Latest from the Blog
We have recently learned of a serious WordPress vulnerability that allows hackers to delete your post content, deface your blog and change your URLs – the problem has been named the “WordPress defacement vulnerability”. Not only does this hack risk destroying your business reputation, it also damages your onsite SEO. Updating to the latest version of WordPress is highly recommended.
The hack often goes unnoticed on many websites because all the hacker does is edit the content of a post on your website. The post title, content and URL are all changed, usually displaying a simple message, such as “Hacked by XYZ”. In most of the cases we have seen, no real damage has occurred. The first hackers to exploit this seemed to use it only for political propaganda, although in theory the same process could be used to insert links or adverts into content.
This is done by exploiting not one, but three new Cross Site Scripting vulnerabilities in WordPress:
- Cross-site scripting (XSS) via media file metadata.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
Here’s an example which is currently live – note that the URL is /sh-html/ so it is not possible to determine what this page was originally about. WordPress has built-in 301 redirects so the original page will redirect to /sh-html/. Also, the hacker has not only replaced text, but hotlinked an image from wallpaperswide.com.
Who is Affected?
It seems that any website that has failed to patch the vulnerability is at risk. We have seen the hack appear on every type of website, including government owned NHS websites. Sites with firewalls and other security plugins installed have been affected. In fact, Word Fence, which is one of the most trusted WordPress security plugins at the moment, issued their own update to help fix the problem.
Fortunately, only two versions of WordPress carry this vulnerability: 2.7.1 and 2.7.2. These were minor updates, which were released in January 2017. Basically, an error in part of the code opened up a vulnerability that was never previously in WordPress, and hackers soon discovered this and shared the details with each other.
Updating to the latest version, 2.7.3, closes the hole in security. However, just updating will not remove any hacked pages.
Finding Hacked Pages
There are several ways to find hacked pages. To find a simply defacement, just log in to your WordPress site, navigate to the Posts section and then search all posts for “Hacked” – many hackers are eager to advertise that they have hacked a page. Another way is to look through all your posts in the Posts section, and look out for titles that have obviously changed.
You can also search Google for hacked pages by using the site: search command, to see if your site has been indexed for hacked terms. Alternatively, if you have an automated HTML sitemap, just look through the list of posts and you should quickly spot anything that is out of line.
Searching in Google
There are many hacked posts out there already. If you search Google for [site:.uk “hacked by”] you will see results such as these:
How To Recover Your Lost Posts
So long as you have not disabled post revisions, recovering your lost content is easy – just navigate to the post revision page and select the previous version. In all the hacked websites we have seen, the hacked posts actually underwent several changes, presumably by different hackers exploiting the vulnerability.
However, WordPress does not provide a way to revert to the previously used URL. If your URL was automatically created by WordPress, based on the page header / title, then deleting the URL permalink and then updating the post will in most cases recreate the original URL used. If this process does not work, then the only way is to search through your own records, review your pages in Analytics and to see which ones have vanished, or use Google search to find the listed URL for that content.
We cannot emphasise enough how important it is to update your website immediately. If you are running one of the vulnerable versions, hackers can easily delete all your blog content. One page is relatively easy to recover, but if you have hundreds of blog posts removed, you will have a huge task on your hands.
If you are not confident with analysing and fixing your own website, we offer a WordPress management service for just £25 per month. We’ll ensure your website is kept updated, install the latest security plugins and quickly fix any problems that arise so that they have minimal impact on your business.
April is Stress Awareness Month, and if there is one thing that reduces stress in the workplace for us, it’s being organised! Since Freelance SEO Essex took its first baby steps five years ago, we have tried and tested just about every online tool that has promised to streamline our workflows and improve productivity.
Some of these tools are specifically for digital marketing, while others provide invaluable support for all business types. So, whether you’re just starting out, or have been running your own business for a few years and now feel swamped and stressed with all the chaos around you, April is a good month to get organised and cut out that workplace stress! In no particular order, here are some of the online tools that we’ve stumbled across through the years that can bring extra value to your operations. Many of these can provide excellent cost savings and can help you enhance the way you do business.
The SEO tool industry is huge and you can easily blow your annual software budget on SEO tools alone. Over the years, we have ditched a fair few tools that failed to show adequate time-management hacks. These are the ones that survived:
SEMRush provides a wealth of digital marketing data about any website. You can quickly see if a website is performing well either in organic search or paid search. You can use this tool to quickly assess the health of websites and set out a preliminary optimisation plan.
The importance of links has declined in recent years, but they are still a vital part of the search engine ecosystem. Majestic is the best tool for gathering and analysing any website’s backlink data. When we speak to a new client, this is one of the first tools we fire up, as it will tell us how active they have already been with regards to their online marketing.
Communication is the key to success in any business, and these tools will be familiar to most of you already. For email, MS Outlook and Gmail, are great – both of these provide cloud based email access so colleagues can work from any location. Gmail is mostly used when collaborating on Google Sheets and Docs.
MailChimp is the best tool for email marketing. It’s very user friendly and provides a selection of professional looking email templates, and is also free for the first 2500 email subscribers, so is perfect for small businesses that are just starting out.
