Developers should learn the basics of Meta Tags : Scott Clark

Contributed on Webdeveloper.com

With all the new HTML tags that are coming out, it’s easy to overlook some of the greatest tools in our arsenal of HTML tricks. There are still a few HTML goodies lying around that’ll help you keep your pages more up to date, make them easier to find, and even stop them from becoming framed. What’s more, some of these tags have been with us since the first Web browsers were released.

META tags can be very useful for Web developers. They can be used to identify the creator of the page, what HTML specs the page follows, the keywords and description of the page, and the refresh parameter (which can be used to cause the page to reload itself, or to load another page). And these are just a few of the common uses!

First, there are two types of META tags: HTTP-EQUIV and META tags with a NAME attribute.

HTTP-EQUIV
META HTTP-EQUIV tags are the equivalent of HTTP headers. To understand what headers are, you need to know a little about what actually goes on when you use your Web browser to request a document from a Web server. When you click on a link for a page, the Web server receives your browser’s request via HTTP. Once the Web server has made sure that the page you’ve requested is indeed there, it generates an HTTP response. The initial data in that response is called the "HTTP header block." The header tells the Web browser information which may be useful for displaying this particular document

Back to META tags. Just like normal headers, META HTTP-EQUIV tags usually control or direct the actions of Web browsers, and are used to further refine the information which is provided by the actual headers. HTTP-EQUIV tags are designed to affect the Web browser in the same manner as normal headers. Certain Web servers may translate META HTTP-EQUIV tags into actual HTTP headers automatically so that the user’s Web browser would simply see them as normal headers. Some Web servers, such as Apache and CERN httpd, use a separate text file which contains meta-data. A few Web server-generated headers, such as "Date," may not be overwritten by META tags, but most will work just fine with a standard Web server.

NAME
META tags with a NAME attribute are used for META types which do not correspond to normal HTTP headers. This is still a matter of disagreement among developers, as some search engine agents (worms and robots) interpret tags which contain the keyword attribute whether they are declared as "name" or "http-equiv," adding fuel to the fires of confusion

Using META Tags

On to more important issues, like how to actually implement META tags in your Web pages. If you’ve ever had readers tell you that they’re seeing an old version of your page when you know that you’ve updated it, you may want to make sure that their browser isn’t caching the Web pages. Using META tags, you can tell the browser not to cache files, and/or when to request a newer version of the page. In this article, we’ll cover some of the META tags, their uses, and how to implement them.

Expires
This tells the browser the date and time when the document will be considered "expired." If a user is using Netscape Navigator, a request for a document whose time has "expired" will initiate a new network request for the document. An illegal Expires date such as "0" is interpreted by the browser as "immediately." Dates must be in the RFC850 format, (GMT format):

Pragma
This is another way to control browser caching. To use this tag, the value must be "no-cache". When this is included in a document, it prevents Netscape Navigator from caching a page locally.

These two tags can be used as together as shown to keep your content current—but beware. Many users have reported that Microsoft’s Internet Explorer refuses the META tag instructions, and caches the files anyway. So far, nobody has been able to supply a fix to this "bug." As of the release of MSIE 4.01, this problem still existed.

Refresh
This tag specifies the time in seconds before the Web browser reloads the document automatically. Alternatively, it can specify a different URL for the browser to load.

Be sure to remember to place quotation marks around the entire CONTENT attribute’s value, or the page will not reload at all.

Set-Cookie
This is one method of setting a "cookie" in the user’s Web browser. If you use an expiration date, the cookie is considered permanent and will be saved to disk (until it expires), otherwise it will be considered valid only for the current session and will be erased upon closing the Web browser.

Window-target
This one specifies the "named window" of the current page, and can be used to prevent a page from appearing inside another framed page. Usually this means that the Web browser will force the page to go the top frameset.

PICS-Label
Although you may not have heard of PICS-Label (PICS stands for Platform for Internet Content Selection), you probably will soon. At the same time that the Communications Decency Act was struck down, the World Wide Web Consortium (W3C) was working to develop a standard for labeling online content (see www.w3.org/PICS/ ). This standard became the Platform for Internet Content Selection (PICS). The W3C’s standard left the actual creation of labels to the "labeling services." Anything which has a URL can be labeled, and labels can be assigned in two ways. First, a third party labeling service may rate the site, and the labels are stored at the actual labeling bureau which resides on the Web server of the labeling service. The second method involves the developer or Web site host contacting a rating service, filling out the proper forms, and using the HTML META tag information that the service provides on their pages. One such free service is the PICS-Label generator that Vancouver-Webpages provides. It is based on the Vancouver Webpages Canadian PICS ratings, version 1.0, and can be used as a guideline for creating your own PICS-Label META tag.

Although PICS-Label was designed as a ratings label, it also has other uses, including code signing, privacy, and intellectual property rights management. PICS uses what is called generic and specific labels. Generic labels apply to each document whose URL begins with a specific string of characters, while specific labels apply only to a given file.

Keyword and Description attributes
Chances are that if you manually code your Web pages, you’re aware of the "keyword" and "description" attributes. These allow the search engines to easily index your page using the keywords you specifically tell it, along with a description of the site that you yourself get to write. Couldn’t be simpler, right? You use the keywords attribute to tell the search engines which keywords to use, like this:

By the way, don’t think you can spike the keywords by using the same word repeated over and over, as most search engines have refined their spiders to ignore such spam. Using the META description attribute, you add your own description for your page:

Make sure that you use several of your keywords in your description. While you are at it, you may want to include the same description enclosed in comment tags, just for the spiders that do not look at META tags. To do that, just use the regular comment tags, like this:

!–// This page is about the meaning of life, the universe, mankind and plants. //–

More about search engines can be found in our special report.

ROBOTs in the mist
On the other hand, there are probably some of you who do not wish your pages to be indexed by the spiders at all. Worse yet, you may not have access to the robots.txt file. The robots META attribute was designed with this problem in mind.
meta NAME="robots" CONTENT="all | none | index | noindex | follow | nofollow">

The default for the robot attribute is "all". This would allow all of the files to be indexed. "None" would tell the spider not to index any files, and not to follow the hyperlinks on the page to other pages. "Index" indicates that this page may be indexed by the spider, while "follow" would mean that the spider is free to follow the links from this page to other pages. The inverse is also true, thus this META tag:

meta NAME="robots" CONTENT=" noindex">

would tell the spider not to index this page, but would allow it to follow subsidiary links and index those pages. "nofollow" would allow the page itself to be indexed, but the links could not be followed. As you can see, the robots attribute can be very useful for Web developers. For more information about the robot attribute, visit the W3C’s robot paper.

Placement of META tags
META tags should always be placed in the head of the HTML document between the actual tags, before the BODY tag. This is very important with framed pages, as a lot of developers tend to forget to include them on individual framed pages. Remember, if you only use META tags on the frameset pages, you’ll be missing a large number of potential hits.

Obscure META Tags

If you’re a normal person (I’m not, and I don’t know any, but I heard they do exist), then you’re wondering just what, exactly, is Dublin Core? No, it’s not an Irish porno movie, but rather, it’s a simple resource description record that has come to be known as the Dublin Core Metadata element set, or rather, Dublin Core.

Thanks to a considerate reader, we now know how it got its name. Dublin Core is the core set of metadata elements which were identified by a working group (comprised of experts drawn from the library and Internet communities) which met in Dublin, Ohio.

Dublin Core was designed with several issues in mind, namely to:

* enable search engines to filter by standard fields, i.e. date and author
* Browsers could have the ability to display metadata fields in a separate window
* enhance cross-collection, repurposing and integrating of content
* enhance site management, as old pages may be located more easily, etc.

Rating is basically the same thing as PICS-Label, and can be used for the same purpose, but PICS-Label is recommended over rating, as it is currently recognized by more software than rating, although it couldn’t hurt to use both.

