Home            Blog
Showing posts with label seo. Show all posts
Showing posts with label seo. Show all posts

Thursday, May 25, 2017

10 HTTPS Implementation Mistakes

10 HTTPS Implementation Mistakes - SEMrush Study

Elena Terenteva
This post is in English
10 HTTPS Implementation Mistakes - SEMrush Study
Moving your website to HTTPS is a not a nice SEO bonus or prerogative of a big business, but it is a must for all kinds of websites. The volume of encrypted traffic is growing year after year and, according to Firefox telemetry, on January 29, 2017, half of all Internet traffic was secure, and that is a big deal.
The significance of this tipping point really can’t be overstated.
Ross Schulman, co-director of the New America Foundation’s cybersecurity initiative (Source).
If your website is still on the ‘dark side,’ you should reconsider your perception of encrypted traffic. In our previous article we talked about HTTPS’ influence and importance: it’s a heavy ranking signal, it’s a trust signal increasing  users’ credibility, and finally, it’s a guaranteed way to protect your website data from certain types of attacks.
Today we are going to talk about mistakes that can occur during HTTPS implementation and ways to fix and avoid them, so if you have already moved your website to HTTPS or are just thinking about it, this article will help you to avoid some of the most common pitfalls.
HTTPS Implementation mistakes

HTTPS Implementation with SEMrush

Is your website secure?

HTTPS implementation mistakes

All statistical data for this article was obtained during research conducted using the SEMrush Site Audit tool. We collected anonymous data on 100,000 websites in order to find out the frequency of  HTTPS Implementation mistakes. First of all, we should say that only 45% of the websites we analyzed support HTTPS and all data on the frequency of HTTS-related errors was collected during the analysis of those secure domains.
Google has very clearly specified HTTPS pitfalls which may occur and should be avoided. Now let’s take a closer look to each one and thoroughly examine ways that these errors can occur.  

Non-secure Pages with Password Inputs

Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure
Google Security Blog - Moving towards a more secure web
To identify the frequency of this error, we analyzed all 100,000 domains, because Google has strict requirements about ‘non-secure’ pages — any page that collects passwords should be encrypted. We hope that this initiative will facilitate the expansion of HTTPS. But for now, 9% of analyzed websites still have insecure pages a with password input.

Website Architecture Issues

Mixed Content

Mixed content occurs when your page is loading over secure HTTPS connections, but it contains elements (such as images, links, IFrames, scripts, etc.) that are not secured with HTTPS.
First of all, this may lead to security issues. Moreover, browsers will warn users about loading insecure content, and this may negatively affect user experience and reduce users’ confidence in your website.
And the extent of this problem is greater than you might think — 50% of websites have this problem. The thing is, manually evaluating this issue is very time-consuming — because one site can contain hundreds of pages, so this makes a mixed content error a real problem.

Internal Links on an HTTPS Site Leading to HTTP Pages

All internal website links, images, scripts, etc. should point to HTTPS versions. This is extremely important, especially if there are no redirects or HSTS implemented. Still, it is better to change links to their HTTPS version even if redirects are implemented. This is also one of the errors that can occur when moving a website to HTTPS. And, it seems like it’s the biggest problem, because it’s also time-consuming due to the amount of pages that need to be analyzed — for 50% of the websites we analyzed face this pitfall.

No Redirects or Canonicals to HTTPS URLs From HTTP Versions

When moving your site from HTTP to HTTPS, it is important to appropriately redirect canonical pages. This is important for several reasons — first, for supporting stable secure website experience, that is obvious. Second, not connected HTTP to HTTPS pages’ coexistence doesn't impede your SEO. Search engines are not able to figure out which page to index and which one to prioritize in search results. As a result, you may experience a lot of problems, including pages competing with each other, traffic loss and poor placement in search results.
Properly implemented redirects or canonicalization can improve a website's positions by combining all the signals.
This problem is not detrimental to websites using HSTS, because it is preventing web browser communication over HTTP, so we didn’t take them into account during our research. We have discovered that on 8% of the websites we analyzed (excluding ones supporting HSTS) HTTP home page is not corresponding to HTTPS version. And keep in mind, we are just talking about home pages here; can you imagine how many pages on the rest of these websites have not been properly redirected?

