Loading...

Follow Design Reviver - Web Design Blog on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Scope creep is the nemesis of designers and developers everywhere. Almost every client tries at some point to weasel in extra features that were not part of the original brief. When the scope of a project expands because of suggestions from your own team about ways the project can be improved, it’s not really so bad, provided that you can implement the changes efficiently. Normally, however, it is the client that is pushing extra features, and that’s usually something you’ll want to avoid. In this article, we’ll share some advice with you on how to manage and avoid scope creep so you can turn over more projects with less stress.

Why is scope creep such a big problem, anyway?

The simplest answer is that every time you succumb to scope creep and allow the client to weasel in a new feature that’s not included in the contract, you are robbing yourself, robbing all your other clients, and undermining the value of the contract that you’re working on. You may even allow a situation to arise, unless you’ve worded your contract very cleverly, where it is impossible for you to fulfill your obligations and that raises a possibility that the client may not have to pay you for any of your work.

How you’re potentially robbing yourself in such a scenario is that additional feature requests ought to be separate projects which can be billed for individually. As for robbing your other clients, in this case it’s not money but time that is at stake. Your other clients deserve their fair share of your time, and once scope creep hits a certain point, it’s going to take more and more of your time away from other projects. It’s obvious that a contract loses much of its power when you let any clause or condition of it slide. The more extras you allow to creep in unchecked, the more likely it is that your contract will eventually be working against you and in favor of the client. Don’t let that happen.

How clients get away with creating scope creep situations

Your client wants to get as much as possible for as little as possible. Don’t take it personally, it’s just business. All company directors are actually legally required to do whatever it takes to increase the value of their business, which is why the world of business is such an ugly arena in which to do battle.

As this is the case, it means you have to be vigilant. When originally establishing the contract, you need to be completely clear about what is included in the scope of the project, and lock down that scope as tightly as possible. You also need to watch for attempts by the client to weasel in those extras.

The usual method employed by clients is to call you at some really inconvenient time and make suggestions and requests that they know you don’t really have time to discuss with them. So they know there’s a good chance that you’ll just agree without really thinking the situation through carefully. Another thing they’ll do is say “Hey, we love what you’ve shown us so far, but we saw this feature on [other site] and it would be great if you could add that feature for us!”. There are all kinds of variations on that little speech, but they all add up to the same thing: more work for you for no additional payment.

Design contracts just as carefully as you design websites

Of course you have a contract, right? If you don’t, go smack yourself in the head, because you’re already losing the game. Every project should have a contract, so that the possibility for scope creep is reduced or at least managed. You could even build in scope creep clauses to define what should happen if the client makes additional requests after the commencement of the project, and how that situation will be handled. That includes adjustments to the costs of the project and the delivery times for milestone events.

Don’t take requests over the phone

Always get every request in writing. This is very important, because it provides a means of tracking what was requested, when, and by whom. It also gives you time to make a decision and respond appropriately, whereas if you discuss the matter over the phone, there’s a good chance that you’ll end up just agreeing to whatever the client asks for.

Make it clear that extra tasks may delay the completion time, and that they are billable

Minor changes are probably not worth the effort of making a fuss about, but any major request should be treated as a serious scope-changing event, and billed accordingly. Hopefully you will have already built in clauses to your contract to deal with this situation so that you’re not held to the original project milestones and completion date. That becomes especially important if there are any penalty clauses where the client can receive financial compensation if you deliver the work later than the specified target.

Keep track of time

You need a good picture of how much time is spent on any part of a project. You also need to know who worked on what and when. Changes will make an impact on all kinds of things, and some of those things may not be immediately obvious. For example, a minor change to some software feature might create a need for extra documentation, changes to support code and plug-ins, changes to content displayed on screen, and so on. Scope creep can infect your project with many tentacles of doom. If you allow even one past your guard, it could be creating a lot of extra work for your development team across different areas of responsibility.

Don’t be afraid to critique ideas and suggestions from the client

Clients sometimes do have genuinely brilliant ideas and suggestions. Most of the time they don’t. In fact, most of the time, their ideas really suck, because the ideas don’t actually come from them. The ideas come from the influence of other sites, from “marketing gurus”, from helpful people with suggestions (usually mom), and sometimes they’re simply created because your client is a lunatic.

Do evaluate those ideas with an open mind, but it’s likely you’ll have to point out flaws. When an idea is actually good, you can allow it and should mention that it’s a great idea, but… it’s something outside the original scope of the project so you will need to redefine the project and create a new contract. Telling the client this is a magical opportunity to make sure that they understand you’re a professional and that you’re not going to be pressured into anything. Of course, you have to be supremely polite throughout all of this discussion. There’s nothing to be gained from delusions of grandeur at this point.

