to the payment processor’s website which is, and must be, of the highest level of security – Green padlock and other ‘trust’ symbols in the address bar – so the key message is, before you enter any critical data, always check you’re on a properly validated and secure website but, if you’re just browsing and putting items in a shopping basket, you don’t need to worry too much.  Larger companies, like Amazon, both process and store customers’ card information and feature the highest levels of security when you enter your credit card information.

Barclays Bank Changes the Game

As I write Barclays Bank in the UK are airing a TV ad, as part of their sales campaign to attract new customers concerned about internet security and online fraud.  It features the padlock symbol and encourages website visitors to not trust websites not displaying the padlock symbol.  I think this is misleading to the public and will be detrimental, mainly to small business websites but that train has well and truly left the station so if your business website doesn’t display a padlock symbol, you really need to be talking to your website hosts and asking for an SSL certificate – just be aware though that many will try to inflate the costs and employ scare tactics to help you part with more than you need to.  I would say that for most small to medium-sized businesses where the only personal data you might me collecting is name, email address and maybe a telephone number, then a base-level domain verified SSL certificate is all you need and you should expect to pay any more than around £75 – although that is most likely an annual charge.

Summary

Don’t be scared into parting with your money.  Undoubtedly an SSL certificate attached to your website is important and will become more so in the coming year or two but, in the short term, don’t panic, do some research and look for the best options for your particular business and if you’re reading this as a user, don’t be alarmed if the website you are visiting doesn’t have a padlock symbol unless you are being asked to submit a lot of personal information and credit card or bank details.  In any event, proceed with caution because it is still possible to ‘fake’ the highest level of SSL certificate if the scammer is truly determined.

 

When cheap isn’t cheap …

posted in: Web design | 0

A brief guide to buying a website for small businesses

Avoid cheap websites

These days pretty much anyone can get a website on-line very quickly and cheaply but it's good to be aware of the potential pitfalls and risks.  This brief article is designed to be a heads-up for small business owners operating on a small or non-existent budget and is based upon lessons learned by some of our customers who have gone down the wrong road and regretted it later.

To put the risks into perspective 4 in 10 of our customers have come to us after having a bad, expensive or bad and expensive experience elsewhere.  As a local Herne Bay business ourselves, we're more than happy to give free, no obligation and independent advice to any other business in the CT6 postcode area.

Here are a few things to consider no matter who you go with to build your website.

We've highlighted the really, really important things for those in a hurry.

  • There's no such thing as a free lunch!
  • Your website should be important to you, it must reflect your image and/or brand.
  • Like your web designer. Be comfortable that they understand your business and what the website means to you.
  • Don't be talked in to paying any up-front unless you're absolutely, 100% sure they'll deliver.  For larger projects it is usual to ask for a sizeable deposit  but never more than 20%.
  • Don't accept a simple template off the shelf design unless it truly meets your requirements.  Where would we be if every shop on the High Street looked the same with the same window display?
  • Watch our for 'menu pricing' deals.  This is where it starts out really cheap as chips and where each piece of functionality you want to add sees the overall cost rocket.
  • Try to work out what you're really expected to pay over the course of a year, not just on a month-by-month basis.
  • You're likely to want your website to grow as your business grows.  Check what it will cost to add more pages, photos, text etc.
  • Be cautious about anyone who doesn't display a landline phone number.  It can be the first clue as to their authenticity, longevity and status.
  • If the builder of your website registers a domain name for you, check that it's registered in your name and business name.
  • Thinking of making your own website?  Great but don't underestimate the time you need to give to it adding new content and maintaining it.  Many small business owners find they simply don't have the time to do it justice.
  • The web developer should be able to add email addresses to your domain name for you so that you can get away from free email services such as GMail, Hotmail etc. and present a more professional image to your customers and suppliers.
  • Make sure your website will display well and properly on all device types; smartphones, tablets and even HD TVs.  These days 30%+ of your web traffic will come from mobile devices and Google de-rank websites which do not display correctly on mobile devices.
  • Beware the vanishing web-designer!  What we really mean is beware the 'mate down the pub' or the friend who offers to make you a website.  Vitally you need to be sure they're still going to be around this time next year and the year after when you need changes made and you need them to be responsive when you need help.  We're helping one client rescue their website after the original developer went AWOL to Algeria!  We can help them get back the content of their site but not their domain name.
  • Selling on-line is tough in a competitive and crowded market.  The cost of selling on-line and accepting electronic payments is likely to be around 6% per transaction and that's a lot if you're operating on small profit margins.  If you're thinking of selling your wares on-line ask yourself the question "Why would someone buy from me?" and be brutally honest with yourself.
  • You are ultimately responsible for the copyright of any images or text on your website.  Be sure your web developer has licensed any photos or images he or she has used and is able to prove it.  Just because a photo or image is widely distributed around the world wide web doesn't mean it's yours or theirs to use.  We have just helped one new client avoid a claim running into several thousands of pounds for claimed  copyright infringement so it does happen.
  • Always, always, always ask for at least two third party references and follow them up!  You'd be amazed how lazy we all get about doing this to our cost.
  • Avoid paying money for what's called 'SEO' (Search Engine Optimisation) services.  Many so-called web designers make a lot of money from this 'scam' where you're lured into believing they can get you ranked highly on Google and the other search engines.  The fact is that good search engine rankings are organic and there's no 'silver bullet'.  If a website is well constructed, features good content, is mobile-device friendly and is well promoted it will rise naturally in the rankings.
  • Avoid anyone who also offers to place Google Ads or Facebook Ads on your behalf in order to improve your search engine performance or popularity as it's most often a scam.

