Blog

If your website isn't mobile friendly right now, the SEO future is about to get pretty bleak.

Google has officially started the process of rolling out "mobile-first indexing" but, of course, only for those websites that adhere to the best practices. 
 
In the past, Google's crawling, indexing, and ranking systems used the desktop version of a page's content, but mobile-first indexing now means that the mobile version of a page will be used instead. 

Google indicated that it is notifying those websites being migrated to mobile-first indexing through the Search Console interface and clearly noted that being indexed this way provides no ranking advantage. 

Site owners will likely see significantly increased crawl rate from the "Smartphone" Googlebot as a result of the change. Additionally, Google will show the mobile version of pages not just in Search results but also within Google cached pages.

read the google webmaster central blog

---

We did our best to forewarn our clients about the need for mobile repsonsive websites, based on google specific rules. The time is here. You can wait no longer, or suffer the penalties. Please contact Mike if you have any questions 860-294-2444

On March 1, 2017, a new world dawned for websites.

911websiterepair would like to make everyone aware of the new website compliance rules that were implemented on March 1st. These new rules affect all websites and require that websites be behind an SSL, ie https:// vs http:// as mandated by the federal government initiative titled, “HTTPS EVERYWHERE”.

See (https://obamawhitehouse.archives.gov/blog/2015/06/08/https-everywhere-government)

We applaud this effort to secure the internet by implementing the proscribed protocols. In researching the new compliance rules, we gleaned a great deal of knowledge. The initial buzz was that this SSL requirement stemmed from security measures proposed and implemented by Google and were to go from suggestions to enforcement beginning January 1, 2017. As we know, where Google leads, all other browsers will follow.

However after careful research, it is our conclusion that Google was following the lead of the federal government as they step up their efforts to make it more difficult for sensitive and private user information to be gathered with ease by hackers.

We applaud this effort and are confident that we can secure our customers websites.

More on this change:

Compliance is not optional as the repercussion will be that your search engine rankings will be penalized. With a site not secure message next to you URL it is likely to seriously effect your traffic, visitors and revenues.

Before we go into the details, you should also know the following.

The compliance protocol was designed to force government websites to encrypt the transmission of data between a website and a remote system. Amazingly, there were no directives in place to require government websites to use standard security protocols thus rendering government information vulnerable. As the browser is the function that identifies compliance or not, the protocols were expanded to cover all websites.

To quote the source article:
“HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server or website iteself from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation.”

These requirements are now being directed to ALL websites.

The internet has become quite dangerous with all the hacking and data loss,
The search engines and browser providers (ie:google) decided to adapt the new protocols on their own.
Although inconvenient, this protocol and new compliance rules are to the benefit of all and will provide a safer internet.

Over the years we have been amazed at the number of online business that do not use an SSL because they were reluctant spend $125.00 a year on a SSL certificate and a static IP. Do not let price stop you. This is part of the cost of doing business on the internet.

Be mindful, the SSL does not secure your website or server, it encrypts the transmission of data from your site to a remote source, for instance a log-in form, contact form, or shopping carts credit card information.

You don’t have to follow the rules, but you will be penalized for non-compliance.

It is also important to note that note all SSL's are not created equal. You want to make sure you have a high level SSL. The lower priced SSL's do not work on all browsers and devices. We have also been led to believe that part of the Google algorithm has been adjusted to detect the type and strength of your SSL encryption..

So, let’s look how the effects of the changes appear for any website.

Here is a breakdown of some of the new secure messages found in the browser address bar. You can start looking up your favorite websites and see that they do indeed exist and really mean something.

1) The first Secure message shows that the site is secure and compliant.

2) The second item shows a gray I in a circle and the not secure message. The site does use a SSL, but there are items on the pages, code, and even images that are not secured. If you click the I ( in the circle) you will get a drop down with all the warning messages.

 

 

 

3) The third message is that site does not have an SSL installed at any level of the site.

(FYI: 911websiterepair now shows the correct security messages)

There are some specific features that need to have the SSL applied.
For instance, if you have a log-in page on your site, it now needs to be behind the SSL This shows that the browsers such as chrome have released updated versions that show the new warnings.

 

If you are not using the latest version of the top browsers, you may not see the warnings at all. But put yourself in the shoes of your site visitors. As many browsers automatically upgrade, they WILL see the secure messages. If you are not seeing these messages in your browser, upgrade your browsers now.

It is not enough to just install and configure your whole website to use SSL. In the case of our 911websiterepair example, the forms and login and transaction pages, even our ticket system is beyond an SSL. The reason our front page had the non-secure message is because of the log-in link at the top right.

There are many other elements of a website which will have to be configured individually to comply and to get the full secured icon and message.

