site reviewsToday we’ll be releasing a renewed setup for our site reviews.

For the past year, we have been limiting the slots for our site review orders to a fixed number per week. The demand for the service is overwhelming, and we would like to thank all customers for the trust you have in our expertise. And for the great responses you gave us after receiving the reviews:

Yoast, I have to say, that this was one of the best thousand bucks I’ve spent in IT – ever. What a phenomenal amount of insight and advise you’ve given us. Thanks, and I’m sure we’ll use you again on future projects.
Henry Meyne, CTO of Hoozon

We are very keen on serving you quality information that will help you improve your website, both for visitors and Google.

Over the last number of months, we realized that customers want to know everything. Not just what’s wrong, but also all that is right. We’ve had a number of responses saying ‘have you checked this or that?’. That is why we decided to open up the entire scope of things we check during a review.

Silver Review

We have set up a huge list of over 200 checks we perform for a review, and have written clear and to-the-point right and wrong chapters per check, like this:

breadcrumbs check

This means we will be able to do a more time-efficient review for your website, in which it will be very clear what we have checked and what areas need attention, in our expert opinion. Note that while the chapters in this checklist are templates, our team of experts will manually go over your website to see what’s right and wrong.

The Yoast Website Review team, from left to right: Michiel, Joost and Thijs. Annelieke is not on this picture - yet.

The reason for still doing this manually is simple: automatic checks should only be done when you are absolutely right that the check result is correct. We check the things that we feel are important for improving your website, and your rankings or user experience along with that.

WordPress websites

Yes. We do around 30 extra checks for WordPress websites. Simply because we know WordPress, publish a lot of plugins that will help you improve your website and know a lot of plugins that actually work. And of course we will also check the use and settings of the WordPress SEO plugin as well. This all as a free bonus, just because you are running WordPress.

More information about our Silver Reviews and ordering here!

Gold Review

Since e-commerce websites have more specified issues to take in account for SEO and user experience, we added quite a few extra checks (50+) in our e-commerce checklist.

These checks include specific URL structure and for instance have an extra focus on duplicate content. Conversion is also a larger part of these checks than in the regular checklist. Of course there also are a number of extra, valuable pages on e-commerce sites like product pages.

It will not be as extensive as our Conversion Review, but will give you some great insights on usual suspects for your website.

More information about our Gold Reviews and ordering here!

Platinum Review

We will also be offering an improved version of our current review: the Platinum Review. We will take more time to do that review and test more aspects of your website. We’ll be digging into SearchMetrics data much more and will not only be checking your website itself (as it was), but will be looking into for instance your link profile as well.

We will also ask for Google Analytics and Webmaster Tools access, for instance to check crawl errors and to see how your main landing pages compare to your preferred keywords.

More information about our Platinum Reviews and ordering here!

This is a major change

We hope this setup will allow our review team to help more customers, by reviewing a website in a more time efficient way. With all the Yoast knowledge we also share on this website and more.

One more thing

There is one more change. As the vast majority of our clients is from abroad (not from The Netherlands), and the euro-dollar exchange rate is more steady than it has been over the last two years, we have decided to switch back to US dollars for the reviews. As we had already done for our plugins.

Find out more or order your review now!

This post first appeared on Yoast. Whoopity Doo!

One of the easier to understand vulnerabilities is the CSRF. It’s also one of the most common issues we see in plugins and themes, because people rarely think about it.

Imagine that I have a form that takes input, like so:

<form action="http://example.com/example.php" method="GET">
<input type="text" name="demo" />
</form>

Now, that’s a simple form (and missing a submit button to boot), but you get the idea. It takes a text input. Presumably, something on the other end (at /example.php) processes that input, saves it in a database, something like that. Easy.

First question: Is this necessary?

The main question I see asked when this concept is explained to people is “why is this necessary?”. Some people believe that since you have to be logged in to access admin screens in the first place, then you can’t get to the forms and submit them. Why have all this protection and checking for a form submission when the form is hidden behind a login screen?

What you need to understand is the difference between “authority” and “intent“.

Authority

In real world cases where we are processing that input, we generally want to limit who is allowed to submit that form in some way. A plugin will want to only allow admins to change settings. A theme will only want to allow site owners to adjust the display of the site. Things of that nature. For these cases, we use methods of authentication.

There’s several ways to do this, we can check the current_user information. WordPress has capability checks for users to know what they are and are not allowed to do. When we check these, we’re verifying authority. Making sure that the user is allowed to do these things.

But something else that we need to check which most people don’t think about is intent. Did the user actually intend to submit that form, or did their browser submit it for them automatically, perhaps without their knowledge?

Examine that form again, and consider what would happen if you were to visit a webpage, anywhere on the internet, that contains this:

<img src="http://example.com/example.php?demo=pwned" />

Now, you might be thinking that this is a rather contrived example, and you’d be right on that score, but it serves to demonstrate the point. Your browser loads this URL and that is the equivalent action to submitting that form, with “pwned” as the text in question.

Here’s the kicker, all those authority checks do us no good in preventing this. You actually do have the authority to submit that form, and your browser, using your authority, just submitted it for you. Pwned, indeed.

(For those of you thinking “just use POST forms”, consider that javascript can submit POST forms. So that’s really no help.)

Intent

What we need is to verify intent. We need to know that the user submitted that form, and not just the browser doing it for them automatically.

WordPress used to do this (a looong time ago) using the referer. For those who don’t know, referer is a URL passed by your browser to indicate where a user came from. So one could check that the referer says that the form was submitted from the form’s page and not from some other page on the internet. The problem is that referer is not reliable. Some browsers have the ability for script to fake the referer. Firewalls and proxies often strip the referer out, for privacy concerns. And so forth.

Nonces

WordPress now does this using nonces. A nonce is a “number used once” in its purest form. Basically, it’s a one-time password. When we generate the form, we generate a number. When the form is submitted, we check the number. If the number is wrong or missing, we don’t allow the form to be submitted. A script cannot know the number in advance. Other sites cannot guess the number.

