I suggest that you first start with our first post in this series, PCI, Passwords & Aggravation.

Welcome back. Now lets get on with securing your website.

If you accept credit cards on your website (people enter a credit card number on your website) you are required to be PCI/DSS compliant as of June, 30th 2012. There are no excuses, exclusions, nor, get out of jail free cards. Man up and get to work.

• The very first thing you need to do is limit and control access to your website and web hosting. Whenever possible limit access to a task level access. So don't give the order processor access to your whole admin & don't give the guy uploading images in FTP access to the root. Each person must have their own individual and unique access, so all 10 employees cannot use the same login credentials.
• Use strong 8 characters or more passwords with upper & lower case, number and symbols when possible. Do not use names or real words in them. Do not use the same password for more than one application. Do not store them unsecured or send them electronically.
• Change ALL passwords associated with your website every 60-90 days. Log the changes with a date, per person.... But NOT the passwords. This means PayPal, gateways, admin, hosting, email etc.
• Contact your merchant bank and find out what they wish you to do to provide your compliance credentials. They may have a specific PCI scanner they want you to use (which is really BS, you should be allowed to use whomever you want as long as they are an Approved PCI Compliance Scanning Vendor). Fill out your SAQ (help with SAQ), get your scans done at least quarterly and submit them to your merchant bank. We use Trust Guard because we like the seals, they use a approved scanning vendor and the price is very reasonable (not the cheapest, but excellent service and less than average price).
• Keep server software, website software and computer software of any kind up to date. For example, if you use Zen Cart, when you click on version in the top right of your admin it should say 1.5.0... if not you are required to upgrade now.
• ALL login forms and checkout must be secured with SSL. So, that sidebox login you may have on your main page has to go!
• Make sure you stay up to date with software upgrades and patches. Most software platforms have a RSS or newsletter you can sign up for or follow to be informed of software updates and patches. Here is Zen Cart's update forum is here, either check it frequently or subscribe to the thread. WordPress can be checked from your dashboard or check here, and here.
• Check Secunia for advisories about the software you run.... Below is a shortlist.

CKEditor / FCKeditor ~ Security Advisories
Coppermine Photo Gallery ~ Security Advisories
CubeCart ~ Security Advisories
Drupal ~ Security Advisories
Joomla (all versions) ~Security Advisories & Joomla Vulnerable Extensions List (VEL)
Mambo ~ Security Advisories
osCommerce ~ Security Advisories
phpBB ~ Security Advisories
TinyMCE ~ Security Advisories
WordPress ~ Security Advisories
Zen Cart ~ Security Advisories

• Have your web host or other trusted company deep scan your website for malware and infected files quarterly. Securi has an excellent malware scanning service that we recommend. They will even remove it for you if found.
• Implement and enforce a company Information Security Policy. Believe it or not, you actually have to tell employees not to share customer's information.... common sense is NOT so common any more. Here is an example of one of our data policies (https://pro-webs.biz/data/).
• Restrict physical access to company systems and records with cardholder data to only those employees with a business "need-to-know."
• DO NOT store cardholder data... Just don't, it's not smart for them or for you.
• Develop and maintain a vulnerability management program. This sounds worse than it is. Basically, set forth a policy of the things you are doing, need to do and want to to to reduce vulnerabilities within your company.
• If you accept credit cards on the phone and enter them in a gateway or terminal you must also have your office IP(s) scanned.
• NEVER allow access to your website using WiFi or an employee working from home.
• Your web hosting CANNOT have ANY plain text logins. This means all hosting control panel functions, e,ail access (even through software such as Outlook) and FTP must be secured with a SSL3 or TLS connection.
• Use your head.... if it seems unsafe or dumb, IT IS!

While PCI compliance is not a law (yet), there are state laws that are already in effect to force portions of the PCI Data Security Standard (PCI/DSS) into law. In addition, there has been a big push by legislatures and industry trade association to enact a federal law around data security and breach notification.

Many businesses only implement the rigid letter of the PCI DSS standards, "kinda like "state minimum car insurance". They have technology and processes in place that satisfy the exact letter of PCI standards, but do nothing else to provide real security for their business. It is crucial you YOU and all of your company's assets embrace the spirit of the standards. Call it a hyper vigilance, or awakening, but the days of "I did what I had to so we're cool are over". Just like any other set of standards or rules PCI can only account for most, or many potentially vulnerable situations, they do not work for you.... know your routines etc. You and the people you work with must develop a sense of urgency and awareness to catch potential vulnerabilities with your own organization.

Q: What are the penalties for noncompliance?
A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.  Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.

It is important to be familiar with your merchant account agreement, which should outline your exposure.

Interestingly, not all of our clients are thrilled that we are and will continue to be delivering the safest, PCI compliant hosting that we can. We update clients as we continue down the road to maintain our server's PCI/DSS compliance. In response to these updates about new password strength requirements, requiring clients keep their software up to date, etc we have received a mixed bag of mostly aggravated feedback. We have been yelled at, complained about publicly and some clients have even moved their websites to avoid PCI.

I do wonder what these folks will think when June 30th passes and their merchant bank fines them, suspends their account or many other of the power plays the merchant banks will posses to force PCI/DSS compliance among their account holders. I also wholeheartedly hope that this will create an opportunity for the PCI ready and already compliant merchants in the marketplace. Historically speaking, it will create financial opportunities for the PCI compliant vendors who will be still able to process credit card transactions..... while the "non believers" use PayPal while they scramble to attain compliance so they can again accept credit cards.

So starting today with this post, we are going to cover the PCI/DSS basics in detail for shop owners to make better choices and start/continue down the road to compliance. Today's topic is your own computer's security.

Why does it matter that I have secured my PC, it's not hosting my website you know?

Ahhh, this one is such a fun question! I could point to over 50 cases in the last 2 years where a client's failure to maintain their own personal security has allowed their websites to be hacked, but I would prefer to cover some basic security techniques to prevent it instead. By the way, if you use a MAC and think you are exempt, you are dead wrong, no matter what the "Apple Guy" tells you. In checking the numbers, about 20% of the hacks originating from the website owner we using a MAC. Given that only a small percentage of people use MACs, this is really quite high! I think that Apple has gone out of their way to create a false sense of security among its users... But, in the end, it is you.... who owns the computer who is at fault, not Apple.

There are several areas you need to observe to manage your own personal security. I will break these down in a simple format and hope to help you be more secure and protect your shoppers better.

PASSWORDS

I am still in complete AWE when clients, whom we don't even know, shoot us access information in an email! Worse yet, we get the email from a Hotmail or other free account and the username is admin and the password is password01..... Really scary! This post How I’d Hack Your Weak Passwords is a MUST read.... it will scare the crap out of you... as it should.

