Category Archives: Blog

GoDaddy Breach November 2021

GoDady Breach - 1.2 Million WP accounts at risk!

Up to 1.2 Million WordPress Accounts At Risk in Latest Breach

GoDaddy has announced in a filing with the Securities and Exchange Commission (SEC) that up to 1.2 million managed WordPress accounts are at risk.

An unauthorized attacker managed to breach a “legacy” WordPress management tool still in use at GoDaddy.

The attacker used a compromised password on September 6, 2021 to access the tool. However, the breach wasn’t discovered by GoDaddy’s internal security team until November 17, 2021.

Over the six-week period of unauthorized access up to 1.2 million active and inactive managed WordPress customers had their email address and customer number exposed to the attackers.

Additionally, major customer credentials and secrets have been exposed:

  • Customers’ original WordPress Admin password (set at the time of account provisioning)
  • Customers’ FTP and database usernames and (plaintext) passwords
  • And, for a subset of these customers, their SSL private keys.

Immediate Consequences of the GoDaddy Breach

GoDaddy has implemented a series of changes to remediate the effects of the breach, including resetting any potentially compromised passwords.

While GoDaddy is still investigating the causes of the compromised accounts they are also reaching out to impacted customers to issue appropriate advice regarding resetting passwords.

They’re also attempting to raise awareness of the compromise of their users’ email addresses, so that those users can be conscious of phishing scams.

It is unclear whether GoDaddy has fully accounted for all potentially exposed private keys.

Long-term Consequences of the GoDaddy Breach

The attackers were able to gain access to raw passwords for sFTP and database accounts. It would therefore appear likely that at the very least GoDaddy was storing FTP credentials in a majorly insecure manner.

This is a huge security practice failure on GoDaddy’s part.

Storing passwords in plaintext is a major no-no. It’s unclear at this point why GoDaddy didn’t remediate this relatively basic flaw with their “legacy” managed WordPress service. This service – which makes up a sizeable portion of GoDaddy’s income – was fundamentally insecure.

It’s unclear what GoDaddy means by “legacy” and whether GoDaddy intended to move these customers off of this platform eventually. However it is clear that they did not do so soon enough.

GoDaddy is also keen to point out “best practices” for securing WordPress instances in a (long) series of posts. However, GoDaddy’s own mistakes here have lead to a massive customer exposure.

That does little to instill a sense of trust in GoDaddy who will need to do some reputation management in the coming months.

What should you do?

If you’re a GoDaddy Worpress user you should immediately reset all passwords associated with your account. Note: don’t re-use passwords, ever!

Users should also look to their email for notification from GoDaddy as to the status of their SSL certificates. At the time of this writing GoDaddy was still “in the process of issuing and installing new certificates for those customers.”

And it never hurts to consider alternatives when looking for WordPress hosting. We offer a low-cost basic hosting package that’s more than suitable for hosting a small WordPress site / blog. We also offer a wide variety of larger hosting packages that would perfectly suit the needs of a higher-trafficked site.


Three Product Page Must Haves

Three Product Page Must-Haves

Product Page Conversion Tips

Feeling lost about how to structure your product pages and what information to provide to your customers? With the holidays upon us, making sure your product pages have the key elements needed is vitally important.

Product Page Description

One of the main keys to conversion rates on product pages is how effective the description is. Think here in terms of what solution does your product solve, or what pain point does it relieve? What emotions or feelings will your product evoke upon the user when they have or use your product?

Rather than listing the benefits and features, tap into a person’s emotional side when creating your product descriptions. For some product it is important to list features and technical descriptions as well, but having the emotional aspect of the description first is important to those not needing/wanting any of the technical description parts.

Product Page Reviews

Product page reviews are key as well. They help build trust in the product and your brand/company for those new to your site. Think about how much time you spend reading reviews when you are shopping. I bet you read at least 2-3 for products or sites you are not familiar with. They really can seal the deal on a sale.

Product Page Images

High quality, detailed images really help sell a product. With so much shopping being virtual and online, you really need to bring the in person experience to the online world. Making sure you have clear detailed photos with multiple angles when possible is key. Having a few manufacturer images is fine, however adding in your own personal images really shows the potential customer, you are highly detailed and care about the sale, as well as provides more views and angles than manufacturers typically provide.