You would say that wouldn't you?

Genuinely, no.  We've helped-out many local businesses to rescue their websites, extricate themselves from expensive contracts, avoid litigation even though they may not be customers of ours.  As professional website makers, we hate to see small businesses taken for a ride so we'll help where we can and, who knows, maybe one day they might be a customer of ours.

If you have any questions on the above or would like to discuss your own requirements, call us on 01227 364659 or 07525 013666 and we'll do our best to help you.

SEO Unplugged

posted in: Web design | 0

SEO unmaskedSEO, or Search Engine Optimisation, is big business and has made a lot of people a lot of money over the years.  SEO is sold heavily by specialist companies small and large the world over and this article lifts the lid on the mystique and secrets of the trade in what many would like you to think is a black art.

SEO is all about maximising the chances of your website appearing high in search engine listings.  In this article we’ll focus on Google but it’s fair to say that if your website is optimised for Google, the other search engines, such as Microsoft’s Bing, will not complain either.  Google has a UK market share of around 88% of all web searches (April 2015) so it makes sense to focus on that first and foremost.

Before you get caught-up in the SEO frenzy, you should ask yourself just how important is it that by website is found on Google?  That may sound mad because, well, why wouldn’t you want it appearing high on the hog but for some businesses it’s not the be-all and end-all.  One of our clients runs a very successful on-line shop on his website but he also has a massive (for a local business) 12,000+ following on Facebook.  He only sells within Kent and he knows he can get all the business he can manage by using social media to promote offers so, in his words, “I don’t care about Google” but, for most businesses, you will – it’s just worth asking the question of yourself.

A movable feast

Things have changes in recent years and are changing right now, as we speak.  Google doesn’t stand still for very long and they’re continually changing how website are ranked and thus presented to the end user.  One big change in recent years has been away from a reliance on “keywords”.  It used to be a fairly simple process to embed within the website’s code a number of key words which we wanted Google to consider but that was problematic because unscrupulous operators would use misleading key words – such as the name of their competitors – and this would lead to end-users clicking on a link, only to find the page they’d reached was either inappropriate or not what they expected.  These days, Google primarily rely upon these key factors in their rankings:-

  • Popularity of the site (how many people visit it)
  • Relevant, consistent and appropriate content structured in a way that makes it easily readable by a human being
  • Well structured, modern, compliant code under the bonnet
  • Mobile device compatibility

There are also a number of other ‘technical’ facets but if you get the above right first, Google will like your website.

Being popular

To say that the popularity of a website leads to better rankings is a bit of a catch-22 situation – how can you be popular if you’re not ranked highly?  Well, not all traffic to your website has to be as a result of a search.popular  For example, if you’re using social media you should take every opportunity to link-back to your website.  You should take every opportunity to print the address of your website on vehicles, menus, brochures, press advertisements etc. and if you do this diligently people will visit you and, the more people that visit your site, the more Google will take notice and your site will climb up the rankings organically.

Whether you can rely on organic popularity very much depends upon the nature of your business.  For example, if the purpose of your website is to tell people who you are, where you are and what you do then the organic approach could work for you.  However, if you’re selling popular items on-line in a competitive market and with a big investment in stock, you need to start selling quickly and that may mean appearing in the top 5 rankings for your chosen specialisation. In this case, there are techniques for doing this but, they cost money.  Quite big money sometimes and we’ll talk about ‘paid-for-rankings’ in another article.