Try to split large projects into their component parts and have a contract for each

This way, scope creep can be isolated to only a section of the project, giving it less chance to infect other parts of the project. It also means that you have more control over the outcome and you have everything organized in a way that allows you to manage the scope of each portion very precisely.

Try to make sure your contracts include very accurate descriptions of the scope of what is to be done

Contracts are there to protect you (and to some extent, the client), so that everything should go smoothly. That will happen if—and only if—you write the contracts very accurately and clearly. You need to define everything and anything that is included in the scope of the project and mention that anything that is not specifically included in that list is an extra, and considered to be outside the scope of the contacted project.

Business is supposed to be fun

No matter what you’ve heard, business should be fun. The moment it isn’t, you are not doing it right. Don’t let clients intimidate you, bully you, or push you into corners that you’re not interested in visiting. As a service provider, you’re meant to respect your customers, but that doesn’t mean that you should play the role of a fawning servant. Ultimately the message is you should give them what they want, but make them pay for it.

header image courtesy of Brett Tunick

The post Avoiding Scope Creep appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

 
Free fonts are fun, right?

You bet they are.

Not only do free fonts help professional designers stock their collections, but they’re some of the best tools for hobbyists or people who don’t want to spend much money for their small projects.

That’s why the free fonts from FontBundles are so cool.

At the time of this post the website has 26 free fonts for you to choose from. You’ll notice a few expired fonts towards the bottom of the page, so the free fonts page is constantly updated with new options. That’s why we recommend bookmarking the page and checking back in from time to time. This way, you’ll have a consistent flow of free fonts for your use.

We wanted to take a look at the overall FontBundles interface to decide whether or not it’s worth your time, and after playing around with it for quite some time we’ve discovered it’s a pretty impressive site. In fact, the free fonts area is a mere bonus for the multitude of items they have scattered throughout the site. But the best part is the PUA Encoding, which we’ll talk about below.

Examples of Current Free Fonts Zombies

Stefhanie

Lustinmal

Hot Deals

BlowBrush

Fanatic

What We Like About the Font Bundles Website

The free fonts page is pretty darn awesome, especially considering you know that the future has more to provide in terms of stocking your library with cool, and updated, fonts. However, what else is on the FontBundles site that can help your business out?

To start, the navigation bar offers a decent look into what you can find. For example, searching for a font is done through the large search bar at the top. So if a friend tells you about a hot new font, it only takes a second to find it. In addition, the company has new fonts and bundles. The new fonts will give you an idea of what’s hot on the market right now, while the bundles are generally more affordable for designers with lots of jobs on their plates.

Categories

I also enjoy that the fonts are broken up into categories. It’s not always the case that you can browse through fonts like this, but the FontBundles website includes categories such as:

  • Regular
  • Script
  • Logo
  • Foreign
  • Symbols
  • Other Fonts
PUA Encoded Fonts

As you may notice when scrolling through some of the free fonts, a blue check mark sometimes resides right next to a font thumbnail. This means that the font is PUA Encoded. The majority of the fonts I’ve looked at on the site have this check mark, and it essentially means that the most popular software is compatible with the font. This is not always the case when you find fonts online, so you may end up having trouble manipulating a font in your own software. It’s clear that FontBundles is leading the charge is ensuring that all font creators make their fonts as compatible as possible. This expands the number of people who can actually utilize the fonts, while also improving the community for everyone.

Click here to learn more about PUA Encoded Fonts.

Downloading a Font

Some font websites (especially the free ones) are littered with ads, popups, complicated usage details and misleading information about how to download fonts. That’s not the case with FontBundles, since you basically just click on the font you want to download and a simple download page is provided. The free fonts tell you exactly when the deal expires, while the paid options display a price.

A description is generally included to explain what the font is best used for, and then Download and Share buttons are there for your own use. The only step you have to take is to signup for a FontBundles account, but all you need is an email and password.

Pricing When You Find a Great Font That Isn’t Free

Obviously most people going to a site like FontBundles are going to want to see what other solutions are available for their projects. Typography is such a huge part of making a website, email or even something like a mobile app, so it’s wise to not only look at the free items. Therefore, I searched around a bit to see what the pricing was like for some of the fonts and bundles.

When browsing through the New Fonts page, the majority of the initial listings are marked at around $10. Some of them start at $9, while others go all the way up to $16.

You’ll also find some more complex fonts for $49 or $60. It’s clear that it completely depends on the type of font you want to download, but you do have the option for some lower prices if you desire. Besides the free fonts, I personally feel that the bundles are the best deal. This is similar to the Free Fonts page where the FontBundles company updates it with new bundles.

Right now the lowest price is at $10, and that’s for a package called the summer sale. The highest price right now is $29, and that’s for the Summer Font Bundle. The reason these bundles are so great is because they give you all sorts of fonts in a single category. For example, you may find a bundle that’s just for celebrations, like weddings, or maybe you’re looking for a decent amount of fonts that focus on calligraphy.