Really Simple Password Rules to Live By:

• Never use real words, use made up ones if you must use a word. Using names and known words makes hacking your password a piece of cake!
• Always use numbers, letters (mixed case) and punctuation when possible.
• Always make your passwords a bare minimum of 8 characters... 12 is much better.
• Change all passwords every 60-90 days.
• Never create mass account login with the same passwords for users.... All users need their own unique login.
• Passwords must not be transmitted over the Internet by e-mail or any other form of communication, without being encrypted.
• Passwords should never be written down or shared with anyone.
• Use different passwords for each website or application.... at the very least DO NOT use your hosting access passwords ANYWHERE else, ever.
• You must log the dates of password changes and who has access to anything coming in contact with your website.

I had to post this chart to demonstrate how quickly simple password are cracked, it is rather eye opening.

SECURING YOUR COMPUTER

This one can be quite challenging, there are so many things to do. The list I am about to provide you is really a short list of the things you really must do.

• Keep ALL software on your computer up to date, especially Adobe products. The Secunia Online Software Inspector (OSI) will check them for you, for free.
• Use a great virus scanner, I highly recommend McAfee. Trend Micro has a decent product, but there have been countless times when we are cleaning up a hacked website and scanned the local files with Trend Micro on the intake computer and then McAfee found viruses in them after.
• Virus scanning isn't enough, you need a firewall... again, McAfee's firewall and real time scanning is really superb.
• Some infections are not viruses and will not be caught by a virus scanner. Malware, BHOs and other dangerous scripts can infect your computer just from browsing the Internet. We suggest Malwarebytes to scan for these dangerous items. It's also free.
• Change your network passwords including router, modem, login etc every 60 to 90 days and make them also strong passwords.
• Turn OFF WiFi on your work computers... at the very least secure your wireless network. PC World has a simple post to step you through securing your WiFi here.
• Remove unnecessary software from your computer, especially ones that reach out to the Internet.
• Clear your browsing history, cache, cookies etc everyday. We use CCleaner to do so, it's also free. If someone accessed to your machine, some of your juiciest information is stored in your Web browsers cache. There is enough in almost every browser on earth to engineer a social breach. In other words a hacker could gain access to your personal data and then use it to pose as you.

Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?

It is your duty to secure your devices, restrict access and manage your own personal security to protect your customers.

So if usability testing is SO effective, why don't more people do it?

Many shop owners don't know about it, most assume it is incredibly expensive and frankly most are just to narrow minded to delve in to what "may be wrong" with their websites.

These reasons are none valid. Usability testing is no different than product testing, surveys, soliciting feedback and other techniques used by successful businesses worldwide. So what if you can do basic usability testing for free?

You CAN do usability testing! There are a ton of different means to do simple, effective and free usability testing for your website. I am going to touch on just a few specifically suited for ecommerce. These simple, easy to execute and effective usability testing plans will help you identify problems shoppers encounter on your website. If you just said to yourself "there are no problems on my website", then I challenge you to do these 2 usability plans... You are most certainly wrong. Every website has problems, no doubt.

Solicit Feedback

This one is the absolute simplest technique to eliminate the problems shoppers encounter on your website. Soliciting feedback from shoppers is both easy, cheap or even free and very eye opening. Some people will not participate, some will and some will not be very nice. Toughen up, listen to each comment, test and take action.

The trick to soliciting feedback is to listen and not be a PIA to your shoppers.

• Feedback Software: Soliciting feedback from shoppers via software has become very popular. Basically, you get software (most paid services) to ask your customers to "rate their experience" on your website. Software like Shopper Approved (my personal favorite) works with your Zen Cart (or other software) to pop up and ask shoppers to rate their experience. The best part of Shopper Approved is that they followup with the shopper post-transaction email to get a more comprehensive rating which includes delivery time etc. The downfall is that this software ONLY solicits feedback from shoppers who completed a transaction. This leaves an absolute plethora of those who didn't! They couldn't find what they wanted, had checkout issues etc.
• Abandoned Carts: One of the standard package modules we install on new Zen carts is "Recover Cart Sales". This free Zen Cart module will let you send an email to shoppers who abandoned checkout. The standard "vanilla" email is pretty good, but we highly recommend adding a coupon to the email. This helps you convert the sale (which is the point) and track results better as well. Problem here is that shoppers who couldn't find what they sought or had  issues before checkout are not captured.
• Followup Calls: This is one of my personal favorites. Every week pick a few shoppers from your orders, call them and chat about their experience. Ask them for feedback, let them know you appreciate their help and give them a coupon or gift certificate for their time. Once again, this only captures successful checkouts.
• Social Media: is a HUGE opportunity for free and effective usability testing. I especially like to solicit the help of Facebook fans when developing a new shopping cart to replace an old one. The act of creating "buzz" about your new design coupled with the feedback you can receive is positively priceless!

Surveys

Creating a survey for people to evaluate your website is really much easier than you think. When you create a short survey you have a very controlled, yet flexible measurement tool that can be deployed in so many ways. You can send a survey to your newsletter subscribers, friends, Facebook fans and your offer a link to your website visitors. There are some very logical and basic tricks to creating an effective usability survey that you should observe.

• It should be SHORT.
• You should design a task such as "buy this widget" on my website.
• Questions should be simple stupid.
• Offer and opportunity for the survey taker to summarize their experience in their own words.
• Specifically solicit information about areas you feel are "potentially a problem".
• Thank them! Offering a coupon or such is cool, but make very certain you thank the participant.
• Measure your results and ACT!

Examples

• Did you easily locate the product?
• Did you feel like the information was adequate?
• Was checkout easy?
• Did you have trust or security concerns?
• What can we do to improve the experience?

Accomplishing this is far simpler than you may think. Certainly their are paid software platforms out there that offer the creation of these types of surveys, but my personal favorite is WordPress with Formidable. You should consider upgrading to the Pro edition ($37), as it has a bunch of features which will make this more effective. Aggregating your results is nice with graphs, tables etc.

I will tell you that NONE of this will be effective, much less matter if you are too narrow minded to consider that people have problems using your website. This, like anything else you do for your website is only effective if you can measure the results. That means you need to exercise some restraint in implementing "fixes". If you fix 10 things at once, how will you measure the effectiveness?

Lastly, before I leave you onto your new mission, let me just say that there is NO beating a good old fashioned looking over someones shoulder while they use your website. It's actually quite easy to get volunteers for this as well! I ask my kids, friends etc. again, while the "sample" is obviously smaller here, you have the ability to watch, ask questions and get real time feedback on possible solutions.

Thank you for taking action!

Hi Melanie

Last week you stood with millions of Americans to protect online freedom and innovation. Congress heard you, and delayed consideration of the PIPA and SOPA bills, which -- if enacted -- would censor the Web and impose harmful regulations on American businesses.

We hope that today you will join us in thanking your representatives for protecting the Internet.

And we want to thank you, again, for your actions last week. We are humbled that so many of you rallied around what we believe is the most transformative invention in history.

