Web Tips

Lessons a Phila Biz Learned Updating Its Old Website – Tips for Hiring a Web Developer

One of my clients, Ellen Fisher (Publisher of the Women’s Yellow Pages of Greater Philadelphia) and I had the pleasure of speaking with Joseph Mutidjo, a reporter for SmallBizTechnology.com. The following is a reprint of the article he wrote describing the process we went through when updating Ellen’s website.

Lessons A Phila Biz Learned Updating Its Old Web Site: Tips for Hiring A Web Developer

March 24, 2011 by Joseph Mutidjo
Originally published here: SmallBizTechnology.com

New Women's Yellow Pages SiteChange can be hard, even when you have to let go of that faithful 10 year-old website.

Ellen Fisher, the founder and publisher of the Women’s Yellow Pages of Greater Philadelphia, knew she had to update the 3,000-page website she first launched in 1999. That was back when she saw the Internet as the way of the future for her print directory of women-owned businesses and women’s organizations.

“If I wanted to stay in business I had to make certain changes. Our database was working fine, but our website was in frames and not good for search engine optimization,” explained Fisher. “We didn’t want to redo everything, since our data collection processes worked well, but our clients wanted to be able to advertise online (in addition to listings), so we needed to create that real estate on our website and be able to manage this new offering.”

Fisher hired Sandra Clitter, owner of SLC Consulting, as the project manager and technical lead for the job. The two ladies first met at a small networking event hosted by the National Association of Women Business Owners (NAWBO).

“We hired her to do a few little tweaks to the database and then realized we were in love—with the way she worked with us,” Fisher said.

Fisher emphasized that when looking for an IT consultant or web developer to partner with, small business owners should not just look for a good programmer (or someone with good technical skills), but someone “who is interested in learning about your business in detail.”

Original Women's Yellow Pages SiteClitter was surprised Fisher had kept her site running for so long as they did with decade-old technology. The two had several brainstorming sessions to define the site’s purpose, outline the problems and craft effective solutions. Clitter presented Fisher with several solutions at varying price points, and discussed the pros and cons to each solution.

“Careful consideration has to be given to the purpose of the website—who is visiting, why are they there, are they conducting transactions, or simply getting information, is the information updated frequently or only occasionally. Answers to each of those questions should determine a different path for the technology underlying the website,” Clitter said.

They settled on a solution that cost $10,000, and started the 6-month renovation project—together. Clitter points out that building or rebuilding a website should be a close collaboration between client and provider.

“Clients often don’t realize that they need to participate in the project themselves in order to make sure that their substantial knowledge of their business are accommodated and incorporated as appropriate. Additionally, because we’re dealing with technology, an area that’s very uncomfortable for many people, there is an ongoing education process required. . . . The owner of the site should understand how/why the various components of technology have been chosen, even if they can’t understand the specific technology itself,” she said.

Many small business owners “hang on to their old site for longer than its useful life” because of their unfamiliarity with and fear of new technology, noted Clitter. A website, as with anything else, has a lifespan. She explained a “plain ol’ HTML page really never stops working,” but a website can have its visual component as well as functional underpinnings become obsolete.

“Make the website maintenance a part of the business budget each and every year—updating various parts that are ‘worn,’ or have better solutions can help it run longer. Like any other technology, websites need ‘tune-ups,’ just as a piece of hardware or other software does. Like hardware, organizations need to have a website replacement period and build it into the budget. It is unlikely that many computers of five years or older are still in place, functioning efficiently—and it is likely that websites of that age or older should also not be in place,” Clitter said.

Fisher said the updated website is a “stellar product,” and impressions have increased significantly. Five years from now, here’s looking forward to the roll out of another stellar website.

By Joseph Mutidjo, Reporter, Smallbiztechnology.com

Is your Firefox Browser getting slow? Quick tip that may help…

This is just a really quick, down-and-dirty tip for Firefox users (if you don’t know what it is, Firefox is an Internet Browser that’s NOT Internet Explorer, but IS really good)…

If you find your Firefox (Mozilla) seems to run terribly slow after you download something from the internet, try this:

Open up your Browser
Press CTRL+J (that means “press the ‘control’ key on your keyboard at the same time that you press the letter ‘J’ on your keyboard – press the ‘control’ key first, then press the ‘J’ key). That will open up a list of downloads you’ve gotten via Firefox:

See that little ‘Clear List’ button on the lower-left side. Click it. That will clear the list of downloads (not the downloads themselves, but the list of the downloads). Close/re-open your browser. See if it starts behaving better when you download your next file.