Now, technically, WordPress doesn’t use real nonces, because they’re not “used once”. Instead, WordPress nonces revolve on a 12 hour rotating system (where 24 hours are accepted). For any given 12 hour period, the nonce number for a given action will be the same. But it’s close enough to a real nonce to eliminate the issue, but notably it’s only for the issue of verifying intent. Don’t try to use WordPress nonces for anything else. :)

So, when we generate a form, we generate a nonce. This nonce is based on five things: site, user, time, the action being performed, and the object that the action is being performed on. Changing any of these gives us a different nonce.

Let’s say I want to delete a post. To do that, I need to know the nonce for deleting that specific post, as me, on my site, within the last 24 hours. Without that nonce, I cannot perform the action. More importantly, in order for somebody to “trick” my browser into doing it for me, they need to get that specific nonce and get my browser to load it within 24 hours. Tough to do. And even if they pull it off, they only have been able to perform that very specific action, the nonce obtained is useless for any other purpose. They don’t get any form of full control via this manner. They can’t make my browser do anything on mysite that they don’t have the nonce for.

Using nonces

So, let’s get down to brass tacks. Generating a nonce in WordPress is easy and can be done in many different ways depending on your particular needs. You might want to protect a simple link, or you might want to protect a form, or you might even need to protect a javascript ajax call.

Protecting a link can be done with wp_nonce_url(). It takes a URL and an action and adds a valid nonce onto that URL. It works like this:

$nonced_url = wp_nonce_url( $url, 'action_'.$object_id );

Here, we’re taking some URL, and adding a nonce onto it for a specific action on some specific object. This is important, actions and objects need to both be specified if there is some object being referred to. An example might be a link to delete a specific post. Such code would look like this:

wp_nonce_url( $url, 'trash-post_'.$post->ID )

The action is “trash-post” and the post being trashed has its ID number appended to that action. Thus, the nonce will let you trash that post and only that post.

On the other hand, maybe we have a form that we need to protect instead. Inside that form, we can add something like this:

wp_nonce_field( 'delete-comment_'.$comment_id );

This is the nonce for deleting a comment. It outputs a couple of form fields, like so:

<input type="hidden" id="_wpnonce" name="_wpnonce" value="1234567890" />
<input type="hidden" name="_wp_http_referer" value="/wp-admin/edit-comments.php" />

The value for the nonce will be specific to deleting that comment, on that site, by that user.

Sometimes we just need to generate the nonce directly, in no specific format. One case might be for an AJAX type call, where the data is being submitted by jQuery. In such a case, you can use the wp_create_nonce function to get just that nonce value, like so:

wp_create_nonce( 'action_'.$object_id );

For AJAX requests, you’ll want to include that nonce value in the submitted data with a name of “_ajax_nonce”. Why that particular name? Because it’s what WordPress checks when verifying the nonce. Speaking of verification:

Verifying nonces

Generating these numbers is no good if you don’t check them as well. Fortunately, WordPress makes this easy. There’s two functions to verify incoming nonces.

check_admin_referer( 'action_'.$object_id );

The name of the function refers back to the time before nonces, when this function call was checking the referer value from the browser. Nowadays, it checks nonces instead. If the _wpnonce sent back in the form does not match the action and ID here, then this function stops further processing. This is the cause of the “Are you sure you want to do this?” screen that is sometimes reported by users. To avoid getting this screen, the nonce being checked has to match.

An alternative to checking forms or links is checking ajax requests, which is why we have this function:

check_ajax_referer( 'action_'.$object_id );

This performs the same basic check, but if it fails, it returns a simple “-1″ response and then halts processing. Your AJAX javascript code can recognise that response and take appropriate action based on it.

In either case, if the nonce fails, the script exits. No action is taken. The form is not processed, the post not deleted. That’s the sort of check you need to prevent CSRF attacks.

Bottom Line

If you have a plugin or a theme or any type of code that “does something” in WordPress, then you need to protect that action with a nonce. If you’re not protecting it with a nonce, then it’s possible for somebody else to trick your browser into performing that action on your behalf.

Also, note that it’s not enough to just name the action. You generally are taking action on some specific “thing”, and the ID of that thing needs to be included in your nonce as well. The more specific the action, the better.

Any form, any action, no matter how much “authentication” you have on checking it, can be exploited, because you’re not really authenticating the “user”, you’re authenticating that it’s coming from “the user’s browser”. You need to have something else that changes regularly, so that you can verify that the user did indeed load that particular form and submit it relatively recently, and thus probably intended to perform that action.

Nonces are easy to implement. So do it already. We have enough plugins not doing it that this clearly needs to be said. :)

In our latest newsletter, we asked our readers to fill out a survey. We have never done such a thing at Yoast.com before. In this post, I will enlighten you with the purpose of our survey.

Yoast Research

Since the beginning of this year, Thijs and myself have been doing research. One day a week we are reading scientific articles in the university library and looking into new and exciting research techniques. We are currently reviewing an eyetracker and looking into possibilities to use this eyetracker in one of our next research projects.

The aim of us doing research is twofold. Our first aim is to contribute knowledge to the scientific community and to the WordPress/Webdevelopment community. We would like to explore issues of usability, conversion and website optimization and write articles aimed to be published in scientific journals. Simultaneously, we will publish our results (in a less boring format) on Yoast.com.

We have recently found out that there are in fact numerous excellent scholars already doing research in our area, but few of them share their knowledge with the online (WordPress) community. Lots of (scientific) knowledge thus does not reach the practitioners. I think that’s a waste of a lot of hard work. Why do difficult and expensive research if your results are never put to practice? Next to doing our own studies, we would therefore like to translate some of the existing research into practical posts on Yoast.com.

The second aim of us doing research is not as altruistic. Doing research is really good for our own business as well! The information we collected with last week’s survey is inspiring. This kind of research gives great insights in who our audience is, where they are from, which products they bought and which products they intend to buy. Such data is a treasure trove!

Knowing your audience!