Until next time,
The Google team

I thought this was quite nice to share and celebrate a small victory in the fight for our web rights.

NY Times Editorial by REBECCA MacKINNON

The bills would empower the attorney general to create a blacklist of sites to be blocked by Internet service providers, search engines, payment providers and advertising networks, all without a court hearing or a trial. The House version goes further, allowing private companies to sue service providers for even briefly and unknowingly hosting content that infringes on copyright — a sharp change from current law, which protects the service providers from civil liability if they remove the problematic content immediately upon notification. The intention is not the same as China’s Great Firewall, a nationwide system of Web censorship, but the practical effect could be similar.

Matt Cutts, head of Google’s Webspam team has done an excellent job of getting the word out and getting website owners and the web community involved. Below is a video to help you better understand whats going on, and whats at stake.

Count PRO-Webs as a company doing our part to put down this injustice, we have signed the petition at We the People which has 52,096 signatures, educated customers and acquaintances alike. As a result of our signing of the petition to STOP SOPA, we received an email from the Whitehouse. I am sharing it with you in its entirety below.

Combating Online Piracy while Protecting an Open and Innovative Internet

By Victoria Espinel, Aneesh Chopra, and Howard Schmidt

 

Thanks for taking the time to sign this petition. Both your words and actions illustrate the importance of maintaining an open and democratic Internet.

Right now, Congress is debating a few pieces of legislation concerning the
very real issue of online piracy, including the Stop Online Piracy Act (SOPA),
the Protect Intellectual Property Act (PIPA) and the Online Protection and
Digital ENforcement Act (OPEN). We want to take this opportunity to tell you
what the Administration will support—and what we will not support. Any effective
legislation should reflect a wide range of stakeholders, including everyone from
content creators to the engineers that build and maintain the infrastructure of
the Internet.

While we believe that online piracy by foreign websites is a serious problem
that requires a serious legislative response, we will not support legislation
that reduces freedom of expression, increases cybersecurity risk, or undermines
the dynamic, innovative global Internet.

Any effort to combat online piracy must guard against the risk of
online censorship of lawful activity and must not inhibit innovation by our
dynamic businesses large and small. Across the globe, the openness of
the Internet is increasingly central to innovation in business, government, and
society and it must be protected. To minimize this risk, new legislation must be
narrowly targeted only at sites beyond the reach of current U.S. law, cover
activity clearly prohibited under existing U.S. laws, and be effectively
tailored, with strong due process and focused on criminal activity. Any
provision covering Internet intermediaries such as online advertising networks,
payment processors, or search engines must be transparent and designed to
prevent overly broad private rights of action that could encourage unjustified
litigation that could discourage startup businesses and innovative firms from
growing.

We must avoid creating new cybersecurity risks or disrupting the
underlying architecture of the Internet. Proposed laws must not tamper
with the technical architecture of the Internet through manipulation of the
Domain Name System (DNS), a foundation of Internet security. Our analysis of the
DNS filtering provisions in some proposed legislation suggests that they pose a
real risk to cybersecurity and yet leave contraband goods and services
accessible online. We must avoid legislation that drives users to dangerous,
unreliable DNS servers and puts next-generation security policies, such as the
deployment of DNSSEC, at risk.

Let us be clear—online piracy is a real problem that harms the American
economy, threatens jobs for significant numbers of middle class workers and
hurts some of our nation's most creative and innovative companies and
entrepreneurs. It harms everyone from struggling artists to production crews,
and from startup social media companies to large movie studios. While we are
strongly committed to the vigorous enforcement of intellectual property rights,
existing tools are not strong enough to root out the worst online pirates beyond
our borders. That is why the Administration calls on all sides to work
together to pass sound legislation this year that provides prosecutors and
rights holders new legal tools to combat online piracy originating beyond U.S.
borders while staying true to the principles outlined above in this
response. We should never let criminals hide behind a hollow embrace of
legitimate American values.

This is not just a matter for legislation. We expect and encourage
all private parties, including both content creators and Internet platform
providers working together, to adopt voluntary measures and best practices to
reduce online piracy.

So, rather than just look at how legislation can be stopped, ask yourself:
Where do we go from here? Don’t limit your opinion to what’s the wrong thing to
do, ask yourself what’s right. Already, many of members of Congress are asking
for public input around the issue. We are paying close attention to those
opportunities, as well as to public input to the Administration. The organizer
of this petition and a random sample of the signers will be invited to a
conference call to discuss this issue further with Administration officials and
soon after that, we will host an online event to get more input and answer your
questions. Details on that will follow in the coming days.

Washington needs to hear your best ideas about how to clamp down on rogue
websites and other criminals who make money off the creative efforts of American
artists and rights holders. We should all be committed to working with all
interested constituencies to develop new legal tools to protect global
intellectual property rights without jeopardizing the openness of the Internet.
Our hope is that you will bring enthusiasm and know-how to this important
challenge.

Moving forward, we will continue to work with Congress on a bipartisan basis
on legislation that provides new tools needed in the global fight against piracy
and counterfeiting, while vigorously defending an open Internet based on the
values of free expression, privacy, security and innovation. Again, thank you
for taking the time to participate in this important process. We hope you’ll
continue to be part of it.

Victoria Espinel is Intellectual Property Enforcement Coordinator at
Office of Management and Budget

Aneesh Chopra is the U.S. Chief Technology Officer and Assistant to the
President and Associate Director for Technology at the Office of Science and
Technology Policy

Howard Schmidt is Special Assistant to the President and Cybersecurity
Coordinator for National Security Staff

Check out this response on We the People.

Stay Connected

Stay connected to the White House by signing up for periodic email updates from President Obama and other senior administration officials.

 

The data standardization within Google Product Search has put like products from very large retailers capable of deep discounts in the same page product lineup with smaller merchants who cannot compete on price. The smaller merchants who would generally seek to make their listing somewhat unique to grab longtail product searches can no longer do that. Smaller merchants in the product lineup with Pet Smart for example, have few options to elicit a click from a searcher.

For example, if I search on Google.com for "pet gear" I am given the following product choices:

Obviously, being a "regular shopper" I select the product with the stars! I am taken to a page where Google offers me the following retailers:

1. Amazon.com
2. Walmart
3. Buy.com
4. Sam's Club
5. Sears
6. Overstock.com
7. The Sportsman Guide
8. Meijer
9. Wayfair
10. eBay

I find it rather funny that the Sam's Club price is $12.16 more than Walmart. However, this set of results most disturbs me because nearly ALL of these pampered results are using a very "vanilla", UN-engaging, unimaginative, duplicate product description! That's a real pisser huh?

Nope, the real pisser is that hiding in the lower left under these results is....... the rest of us!

Soooooo, I click the next arrow 2 times before I find a single small retailer! I know you're probably mad, but it gets worse. I click and click all the way to page 5 of the results before finding a unique product description! That's bullshit!

