WordPress Botnet Attack: What You Need to Know

The WordPress botnet attack is spreading. At risk is anyone whose WordPress setup includes a user name of admin. This would be almost ALL WordPress installations, as this is the default user name from a standard WordPress install.

What do you need to do? Log into your WordPress site EVEN IF YOUR USER NAME IS NOT admin, and go to your dashboard, click on All Users, and check to see if you have another user named “admin”. In most cases, there IS an admin account.

Take these steps accordingly (please read all steps before doing anything):

1. If your user name is admin, and you have just logged in as such, go ahead and create a new user account. Make sure to give your new account Administrative privileges! Use a STRONG password. Then, log out of WordPress, log into your new account, go back to All Users, and delete the admin account, making sure to reassign all of your posts to the new user (don’t delete them!)!
2. If your user name is NOT admin, but there is an admin account, you should only delete it after you are sure that you have full administrative privileges!! There must be an account that has administrative privileges.

Here is more information:

http://techcrunch.com/2013/04/12/hackers-point-large-botnet-at-wordpress-sites-to-steal-admin-passwords-and-gain-server-access/

Out with Google Places, In with Google+ Local

Everything you need to know about the conversion from Google Places to Google+ Local

• Google Places Is Over, Company Makes Google+ The Center Of Gravity For Local Search
• Google+ Local to Replace Places as Google Makes a Play for More Mobile Ad Dollars
• Google Places Replaced By Google+ Local: What Small Businesses Need To Know

Google Places Owner-Verified Listings Overwritten by Other Databases

A client of mine– a lawyer–, once hired an, as it turned out, less-than-honest online marketing firm that promised SEO services for a rather steep monthly fee. The promised leads were not generated, and he eventually canceled his contract. One strategy the shady marketing firm (called Real Practice) used was to list an alternate phone number and web site that would forward to my client’s, and would be used to track the number of leads supposedly generated by them. My client took this to mean that these listings would be in addition to the regular leads he was getting off of Google, Yahoo, and Bing. As it turned out though, Real Practice was trying to take credit for those leads too– they had changed the phone number and web site on the local listings to their phony ones. Once my client canceled his account, that phony phone number and web site address remained, though they no longer forwarded to him. So, customers could no longer reach him via his Google Places account. Real Practice wanted $50 a month FOREVER, in order to rectify the situation.

Corrections from inside the Google Places account yielded no results! Same thing on Bing and Yahoo! No matter how many times we tried to change the listings to display the correct information, both from within the owner-verified accounts, and as outsiders providing updates, the information kept reverting to display the defunct phone number and web site address. Did Real Practice somehow have access to these accounts, and were they going in there each time to change the information? No. My client assured me that he had never given his Google Places account information to Real Practice– same with Bing and Yahoo. As it turned out, they had claimed his InsiderPages listing, and that information was overriding any changes we were making inside the individual search engines. We contacted InsiderPages, and they immediately unclaimed the listing so that we could claim it and fix the web site and phone number. Very soon afterwards, the Google, Yahoo, and Bing local accounts followed suit, and the correct information was being displayed.

So, no matter what you do inside your owner-verified accounts, it seems that certain databases, like Insider Pages, will override them.  To be on the safe side, we also got a Universal Business Listing. And that is hopefully the end of this story.

Choosing the Best Host for WordPress

After working with web sites on many different shared hosting providers, I have been able to see what works and what doesn’t work well for a self-hosted WordPress blog. It’s true that the requirements for WordPress aren’t that extensive, but there are still many reasons to be careful about whom you choose for hosting. Many have drawbacks that won’t become apparent until you are up and running.

Here are some of the hosting criteria that make for a smooth WordPress experience

• Easy backups via Cpanel: When you back up your WordPress files via FTP, you are not backing up the database, which is where all the pages and posts live. It’s crucial to back up the database, and doing so through phpMyAdmin can be quite confusing. It is recommended that you back up both database and files every time you need to update to a new version of WordPress (which, trust me, is often). Cpanel offers an easier way to back up your files and your database.
• One-click WordPress Installation: It’s easy enough to install WordPress yourself, but 1-click installation is even better. You get database creation and connection all with one click! And hosts that offer this are more committed to supporting WordPress and staying up to date with the WordPress requirements (as far as version of PHP, etc).
• Hack-free: Since my clients’ blogs have been hacked on Dreamhost and Lunarpages, I’m not inclined to recommend those. (Yes, this blog is still on Dreamhost… but that might change soon). With shared hosting, the hacking seems to spread from account to account, so, once bitten, twice shy.
• Support for WordPress: Some popular hosts offer WordPress but don’t want to support it. I found that Network Solutions would not help with an issue I was having moving a client’s blog from a subdirectory to the root folder, because they “don’t support WordPress in the root folder.” That’s pathetic for someone like Network Solutions.
• Support: Most of the inexpensive shared hosts charge extra for phone support. Almost all of them have email support. Some answer emails within 24-48 hours (Dreamhost….) and some, usually within the hour (Hostgator).
• Minimal (if ever) Downtime: I don’t want to name any names, but I’ve had terrible experiences with hosting providers’ servers being down for long periods. OK, I’ll name names. Dreamhost and Network Solutions are really guilty of this, in my experience.