Our first research project is aimed at getting to know our public better. It is a bit premature to present the results of our first study, so in this post I will limit myself to convince you all the importance of knowing your audience. Next to that, I will enlighten you a bit in the way you could study the audiences of your own website yourselves.

When Joost began Yoast.com it was a blog. He wrote about both WordPress as well as SEO and most of his post were rather technical. Nowadays, Yoast offers plugins, themes and online consultancy, being much more than a blog. Also, posts aren’t only technical now. Our audience has grown rapidly during the last few years. And that made the researcher in me wonder: who is our audience nowadays? Do we still appeal to a technical (nerdy) group of people? Are our customers mainly developers? Or is our audience not that technically skilled? And what consequences would that have for the marketing of our products? I could imagine that a technically skilled developer is more easily convinced of the use of one of our plugins than someone without the ability to read code. These questions were the starting point of our research.

I decided to dive in the scientific literature about usability, online purchasing behavior and (internet) experience. Previous research has irrefutably established the importance of usability and user interface on the chance people buy online (e.g. Page, Robson & Uncles, 2012; Chang & Chen, 2008). However, studies also show that the relation between usability and online purchases is mediated by the level of (internet) experience people have (Gefen, Karahanna & Straub, 2003; Castaneda, Munoz-Leiva an Luque, 2004). This means that experienced internet users thus respond differently to aspects of usability than the inexperienced ones. Different audiences have different usability needs.

Translating this scientific blabla to our own situation: It could well be that our technical experienced (nerdy) audience has other usability needs than our new, less skilled audience. Different groups could well need other things to make them buy our plugins! I would think that an audience with limited technical skills need more explanation, while a technical audience would just need our technical specifications in order to be convinced of our product. My non-nerdy background makes me think that some of our products do not appeal to new (not technically skilled) WordPress users, while they are in fact not that hard to install and use. Perhaps a shift in marketing approach is needed for this specific audience. In our survey, we put questions that will allow us to investigate upon my hypotheses. This week I will start analyzing the data and putting my hypotheses to the test. I can hardly wait!

What should you be doing?

Google Analytics gives you a huge amount of data. But you are close to clueless about most of the demographics, the intentions and desires of your audience. Knowing your audience will allow you to anticipate on their needs and desires. You could adjust your assortment based on their preferences and largely improve your conversion. You thus should do a lot to get to know your audience and increase your sales.

There are lots of packages that allow for online questionnaires. We have used Polldaddy.com for our survey and I am really satisfied with their service. They offer a free account, which will be sufficient for most small companies. What I really like about polldaddy is the way they instantly present their results. They present frequencies and percentages in an easy to grasp format. You can set up a survey that pops up when someone enters your site or you can send a survey invitation to your newsletter subscribers. You can choose open questions if you have few visitors and questions with answer categories if you have many. Just by looking at these descriptive statistics can tell you lots about your audience. Of course, pretty data just begs for advanced and sophisticated analyses. I will save that for a next post ;-)

At Yoast we are already very excited with our results (even before I started the really nice analyses). We have decided to do a survey on a yearly basis to determine the satisfaction of our customers. We would recommend all of you to do the same! Learn and profit by gaining as much information about your audience as possible. Placing a questionnaire on your website is a good first step!

I realize that this post could appear to be a bit scientific and difficult to read, but since our survey has made clear that the education level of our audience is sky-high, I’m not worried about that anymore ;-)

Literature

Castañeda, J. A., Muñoz-Leiva, F., & Luque, T. (2007). Web Acceptance Model (WAM): Moderating effects of user experience. Information & Management, 44(4), 384–396. 

Chang, H. H., & Chen, S. W. (2008). The impact of customer interface quality, satisfaction and switching costs on e-loyalty: Internet experience as a moderator. Computers in Human Behavior, 24(6), 2927–2944. 

Gefen, D., Karahanna, E., & Straub, D. W. (2003). Inexperience and experience with online stores: The importance of tam and trust. IEEE Transactions on Engineering Management, 50(3), 307–321. 

Page, K. L., Robson, M. J., & Uncles, M. D. (2012). Perceptions of web knowledge and usability: When sex and experience matter. International Journal of Human-Computer Studies, 70(12), 907–919. 

This post first appeared on Yoast. Whoopity Doo!

scared-of-wordpress

scared-of-wordpress

Let’s not fool ourselves here … WordPress is a complicated thing.

And no matter what most tutorials on the web try to say, getting a good grasp on it does take some time indeed.

Besides, if it hadn’t been complicated, I wouldn’t have been asked to write a whole book on how to work with it.

So what I want to show you today is a slightly different approach to WordPress.

Instead of being all technical, I will focus just on the part that an actual online business owner would care about.

My guess is that you don’t care that much about code, or streamlined processes, or CSS, or HTML5, or any of that stuff.

What you do care about, however, is how you can use WordPress to make running your website as easy and straightforward as possible, so you can focus on what’s really important – your actual business goals.

So this resource is a type of roadmap. You can go from station to station and take care of all the steps one by one. Also, if you have something already figured out then you can skip a given station and move on to the next one.


Things you must do

Every new WordPress site starts just about the same. Although there are tons of things you can do when setting everything up, from my point of view, there are actually only two essential elements:

  • Mastering the 5 minute install. You don’t have to hire a developer just to get your site up and running. Doing this yourself takes 5 minutes.
  • Setting proper user roles. This is something that 90 percent of people overlook when it comes to new WordPress sites. Something worth keeping in mind is that setting the correct user roles is the first thing you should do to secure your site and make your data safe.
 
 
 
start-map
 
Design

When we’re talking WordPress, design = themes.

Nowadays, it’s really ineffective to hire a designer and tell them to build you a site from the ground up. This will be awfully expensive and you get no guarantee that the results will be any good.

A much better solution is to just get a theme. However, two rules:

Two major theme stores that I can recommend are ThemeFuse (worked with them on a number of projects) and StudioPress (this site runs on a StudioPress’ theme).

Okay, but how do I choose the perfect theme and then have it installed?

Glad you’re asking!