Be relevant

It’s a sad fact that far too many websites are boring.  There, I said it and, what’s more, many are difficult to read, confusing, difficult to navigate, poorly structured for the reader and stacked with irrelevant text and gimmicks.  It’s better now in 2015 than it was, say, 5 years ago but nonetheless many websites have some work to do.  In simple terms, Google’s search algorithm tries to analyse a page on a website and rank it as if it were a human reader.  It’s not, of course, but it applies some very clever rules when reading a web page electronically and if we understand a little of how it does that means we can make better web pages and achieve better rankings so here goes with a simple explanation.  Hold on tight!

A web page has a number of distinct elements, some of which are buried in the HTML code which makes-up a web page, and others are visible to the human eye.  These are:-

  • The Header
  • The Content

The Header is a bunch of lines of code which tell web browsers, such as Google’s Chrome, about the page.  It also gives the viewer some information via the browser.  Header items include the name of a page, a short description of the page and other technical information such as the version of the code that’s being used.  The important things in the header, as far as SEO is concerned, are the title, the description and to a lesser extent, the version of HTML coding standards being used.  Depending upon how your website is constructed and who constructed it, you may or may not have the ability to change or modify any of this important header information but either way, it is vitally important to have meaningful, relevant and well constructed header information.

The content is what you or your web designer will have access to and forms the body of your website.  Content may be text, images, photos, videos, forms etc. but they all have one thing in common – in HTML (the programming language of the web) they are all wrapped in what are called tags.  These tags tell your web browser how to display what’s inside them.  Here’s an example of a typical tag.

<h1>SEO Explained</h1>
relevance
Probably a very confusing and irrelevant web page for search engines and humans

The end user doesn’t see the tags ‘h1’ but your browser will know just what to do with them – in this case, display the text as a header, typically in a larger font, different colour etc. and the reason for getting slightly techie is to explain that search engines use these tags to decide relevance and readability.  Think of it just like reading a newspaper, you read the heading and then sub-headings and in HTML we can use different size headings from H1 down to H6 (generally the smallest) so Google looks at these to decide, to some extent, how the page stacks-up for readability and relevance so it’s crucial they relate to the web page header information and its content.  For example if your domain name is greencars.com and the title of the page is ‘Beautiful flowers for you and your family’ and the description says ‘Kent’s best plumber’ and the content and headers say things like ‘Children’s toys’ then the search engines are going to get mightily confused – actually it’s worse than that, they will think you’re trying to scam the end user and stop indexing your site altogether.

The key message here is make the page title, description, headers and main content relate to each other by perhaps using the same repeating word in each like, for this page, the key word is ‘SEO’ and in that way Google is in no doubt about what this page refers to.

More on content

web page content
Good, well-structured, relevant and interesting text is crucial for good search engine rankings.

Up to now we’ve been talking about content in terms of its structure and not the actual words used.  Google, and others, use what’s called a readability index to assess your web pages – it sucks in the text, processes it and grades it according to certain built-in rules.  Exactly what these rules are is a bit of a mystery but somehow it grades pages.  We strongly suspect that one of the methods used is called the Flesch–Kincaid readability test but basically the search engine is trying to determine if the page of text makes sense or is it just a list of words in no apparent order?  You can try a readability test on your own website here if you so desire and, while you’re there, try typing in a simple sentence then moving words around or changing them entirely to see what effect it has on the readability scores.  The results can be enlightening.

A good image is important

Google’s rankings algorithm likes some images on a web page but it complains if there are too many or the ratio of images to text is outside of what it considers normal.  There are no golden rules.  A big no-no though is a page consisting only of images or, indeed, a single image or photograph.  This is because it has no way of knowing what the image or photograph is and what it shows and it could equally be a really interesting photograph or something much more unsavoury.  Therefore it’s always sceptical of image-heavy pages and tends to reduce the ranking scores accordingly.  The search engines also like, and reward accordingly, images and photos which have captions and what are called ‘alt tags’ which describes the image to be included in the HTML code.

The links effect

Finally on the subject of content it’s worth talking about links to other websites and web pages.  To understand why links are important you need to go back to the dawn of the world wide web and the whole ethos behind the internet which is broadly that all information should be shareable, unrestricted and ideally, only appear in one place.  For example, if you are trying to explain to the readers of your website how something works or why it’s important then rather then re-inventing the wheel, why not just direct them to some other site that already has a perfectly decent explanation already?  Google likes links quite a lot and rewards the site accordingly as it believes you’re being a good web citizen.  Similarly you should encourage other websites and social media pages to link to your site or individual pages.  It all helps the ranking score. If you would like to read more about the importance, or otherwise, of links on your website here is an excellent article on the subject.