HTTP URLs in the sitemap.xml for HTTPS Site

Again, this mistake can easily occur when moving a website to HTTPS.
To prevent Google from incorrectly making the HTTP page canonical, you should avoid the following practices: including the HTTP page in your sitemap or hreflang entries rather than the HTTPS version.
Although this seems to be a clearly described requirement, 5.5% of websites have this mistake. When moving your website to HTTPS, you don’t need to create another HTTPS sitemap.xml file; just change the HTTPS protocol in the sitemap.
To learn how to properly migrate your site to HTTPS, check out this guide —  All you need to know for moving to HTTPS by Fili Wiese.  

Security Certificate Mistakes

Expired SSL Certificate

An SSL certificate (Secure Socket Layer certificate) is used to establish a secure connection between a server and a browser and to protect data on your website from being stolen. For some types of businesses that work with confidential data, like customers’ credit card and social security numbers, an expired SSL certificate brings the risk of credibility losses. Also, an expired certificate triggers a warning message for your users once they enter your website which will negatively affect your bounce rate. During our research, we found out that 2% of the analyzed websites have expired SSL certificates.

SSL Certificate Registered to an Incorrect Domain Name

This error occurs when the domain name to which your SSL certificate is issued doesn’t match the domain name displayed in the address bar.  This mismatch mistake appeared on 6% of the analyzed websites.
The higher frequency of this error, compared to the previous one, can be explained by the misconception that an SSL certificate issued only to the root domain (example.com) works for subdomains (info.example.com). This mistake can occur even if the certificate is installed correctly. For example, if a website’s SSL certificate is issued for www.example.com, entering example.com user will get to the website but receive an error notification.
This problem can be solved by using a Multi-Domain certificate, which allows you to use one certificate for multiple domain names or IP addresses. Note that unqualified names (www), local names (localhost), or private IP addresses violate the certificate's specification.

Server Issues

No HTTP Strict Transport Security (HSTS) Server Support

The HSTS protocol informs web browsers that they can communicate with servers only through secured HTTPS connections. Let’s say user typed in the address bar name of your website like  http://example.com, but HSTS instruct browser to use HTTPS version.
HSTS is a protection from downgrade attacks and cookie hijacking. This is a way to secure users from a man-in-the-middle attack.
A man-in-the-middle attacker attempts to intercept traffic from a victim user using an invalid certificate and hopes the user will accept the bad certificate. HSTS does not allow a user to override the invalid certificate message 
86% of analyzed websites don’t support HSTS. And it’s no surprise — the technology is quite new and browsers have only started to maintain it quite recent. Hopefully, in the next year we'll see a different picture with positive trend.

Old Security Protocol Version (TLS 1.0 or older)

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which provide a secure connection between a website and browser, must be regularly updated to the new strong versions — 1.1 or higher. There's no discussion — this is a must. An outdated version of a protocol makes it very easy for rogues to steal your data. It’s one of the critical error, nonetheless it appears on 3,6% of the analyzed websites. This means that even companies that care about timely SSL certificate prolongation can forget about updating their protocol versions. So don’t forget to check your website’s current state.

No Server Name Indication (SNI) Support

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) protocol, and it allows you to support multiple servers and host multiple certificates at the same IP address.
SNI usage solving the problem we talked about previously - SSL certificate registered to an incorrect domain name. Let’s say you added a new subdomain, entering it your user will get a warning about insecure connection, because SSL certificate is issued to the the different domain name. And it’s difficult, or better say impossible, to foresee all possible names. So here comes SNI, which will prevent occurrence of this error.
It’s not a strict requirement, which is probably why SNI-related errors were discovered on just 0.56% of the websites we analyzed.