Many of the obscure META tags are produced by HTML authoring software. Microsoft Word supports a number of META attributes in its HTML export option, and if you create a document with Internet Assistant, FrontPage, etc, you’ll notice that they automatically insert certain META tags, such as Generator, Content-Type, etc. into the Web page source. Other META tags are organization or search engine specific. The RDU Metadata search engine uses many such tags, including: contributor, custodian, east_bounding_coordinate, north_bounding_coordinate and others. Other obscurities are government META tags, useful only if you are within a government intranet or system.

But then
Statistics show that only about 21% of Web pages use keyword and description META tags. If you use them and your competitor doesn’t, that’s one in your favor. If your competitor is using them and you aren’t, you may now consider yourself armed with the knowledge. META tags are something that visitors to your Web site are usually not aware of, but ironically, a lot of times it was those same META tags which enabled them to find you in the first place. So for goodness’ sake, don’t tell anyone about this….let’s just keep this our own little secret (just kidding…make sure to send this URL to everyone you know!).

The Law
Before we leave the topic of META tags, keep in mind that there are several legal issues that surround the use of these tags on your Web site. Danny Goodman, editor of SearchEngineWatch, has put together a page detailing the lawsuits brought on revolving around META tags. At the present time there have already been at least five such suits, mainly focused on sites that utilized someone else’s keywords within their META tags. The largest of these suits brought a settlement of $3 million dollars. Bottom line: use your own keywords, and definitely not words that someone else has a copyright on.

• Leave a comment... (0)

Asynchronous JavaScript and XML (AJAX) is not a technology in itself, but is a term that describes a "new" approach to using a number of existing technologies together, including: HTML or XHTML, Cascading Style Sheets, JavaScript, The Document Object Model, XML, XSLT, and the XMLHttpRequest object. When these technologies are combined in the AJAX model, web applications are able to make quick, incremental updates to the user interface without reloading the entire browser page. This makes the application faster and more responsive to user actions.

Advantages of AJAX

Bandwidth usage

By generating the HTML locally within the browser, and only bringing down JavaScript calls and the actual data, Ajax web pages can appear to load relatively quickly since the payload coming down is much smaller in size, and the rest of the layout does not have to be redrawn on each update. An example of this technique is a large result set where multiple pages of data exist. With Ajax, the HTML of the page (e.g., a table structure with related TD and TR tags) can be produced locally in the browser and not brought down with the first page of the document. In addition to "load on demand" of contents, some web-based applications load stubs of event handlers and then load the functions on the fly. This technique significantly cuts down the bandwidth consumption for web applications. On the other hand, Ajax works on the client and shares some work of server, so that reduces the server load.

Separation of data, format, style, and function

A less specific benefit of the Ajax approach is that it tends to encourage programmers to clearly separate the methods and formats used for the different aspects of information delivery via the web. Although Ajax can appear to be a jumble of languages and techniques, and programmers are free to adopt and adapt whatever works for them, they are generally propelled by the development motive itself to adopt separation among the following:

1. Raw data or content to be delivered, which is normally embedded in XML and sometimes derived from a server-side database.
2. Format or structure of the webpage, which is almost always built in HTML or XHTML and is then reflected and made available to dynamic manipulation in the DOM.
3. Style elements of the webpage: everything from fonts to picture placement are derived by reference to embedded or referenced CSS.
4. Functionality of the webpage, which is provided by a combination of:
1. Javascript on the client browser (Also called DHTML),
2. Standard HTTP and XMLHttp or client-to-server communication, and
3. Server-side scripting and/or programs using any suitable language preferred by the programmer to receive the client’s specific requests and respond appropriately.

Disadvantages of AJAX

Browser integration

The dynamically created page does not register itself with the browser history engine, so triggering the "Back" function of the users’ browser might not bring the desired result.

Developers have implemented various solutions to this problem. These solutions can involve using invisible IFRAMEs to invoke changes that populate the history used by a browser’s back button. Google Maps, for example, performs searches in an invisible IFRAME and then pulls results back into an element on the visible web page. The World Wide Web Consortium (W3C) did not include an IFRAME element in its XHTML 1.1 Recommendation; the Consortium recommends the object element instead.

Another issue is that dynamic web page updates make it difficult for a user to bookmark a particular state of the application. Solutions to this problem exist, many of which use the URL fragment identifier (the portion of a URL after the ‘#’[7][8]) to keep track of, and allow users to return to, the application in a given state. This is possible because many browsers allow JavaScript to update the fragment identifier of the URL dynamically, so that Ajax applications can maintain it as the user changes the application’s state. This solution also improves back-button support. It is not, however, a complete solution.

Response-time concerns

Network latency — or the interval between user request and server response — needs to be considered carefully during Ajax development. Without clear feedback to the user,[9] preloading of data and proper handling of the XMLHttpRequest object, users might experience delays in the interface of the web application, something which they might not expect or understand. Additionally, when an entire page is rendered there is a brief moment of re-adjustment for the eye when the content changes. The lack of this re-adjustment with smaller portions of the screen changing makes the latency more apparent. The use of visual feedback (such as throbbers) to alert the user of background activity and/or preloading of content and data are often suggested solutions to these latency issues.

Search engine optimization

Websites that use Ajax to load data which should be indexed by search engines must be careful to provide equivalent Sitemaps data at a public, linked URL that the search engine can read, as search engines do not generally execute the JavaScript code required for Ajax functionality. This problem is not specific to Ajax, as the same issue occurs with sites that provide dynamic data as a full-page refresh in response to, say, a form submit (the general problem is sometimes called the hidden, or deep web).

Reliance on JavaScript and the DOM

Ajax relies on JavaScript and the browser’s Document Object Model (DOM), which are often implemented differently by different browsers or versions of a particular browser. Because of this, sites that use JavaScript may need to be tested in multiple browsers to check for compatibility issues. It’s common to see JavaScript code written twice, one part for IE, another part for Mozilla compatibles, although this is less true with the release of IE7 and with the now-common use of JavaScript abstraction libraries like the Prototype JavaScript Framework or Jquery. Such libraries abstract browser-specific differences from the web developer.

The level of IDE support for JavaScript used to be poor, although it is changing with more wide-spread use of tools like firebug, IE Developer Toolbar and Venkman.

An issue also arises if the user has switched off JavaScript support in the browser, thus disabling the functionality built into the pages.

Web analytics

Many web analytics solutions are based on the paradigm of a new page being loaded whenever new or updated content is displayed to the user, or to track a series of steps in a process such as a check-out. Since Ajax alters this process, care must be taken to account for how to instrument a page or a portion of a page so that it can be accurately tracked. Analytics systems which allow for the tracking of events other than a simple page view, such as the click of a button or link, are the ones most likely to be able to accommodate a site which heavily utilizes Ajax.

• Leave a comment... (0)

Recently, i have seen a buzz about various frameworks available for PHP. If you have not used a framework and planning to use one, step back, first evaluate your requirements. All frameworks despite being promoted as a rapid application development tool, consider the learning curve that may take place. Learning curve varies for each application framework. If you are doing a one off application, it will be better to do a customize application on your own. You may be able to produce a workable, efficient and lean application faster than when using a framework. If however, your requirement is using this application every in every project that you will be engaging into, then fine, go to frameworks and it will save you development in the long term.

Rasmus Lerdorf (creator of the PHP programming language) is actually against using frameworks in his blog, The-no-framework-PHP-MVC-framework. Rasmus quoted in his blog "…I just happen find most of them too complex for my needs and this is a proposed alternative…". Even Rasmus accepts that fact that frameworks are too complex and argued that the same could be achieved in PHP without using additional external layers. Rasmus provided an example using Yahoo! Application.

Manuel Lemos (PHP Classes) in his blog, Recommended PHP Frameworks (Recommended-PHP-frameworks) provided an advice on what criteria is relevant when choosing a framework that addresses the needs of each PHP developer. He also explained why certain frameworks seem very popular while others are not getting as much attention as their developers hoped. Finally, Manuel Lemos mentioned a long list of packages and tools that make up the framework that is used to implement the PHPClasses site.