Hootsuite is a social media management tool. From one online interface, it’s possible to publish across a wide range of social media platforms. It also allows you to schedule posts, monitor engagement, analyse traffic and follow trends. This is a great tool for managing multiple social media profiles.
CRM and Workflows
Businesses will typically use Google Sheets and Excel to manage their daily workloads. Client database and workflow management can be more efficiently handled via Insightly. Insightly is another tool which is free for individuals and very reasonably priced for small teams. It allows tasks to be allocated to team members and updated, which ensures nothing is forgotten. It also provides a customer database, and all customers can be linked to assignments.
Money – it is ultimately what makes or breaks every business! The key is to use great team of accountants and make use of online banking to process many payments, but you can also make use of PayPal for all international payments. BACS is fine for UK transactions, but when ordering digital services from overseas, PayPal is the easiest and safest method.
To help reduce the stress incurred on your accountants, perhaps you could use Quickbooks to manage invoicing, process receipts and business expenses, and for managing payroll and VAT? It has a handy mobile app that allows us to keep accounts updated from any location.
The technology that supports small business is evolving rapidly and it is likely that if you ask any company in another five years what products they are using, many of these tools listed here will be replaced. The most resilient products are often the simplest, so the likes of Outlook and spreadsheets will probably be with us for decades to come, but all the other tools are subject to change over time.
When choosing tools for your own business, always make use of the free trials on offer and test as many as possible before settling on a few that will enhance your business the most. So long as you only pay for tools that pay for themselves, your business will be healthier, and you will feel far less stretched!
After Google AdWords and Facebook, LinkedIn is the most important PPC platform in the UK. This is especially the case for B2B marketing. LinkedIn has over 467 million accounts and is a truly global enterprise, with users in over 200 countries. While LinkedIn is certainly not for everybody, it is a great way to reach people within specific industries.
Like AdWords and Facebook, LinkedIn operates a self-service advertising platform. For B2B businesses the most important feature is the ability to reach specific roles, by targeting job titles, industry, company and position. For instance, if you are providing a service that only senior SEO account managers would be interested in seeing, you can target them direct.
As with any PPC platform, there are certainly tricks that everybody picks up along the way. To save you time discovering these yourself through months of trial and error, we are going to share our top tips with you today!
Create Multiple Campaigns For a Single Market
Although the greatest benefit of LinkedIn is that you can target specific job roles, it is important not to fall into the trap of being too defined. By all means target individual roles, but also put in broader roles in your industry, and create multiple campaigns that are not role specific.
Nowadays, it is common for companies to use more creative job titles, such as Fun Champion or SEO Guru, and targeting traditional job titles will miss these opportunities. So a broader target range should also be used to capture more of the market.
Different social media platforms are used at different times of the day, and LinkedIn is no exception. However, what makes LinkedIn a little trickier is that they monitor early engagement of an advert to decide how much exposure it gets later on.
Your ad needs to meet average CTR to ensure it remains visible. Tests show that a CTR of around 0.025% for text ads, and 0.30% for Sponsored Content, is considered a good rate. If your ad fails to engage at this level for the first 1000-2000 clicks, it may be downgraded.
To ensure that your ad gets the correct engagement, place it at a time with your target market is most likely to be using LinkedIn. For LinkedIn, it is generally best to get campaigns started early on a Monday or Tuesday when users are fresh and possibly looking for new business ideas, rather than at the end of the day, or the end of the week, when most people are wrapping up their work and only focussing on meeting all their deadlines.
Use Text Ads
It can be hard to see success with text ads, as the above CTRs suggest. The main reason for a low CTR is the poor placement in LinkedIn of text ads. However, because text ads are mostly shunned in LinkedIn, it means that prices are down and lower CPCs are possible. Also, any clicks you do get are more likely to be from people who have taken the time to properly read your advert, and not those who just click because it is immediately after the piece of content that they are reading.
Tag Your URLs
LinkedIn provides conversion tracking pixels so that you can tag your URLs, however, this is not always reliable, so it is considered best practice at the moment to manually tag URLs with UTM variables (for example) to have a clearer idea of how effective different campaigns are.
Use Negative Audiences
Much like the negative keyword concept in AdWords, LinkedIn provides negative audiences, which allows you to block your ads from displaying to specific market segments. So, as well as thinking about all the job roles that you wish to reach, consider those that you do not want to reach.
For instance, it may be sensible to block students and trainees from seeing your ads, as they may be carrying out research to learn more about the business, but not be in a position to make a purchase.
For B2B marketing, LinkedIn is arguably the best platform. However, it is also notorious for eating through marketing budget very quickly, so plan your campaigns well and monitor them closely to ensure you are not throwing money down the drain. Contact Freelance today to learn about our LinkedIn management services.
It seems that the freelance industry is positively booming at the moment – this week Startups reported that London has experienced a 59% increase in freelance workers overall, and a 95% increase in female freelancers, since 2008. This is great news for both businesses who need a flexible and experienced workforce, and entrepreneurs alike.