About the SEMrush HTTPS Implementation Report

All the mistakes we've been discussing can be detected by the SEMrush HTTPS Implementation report — a new report available via the SEMrush Site Audit tool. We want to add couple words about the technical realization of this report and the way it can detect you all HTTPS pitfalls.
When detecting errors related to an expired SSL certificate, the SEMrush HTTPS Implementation report doesn't just show you the certificate's expired status, but the date it expired. Moreover, it can help prevent this problem by sending a notification about an upcoming certificate expiration.
certificate's expired status
If a certificate is registered to an incorrect domain name, the report will show the subdomain the certificate is issued for, which will help to quickly discover the problem.
Tanking about server-related issues: report, will provide full information about exact subdomain, which need an upgrade of security protocol (specifying the current version) or implementation of HSTS and SNI support.
Server related mistakes
Speaking of website-architecture-related issues, one the most interesting checks in the report about mixed content detected on a page. The report will find any type of the detected HTTP element, which we extract from tag element. It means that report is available to find and specify literally any insecure element. Considering how time-consuming can me mixed content exploration, this report will definitely become a great helper.
Mixed content
There is also a severity level mark for all errors, which will help you set priorities and work with the most dangerous issues first, then move on to the less important ones.
SEMrush Site Audit
So we can say that these newest implementations, plus the high crawling speed, the 50 additional on-page and technical SEO checks and the friendly interface make the SEMrush Site Audit tool one of the most powerful website auditors available on the market and definitely the best one among SEO suites.
So what do you think? Share your thought about our new report and let us know what HTTPS errors have given you the most trouble as well as how you overcame them.


Friday, May 19, 2017

Your Company Blog Is Still Just as (or More) Powerful Than Snapchat, Instagram and Facebook

Today, it can be easy to disregard something like blogging as un-sexy and outdated in terms of being a viable channel to market your business. Plus, with a new social media platform arising virtually every year, neglecting blogging is easier now than ever before.
Despite this, having an active, curated company blog is just as important today as it was 10 years ago (if not more important).
In this article, you will discover a handful of reasons why you should still blog even if you’re killing it on much newer, hipper social media platforms. You’ll also learn four strategies on how to maximize blog traffic and the influence of your blog.

Why You Should Still Write a Blog

1. Longer Lifespan of Content

For the most part, Instagram and Snapchat content doesn’t show up in Google’s search results. On top of that, the lifespan of a Snap is a mere 24 hours. On Instagram, posts are lucky to stay relevant longer than 13 hours.
The short life cycle of this social media content is certainly a double-edged sword: the fact platforms like Twitter, Instagram, and Snapchat are so real-time means they facilitate the fluid exchange of ideas and information. All this makes them timely and relevant, thus powerful tools.
On the flip side, it also makes content on the same platforms fleeting, causing it to be difficult for businesses to keep up with the “digital Joneses” when it comes to social media. It is in the best interest of these social media platforms to ask for more content. It is in the best interest of Google to ask for the best content.
By having a company blog, customers could potentially be reeled in years down the road, all with a single piece of high quality content.

2. Impact on SEO

Image Credit: VerticalResponse.com
Despite the amount of media attention given to Instagram, Snapchat, Facebook and company, you shouldn’t forget that there are approximately 3.5 billion Google searches conducted every single day.
Comparatively, Facebook sees an estimated 2 billion searches per day, and Pinterest approximately 2 billion searches per month. Instagram’s total monthly user count just recently reached one-fifth of Google’s number of daily searches, and Snapchat is even further behind.
It’s clear Google is still the world’s top search engine. In order to get the most out of Google, you should be taking SEO (search engine optimization) into close consideration. When it comes to SEO, writing quality blog posts is a terrific way for your company to climb up the search rankings.
The higher your SEO, the higher your probability of landing a client who stumbles across your work through Google in the future.

