Protect Your Website from Hacks

protect website against hackers

In the online world you’ll find lots of great things, but there are also many hidden dangers that are easy for the average person to forget about. If you have a website of any kind, there is always the potential of a cyberattack. Hackers are a real threat, and they perform attacks for all kinds of reasons. I’ve had to deal with a few of our clients websites which have come under attack.

Whether your site is a personal blog, a hobby, or a business platform, you’ll want to make sure that it’s protected from online vulnerabilities that can have real life consequences. In this post I’ll share some tips on how to keep your website secure and protect it from hackers.

Broadly speaking, a cyberattack is an attempt by a hacker to expose, alter, disable, destroy, steal or gain unauthorized access to a computer network or system. You may think it can’t happen to you, but it can and it likely will if you do not take the steps to secure your website. To a hacker, any vulnerability is an opportunity, so the key is to be proactive and take the steps to protect your assets ahead of time.

Tip #1: Create Strong Passwords

This might sound obvious, but passwords are always your first line of defence against a hacker. This means that you need to develop strong passwords for both your server and website’s admin services. A strong password should include uppercase and lowercase characters, special characters, and numbers. While some people will suggest using a random phrase, the strongest passwords are actually random sequences of letters, numbers and symbols.

If you find yourself struggling to keep track of all of your passwords, I would recommend using Last Pass. This tool can help you create strong new passwords as well as keep track of multiple passwords across your platforms in a secure way. It will also save you time and aggravation trying to remember all of your passwords. It also is an Iphone app which makes it more useful than browser password managers as you can access to any passwords all the time.

Tip #2: Prevent SQL Injection Attacks

An SQL injection attack is a specific cyberattack in which the attacker will use a URL parameter or web form file to access your website’s database. Even though the SQL injection is over 15 years old, it is still proven to be a successful attack method for hackers across the world. For websites with a standard Transact SQL, the attacker can just insert a piece of code into a query that will allow them to change tables and access or delete data. You can prevent this simply by using parameterized queries. If you are not a web developer, speak to your web development service provider to make sure they implement parameterized queries for your website.

Tip #3: Install Security Plugins

A great way to enhance the security of your website is to install dedicated security plugins. If you use a web host such as WordPress, there are several plugins available for you to download such as 6Scan Security, Sucuri Security, and WordFence. These plugins offer a wide range of features from automatic vulnerability fixes to protection against various types of attacks to firewall protection. It’s best to compare the plugins available and select one with the features that work best for you.

Tip #4: Stay Up to Date

One of the most common vulnerabilities that lead to successful cyber attacks is out of date software. Whether it be website themes, plugins, or other software, it is crucial to keep it up to date at all times. Updates are released for a reason: and that reason is to patch potential vulnerabilities, fix mistakes, and keep your website secure and running smoothly.

Tip #5: Set Up File Permissions

File permissions: do you understand how they work and what they can do for you? A website is made of many files including plugin files, media files, design files, and more. If one of these files is granted an incorrect permission, a vulnerability can be created which a hacker can then exploit. You especially want to avoid giving important files the execute permission, which grants full control. To avoid creating accidental vulnerabilities, learn how your permissions work or ask your web developer to double check the file permissions for you.

When you’ve put so much effort into building your website or brand, you don’t want it to be ruined by some anonymous hacker on the other side of the globe. Following the above 5 tips will help your website stay secure so that you can protect your content and data and keep doing what you love. Remember: you can never be to careful when it comes to website security.

Want to talk about web development? Contact us and I’d be happy to chat about keeping your website secure.

Choosing A Web Host

how to choose a web host

If you want your website to stand out, there is a good chance that you have sunk a lot of time and energy into making it look great. Your content and design are on point and your site is optimized for searches – so now what? It’s time to go live! But that might be easier said than done as there are so many web hosting service providers to choose from. If you aren’t sure which web hosting provider to go with, you are in the right place. Below I will go over some things to look out for when you are choosing a web host.