My favorite host for WordPress so far? Hands down, Hostgator. I’ve always gotten the support I’ve needed, none of my clients’ sites have been hacked, the prices are great, WordPress installation is a snap, as are backups. And I can’t remember any of my Hostgator sites going down for more than a couple of minutes.

Google Places Allows Spam Reviews

Unfortunately, Google is failing to crack down on fraudulent spammers who post negative reviews about their competitors. This particular spammer is a local cabinet maker who posted two dozen 1-star reviews about its competitors’ businesses, all on the same day. And on the same day, gave itself a 5-star review. It’s pretty dumb, because it makes it really obvious who the culprit is.

Google allows users to report inappropriate comments. Several of the companies affected have reported the spammer. But, Google has done nothing about it. Owners have the opportunity to respond to to negative reviews, and can point out that the comment is spam. But, if Google does not take down the review, the affected company’s average star rating remains compromised. In fact, one of the affected companies is a client of mine. Because my client is honest and does not inflate his listing with fake reviews, he has a modest number of reviews, all positive except for the fraudulent 1-star review from his competitor. That 1-star review brings his average rating down to 3.5 stars. That’s what you see when my client comes up on Google Places. Maybe some potential customers will take the time to click for more info and see that the one negative review is a fake. But most won’t. Why would they, when several other cabinet makers with higher averages appear in the local search results?

I warn all of my clients of the dire consequences of trying to trick the search engines. “You WILL be caught,” I always say. So, it’s really frustrating to watch this one company get away with it. It’s been two months now, and Google has done nothing so far.

Should I Re-Brand?

I have noticed that many sole proprietors brand themselves. And re-brand themselves. Is this a good idea?

I’m going to address this from an SEO perspective. And it does take careful consideration. Building your current site’s ranking took time. You don’t want to throw that away because you thought of a new business name you like better. If things have gone relatively well, other sites link to you, and maybe not just to your home page– maybe you’ve got valuable “deep links” to your other content. Search engines have found you and indexed your pages, and are even taking into account the age of your domain.

Let’s backtrack for a minute though. If you are a sole proprietor or sole practitioner, and plan to stay that way, do you really need to brand yourself in the first place? Maybe you should build a reputation for your real name, instead of a brand name. The brand name may sound outdated within a year or two, if trends change, or if your business goes in another direction and, you will find yourself in this re-branding pickle.

Assuming you already went the brand route, and realize now that you chose the wrong brand name, what now? Do not have any illusions here– when you change your domain name, your search engine ranking will be affected, probably for several months, but hopefully there will be a light at the end of the tunnel. Think carefully, and choose a new domain name that can be with you for a long time, even if you narrow or widen your business focus, or alter your business in some other unforeseeable way.

1. Go through your old site, and make sure you have a record of each and every URL.
2. Go to Yahoo.com and type in link:http://www.yourolddomain.com and find out who is linking to your old site, and what pages they are linking to. Use the dropdown menu to Show Inlinks “Except from this domain” to “Entire Site.”
3. Think about whether you are going to use the same URL structure (will your about page still be called about.php or is it going to be called about-our-company.php?).
4. Launch your new site.
5. In your server’s .htaccess file, use 301 redirects to re-direct each old URL to each new one, or if file structure remains the same, you can redirect the whole site to the new domain in one fell swoop. More on this.
6. Go to your Google Webmaster Tools account for your old domain. If you never did this before, you need to now. Fill out a “Change of Address form”.
7. Get a Google Webmaster Tools account for your new domain, and submit a sitemap of all your new URL’s.
8. Contact all the web sites from step #2, and request that they update their link to your site. Even with the re-direct, you should do this, to preserve your “link juice” from those backlinks.
9. Don’t wait too long to take your old site down if there is duplicate content. You can be penalized for this.
10. Have patience…. several months of patience.

Ask yourself… is it still worth re-branding?

Google’s Duplicate Content Penalty: Moving WordPress

Just a cautionary tale if you’re planning to move your WordPress blog from wordpress.com to your own domain. When you move your content from one domain to another, conventional wisdom tells you to use a 301 redirect to inform search engines that the site is permanently moved. However, when a blog is hosted at wordpress.com, this option is not available to you.