3. Ownership

Time and again, history has proven that the relevance of social media networks is a hard thing to predict. Just remember, Myspace was king from 2005 to 2008, Tumblr was popular from 2007 to 2013, and Vine was hottest from 2013 to 2015.
Instagram, Snapchat, Facebook, and the rest are all terrific platforms to use in order to garner the attention of your audience and to grow an audience, but using them as your company’s “home base” could prove unwise.
Blogs are much different. They are yours and only yours. No one else can take them away from you…well, except GoDaddy or Google Domains, but you get the point.

Successful Blogging Strategies

Now that you know a handful of reasons why blogging is still an indispensable marketing strategy, the real work begins. To help you, here are some tips and best practices to use to make sure your blog is getting the maximum exposure it deserves.

Leverage Platforms Like the One You’re Reading on Right Now — Medium ;)

It’s no surprise that today’s online landscape is saturated, and the blogosphere is no different. That’s why fresh platforms like Medium are such a valuable asset to have to increase the traffic and influence of your company blog.
Medium provides the perfect venue to showcase your own blog because it is (more or less) a blog in itself. It is a channel designed specifically for written content.
Additionally, Medium provides users with something they can’t automatically get from a standalone blog: a built-in audience of more than 30 million monthly users. Medium gives users the scale that would otherwise take years to build and nurture with a standalone blog.
Ready to get started? Here are some pointers:
  1. Read Quincy Larson’s article, which analyzes the best practices of the top 252 Medium articles in 2016.
  2. Use tools like Rabbut and Upscribe to seamlessly capture your reader’s emails, preferably after offering them a freebie (ebook, video course, etc.) in exchange for their email address.
  3. Use Medium to republish content from your company blog, and be sure to include a link to the original post so readers can stay in touch with you.
  4. Try your very best to get published on a large, relevant publication. To do this, reach out to the respective editor (via email or Twitter) with a link to your 100% completed article. Include a quick pitch going over why your content would be a great fit for the publication.

Don’t Be Afraid to Pay

Don’t be too shy to pay to promote your blog in the form of social media advertising (via Facebook ads, LinkedIn ads, and Twitter ad, etc.).
Social media moguls like Gary Vaynerchuk think Facebook advertising is single most valuable commodity in the online marketing world today, so it could definitely be worth your while to put some dollars behind the medium.
To get started, watch this short tutorial video covering how to create and manage Facebook Ads.

Use Quora

Neil Patel, digital marketing expert and founder of four multi-million dollar companies, preaches to his audience to search on Quora to discover which questions are being asked most often in your niche. You can find these questions in the Top FAQ section of the website.
After you find a question you like, write an answer to it in the form of a blog post. This will increase the likelihood others will search for and see the post, find it valuable, and come back for more.


You never can go wrong with networking, and tools like Meetup.com, Facebook Groups, and LinkedIn Groups make meeting like minded people easier now than ever before. Set aside an hour to search for groups and meetups in your niche.

If you enjoyed reading this post, please recommend and share it to help others find it!

Call to Action

If you really enjoyed this article and want to receive the shortened, PDF version of The 7 Mindset Shifts Needed for Successful Social Media Marketingthen click here to receive it now!