Frameworks are always considered as rapid application development tools which make frameworks very appealing at the first instance. However, as Rasmus said in his blog, nobody will build your application for you no matter what the framework promises. Instead you might end up fixing mistakes for the framework instead of spending your time building a lean and reusable pattern that fits your requirements directly.

Here is the list of various PHP Frameworks (All are suitable for particular need but none is viable for all situations)

1. PHP on Trax Strictly follows Ruby on Rails syntax and functionality but written in php5. Originally called PHP on Rails.
2. Agavi an open-source, LGPL licensed MVC framework for creating applications written using PHP5.
3. Akelos PHP Framework a Ruby on Rails port to PHP4/5.
4. BareBonesMVC A one-file, no-configuration, MVC framework for PHP5.
5. CakePHP webapplication framework modeled after the concepts of Ruby on Rails.
6. CodeIgniter A PHP MVC framework.
7. DragonPHP MVC2 Framework for PHP 5.
8. Fusebox Framework for building ColdFusion and PHP web applications.
9. FUSE A powerful but easy-to-use PHP 5 Framework for MVC development
10. KohanaPHP A powerful, lightweight, easily extendable PHP 5 MVC Framework.
11. LightVC Lightweight PHP 5 Strict MVC Framework with decoupling of Model and other non-View-Controller essentials to promote code reuse.
12. Odin Assemble Small footprint PHP based MVC Framework.
13. phpHtmlLib MVC based OO framework compatible with PHP4 and PHP5 licensed under GNU LGPL.
14. phpXCore A MVC design pattern based PHP content management framework compatible with PHP4 and PHP5.
15. PRADO A PHP 5 MVC framework.
16. SilverStripe contains a fully fledged PHP 5.2 ORM/MVC Framework focused on building websites.
17. Solar PHP 5 framework Solar is a PHP 5 framework for rapid application development. It is fully name-spaced and uses enterprise application design patterns, with built-in support for localization and configuration at all levels.
18. OnPHP onPHP is the mature GPL’ed multi-purpose object-oriented PHP framework (plus c-module)
19. Switch board with Routing PHP 5 MVC Framework with Routing.
20. Symfony Framework PHP 5 MVC Framework.
21. TinyMVC Framework Framework Simple and lightweight PHP5 MVC (Model-View-Controller) framework.
22. TYPO3 extension library lib/div PHP 4/5 MVC framework for TYPO3 extension development
23. Qcodo is an open-source PHP 5 web application framework
24. Zend Framework A PHP 5-based MVC framework.
25. ZNF PHP5 MVC framework for enterprise web applications
26.Zoop Framework A Mature PHP 4/5 MVC framework.

• Leave a comment... (1)

Model-view-controller (MVC)

is an architectural pattern, which at the same time is also a Multitier architecture, used in software engineering. In complex computer applications that present a large amount of data to the user, a developer often wishes to separate data (model) and user interface (view) concerns, so that changes to the user interface will not affect data handling, and that the data can be reorganized without changing the user interface. The model-view-controller solves this problem by decoupling data access and business logic from data presentation and user interaction, by introducing an intermediate component: the controller.

MVC Pattern description

It is common to split an application into separate layers: presentation (UI), domain logic, and data access. In MVC the presentation layer is further separated into view and controller. MVC encompasses more of the architecture of an application than is typical for a design pattern.

Model
The domain-specific representation of the information that the application operates. Domain logic adds meaning to raw data (e.g., calculating whether today is the user’s birthday, or the totals, taxes, and shipping charges for shopping cart items).
Many applications use a persistent storage mechanism (such as a database) to store data. MVC does not specifically mention the data access layer because it is understood to be underneath or encapsulated by the Model.
View
Renders the model into a form suitable for interaction, typically a user interface element. Multiple views can exist for a single model for different purposes.
Controller
Processes and responds to events, typically user actions, and may invoke changes on the model.

MVC is often seen in web applications, where the view is the actual HTML page, and the controller is the code that gathers dynamic data and generates the content within the HTML. Finally, the model is represented by the actual content, usually stored in a database or XML files.

Though MVC comes in different flavors, control flow generally works as follows:

1. The user interacts with the user interface in some way (e.g., presses a button).
2. A controller handles the input event from the user interface, often via a registered handler or callback.
3. The controller accesses the model, possibly updating it in a way appropriate to the user’s action (e.g., controller updates user’s Shopping cart).
4. A view uses the model (indirectly) to generate an appropriate user interface (e.g., the view produces a screen listing the shopping cart contents). The view gets its own data from the model. The model has no direct knowledge of the view.
5. The user interface waits for further user interactions, which begins the cycle anew.

By decoupling models and views, MVC helps to reduce the complexity in architectural design, and to increase flexibility and reuse.

• Leave a comment... (0)

Good and Evil of PHP

Generally, clients and developers are using many different programming languages to facilitate the needs of their customers and their applications. These applications include shopping carts, forums, content management system, blogs, and community portals. Over time you can see trends develop and fall in what types of applications are most popular and what languages are used most to write these applications. Some languages are popular for a while by both programmers and end users and then the popularity diminishes leaving only the hardcore developers. One language, however, that still maintains its popularity from end users to developers alike is PHP.

PHP (PHP HyperText Preprocessor) was first released in 1995 however, PHP 3.0, released in 1997, is the first version of PHP which can be considered an ancestor to today’s version. PHP 3.0 offered new features such as the ability to easily connect to different database types, API’s for ease of programming and many tie-ins to other popular functions and applications known as modules or extensions. With PHP 3.0’s object oriented nature, developers were able to easily build applications for the masses. By the end of 1998 PHP was installed on over 10% of the servers on the Internet. The most common version of PHP, PHP 4.0 was released officially in 2000. This version was rewritten from the ground up, building a new and more powerful core that could handle many different functions including sessions, output buffering, and advanced security features, as well as, wider support for web servers. This improvement in the core allowed more powerful, interactive applications to be developed with the ability to port them across numerous web servers. Today PHP is used by millions of sites worldwide due to its ease of use and ability to develop powerful, feature rich applications. According to Netcraft’s April 2006 PHP usage report over 20 million domains on the web use PHP in some form. TIOBE publishes a programming community index in which languages are ranked by developer popularity. This index shows that PHP is 4th in developer popularity, up from 5th place this time last year, so PHP is clearly on the rise, and with PHP5 gaining more support both from developers and end users, it shows no signs of slowing down.

However, there is an ugly side to PHP and its rise over the years. With PHP’s immense popularity and accessibility to inexperienced website owners through pre-built scripts and do-it-yourself auto-installers, it will come as no surprise that PHP coded applications are a favorite target of hackers and script kiddies. It does not help that PHP has regularly had numerous vulnerabilities and exploitable function throughout its life. These vulnerabilities, due to PHP’s popularity, are magnified as the exploitation of them spread like wildfire from one server to the next by automated attacks searching for the vulnerabilities. These vulnerabilities and the resulting attacks have long been a headache for web hosts trying to keep their servers from getting attacked or being hacked. In addition to the vulnerabilities, PHP has functions such as fopen(), include(), and exec() which in and of themselves are great tools for building dynamic applications. However when code is not written properly, a hole in which these functions can be exploited emerges, allowing script kiddies and what would normally be considered other low level attacks to run DOS attacks, PHP Shells, download exploits and execute other malicious code from your server that might otherwise be fairly secure. The wonderful nature and ease of deployment with PHP that does so much good, is the same reason that it’s a common tool for evil. One with malicious intent does not need high level experience or heightened permissions in order to inflict harm upon your systems. So what can you do to protect your servers and possibly you business before it gets hit by an attack?

PHP’s default installation is pretty liberal on what it allows out of the box and could use some tweaking for security. However PHP only really offers the “safe mode” option which essentially locks the PHP installation down and restricts users from using most functions, which is a difficult proposition for shared hosts wanting to allow their clients some flexibility and control of their code. Therefore you have to take a different approach to security. What is seen that the layered security model is much more effective compared to a “fix it all” application that you can buy, and most other methods.

