Xeneco

Thinking about getting a website? Or revamping your existing one?

Done some research?

No idea what anyone’s talking about?

Hopefully, this will make things a little clearer!

Apache

A popular web server, maintained by volunteers and distributed free of charge. Is capaple of running on both Unix and Windows servers.

ASP

Active Server Pages - a technolgy developed by Microsoft which allows a web developer to create websites based on programming logic and databases

Bandwidth

Either a measure of, or a limit to the amount of data sent through an internet connection

Browser / Client

The software which sits on most computers and allows one to ‘browse’ the internet

CMS

Content Management System - a user friendly interface allowing a website’s content to be easily updated and changed

CSS

Cascading Style Sheets - The code used to affect the appearance of a website

Database Driven Websites / Dynamic Websites

Websites which use a database to hold the majority of the content of a website and a server-side scripting language such as ASP or PHP to output the content to a web page.

Domain / Domain Name

The root address of your website, eg ‘my-website.com’. It is essentially a recognisable label to allow internet users to find your web/email server which will have an unremarkable IP address such as 64.13.232.81

Email Server

The software running on a web hosts’s computers which manages the email communications

FTP

File Transfer Protocol - A data interchange protocol for the transfer of large amounts of data / files over the internet. Your files for your website will be uploaded to the webserver using FTP (and downloadable via FTP)

Host / Web Host

A company which offers web servers for serving websites and web pages

HTML

HyperText Markup Language - the code that makes up a web page

HTTP / HTTPS

HyperText Transfer Protocol / Secure HyperText Transfer Protocol - the data interchange protocol for web pages

IIS

Internet Information Service - Web server software from microsoft

IP / IP Address

Internet Protocol - a data exchange protocol for computers on a netweork

An IP address is a numeric address given to every computer which connects to another computer, or computer network, using the ‘Internet Protocol’

Javascript

A scripting language widely used on web pages to enhance behaviour and add visual effects.

MySQL

A popular database, widely used to power websites that need to be ‘database driven’

RSS / RSS feed

Rich Site Summary or Really Simple Syndication - an XML schema designed to transfer information about a website.

An RSS feed is the URL of a specific XML document containing information and conforming to the RSS schema specification

PHP

A popular server side scripting language, used to add some ‘intelligence’ to websites which need to be able to alter the content based on individual users’ needs.

PPC

Pay Per Click Advertising - A form of advertising on the internet where you only pay for the visitors you get to your website. The ‘click’ is when a web surfer clicks on the advert for your site. Expect to pay anything from a few pence to over £1, depending on competition

SEO

Search Engine Optimisation - (onsite) The practice of building sites optimised in such a way that they will rank highly in the search engines for your searches performed by your company’s target market. (offsite) Influencing factors on other websites that promote yours. This is less formal than conventional advertising as the effects are, if done correcly, almost permanent

SQL

Structured Query Language - A programming syntax for updating and retriving information from a database

Unix / Linux

A computer opperating system very well suited to computer networks

URL / URI

Uniform Resource Locator / Uniform Resource Identifier - The address of a webpage on the internet

Webserver / Server

The software that sits on a computer at the web hosting company. The web server software is in charge of handling all requests for web pages on that computer and sending the required document back to the ‘client’

Windows

A computer opperating system, common in many homes and offices. There are other versions designed to power web servers

XML

eXtensible Markup Language - a data interchange format, commonly used in the internet for web sites and web apps to communicate with each other

I know a lot of people, both personally and professionally, who run a small business. I also know a fair few people who, like me, offer wed-based consultancy (web design, etc) to small businesses. There is also a recurring problem.

The problem is a combination of three factors:

1. The domain registration and web hosting is through the same company.
2. A student, friend of a friend or other cheap freelancer was hired to do the work.
3. The person who did the work has disappeared and taken all the user names, passwords and administrative access details with him/her.

There are two plus points to keeping the domain registration and hosting separate. First, it’s usually cheaper - if a company specialises in domain names they may rip you off with the hosting and hosting companies will rip you off with a domain registration. As a guide, pay no more than £3.50 / year for a .co.uk, .org.uk address and no more than $10 / year for .com, .net, .org.