Corporate America strikes again, the "little guy" is forced to reduce cost in order to compete.... Profit becomes nil and the retailer fails. All this while companies like Walmart continue to bankrupt manufacturers with their volume pricing demands so low that the manufacturer makes no margin. So, since Walmart eats companies, does this mean that someday there will be no choice, but rather companies like Walmart will become all their is.... "The Walmart Effect".

Is Walmart Good for America? provides a provocative examination of the impact
Wal-Mart has had on the U.S. economy. The documentary highlights the changing
relationship between manufacturers and the so-called "big-box" retailers, exemplified by
Wal-Mart, that has contributed to the bankruptcy of some American businesses and a
growing unemployment rate. While Wal-Mart supporters tout the advantages of one-stop,
low-cost shopping, others are alarmed at both the outsourcing that has made these low
prices possible and how large retailers affect smaller, local businesses. FRONTLINE
examines the winners and the losers as it documents how:
• Global retailers are superceding manufacturers in making decisions about
product quality, type and price.
• A basic flaw in the United States-China trade relationship is that we can afford
to buy Chinese products, but they cannot afford to buy ours.
• Wal-Mart has approximately 6,000 global suppliers; 80 percent of these are
from China.
• China is becoming the biggest producer of high-tech products in the world.
• TCL, a Chinese company, is now the largest producer of televisions in the world
and almost all of their U.S. exports go to Wal-Mart.
• The United States is exporting raw materials to Third World countries and
importing their manufactured products, which is a reversal of former economic
relations.
• In 2003, the United States had a $120 billion trade deficit with China and it is
expected to be even higher in 2004.

So what is Google's part in all of this?

I am seriously disturbed that, whether intentionally or not, Google is laying the framework for a capitalist shopping experience on their platform. This is America, our uniqueness, intuitiveness, drive, ambition and imagination make great companies.... Such as Google even. How can a company as big, powerful, American and creative "eat" these small retailers?

Due to recent change to item and feed limits, you may experience errors when submitting your items or registering a new feed.

Tuesday, November 22, 2011 | 3:43 PM

Labels: alert

Google recommends that data feeds be under 20MB for upload within Google Merchant Center, while scheduled fetch and FTP uploaded feeds can be up to 1GB. Compressed feeds must be under 500MB or you will need to split them in to 500MB or less files.

While most will not be affected by this, I think new feeds will come under deeper scrutiny with regard to size, data quality, freshness and so on.

Where Have all the Sitemaps Gone?

Odd indeed! However, the reason for the post is more for you to go check and make sure everything is in order in your webmaster's tools. Holiday shopping is already on the rise, we cannot afford to let a simple thing like this escape our grasps. So login to your Google Webmaster accounts and check under

Site Configuration >> Sitemaps

If you have missing sitemaps as well, we would love for you to comment so we can determine if Google is just picking on us... sob =)

***Update several customers websites (all old ones, verified and submitted long ago) are missing their sitemaps as well!

Preparing for Holiday Shopping

Here is a pretty helpful list of things to check, secure and generally optimize to make sure your company, website and customer service are all shored up and ready to bust out the best sales numbers of the year.

Remember, that although "Black Friday" is generally known as a physical shopping day you will still see increased sales. Many retailers are controlling the masses of people flooding their brick and mortar storefronts with special holiday bonuses, sales and deals for shopping online.

From "Black Friday" you move in to "Cyber Monday", which is your day as ecommerce owners. "Cyber Monday" is the day that shoppers shop from work to get holiday bargains and things they need for the gift giving season. Note that the biggest time of the day you will see traffic is lunchtime EST. While many shop on the clock, many more will eat at their desk shopping away their lunch hour.

Being prepared for these sales is certainly no joke and requires that you put forth extra effort and planning to be successful. Here is a list to get your brain juices flowing.

• Check your website for broken links (http://validator.w3.org/checklink)
• Place several orders on your website. Check the flow, ease and function in FireFox, IE and Chrome browsers.
• Check that there are no "broken lock" errors for your SSL pages in your checkout. (http://pro-webs.net/blog/2009/08/26/ecommerce-checkout-suicide/)
• Contact information on your website is prominent, easy to find and use.
• Shipping fees, holiday shipping schedule and return policy are clearly stated in the simplest manner possible, with high visibility.
• Special sales, coupons and shipping campaigns clearly posted.
• All specials for each sale are in place and any product data feeds (such as Google Shopping) are up to date.
• Check your bandwidth (transfer) use for the month and make certain your hosting account has enough to cover a 100% increase.
• Check that you have ample products in stock and ready to ship.
• If you are using an API such as USPS, FedEx or UPS to deliver shipping quotes make certain that you have a standard table, flat or zone rate turned off but configured for use if the API for your carrier fails. This has happened in the past and can be down for days.
• Check with your processing gateway to make certain that daily and transaction limits are going to be adequate for the increased sales. We certainly don't want to lose sales because we have done to much sales in a day!
• Make sure you have ample staff to handle calls and emails.
• Ready to ship? Don't wait, start shipping orders as quickly as you can. Many times very quick shipping notifications will lower canceled orders and actually help promote your store with your shopper's co-workers and friends.

Holiday Marketing Ideas

Holiday marketing techniques are a dime a dozen, and you cannot do them all. However, have a look at the ideas below to see if any will help you in your niche to maximize sales this holiday shopping season.

Email Marketing

If you plan to do an email blast for Cyber Monday... You better get it out by Saturday night. Many people will shop from work on Cyber Monday. Get them your deals early so they can take it to work.

Use a awesome subject line to engage the shopper. Most people will read the subject at least before deleting your email, so your subject alone carries most of the burden in email marketing.

Keep the email, clean, informative and short.... Holiday shoppers are an impatient bunch.

Segment your email list to help you send offers best related to your shoppers. If you are using email software to segment your list, now is the time to flex your marketing mojo by hitting each of your segments with a planned and targeted email offer. Cyber Monday is not the only opportunity this holiday season.... so make certain you also have the ability to properly measure your results for improvement.

Consider offering special coupons or information to your subscribers only.... They are generally intrigued and will check it out!

Linkbait - PR

Any kind of great link / promo bait is going to be very effective... For example, create a press release that Santa himself or one of his elves is at your shop answering your phones. This will get people's attention and if you have the right product, folks will be happy to spend money in your store... Not to mention all the great social share links you can grab as well.

Funneling

Create a category and link products in to a "gift giving", "gifts for her" or "holiday gifts" category for quick access and promotion of products that are expected to make great gifts for holiday shoppers.

Promos

Offer free anything... Free gifts, free shipping, free gift wrapping, BOGO etc. Free is always good marketing.

Run silly and fun Holiday Pay Per Click Ads... Target some very tight terms and throw up Ads like, Santa dropped the load at our shop! This will grab attention and get some folks in your door... send them to a page with great deals and Holiday offerings.