In Conclusion

Overall, the FontBundles website has plenty of options for you to browse through and consider for your next project. You shouldn’t have any problems locating a font based on a category, and the download process is pretty simple. The standout feature is the marking of PUA Encoded fonts, since you’re far better off going with a font that’s compatible with all design tools. Not to mention, the majority of the fonts in the database are PUA encoded, so it’s not like you’ll have to sift through ones that aren’t.

Feel free to check out the FontBundles free collection here, and drop a line in the comments section if you have any questions about FontBundles.

The post Free Fonts on the Reg: FontBundles is a Must-Bookmark appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Keeping your data secure is not only smart, it’s also the safest thing you can do from a legal point-of-view.  While most online businesses try to cover themselves from liability by putting disclaimers on their website terms and conditions pages, it isn’t really effective as a protection if you are negligent about keeping data safe.  Of course legal liability isn’t the only reason to protect your data, and it’s not the only thing you need to worry about if you fail, but it is certainly important to be aware of the possibility. 

Even if you force your users to click a button to indicate their agreement not to hold you liable for security problems before you let them access anything on your site, it still doesn’t really give you much legal protection, and probably doesn’t give you any.

Legal liability is a big one because of the high costs involved, even when a case brought against you is entirely frivolous.  It gets a lot worse if you’ve done something you shouldn’t have or haven’t done something you should have.

You can also suffer loss of business, loss of trust, theft, damage to your reputation, and other things besides.  It’s not a good position to be in, so always do your best to keep your data safe and secure.  Here are a few things that can potentially make your server less secure than it should be:

1. Not requiring secure connections for things that should be secure

It’s a big decision to force a secure connection because some users buried behind corporate firewalls (and sometimes over-inquisitive hotel firewalls) can’t access HTTPS secured websites.  In part this is because certain types of administrators in certain types of corporations don’t want encryption getting in the way of any snooping they might want to do.  That’s actually kind of silly, because they are placing the corporation and its employees at increased risk when there is extremely little to be gained.

Certain websites like Google and Wikipedia do default to HTTPS connections even though most users won’t be doing anything that needs to be encrypted.  If big sites like that are pushing a HTTPS first policy, maybe your site should be too.

If you allow users to log in from an insecure HTTP connection to services that should be secured, it’s asking for trouble.  Users on HTTP should have to click a link that takes them to a HTTPS version of the page before it is possible to log in.

2. Not using encryption on things that should be encrypted

If you don’t encrypt information, you lose control over it.  Some kinds of information should be restricted only to people who need to see it, and there are even some kinds of information(like passwords) that nobody needs to see.  Encryption helps you control who can see what, and when.

3. Putting sensitive information in areas that are open to public access

Sensitive information needs to be stored in a place where casual visitors can’t stumble upon it.  Some kinds of things like connection strings should be stored at a level above the public_html folder, where it will be impossible to access them by accident and more difficult for an attacker to access them.

4. Relying on htaccess for security

The htaccess file provides some security to keep casual snoops out.  It’s metaphorically more equivalent to a barbed wire fence than a concrete wall.  It won’t keep out a really determined attacker, so it shouldn’t be your only line of defense.

5. Not keeping offsite backups

Your data should be backed up regularly and stored in a secure offsite location.  This is not perfect protection, but it’s going to help you if something really bad happens.

6. Not making changes after an attack against you is successful

Sometimes people just restore from a backup and carry on as if nothing bad had ever happened.  They probably figure that since the attacker got what they wanted, they won’t need to come back.  It’s not particularly logical.  You should always make changes after a successful attack, with the most obvious thing to change being the password.  It’s not just that you should change the password, but you should change everything about the password (it’s length, structure, any mnemonics you used in creating it).

7. Not mirroring

This is really obvious, but frequently overlooked.  Every site should be mirrored.  Without an OTF mirror, you risk potential data loss in the case of a hardware failure.  Backups are helpful, but they’re not real-time.  You’ll lose some things if you have to restore from backup.

8. Not restricting physical access to the server

Server cabinets are lockable for a reason.  The door to the server room should also be locked.  Yes it will slow you down if you need to get in there to do something, but it will also slow an intruder down.

9. Failing to be aware of social engineering

The most common way to gain illegal access to a system doesn’t rely on sophisticated software, it relies on unsophisticated personnel.  In other words, you and your employees are the most likely contributors to an attacker’s agenda, simply because you may not be on guard sufficiently to avoid willingly giving them every bit of information they need in order to perpetrate an attack against your site.

Social engineering is very easy and highly successful.  It simply relies on basic psychology, and the fact that humans generally tend to respond to things in predictable ways.  People also are not always careful about what they dispose of or how they dispose of it.  The recovery of things which have been disposed of can sometimes yield valuable clues to how a system can be accessed, or it can yield sufficient clues to enable an attacker to at least have a better chance of successful social engineering.