Summary

Having these 3 key Product Page elements optimize will greatly increase your conversion rates for your product pages. Helping turn your visitors into customers giving them the confidence to buy on your site!

If you have an eCommerce store and would like more info on how to further optimize your pages, Contact Us today and see if we would be a good fit for you!

How to Move Hosting Companies

Man Carrying Laptop

 

Have you ever been fed up with your current hosting provider? Do they keep going down or have poor customer service?

Sometimes moving to a new hosting company is the answer. The biggest thing is, how do you do it, especially with eCommerce sites, with minimal to no down time?

The key is someone skilled at moving sites and DNS preparation.
How do you know if someone is skilled at moving sites? Ask them how long it takes for your site to come up on the new server during the transition. If they tell you a day or two, or even three, then they do not know how to properly prepare DNS. The answer should be an hour or less if they know how to prepare everything in advance.

Steps to moving to a new hosting provider

  • Create an account on the new hosting provider and copy your site to the new hosting provider
  • Use a development subdomain for this so you can test it. For example: dev.yourdomain.com
  • Once everything is set and working, start preparing DNS by turning the TTL (time to live) down on the DNS server settings. Put it as low as your DNS hosting will allow, however note what it is set to before you change it. We like to put it to 5 minutes.
  • After the time has past for the old DNS TTL setting you can get started doing the actual live move!
  • Start by copying the site again to the new hosting and re-test everything. This is your ‘dry run’ to make sure the copy will work seamlessly.
  • Note any issues, fix and try the dry run again until there are no issues.
  • If you have an eCommerce or dynamic store of any kind, close the store/put it in maintenance mode.
  • Copy the site to the new hosting provider and test one last time.
  • If everything works correctly, update your DNS to point to your new IP at your new hosting provider.
  • Open up the eCommerce store on the new hosting provider and you should be good to go!
  • If everything is good, you can later update the DNS to have a longer TTL if you’d like.

Summary

With this proper preparation, the only down time should be copying the site that one final time to the new hosting provider and then the minimal time for DNS to propagate! So it should be about 5-10 minutes depending on the speed of the copy of the site!

Keep in mind, sometimes bigger is not better when it comes to a hosting company. It really is the service that matters and level of support they provide. If you have an eCommerce store and aren’t happy with your service, contact us today to see if we would be a good fit for you!

Cumulative Layout Shift (CLS)

Cumulative-Layout-Shift

 

Have you ever visited a website and as you were reading it, the website content shifted and moved? Have you been ready to click on a button or link and the page shifted causing you to click on something else or not click on anything at all?

Cumulative Layout Shift (CLS) is Google’s new metric that has rolled out the summer of 2020 and will be in effect in 2021 as a ranking factor. This will be come a very big deal for ranking and honestly fixing it will improve user experience; which is what Google aims for. To present to you, the user, with websites that are a good user experience with relevant content.

Why Does CLS Occur?

Some common reasons for CLS include:

  • Images without dimensions
  • Tables without dimensions
  • Embedded elements, such as iframes and ads, that have no dimension defined
  • Dynamic content that doesn’t have a preset size on the page and loads after the page is mostly rendered

What is a Good CLS Score?

You should strive for a CLS score of less than 0.1. There are many tools out there that can help you measure this including Google’s PageSpeed Insights.

What Can You Do About It?

Make sure every area that contains content has dimensions to it. This includes images, video, tabled information, etc.

A properly designed site should have all areas of it pre-defined before the page starts to load. This gives the best user experience. So not only will you be helping your google rankings in 2021, but you also will be improving your user experience if you fix any CLS issues.

How we can help

Sometimes fixing CLS issues can be an involved task that you’d need a programmer to fix. We have been helping clients since this summer fix their issues and help improve their rankings in search engines. Contact us Today to help!

How to Effectively Work from Home

Effectively working from home can be a challenge, especially if you are not already used to it. Our original BCS Engineering staff worked in my house or in their own house in the early years. Working from home has several positives and several negatives. Navigating those to create the proper balance will help you be able to effectively work from home.

Positives of Working from Home

There are many positives from working from home. From personal to professional and in-between. For example, you can throw in a load of laundry when you take a small break from work. This not only lets you take a nice mental break from work to refresh your brain, but it also helps you get a chore done you wouldn’t other wise be able to if you were at work.