Even better for some of us that get off on discovering silly things…let’s say you want to preserve a portion of the list of downloads, but want to delete a bunch of others. Simply highlight the files that you want to eliminate from the list and right-click the group when you’re done:

Select the ‘Remove From List’ choice at the bottom of the list. Only those downloads that you’ve highlighted will be removed. Remember, the files remain on the computer, only the record in Firefox that they’ve been deleted are removed.

Give it a whirl. See if it gets your browser running a bit smoother after your next download.

(Thanks to PCWorld for this reminder…it’s one of those things that I know, but I wouldn’t remember when I needed to remember)

Setting the default mail client to a web-based service

Some people in this world actually do NOT use Outlook as their default e-mail client, but rather use Gmail, AOL, Yahoo, or Hotmail.  In fact, I would venture to say that a large portion of the population uses one of these web-based e-mail clients – at least in their private lives.

There is one consistent annoyance when trying to use a web-based e-mail instead of the ubiquitous Outlook (and, with the cost of Office, more and more people are not investing in this tool, opting for the free OpenOffice suite and web-based e-mail)…and that is when you want to click a ‘mail-to’ link on a web-page, and the computer you are on searches and searches and tries to open up Outlook to send the e-mail – regardless of whether or not you even have Outlook installed on that computer.

You end up cursing the computer, freezing it up, or generally frustrated.  RELAX!!!  Help is one the way :-).

There is a wonderful, FREE tool called GMailDefaultMaker (http://gmaildefault.codeplex.com/) that will allow you to set Yahoo, AOL, Hotmail or GMail as your default mail client.  You install it and forget it.  It does NOT take up system resources.  Simply download, install and forget it.  From that point forward, when you click on a ‘mail to’ link on any given web page, your web-based e-mail client will open instead of getting stuck with Outlook trying to open.

For some reason or other, the tool has not gotten a new name, but it should since Gmail isn’t the only web mail that it supports!

A funny thing happened on the way to my Google search…

Google is an everyday part of my life, as I’m sure that it is for many of you. I use iGoogle for my Home Page (that’s a personalized start-up page on Google, tailored to my specific wants and desires). Its not often that I use ‘classic’ Google. Sometimes I miss some fantastic Google Doodles because my iGoogle page uses the standard Google logo, and doesn’t substitute the Google Doodles.

For some reason, I used the ‘classic’ Google page the other day and was mesmerized by a Google Doodle that was a bunch of bouncing balls. Every time that I moused over the Google logo, the logo disbursed into a bunch of bouncing balls, then as I moused away, they settled back down into the logo. I actually commented on it during the day to a client or colleague…how incredible to have such a recognizable logo that you can afford to ‘mess it up’ on a regular basis. In fact, people COMPETE to mess it up. Now, THAT is brand awareness.

(forgive me, I digress on the way to my ‘real’ point today)

Today I happened upon ‘Google Instant’ which some of you may have noticed if you searched for something using Google yesterday or today…but only if you use the classic home page…not the iGoogle home page. Again, I was ‘out’ of my iGoogle page and on the classic Google home page. A funny thing happened as I started my search…the results appeared directly below what I was typing…I didn’t even have to hit ‘enter’. What’s going on here? Switch back to iGoogle…same old behavior…type the search string, hit enter, get results. Go to the classic Google home page a www.google.com and the behavior is different. What’s up with that?

Of course, I had to search ‘Google Instant’ to find out what was going on. In a nutshell, Google decided that their searches were taking too long (really!?), so in classic Google they have started showing the results underneath the search box as you type. This allows you to scan the results at the same time that you are typing, allowing you to more quickly locate the information you were searching. Google claims that it can save me 2-5 seconds per search (I really didn’t realize that I was wasting so much time!). More astonishing…Google estimates that it will save 3.5 BILLION seconds searching every day – that’s a productivity improvement globally of over 950,000 hours/day! Guess we’ve really been slackers, haven’t we?!

Be careful when relying on Flash for your website

I spent last weekend redoing my website which was only about 9 months old. If you look at it it doesn’t appear to have changed much. The change was to remove Flash from my site and made it strictly an HTML site. Why? There were a couple of reasons. First, because I found Flash very cumbersome and difficult to work in when I wanted to make what I felt were relatively simple adjustments to the site. Second, and perhaps most important, was the fact that Flash does not display on many Smartphones – most notably, the iPhone. So, if someone with an iPhone went to my site, they would get nothing.

