Security

Conversion Check: How to Update WordPress and Test Your Lead Generation Forms

by

Go to step-by-step instructions

Losing Leads is Disheartening and Costly

Over the years, I’ve seen businesses lose hundreds of website leads.

They simply didn’t know that some unnoticed glitch was killing their conversions and revenue. But how could they? No one was paying attention.

Don’t let that be your business.

It’a crucial to update your website, check lead forms, and verify that external automation apps are functioning.

Common issues include:

  • Expired credit cards
  • Outdated contact information
  • Plugin conflicts
  • Outdated plugins
  • Code bugs

Performing basic checks will ensure your marketing pipeline is working, while minimizing security risks.

Yes, there are automated uptime monitors, as well as enterprise-grade conversion testing platforms, but neither is a substitute for simply visiting your own website.

Every 30 days, perform some simple checks and use your website just as a customer would — that’s the most direct, most insightful, and least expensive solution to check functionality.

Does something seem confusing or dysfunctional? That’s exactly what your customers will think too. Get it fixed.

How to Update the WordPress Core, Plugins, and Themes

  1. Sign-in to your WordPress dashboard (your-domain.com/wp-admin)
  2. In the left panel, click on the Updates link (the adjacent number shows how many updates are available).
  3. On the WordPress Updates page, look for any links that indicate an update is available.
  4. Click the links to update WordPress first, then the theme, then the plugins.
  5. When you’re done, the number adjacent to the Updates link in the left panel should disappear (indicating no updates are available).

If the Update WordPress link never appears, your site may be configured for automatic core updates. In that case, move on to the next step.

Do Not click the Re-install Now button, that’s only needed for special circumstances.

 

How to Check Your Forms

  1. Go to each of your forms, (contact page, popup, payment form, etc.) and fill them in with your own information.
  2. The form should submit without an error.
  3. What happens next depends on how the form is configured. Who are the proper recipients? If you don’t know, check with your web developer. Confirm that the recipients are getting their notifications. If your form is integrated with an email automation app such as Drip, ActiveCampaign, or Hubspot, make sure those systems record the lead and start their automation processes.

How to Check Your Email Address

  1. Send an email to your primary public-facing email address.
  2. Confirm it goes through to the recipients. Who are the proper recipients? Again, check with your web developer.

Final Check

  1. Load your homepage, and check a couple of interior pages. Does everything look normal? Is it snappy? If so, you’re good to go. There may still be other underlying issues, but at least you’ve taken basic steps to secure your site and verify that customers can reach you.

That’s it. See you next month!

7 Reasons Your Business Needs a Secure Website Now

by
Secure website conversion

July 2018: Google will mark unencrypted web pages as “not secure”, alerting visitors to potential danger.

This massive change has been several years in the making, it WILL affect your business if your website is not set up properly. Let’s find out how . . .

If you don’t have a secure website — with a padlock icon in the browser bar — Google will soon mark your pages with a “Not Secure” symbol like this as a warning to your website visitors:

Not secure warning

Technically, the warning symbol means the website’s connection to the server is not encrypted using the HTTPS protocol.

Google is effectively telling your customers / patients / clients NOT to use your website. Who wants to use a site that the #1 search engine has labeled as potentially dangerous?

Marketing Kryptonite

Can you imagine how alarming Google’s warning will be for your users? It looks scary . . . maybe it’s not safe to proceed. A significant number of your website visitors will click away immediately.

The last thing you want is to lose business over security concerns,  especially in light of the giant Equifax data breach of 2017.

You don’t need a new website, but you do need to convert it to the secure HTTPS standard right away.

What’s the Deadline to Convert to a Secure Website?

We’ve already in the middle of the change. Here’s Google’s timeline:

  • Phase 1, January 2017: Google adds warnings to pages that ask for passwords or credit card numbers.
  • Phase 2, October 2017: Google adds warnings to pages accepting any user information.
  • Phase 3: July 2018:  Deadline! Google says “All HTTP pages will be marked as “Not Secure
  • Phase 4: Ongoing: Google cranks it up by marking HTTP pages with an additional red alert symbol

Why is Google Changing Everything ???!!!

Google has decided that secure websites — those that use an encrypted HTTPS connection — provide a better user experience.

Secure websites are safer for users, help block against hacking attempts, and are faster too. To make that happen, Google has commanded all humans to implement their “HTTPS Everywhere” policy. I’m joking a bit here, but yes, secure sites really do benefit everyone.