Submit a Holiday themed coupons to a bunch of FREE coupon repositories.

Offer gift certificates in BOGO or get $20 for $15 types formats.... Shrink on these is awesome. Make sure you advertise that your Zen Cart can deliver these to anyone, anywhere in an email!

Run a holiday contest or give away in your shop... Customer # 333 will receive a $25 gift certificate for their next purchase... Then track the winners and results in a very prominent location for all to see. this would make an awesome Facebook promo!

Add special product bundles to your store, Holiday shoppers are in a rush and will be more inclined to checkout with a item bundle containing everything they need... Like the mp3 player, case and headphones all in one shot.

Swap out some template images for Holiday themed, feel good images to get your shoppers in the "mood". Maybe even make it snow on your website with a pinch of Java Script!

Advertise your ability to ship directly to the gift recipient and offer holiday wrapping and gift messages.

Addon Orders - Offer a coupon, which very simply enables the shopper to return in a set time frame (such as 24 hours) to shop for more items and pay no additional shipping for the additional items; the orders are combined.

Include a coupon in your order confirmation emails to entice shoppers to return again. How many times have you shopped for your early and then had to return to the same store later and shop again. Bounce back coupons are 100% safe as they do not affect the checkout ability of the current order, but rather attempt to get the shopper to return for additional sales.

Shoppers are in an absolute crazy frenzy this time of year. They are shopping around, price and selection and service checking... Comparing shipping and delivery options. Often in this process the can get "lost". If you are using the abandoned cart module for Zen Cart, you have the opportunity to "recover" these lost sales by emailing them their cart contents and a nice letter to persuade them to return and checkout.

If you are using Facebook, Twitter or any other social media platform, then use it to maximize sales this holiday season. Offer "Facebook Only" specials, promos, gifts and coupons, write about great gift ideas and ask for others from your fans... Most importantly make sure your fans know you HAVE the holiday spirit. Believe it or not, people want to know that you are a company comprised of "real" people and are not all business this holiday season.

Use gift selectors like "gifts for guys", "gifts under $50.00" and other vertical browsing options to help shoppers better find and BUY what they need. This type of ease in shopping can easily convert a "one item cart" sale in to a really nice order. Shoppers appreciate this and will share their ease in shopping with friends as well.

Shipping

Shipping promotions is big business in the holiday season. Free shipping is always a huge holiday shopping promotion. I, however, prefer to use the "spend x$ to get free shipping" type promotion. This guarantees a minimum (necessary) profit margin, increased your average order total average and adds additional sales you may not have gotten otherwise. You will find holiday shoppers more likely to stay on site longer, navigate deeper and find more things to purchase in order to attain free shipping.

A guaranteed delivery promo is most effective the closer we get to Christmas. It can be bit tough to administer, but can also maintain the holiday sales increase for another week to 10 days past the "grey shipping period". Big money here, but plan and explain carefully, as it only takes one bad shopping review to ruin the remainder of the year's sales.

Once more for emphasis... Don't wait, start shipping orders as quickly as you can. Many times very quick shipping notifications will lower canceled orders and actually help promote your store with your shopper's co-workers and friends.

Securing Zen Cart

Securing your Zen Cart is not a very challenging task, but not doing so can be a very expensive venture. In this age where hackers are the best programmers on the planet and credit card company fine up to $10K, there is no excuse not to hold your site's security at a high priority. Ignorance is not an excuse either... Visa, MasterCard Amex etc will still fine you even if "you didn't know". It's your website and thus your responsibility to know. My intention today is to give you a list of easy to intermediate things to do to secure your Zen Cart.

Keep in mind that different hosting configurations have different strengths and weaknesses. It is always a good idea to ask your hosting support for help and advice. If you have any comments, questions and even suggestions to add we would love to hear from you.

Installation

After installing your Zen Cart there are several things which need done to improve it's performance and security.

• Remove the following installation and tool folders. Here is a list of free FTP programs.

/your_catalog/docs
/your_catalog/extras
/your_catalog/zc_install
/your_catalog/install.txt (this file can be removed, too)

• You will need to rename your admin directory if you haven't already. Here is a tutorial from Zen Cart.
• Now you will need to lower the permissions on your configure files. These should be as low as you can go. Start at CHMOD 400 and go up from there and no higher than 644. You will likely need to login to your hosting control panel file manager to do so.

/your_catalog/your_admin/includes/configure.php
/your_catalog/includes/configure.php

• If you do not sell downloadable products in your cart then in your admin navigate to Configuration >> Attribute Settings and set Enable Downloads to false. Then remove the following folders from your installation.

/your_catalog/download
/your_catalog/media
/your_catalog/pub

• In /your_catalog/ for Apache users (this is most all of you) edit the .htaccess. If you haven't one create and upload a text file named .htaccess. When using both FTP or file manager you will need to have "show hidden files" enabled for this. Add the following lines and save. I have specifically kept this rather basic, if your site crashed when you save it... remove the .htaccess and send it to your webhost to format better for your server config.

Options +FollowSymLinks All -Indexes
RewriteEngine On
RewriteBase /
ServerSignature Off
<Files .htaccess>
order allow,deny
deny from all
</Files>

Operation & Performance

• Go to Admin > Configuration > Email Options > Allow Guest To Tell A Friend and set the option to false. This will prevent non-logged-in customers from using your server to send unwanted email messages.
• Go to Admin > Configuration > Email Options > Emails must send from known domain? = True
• Go to Admin > Configuration > Email Options > Audience-Select Count Display = False (for performance)
• Go to Admin > Configuration > GZip Compression = True (performance)
• Go to Admin > Configuration > Sessions > Verify that the Session Directory is correct
• Go to Admin > Configuration > Sessions > Force Cookie Use = True (this is optional and does not perform correctly on all servers)
• Go to Admin > Configuration > Sessions > Recreate Session = True If your webhost tells you otherwise, then find proper hosting. This WILL allow session hijacking if set to false.
• Go to Admin > Configuration > My Store > Server Uptime = False, security PCI fail
• In your images folder and cache folder an .htacess should already exist, but if not get one from a fresh Zen Cart installation copy.
• Folders should be CHMOD 755 and files (except your configure files) should be 644.
• Remove the print URL feature from your browser (Zen Cart tutorial)
• Limit admin access to only the required people. Create each their OWN admin account in Tools > Admin settings. Then install the admin logging report module so you can see what people are accessing and catch access issues when needed.
• Do not leave your admin open and walk away. Avoid having your admin open with other webpages in the same browser.
• DO NOT access your admin on an open or unsecured public network and NEVER access your admin with a mobile device.
• Enable log archiving in cPanel or other hosting control panel.
• Make certain (check with your webhost) that FrontPage Extensions are not installed.
• Make certain your webhost is running a proper server firewall application.
• If you have SSH access and you use it, its password should be exceptionally strong, 16 random characters or more. If you have SSH access and you don't use it, disable SSH so nobody can use it. There is sometimes an SSH control switch in cPanel. For reseller accounts and dedicated servers, there is a switch in WHM.
• Turn off the following in your PHP config (will likely need your webhost to do this). register_globals, expose_php and safe_mode.