Security and SEO

SEO SecurityI’m sure at some point when browsing the web you’ve seen the acronyms http and https appear in the address bar and you may have also seen a little padlock symbol appear somewhere.  Basically, http (meaning hyper-text transfer protocol) is the base level of communications between your browser and the server which hosts the website.  It’s not secure in that the strings of text can quite easily be intercepted and translated in to real-world text.  Most of the time this doesn’t matter a jot but if you’re running an on-line shop or asking people in any way to submit personal information then it matters a lot so the protocol https (the ‘s’ standing for secure) was introduced to provide a more secure session and encrypt the data between the browser and server.

Another aspect to security is proving, as far as is reasonably possible, that the website you’re visiting is who its purporting to be.  Anyone can create a website and have it on-line in minutes – it could be reputable or it could be hosted in a back bedroom anywhere on earth by someone who is setting out to scam you or infect your computer with viruses or spyware.  The point is, to create a website you don’t have to prove who you are to anyone.  HTTPS changes that to some extent.  It requires that owners of a website install what’s termed a digital certificate on their server and the process for acquiring this certificate means that the owner will have had to prove who they are in the real world and they will have had to pay for their certificate too, often around $100 a year.

Because HTTPS is inherently more secure and helps to prevent end-users being scammed or misled, Google have recently started to improve the rankings of sites which have a secure certificate and we suspect that within the next 12 months they will start to degrade the listings of less secure sites and within 24 months, a certificate (called an SSL certificate) will become essential for any half-serious business website if decent rankings are required.  It’s a cost overhead which many complain about but if it helps end-user confidence in your website then it may pay for itself in quite a short time.  You should ask your web developer for advice on SSL certificates but, be warned, some agencies are out to make money by charging ludicrous amounts and scaring you into parting with your cash.  Our advice is to pay somewhere between $50 and $150 per year on your security certificate no more, no less.

Be responsive

As we write in September, 2015, around 30% of all visits to websites are made from a mobile or tablet device and that figure is to to reach 70% by 2017/18 so if you want your website to be effective then its essential that it displays well and is usable by mobile devices.  At first it was ok for a site to be ‘mobile friendly’ and what that meant was site shrank itself down automatically to display on smaller screens.  You’ll still see a large number of sites around like this and, if you’ve ever tried to use them on a phone or tablet, you’ll know how tricky it is to hit the right button to navigate around or read the tiny, tiny text.  The next generation of sites are called ‘responsive’ which means that not only does the website display well on all devices and computers, the content and the look & feel change according to the device it’s displaying on. Sometimes text will be enlarged, menus will change to display in the way we expect phone menus to be presented, large images may be replaced by smaller ones and the whole user experience will be far less frustrating.

Prior to May this year (2015) it was all about aesthetics and usability but Google changed that and started ranking websites with responsiveness built-in ahead of those which didn’t.  It is now crucial that any business website features a responsive design and you can check yours here, for free, at Google’s own responsive design checker.

In sort, if you have a website and it’s not responsive, you will be losing potential customers and losing ranking position.

Finally, pay attention to the detail

Even in these days of ‘text speak’ and almost an acceptance of poor spelling and grammar it’s vital that your website makes sense to visitors and, vitally, the search engines so pay great attention to spelling, grammarSmall business SEO and readability.  If I say ‘the best plummer in Kent’ your brain will know I probably mean plumber and you will intuitively know what I mean but a search engine ‘robot’ will just see it as a string of text and possibly assume it means you pick great plums!  Good spelling and grammar lead to better search engine rankings and happier customers so it’s worth spending a little money on a professional proof reader – we regularly use a journalist for final checks and it’s money well spent.

Summary

SEO is important and its arguable which are the most essential elements.  Our view is that if you pay attention to the elements above and get those as ‘right’ as you possibly can, organic growth and good search rankings will follow. But, if we had to prioritise it would be in this order:-

  • Make great, readable and well structured text.
  • Use images and photos sparingly and chose them well.
  • Use the latest coding standards and structure the code properly
  • Be responsive
  • Be secure
  • Get the spelling right
  • Promote the heck out of your website on social media and anywhere else you can make the web address appear.

SEO is not ‘fire & forget’ you need to work at it and set aside time to review your web statistics through tools like Google Analytics and Google Search Console which will provide valuable clues as to how much traffic your site is generating, who’s visiting you and what they have searched for when they do.  You should be prepared to make regular minor changes and tweaks to your site to optimise your rankings which is why people often pay others to do it for them – it can be time consuming.

If you’d like to know more about SEO or have us take a look at your existing website for SEO compliance please contact us on 01227 364659 or message us using this contact form.  We never charge for an initial appraisal/consultation and we may be able to offer you a valuable insight for FREE!