I wrote two guest posts on ProBlogger on this very topic:

map1

Extra features

Again, when we’re talking WordPress, extra features = plugins.

Currently, there are more than 30,000 different plugins available in the official directory at wordpress.org. What this means in plain English is:

There’s surely a plugin for that.

– is how you should be thinking of extra features for your site.

Now, as much as people like to publish those “top 10 essential plugins you must get” lists, the fact is that very few of them are truly essential. And the list changes every year.

For me, there are only seven plugins that I use on every site I run, and this is something I mentioned in my book too (shoot me a message if you’d like a free chapter, by the way).

They are:

 
map4
 
 
SEO

SEO, as in Search Engine Optimization, as in “how to lose a lot of money with no results to show for.”

Okay, just joking, but the fact is that I’m not the top expert on SEO out there. That’s why I wrote this: How to learn SEO online if you’re a beginner.

map5

Running a business

This point right here is why we’re actually using WordPress on our sites – to run a business.

Quite frankly, this whole website is about this very topic, so I won’t even attempt to give you any in-the-nutshell solution. There isn’t one.

Instead, start here and dominate!

dominate

Over to you

I’m curious; do you have WordPress figured out when it comes to running your business website? Or is there anything you’re absolutely clueless about and would like to learn? Hit me up.

More cool resources just like this in your inbox.
Let’s grow our businesses together!

Head photo by freevintageposters, fireworks by bayasaa / CC BY 2.0

Here’s a Handy Roadmap for Anyone Scared of WordPress | NewInternetOrder.com

Two years ago, we wrote about why we really don’t like sliders. We still don’t like sliders. If your theme forces you to include a slider (also named carousels) on your homepage, please realize that it’s making you use a feature that has no value for SEO. A feature that is probably slowing down your site by loading extra JavaScript. And prevents your user from reading the good stuff (your content) immediately. It will most probably account for less conversion as well.

Even though both SEO experts and conversion experts agree on the fact that sliders have little use 99% of the time, website developers insist on adding sliders to their themes. Some customers refer to sliderless themes as “outdated” but we strongly disagree. Let’s make one thing very clear: sliders suck. Of course, I entitle myself to my own opinion, and you’re entitled to yours. But let me explain once more why they suck.

Science and experiments

It’s not often that science is conclusive in their findings. However, sliders seem to be one topic on which it is. There’s literally not one study that we’ve found that says sliders are a good idea. I often point people to shouldiuseacarousel.com when wanting to explain why not to use a slider. This simple website does an awesome job at showing the statistics as well as trigger the annoyance sliders usually evoke.

Sliders: better use static images or copy

Let’s look at some of the findings:

That’s just the tip of the iceberg. Over the years, many studies have shown that sliders should be avoided.

For good SEO, you need a good user experience. Learn about UX & Conversion! »

UX & Conversion from a holistic SEO perspective$ 19 - Buy now » Info

But… I need a slider!

Ok, so you’re, for instance, a photographer. You need that slider, right? Wrong. People tend to act as if there’s no other way to show their images but by sliders. This simply isn’t true. If you can’t have a slider and you’re a photographer, would you just give up having a website altogether? Of course not, you would look for other options, such as the revolutionary idea of showing static pictures. If you want moving pictures, you should change careers and become a filmmaker.

Seriously, whatever makes people think that having stuff move on your website is a good idea, ever, is still beyond me. Auto-playing videos are also annoying, right? You can create awesome collages through which people can browse at will. The pictures won’t be forced onto them (if they even notice them in the first place), they’ll just notice the ones they like. And trust me, that will sell better.

If you’re a photographer, it’s likely you’re a creative person. You probably make photo albums for people from time to time, which presumably don’t have sliding images. So how about you showcase that skill and creativity by designing your web pages with static images?

Focus

What you’re saying with a slider is basically: “I really don’t know which product or picture I should put on display on my homepage, so I’ll just grab 10 of them!” In that case, you really need to add focus. If you don’t know what to choose, how would your visitors or clients?
You should know what your own business is about and what product or picture deserves that front page spotlight.

By focusing on the right (static) image or message, you will give people a far better feel of your business, and you as a person, than a slider ever could. Not in the least because sliders, as we’ve said twice now, are simply ignored in most cases. And a message that’s ignored hardly ever comes across (notice the sarcasm).

SEO and Conversion Rate Optimization

There is another reason why we recommend against sliders. Sliders push down your main content, plain and simple. In fact, most sliders we encounter in our consultancy these days, are big enough to fill out any screen. This means the content won’t even be visible above the fold. And this backfires on your SEO efforts, which we’ve already shown through the article linked in the list of findings above.

There’s not a CRO expert that will disagree with us on this: sliders kill your conversions. So simply having a slider on your website, will get you less sales than without that slider! If that’s not a deal breaker, I seriously don’t know what is.

Just combine the two and realize what a monstrosity the slider actually is. It kills your rankings and your conversions!

Mobile websites and sliders

It’s really convenient to include a slider on a mobile website. It allows you to add more content to that page, that smaller screen, without the page becoming too long. What if people have to scroll, right? Well, quite frankly, they are used to that. That’s just one myth you can forget about. It’s not just that. Lots of times, things go wrong when using a slider on a mobile website. Some of the other pitfalls you’ll encounter when adding a slider to a mobile website:

  • Image sliders tend to load the desktop site images, not optimized for mobile speed or in fact ruining it for phones on 3g or less.
  • The same goes for sliders running on JavaScript. Why add JavaScript for something people will treat as a banner or simply skip to get to your content instead?
  • If your slider isn’t responsive, it will ruin your otherwise responsive website. This happens all too often, unfortunately.

Bottom line is that sliders might break more than they add in value for your website. But the main question you should ask yourself when using that slider on your mobile website, even if it’s responsive and optimized, is: do I really need that slider? I can’t imagine you do.

Why should you believe us?

If you don’t believe us, believe these experts who we’ve asked for their opinion and experience with sliders:

Sliders never converted and never will

“Sliders only exist because web designers love them. And because they make the life of the web team easy: they can give every department or product division a place on the homepage. And they don’t have to make choices.