For example, if you throw a letter from your bank manager in the trash because it has no business value (he is just trying to sell you a line of credit or something), this gives an attacker some valuable information, including which bank you do business with, the branch of the bank that you do business with, and who the manager of that branch is.  They can later call your business and impersonate the bank manager, and by this means obtain more information from your employees that can be used to perpetrate an attack against you.

What you have to be aware of is that you can’t trust that anybody is who they say they are unless you can verify it.  Somebody wheeling new office equipment into your building will hardly be treated with suspicion, but they should be.  Normally everyone just assumes that somebody else must have ordered the equipment which is being delivered, when in reality nobody did, and it’s just a ruse to get more access to the interior of your workplace, opportunities to gossip with your staff, and things like that.  The office equipment itself might be rigged up in some way to spy on you.

Other favorite social engineering attack methods include law enforcement agents, government officials, and potential lovers.  None of these people might be who they say they are, and you should carefully verify their veracity to the best of your ability.

10. Hosting on an insecure OS

Systems that don’t require a password to perform any task that will have administrative effect are basically toys and only suitable for playing games on.  You shouldn’t use them for business, and certainly not for hosting a website.

Perfect security is impossible, but you can tighten things up

By avoiding the errors listed above, you won’t necessarily be invulnerable to attack, but you’ll be in a better position to avoid, detect, and respond to attacks.  Data is important to everyone who has a stake in it, so do your best to prevent it from falling into the wrong hands.

header image courtesy of AJ

The post If You’re Not Doing These Things, Your Data is at Increased Risk appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

If you host your own websites and you need to provide some level of encryption for the communications that pass between the server and a connected user, there’s a really good chance that you already know quite a bit about Secure Sockets Layer (SSL) technology.

SSL has been around for a very long time, and it has become the standard term that lay people use when talking about any kind of encrypted internet communications, even when SSL is not in play.  In fact only a tiny percentage of encrypted internet communications are still using SSL, and the majority have moved forward to a new technology called Transport Layer Security (TLS).  Even so, the total global internet population is massive, so the tiny percentage of connections still using SSL could potentially add up to millions of individual connections per day.

The final update of SSL was SSL3, and this was found to be an inherently vulnerable protocol, and if you already heard about that, it’s probably had you a bit worried.  We’d like to take a moment to tell you more about what’s going on with SSL3, and what it could mean for you.

What exactly is the problem with SSL3?

Yes, it’s true that SSL is vulnerable to exploit.  Before you hit the panic button and break out your tinfoil hat, consider that all encryption technologies are vulnerable.  It’s just that some technologies are more vulnerable than others.

When data is sent over the internet, it is not all sent as one continuous stream.  It gets split into chunks called “packets”.  This makes the data transmission very efficient, because the packets can be routed through multiple different pathways simultaneously to reach their destination.  Those little packets of data don’t always arrive safely at their destination, but when this happens the recipient computer detects that there are missing packets and simply requests new copies of those packets from the sender.  There are two main types of packets used for internet communications, called UDP and TCP

SSL (and TLS) adds encryption to each packet so that if they’re intercepted, it’s going to take a lot of work for somebody to be able to retrieve any meaningful data from them.  Without that encryption, the data has no protection at all.

In this world there are some people who are very naughty.  Every year they wake up on Christmas morning to find their stocking filled with coal, and I guess this must make them even more mad at the world, so they do even more bad things.  That means things like creating packet sniffing software that seeks out packets containing the kind of data that would be interesting for them.

Packet sniffing is quite hard work and requires sorting through a lot of useless packets, but there will always be some packets of significant interest, mainly because administrators nearly always send passwords in unencrypted emails (because few ordinary computer users understand why or how to use encryption), and most users never change their administrator assigned passwords.  Incidentally, this is why you should always let users create their own passwords at sign-up, as it avoids the need for transmitting a password in plain text.

A huge number of websites also allow users to log in on ordinary http connections,, instead of requiring a secure connection.  How easy or difficult it would be to obtain a password this way depends on the length of the password string and how patient the attacker is.

These kinds of attacks are called Man In The Middle (MITM) attacks.  There are plenty of them around, but the one that put the final nail in the coffin of SSL3 was the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.  POODLE was interesting because it allows attackers to insert things into unused bytes in a packet (padding).  TLS is not vulnerable to POODLE attacks (but it might be vulnerable to something else).  It is therefore preferable for all connections to use TLS when possible.

Should you worry about POODLE attacks?