The second reason is more for flexibility - one can buy a domain at any time, do nothing with it and then just point it to some web hosting service when the time is right. The domain name should be treated as company property for the duration of the registration, and not the property of your IT provider or web designer.

If you do get a friend or student to complete the design work for you, that’s fine. Be aware that they will have their own preferred hosting company and will likely not give you access details for your website as they will have their own work on there, as well as work for any other clients they may have. Ask for the “FTP” details (server, port, username and password) and insist that you get them. When your web developer does fall off the face of the Earth, you’ll still have access to your website.

Although a more professional organisation may be a bit more expensive, the service you get is likely to be much, much better. You should expect to get generous email hosting, full website visitor reports and exclusive FTP details (even if you don’t need them).

You want to keep a record of all these usernames and password for a very good reason - control. As businesses grow or progress, their needs and services evolve. Your web design company may not be able to keep up with what you want, or they may have left the field and be working in a different IT sector.

Sooner or later you are going to want to change your web design and/or hosting company.

When this day comes you want your new provider to have access to your existing website, you will also want to re point the domain name to a new hosting provider (another reason why it is good to keep it separate).

Imagine what could happen if:

• You are no longer in touch with the people who provided your domain name and website - it can’t be changed and may soon go offline.
• Your web design company doesn’t want to loose your business - they may not be very quick to surrender the code and files for your site, or point your domain name to your new provider.
• Your web design company want to retain the copyright to your site - what, exactly, was stated in the contract you had with them? Was there even a contract?

To recap:

Keep the domain registration, web design and web hosting separate from each other.

I would recommend 123 reg for UK based domains and godaddy for US based domains. I have used these two companies many times and they have both excelled themselves beyond their competition. I have also had many poor experiences with other domain registrars, who I will not mention here.

Hosting companies vary dramatically in price, features and service quality. Your design consultant should advise you on a the best package for your needs and budget.

My Sales funnel starts a lot earlier than landing on the page.

It’s hard to say exactly where, so I’ll concentrate on user actions that I know have happened and the user’s responses.

Unless you’re doing direct marketing like e-shots, mail-outs, etc; then the sales process starts with a potential lead looking for something you have to offer.

This ‘looking for’ usually starts with a search engine. My potential lead searches for the ubiquitous ‘widget’, or something related to it.

To cover as many search terms as I can, I have as many pages to me website as I can - each geared up for a particular keyword - and this is the top of my sales funnel. It’s a statistics thing - if i can get more pages out there then there’s a higher chance of someone seeing that page.

Lets now assume that the SERPs display one of my site’s pages in the top 10. Given I’m talking about hundreds of pages with many different positions I’m going to average that out to a 10% visibility score.

This is where having multiple sites can help - i’ve worked with some people who have 8 of the top 10 spots for most of their keywords - an 80% visibility score!

If they then click through to my site there are two important things to note:

1 - I’m already doing something right
2 - It’s probably not my home page

This means I’m not going to put a sales letter on my home page. Neither am I going to put it on all pages, nor a ‘version’ of it on all pages.

No, the potential lead we have is still researching and is not ready to buy - so i provide information, related to the search term in an un-biased way. Pitching the product at a research level shows a poor level of trust. Buying CTAs should be visible to returning users but not off putting for first timers to your site. A subtle button floated top-right is usually enough.

For those not ready to buy there must now be a call to action on the info pages that links through to some sales copy, for example a feature-matrix. This is the next level of your sales funnel.

Here I would suggest re-designing the mile long sales page that we see so often and it is so off-putting to anyone with intelligence.

A simple left-nav links to the various information sections I want to be able to present to a lead in a sales oriented way. The body copy should never go below the fold and there is a clear CTA at top and bottom of the page. This CTA doesn’t read “Buy Now”, it reads “Add to cart”

The question here is choice - the lead needs to feel that he/she is choosing your product. Start forcing their hand and they will walk away.

Call to actions must be actions, and not commands

Clicking the add to cart button is the next level of your sales funnel. At this point the sides of your funnel should be vertical. You have a sale - don’t mess up and not take their money.

A part of the sales process so often neglected is the usability of your site’s checkout facility. And this is something you should do a lot of research into. Get your friends, family, colleges to test it out. watch them, don’t tell them how to do it and make a note of where people give up. Then correct the issues.