Maintenance & Procedure

• Change all passwords every 90 days. Use strong passwords with numbers, letters, mixed case and symbols. Here is a great generator for passwords. Your are required by PCI/DSS standards to do this, have the procedure documented in your companies procedures and log the changes as they happen.
• Do not store credit card information anywhere.
• Get a PCI scanner to scan your website and office network every 3 months minimum. We use Trust Guard, but any approved scanner is fine.
• Make frequent backups of your shop and database. Your hosting company can setup a daily backup for you. We run daily backups and keep the most recent daily, weekly and monthly backups on hand for restore.
• DO NOT store your passwords in any digital format. email, Word Docs, etc... Pen and paper only if you must write them down.
• Scan your computer regularly and keep your virus definitions up to date at all times.
• Keep ALL software on your computers up to date (especially Adobe products). This includes browser plugins.
• Check /your_catalog/cache/ frequently for debug files which would indicate an error or issue.
• Create specific admin, FTP and other access for each vendor allowing them only the required access and remove access when completed.
• Keep all web software (Zen Cart, WordPress etc) patched and up to date.
• Always use SFTP or FTPS to access your files.
• Do not rename files to .bak, .old, nor any other invalid file extension. Use .txt for example.
• Protect new directories. Every single directory should be protected from directory browsing. This is most easily accomplished by using a blank index.html in each.
• Keep a complete list of your site files in a "known good" backup on a disk other than your webhost, such as your own computer.

Remember ignorance will not save you from fines, loss of merchant processing and being sued. You must take action and secure your website, it is simply not optional.

According to Google, search queries can be classified into action queries ("do"), information queries ("know") and navigation queries ("go").

So the very content we use on our pages to drive conversions can also help Google deliver you more "doers" than"knowers". The challenge, as it has always been, is to create content which:

• Answers all of the shoppers questions
• Engages him
• Causes him to make a purchase (add to cart)

Some of these things we are inherently going to be quite good at, based on our own personality and experiences.... However, I rarely see shop owners who hit all 3. Lets have a look at some examples:

This example is your basic "Information Overachiever". There is so much information here that as a shopper I am perhaps even overwhelmed. The lack of natural content coupled with the very direct add to cart area may make this page uncomfortable for many shoppers. Kind of like that guys who follows you around the store from the door and won't leave you alone.

Here we have a much softer sell, but it lacks the "wow" of the informational listing. This format creates trust better and delivers a more comfortable feel to the decision to make a purchase. Keep in mind that many times your needs will be specific to your products or niche as well.

This is a nice product page layout. Easy to read, scan and understand. It is a significantly "softer" sell, but instills confidence to make the purchase. Visually the images are large enough and plenty, while the information is both natural and detailed.

So we can see that different layouts have different strengths, but what about the actual words?

The words that you use to describe your content should be presented naturally in the same manner as you would attempt to sell the product on the phone. Using alternate names, slang and layman terminology will help Google deliver your products for the natural language people search with. There is not point in ranking number 1 for a roro widget, when everyone refers to it as a rooo for example.

Lastly, to help the search engines understand the actionable nature of your product pages you should includes words such as "buy", "purchase", "shop online" etc. When including these types of action phrases it will be most effective to string them along a keyword for the product. something such as "When buying a roo online, you have several options for color, size and delivery". It's way too easy to get spammy when trying to create actionable content... so pay close attention to the perceived intent of the words you chose.

A great example of this type of short sited issue can be found in "Crawl Errors" under your Diagnostics bar. This tool has been a source of unending frustration... always. Why?

There is a very simple stupid reason why.... Business website owners haven't the knowledge to understand that blocking pages in robots.txt is important and they are NOT crawl errors in the layman's sense in which they are presented!

Now the new Google Webmaster Tools Site Health feature seeks to label blocked pages such as tag pages, archives and even damn uploads directory stuff like images as a "SEVERE HEALTH ISSUE FOUND ON YOUR SITE!". Yes, they even have a little RED exclamation point.

Click to Enlarge

So in our webmaster tools account we have 2 of these sites (at the very top of the main dash page), that have severe health issues. Both sites have only 1 ding.... The first has tag and archive pages blocked in robots.txt (well... duhhhh), while the second has its WP uploads directory content blocked (which is blocking an image of obvious huge importance?).

The problem? Google has first alarmed the user with strong, scary text (Severe health issues are found on your site), images and colors. Secondly, telling the user that an archive page for example, blocked in robots.txt is an "important page". So the user, who is probably just a business owner.... Hurries to pay their IT guy to unblock this "important page", so Google can omit it from the search results for duplicity and "low quality".

Seriously, I really doubt that Google gives these things a second thought..... But I can assure you that these short sighted and somewhat lazy generalizations in the language and presentation of informational data being reported as problematic causes many Google users grief! Don't get me wrong, I appreciate the tools.... They just seem to lack the dedication to present data accurately. Is it really too much trouble to include data like this as informational as opposed to "alarming issues"?

Google's Snake Oil Sales

I have in the past defended Google's business practices and desire to make the index a more user friendly and productive experience..... BUT now I'm not so sure Google isn't the capitalists that many claim they are.

So here's the deal.

As search becomes an increasingly customized experience, particularly for signed in users, we believe that protecting these personalized search results is important. As part of that effort, today the Google Search team announced that SSL Search on https://www.google.com will become the default experience for signed in users on Google.com (see the Official Google Blog post to learn more). Protecting user privacy is important to us, and we want to take this opportunity to explain what the Google Analytics team is doing to help you continue measuring your website effectively in light of these changes.

How will this change impact Google Analytics users?
When a signed in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google “organic” search, but will no longer report the query terms that the user searched on to reach your site. Keep in mind that the change will affect only a minority of your traffic. You will continue to see aggregate query data with no change, including visits from users who aren’t signed in and visits from Google “cpc”.

Now in a more digestible language. When a searcher is logged in to ANY Google service and uses Google.com we will no longer get to see what the searcher searched for. For example:

If I have a page about crab apples and am getting a great deal of traffic I cannot see if Google understands the page.... Because I cannot see what is being searched for by logged in users. They could be searching for green apples, in which case my page needs better topical information to help searchers who are looking for crab apples find it.... AND to stop the frustration of searchers who are looking for green apples and finding my crab apples!

Google plays this out as being a small percent of all searches..... But with the stickiest damn cookies of any service in the world you are always friggin logged in! Google +1, Analytics, Gmail, Google Aps, Moodle, Google Shopping.... you name it and you are logged in. Come back in 2 weeks and you are STILL LOGGED IN!