But it’s not your job to make your colleagues happy. It’s your job to make your visitors happy. And to sell.
And that’s the biggest problem with sliders: they don’t convert. Never did and never will.”

Karl Gilis, Owner of AG Consult and renowned conversion expert

Use static images and copy instead

“It’s extremely rare to see sliders work. You’re better off using static images and copy.”

Peep Laja, Owner of ConversionXL.com and Markitekt


Just for portfolio displays

“I think sliders are interesting but somewhat problematic. The biggest problem I see is that if visitors are bouncing from the page in a second or two, they will never see the other options on the slider. If you use a slider for navigation, be sure the same choices are visible in static form, too. I think sliders work best for portfolio displays where several large, strong images can be displayed in the same space without impeding the visitor’s ability to navigate or determine what other content is on the site.”

Roger Dooley, Author of Brainfluence (also available on Kindle) and owner of Neurosciencemarketing.com


Sliders are distracting

“I think sliders are distracting. It’s a way to put extra crap on a page that’s typically not best for visitors. If it’s important in most cases you should just put it on the page without sliders or extra clicks.”

Hiten Shah, Co-Founder of Crazyegg and KISSMetrics


Sliders suck 99.8% of the time

“Sliders suck 99.8% of the time! We once did a test with a client where we changed their slider to a static image with 3 core benefits and lifted conversions by a nice amount.”

Bryan Eisenberg, Author of Brand Like Amazon: Even a Lemonade Stand Can Do It and Waiting For Your Cat to Bark (also available on Kindle)


Sliders are evil

“This popular design element is – for many – the go-to solution when there are more messages to put on the home page than there is room to put them. Rather than make the tough decisions that require prioritizing conversion goals, web teams turn to the rotating banner as an offer of compromise.

Sliders are absolutely evil and should be removed immediately.”

Tim Ash, CEO at SiteTuners, Author of Landing Page Optimization (also available on Kindle)


Use a static image instead

“In A/B tests, sliders tend to lose. In fact, one of the easiest ways to grow a page’s conversion rate is to remove the slider, and to replace it with a static image. If you want to be really lazy, you can just test the slider against the static version of each of the slider’s options. The static version usually wins.”

Karl Blanks, Chairman and Co-Founder of Conversion Rate Experts


Sliders deliver little to no value to the customer

“Sliders please the owner of the site, but they deliver little to no value to the customers. The reason is that we are not going to sit there and wait for your ‘movie’ to play out. I’m also not a fan of sliders because for most businesses they provide an excuse not to think about personalization and being good at giving the customer the right answer, right away.”

Avinash Kaushik, Digital Marketing Evangelist for Google, Author of Web Analytics 2.0 (Also available on Kindle)


Sliders are hardly accessible

Conversion is one thing, but from an accessibility stand, sliders suck as well. Here’s what our own Andrea has to say about this:

Though there are examples and recommendations to follow to make sliders as accessible as possible, I’ve rarely seen a fully accessible slider being used in production. Sometimes sliders are just not coded with accessibility in mind, sometimes they are but there are so many accessibility requirements to address that missing just a couple of them can be disastrous for accessibility. Interaction with keyboards and assistive technologies is so hard that static content is always preferable. It’s no coincidence that shouldiuseacarousel.com was launched by Jared Smith of WebAIM, one of the most influential and respected organizations committed to spreading out accessibility culture and developing accessible web content.

Andrea Fercia, accessibility expert at Yoast

Honestly, we could go on and on. So no matter how pretty you think sliders are, know this: sliders simply suck

Want to outrank your competitor and get more sales? Read our Shop SEO eBook! »

Shop SEO$ 25 - Buy now » Info

Epilogue

When we first published our (unchanged) opinion on sliders back in 2014,  UX designer Ian Armstrong commented that “in some cases, sliders make sense. A slider can be used effectively if it a) tells a story and b) doesn’t auto-forward.” Imagine a real estate page that has a slider for images of a house. It’s not auto-forwarding and helps you to get an idea of the entire house – it tells that story.

Ian also states that “if you properly set expectations and really stress the slider as a story mechanism, you’ll probably see a major uptick in interest.” He’s probably right, or, as Rich Page stated below that initial 2014 post: “If in doubt, TEST IT!” Most of us are used to sliders like that on real estate sites. There is always an exception to the rule, right? Although in this specific case, one might even argue if the ‘slider’ even qualifies as a slider.

Your 2 cents are welcome.

Read more: ‘eCommerce usability: the ultimate guide’ »

There are quite a few tracking features in Google Analytics for which you have to do a bit more than just implement the UA-code on your pages. One of those features is the ‘goal’. The goal is a feature in which you can track one of the following things:

  • how many people reach a designated page,
  • how many people stay on your site for a minimum amount of time,
  • how many people have viewed a minimum of pages on your website,
  • how many people have triggered an event (such as watching a video).

We’ve noticed that people are often having trouble setting up these goals in Google Analytics. Not only are they stuck on how to set them up, but also on which goals to set up. Especially the latter really requires some thought. I’ll try and take you through that thought process in this post.

Why should I make goals?

Goals give you an enormous amount of extra and valuable information. With goals you can track if people are doing on your website what you want or expect them to do. There are always multiple things that people could do that would benefit you, so tracking how many people are doing that is invaluable.

That’s not all though. When you set up goals, you have the option to set up multiple steps, if you turn the option ‘Funnel’ on:

The funnel option when setting up goals in Google Analytics

Use the funnel option

A funnel is basically the process people go through to buy one of your products, or to sign up for your newsletter. You can set up as many steps as you want, but I think the only reason to add a step is when it’s required. If a step is not required, it’s not part of your funnel, because people can also come from other pages. For instance, people will need to have viewed your page on a specific product, before they can actually add it to the cart and buy it.