The first thing we recommend is that if you are a developer or coder, make sure the code you write is secure. If you are a messy coder who just codes without thinking about the implications of your code, there are resources out there to help you. The PHP Security Consortium is an international organization of PHP experts that are dedicated to researching and publishing vulnerabilities, how to avoid them and other pertinent articles. For developers, there are other resources out there for you as well that are worth looking into. One of the easiest to use is the Writing Secure PHP Cheat Sheet located at http://www.ilovejackdaniels.com/php/writing-secure-php/ and is a great desk companion for when you are writing code. It takes a down to earth look at many of the coding practices that cause PHP vulnerabilities that have given web hosts and users many headaches. As a developer, you must be mindful of what you are doing and think about the possibility that your code could at some time be compromised. Web hosts and server administrators know they can not anticipate what every client will do with PHP, and for this reason, it is only the first line of defense. However, education and regular updates on writing secure code and new vulnerabilities can go a long way.

Secondly, we recommend securing your system in a layered manner if you can, or use a web host that does. If you are unsure what your current web host does for security you can use this article as a basis of questions for them. The following are steps which can be followed to increase security and stability related to PHP by significantly measurable margins, and has helped reduce PHP security related incidents.

1. If you are not already subscribed, you should subscribe to the Security Focus newsletter. Not only do vulnerabilities for PHP get listed but other vulnerabilities pertaining to your entire server.
2. Regularly visit the PHP Security Consortium Website, it may be primarily for developers however web hosts and server administrators should be aware of many vulnerabilities so you can explain them to your customers. Education in many cases can be the key.
3. Setup a PHP security FAQ for those customers who do their own coding and for those customers who have developers. The Open Web Application Security Project has published a top ten PHP security blunders article which is a good start for a FAQ. (http://www.sklar.com/page/article/owasp-top-ten)
4. Implement a firewall solution. This can be either a software firewall or a hardware firewall. For a software firewall we recommend APF. Use both Cisco PIX hardware firewalls and software for added layering. This step will help out for other general security issues as well. In addition, a firewall is great for blocking sniffers when found as they tend to cause increases in load and resource consumption even if they ultimately do not find a vulnerability on your system. Closing off all unused access points and changing the way you connect to the ones you do use is always a good security idea.
5. Implement an intrusion detection package like BFD which will work with APF software firewall and will automatically block suspect IP’s.
6. Implement Mod Security for your Apache based web servers. Mod_security is a life saver in combating vulnerabilities, especially with the many PHPBB vulnerabilities that have existed in the past. Got Root has many custom rules that you can download and use to help protect the server.
7. In php.ini disable allow_url_fopen and only allow it on a per user basis so that you can control who uses this. Some shared hosting clients may take issue with this, but once the ramifications are explained, the vast majority is supportive. Ultimately, system administrators, clients and users want stability.
8. Restrict access to functions like phpinfo, dl, readfile, and exec.
9. Setup and configure Open BaseDir for your server users.
10. Ensure temporary directories such as /tmp and /var/tmp will not allow execution of scripts that could be created there due to insecure PHP code.
11. Disable register_globals in php.ini. If a customer needs this for their scripts to function it can be enabled on a per account basis.
12. Disable access to binaries on your system. By default, PHP allows an application to access any binary on the system through the system() and exec() functions. In many cases a web host cannot just disable access to these functions without breaking an application or two. However there are creative ways in which a system administrator can limit the binaries which PHP can see, thus reducing the number of binaries allowed to those that the system administrator wants to allow.

With the above steps you should be able to curb many of the most common and some not so common vulnerabilities that web hosts will encounter when customers use PHP scripts. Therefore its recommended that implementing them in your environment will ease frustration and increase security.

A new battlefront is beginning to grow with the spread of PHP5 outside of the development community into the mainstream arena. Although PHP5 is developed to take object oriented programming to the next level, allowing developers to write cleaner, friendlier and more optimized code, this does not mean that applications without holes will always be created. Just as with any new software version, there are going to be new hurdles, holes and problems to overcome. However, you are lucky due to the fact that the php.ini for PHP5 is not greatly changed so many of these processes can be duplicated in PHP5 allowing you to start securing even the newest PHP versions to a more suitable level.

Remember security isn’t something you can just tack on; it’s a team effort involving users, developers, administrators and providers. If it is not integrated into the design of your overall processes and continually looked at, you are seriously increasing your risk of being attacked. That could mean potential disaster for you and your business.

• Leave a comment... (0)

To be a good SEO you need to know a lot of things and to be a professional SEO you need to know them well.

Let’s just list the things that are considered as a good SEO must know:

HTML

As an SEO, knowing HTML is a must. You need to see and understand how the search engines are reading the source code of the web pages. If you can produce nice web sites in Notepad and type HTML without looking at the keyboard then it’s good enough.

CSS

You don’t need to be a CSS-expert but you need to know all the basics fluently. Tasks can include transforming a JS menu to a CSS menu. Styling heading tags is a daily routine.

Web Design / Web Development

You should be able to produce nice web sites from scratch without help. At least a basic knowledge is needed and you can outsource the design tasks and use CMS‘es for your or your clients sites. To be honest, I myself suck at graphics. That’s the major reason why there are no images on this site. But you don’t really need graphics in your SEO work.

How search engines work

You need to know how search engines rank pages. That’s a simple sentence but you need to observe, study and test until you know and have a good grasp on how it works. It is a plus if you also know the differences between the major search engines in their ranking algorithms.

Keyword Research

You need to know how to find the best keywords by looking at popularity, competitiveness and relevance. This includes working with KEI.

Trust with Google

A basic understanding is required on what the sandbox is (a kind of filter) and is not (penalty for all new sites) and you need to know some basic things on how a site can gain more trust (trusted links etc.).

Knowing and understanding on-page factors

When you review or build a site you should have a checklist to tick off all the on-page factors (perhaps this will help). You should also know which CMSes are the best to use for different purposes.

Ability to write and craft link baits

A good SEO is a also a good writer. If you cannot write you cannot improve a web sites copy, make good guides, articles and other good content which serves as link baits. A good writer can get links much more easily and if you despise writing perhaps you should look for another job.
Basic knowledge of the social networks

With link baits you work with social networks (digg, reddit, furl, del.icio.us, netscape etc.) and you need to know the basics on how they work so that you can use them.

How to redirect pages

There is only one proper way of redirecting a page or site, the 301 redirect. You need to know how to do it in .htaccess, PHP and ASP and when to do it.
Using long-tail

The long-tail of search are all the non-competetive big volume of search queries you will get when using a lot of unique good content properly. You need to understand how this works and properly utilize it.

Handling duplicate content

Part of a SEOs job is removing duplicate content on a site. Any content that shows up same for more than 1 URL should be fixed. This includes the non-www redirect. Example with default WordPress.
Mod_rewrite with .htaccess

This is something you really need to know in order to make those clean nice URLs. A real bonus if you know how to do it on a windows server with IIS (I don’t …).

Link power and how it works (PageRank)

You need to understand such things like how link power flows through a site (so you can make good internal navigations) and how search engines uses links as a voting mechanism and how it works. This includes working with online SEO tools and querying search engines for measurements. You need to know the difference between toolbar PageRank and real PageRank and that PageRank is just one out of 100 factors used in ranking.
Link metrics

For each link there are several factors such as the anchor, link position, link relevance, age, surrounding text, C-class IPs and more. This is also important to understand when you start to build links.

Link Building methods

There are probably over 20 strategies in getting links. I listed some effective ones over here. You need to know them and know how to work with them. As an SEO it should be easy for you to get good links, links are vital for SEO.

Basic knowledge of penalties

To know what factors that can get give penalties or banning in the search engines are very important. If you don’t know these you can make big mistakes, even unintentionally.

Knowledge of and ability to set up backlink generators

As an SEO you need link power in order to power your network of sites, especially if you have many. You should have at least 5 of these running for a big network of 100 sites IMHO.