One client hired me to set up WordPress and a premium theme at her domain. She already had a site at that domain, which she was replacing with a WordPress site. She also already had a blog hosted on wordpress.com, and was moving all those posts (about 50 of them) to the new site at her existing domain. I set up the theme for her, and she exported all of her posts from the wordpress.com site and imported them to her domain. I informed her about the legendary “duplicate content” penalty and told her that she would need to take down the content on wordpress.com, but not to do anything drastic before Google crawled her new site at her domain.

Fast forward 6 weeks; Google had found the new content, alright, but the old content still remained. Google must have decided the wordpress.com site was the original source of the content, and dropped her domain from its index completely. The domain, prior to the installation of the WordPress site, had an old static site that had previously had a moderate Google page rank.

The first step I told her to take was to remove the text of each of her posts from her wordpress.com site and replace it with a “this article has moved….” link to the same content on the new site. Once this was done, I could be sure there was no more duplicate content. I then submitted a “site reconsideration request” through Google Webmaster Tools. I explained that both domains were run by the same business (there had been no plagiarization) and that the duplicate content had been removed. There was a rather cryptic response about a week later that said the request had been processed, but it didn’t mention whether the domain would be re-indexed. It’s been about 3 weeks since then, and the domain is still not listed in Google’s index.

This is a pretty drastic implementation of the duplicate content penalty, as the client has gone from about 300 visits a day to only a handful. Be sure to avoid this situation altogether by removing duplicate content as quickly as possible when moving your site from wordpress.com to your own domain.

Make a Referral Week: A Small Business Stimulus Program

It’s Referral Week! This is my favorite idea over at Duct Tape Marketing. Make a referral this week– refer someone to a small business that you love to support. Then, give your referral an extra boost by bragging about it on the Referral Week web site. This is a great way to help out small businesses. But don’t let it stop there. Make a habit of making referrals often–it’s good karma. What a feeling to bring more customers or clients to a business that has served you well– especially a business that is small and local.

E-commerce Platforms: is yours search engine friendly?

If you are planning to launch a small e-commerce site, you may want to stop and consider whether search engines will be able to find the products you will be offering. Some platforms don’t offer the ability to edit certain criteria that are crucial to search engine friendliness.

Here’s a short checklist.

1. Customizable Page Titles: Above all, the page title MUST be editable for each individual product. Remember, the page title is what you see on the search engine results pages and in the top of your browser window. As far as Google is concerned, it’s the most important element on the page.  Some e-commerce platforms use a template that only allows you to specify one page title that will be used for all products. This is disastrous for SEO!
2. Customizable “Alt” Tags: You should be able to specify the “alt” tags for the product images. Some e-commerce platforms automatically use the product name as the image “alt” tag– which is better than no “alt” tag at all — but ideally you want to specify your own tag. Why? Well, more and more searchers are using the image search on Google to find what they’re looking for. For humans, a picture’s worth a thousand words. But not to Google, who can’t see the pictures unless you describe what’s there in the “alt” tag. So if you’re selling a pair of kid’s shoes by Stride Rite, maybe your product name is “Corey”. That doesn’t tell Google much. You’d want the “alt” tag to say “Stride Rite Kids Shoes – Corey – Pink/Silver Sneaker”. That way, an image from your site could come up for a search like “pink kids sneakers”.
3. SEO-friendly URL’s: Many e-commerce platforms use database-generated URL’s such as www.site.com/product/19. Since the number 19 doesn’t tell us anything, it’s preferable to use descriptive words instead. Consider an e-commerce solution that generates static HTML pages rather than generating dynamic pages on the fly. Search engines prefer permanent links.
4. Related products: It’s really useful to be able to link to related products within your catalog. Good for users AND good for search engines. Check to see if your e-commerce platform provides this option.

Please comment with your own suggestions to add to the checklist. Also, if you have a favorite e-commerce solution that fits the bill for SEO, please post it here.

Why Local Matters

The Internet, to many, is an opportunity for global exposure. So, why focus on local markets? There are several reasons.

• Money that you spend outside your local area or at chain stores, whose headquarters are generally outside your area, is siphoned right out of your community. Every dollar that is spent locally, however, stimulates about 32 cents in additional economic activity in your community. Read more about local economies here.
• Your local area can serve as your niche– if you offer a service with a lot of competition, it’s much easier to differentiate yourself in your local area.
• Your Internet marketing strategy works in connection with word-of-mouth referrals from others who know you– and more often than not, those people live in the same region as you.

So now that I’ve convinced you that local matters, make sure to set up your Google Local listing and to print your location information in your page footer!