Yeah.  You should worry about any kind of attack.  The clue is right there in the word “attack”.  But you don’t need to worry about it in the same sense that you would worry about leaving the iron on when you’ve just left home for a three day road trip.  There are no reported instances of POODLE ever having been used outside of a controlled environment to capture information, and the most likely explanation for this is that it’s simply not worth the effort required.

Think about it this way:  Every day thousands of users willingly submit their information to successful phishing attacks.  Phishing is low tech, almost effortless, and hugely successful.  Why would somebody go to the trouble of handcrafting an elaborate firearm if hitting you on the head with an old stick will achieve the same result?

If a POODLE attack were ever to be seriously implemented, it would be going after a specific high level target, and it’s a lot of work to do something like that.  An average attacker with only the intention to steal money doesn’t need to go to all that trouble just yet.  A super-spy out to steal state secrets, well that’s a whole different scenario.

Regardless of whether you’re the CIA, a bank, or just running a simple online shop, it doesn’t mean you can afford to be complacent about the possibility of any kind of known attack, especially if it is one you can guard against, as will be explained in a moment.

Should you just completely disable SSL3 on the server?

This is a question that has stirred up considerable debate among people who care about this kind of thing.  Organizations with a strong sales focus will argue vehemently against disabling any kind of legacy support because it cuts off a considerable (and wealthy) portion of the market.  Older people tend to resist upgrading systems that have always seemed reliable to them, and they are usually the ones with the most money to burn and the least reason not to burn it.

Organizations with a strong security focus, on the other hand, offer the equally valid argument that enabling legacy support encourages users to use insecure systems that place them at risk.

Looking at it from a strictly legal point-of-view, the latter group are probably right because ultimately you will be in the frame if anything should go amiss.  POODLE attacks are directed at the client, not the server, but if a client suffers a loss because your server allowed them to make an insecure connection, there’s really nothing to stop them from suing you, even if you have some sort of fancy disclaimer buried in your T&C.  For that reason, if you use HTTPS for anything other than site identification, it is probably best to disable SSL3 entirely.

It could be argued that as a provider of a service, you have a responsibility to take care of the safety of people who visit your site, much in the same way that shopping mall owners need to make sure their floors are not too slippery.

As a user, how can I disable SSL3 in my browser?

It’s a really good idea to do that, but in modern browsers it may not be necessary, as some will have it disabled by default.  Older browser versions may require manual configuration changes.

Chrome

Anyone would reasonably expect that with Google’s strong focus on meeting the needs of users, they’d have made it easy to tweak every possible feature in Chrome you might want to tweak.  Actually it is not at all easy to make significant changes to Chrome.  Disabling SSL3 in Chrome requires adding a switch to the application launch instruction, as follows: –-ssl-version-min=tls1

Firefox

With Firefox, it is much simpler to disable SSL3 permanently without having to mess around changing the application launch settings.  You start with about:config in the URL bar.

Accept the warning if one is offered.

Do a search for TLS.

Change the value of the key security.tls.version.min from 0 to 1.

This means you won’t accept a connection with anything less than TLS1, so attempts by a server to establish an SSL3 connection will be rejected.  Firefox makes everything so easy that you have nothing further to do except closing the tab.

Internet Explorer

Simple method, stop using it unless you really have to.  More complex method, go to Start → Internet Options → Advanced and uncheck Use SSL3.0.

Safari

Ensure all the latest security patches are downloaded and installed on your Mac system.  SSL3 will be disabled by default.

Other browsers

You’re on your own.  Good luck!

After disabling SSL3 on my server and in my browser, will I be safe?

Of course not.  There are just two choices:

  • Be connected to the online world; or
  • Be safe

There are no shades in between these two extremes.

header image courtesy of Alex Vinogradov 

The post Everything You Need to Know About SSL3 appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

There is a massive Cold War being fought on the Internet at the moment between website owners and search engine service providers such as Google.  While not all website owners are actively participating in this war, there is an increasing multitude of companies trying to recruit them over to the dark side.

This war was created because the two sides have completely different agendas and policies:

  • Search engine service providers, such as Google, strive to list sites in order of quality and popularity. They believe (slightly incorrectly) that there is a direct relationship between quality and popularity.
  • There are some good website owners, but they are widely dispersed and appear to live a hermit-like existence.  The vast majority are engaged in constantly striving to make their low quality sites artificially more popular so that they will rank higher.

Caught in the middle of this conflict are the web users.  Many of them contribute unintentionally to the problem, due to their own search behavior.  Because most users only visit the first few sites listed on the first page of search results (unless they are really determined to seek out quality information), these are the sites they link to on social media, forums, and their personal blogs.

In turn, this has sometimes caused search engine service providers to be fooled into thinking that the popularity of those sites is due to their quality.  Upon discovering that you’ve been made a fool of, how do you feel?  Well, search engine service providers feel the same way, and that’s why they work hard to stop you doing that to them too many times.