Understanding the supplemental results and know how to get out

Things like unique title and meta tags, placing big header information at the end of source code with CSS-P, deep links, better internal navigation, removing duplicate content and other factors has to be understood and used to take this action.
Basics of PHP / MySQL

Many sites are written with PHP and using MySQL. You should have a basic knowledge on how it works (in fact I know very little PHP) so that you can adjust existing code for better SEO. PHPMyAdmin can be your best friend when dealing with the database.

Statistics

Your web sites stats are a very important and useful tool, you need to understand how to use it in your SEO.

Competitive Research

You need to know what your competitors are doing, how they get their links and how well optimized their sites are. (this one was added by Lee Beirne in the comment below)

Other things

Google sitemaps, robots.txt and more.

Connections with people

If you are going big and plan to build an empire of own sites and handle a large amount of clients you should have a full list of partners, it will be needed. These includes Web Designers, Content Writers, Link Builders, Programmers, Directory Submitters, Cheap Brokers of PR 6-8 links, buddies that help you in social network sites, SEO Experts that you can ask for advice and more. But before you start to use a partner you need to know and understand the thing he is doing and test them on some of your own sites before using them on “real” work. Make sure to inspect and reject work that is not proper. The ideal is that they do the same thing you could have done but you use them to save time.

• Leave a comment... (0)

Small Business SEO Checklist:

The Do’s

1. Commit yourself to the process. SEO isn’t a one-time event. Search engine algorithms change regularly, so the tactics that worked last year may not work this year. SEO requires a long-term outlook and commitment.

2. Be patient. SEO isn’t about instant gratification. Results often take months to see, and this is especially true the smaller you are, and the newer you are to doing business online.

3. Ask a lot of questions when hiring an SEO company. It’s your job to know what kind of tactics the company uses. Ask for specifics. Ask if there are any risks involved. Then get online yourself and do your own research—about the company, about the tactics they discussed, and so forth.

4. Become a student of SEO. If you’re taking the do-it-yourself route, you’ll have to become a student of SEO and learn as much as you can.

5. Have web analytics in place at the start. You should have clearly defined goals for your SEO efforts, and you’ll need web analytics software in place so you can track what’s working and what’s not.

6. Build a great web site. I’m sure you want to show up on the first page of results. Ask yourself, "Is my site really one of the 10 best sites in the world on this topic?" Be honest. If it’s not, make it better.

7. Include a site map page. Spiders can’t index pages that can’t be crawled. A site map will help spiders find all the important pages on your site, and help the spider understand your site’s hierarchy. This is especially helpful if your site has a hard-to-crawl navigation menu. If your site is large, make several site map pages. Keep each one to less than 100 links.

8. Make SEO-friendly URLs. Use keywords in your URLs and file names, such as yourdomain.com/red-widgets.html. Don’t overdo it, though. A file with 3+ hyphens tends to look spammy and users may be hesitant to click on it. Related bonus tip: Use hyphens in URLs and file names, not underscores. Hyphens are treated as a "space," while underscores are not.

9. Do keyword research at the start of the project. If you’re on a tight budget, use the free versions of Keyword Discovery or WordTracker, both of which also have more powerful paid versions. Ignore the numbers these tools show; what’s important is the relative volume of one keyword to another. Another good free tool is Google’s AdWords Keyword Tool, which doesn’t show exact numbers.

10. Open up a PPC account. Whether it’s Google’s AdWords or Yahoo’s Search Marketing or something else, this is a great way to get actual search volume for your keywords. Yes, it costs money, but if you have the budget it’s worth the investment. It’s also the solution if you didn’t like the "Be patient" suggestion above and are looking for instant visibility.

11. Use a unique and relevant title and meta description on every page. The page title is the single most important on-page SEO factor. It’s rare to rank highly for a primary term (2-3 words) without that term being part of the page title. The meta description tag won’t help you rank, but it will often appear as the text snippet below your listing, so it should include the relevant keyword(s) and be written so as to encourage searchers to click on your listing. Related bonus tip: You can ignore the Keywords meta altogether if you’d like; it’s close to inconsequential. If you use it, put misspellings in there, and any related keywords that don’t appear on the page.

12. Write for users first. Google, Yahoo, etc., have pretty powerful bots crawling the web, but to my knowledge these bots have never bought anything online, signed up for a newsletter, or picked up the phone to call about your services. Humans do those things, so write your page copy with humans in mind. Yes, you need keywords in the text, but don’t stuff each page like a Thanksgiving turkey. Keep it readable.

13. Create great, unique content. This is important for everyone, but it’s a particular challenge for online retailers. If you’re selling the same widget that 50 other retailers are selling, and everyone is using the boilerplate descriptions from the manufacturer, this is a great opportunity. Write your own product descriptions, using the keyword research you did earlier (see #9 above) to target actual words searchers use, and make product pages that blow the competition away. Plus, retailer or not, great content is a great way to get inbound links.

14. Use your keywords as anchor text when linking internally. Anchor text helps tells spiders what the linked-to page is about. Links that say "click here" do nothing for your search engine visibility.

15. Build links intelligently. Submit your site to quality, trusted directories such as Yahoo, DMOZ, Business.com, Aviva, and Best of the web. Seek links from authority sites in your industry. If local search matters to you (more on that coming up), seek links from trusted sites in your geographic area—the Chamber of Commerce, etc. Analyze the inbound links to your competitors to find links you can acquire, too.

16. Use press releases wisely. Developing a relationship with media covering your industry or your local region can be a great source of exposure, including getting links from trusted media web sites. Distributing releases online can be an effective link building tactic, and opens the door for exposure in news search sites. Related bonus tip: Only issue a release when you have something newsworthy to report. Don’t waste journalists’ time.

17. Start a blog and participate with other related blogs. Search engines, Google especially, love blogs for the fresh content and highly-structured data. Beyond that, there’s no better way to join the conversations that are already taking place about your industry and/or company. Reading and commenting on other blogs can also increase your exposure and help you acquire new links. Related bonus tip: Put your blog at yourdomain.com/blog so your main domain gets the benefit of any links to your blog posts. If that’s not possible, use blog.yourdomain.com.

18. Use social media marketing wisely. If your small business has a visual element, join the appropriate communities on Flickr and post high-quality photos there. If you’re a service-oriented business, use Yahoo Answers to position yourself as an expert in your industry. With any social media site you use, the first rule is don’t spam! Be an active, contributing member of the site. The idea is to interact with potential customers, not annoy them.

19. Take advantage of local search opportunities. Online research for offline buying is a growing trend. Optimize your site to catch local traffic by showing your address and local phone number prominently. Write a detailed Directions/Location page using neighborhoods and landmarks in the page text. Submit your site to the free local listings services that the major search engines offer. Make sure your site is listed in local/social directories such as CitySearch, Yelp, Local.com, etc., and encourage customers to leave reviews of your business on these sites, too.

20. Take advantage of the tools the search engines give you. Sign up for Google’s webmaster Central and Yahoo’s Site Explorer to learn more about how the search engines see your site, including how many inbound links they’re aware of.

21. Diversify your traffic sources. Google may bring you 70% of your traffic today, but what if the next big algorithm update hits you hard? What if your Google visibility goes away tomorrow? Newsletters and other subscriber-based content can help you hold on to traffic/customers no matter what the search engines do. In fact, many of the DOs on this list—creating great content, starting a blog, using social media and local search, etc.—will help you grow an audience of loyal prospects and customers that may help you survive the whims of search engines.

The Don’ts

1. Don’t reply to the SEO spam you get via e-mail. You don’t need to submit to 1,000 search engines or 500 directories. You can’t buy 2,000 quality links for $50. And no reputable SEO can guarantee a number one ranking on any search engine for keywords that matter. The kind of SEO company you want to hire doesn’t send out spam.

2. Don’t wait too long to implement SEO. Whether you’re launching a new Web site or upgrading your current site, SEO considerations should be part of the discussion from day one.

3. Don’t take your decision to hire an SEO company too lightly. Hiring an SEO company is not like choosing a company to service your copy machine. Online marketing can make or break your company, so choosing a vendor should involve a lot of research and questions with the companies you’re considering.