There are always multiple varying factors that will change based on each individual website (e.g. audience location, how much traffic you are expecting), and this may influence which web host service that you choose to go with. But, when it comes down to it, the four main items that everyone should look for in a good web host are speed, reliability, scalability, and security. I’ll go through each one below.


When you talk about a website’s speed, you are most likely talking about how fast your site will load. A good service speed will allow your content to load quickly on the browsers of all site visitors, no matter where they are accessing your site from.

If your website’s files are hosted on one server in one place, the speed will decrease as the visitor gets further and further away from that server. The solution to this is store and distribute the assets in a content distribution network (CDN). CDNs distribute your files through data centres across the world and will deliver your content to your visitors via the data centre that is closest to them. Look out for at least one, if not two, CDNs if you want the fastest speeds.


How can anyone view your website if it doesn’t load? One of the most key elements that your web host should offer is 99.99% reliability. If your web host is constantly scheduling “down time” or a shared server can’t handle spikes in traffic, this can damage your website’s success. At the end of the day, down time equals missed opportunities for potential customers to visit and view your site.


Scalability goes hand in hand with reliability. This element looks at how well your site handles a higher than normal amount of web traffic, and what your server does when it gets an overload of requests. The best web hosting services will automatically spin up servers in response to traffic flow, so your site will be able to handle any amount of traffic. This means that if your brand goes viral, your website won’t crash.


Lastly, security should always be on your mind when it comes to the web. When a website URL starts with “http://”, it is not secure. On the other hand, websites that begin with “https://” show an indication that all communication between your web browser and the website itself are encrypted with an SSL certificate. It’s useful to note that some browsers will show a lock icon instead of “https://” to indicate that the website is secure.

Security is especially essential for any websites that collect personal information of any kind. SSL certificates not only help keep this data secure, but they also impact your Google rankings. Sites without an SSL certificate rank lower, so if you are serious about improving your rankings you will want to look out for a web host that promises and delivers security.

While those are the four main items that you should definitely look out for in a web host, there are also other bonus features that can impact your website’s SEO and performance. These should be seen as non-essential but “nice to haves”. I’ve listed those below.

  • HTTP/2: the newest version of the hypertext transfer protocol brings faster websites, but not all hosting platforms support it yet. If you are able to find a web host that does offer it, it could be worth it as there is evidence that Google may be including HTTP/2 in their ranking algorithm. With features like multiplexing and header compression, HTTP/2 is worth searching out.
  • Auto backups and version control: This will stop you from losing valuable changes made to your site!
  • Site-wide/per page password protection: To help your passwords stay secure.
  • Simple publishing workflow: This makes it easy to publish on your site so you can spend your time doing more important things like building your brand.
  • DDoS attack protection: Distributed denial of service (DDoS) attacks are malicious attempts to disrupt normal traffic. They can be serious – so it might be nice to have protection from these attacks included in your web hosting service.

After reading this article you should have a pretty clear idea of which web hosting service you want to go with. Never be afraid to ask potential service providers lots of questions when it comes to speed, reliability, scalability, and security. Still not sure which web host to go with? I am happy to answer questions about web hosting, website design, or SEO – contact me to get started.

Google Ads & SEO Are A Deadly Duo

google ads and seo are a dealy combo

If you are wanting to improve your SEO rankings but aren’t sold on Google Ads, I want you to rethink that. The are a couple of reasons why, which I’ll explain in a bit. Read on to find out what those are.

I’ve already talked about how long it can take to increase SEO rankings. Depending on a few factors, it’s going to take an SEO company time and patience to do the job properly so that a website sticks highly on the first page. There will be money spent and it will take some time to see some organic traffic visit the website.

For many business and website owners, that’s a tough pill to swallow. That’s why I’ve always said SEO is a long term investment as you won’t have to keep paying for SEO services and subsequent organic traffic after the rankings stick. But this is also the reason why people aren’t sold on Google Ads and having to continuously pay for traffic.

Let me introduce you to a deadliest tag team in online marketing.

Google Ads and SEO

I would like to propose an idea, and that is to invest in both Google Ads and SEO at the same time. This will increase the monthly budget but it’s worth it. Here’s why.