The SEO Industry: Corrupting the Internet one site at a time

It’s debatable as to whether the SEO industry is a positive for website owners, but for users and search engines, the SEO industry has absolutely no positive points whatsoever.  It is literally the worst thing ever to happen to the web, even taking into account things like forced memes and endlessly looping GIFs.

On top of all that, the SEO industry rakes in hundreds of billions of dollars (mostly by overcharging) and is typically as crooked as a three dollar bill.  Every SEO salesman is promising to get clients on the first page or even to the top of the first page in search results, but how can they all do that for all their clients?  It’s impossible, unless you optimize for search terms so obscure that it would be impossible to fail.

Can’t live with ’em, can’t live without ’em

Having said all that, the SEO industry has become so aggressive in targeting business owners to convince them of their necessity, that SEO has actually become necessary.  The attractive bait offered to business owners is basically that they don’t need to invest in quality, just in a magic bag of SEO tricks that will propel them up the popularity charts without having earned their place.  That this is more costly than producing quality in the first place has largely gone over their heads.

Search engine service providers have grudgingly come to accept the necessity for website owners to apply some SEO techniques in order to avoid being left behind.  Overwhelmingly, however, they do not look favorably upon the majority of SEO methods or the businesses that make use of them, and will react negatively to any discovery (or sometimes even suspicion) of what they term “SEO abuses”.

SEO abuse is rampant, and in the short term it usually works

Due to the extremely widespread proliferation of SEO abuse, the industry unofficially divided itself into black hat and white hat camps, with large variation over what practices put you in which camp.  To simplify the issue down to its most basic level, however, it should be noted that any SEO strategy that does not have improving the website quality at its core is a black hat strategy.

Black hat SEO accounts for the vast majority of commercial SEO solutions for a simple reason.  These businesses can only prosper when their clients get results, so they will usually do whatever it takes to get results, including blatant SEO abuse.  The focus is strictly short term with a view to getting a noticeable spike in traffic so the site owner will be induced to pay for another month of service.  In the long term, the abuses are likely to be detected and sanctioned, but by that time the company will have adopted many new clients which will more than cover for the loss of you as a customer.

Evolution is essential to life

In order for the search engines to remain alive, they need to constantly evolve.  This is why the “rules” for SEO keep changing so much, with many formerly effective strategies being reduced to ineffectiveness or even counter-productiveness.  The better SEO companies evolve in line with the evolution of search engines, but you’ll still find an incredible number of companies using methods that haven’t really been viable since the late 1990s.

The scourge of false positives

It is an unfortunate consequence that many innocent website owners—those who have never strayed into SEO abuse, and who have patiently built the success of their site over a long time—are victims of search engine evolution.  The changing rules are difficult to keep up with, but also extremely difficult to rectify retroactively, and getting any negative decision reversed is a major uphill battle.

The worst of this situation was when Google decided to start punishing sites for having what their robots consider to be too many low quality inbound links.  Not only is this concept poorly defined and difficult to understand, but it is something that is exceptionally difficult to fix, and often not the fault of the site owner.

Staying on the right side of the line

The frontline of the Cold War between search engine service providers and site owners is volatile, and staying in “safe territory” is challenging enough, let alone trying to actually win.  You can put the odds more in your favor by avoiding these practices that invoke the anger of the search engine overlords:

  • Link farming
  • Like farming
  • Link trading
  • Blatant keyword seeding
  • Producing huge amounts of worthless content

The last two may be a bit complicated to figure out.  Minor keyword seeding is not necessarily a bad thing as long as it is done reasonably and the content is still clearly aimed at users rather than search engines.  Many companies pay content farms to produce nonsense articles with no real value to users, where specific search-engine-friendly terms are laced throughout.  Thus you read lines like:

“One of the best dental clinics Baltimore is XYZ Dental Clinic, voted a great clinic by people in Baltimore looking for dental treatments Baltimore.”

A user seeing the above line will not stick around long and is highly unlikely to click through to XYZ Dental Clinic, but for the SEO company this is not bad because getting the click wasn’t the point of creating the content.  The content was created only to fool a search engine robot.  This is why Google started using bounce rate as a metric, because humans rarely waste their time reading anything that is painful to read.  Bounce rates help Google to flag pages that are likely to have been produced solely for SEO purposes, where it is obvious that such is the case.

The flip side is there are practices you can follow that can improve your SEO position without negative consequences.  These include:

  • Paying for the production of large amounts of high quality content that you host on your site
  • Ensuring your outbound links are high quality and on topic
  • Encouraging quality inbound links by hosting quality information
  • Peering with sites offering related and relevant content which is also of high quality
  • Getting genuine likes and shares due to quality, relevance, and/or high entertainment value

As you can see, the recurring theme there is quality, relevance, value.  Give audiences what they want, and they will reward you handsomely.  Thus the single best thing you can do for your site is to create your content for people, giving them a quality experience by making them the focus of everything your produce.