Are you paying too much for your Online Advertising?

Site Reference is looking for new Advertising Parnters!!!

Site reference is a webmaster resource whose audiance ranges greatly from “new to the internet” to Experts in Internet Marketing, Web Design and Web Appliction Builders

With over 200 000 subscribers there are a lot of people who trust what site reference has to say, with frequent news letters highlighting the very best of the articles, forum topics and blog posts.

Their new video blog section is storming ahead and the site brings in up to 200 new subscribers every day.

Advertising and Promotion solutions are tailored to meet individual needs. A recent survey of users has shown that over 75% of site-reference users are aged 25-55; with 95% of users claiming to have moderate to expert internet ability. Another poll shoed over 75% of site refernece users spend over 4 hours a day on the internet.

Exposure of your message is pretty much guaranteed and several large organisations such as RackSpace and WebCEO are frequent customers of this service.

Site-Reference offer a range of solutions including website real (or should that be virtual???) estate, newsletter advertising and dedicated mail outs to their subscriber list.

For your no-obligation quote please contact Nic at Site Reference here

I’ve been building web applications for a while now, and most require user authentication. The data inside the applications isn’t that sensitive so I’ve never used https - it’s all done using http.

The login form usually asks for an email address and a password. My database contains the password hashed using (for this example) md5. The logic is therefore quite simple:

$user = $usersDMO->getUserDetailsByEmail(Util::CleanRq($_POST['email']);
//SELECT * FROM users WHERE email = '$email';
 
if(md5($_POST['password']) == $user['password']) {
	//user logged in
} else {
	//invalid login
}

It’s fairly straight forward and simple - it can be easily extended to work with permissions and SQL injection is minimised.

I had, however, been missing something:

The password is still sent over http as plain, un-encrypted text.

Then, I started to look at client side technologies to help and found a great implementation of md5 using javascript (there’s a SHA-1 implementation there too).

The logic is as follows:

• The server generates a random string, used as a salt.
• The salt is sent to the client (browser) in the form of a hidden input filed in the login form.
• When the form is submitted the javascript hasehes the salt and the password before sending it back to the server.
• The server performs similar reverse logic to authenticate the user.

Here is some example html

<html>
	<head>
		<script type='text/javascript' src='jquery.js'></script>
		<script type='text/javascript' src='md5.js'></script>
		<script type='text/javascript' src='loginactions.js'></script>
	</head>
	<body>
		<?php
		echo $content;
		?>
	</body>
</html>

Here is the javascript loginactions.js (using jQuery)

$(function() {
	//remove the warning notice
	$("td#js-dis").parent().remove();
 
	$("form").submit(function() {
		//i have used the form name as the salt
		var salt = $(this).attr('name');
 
		//get ther user entered password
		var password = $("input[@name='password']").val();
 
		//hash it all together
		password = hex_md5(hex_md5(salt)+""+hex_md5(password));
 
		//set the js filed to 1 - this lets the server know that javascript was enabled on the server
		$("input[@name='js']").val(1);
 
		//set the password field to the hashed one
		$("input[@name='password']").val(password);
 
		//allow the form to be submitted
		return true;
	});
 
});

Here is an implementation of the server side processing, written in PHP

<?php
session_start();
 
function DrawForm() {
 
	$letters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
	//random salt - always starts with a letter
	$salt = $letters[rand(0,count($letters)-1)]."_".substr(md5(rand()*time()),rand(0,24),8);
	$_SESSION['secure']['salt'] = $salt;
 
	$form = "
	<form name='".$salt."' method='post'>
		<table>
			<tr><td>Username</td><td><input type='text' name='username' value='' /></td></tr>
			<tr><td>Username</td><td><input type='password' name='password'  value='' /></td></tr>
			<tr><td></td><td><input type='submit' value='Submit' /></td></tr>
			<tr><td colspan='2' id='js-dis'>It appears that javascript is disabled on your browser. This log in process uses javascript to securely send your login details to our webserver. There is a minimal risk that someone may intercept your password if javascript is not enabled. If this message disappears, you may assume that javascript is enabled. To learn how to enable javascript, please go to this page <a href='#'>Enabling Javascript</a></td></tr>
		</table>
		<input type='hidden' name='submitted' value='1' />
		<input type='hidden' name='js' value='0' />
	</form>
	";
 
	return $form;
 