  • Get more sleep because you no longer have the work commute time
  • Do small chores during your work breaks
  • Eat healthier because you can cook your lunch
  • Be home with your pets
  • Work from anywhere
  • Use your workout equipment while taking a brief break

Negatives of Working from Home

While there are many positives from working from home, there are also some downsides from both a personal and professional standpoint. For example, over achieving people can fall into the trap of working all waking hours and never truly getting a break and having down time. I originally fell into this trap. I was working from about 8am until about 5pm, then working again after the kids went to bed from 9pm until 12am. It took a lot of work and effort to break this habit of mine and realize, it was OK to not work that many hours in a day!

  • Potential to becoming a workaholic
  • Not taking time for yourself
  • Missing out on a work ‘family’
  • Distractions, especially if you have children at home with you
  • Becoming too distanced from others

Effective Work from Home Tips

If you do find the need to work from home, or even the want to work from home, there are some guidelines and tips that will help you have a productive and healthy home work environment.

Home Office Setup

In particular, to be effective at home and balance a needed rest time in your day, I highly recommend having a separate ‘work’ area from the rest of your house. This could be simply a specific desk that you only do work at, or it could be an extra room. Having a consistent place you sit down to work, and do nothing but work from this location, helps you keep a line between work and personal time. This doesn’t mean you can’t take your laptop and work outside if it’s a nice day, but having a consistent place that you normally do work helps you mentally.

I also recommend your office area be tidied up on a regular basis. This could be daily or weekly. I usually don’t recommend less often than that. And tidy doesn’t mean ‘perfect,’ it just means it needs to be, by your standards, uncluttered. I usually do have ‘that stack of papers,’ but I know what’s in my stack of papers and I know I’ll get to that stack when I need to. The goal here is to not have anything uncluttered and unknown in your brain. That causes internal conflict and stress while you are working as well as while you are not when you see that mess!

Keep things you need daily in arms reach! This will keep you more efficient. If you use it daily, keep it close. Weekly, a little farther away (maybe an office chair roll away). Something you only occasionally need? Keep that even farther. The main goal is to keep things you always need right there so you don’t have to get up.

Work from Home Schedule

Just like you would have a schedule if you worked outside the home, you need to have a schedule at home. This will help you be more consistent, efficient and allow you to give yourself permission to not work when it’s time to not work!

Get up at about the same time every day, eat your breakfast, brush your teeth, shower, etc. Put on comfortable clothes, but I recommend something more than just sweats. You’ll feel more like you are going to work if you do a normal morning routine and put on something more than just lounge clothes!

Plan for your lunch time, make sure you eat your lunch away from your work area. Just like it’s healthy when at work, to get up away from your desk for lunch, it is also healthy when you work from home. You need that mental break from work, so you can recoup your brain and be ready for the afternoon set of work.

Have a scheduled stop time. This can vary a little, but set a time range of when you will stop working. Maybe for you that would be between 5pm and 5:30. But have a consistent time frame. This helps give you permission to get up away from your work, and have time for your personal life.

Take Breaks when Working from Home

Just like you should take breaks in a work environment, you need to also take breaks when working from home. You could go for a 10 minute walk. You could put in a load of laundry. You could load the dishes. Think of something that you either enjoy doing, or something that if you did, you’d feel a sense of relief (which is why I have chores in there too!)

Get out of the House!

Like actually do it! Make sure you get out of the house regularly! You want to make sure you have enough social interaction. Even if you are more introverted, getting out with a friend (or friends) regularly is very good for your overall health.

Summary

In summary, weight the positives and negatives for you. This will vary based upon your personality and normal tendencies. Make sure you have a good home office area set up, have a routine, take breaks and get out of the house! If you feel overwhelmed or don’t feel like you are effective working from home, take a look at each piece, pull it apart, try something new or different and see what works best for you!

Which Shopping Cart is Right for You?

Which cart is right for you?

 

Picking the correct shopping cart for your business can be a daunting task! Especially with the number of eCommerce shopping carts available on the market today! We have customers ask us many times what shopping cart is best, especially given we have been working with and customizing shopping carts since 2002.

