CSS Tricks: One of Our Go-to Resources

Spin faces a lot of CSS challenges. In fact, hardly a day goes by where one of our clients needs a tweak, a box moved, a picture stretched, or a responsive web-page modified. As web-makers, we need to continuously keep our CSS skills sharp and ready.

Where do we go to get informed? The website CSS-Tricks.com is a resource par-excellence for any serious web developer. Far from a dry manual or software documentation, CSS-Tricks offers interactive guides, tutorials, and even an “almanac” of CSS selectors.

Why an almanac? Maybe the founder of the website, Chris Coyier is showing some of his Wisconsin roots! Like Spin Group, Chris founded some of his various tech enterprises in Wisconsin, and some in Milwaukee. Chris went full-time with another awesome site you may have heard of, Codepen.io in Milwaukee. Didn’t think Milwaukee was a tech-hub? Think again!

Click below to access CSS-tricks!

 

No foolin',

This website is awesome.

Site Search After Google Custom Search

Google announced about a year ago that they were dropping the paid custom site search functionality, meaning any existing users of custom search were going to start having ads show in their site's search results this year.

On April 1st, 2017, Google will discontinue the sales of Google Site Search, the paid version of Custom Search Engine. All new purchases and renewals must take place before this date. This product will be completely shut down by April 1st, 2018. This note does not affect Custom Search Engine.
— Google CSE's homepage
google cse.png

Paid Google Custom Search Engine is going away.

Sites using it will soon start displaying ads in their results.

Most site's are hitting the end of their ad free Google search right now. Meaning website owners are getting a notice that looks pretty scary - stating that Google's paid custom search engine is expiring and sites will start displaying ads.

We have a lot of clients and many on HubSpot which doesn't have a native search functionality(yet). Our HubSpot clients mostly used Google search, it was inexpensive, and high quality. Now though that Google made their change to drop the paid search our clients have requested an alternative.

We spent months researching the best solutions for our clients and came across one that we like quite a bit, and have already converted most of our Google Search solutions on those sites to use.

We've decided to use SiteSearch360 for most of our sites. The pricing is very competitive, the service doesn't rely on having server side access to the site(a problem for HubSpot sites) and it's very flexible and easy to set up.

The best part in our eyes - We're able to keep most of the old Google search code in there, and layer SiteSearch360 on top. Why? Well one of the advantages to this approach is we can keep the same search form, and what will happen is, if a user submits a query and for whatever reason SiteSearch360 ever has an error and fails, the Google search will kick in and provide results.

Yes the Google Search will have ads if it ever triggers, but that is way better than a search form that doesn't function at all. So far we've found SiteSearch360 to be very stable so we're not worried about needing to do this, it just means we don't have to remove most of the google code, and we get the added benefit of a fallback just in case.

Site Search 360 gives us the flexibility to add instant search suggestions and more interactive result listings.

 

Feature-wise SiteSearch360 provides a lot of modern functionality like instant search suggestions and javascript based ajaxy results, allowing us to keep the user on the page and display results in say a modal speeding up the user's navigation around the site, and keeping them engaged.

 

Client Lead Gen

Client Lead Gen

Recently, we had a client who required a lead generation form with a superb UX.  However, the HubSpot form builder does not support the form type that our client needed. Our client also needed submissions to post into HubSpot for it’s analytics and marketing goodness. We came up with a solution using the SurveyJS library. We also used some fancy CSS and Javascript to solve the problem.

Common Misconception The Majority of New Website Owners Have

There are some misconceptions or myths that small business owners and small website owners often have. These myths can actually be dangerous, and often cost a lot of money in the long run.

I have a small business/website, no one is going to hack me because there are bigger fish out there.

This is unfortunately a very commonly held belief by small business owners and small website owners. The truth is, hackers attack ALL websites. Not just the bigger well known companies.

You might think, why would they waste their time on my site? The reality is, they're not. Hacker's create bots, which often are part of a botnet(network of tons and tons of computers infected with the bot software). These bots constantly scour the internet, trying to break into admin panels of sites, trying to inject malicious code through contact forms. Try to repurpose forms into spam delivery systems. These bots also often try multiple methods of breaking into a site, looking for common vulnerabilities, often found in earlier versions of software.

Hackers deploy these bots and they go to work with minimal effort by the hacker. Once a bot finds a vulnerable site, it often reports back to the hacker - "Hey this site is vulnerable!". The hacker then either manually or using a script, breaks into the site, and often changes the content of the site in such a way to make money off of your site, often displaying ads for some less than family friendly products and services. They can completely sabotage your online presence, get you blocked from google search due to malware. If you offer online services you're whole business could be in jeopardy. They may steal any information you have in your site's database - including any client information you have stored there. They can send spam to your clients in a way that it looks authentic like it came from you. They can infect your clients computers with malware by providing them download links to files that initially look like they could really be from you. Hackers may even hold your site ransom, demanding money from you or your business until you pay them[Do not pay them, seek help from law enforcement and a web development/security company, At SpinGroup we've handled cases like this and restored client's sites and locked hackers out.].