Google claims this is an effort to protect the privacy of searchers. So, only logged in searchers are worthy of protection? Worse than that, NO PII is released in provided searcher's queries... So this is NOT at all a privacy issue. Fact, all statistical formats for websites will lose the ability to see Google referrers with queries for logged in customers.... EXCEPT Google Adwords, which will continue to have this "protected data". So, this looks bad for Google.... It's only private data if we are not paying Google for traffic? Bullshit!

So the question in my mind just begging to be asked... "Has Google collected, restricted availability and charged for and thus created a Monopoly on search data from the worlds largest market share of users?" I suspect we will see this information available to Premium Analytics Users (who PAY) as well. I think this is an outright attempt for Google to maintain it's already prominent market share, while using the data collected by Google users for profit ONLY.

You see, in your Google account you have ALWAYS been able to turn off the collection of this type of non-personal data. Google isn't worried about your privacy, they are worried about their pockets. I realize that many non-web people will not understand this, but I think presented in the true light, anyone can see Google is taking non-personal data collected to make the searchers experience, websites and usability better out of the hands of the webmasters and selling it to the people who pay to have your search data.

Here are some comments from the blog post I found interesting:

ADN said...
Where's the -1 button?

admin said...
It's a big, big BS...we are getting summary of those searches, and we can't see the "personal data" and searches done by a certain user...

Martin Aberastegue said...
This really sucks, I'm sure you will be providing this on the premium version. And why this only affects to organic and not paid search too? This is BS....

Claye Stokes said...
Showing search queries for CPC suggests that you're not really interested in making search more secure, as the title is trying to spin it.
What gives?

Anonymous said...
And how is this a security feature? That same SSL connection is obviously working fine for non-Google users and PPC hits, so there is no technical barrier. So really it's not the SSL security that changed; it's that Google's "protecting" Google users from GA users. Aka, us.

pittfall said...
FAIL
Analytics data is already private... I don't see "John Doe" searched for this keyword in my reporting.
If Google wants webmasters and marketers to be able to improve their websites for visitors, then this data would remain as is. This is imparative to providing the best landing page and experience. Example: if Google determined that a single page ranked for two keywords and one has a better experience for keyword 1 but not for keyword 2 then a webmaster would work to build a better page for keyword 2, however, if the data is split in half or more people using keyword 2 are signed into their Google account, you wouldn't be able to provide a positive experience.
Who is looking out for the visitors?

In closing.... I am LOGGING OUT OF GOOGLE. I may even dump our company's Google Aps for a less carnivorous company.

Well, Matt is NOT saying Google ranks pages based on spelling ... But rather he is saying there seems to be a correlation of higher PageRank/Reputation for websites/pages with proper spelling. While he states very clearly that "last time he checked" it was not used as a "direct"  ranking signal, however, it does seem obvious that some signal is picking this up. He even goes as far as to suggest it should be a ranking signal.

Turns out, in our experience, the more reputable pages do tend to have better spelling and better grammar.

I think Matt hit on a couple of key things on this subject that easily translate in to our current experiences with the Panda update. Using words like "trust" and "user experience" tell me that while it may not be a direct ranking signal.... It is being signaled from other relevant areas such as we see in the quality guidelines Google has given us in regards to Panda.

I endeavor to spell correctly.... Check my work and ALWAYS view every page I publish in the strictest of view, but I make spelling errors occasionally and my grammar sucks. I actually had a customer report a spelling error on a page recently that was 3 years old! UGH

So, in closing, I think this is just another thing you should not stress over, but do make an effort to use better spelling and grammar as I am certain in the current climate of Google it IS being signaled from somewhere. It's much easier to fix one big thing than to chase 200 little things, but as Google knows, it's the little things that make the best search experience. If I were you, I would try to see things in that light and fix what you can, as you can ... instead of picking one tiny piece such as speed or spelling and obsessing over it.

This has been a long haul for many shop owners, I see it and we ourselves are living it as well. I think the perception is part of the problem. I try very hard to "put myself in Google's shoes" and see how I would run such a global business. I think I would run Google, very similarly as Google is proceeding. I would want safe, quality and transparent search results for my users as well. So, having said that I honestly might not even be as fair and transparent as Google is. For example, I would certainly go out of my way to point people in the right direction.... But I would hardly spend countless resources to hold these webmaster's hands as Google does.

So in thinking about these changes, we should likely be grateful that Google aspires to help us... help our stupid selves.

As panda continues to evolve we are seeing the implementation and tweaking of the very transparent set of quality guidelines Google provided months ago. If you haven't looked at these very direct "gudielines" from Google or have discounted them as BS, then you are hurting yourself.... and it's NOT Google's fault. Fact is, it's time to quit whining and get to work if you intend to be successful in your web presence. Having said that, Matt Cutts announced another "Panda tweak" on 10/5/2011.

Matt Cutts Panda Update Tweet

While perspective is certainly a driving force for all of us.... Understanding is a much higher quality signal for us. This Tweet does NOT say your website is going to tank, it does NOT say that the changes are permanent (thus the use of the word flux) and it does NOT say that all websites are affected. Matt Cutts is a very educated guy and I would expect that his choice of words is nothing short of intentional.

This Tweet from Matt DOES say the Panda update has been tweaked, that less than 2% of Google indexed websites are affected and that the change is NOT necessarily permanent (flux). So, while I'm certain many of you are sitting there in panic mode with your finger of the change everything trigger... I suggest you relax and read thoroughly what Google wants ... Then comprise a plan of attack to meet those guidelines and proceed in an orderly fashion!

I'll make this statement: meta keywords is a signal. One of roughly a thousand we analyze. Getting it right is a nice perk for us, but won't rock your world. Abusing meta keywords can hurt you.

How MSN typical is that?

The entire search community is trying to fix the spam while Bing seeks to perpetuate it further. This is NOT 1997 anymore. Even at "one of a thousand signals" it's a ridiculous statement and signal. So in this page I can say in a proper Meta Keyword Tag that the post is about red tomatoes ( have a look for yourselves =P ) and Bing will actually consider this stupidity which is hidden from normal users?  Really dumb guys!

This from the folks who took 4 years to realize that we use no WWW in our urls.... The forced redirect was literally ignored by Bing for 4 full years and whose own design staff has to use a ton of IE hacks to display their OWN damn pages. So Microsoft just handed all the motivation the spammers need to begin adding a thousand keywords stuffed in the head of their pages and cause us unsurpassed frustration trying to explain to clients that the Meta Keyword tag is NOT going to help them rank... Unbelievable!

This, like many things, requires a balance. So my theory has always been this...

When you create pages, use the W3C validation tool to check your work. My personal expectation is to set out to fix every error and warning, but not at a loss of display, usability or general "coolness" of the page. Most times upon validation you will find a bunch of simple errors which are easily repaired. Issues such as unclosed tags, unescaped ampersands and such are quickly and easily fixed! In fixing these you learn to create better code in the first place... and the task gets easier and easier.