While the SEO campaign is working away in the background and your search rankings are improving, driving traffic to your website will help the SEO company and it will also help the business owner.

Here’s how it helps the SEO company:

Show Me The Data!

This will give the SEO company very sound data on what keywords are generating the most amount of engagement on the website. Whether that’s simply average time spent on website or goal conversions, the data will help the SEO company make any tweaks to the keywords being targeted.

Here’s how it helps the business owner:

Offsetting Costs

The business owner will be able to generate leads from the Google Ads campaign. Then hopefully close some sales to offset the cost of both the Google Ads spend and the SEO services. This will cost more than just running an SEO company but it’s money well spent for both parties.

It’s hard for many business owners to shell out money on SEO as it’s a process that might not see much in the way of results, traffic and leads. But as I explained above, it can a great option to also invest in a Google Ads campaign.

Fill out our discovery form if you are interested in this approach or using either of our SEO or Google Ads management services.

Google My Business Messaging


By November 15th, Google My Business Messaging will only allow communication trough the GMB app. In this post I will show you how to set this up.

So a couple of weeks ago I followed my own advice and did a brand search to see what the results look like. I was pretty surprised by something I hadn’t seen before.

meaningful marketing victoria bc - Google Search

The “Request A Quote” button is enabled if you have GMB messaging setup. I recalled setting up messaging in the GMB app sometime ago but totally forgot about it. Good thing I was reminded so I can write this post and notify all of you about Google My Business messaging!

With that said, here is how the process works and how you can setup GMB messaging.

The GMB Messaging Process

Being rather intrigued I went ahead and sent a request to see how I would get notified. A few years Google started allowing people to post and questions on your GMB page. Great idea but when it first rolled out, you weren’t notified. You had to monitor this instead of being sent an email tied to the GMB page. Stupid right? Well they’ve rectified this thankfully.

Part of me was concerned I wouldn’t get this quote request. That was all put to rest when I get a SMS message with the details. The number wasn’t local so I responded to the text and asked for more information.

Here’s how the process works.

After sending a text back to myself, I was notified in my Google maps app with the conversation.

google my business messaging

To me this works fine since I have the Google maps app. But I have no idea how I would have gotten notified of a response if I didn’t have the app my phone. You’d think a Gmail notification would have been sent but there wasn’t.

Overall, there are a lot of issues with this. The first one being what if the business phone number on your GMB page isn’t a cell phone? I guess you would get a phone call with text transcribed. But how would you respond to the SMS to start the process of contacting the person back.

But Google has picked up on this!!


Download The GMB App & Setup Messaging

To my delight yesterday Google sent me an email notifying me of a change to the Google My Business messaging process and it makes way more sense! On November 15, messaging will move from SMS to the  GMB app. Here are the steps in that email to enable receiving messages to your GMB app:

1. Open the Google My Business app

2. Tap the ‘Customers’ tab

3. Select ‘Messages’

4. Tap ‘Turn on messaging’

After this step is completed you’ll want to setup an auto respond message. You can do this by clicking on the three dots on the right of this screen and selecting “Messaging settings” on the bottom of the screen.

gmb messaging1The next step is to select “Edit your welcome message” and then enter your message of up to 120 characters.

gmb messaging

From there you will need to turn on notifications from the GMB app so you can be notified when someone messages you. How likely is someone to send you a message? I think the odds might be pretty low as I believe new websites still have tons on value. If you have a website you are proud of and conveys your brand messaging, then you want people to visit it and learn more about your business and what sets you apart.

I also still believe people want to see your website too. They want to know why they should choose you, what kind of reviews you have and how they can trust you before reaching out.

There is the odd chance someone visits your website then a day or two later Googles your name and messages you direct from your GMB page. But I doubt anyone will Google your business without visiting your website and bit the “Request A Quote” button without visiting your website to learn more. After all, that would be like going back to the YellowPages phone book days where people started at the letter “A” and call around for quotes.

Regardless of what I think, you should set this up and see what happens.