Tuesday, November 1, 2016

Your First Marketing Hire For A Startup

Your First Marketing Hire

As many have written (most recently Jason Lemkin on Quora), B2B marketing contains at least four really discrete disciplines: demand generation, product marketing, positioning/strategy, and PR/communications/branding. Increasingly, marketing technologist & operations is being broken out separately, but it otherwise falls into the demand generation role.
When it comes time to hire a company’s first marketing person, most founders think they just need a director or experienced individual contributor to start doing demand generation and bring in leads. They think, “I’ve got to make sales productive with leads.” They invest in SEO, spend thousands on SEM, turn on email marketing, and crank out webinars. That is one approach, but I’ll argue it is the wrong one.
I recommend starting with a director or senior product marketing manager who is willing and ready to roll up her sleeves for three key reasons:
1. In the early stages, all marketing is product marketing.
The most important marketing milestones are to articulate the value proposition in your customer’s’ eyes, position it relative to competition and alternatives and help the company tell its story. If you’re spending money to amplify a bad or wrong story, it’s money down a drain.
2. Making sales productive is sales enablement not lead gen.
Making the company’s new sales people productive *is* critical, but what sales most needs is sales enablement tools rather than leads. Product marketing creates company presentations, case studies, ROI calculators, the website, and materials for a webinar or conference presentation. Product marketers are domain experts who can create content for lead gen and generate thought leadership.
3. Product marketers by definition are generalists with broad skill sets.
Someone who is exclusively really great at Demand Gen is not likely to be good at articulating a great story. They look for short-term clicks vs. playing the long game, which is what positioning is. On the other hand, product marketers tend to be “athletes” who play a productive role and stand up other marketing disciplines. A product marketer can build the website, write and disseminate articles, pick and manage PR agencies, run an analyst tour, optimize website for search, initiate and manage a competent SEM campaign, and pick the first basic marketing tools.
Companies who do not do the positioning work up front do not build the necessary foundation.
The risk of NOT doing the positioning work up front is you get customers, but they’re not the best or right ones. Your single best marketing asset as an early B2B company are early customers who love you.
For example, one major online backup company did all performance-based acquisition in its early days. They took anyone whose money was green. Only when they saturated their early markets did they start working on positioning, but at that point Dropbox already dominated the conversations in their categories. Shifting awareness at that point took millions instead of the thousands it would have taken to own their position in those markets up front.
There are plenty of companies that have experience on one side of this line or the other. But even though it’s contrary to today’s conventional wisdom, at Costanoa we feel leading with product marketing is the way to go.

Thursday, October 20, 2016

Why your competitors are beating you online

Photo credit: 
Are you lost because your website is not showing up on search engines as the Number 1 result?

There are lots of discussions and articles on how to fix websites. But let’s make it easy by narrowing it down to the few key measurements that search engines consider to be the most important this year.

Before looking at your site---- it is important to look at your competitor’s site that is now on top and ask yourself :

Does it load quickly?

Do you trust the company/website/person based on a landing page?

Can you find the competitor’s website link on another trusted site?

Are they running online ads?

Now go to your website:

Does it load as quickly?  
If not, you can test your site on Google’s speed test that provides suggestions on what needs to be fix: https://developers.google.com/speed/pagespeed/insights/

If you’re not sure what the Google test results mean, then your site probably has some backend technical issues that need to be address.

Now try to find something on your site that you customer might really need to know--- For example how to return an item?
Can you find it quickly or is it buried somewhere on the site?
If it is buried--- make plans with your web team to put it on the first page with a link to find more info.

Next-- Do you believe the text that describes your company, your mission, and products or are the words fluffy?
(An example of fluffy—“Our mission is to be the best and truly serve our customers.”)
This is lazy text that needs to be improved to build trust, because how much time did you really spend on that mission statement?

If your site is full of  fluffy content, find someone to help you rewrite the text and eliminate the fluff with real examples of what you can really do for your customer --- such as –-- “We will reply to your email request within an hour.”

Can you find your website link on other trusted sites?
If not, you really need to find ways to get them on other sites as quickly as possible. Any industry or association site that list companies that offer your services is a great place to start. Then move on to vendors/partners, other blogs or ecommerce sites.

Are you running ads?
If not, you should explore some options to help generate visits to your site.
If yes, re-evaluate the ads and revamp your efforts.

If you fix these few issues you should see improvement in your website search engine rankings fairly quickly. If you still experience trouble with your rankings, there are deeper issues and you should turn to a local search engine optimization expert to help fix them.

For more assistance visit our website: www.nsgconsultinginc.com