It comes down to excellent web design, quality content, and proper attention to how traffic flows to your site, from your site, and around your site.  Do all these things, and your site will rise to the top through a natural process that the search engine service providers have always intended should be the case, and that’s a win for everyone except your competitors.

header image courtesy of Jemis Mali

The post The Ever-Shifting Goalposts of SEO Rules appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

True web designers are a rarity these days.  The usual—and very lazy—solution employed by most people offering design services is simply to take a template created by somebody else, modify it slightly, and then squish and bend their client’s content until it fits into the template design.

This is not a good practice to be utilizing, and it’s literally the exact opposite of how things are supposed to be done.  There’s this trite old saying that “Content is King”, and that really means content first, design second.  If you think about it for a moment, kings are not really supposed to be squished and bent, are they?

So really the best websites are those which are designed to fit the content that they were created to present, and not the other way around.  Unfortunately due to the prevalence of wishy-washy clients with a “build it first, fill it later” mentality and no clear idea of what they want to say, every designer at some point has had to build a site filled with nothing more than the dreaded “Lorem Ipsum” text wall.

If you can find a client who truly understands the value of good content and is willing to make that a priority, it is equivalent to finding a diamond in a huge mountain of coal.

1. Read, examine and stare at the content until you can’t bear to do it a moment longer

Your inspiration for this new site should come from the content itself.  As you read through it, examine your feelings and this should guide you towards the correct design.

2. For textual content, determine the level of each block

Blocks are just paragraphs, but some paragraphs are supposed to have more weight than others.  Paragraphs of different types can be sorted into levels, for example:

  • heading
  • sub-heading
  • by-line
  • regular text
  • block quote

Those are just some possibilities, but every document is a bit different.  Some will have more levels and some will have less.  If you assign each of these different block levels a number, you can print out your content and use a pencil to indicate the numeric level of the block.  Once you’ve done this, you can use the information for style mapping.

3. Create a style map

If wire frames and prototypes are the preludes to a website, then a style map is a prelude to a style sheet.  You create it just as a basic spreadsheet which will contain:

  • the numeric code for each block level you defined in the previous step
  • the unique class name you are going to assign for each one
  • font face and/or family, font fall-backs
  • font size, font color, font weight
  • any special formatting instructions that apply

Once you have the style map created, it’s very easy to create a style sheet from that.  It’s worth noting that the style sheet you create for your content should be stored as a completely separate file from the style sheet you create for your page design.  Modularity gives you freedom, and of course you should always separate content from design to the maximum extent possible.

4. Define a layout for each snap point on your grid

Now that you know how your text blocks are supposed to look, you should decide what shape the text is going to take.  It’s unlikely you’ll want to span it all the way across the page, so work out how wide you want the text column or columns to be, and how non-text items are going to enter the flow.  Don’t forget to take into account that you’ll probably need to change the layout for smaller devices.

5. Draw up the prototype and get approval from the client (if necessary)

You don’t want to waste time coding if you have a fussy client.  Always get approval for a design before you set to work on actual development.  For now, it’s best to simply mock up a simple prototype in your favorite prototyping tool (Inkscape, for example) so everyone can see your vision of how the finished site should look.  Hopefully the client likes what you’ve done and greenlights it, otherwise you’ll have to start over.  But it’s still better than if the same thing happened when you’d spent hours or even days coding an example.

6. Do the initial build

It’s time now to roll up your sleeves and get typing.  Here is where it gets a bit tricky, because you need to write up all your HTML and cut and paste each text block into the right tag pair (maybe H1, maybe P, maybe something else).  It’s quicker to just create all the tag pairs in their raw form and paste the text blocks in, an d then go back later and add the class names to your opening tags.

7. Review the end result and check that it matches your design

Actually it’s best to test as you go, but in the end the finished product should look like your original design or it should be better.  If it’s not, that means you’ve made a mistake somewhere and you’ll need to find it and fix it.

8. Do some user testing

This is the most difficult part of the job, and you’d better hope you have a thick skin because user test participants can be far rougher on your ego than even the most persnickety client.  Still, you won’t want to release something that isn’t perfect, and if the users simply don’t take to the design at all, you should be confident enough in your ability to go to the client and let them know the design isn’t working and that you’re going to take a new approach.  There’s no shame in this.  The shame comes from knowingly releasing a design that isn’t perfect, and you can count that double if you add the site to your portfolio.

9. Finish off the job and get paid

This is the only part of the whole process where you can’t be certain of the outcome.  Hopefully your client is a decent sort of person and pays up without a fuss.  If you’ve done everything right, it will surely increase the chances that your client is willing to pay for your hard work, even if they have no clue as to how hard you actually had to work.