But the best thing is yet to come! When you’ve set up a goal with a funnel, you can actually see how that goal is doing in the ‘Funnel Visualization’. This is a very visual and easy to understand representation of what’s happening with your goal:

As you can see, it shows how many people entered every step, how many people went through to the next step, and how many people dropped off on each step. This makes it very clear where in your funnel you can improve things. And it shows you the percentages and the overall funnel conversion rate. How’s that for useful?

Imagine this

If you have an online shop, you might have a lot of products. When this number keeps growing, it’ll be hard to keep track of the sales of each product. Setting up your goals with funnels as I’ve shown above, will give you insights into how your products are doing, as well as showing you how the related pages are doing.

You’ll be able to see if your product page is actually getting people to add that product to their cart. And when people have added the product to their cart, you’ll be able to see how many of them actually bought the product in the end. You can see all that in the Funnel Visualization. 

Want to outrank your competitor and get more sales? Read our Shop SEO eBook! »

Shop SEO€ 25 - Buy now » Info

How do I create goals?

You can create goals in the ‘Admin’ section of Google Analytics. The Admin tab is found at the bottom of your left sidebar when you’re logged in to Google Analytics. Make sure you have the right account and view selected. When you click admin, there will be three “columns”, of which the most right will look like this, this column is called ‘view’:

Then click on that red call-to-action button that says ‘+NEW GOAL’ :

Create goal in Google Analytics

You have a default of 20 goals. To get more, you need to pay, unfortunately. Clicking +NEW GOAL will give you this screen:

Step 1 Goal setup in Google Analytics

The options you can choose from speak for themselves as they come with examples of the sort of goals. You can also set up a custom goal, which sounds scarier than it actually is. Just try it ;-)

Once you’ve chosen one of the options above, the second step awaits. And that second step looks like this:

Step 2 of making goals in Google Analytics

Making a goal using ‘Destination’ allows you to make a goal for people ending up on a certain page. For instance, if you have a contact form, and your contact form has a confirmation page, you can track everyone who has been on your confirmation page.

‘Duration’ allows you to track everyone who’s spent more than the minimum amount of time you set on your website.

‘Pages/Screens per visit’ does the same thing as ‘Duration’, just with pageviews. When people hit a threshold of a minimum amount of pageviews you’ve set, that ‘ll count as a goal completion.

The ‘Event’ goal is the hardest. This requires actual coding, as events need to have been set up first. Luckily, there’s this awesome tool called Google Tag Manager that allows you to easily create events. No developer needed! Events are pretty powerful: you can track how many times a video on your website was played, for instance.

Regular expression goals

When you’re creating ‘Destination’ goals, you’ll have these options:

Goals and regular expressions

The ‘Equals to’ is simply that. The URL people visit has to exactly match the URL you put in there. So if you have any campaign variables, or a subpage, it won’t be counted towards the goal.

The ‘Begins with’ is exactly the opposite: everything beginning with the URL you fill out will be counted toward your created goal.

The hardest is the ‘Regular expression’ goal. At the same time, this is the most powerful and precise option of the three. Regular expression, or regex, is a sequence of patterns that, if you know how to use them, can be very specific in its targeting.

Let’s say you have an online store with over 20 products, so you can’t fit them all in your free Google Analytics account. What you could do is create a goal for every brand you’re selling, using regex goals. Your destination goal will simply be the confirmation page after your checkout. And, if the brand you were wanting to track was Yoast, you could add a regex line like this:

/(.*)/yoast/(.*)

This expression will simply track everything with /yoast/ in the URL. You have to be aware that every step in a regular expression goal and funnel should be written in regex. Also, be sure that your regex doesn’t match any other goals, or it will simply be counted twice.

What goals should I make?

“I have too much data!”, said no one, ever. Of course, people will be saying it from time to time, but you get my point. If not, here it is: try to make as many useful goals as you can think of. And there’s one very important word in that sentence: useful. There are literally millions of goals you could think of, but most of them will probably be completely useless for your website and/or business.

And that’s where the actual thinking comes in. You have to think about what you want your visitors to do on your website. Let me give you an example of what would be good goals for an online shop, in general:

  • A goal for every product you have in your online shop, or, if it has more than 20 products:
    • A regular expression goal for every product category/brand.
  • A goal for your newsletter signup,
  • A general goal for your sales.

Of course, you can be far more specific by tracking, for instance, how many people have viewed your product video, or how many people left a review of your product. It all comes down to thinking about what your website is for, and what you want people to do on it.

Assign value

Assign values to your goals

Assigning a value to your goals is important to be able to distinguish between your goals. If you don’t assign a value to your goals, you simply can’t see which of the goals is your most profitable goal. There are three ways in which you can assign values for your goals: actual values, average values or relative values.

Actual values

Let’s say you offer a few services, all of which have one fixed price. People can hire you for these services, and they have to pay up front. In this case you should simply assign that price as the value of each goal representing a service. That way, you can simply see how many times a goal was completed and therefore one of your services was successfully requested.

In this case, it’s important that people actually have to pay up front because otherwise you’ll run into some trouble. Because even though the prices of your services are always the same, if people don’t have to pay immediately to finish the goal (order a service), there’s always the possibility they just won’t pay.

Average values

When people don’t have to pay up front, or you offer services or products that can have different prices (such as our plugins), or the specific goal generates leads, you need to assign average values. You can calculate average values in three different ways.

  1. When the prices of your products can differ, you simply take the average order value of the last period (at least one month). This way you’ll have a general estimate of what each order will yield, on average.
  2. When people don’t pay up front, there’s always a percentage of people that simply won’t pay, even after requesting the service. You’ll have to find out what that percentage is. If your service costs $100, and 40% of the people won’t pay, your assigned value should be set to $60.
  3. Things that don’t have a direct value, such as newsletter signups or social media shares, can still earn you money in the end. This is what people call ‘lead generation’. The best way to assign relative values would be if you knew the lead conversion rates. This means you know how many social media shares, for instance, it takes to sell one of your products/services. If it’s 1%, this would mean every share of a $100 service would be worth $1.