}
 
//compare the user value and
function Authenticate($a,$b) {
	if($a == $b) {
		$_SESSION['user']['username'] = $_POST['username'];
		$_SESSION['user']['loggedin'] = true;
		return true;
	} else {
 
		$_SESSION['user']['loggedin'] = false;
		return false;
	}
}
 
function ProcessForm() {
 
	//details - to be got from database, for example
	$username = "username";
	$password = "5f4dcc3b5aa765d61d8327deb882cf99"; //md5('password')
 
	//hash the salt (as done in the javascript)
	$salt_hash = md5($_SESSION['secure']['salt']);
 
	//password is already hashed in database
	//hash the salt-password concatenation
	//this process is done in the javascript as well so $s and $_POST['password'] should now be the same
	$s = md5($salt_hash.$password);
 
	//if javascript was enabled on the client
	if($_POST['js'] == 1) {
		//compare new hashed values
		$success = Authenticate($_POST['password'],$s);
	} else {
		//treat as before
		$success = Authenticate(md5($_POST['password']),$password);
	}
 
	unset($_SESSION['secure']);
	return $success;
}
 
//logic starts here
 
//if user not logged in
if(!$_SESSION['user']['loggedin']) {
	//if form has been submitted
	if($_POST['submitted'] == 1) {
		//process the form
		$content = ProcessForm();
		if(!$_SESSION['user']['loggedin']) {
			//on failure, show the form
			$content = DrawForm();
		}
	} else {
		//show the form
		$content = DrawForm();
	}
} else {
	//user logged in
	$content = "you are logged in";
}
?>

So, what does the salt do?

Because the salt is different every time, it means the the password string sent back to the server is different every time - even if the password remains the same. And it is this dynamic that adds an extra layer of security. Just hashing the password doesn’t help because if that static hash is compromised the whole thing is back to square one!!!!!!!!!!

One thing that annoys me when i see people build websites is how they link bak to their home page.

And it’s not just because it annoys me that i’m writing this post - it’s also worth noting that by keeping the link url consistent, you may have a small seo benefit

if my domain is xeneco.co.uk (which it is) and my index file is index.php; i have the following options

http://xeneco.co.uk
http://xeneco.co.uk/
http://xeneco.co.uk/index.php
http://www.xeneco.co.uk
http://www.xeneco.co.uk/
http://www.xeneco.co.uk/index.php

I’m really starting to go off ‘www’ in the url as I am finding more sites that break if i can’t be bothered to type it in

Back to the point

in server-speak (derived from unix) the forward slash is more than just a folder separator; by it’s self it means ‘root’

Therefore the easiest way to link to your home page is to just use ‘/’ as the url in your anchor tags, eg

<a href='/'>Home</a>

If you want to use a different domain, you can use the base tag. For example, if most of the links on one of my pages went to my blog I could use

<head>
……..
<base href=”http://blog.xeneco.co.uk/”>
</head>
<body>
<!– Because of the base tag these relative links should always go to the right place, regardless of which site they are on –>
<a href=’/'>Xeneco Blog</a>
<a href=’/?p=8′>Build it and they will come</a>
</body>

Google have recently updated their webmaster guidelines and, again, it shouts of “Do something to get traffic (not to get google!)”.

Anyone ever heard this phrase before

“Build it and they will come”

?

I think it was first bought to light in the film ‘field of dreams’, but it then took hold of the web in the dot-com bubble.

Let’s analyse it:

• The ‘it’ is a website
• The ‘they’ is a large number of people who visit ‘it’

The thing is, this phrase worked when the web was young and everything was new and exciting. Now it’s not.

The phrase needs to evolve, let’s try:

“Build it for them, and they will come”

So, people now have a reason to come to your site.

But then we have to think of search engines - everyone uses them now; and one rules the roost - Google. In fact, information is so easy to get hold of that most web users want to be presented with the answer. So the idea that “they will come (to you)” is a bit misleading as ‘they’ are lazy and need help/assistance to get to you.

So, the phrase must evolve again -

“Built it for them and Google will bring them”

….to be continued

All comments and trackbacks are moderated.

