Search engines like Google follow links. It follows links from one web page to another web page. A search engine like Google consists of a crawler, an index and an algorithm. A crawler follows the links on the web. It goes around the internet 24/7 and saves the HTML-version of a page in a gigantic database, called the index.
This index is updated if Google has come around your website and found a new or revised version of it. Depending on the traffic on your site and the amount of changes you make on your website, Google comes around more or less often. For Google to know of the existence of your website, there first has to be a link from another site to your site. Following that link will lead to the first crawler-session and the first save in the index.
Google’s secret algorithm
After indexing your website, Google can show your website in the search results.
Google has a specific algorithm that decides which pages are shown in which order. How this algorithm works is a secret. Nobody knows exactly which factors decide the ordering of the search results. Moreover, factors and their importance change very often. Testing and experimenting gives us a relatively good feel for the important factors and the changes in these factors.
On Mar 12, 2015, at 9:32 AM, a potential client wrote:
What are your “standard behind-the-scenes bells and whistles?”
Security best practices; premium backup, security, caching software; other open-source and premium software (where needed) such as sliders, forms, and themes, all configured to optimize performance, security, long-term stability, and ease of use.
David Innes, owner
Real Basics, LLC
Cool post from VOX.com on the runaway most-popular passwords… and therefore the ones hackers try first.
So about the title of this post: yeah, don’t choose any of these. Also, pro-tip: computers are fast and sorted lists of the thousand most popular passwords are easily obtained so when possible pick a good one that’s easy to remember but hard for computers to guess (four or more random words in one or more languages is good, for example (though just an example, “elbow Lucerne brown elegante” works well.)
From Shaun Quarton at Torque Magazine
- Backup your site
- Keep everything updated (WordPress plus themes and plugins — even the ones that aren’t in use.)
- Hide your WordPress version
- Choose secure passwords
- Use secure usernames too (do not use “Admin”)
- Move you login page
- Hide your username (your login name)
- Limit login attempts
- Use a secure host
- Disable the theme and plugin editors
- Add and configure one or more security plugins
These are all great tips. Go check out Shaun’s post. I’m always happy to answer questions as well.
Statistics site Internet Live Stats reports there are currently 1,060,822,043 websites in the world! Even if you read this only minutes after I post there will already be thousands more! Just follow that link and watch the counter fly!
ILS also reports, however, that
It must be noted that around 75% of websites today are not active, but parked domains or similar.
We’ll just add that of the remaining 250,000,000 sites an extraordinary number are live, yes, but also old, obsolete, broken, and vulnerable! Small wonder then that as operating systems become more robust hackers and spammers are breaking into and hijacking websites.
Our advice? Make sure your website software is up to date, backed up, protected with security checks and plugins, and of course regularly updated! Either do it yourself or if you don’t have time or resources find someone able to do it for you.
Nobody wants to see messages like these when they visit their website. Or their hosting company. Or their website control panel.
And the good news? Usually you don’t!
It’s even better news if you have regular, recent backups stored somewhere besides your hosting company’s servers.
That way, if bad comes to worse and your hosting company has gone dark or, nearly as bad, has an extended, intractable data center equipment failure, you’ll at least be in a position to temporarily (or permanently) relocate your website to another server, on another account, or even with another host altogether.
Yesterday the vulnerability was announced. If you’re a RealBasics maintenance client using All in One SEO Pack your site is already protected and the plugin fixed.
Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service.
More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization.
Don’t get us wrong: All in One SEO Pack is a great tool backed by responsive developers so they released an update that closes the vulnerability very quickly. The risk is that current users may not get the message, log into their websites, and perform the update. Keeping your software up to date and security scanned are just two of the core benefits we offer hear at RealBasics.com.
If you’d like this kind of coverage give us a call – (206) 390-8082.
There’s so much to like about the new WordPress 3.9. If you’re a RealBasics maintenance client your site’s already been backed up, security checked, optimized, and updated to 3.9. (If you’re not a maintenance client then give us a call!)
- Much more mobile friendly interfaces!
- Improved visual editing — better format options, more mobile friendly.
- Add photos by dragging and dropping from your desktop! (No “Add Media” button required for most images!)
- Easy image editing too! (Resize just by dragging to name just one new feature!)
- Gallery previews (no more guessing what’s in the big yellow box!)
- Paste text formatted from your favorite word processors, email, even other websites! (No more “Paste from Word!”)
- Lots of behind-the-scenes features for the techies and nerds at RealBasics.com and elsewhere.
We say check it out.
On the other hand if you’re already one of our service customers your software’s already updated and your site is secure.
Here’s the warning from the good folks at WordFence
WordPress Vulnerability: WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role. More info available on the National Cyber Awareness System: CVE-2014-0165
WordPress Vulnerability: The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. More info available on the National Cyber Awareness System: CVE-2014-0166
What to do about the above: Make sure you are running the newest version of WordPress, version 3.8.2.
The post also warns of a vulnerability in the TwitGet plugin. If you use it you’ll want to upgrade that too. Or have us do it for you.
Of course we do more than keep your website up to date. We keep it backed up, run multiple security scans, give you access to premium plugins and themes at no extra cost, keep an eye on your server and database performance, and provide up to an hour of consulting, training, and even post scheduling and gallery management! Give us a call.
Head’s up for WordPress users on rumors of a new variation on an older scam. It’s especially tricky right now because the newest versions of WordPress actually do send you email saying (truthfully!) that it’s automatically updated itself. Here’s how one person reported the issue:
USING WORDPRESS? Beware of a VERY legit looking email going around that says your site has been updated to WordPress 3.8.2. Do NOT click the link, it’s to steal your info!
I got the email and so did a friend who unfortunately clicked on it!
I manage dozens of WordPress sites but haven’t seen this specific scam yet (I expect to see them soon.) But late last year a similar message about a “required database update” was making the rounds.
The security rule of thumb in all instances of email solicitations to log in, to provide personal info, etc. is to
- Ignore the links — don’t click on them and don’t copy them down
- Close the email
- Navigate to the correct URL into your browser either from memory (if it’s a site known to you) or after finding the real URL via Google/Bing.
- Log in
If the notification was legitimate your WordPress site (or bank, or Netflix, Gmail, Amazon, etc.) will let you know. Follow those instructions, not the ones in the email.
Same as for phone calls from alleged banks, utilities, etc. by the way: scams are so prevalent that basically no legitimate company representative will ask for your personal info, login info, or credit information in a phone call they initiated.