Relative values

If you’re making goals for things that don’t actually earn you money, you can assign relative values. Relative values are simply values that show which of the goals are worth more to you. So, if you prefer people signing up for your newsletter over liking your Facebook page, you could assign the newsletter signup goal a value of 2, and your Facebook like goal a value of 1. Or, if you think twice as much is too much, you can assign them values of 3 and 2 respectively.

Obviously, we’ve made up these numbers, but it still helps you differentiating between each goal.

Doesn’t this take a lot of time?

This all depends on how big your website is, of course. However, if you own an online shop with a lot of products, the answer is simple: yes. Although it can be hard to find the time to set this all up decently and correctly, in the end it will be worth it!

Summary

So there are a few tips I have for you:

  1. Think about what you want to have goals for, especially if you’re on a free Google Analytics program: your goal space is limited;
  2. Use the funnel option. This makes the data from your goals far more insightful;
  3. If you understand regular expressions: use them. They’ll give you far more power and specificity than any of the other options;
  4. Add values to your goals so you can actually compare the performance of the goals.

Set them up!

So there’s really no excuse anymore to not set up your goals! In the end, you’ll be amazed you ever did without. And although you can make the ‘wrong’ goals, you won’t jeopardize your original data. It will only influence the data of your goals. Feel confident enough to try goals out!

Which cool goals did you set up? Let me know in the comments!

Read more: ‘Tracking your goals with Google Analytics’ »

yoast themesIt’s done! The WordPress Themes by Yoast are now finally available. This project has been over a year in the making. When Mijke joined Yoast in September 2012, we decided it’d be a good plan to use her design skills and our knowledge about optimizing WordPress sites to make themes that actually help people easily build good websites. We’ve learned a lot of things in the process of making these themes, most importantly that we’re so perfectionistic that we’d never get anything released if it wasn’t for my wife. But, we’re there.

We’re releasing 3 themes today, all of them very different but all of them share a lot of functionality too. They’re all Genesis child themes, as we believe in the Genesis framework. We’ve done “some” work on it though: we’ve fully integrated the Genesis frameworks core features and our own theme specific features with WordPress’ cores theme customizer, leading to functionality like this:

theme customizer

You can install the theme, customize it to your liking and then activate it. The screenshot above contains the Vintage theme, which is completely different from, for instance, the Versatile theme:

versatile desktop 1120x680

Shared functionality

All our themes contain a set of 8 widgets that you can use for all sorts of functionality. From easily creating mail signup forms to showing social network buttons and big call to actions. Check out the different Yoast widgets.

They also share our update code, which allows us to push updates for bug fixes, new functionality and even new color schemes. All of the themes have been built on Genesis incredibly SEO friendly core, so you can benefit from the highest standards in the industry.

More themes coming!

We intend to release a new theme every month or so, though we’ve decided to take somewhat more time for the next theme release so we have time to fix bugs that might arise. The next theme will be available around the end of March.

Flexibility while maintaining style

We’ve worked very hard to make the themes as flexible as possible, yet at the same time try and make them look good almost all the time. We’ve tried to make them all look “tailor made”, even though we’ve only named one theme as such :)

screenshot desktop 1120x680

I can keep talking about these themes, but you should just look at them, so let me encourage you to go check them out and play with their demo sites!

This post first appeared on Yoast. Whoopity Doo!

We’re expanding again. We’re looking for a junior / medior developer to help grow our rapidly expanding WordPress plugin & theme business, as well as support our consultancy & site review team with tools to automate frequent tasks.

What we’re looking for

If you’re a developer with a junior to medior level knowledge of:

  • HTML
  • CSS (including responsive design)
  • JavaScript (not just jQuery)
  • PHP

We’d love to talk to you. Of course we have some other things that’d be very cool if you knew about them, you could think about things like:

  • Version control (SVN/GIT)
  • Unit Testing
  • Continuous Integration
  • UML
  • Design Patterns

We’d prefer you speak Dutch, but the only real requirement is English. We would expect you to work out of our office in Wijchen, NL though, even though working from home 1 or 2 days a week is definitely an option. We will not consider remote workers for this job.

What we offer

You’d be working in a rapidly growing team of internet enthusiasts. We’re not just developers, we’ve also got a designer, an illustrator, several review consultants and let’s not forget our office fairy:

Team Yoast

And yes, next to your salary you’d get an avatar like that too, and you’d join in on our other benefits, a good pension plan, great lunches, lots of LEGO to play with, an annual LEGO build days and most important of all: a great learning environment.

If you’re interested, email jobs [at] yoast.com and we’ll be in touch.

This post first appeared on Yoast. Whoopity Doo!

manifesto3

Something got me thinking the other day.

The thing is, have you noticed how difficult it is to find simple and short advice on the web these days?

I mean, wherever you look, all you see are “ultimate guides” for this or that. And although I love in-depth advice as much as the next guy, it’s becoming really hard to keep up with the online world.
 

For instance, here’s the most recent guide by Neil Patel – the guide to building your blog audience.

guide

Want to take a guess at how many words it is?

arrow-down2

30,000

You know … the casual number of 30,000 words. I bet this is a nice afternoon read, provided that you don’t have a life to live and stuff to do.

But I’m not hating. Not at all. I’ve actually had a quick look at some random chapters in the guide and they do seem to provide top-notch advice and insights from the man himself.

In other words, if you have 30,000-words-worth-of-time to spare then go on, read it and then apply the advice to your blog. It will most certainly help you make it awesome.

 

(By the way, just to give you a general idea about the scale, “Lord of the Flies” by William Golding is almost exactly 60,000 words. I leave the math to you.)

 

But what if you don’t have the 30,000-words-worth-of-time? What then? Are you effectively outed from getting quality insights?

Quite frankly, you are.

At least in part.