4. Don’t hire an SEO company and then divorce yourself from the process. It’s your job to know and understand as much as possible about the strategies and tactics your SEO company will be using. If your SEO company uses high-risk tactics and your site gets caught, you’ll be the one paying the price.

5. Don’t spread your content over several domains. There are times when sub-domains or an additional domain might make sense, but those occasions should be dominated by user and content considerations, not an attempt to get multiple domains/sites listed in the SERPs. Know the pros and cons of using sub-domains and additional domains.

6. Don’t waste your time submitting your URL to search engines. The crawler-based search engines will find your site more quickly as soon as you get a link from another web site already being crawled. Search engine submission died a few years ago.

7. Don’t make your web site uncrawlable. This can result from an incorrect robots.txt file, having session IDs or too many variables in your URLs, using a convoluted navigation menu that spiders can’t (or won’t) follow, or developing an all-Flash, all-graphic, or all-AJAX site.

8. Don’t target overly general keywords. A real estate agency in Wichita has no shot at ranking for the phrase "real estate;" a lawyer in Fresno has no shot at ranking for the word "lawyer." Optimize for relevant, specific keywords that will bring targeted traffic.

9. Don’t stuff keywords in your meta tags, image alt tags, etc. That is so 1996-97. Today, it’s called spam.

10. Don’t stuff keywords in your page footer with lightly-colored or hidden text. That is so 1998-99. Today, it’s also called spam.

11. Don’t have the same title element on every page. Variety is the spice of life and, combined with relevance, is a pre-requisite to avoiding duplicate content issues and Google’s supplemental index.

12. Don’t allow both www.yourdomain.com and domain.com to resolve to your home page. Those are two separate addresses to a search engine, and that means you have the same content at two addresses. On a related note, don’t link to your home page with a URL like www.yourdomain.com/index.html—that’s also a separate address from www.yourdomain.com and will also look like duplicate content.

13. Don’t ignore usability. Things like proper site structure, logical navigation, descriptive link text, etc., are good for both users and search engine spiders.

14. Don’t give up on creating great content because you think your customers don’t need or want it, or because your product or service doesn’t lend itself to great content. No matter what business you’re in, you can add great (linkable) content to your web site. A glossary is an easy way to create a page of great, keyword-rich content. Also consider a frequently asked questions page, a testimonials page, how to articles, product support manuals and so on.

15. Don’t develop an unbalanced link profile. Too many small business owners, knowing links are important, immediately begin trading links with any and every site they can find. Not a good idea. Reciprocal links aren’t bad by default, but if most of your inbound links are the result of link trades, they won’t help much. Reciprocal links should only be made with quality, relevant web sites, and should only represent a fraction of your overall link profile.

16. Don’t request the same exact anchor text on all links to your site. This is an obvious sign of unnatural link building. Your link building should look natural, and varied anchor text will help.

17. Don’t plaster your link all over blog comments, guestbooks, etc. That’s called spamming, not SEO.

18. Don’t fret over keyword density. Yes, your target keyword and closely-related terms should appear in the page title, description meta tag, and page copy. No, a calculator is not an SEO tool.

19. Don’t obsess over Google PageRank. What you see in the toolbar is several months old, and doesn’t affect rankings like it used to. PageRank is now more about crawl frequency and depth, and whether a page is stored in the main index or supplemental index.

20. Don’t check your rankings every day. They’re going to change whether you look or not. Better to spend time improving your web site rather than watching it flutter up and down the SERPs.

• Leave a comment... (1)

Small Business SEO Checklist:

The Do’s

1. Commit yourself to the process. SEO isn’t a one-time event. Search engine algorithms change regularly, so the tactics that worked last year may not work this year. SEO requires a long-term outlook and commitment.

2. Be patient. SEO isn’t about instant gratification. Results often take months to see, and this is especially true the smaller you are, and the newer you are to doing business online.

3. Ask a lot of questions when hiring an SEO company. It’s your job to know what kind of tactics the company uses. Ask for specifics. Ask if there are any risks involved. Then get online yourself and do your own research—about the company, about the tactics they discussed, and so forth.

4. Become a student of SEO. If you’re taking the do-it-yourself route, you’ll have to become a student of SEO and learn as much as you can.

5. Have web analytics in place at the start. You should have clearly defined goals for your SEO efforts, and you’ll need web analytics software in place so you can track what’s working and what’s not.

6. Build a great web site. I’m sure you want to show up on the first page of results. Ask yourself, "Is my site really one of the 10 best sites in the world on this topic?" Be honest. If it’s not, make it better.

7. Include a site map page. Spiders can’t index pages that can’t be crawled. A site map will help spiders find all the important pages on your site, and help the spider understand your site’s hierarchy. This is especially helpful if your site has a hard-to-crawl navigation menu. If your site is large, make several site map pages. Keep each one to less than 100 links.

8. Make SEO-friendly URLs. Use keywords in your URLs and file names, such as yourdomain.com/red-widgets.html. Don’t overdo it, though. A file with 3+ hyphens tends to look spammy and users may be hesitant to click on it. Related bonus tip: Use hyphens in URLs and file names, not underscores. Hyphens are treated as a "space," while underscores are not.

9. Do keyword research at the start of the project. If you’re on a tight budget, use the free versions of Keyword Discovery or WordTracker, both of which also have more powerful paid versions. Ignore the numbers these tools show; what’s important is the relative volume of one keyword to another. Another good free tool is Google’s AdWords Keyword Tool, which doesn’t show exact numbers.

10. Open up a PPC account. Whether it’s Google’s AdWords or Yahoo’s Search Marketing or something else, this is a great way to get actual search volume for your keywords. Yes, it costs money, but if you have the budget it’s worth the investment. It’s also the solution if you didn’t like the "Be patient" suggestion above and are looking for instant visibility.

11. Use a unique and relevant title and meta description on every page. The page title is the single most important on-page SEO factor. It’s rare to rank highly for a primary term (2-3 words) without that term being part of the page title. The meta description tag won’t help you rank, but it will often appear as the text snippet below your listing, so it should include the relevant keyword(s) and be written so as to encourage searchers to click on your listing. Related bonus tip: You can ignore the Keywords meta altogether if you’d like; it’s close to inconsequential. If you use it, put misspellings in there, and any related keywords that don’t appear on the page.

12. Write for users first. Google, Yahoo, etc., have pretty powerful bots crawling the web, but to my knowledge these bots have never bought anything online, signed up for a newsletter, or picked up the phone to call about your services. Humans do those things, so write your page copy with humans in mind. Yes, you need keywords in the text, but don’t stuff each page like a Thanksgiving turkey. Keep it readable.

13. Create great, unique content. This is important for everyone, but it’s a particular challenge for online retailers. If you’re selling the same widget that 50 other retailers are selling, and everyone is using the boilerplate descriptions from the manufacturer, this is a great opportunity. Write your own product descriptions, using the keyword research you did earlier (see #9 above) to target actual words searchers use, and make product pages that blow the competition away. Plus, retailer or not, great content is a great way to get inbound links.

14. Use your keywords as anchor text when linking internally. Anchor text helps tells spiders what the linked-to page is about. Links that say "click here" do nothing for your search engine visibility.

15. Build links intelligently. Submit your site to quality, trusted directories such as Yahoo, DMOZ, Business.com, Aviva, and Best of the web. Seek links from authority sites in your industry. If local search matters to you (more on that coming up), seek links from trusted sites in your geographic area—the Chamber of Commerce, etc. Analyze the inbound links to your competitors to find links you can acquire, too.

16. Use press releases wisely. Developing a relationship with media covering your industry or your local region can be a great source of exposure, including getting links from trusted media web sites. Distributing releases online can be an effective link building tactic, and opens the door for exposure in news search sites. Related bonus tip: Only issue a release when you have something newsworthy to report. Don’t waste journalists’ time.