Common Google Ads Mistakes

Would you believe me if I told you that SEO and PPC (pay-per-click) are not polar opposites? When you are looking to optimize your Google Ads, you can use both search disciplines to help you see real results. Another way to optimize your Google Ads is to avoid costly mistakes. These mistakes are so common that many Ads accounts have them right from the start. Below I will highlight some of the most common Google Ads mistakes that I see so that you can flag and fix issues before calling in a professional to do it for you.

Too Many Keywords

This is arguably the most common mistake in Google Ads. While Google suggests to make sure your keywords all fall under the same theme, this theme can either be specific or way too broad. If your main theme is too vague, it should be split into multiple ad groups. Try and keep your ad group themes as specific as you can, as this helps you have more control over the ad.

The more control you have over the ad, this means more control over where and what you spend your money on, what your ads look like, what your landing page to ad match is, and more. Even if it means having many more ad groups, trust me, you are going to want to follow my advice. Remember: it is way easier to manage a large number of organized ad groups versus a small number of unorganized ad groups.

Match Type Selection

The next big mistake that many people make is picking the wrong match type. There are four match types that you need to know:

Broad Match: This is the match type that I would recommend using the least. Broad match basically just means that you write out the keyword, and Google will display it for whatever it believes to be relevant in a particular search. This means that if you include one keyword, Google may show your ad in any search with that keyword, regardless of relevancy

Broad Match Modifier (BMM): The BMM is an upgrade from the broad match that includes additional elements. With this type, you put in multiple keywords that can exist in any order and with other words around them, but they all absolutely have to exist in the search.

Phrase Match: Phrase matches are similar to BMM, but they are more restrictive. You can have a keyword phrase with any words before or after, but none in the middle of the phrase. For example, if your phrase was “car dealer” you would match with “used car dealer” but not “car and truck dealer”.

Exact Match: The exact match includes your keywords and nothing else. This is the most specific match type, so you should try it on your most competitive keywords.

I’ve already wrote about how you can waste tons of money on wasted clicks if you’re not using the proper match type.


Only One Ad Per Group

Next, let’s talk about only having one ad per ad group. I have a few tips for you about ad groups:

a) Try to have at least 3 ads per group. You might think it is easier to manage only one ad per group, but it is actually really hard to see what is working well for you if you have less ads in each group. Have at least 3 ads per group!

b) Bring out emotion in your ad copy. Don’t simply include generic phrases like “our service is the best”, because that isn’t what gets people to call you. Find out what kinds of emotions your clients or team are feeling and use those in your ads! Emotional touches really help your ad to stand out.

c) Include a call to action. People don’t always know that the call to action is the call to click your ad. Including a simple line such as “contact us today” helps the reader understand what they should do when they see your ad. It may seem simple, but it can really improve your results.

d) Use extensions. In Google Ads you will find a section called Extensions. These are small additions to your ad such as having an address show up under an ad, or somebody saying “we’re open 24 hours”. There are many different extensions that you can use, and I’d recommend putting in every extension possible for each ad group. Each extension won’t trigger at the same time, but having them enabled makes them ready to trigger when given the right opportunity. When they do trigger, this gives your ad more prime space and squeezes out the ads of your competitors. This is especially effective on mobile. Just be sure to double check that your filters are set up properly for local extensions!

Separate Display and Search

Finally, always keep display and search separate on Google. Google will automatically want to show your ads everywhere, but you should know that different types of ads work better on the display network versus the search network.

To remain in control of your ad campaign, avoid showing text ads on the display network. Since the search network mainly features text-based ads, it may seem easy to show the same ads on the display network (on websites). But when you do this, you end up with a boring text ad on a website with 10 other ads already on it. Your text ad is not the one that will stand out in this instance. I would consider this a waste of money, and you may end up paying even more if Google labels your group as “bad”. Instead, make sure your display network ads are specially designed for the display network, and leave the text-only ads to the search network.

Any questions about optimizing your Google Ads campaigns? Learn more about our Google Ads campaign management service.