These figures were revealed by the Association of Independent Professionals and the Self Employed (IPSE), who say that there are now 159,200 freelancers in London alone, which represents 21% of the total UK freelancing population of around two million.
Why Are People Freelancing?
This does raise the question – why are so many people freelancing? The reason is partly due to the global, and national, economic situation. Many businesses have had cut back on staff to save money, and this has resulted in a rise in unemployment within the highly skilled workforce. Many people have decided to set up their own consultancy businesses, and become freelancers.
Freelancing in the City of London is certainly not a new phenomenon. Individuals have been working as contractors for decades, as it provides a way to work for some of the most exciting companies in the world, but on your own terms. As a contractor, or freelancer, you are essentially a service provider rather than an employee, and this almost always provides a better income while also being flexible and on the cutting edge of change in any industry.
Many people associate freelancers with IT and investment, but we are seeing freelancers in all types of career, from HR and project management to marketing and sales. For many people, it provides a fantastic opportunity to gain meaningful employment on a flexible basis.
Who Is Freelancing?
Freelancing is dominated by skilled professionals with many years’ experience. The average age of a London freelancer is 45, which is younger than the national average of 47. For women who have had children, freelancing is often an easier way back into the workforce – while a business may not be keen to employ a 45-year-old who has been out of the workforce for a decade, a freelancer may come across as an intelligent and highly skilled professional who is offering to work on a flexible basis. It’s a win-win.
Benefits Of Using Freelancers
As already touched upon, freelancers can be very beneficial for businesses. Often, a company will need additional help for a limited time, such as work on a project or help with managing changes within an organisation.
While employing a permanent member of staff may seem like a good idea, a freelance contractor will not only require no training and hit the ground running, but also bring a fresh perspective to the company. Sometimes a freelancer is only required for a few months, but many companies may have projects that run for several years.
Here at Freelance SEO Essex, we started out as SEO freelancers, helping businesses across Essex with their SEO campaigns. Over the years, we have grown and hired some permanent members of staff to help manage our ever-growing client base and network of freelance professionals, who provide expertise in copywriting, PPC and graphic design, without which we would not be able to provide such a high-quality service to our customers.
Freelancing is certainly booming for us. To learn how it can help your business grow, contact Freelance SEO Essex today.
Google has agreed to start penalising websites that share pirated content in a move that could see the end of some popular file sharing websites. For some websites, this update will be as damaging as the notorious Penguin updates. However, while this is possibly the biggest Google search story so far in 2017, it is one that should not affect many UK businesses.
What Content Will Be Penalised?
Google will be applying a penalty to websites that share most types of pirated content, from sites that stream live football matches to those that provide free music and film downloads.
There are essentially three ways pirated content is shared online: streamed content, direct downloads and torrents. Streamed content has recently become the most popular method, simply because it is so easy for the consumer. Sites host movies and music on their web servers which is then streamed to a computer or mobile device. These sites use the same methods to share content as YouTube, Amazon, Netflix and Now TV, but the main difference being that they do not have permission from the owner to do so – they break copyright. These sites are used mostly by impulsive viewers who do not wish to plan their viewing or listening in advance.
Some sites provide direct downloads of music and film, which is like purchasing a digital download, only its free. Because downloads can take a while to complete, depending on the internet connection speeds of the host and the downloader, these sites are usually used by those who are actively seeking a specific film or album and willing to wait for the download to complete – it can take hours, or even days, for a large file.
Torrent sites provide a faster way to download movies, and have become the most popular way to share high definition films – it is possible to download 5 Gb Blu-ray rips in as little as 20 minutes.
These sites have one thing in common – they generate revenue through advertising on the back of sharing content illegally. The music and film industry has suffered huge losses because of this, and asked Google and other search engines to take some action.
UK ISPs Already Block Many Pirate Sites
The blocking of pirate websites is not a new phenomenon – many UK ISPs already block access to sites such as The Pirate Bay, which is one of the largest and most popular torrent sharing sites. However, because Google still indexes these sites, searchers can quickly find pirated content.
Of course, many people have no intention of stealing content, but if they stumble across some free content on the web, the chances are, they will take advantage of it.
As with any major search update, there is bound to be some collateral damage. Google always aims to incorporate search updates into the algorithm, as opposed to creating manual penalties for each website. Google has very good reason to automate the process – in the six years since it Google started counting, it has removed copyrighted content from one million websites, and to date, Google has removed 2.1 billion URLs from its index.
Google’s Pirate Algorithm
However, before panic strikes, we you remind you that this is not Google’s first attempt at an anti-pirate algorithm – Google first started penalising pirate sites in 2012, and then launched a major update in 2015.
These original updates penalised sites that had already received copyright violation complaints. However, the conclusion following these updates was simple – it is not enough to abate digital piracy.
Although most businesses should not be negatively impacted, it is important to remember that stolen images and videos are digital copyright theft, so any website that has used images or videos without permission could in theory find itself penalised in Google, so be warned. If you concerned that your business website contains pirated content, request a review of your onsite SEO today.