You may be thinking this is scare tactics and worst case scenario, but actually it's a very real problem and it's not a new one.

78% of sites hacked in Q1 of 2016 were WordPress sites. 55% of those sites were out of date at the time they were infected.
— Securi

Other notable statistics:

60% of the hacked wordpress sites had malware, which can lead to getting blacklisted, and your sites visitors becoming infected. 71% of hacked wordpress sites had a PHP backdoor, which allows the hacker to continue to perform ongoing malicious actions on your site, without needing access to your wordpress admin panel.

Statistics found on Securi's website.

How to secure your site

First it's important to know you can't make your site invincible to attacks from hackers, just like you can't make a building impervious to robbers. Instead security is a deterrent and intended to drastically slow the attackers, until either better security can be added or until they can be caught. The only way to make a website impervious to hacking would be to host it on a computer that is never turned on - and that would completely defeat the purpose as no one could access it. Securing your site does a few things:

  1.  Makes you less of a target(most hackers don't want to spend their entire day trying to get into your site, unless they've got a serious grudge). 
  2. The more secure the site the more skill it requires from hackers. This often prevents the majority of hackers - which the industry calls "Script Kiddies". These people often use tools created by smarter hackers to break into sites with old vulnerabilities.
  3. A secure site buys you time. If a hacker is determined to break into or infect your site, it will take them a lot longer to find a vulnerability if you follow best practices. If it takes the hacker long enough, it's possible your site will get updated during the time they're spending on your site, and any previous security holes will get patched, making their task even harder and time consuming.

The easiest way to keep your site secure is to keep your site's software up to date. This means CMS core updates, Plugin updates, Theme/Template updates. Take regular backups. Another good practice is regular security scans. If you frequently update your site yourself, you and anyone else who does, should follow good personal security practices and regularly scan and maintain your computer. Otherwise your computer could be the way the hackers get access to your site. It's like telling a vampire they can enter your house, don't do it!

At SpinGroup we realize most business owners want to focus on running their business and don't want to think about maintaining their site, keeping up with the latest security news, and securing their site. This is where SpinGroup comes in. We offer WordPress Concierge. WordPress Concierge is a service for businesses of all sizes, here's what we'll do for you:

  • Keep your WordPress Core up to date.
  • Keep your plugins up to date.
  • Keep your site backed up on a regular basis(daily)
  • Regularly scan your site for vulnerabilities, at-least once a month, often more often than that.
  • Based on what makes sense for your budget and your business, we alot a set amount of any-use hours per month to do miscellaneous tasks for you related to your website. From installing and setting up plugins/themes, to teaching you how to update portions of your site yourself if desired.
  • If your site gets hacked while under our WordPress Concierge plan, we find out quickly, and thanks to preventive and preparative measures we take we get your site safely back to the state it was before the hack quickly and efficiently, minimizing any damage the hackers may have caused. We then take further precautions to ensure there are no traces left behind by the hackers and that proper security precautions have been taken to prevent them from re-attacking.
  • While we can't guarantee a specific amount of time it will take to recover your site, as it always depends on how badly it was attacked. On average we get hacked sites back into working order within a few hours, and even for some of most severe situations it's often within 24 hours.

If you're interested in this service please contact us using our contact form and let us know what you're looking for and we'll get back to you.

How to maintain a WordPress site

We work with a lot of WordPress sites and maintain them for our clients.

The main things you need to do to maintain your wordpress site are:

  1. Keep your plugins up to date
  2. Keep your WordPress core up to date
  3. Keep your theme up to date (if applicable)
  4. Make sure your site is actively being backed up
  5. Check regularly for security issues.
  6. Optimize the performance of the site.

That's a lot stuff, and all of it is important, forgetting to do any of these things can have pretty dramatic undesirable results, for example: your site getting hacked, your site taking forever to load, or someone making a change to the site that breaks something and you need to be able to undo it.

There are a lot of plugins you can to do things like optimize your site's performance and help keep your site secure, some even can take backups. The challenge though is finding the right tools that are legitimate, work great, and are not going to bog down your site.

If you're looking for help with this, as well as help understanding how to update and manage your WordPress site, let us know because we can help!

We can even take all of the responsibility of maintaining all of these things off of your shoulders and let you do you. You should be able to keep focusing on the content of your site, and the value you bring to your visitors, not doing all the technical stuff.