Just like there is no correct answer to the perfect car for everyone, there is no perfect shopping cart. It really depends on the features you want, how easy it is to maintain, how reliable it is, and how much you are able to pay.

We will be discussing the 2 shopping carts we work with most, X-cart and Magento.

Start by listing in order what is most important in an eCommerce shopping cart to you

  • Built-in Features
  • Shopping Cart Cost
  • Maintenance costs
  • Hosting Costs
  • Developers available
  • Flexibility

Magento eCommerce Attributes

Magento for example, is a very flexible shopping cart with a large set of built in features. You can even get a free version of this shopping cart. There are a very large number of developers available to help you with MagentoCommerce, including us.

However, Magento requires a much more robust server to run on than most shopping carts. Our eCommerce Hosting for Magento requires a lot larger server base. You would need at least the Medium level of hosting to properly run Magento, but more likely need the Large hosting server or above depending on how much traffic you expect to your shopping cart.

Magento can also be extremely expensive for most businesses if you wish to run the paid version of it and is much more difficult to maintain by the average store owner. You’re very likely to need a Magento Developer to help you out.

X-cart eCommerce Attributes

X-cart has been around since 2001 and has become quite the feature-rich shopping cart. Especially the long running X-cart 4 version and X-cart 5 is working on catching up. X-cart can run on a much smaller server than Magento. Our eCommerce Hosting packages for X-cart can utilize our Small Server base for many businesses and can easily expand into the larger servers as needed.

X-cart 4 and 5 are much easier for the average business owner to maintain for most day-to-day tasks and has several options for X-cart Developers including us. Some business owners we’ve seen be able to pick up some small and medium customizations as well!

For more complicated customizations, you will need an X-cart Developer to help you out.

Picking the Right eCommerce Package

Still not sure which one would work best for you? Start by listing out what features you need, and Contact us! We will be happy to help you walk through critical thinking to help you pick the product that’s best for you!

3 Steps to Test Your New eCommerce Site

As a non technical person, being asked to test your new or upgraded website can seem like a daunting task, however it doesn’t have to be! This short article will give you the guidelines needed to make sure you cover all the basics in site testing.

By testing your own site, you can help ensure that all the pieces are there to make sure your business processes are effectively implemented and that there isn’t something missing!

1. Think like an Established Customer

Ask yourself questions like:

  • What products do I want to buy?
  • What information do I need to decide to buy?
  • Are there any features of the website making buying difficult?

Pick your top 10 products you want to be selling and try to find them on the new website. Fully complete a checkout process including creating test orders using all the payment methods you have available.

2. Think like a New Customer

Ask yourself questions like:

  • What would help me build buying confidence?
  • Are the shipping and delivery options clear?
  • Are the descriptions on products clear and concise?
  • Does my About section clearly tell my story?

Browse your site with the eyes of a stranger. Do you trust it? Enlist some friends not familiar with your site too. Do they feel comfortable purchasing from your new site?

3. Think like an Admin of Your Site

Now that you have created test orders in the previous steps, go through the admin side of your site.

Admin tests:

  • Pretend like you are filling those orders you created
  • Create new products
  • Edit existing products
  • Use any custom tools you have

Are there any business processes missing? You are the best person to test this part as you know how your business operates.

Have a staff of many? Enlist the appropriate staff members to test their specific area of the site they use. Usually the more testing the better!

eCommerce Testing Summary

Programmers and developers can thoroughly test your site from a technical perspective and many times user perspective too. However having one type of person test your new website, will limit the perspective of the testing. Having many different types of people, and many different knowledge backgrounds will help your site be much more successful in launch! Everyone sees the website differently, just like everyone sees the world differently!

Need user testing or help upgrading your site? Contact Us today! We have launched and upgraded countless eCommerce sites since 2002!

Top 5 Fall Maintenance Items for your Ecommerce Site

Just like you have a list of maintenance items you would do on your house or building every Fall to prepare it for winter, so should you be doing maintenance and preparation for the upcoming Holiday season! Even if your business doesn’t rely on Holiday Ecommerce Sales, you should be regularly maintaining and reviewing your website. What better time to do it than before the end of the year?

1. Security Patches

Lack of applying Security patches is one of the number one reasons eCommerce sites get hacked. If you run X-cart or Magento, they regularly push out security patches a few times a year.