Today, articles are appearing saying that Adobe (the maker of Flash) will NOT be releasing a version that will run on iPhones (Apple and Adobe have a long running feud). As portable devices such as various Smartphones (including the iPhone), iPad, etc. become more important in how people reach their information (most particularly the web), this becomes critical when constructing websites.

My recommendation (I believe in renting some of my scars from others and learning from their mistakes), use Flash only sparingly (if at all) on the web…trust me, ‘un-Flashing’ something takes some work!!! Most people aren’t on your website for the ‘glitz’, they are on your site for the content.

Here’s the article about Adobe’s abandonment of the ‘Flash on the iPhone’ project: http://tinyurl.com/y5rspbu

Is your website safe from hackers? Probably not (but this isn’t meant to be a scary story)…

For the second time in less than a year, I found myself spending time this week dealing with a website that was ‘hijacked’ by someone with less than honorable intentions – it had been ‘hacked’.  What does that mean?  Do you need to worry about it?  How do you fix it if it happens?  While I’m not an expert on web-security, I now have a bit of experience (albeit hard-earned through the remediation of the impacted sites) and I figured that I’d share some of what I’ve learned.

If you have any form on the web that allows users to enter information, then press a ‘submit’ button, your site is probably vulnerable.  Why?  Well apparently, people with evil minds can paste code into the entry fields (e.g. Name, Address, e-mail or other fields), then activate the code by pressing the ‘submit’ button.  Rather than sending you, the owner of the website, an e-mail saying that So-and-So wants more information on your business (or whatever the ‘submit’ button was supposed to do), the submit button launches script that was injected, and “other” things happen.  Those “other” things can be almost anything from a nuisance to a serious breach.  Last year, on my own website, when the hacker hit the ‘submit’ button, they replaced my ‘normal’ home page with one which said “Beware of Palestein”.  Seriously.  They replace my home page with an ‘alternate’ page.  There were images of flames, etc., but the key point was that my site had been hijacked by the Palestinians (or someone claiming to be working on their behalf).

While putting up my original home page again was a snap, the more severe problem created by the ‘evil’ script was that search engines who probe for ‘evil’ sites found the ‘malware’ on my site and shut it down.  SHUT IT DOWN!!  Once I had remediated the problem, I had to resubmit the site (via a process offered on Google) as a ‘good’ site, explain to them what had happened and the steps I had taken to prevent the problem from occurring in the future, and wait for it to be ‘cleared’.  As soon as they cleared it, the ‘good’ site came back online.

The entire process (from when I found the sites had been compromised to when it was back up live) took several days in one case, and over a week in the other).  Bottom line:  You don’t want your site to be vulnerable to such attacks because you can’t afford for your website to go down.  Your website is the ‘front door’ to your business.

So, how do you prevent this from happening to your site?  There are a few simple steps to follow which should help.  That said, remember that hackers are forever working to ‘beat the code’, so they’ll keep trying…you just want to make it more difficult than it’s worth, or to be able to catch the breach before it becomes a problem.  Here are my experience-based recommendations:

1.      Make sure that the passwords used to publish your website to the internet (commonly called ‘FTP passwords’) are STRONG passwords.  We all know what those are – letters AND numbers, upper AND lower case, AND special characters.

2.      If you have a form with a ‘submit’ button, ensure that the person who developed the site employs data validation during the ‘submit form’ process.  What the heck do you mean by that?  Simply put, if someone enters their phone number, make sure that the phone number contains only numbers.  Similarly, a zip code should contain only numbers.  A name field should NOT contain special characters (other than perhaps a comma, apostrophe or period).  Typically, special characters are required to run ‘evil scripts’ (aka ‘malware’).  Even more wide-open fields (like ‘Comments’ fields) should prevent characters such as <,>,|,~, etc.  Most ‘comments’ can be submitted without the use of such characters, but malicious code almost requires that they be included to be effective.

3.      If you have a database that resides under your website, use similar logic as described above – strong passwords, and data validation every time that information is being written to the database.

4.      Visit your own website often (at least once a week) and click around.  Seriously…if you don’t check it out, you might not know if there has been a breach.  A breach will be OBVIOUS (the site works or it doesn’t).  If you have a web-browser OTHER than Internet Explorer (e.g. Firefox or Safari) use the NON-IE browser to check on your website.  Why?  Because internet Explorer continues to display compromised websites far longer than Firefox or Safari do.

Someone who doesn’t know you and hits a ‘roadblock’ while trying to view your site won’t know how to contact you to tell you there is a problem.  I don’t know how long my site was down – it took a friend going online trying to find my e-mail address – to call me and say ‘Did you know…’.  I’m embarrassed to say that my site could have been compromised a month earlier – I probably wouldn’t have known.