Without getting too technical, some considerations are.

1) To ensure that the Not Secure warning is not displayed for your pages, you must ensure that all forms containing elements and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS.

 

 

2) Full verses Relative urls.
Best practice always is to use relative urls as opposed to full urls. Many sites have a combination of both, not only in articles but in the headers and include references within a websites code.

So, when you link to other pages in your site, users could get downgraded from HTTPS to HTTP.
These problems happen when your pages include fully-qualified, intrasite URLs that use the http://

3) My effort is not to instruct the reader on how to fix all the impending issues of meeting the compliance, but to show that you need to have some developer skills to implement. Here are some more examples of issues when converting a site to full SSL coverage.

4) If your site depends on scripts, images, or other resources served from a third party, such as a CDN or jquery.com, you have two options: Serve the resources from a server that you control, and which offers both HTTP and HTTPS. This is often a good idea anyway, because then you have better control over your site's appearance, performance, and security. In addition, you don't have to trust a third party.

5) Keep in mind that you also need to change intrasite URLs in your stylesheets, JavaScript, redirect rules,
tags, and CSP declarations, not just in the HTML pages.

6) Redirect HTTP to HTTPS. You need to put a canonical link at the head of your page to tell search engines that HTTPS is the best way to get to your site.

Set tags in your pages. This helps search engines determine the best way to get to your site.

7) It is also important to make sure that clients never send cookies (such as for authentication or site preferences) over HTTP. For example, if a user's authentication cookie were to be exposed in plain text, the security guarantee of their entire session would be destroyed—even if you have done everything else right!

There are many more issues that need to be resolved to make sure your website meets compliance and earns the secured padlock in the address bar. One of the biggest obstacles is converting potentially thousands of full URL's to relative URL's. That should be done in the database globally and not manually.

Contact 911websiterepair if your website is not showing the secure message in the browser. We offer affordable pricing and realistic time frames. In some cases you will be able to achieve this on your own. We are here if you need our help. It really is a little more complicated that you may think. Also, as not all sites are the same, we need to quote for individual websites.

Reference websites
https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/
https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/enable-https?hl=en
https://pulse.cio.gov
https://https.cio.gov/guide/
https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf
https://www.wired.com/2016/11/googles-chrome-hackers-flip-webs-security-model/

 

It is possible that on June 30 your authorize.net credit card processing may stop. 

Authorize.Net has upgraded access to the Internet connections that serve thier data centers. Instead of allowing direct connections, all Internet traffic will be routed through Akamai, a third-party cloud network service that routes and delivers Internet traffic.

Using Akamai network technology will help decrease latency and improve the reliability of our payment gateway. It will also help safeguard against interruptions caused by issues beyond Authorize.Net’s direct control, such as Internet congestion, fiber cable cuts and other similar issues. Additionally, you should no longer be affected by planned downtimes.

 

This is a really good thing. In some cases you will need to chnage the urls n your cart or payment module to point to the new servers. They also will be automatically redirecting URLS to the new service, to prevent any one from having sales interuptions

But.....But.....But....

If your service stops on June 30, the deadline for authorizgeddon, you will have to manually change the urls in your code. Best to be careful and manually change them now.

NEW TRANSACTION URLS

https://api2.authorize.net/xml/v1/request.api
https://api2.authorize.net/soap/v1/Service.asmx
https://secure2.authorize.net/gateway/transact.dll

 

You can change them yourself, or we can change for you ($49.95). You need to call us for this service 860-294-2444

But even if you have changed the urls, you could still have issues. You need to make sure that your website is not behind a firewall. Even the automatic redirect will not work if you are behind a firewall.

Using Akamai technology, Authorize.Net’s IP addresses will become dynamic rather than static. If your website or payment solution uses a firewall that has whitelisted Authorize.Net’s IP address or connects to Authorize.Net directly via an IP address, you will need to make additional changes.

Firewall Considerations – If your website uses a firewall to filter outbound connections, make sure that the firewall is set to permit outbound traffic to flow to the Akamai cloud by configuring your outbound firewall to “ANY.”

If you do not update your firewall ahead of June 2016, you will be unable to process transactions after Phase Two is implemented.

IP Address Considerations – If your solution connects to Authorize.Net directly via an IP address, you will need to update it to connect by domain name. Continuing to connect directly via an IP address is strongly discouraged as merchants will not receive the benefits of routing through Akamai, and could suffer a loss of service if transactions are re-routed among our various data centers.

If you need help, if your transactions stop after June 30, please contact us. We will need access to your server and to your firewall configuration settings.

Are you ready!

Call us for help 860-294-2444

 

 

 

Google recently announced, "Starting April 21, we will be expanding our use of mobile-friendliness as a ranking signal. This change will affect mobile searches in all languages worldwide and will have a significant impact in our search results."