Feel free to correct me, but most of the content I see being published on the web these days (meaning 2014) falls into one of these categories:
 

  • Ultimate guides – great for in-depth advice on a complex problem; upwards of 25,000 words.
  • Infographics – there are better and worse, but the good ones achieve the goal of showcasing data-heavy information in an understandable manner.
  • Short posts – explaining one idea in a simple manner; and not being connected to any specific big picture of things.
  • Long posts – explaining one idea that’s a bit more complex; this type of post isn’t connected to any specific big picture either.
  • Link bait – usually a gathering post where a number of experts chip in on some problem and share their advice; the idea is to then get those experts to link back to you.
  • Filler content – content created for marketing/SEO/fill-in-the-blank purpose.

 

And out of all of the above, I would say that the only type of information that’s usable in the long run is indeed the ultimate guide. The rest is just entertainment.

If you don’t believe me then just try to pay attention to your own attitude towards the next blog post you read. Ask yourself this:

  • Did I take action on it?
  • Did I make any notes and included anything new into my business?

Probably not. But that’s okay … me neither.

Ultimate guides, however, are a bit different. Whenever you’re going through one, the time investment is so significant that it simply feels bad not to do anything about it later on. Even if you end up not applying 100% of the advice, you will surely do something.

Going back to my initial question, yes, you are outing yourself if you can’t devote significant time to ultimate guides.

And this bothers me, personally.

It bothers me because I’m one of those people (also known as normal people) who don’t have time for a new 30,000-word guide every week. So whenever something new comes out, I’m like “Damn it! One more thing I have to go through!”

That’s why I’m aiming at leveling the playing field a bit. And I’m going to do it with the new series of posts coming out soon.

Instead of being just yet another online business blog, I will focus on the essential, the actionable, and the easy to grasp advice.

You can see a sample of this in my previous post – the comparison of the 5 top to-do list tools. Feel free to tell me if I achieved the goal or not, but the idea was to make that post usable even if you just have a quick glance at it and don’t actually read it.

So to make this mission clearer, I’ve just published a manifesto. The Normal People Manifesto – I call it.

In it, I explain what online business for normal people means, and what’s the first step to fight the information noise of the 21st century.

I’m also making the manifesto my new About page. I actually think that it’s one of the more important things I’ve ever published here. Jump in:

 
arrov-curve-1

manifesto2

Have You Seen the Manifesto? & Here’s Why “Online Business Advice for Normal People” Is So Scarce on the Web | NewInternetOrder.com

WP Force logoLast week we’ve acquired WordPress news site WPForce.com. Jonathan Dingman, who used to run the site, got too busy with his job and personal life to be able to keep running the site and was looking to sell it. We acquired it and will start to slowly bring it into our system. We’ve got some plans for it which we’ll slowly roll out.

The process of purchasing a site and “owning” it

Purchasing a site comes with a lot of “related” work. I’ve done it before but I thought it’d be fun to describe all the mechanics involved in a post, especially as I tried quite a few new services in this process and was actually happy with all of them so wanted to share the love.

Domain name registration / transfer

The first step was the transfer of the domain name. Jonathan had the domain registered at Namecheap, where I already held an account. I had to allow “pushing” to my account in the settings, and after that Jonathan could just push the domain into my account and we were done. Very easy. I’ve since started moving all of my domains from Moniker to Namecheap as Moniker was giving me headaches. Those of you who follow me on Twitter might have seen that that’s going far from smoothly… But that’s a story for another time.

As soon as I purchased the site I reached out to WP Engine. I had talked to them before and they really wanted us to try their managed WordPress hosting services, WPForce was the perfect opportunity. At the same time I wasn’t really looking forward to migrating a site. Luckily we had another service that we needed to try, Fantasktic:

Easy site migration with Fantasktic

Fantasktic offers a host of WordPress support services, they basically want to be the source to outsource your support work too. I think they look fantastic (pun intended) and especially the $99 site migration is something I’ll probably be referring a lot of people to. Site migrations aren’t my idea of a fun time, even though there are several plugins out there to make things easier.

The process is simple: you give them admin details and FTP for your old site and the login of your new site and they take care of the migration. You then get an email asking you to approve whether it’s all been done right, after which you can switch DNS. If needed Fantasktic can even take care of the DNS change too. I like it when a service is so simple to use I can just tell you to go to the website and follow instructions.

WP Engine’s hosting

Yoast.com itself is hosted on Synthesis, a service we love, but we try to keep an open mind where WordPress hosting is concerned. It’s just not a one-size-fits-all kind of thing. WP Engine is a direct competitor to Synthesis and other managed WordPress hosting solutions and it has a few things I like a lot about it and some things I like slightly less

Forbidden plugins

Let’s start with the one thing I like less. As soon as my site was running on WP Engine I got an email telling me the site was running two forbidden plugins. Those two plugins were YARPP and W3 Total Cache. Now I’m a big fan of W3 Total Cache, so that was a bit of a bummer. WP Engine has their own caching system though and doesn’t want you to also run a caching plugin. For a lot of users that actually makes sense. If you don’t know what you’re doing, W3 Total Cache can be quite overwhelming. WP Engine takes the thinking out of that, but in doing that disallows you to customize specific things. There’s something to be said for both ends of the story I guess.

They didn’t like YARPP, a plugin we’ve stopped promoting a while ago too, because of performance reasons. I can see why. It’s not gotten much better performance wise over the years. Unfortunately I don’t like the alternatives WP Engine offers either, but we’ll figure out how to do related posts better soon.

One click staging

WP Engine one-click stagingThe best feature of WP Engine is their one click staging functionality. You literally click one button and they copy your entire site to a staging server, allowing for you to test new functionality, install new plugins, etc. You can then also push this back to your main site… It’s absolutely freaking awesome.

Now I know most managed hosting providers either already offer this or will soon, but I can’t stress enough how cool this is. Testing a plugin update before you screw up your site? Easy. Testing that theme change? Easy. It’s absolutely perfect. You even get specific FTP accounts for both the staging and live site, so you can give a developer access to staging without giving them access to your live site.

Next steps for WPForce

So… Now we own WPForce. It has a lot of “old” news, a business directory and other things. We’ll be playing with all of that, you’ll find out what and how soon enough. For now, we want to thank Jonathan for all his hard work on the site and wish him all the best!

This post first appeared on Yoast. Whoopity Doo!