Security Patches for X-cart and Magento generally are fairly easy to update and install. If you are hosted with us, you automatically get security patches applied. Make sure if you are hosted somewhere else, that you have us apply them for you or hire a developer if you are unsure how to patch your site!

2. New Content

Do you have a blog on your site, a news area? If you aren’t consistent throughout the year at creating new articles, you should at least once a quarter be creating a new article. Having new content on your site shows Google that you are still there and still updating the site. Otherwise you become stale and less important to the search engines.

So having a plan for new content, even if it’s only once a quarter is key. Be consistent and stick with it. Your topics can even vary and don’t have to be directly about your business. Just keep them interesting and tell your story!

3. Review Old Content

Have you looked through your website lately? Do you have any old articles that are so out dated, they do not make sense anymore? Be sure to review your site at least twice a year to remove old, stale and out dated information.

Keeping old content can be good and key for search engines, but if you know it is not in any way relevant, then get rid of it. So when you are reviewing, think from an outside readers perspective.

Ask yourself:

  • Do I want a prospective customer having this page as my first impression?
  • Does this article provide good information still?
  • Do I need to rewrite this to keep it relevant?

4. Test your site for usability

How long has it been since you pretended to be the customer? Have you tested your site on Desktop, Mobile and Tablet devices recently?

Standards change and devices change, it is a good idea to explore your site regularly with multiple different brands and types of devices. You may find some glaringly obvious issues that weren’t there before! It could be preventing you from getting the sales you need and want! Usually just a quick typical testing of your site is key to finding any big issues that may be new.

5. Review your Competitors

Regularly checking in on your competitor’s sites is key. You may find something they are doing really well that you should be doing as well. You may find something they are not doing well, that you do well. In this case, you can work to highlight what you are doing well and be able to stand out from the crowd.

One thing you never want to be though is a copy-cat. Make sure if you do find features or functions that your competitor does well, that you put your own twist or uniqueness when you work to implement something similar. Your customers want to shop with you because of you. Never try to be something or someone else than you are!

Need help with a Site Review?

Give us a call or contact us! We would be happy to set up a consultation for a site review!

Athens Ohio is about to Double in Size!

Our city is about to double in size and go from about 25,000 people to about 45,000! Ohio University classes start Monday! Most of us at BCSE have at least one degree from this wonderful university!

Ohio University is the state’s first university, established in 1804 and is situated in beautiful South Eastern Ohio. Every Spring, the city “breathes out” when the students leave and the locals enjoy a much quieter few months. Then every Fall, we breathe back in around 20,000 students to the Athens campus. We enjoy the diversity and culture that the university brings to this unique area of the state.

Once you’ve lived here and experienced the city, you will never find a place quite like Athens Ohio!

Read more about Ohio University: https://www.ohio.edu/

robots.txt Changes with Google Core Updates

Google has announced a major change to the way it’s web-crawler responds to directives within the robots.txt file.

Under the latest “Core Update“, Google will stop supporting robots.txt rules that are not published in the open-source Robots Exclusion Protocol Specification, including the “noindex” and “nofollow” directives.

Google is providing recommendations for how website operators should handle these changes:

  • Noindex in meta tags. You should use <meta name="robots" content="noindex"> on all pages that you previously listed in robots.txt with a noindex directive.
  • HTTP 404/410 status codes. Google will drop any page which returns one of these status codes. For instance, if a page legitimately no longer exists.
  • Password Protection. Use markup to indicate subscription or paywalled content as Google will remove all password protected content that’s not legitimate subscription or paywalled content from indexing. Thus, password protecting content removes that content from Google.
  • Disallow Directive. Search engines only index pages that they know about. Therefore you should use the disallow directive in robots.txt to indicate that Google cannot crawl that content.
  • Search Console Remove URL tool. The tool is a quick and easy method to remove a URL temporarily from Google’s search results.

In conclusion, Google aims to make the internet a more open and simpler place by implementing these changes. In most cases, the end result will be a much simpler robots.txt file and an easier time for webmasters protecting content.

As always, BCSE is here and ready to assist with your SEO. If you need assistance with your e-Commerce or other website, SEO, or hosting please contact us today!