The next algorithm update will take into consideration the mobile-friendliness of a site within search engine rankings. This means if you have a site that is not “friendly” to mobile devices, then you will likely be penalized and appear lower within search results. The new “mobile-friendly” requirement and ranking signal update to the Google algorhythm is scheduled for April 21, 2015, so time is running out to get your website optimized.

 

Although the update may seem harsh for sites that have not taken the time to optimize for mobile viewing, we commend Google for giving forewarning prior to releasing this update. Typically, Google implements new updates and website rankings are at the search engine’s mercy.

The layout and labeling changes are already in effect on google. Use your mobile device and do a google search. You will see the new search results layout and the label: Mobile-Friendly. If your site does not have this lable, it is reported that you will be penalized in mobile search results and you will lose your rankings.

Call 911websiterepair and get your mobile responsinve quote

860-294-2444

GOOGLE MOBILE RESPONSIVE TESTER

 

A Russian malware called SoakSoak has infected over 100,000 Wordpress sites since this Sunday, turning blogs into attack platforms. It's a potential shitshow, and it could've been prevented earlier this fall.

 

Google has already blocked 11,000 domains to try to curb the damage. According to security firm Sucuri, the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. The Slider Revolution team have fixed it with updates. The problem is that the old,vulnerable version of the plug-in is still bundled with Wordpress themes, so lots of sites are still using the wrong version.

 

 

Wordpress just released WP 4.0 and Joomla 3.x is in a constant upgrade cycle. They both are promoting one click upgrades that you can do yourself. 

 

This is just not true for anything other than the most basic websites.

 

As there was a huge initiative by the organizations behind these CMS system to upgrade this week, our phone is ringing non-stop as website owners are crashing their websites.

 

There really is a process that must be followed.

1) check for server compatibity. Will the servers PHP and mySQL support the new version of the CMS

2) check all plugins and extensions. Are they compatible with the new version

3) check the template for compatibility

4) if your site customized in any way, those customization may have to be done over

 

And then, if all of this checks, upgrade a work copy of the site. DO NOT UPGRADE A LIVE WEBSITE!!

 

Best is to call us.

 

Let us know if we can help

 

 

INTRODUCING OUR MALWARE, VIRUS AND WEBSITE ERRORS SCANNER

 

We have been working away at improving our services. This month we added a new website scanner for detecting hacks, malware and errors. No longer do you have to load a hacked website and infect your computer. Just do a scan, get a report, and we can remove and clean the site. Its right on the frontpage of 911websiterepair and you can use it as many times as you want. We get a copy of the report and will contact you to see if you need help cleaning the site. If you use the scanner, we will give you a 20% off coupon on the removal.

 

 

 

INTRODUCING SITESASSURE: WEBSITE PROTECTION PLANS

 

We partnered with some customers of ours to fill in a real need for website monitoring. The solution is Sitesassure.com. Just look at all the things you get. Daily virus, malware and error scanning, a firewall, backup program, no extra charge malware removal, 5 hours of programming time and huge discounts on future work. Just add the urls to be scanned to your control panel and you will get a daily report. If we see your hacked, we may even have it fixed before you get up in the morning and find out about it.

 

VISIT Sitesassure.com and check out the service plans

 

INTRODUCING ROB JONES

We are adding onto our staff to improve quality control and programmer management. Rob has been a long time customer. Who better to know our services that a happy customer. Rob and the staff hit it off and he took our offer to join the team. He still maintains his own company http://www.creative-pro.net. He has become a valuable time member and we are glad to have him.

 

INTRODUCING WEBSITE DESIGN AND MOBILE APP DEVELOPMENT

With Rob we add new skills and services. We now offer Website Design, Logo Design and Custom Mobile App Development. And at really great prices. Get 70% off mobile app development pricing today.

 

INTRODUCING QUOTE MATCHING

Do you have a quote for work from another company. Let us know, and as long as its reasonable, we will do our best to match or better it. Don't hesitate to tell us about it. We know we need to work within our customers budgets and we will do whatever we can to save you money

 

If any one has any questions, call us at 860-294-2444

 

Best

Mike, Rob and the Team

 

I hope that you will see what makes us different from this conversation. We take a lot of calls for repairs and website help. Our due diligence seems to scare some people off. We do a site assessment before we agree to take on any project and create a plan of action before we give a quote.

 

here is a typical call.

 

911: Hi 911websiterpair, this is Mike

caller: my website is broken, can you fix it?

911: tell me what the issue is

caller: its broken, how much will it cost?