5.      Make sure that your website has been formally submitted to Google via ‘Site Verification’.  If you have done this, then Google will communicate with you in the event that they find a web ‘emergency’ on your site.  Trust me, Google may well know before you do if your site was hacked!  In the event of a breach, Google will send you an e-mail telling you if it finds that your site has become infected with malware – letting you know ASAP that you have an issue.

Google sends an e-mail to ALL of the following addresses – make sure that you have ‘real’ people receiving at least a few of these (you don’t need them all, 1-3 will do):  abuse@mydomain.com, admin@mydomain.com, administrator@mydomain.com, contact@mydomain.com, info@mydomain.com, postmaster@mydomain.com, support@mydomain.com, or webmaster@mydomain.com.  If possible, have different people receive the different addresses.  That way, if someone is out of the office, or doesn’t have access to e-mail for a while, the notice won’t be ‘lost’.  Additionally, make sure that ‘noreply@google.com’ is set as a trusted sender (you don’t want that e-mail to get caught in your spam filter).

6.      I’m going to state the obvious, but sometimes the obvious needs to be stated – make sure that you have a pristine copy of your website on your LOCAL computer/server.  Keep it safe and secure.  Refresh it after you make changes to the web, but do NOT use it as your main ‘publication’ folder.  Yes, this means having two copies of your site – one that is a working copy that you edit/publish from.  The other is a ‘pristine’ copy.  After you’ve published changes, when everything is working well, refresh the ‘pristine’ copy from the working copy.  Having this ‘pristine’ copy will save you from accidentally overwriting ‘clean’ pages with ones infected with malware.  If it happens (and there are a myriad of ways that it could happen which I won’t try to go into here), you have only to recover the affected pages from the ‘pristine’ copy.

If you implement all these things, does it mean that your site is ‘bulletproof’?  Nope.  Not a chance.  The hackers are working hard to breach the web wherever they can.  They find new ways every day.  Don’t get wound too tightly on the issue, but use common sense, to try to thwart the ‘bad guys’.  Remember, they’re likely to head to the easier sites to hack – they’re probably not going to invest extra effort trying to get around the roadblocks you’ve put up.  They’re going to go to a site that didn’t take the precautions that you took.  What’s the old adage – the thief is going to steal the car with the keys in it before they try to hot-wire a car.  Don’t leave the ‘keys’ in your website!

Finally, one of the first questions that I asked was ‘Why on earth would they care about SLC Consulting’?  It’s precisely BECAUSE it isn’t a ‘mainstream’ site that they chose it.  From my innocuous site (and the other one that I had to remediate this week fits that same description), the hackers could ‘jump off’ and go far and wide doing ‘bad’.  Then, those ‘bad things’ could, potentially, be traced back to the original site that was hacked.  It really is far easier to ‘take the keys’ and ‘lock the doors’ on the site beforehand.  While It is not a guarantee, it is hopefully, a deterrent.

What does your website look like on a Smartphone?

I’ve been working with a lot of people lately on websites – new websites, data-driven websites, new business websites, SEO recommendations, etc. As I’ve found myself in these discussions, I’ve found that there is one part of website discussions that does NOT come up as often as it should. That part is this question:

HOW DOES YOUR WEBSITE LOOK ON A SMARTPHONE?

This question is one that you MUST ask yourself these days. More and more people are getting Smartphones (iPhone, Droid, Blackberry, etc). In fact, its getting hard to get a plain ‘ole phone (I’ve heard more than one person complain bitterly that they just don’t want a camera or anything else on their cell phone, but can’t find a simple one). Why does that matter to you? Many websites appear just fine on a Smartphone, but certain technologies look odd, or don’t appear at all on a Smartphone (e.g. Flash).

When getting a website overhaul or new design, make sure that you view an early draft of the design on a Smartphone! If you don’t have a Smartphone, find someone who does, and ask them to pull up your site.  If it doesn’t look good, ask your web designer to tweak it to appear better, or have a alternate, ‘mobile’ site, designed with content only (alot of the pretty graphics are stripped out).  I’ve found – to my pleasant surprise – that the first alternative (tweaking the live site to appear a bit better on a Smartphone) is often totally acceptable.

More and more people get the majority of their information from their “phones” (are they really just ‘phones’ anymore?). You don’t want a potential client to bypass calling your company just because your website went haywire on their Smartphone and your competitor’s site looked good.