We’ve Reached the Tipping Point — all Websites Should Be Secure

Google’s push to make all websites secure has been covered by CNN, LA Times, PC WorldFortuneBBC, ZDnet, Wired, Sophos, Street Fight, and Search Engine Journal.

Big brands such as Amazon, Google, Facebook, YouTube, Twitter, Netflix, and Instagram have already made the switch.

The global transition is happening now.  We’ve reached the tipping point for all business owners to take action.

Without a secure website, your business will experience

  • Diminished customer confidence
  • Suppressed search rankings
  • Slower download speeds

Please keep in mind Google’s Chrome browser has a 58% market share and over 1 billion users — this change WILL effect the majority of your audience.

7 Reasons to Convert to a Secure Website

  1. No Warnings: Google’s “not secure” warning will go away!
  2. User Confidence and Trust: An encrypted connection means privacy and security, leading to user confidence and trust.
  3. Competitive Advantage: If your site is secure, and a competitor’s site is not, you’re more likely to get the click.
  4. Higher Rankings: Google rewards secure pages with higher rankings.
  5. E-commerce Ready: Want to take credit card payments directly? A secure site is required.
  6. Speed: HTTP, the Web’s core protocol, has been upgraded to HTTP/2. HTTP/2 boosts download speeds 200-300%. Naturally, Google loves it. Here’s the kicker: HTTP/2 only works on secure websites and networks.
  7. Enhanced Security: A secure site helps prevent Phishing and Man-in-the-Middle attacks. While not a guarantee against hacking, it is a smart move in the right direction.

Who Needs a Secure Website?

  • All service businesses
  • Professional practices
  • Associations
  • Manufacturers
  • Online magazines and directories
  • Retail establishments

If your business is in any way dependent on Internet traffic for new customers, or collects any type of information from users (including email addresses), this affects you. It’s a business-critical project that simply has to get done correctly and quickly.

“Implementing HTTPS would be a strong advantage against your competition” — 2017 SEMrush Ranking Factors Report.

Please check your website. 

Does it have a padlock icon in the address bar?

If not, it’s time to fix it.

 

How do I Get This Done?

You’ll need two things . . .

  • an SSL Certificate (a secure document that binds your domain to your organization)
  • Someone to do the technical conversion process

Some hosting companies provide FREE Let’s Encrypt SSL Certificates. If yours does, great, there’s no cost for the certificate itself.  Otherwise, you’ll need to buy a basic SSL Certificate which typically costs $20 – $60 per year.  We recommend Rapid SSL (we’ll install the certificate for you).

We provide a professional secure website conversion service. Use the referral code “amigo” to get $100 off until this offer expires.

Keep in mind, we only convert WordPress sites at this time.  Find out if your site uses WordPress.

visa
mastercard
american-express
discover

Convert Your WordPress Website to Secure HTTPS Quickly and Affordably

$100 off — enter the referral code “amigo”.

  • No-risk 1-year warranty
  • Report proving work is complete and correct
  • Professional methodology, no quirky “workarounds” or temporary band-aids!
  • Full refund if we fail to get a padlock showing your site is secure
  • Speed optimization included, your home page will load in 2 seconds or less
  • Complementary SEO review; we’ll alert you missed opportunities

12-Step Secure HTTPS WordPress Conversion Process

by

Now that Google has clamped down on websites that are insecure (not using an encrypted HTTPS connection). It’s time to convert your WordPress site if you haven’t already done so.

Want this done for you, the right way? Hire us. Use the referral code “amigo” to get $100 off for a limited time. Place your order here.    

Getting started with secure website conversion

We’ll need a few temporary credentials to start work. If you don’t have these handy, your web developer probably does. We can reach out to them as needed.

  • FTP user / password to update .htaccess and robots.txt files
  • cPanel user / password to install SSL Certificate (may be same as FTP above)
  • WordPress admin user / password to update General settings
  • Google Search Console user / password to add HTTPS property and XML sitemap (if you don’t have this, we’ll create a new account for you)

Conversion process

Although their are many detailed steps, this is basic process we use to convert your WordPress website to the HTTPS protocol:

  1. Install SSL certificate
  2. Take screenshots and backup the website for safety
  3. Update .htaccess server file to redirect HTTP traffic to HTTPS
  4. Add HSTS (HTTP Strict Transport Security) policy to block man-in-the-middle attacks
  5. Update robots.txt server file to clean-up any legacy HTTP links
  6. Update all internal WordPress links to HTTPS
  7. Install lightweight caching plugin (only if you don’t already have one) to dramatically speed up the site
  8. Test all pages to fix any remaining insecure links, including scripts, CSS files, hot-linked images, etc
  9. Speed Test. The home page should load within 1 – 2 seconds. If it doesn’t, we’ll alert you to other issues
  10. Update Google Search Console to add new HTTPS property, add new sitemap, request re-indexing
  11. Optional SSL / content monitoring setup. We check your certificate and website content site every 15 minutes, and alert you if it’s not loading.
  12. Project report that documents the work has been done correctly. We check your installation for a valid certificate, green padlock, website errors, server issues, and download speed. If you ordered 24/7 monitoring or  a CDN (content delivery network), we’ll include those too.

Sample project report

 

 

SSL Certificates: Why Your Need One, What Type to Get, How Much to Pay

by
SSL Certificates 101

You may already know that Google is using a carrot-and-stick policy to force all websites to use encryption.

Starting in January 2017, if your website is not secure — meaning it’s not using the encrypted HTTPS protocol and doesn’t have a green padlock symbol — your pages will eventually marked with red warning symbol.

Google online help says this about the warning: 

“We suggest you don’t enter any private or personal information on this page. If possible, don’t use the site.”

From a marketing perspective, it’s a fiasco, an awesome way to drive away business. But in the long run, it’s truly best for everyone. We support the change.

Here’s the key: to enable your secure website, you MUST have an SSL Certificate.

It’s simply a digital “signature” that ensures visitors that your website indeed belongs to you, and it encrypts the connection between your visitors and your website. Result: privacy and assurance that sensitive data like credit card numbers and passwords are not being intercepted by the dark side.

If you haven’t converted already, we offer a secure HTTPS website conversion service that gets it done quickly and affordably.

Welcome to the world of SSL Certificates, where distinctions are tough to discern, and prices cover an enormous range — from zero to hundreds of dollars per year. Yet, all certificates provide similar features and meet baseline security requirements.

So, what’s the difference between certs and how much should you pay?

Let’s dive-in to quickly find out why it’s “what the market will bear” environment and how to tips things in your favor.

Firstly, be aware they SSL certificate industry is a confusing labyrinth of brands and cross-marketing partnerships. A small number of official Certificate Authorities issue the certificates. The top five — Comodo, Symantec, GoDaddy, GlobalSign, and DigiCert — control 90%+ of the market. If you buy a certificate, you’ll probably be buying directly or indirectly from one of them.

Nice business right?  Scalable, recurring, mostly automated, high margin. This cash cow has been milked for 20 years. And that’s where it gets interesting . . .

SSL Certificates have been a cash cow for years.
Hello! My name is Certi, and yes, I am a cash cow.

Certificates are sold directly at retail prices by the certificate authorities, but they are also marketed downstream by hosting companies as well as thousands of independent re-sellers and affiliates.

Re-sellers often market brand-name certficates at a fraction of retail price — 80% off in some cases. Yet, the product is identical. How is that possible? Because the incremental cost of issuing a new, basic certificate approaches zero. It’s a fully automated process and can be scaled to meet demand. A strong re-seller can negotiate in bulk, driving the price way down.

The primary difference between certificates is the level of validation — how thoroughly the organization that wants the certificate is vetted by the certificate authority. If you want a convey a high-level of assurance to your customers that your website does indeed belong to your organization, you can pay the certificate authority review more documentation about your business. These are the

  1. Domain Verification: Simple, fast, cheap. This is what most businesses need — a green padlock symbol and an encrypted connection. The CA simply checks that the organization owns the domain. The certificate assures the consumer that they are visiting the intended domain.
  2. Organization Verification: A deeper verification process, at a mid-tier price. This is for businesses that conduct a significant amount of e-commerce. The CA checks documents to confirm the business identity and location. Consumers are reasonably assured of the company’s identity and location.
  3. Extended Verification: Extreme verification at a top-tier price. Only the CA does in-depth research on your business identity, location,

For practical purposes though, there’s very little difference. If a

For small business sites that are not deep into e-commerce, I’m not seeing any compelling reason to pay more than necessary. That’s my working theory for the moment.

Recommendations:

By the way, Google will be nullifying all Symantec, Verisign, GeoTrust, Thawte, RapidSSL for security policy violations. You may