17. Start a blog and participate with other related blogs. Search engines, Google especially, love blogs for the fresh content and highly-structured data. Beyond that, there’s no better way to join the conversations that are already taking place about your industry and/or company. Reading and commenting on other blogs can also increase your exposure and help you acquire new links. Related bonus tip: Put your blog at yourdomain.com/blog so your main domain gets the benefit of any links to your blog posts. If that’s not possible, use blog.yourdomain.com.

18. Use social media marketing wisely. If your small business has a visual element, join the appropriate communities on Flickr and post high-quality photos there. If you’re a service-oriented business, use Yahoo Answers to position yourself as an expert in your industry. With any social media site you use, the first rule is don’t spam! Be an active, contributing member of the site. The idea is to interact with potential customers, not annoy them.

19. Take advantage of local search opportunities. Online research for offline buying is a growing trend. Optimize your site to catch local traffic by showing your address and local phone number prominently. Write a detailed Directions/Location page using neighborhoods and landmarks in the page text. Submit your site to the free local listings services that the major search engines offer. Make sure your site is listed in local/social directories such as CitySearch, Yelp, Local.com, etc., and encourage customers to leave reviews of your business on these sites, too.

20. Take advantage of the tools the search engines give you. Sign up for Google’s webmaster Central and Yahoo’s Site Explorer to learn more about how the search engines see your site, including how many inbound links they’re aware of.

21. Diversify your traffic sources. Google may bring you 70% of your traffic today, but what if the next big algorithm update hits you hard? What if your Google visibility goes away tomorrow? Newsletters and other subscriber-based content can help you hold on to traffic/customers no matter what the search engines do. In fact, many of the DOs on this list—creating great content, starting a blog, using social media and local search, etc.—will help you grow an audience of loyal prospects and customers that may help you survive the whims of search engines.

The Don’ts

1. Don’t reply to the SEO spam you get via e-mail. You don’t need to submit to 1,000 search engines or 500 directories. You can’t buy 2,000 quality links for $50. And no reputable SEO can guarantee a number one ranking on any search engine for keywords that matter. The kind of SEO company you want to hire doesn’t send out spam.

2. Don’t wait too long to implement SEO. Whether you’re launching a new Web site or upgrading your current site, SEO considerations should be part of the discussion from day one.

3. Don’t take your decision to hire an SEO company too lightly. Hiring an SEO company is not like choosing a company to service your copy machine. Online marketing can make or break your company, so choosing a vendor should involve a lot of research and questions with the companies you’re considering.

4. Don’t hire an SEO company and then divorce yourself from the process. It’s your job to know and understand as much as possible about the strategies and tactics your SEO company will be using. If your SEO company uses high-risk tactics and your site gets caught, you’ll be the one paying the price.

5. Don’t spread your content over several domains. There are times when sub-domains or an additional domain might make sense, but those occasions should be dominated by user and content considerations, not an attempt to get multiple domains/sites listed in the SERPs. Know the pros and cons of using sub-domains and additional domains.

6. Don’t waste your time submitting your URL to search engines. The crawler-based search engines will find your site more quickly as soon as you get a link from another web site already being crawled. Search engine submission died a few years ago.

7. Don’t make your web site uncrawlable. This can result from an incorrect robots.txt file, having session IDs or too many variables in your URLs, using a convoluted navigation menu that spiders can’t (or won’t) follow, or developing an all-Flash, all-graphic, or all-AJAX site.

8. Don’t target overly general keywords. A real estate agency in Wichita has no shot at ranking for the phrase "real estate;" a lawyer in Fresno has no shot at ranking for the word "lawyer." Optimize for relevant, specific keywords that will bring targeted traffic.

9. Don’t stuff keywords in your meta tags, image alt tags, etc. That is so 1996-97. Today, it’s called spam.

10. Don’t stuff keywords in your page footer with lightly-colored or hidden text. That is so 1998-99. Today, it’s also called spam.

11. Don’t have the same title element on every page. Variety is the spice of life and, combined with relevance, is a pre-requisite to avoiding duplicate content issues and Google’s supplemental index.

12. Don’t allow both www.yourdomain.com and domain.com to resolve to your home page. Those are two separate addresses to a search engine, and that means you have the same content at two addresses. On a related note, don’t link to your home page with a URL like www.yourdomain.com/index.html—that’s also a separate address from www.yourdomain.com and will also look like duplicate content.

13. Don’t ignore usability. Things like proper site structure, logical navigation, descriptive link text, etc., are good for both users and search engine spiders.

14. Don’t give up on creating great content because you think your customers don’t need or want it, or because your product or service doesn’t lend itself to great content. No matter what business you’re in, you can add great (linkable) content to your web site. A glossary is an easy way to create a page of great, keyword-rich content. Also consider a frequently asked questions page, a testimonials page, how to articles, product support manuals and so on.

15. Don’t develop an unbalanced link profile. Too many small business owners, knowing links are important, immediately begin trading links with any and every site they can find. Not a good idea. Reciprocal links aren’t bad by default, but if most of your inbound links are the result of link trades, they won’t help much. Reciprocal links should only be made with quality, relevant web sites, and should only represent a fraction of your overall link profile.

16. Don’t request the same exact anchor text on all links to your site. This is an obvious sign of unnatural link building. Your link building should look natural, and varied anchor text will help.

17. Don’t plaster your link all over blog comments, guestbooks, etc. That’s called spamming, not SEO.

18. Don’t fret over keyword density. Yes, your target keyword and closely-related terms should appear in the page title, description meta tag, and page copy. No, a calculator is not an SEO tool.

19. Don’t obsess over Google PageRank. What you see in the toolbar is several months old, and doesn’t affect rankings like it used to. PageRank is now more about crawl frequency and depth, and whether a page is stored in the main index or supplemental index.

20. Don’t check your rankings every day. They’re going to change whether you look or not. Better to spend time improving your web site rather than watching it flutter up and down the SERPs.

• Leave a comment... (0)

Small Business SEO Checklist:

The Do’s

1. Commit yourself to the process. SEO isn’t a one-time event. Search engine algorithms change regularly, so the tactics that worked last year may not work this year. SEO requires a long-term outlook and commitment.

2. Be patient. SEO isn’t about instant gratification. Results often take months to see, and this is especially true the smaller you are, and the newer you are to doing business online.

3. Ask a lot of questions when hiring an SEO company. It’s your job to know what kind of tactics the company uses. Ask for specifics. Ask if there are any risks involved. Then get online yourself and do your own research—about the company, about the tactics they discussed, and so forth.

4. Become a student of SEO. If you’re taking the do-it-yourself route, you’ll have to become a student of SEO and learn as much as you can.

5. Have web analytics in place at the start. You should have clearly defined goals for your SEO efforts, and you’ll need web analytics software in place so you can track what’s working and what’s not.

6. Build a great web site. I’m sure you want to show up on the first page of results. Ask yourself, "Is my site really one of the 10 best sites in the world on this topic?" Be honest. If it’s not, make it better.

7. Include a site map page. Spiders can’t index pages that can’t be crawled. A site map will help spiders find all the important pages on your site, and help the spider understand your site’s hierarchy. This is especially helpful if your site has a hard-to-crawl navigation menu. If your site is large, make several site map pages. Keep each one to less than 100 links.

8. Make SEO-friendly URLs. Use keywords in your URLs and file names, such as yourdomain.com/red-widgets.html. Don’t overdo it, though. A file with 3+ hyphens tends to look spammy and users may be hesitant to click on it. Related bonus tip: Use hyphens in URLs and file names, not underscores. Hyphens are treated as a "space," while underscores are not.

9. Do keyword research at the start of the project. If you’re on a tight budget, use the free versions of Keyword Discovery or WordTracker, both of which also have more powerful paid versions. Ignore the numbers these tools show; what’s important is the relative volume of one keyword to another. Another good free tool is Google’s AdWords Keyword Tool, which doesn’t show exact numbers.

10. Open up a PPC account. Whether it’s Google’s AdWords or Yahoo’s Search Marketing or something else, this is a great way to get actual search volume for your keywords. Yes, it costs money, but if you have the budget it’s worth the investment. It’s also the solution if you didn’t like the "Be patient" suggestion above and are looking for instant visibility.