911: well, i need to know what the issues are.

caller: i just want to know how much

911: ok,  whats the URL, let me take a look, what is happening, are there error messages

caller: yes, the site is not loading

911: ok    URL please

caller: ah um www.mysitedoesnotwork.com

911: ok   i see the error message, and im running a scanner against your site to see if you have been hacked or have malware. im also checking your listing on google to see if you have been blocked

caller: all i want to know is how much

911: we have to perform an assessment, just like whe you go to the doctor. I cant fix your site if i dont know whats wrong. I need to ask a few more questions

 

1) did you recently try to update your site

2) do you have a backup

3) what type of site is this, (joomla, wordpress, etc)

 

caller: i saw the upgrade button and clicked it and now its broken like this

i dont have a backup

it is wordpress, a friend of mine made it for me and i know nothing

 

911: where is your site hosted

caller: i think its godaddy

911: can you give me the admin login credentials, i need to see the backend of the site

caller: why   im not giving you access,you might break it

911: only way to determine whats wrong, we have the credentials to hundreds of sites and never have an issue, and your site is already broken.

caller: why

911: because when you upgrade a site you cannot just hit the update button, it does not work like that, you have to check and see if all the plugins  and the theme are compatible with the new version of wordpress and then get the latest copies of those and install separately. When you clicked the update button it only updated the core of wordpress, not the plugins. This is most likely what happened

caller. how do you fix it

911: well, could be an issue. we need to find a backup, godaddy should have one,

then we move the site to our dev server

then we check for all the extensions and customizations to make sure they are compatible

then we do the upgrades and update on our dev server

once everything is completed, we have you check the work, and if you approve, we move it to live

caller: thats way more than i want, all i want is my website fixed.

911: I know, this is what needs to be done. we will get your site working, updated, and warranty the work

caller: i dont have a lot of money

911: i will try to work within your budget. can we have the login so we can quote, you can email it to [email protected]

caller: ok i will email, how much will it cost

911: i cant quote until we do our accessment. your website also shows that its infected with malare. we need to clean the site too

caller: why wont you answer my question   how much

911: first we assess the site, then we quote

caller: ok    i dont have time for this, i will send the email

 

click 

 

SO...why did i share this.

1) this customer could really know what they are doing, and manipulation for a cheap price (yes, people do this)

2) there are freelancers and developers who would just throw out a price. This will screw themselves and the customer, WHY! 

Because the developer could just have agreed to fix a $10,000.00 website with extremely complicated customizations for $40.00.

The developer who did not do an assessment, may be in over his head and not have the ability to complete the upgrades and any customizations.

or

The site could be completely destroyed and need to be built over from scratch.

 

The instant answer does not serve the customer or the developer well at all. By doing our due diligence, we can assess so that all the bases are covered, insure the work is feasible, and even warranty it. And best of all set a reasonable expectation for the client and our staff.

 

Do you really want to hire a programmer who does not even know what the problem is?

 

Get our assessment for FREE!.

 

If you want and feel the need to shop our price and assessment around, so be it. Its about your website and keeping your business on line. Just remember us when the programmer you hired did not fix the site. We will jump in where he left off.

 

We have actually had many customers who did this, hired the cheap guy. Then another cheap guy. And sometime even a third cheap guy. Then came back and we fixed the site. But now they were out the cost of the two or three failed attempts. They even tell us they have spent their money and ask us to reduce our rate. That is not our problem as our quotes are highly discounted, but even with that, we have shaved a few dollars off the price here and there.

 

And dont for get, we WARANTEE the work.

 

Get your free assessment now!   Fill out our handy free website assessment form.

 

 

 

 

 

 

 

 

 

I've been doing INTERNET development since 1994. At first I worked for ecommerce companies, and then went on my own as a developer/internet business consultant. I had a lot of successes and survived the boom and the bust. On my own i was the only one working on my projects. It was great not having a boss, but i was limited by the number of projects I could take at a time and my own skill sets. I was not scalable.

So time went on and I started outsourcing little pieces of work to off shore companies. It was always a problem. They over promised and under delivered. I tried China, Vietnam, India, and Mexico. And the whole escrow thing I just hated. The big problem was using those freelancer sites. I did not like the poor communication

 

Well, its happened again, actually 3 times this week alone. A past potential customer contacts us and tells us their programmer has disappeared, did not finish building their website, and will not return phone calls or emails. This happens all the time. Here is what usually happens in our world.

Customer submits to us for a quote and then decides to go with another person or company. That  person or company under quoted and did not check for feasibility of the requested functionalities and tasks. We cannot compete with $1.00 per hour programmers and companies that fail to tell their potential customer that what they want cannot be done. Because  another person or company under-priced, short estimated the time frame, over promise and did not do feasibility studies, they set themselves up for failure.