Big errors such are missing divs, missing alts, titles and such DO affect the page's usability and ability to be displayed and crawled correctly. These things should always be fixed. Again, don't get obsessive... Fix what you can, leave the rest and move on. If you think I'm kidding, checkout the 359 Errors, 293 warning(s) on Google's post page above for this announcement. And yes... most of these should be repaired as they are easy or affect usability.

Ages ago in the SEO business we frequently used a term called "link bait".  This term is a simplified way to say the content on the page is so good/needed/fun/exciting etc that people want to link to it naturally. This is actually a concept that I have embraced since day 1. I aim with every keystroke to create content you will want to share. I am not always as successful as I would like, but most times am quite successful. The very anatomy of creating link bait is exactly what Panda is looking for in their signals.

Ask yourself these questions:

• Is my content personable?
• Is my content funny, exciting, important?
• Are people engaged when they read my content?
• Is my content structured to be  easy to scan, read and follow?
• Is my content directed at the reader specifically?

These types of questions will help you to understand what people and Google wants, as well as creating a more effective content delivery structure. For ecommerce, these items are a bit more challenging. Sure, we can build everyone a blog to deliver higher quality content, but those lousy pages will still bring down the whole site. This is exactly why you need a new thought process to implement the changes needed for Panda.

Blogging is obviously an easy way to deliver compelling content to your readers, build authority and create great link bait... But what about those booooring product pages?

Product pages are at a disadvantage to begin with. Let's face it, we need the specs, numbers and all the boring data that goes with the product. However, no where is it written that's all you need! What about your own experiences with the product? Innovative uses and information? This is the type of information that Google is looking for.

I always tell shop owners to create product descriptions in a natural language using the same words that they would use to "sell" this product on the phone to a shopper. The reasoning for this is quite logical.

• If you cannot see me I am at nearly the same disadvantage as your website
• I will use descriptive words that you know and recognize to convey my sales pitch.. they are probably the same words you are searching for =)
• I will tell you my own experiences, similar products or better options
• I will talk to you... Not at you

This really makes it easy to see why I have said this... and why Google wants you to create personable and compelling content. I think that the ecommerce masses are just too lazy to approach each product page the way they would a face to face sale. For those of you who fall in this category... Sorry I can't help you. Those of you who want to create a great user experience on your website... C'mon in, we can help you.

Rand Fishkin of SEOMoz has created a "Whiteboard Friday" video that every single one of you should watch. Rand has a unique way of explaining things in a easy to follow manner and this video will help you help yourself.

I have always noticed when I blog that the more personable and sometimes passionate way I present a topic... the more visits. For example, and I am not suggesting you do this for your own website, but If I swear in a blog post... It will have 2x more traffic that average! Damn crazy huh? The reason is actually pretty simple. When I write, especially when I am fired up, it is very passionate... People are engaged. This is the goal right?

I think each of you should set a plan to do the following:

• Fire your SEO content writer. Write for yourself or even use customer provided information... How about hiring a regular "joe" from your niche to write for you? I bet he's even cheaper!
• Set a goal to rewrite x amount of product pages a week. Don't do hundreds a week, we don't want you to tank in search results because of the flux you create by changing so much at once.
• Seek out and destroy crappy pages on your website. To hell with blocking them, unless they are absolutely required get rid of them. Not good enough for Google, then not good enough for your shoppers.
• Ask 10 friends to shop on your website and give you their thoughts about trust, usability, navigation, presentation and WOW. Then listen to what they have to say... Do not make a bunch of bullshit excuses as to why you know better than them!

Doing these things in a controlled manner will begin to resolve your Panda issues and build your freshness, authority and other ranking metrics right along side. How often do you get a win win? So, yes, it's hard work.... But it's inexpensive and easy to do.

• First make sure you are using the Facebook Like button on your product pages. Next you are going to add a simple edit to your html_header.php
• So navigate to includes/templates/your_template/common/html_header.php and back it up!
• If you lack a html_header.php in that loaction got to includes/templates/template_default/common/html_header.php download it and upload it to includes/templates/your_template/common/
• Now, at some logical location we will add one line of markup using the Facebook Open Graph protocol for the meta property="og:image"
• Generally speaking we want to add this without breaking up a php process. I suggest you add it right after <?php } //endif FAVICON ?>

You will be adding the following line:

<meta property="og:image" content="<?php echo zen_image(DIR_WS_IMAGES . $product_info->fields['products_image'], $product_info->fields['products_name'], IMAGE_PRODUCT_LISTING_WIDTH, IMAGE_PRODUCT_LISTING_HEIGHT) ?>"/>

That should do it, now Facebook should use your product images and not some rogue image from wherever they decide to latch on to. Please click here to download the text version of these instructions to avoid issues. Like us to install the Facebook Like, Facebook send and this image fix for you? Order the Facebook Like installation for your Zen Cart and get it half off until 8/1/2011 with coupon code BLOGREADER.

If you do any email marketing at all, you know that keeping your list free of invalid email bounces is a primary objective. You see, when you send your newsletters networks, email apps, web hosts and other ISP related services monitor the number of bounces received from an individual host/IP. So if you send out 600 newsletters and 14 to ATT/Yahoo bounce you are likely to get blacklisted. It's a simple way for big networks to monitor and keep email spam down.

These innocent emails let the marketer spammer know in advance that your email address is valid! You may have also heard about the famous "unsubscribe validation" technique. This is similar to the emails we have received, but with more risk. They send an email to a purchased email list for example, and then monitor the bounces as well as noting the unsubscribes, which are definitely valid email addresses!

Neither one has a singular defense that you or I can take.... But spamming them is always the best idea. Additionally, if you simply forward a "spam" email to spam@uce.gov.

What Can I Do With the Spam in my In-Box?

Report it to the Federal Trade Commission. Send a copy of unwanted or deceptive messages to spam@uce.gov. The FTC uses the unsolicited emails stored in this database to pursue law enforcement actions against people who send deceptive spam email.

Let the FTC know if a "remove me" request is not honored. If you want to complain about a removal link that doesn't work or not being able to unsubcribe from a list, you can fill out the FTC's online complaint form at www.ftc.gov. Your complaint will be added to the FTC's Consumer Sentinel database and made available to hundreds of law enforcement and consumer protection agencies.

Whenever you complain about spam, it's important to include the full email header. The information in the header makes it possible for consumer protection agencies to follow up on your complaint.

Send a copy of the spam to your ISP's abuse desk. Often the email address is abuse@yourispname.com or postmaster@yourispname.com. By doing this, you can let the ISP know about the spam problem on their system and help them to stop it in the future. Make sure to include a copy of the spam, along with the full email header. At the top of the message, state that you're complaining about being spammed.

Complain to the sender's ISP. Most ISPs want to cut off spammers who abuse their system. Again, make sure to include a copy of the message and header information and state that you're complaining about spam.