11. Use a unique and relevant title and meta description on every page. The page title is the single most important on-page SEO factor. It’s rare to rank highly for a primary term (2-3 words) without that term being part of the page title. The meta description tag won’t help you rank, but it will often appear as the text snippet below your listing, so it should include the relevant keyword(s) and be written so as to encourage searchers to click on your listing. Related bonus tip: You can ignore the Keywords meta altogether if you’d like; it’s close to inconsequential. If you use it, put misspellings in there, and any related keywords that don’t appear on the page.

12. Write for users first. Google, Yahoo, etc., have pretty powerful bots crawling the web, but to my knowledge these bots have never bought anything online, signed up for a newsletter, or picked up the phone to call about your services. Humans do those things, so write your page copy with humans in mind. Yes, you need keywords in the text, but don’t stuff each page like a Thanksgiving turkey. Keep it readable.

13. Create great, unique content. This is important for everyone, but it’s a particular challenge for online retailers. If you’re selling the same widget that 50 other retailers are selling, and everyone is using the boilerplate descriptions from the manufacturer, this is a great opportunity. Write your own product descriptions, using the keyword research you did earlier (see #9 above) to target actual words searchers use, and make product pages that blow the competition away. Plus, retailer or not, great content is a great way to get inbound links.

14. Use your keywords as anchor text when linking internally. Anchor text helps tells spiders what the linked-to page is about. Links that say "click here" do nothing for your search engine visibility.

15. Build links intelligently. Submit your site to quality, trusted directories such as Yahoo, DMOZ, Business.com, Aviva, and Best of the web. Seek links from authority sites in your industry. If local search matters to you (more on that coming up), seek links from trusted sites in your geographic area—the Chamber of Commerce, etc. Analyze the inbound links to your competitors to find links you can acquire, too.

16. Use press releases wisely. Developing a relationship with media covering your industry or your local region can be a great source of exposure, including getting links from trusted media web sites. Distributing releases online can be an effective link building tactic, and opens the door for exposure in news search sites. Related bonus tip: Only issue a release when you have something newsworthy to report. Don’t waste journalists’ time.

17. Start a blog and participate with other related blogs. Search engines, Google especially, love blogs for the fresh content and highly-structured data. Beyond that, there’s no better way to join the conversations that are already taking place about your industry and/or company. Reading and commenting on other blogs can also increase your exposure and help you acquire new links. Related bonus tip: Put your blog at yourdomain.com/blog so your main domain gets the benefit of any links to your blog posts. If that’s not possible, use blog.yourdomain.com.

18. Use social media marketing wisely. If your small business has a visual element, join the appropriate communities on Flickr and post high-quality photos there. If you’re a service-oriented business, use Yahoo Answers to position yourself as an expert in your industry. With any social media site you use, the first rule is don’t spam! Be an active, contributing member of the site. The idea is to interact with potential customers, not annoy them.

19. Take advantage of local search opportunities. Online research for offline buying is a growing trend. Optimize your site to catch local traffic by showing your address and local phone number prominently. Write a detailed Directions/Location page using neighborhoods and landmarks in the page text. Submit your site to the free local listings services that the major search engines offer. Make sure your site is listed in local/social directories such as CitySearch, Yelp, Local.com, etc., and encourage customers to leave reviews of your business on these sites, too.

20. Take advantage of the tools the search engines give you. Sign up for Google’s webmaster Central and Yahoo’s Site Explorer to learn more about how the search engines see your site, including how many inbound links they’re aware of.

21. Diversify your traffic sources. Google may bring you 70% of your traffic today, but what if the next big algorithm update hits you hard? What if your Google visibility goes away tomorrow? Newsletters and other subscriber-based content can help you hold on to traffic/customers no matter what the search engines do. In fact, many of the DOs on this list—creating great content, starting a blog, using social media and local search, etc.—will help you grow an audience of loyal prospects and customers that may help you survive the whims of search engines.

The Don’ts

1. Don’t reply to the SEO spam you get via e-mail. You don’t need to submit to 1,000 search engines or 500 directories. You can’t buy 2,000 quality links for $50. And no reputable SEO can guarantee a number one ranking on any search engine for keywords that matter. The kind of SEO company you want to hire doesn’t send out spam.

2. Don’t wait too long to implement SEO. Whether you’re launching a new Web site or upgrading your current site, SEO considerations should be part of the discussion from day one.

3. Don’t take your decision to hire an SEO company too lightly. Hiring an SEO company is not like choosing a company to service your copy machine. Online marketing can make or break your company, so choosing a vendor should involve a lot of research and questions with the companies you’re considering.

4. Don’t hire an SEO company and then divorce yourself from the process. It’s your job to know and understand as much as possible about the strategies and tactics your SEO company will be using. If your SEO company uses high-risk tactics and your site gets caught, you’ll be the one paying the price.

5. Don’t spread your content over several domains. There are times when sub-domains or an additional domain might make sense, but those occasions should be dominated by user and content considerations, not an attempt to get multiple domains/sites listed in the SERPs. Know the pros and cons of using sub-domains and additional domains.

6. Don’t waste your time submitting your URL to search engines. The crawler-based search engines will find your site more quickly as soon as you get a link from another web site already being crawled. Search engine submission died a few years ago.

7. Don’t make your web site uncrawlable. This can result from an incorrect robots.txt file, having session IDs or too many variables in your URLs, using a convoluted navigation menu that spiders can’t (or won’t) follow, or developing an all-Flash, all-graphic, or all-AJAX site.

8. Don’t target overly general keywords. A real estate agency in Wichita has no shot at ranking for the phrase "real estate;" a lawyer in Fresno has no shot at ranking for the word "lawyer." Optimize for relevant, specific keywords that will bring targeted traffic.

9. Don’t stuff keywords in your meta tags, image alt tags, etc. That is so 1996-97. Today, it’s called spam.

10. Don’t stuff keywords in your page footer with lightly-colored or hidden text. That is so 1998-99. Today, it’s also called spam.

11. Don’t have the same title element on every page. Variety is the spice of life and, combined with relevance, is a pre-requisite to avoiding duplicate content issues and Google’s supplemental index.

12. Don’t allow both www.yourdomain.com and domain.com to resolve to your home page. Those are two separate addresses to a search engine, and that means you have the same content at two addresses. On a related note, don’t link to your home page with a URL like www.yourdomain.com/index.html—that’s also a separate address from www.yourdomain.com and will also look like duplicate content.

13. Don’t ignore usability. Things like proper site structure, logical navigation, descriptive link text, etc., are good for both users and search engine spiders.

14. Don’t give up on creating great content because you think your customers don’t need or want it, or because your product or service doesn’t lend itself to great content. No matter what business you’re in, you can add great (linkable) content to your web site. A glossary is an easy way to create a page of great, keyword-rich content. Also consider a frequently asked questions page, a testimonials page, how to articles, product support manuals and so on.

15. Don’t develop an unbalanced link profile. Too many small business owners, knowing links are important, immediately begin trading links with any and every site they can find. Not a good idea. Reciprocal links aren’t bad by default, but if most of your inbound links are the result of link trades, they won’t help much. Reciprocal links should only be made with quality, relevant web sites, and should only represent a fraction of your overall link profile.

16. Don’t request the same exact anchor text on all links to your site. This is an obvious sign of unnatural link building. Your link building should look natural, and varied anchor text will help.

17. Don’t plaster your link all over blog comments, guestbooks, etc. That’s called spamming, not SEO.

18. Don’t fret over keyword density. Yes, your target keyword and closely-related terms should appear in the page title, description meta tag, and page copy. No, a calculator is not an SEO tool.

19. Don’t obsess over Google PageRank. What you see in the toolbar is several months old, and doesn’t affect rankings like it used to. PageRank is now more about crawl frequency and depth, and whether a page is stored in the main index or supplemental index.

20. Don’t check your rankings every day. They’re going to change whether you look or not. Better to spend time improving your web site rather than watching it flutter up and down the SERPs.

• Leave a comment... (0)