All irrelevant comments and trackbacks will be deleted.

All spam will be deleted

http://projects.web20design.co.uk/samples/3-col-css/

I have developed a fairly simple 3 column web page using CSS for layout logic.

This is a generic template I usually start with when putting together a new site.

I have put a link to it here and you’re free to copy and use it for your own needs - but please follow the copyright notices contained within the comments of the files provided

The numbers in [square] brackets denote the source order of the elements displayed, the H1 is first, the H2 is second, and so on

The page is basic and is intended to be a starting point. If you do choose to use it then you will probably want to extend the CSS, add your own colour scheme and images - as well as your content.

The width is fixed, as are the widths of the columns. When changing these widths be sure that the column widths add up to no more than the page width. If you want to use relative widths (per centages) then the same concept applies.

The layout is also fairly SEO friendly

In a traditional business model there are usually two distinct parties - the company and company’s customers. The customer ‘pays’ the company for products or services the customer is unable, or unwilling, to undertake it’s self. In order for the company to offer it’s products or services they must draw on, and process, ‘raw’ materials.

If you’re running AdSense (or any other pay per click programme) as a business model, then who are your customers? What are your raw materials, and where do they come from?

These are very important questions and the answers may surprise some of you.

If you’re using AdSense then your customer is Google - Google are paying you to advertise on their behalf.

Your ‘raw’ materials include your domain name, your web-hosting package and your web site, but this is only your first step. And it is a step, for without your site you cannot get the more important material - site visitors.

Now you can start showing your site visitors your web site, and this is your product. Yes, your product is a web site which has visitors - and you sell this product to your customer (the pay per click agency - Google, Yahoo, etc.). Your customer then compensates you based on your performance.

With this model in mind it’s obvious that to increase your revenue you need to increase your performance - this is no different from any other business model. Product research, product improvement and improved selling techniques are all needed.

So, how can you improve your product? More visitors to your site is step, but it’s not necessarily the next one, you actually need more ‘targeted’ visitors - this will improve your click-through rate. Even better than targeted visitors are site visitors who are ready to buy the product being advertised. This is because the company selling the product that is being advertised on your site doesn’t just want a visitor themselves, they want a sale and their pay per click advertising price will be based on their own web site conversion rate. If you send web traffic to a site, and these visitors don’t buy, then the price being paid by the advertiser will fall. This directly affects you.

Improved selling techniques - why should the AdSense scheme pay you more than someone else, on a per click basis? Simple, either the sale of product advertised on your site is worth more to the seller than it is to someone else, or the visitor who clicks on the advert is valued.

This gives you two lines of research for your AdSense Site:
1 - highly valued products
2 - highly valued visitors

You can then build your site in a number of ways; you can target highly priced products (mortgages, life insurance, real estate, cars, holidays, etc.) or you can target highly valued customers. What is a highly valued customer? These are likely to be people who are going to be repeat buyers or buying subscription services. An example of a repeat buyer is someone who buys their printer cartridges from the same supplier each time they need a replacement or use the same car insurance company each year. A subscription service may include mobile phone and other service contracts.

Can a site target highly valued customers and highly valued products? Yes. How? This is where the research comes in. A site could target ‘mortgages’ - we think there are lot of people who are interested in mortgages, and there are certainly a lot of people building advertising sites to try to catch those who are interested. The term ‘mortgages’ is highly competitive and unlikely to yield a final sale - you won’t get traffic for the term and you won’t get much compensation for the click.

‘Mortgages’ is therefore a bad example, but what about the phrase ‘first time buyer mortgage UK’? Here the phrase targets three types of visitors - first time buyers, buyers in the UK, and more importantly the common subset of the phrase it’s self. This is a highly valued product which will have highly targeted visitors; who are likely to be highly valued customers if the sale goes through.

This is known as keyword research and if you plan to run an AdSense / pay per click site then you will need to know how to do it right. The example above is sometimes referred to as ‘low hanging fruit’ - terms that are profitable, targeted with lots of traffic and have minimal competition.

So to run AdSense as a successful business model you will need to understand what your product is. You will need to understand and know who your customer is. You need a better product than your competition, and know why it’s better.