Designing sites to fit content is always much better than designing a site first and then fitting content into it.  It means you’re aware of exactly what you have to fit.  There will always be times when you don’t get that luxury, but when the opportunity is there, grab it with both hands.  There’s never anything good about Lorem Ipsum.

header image courtesy of The Fox And King

The post Designing Websites for Known Content appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Many people involved in Web Development, and especially clients, mistakenly believe that the UI is synonymous with the web page itself, and consequently focus much of their attention on visual aesthetics, with practical matters left as an after thought.  There’s no denying that visual appeal is an important aspect of any site design, but interface design is so much more than that.

UI design is an important specialization within the development spectrum.  It is primarily focused on the interactivity aspects of a web page.  How it looks is important.  How it acts or reacts is normally much more important.  It does you no good at all to dazzle users with an exciting and impressive look if you can’t back that up with a robust interface that does everything the user expects of it.

Let’s take a look at some of the major things you should be paying attention to when designing your user interface.

1. Plan your interactivity from the outset

The biggest website killer of all time is the designer who focuses all their energy on creating impressive visuals, tacking on a haphazard or almost non-existent interactivity to the system right at the end of the job.  Actually that’s not strictly true, because when a designer doesn’t invest any energy at all into creating a great look and still does a poor job of providing interactivity.

Before you build that site, you should have a very clear idea of how it’s all going to fit together.  You should have a good idea of what users are going to expect from your site and the kind of actions they are likely to take while visiting.  You may also want—very rarely—to include a few things the user isn’t expecting, but these should always enhance the UX rather than detract from it.

Clippy the Paperclip is a good example.  While many users eventually came to find Clippy annoying, his first appearance was so unexpected that he created a huge impression.  This no doubt helped Microsoft enormously in its quest to dominate the office productivity software market.  A very small and even kind of silly addition to a serious business application, yet it made a substantial impact, simply because it was unexpected and different.

Anticipating what the user might want to do is key, and if you can exceed their expectations by delivering a high quality interactive experience, then your site is likely to be very successful.

2. Remember to focus on the needs of the user

Too many sites are built from the point of view that they are built to present information about a business, and so their focus is on the needs of the business (to talk about themselves) and not enough on the needs of the user (to obtain useful information that will benefit them).  The result is a lot of boring, bland, static websites that aren’t very helpful to users and probably weren’t worth creating in the first place.

Even as far back as 1984, the Ford Motor Company was giving away driving simulator games featuring their cars.  From a marketing perspective, this was a stroke of genius.  They were getting kids too young to drive already dreaming of someday owning a Ford Bronco.  It was the ultimate brand loyalty gimmick.  Now imagine how much different it would have been if they had simply issued some software presentation that just described how great their cars were.  Good interactivity made all the difference when it came to capturing the audience’s attention.

In the modern day, if we were creating a website for a car manufacturer we would want to make sure that we did all of the following:

  • Make it easy for users to find the model of car they are interested in
  • Make the car model selectable so the user can go to a dedicated page about that model
  • Provide all the details a user would want to know, and make it really simple to access those details
  • Give users a 3D tour inside and outside the vehicle
  • Provide professionally produced video footage showing the car in action
  • Let users interact with a 3D model of the car, adding accessories, changing the paint color, etc.

It wouldn’t hurt, either, to invest in creating a game for them to play.  We have the technology available, so why not exploit it?

3. Be creative, but don’t stray too far from standards

To some extent you may want to customize the interactive components on the site, and that is certainly a great idea.  But you have to be careful not to take it too far.  You want users to say:

“Hey, that’s a really cool close button!”

not:

“Is that a close button? Or what?”

Over the years, certain standards for interface controls have evolved, and for a very good reason.  These standards help users to more easily accomplish the tasks they are trying to accomplish.  Remember it’s all supposed to be about the needs of the user, not about the needs of the business you’re creating for.  You may sometimes need to remind clients about this.  Inexperienced website clients start their briefing with “I want…” instead of “Our users will want…”.

4. Make sure your interactive UI components fit into the overall design

These days, web design needs to be responsive and able to handle being accessed from any kind of device capable of supporting a web browser.  That sometimes means planning what you’re going to do if you have an interface component that won’t scale well or that wouldn’t look good in some kinds of devices.  In some cases that may involve replicating similar functionality on a modified version of the component and setting it only to display on a particular range of resolutions, or it may mean hiding the component completely.

Remember, it’s not just about visuals.  It’s not a good thing if your page is loading things that the user will never see on their device.  Make sure your interface planning includes conditional decision-making steps.

It’s still OK to be awesome!

Just because you need to have a good handle on usability, interactivity, and practicality, it doesn’t mean you can’t still make a fantastic looking design.  You should always be attempting to make your designs as visually appealing as you can, because they are a part of your portfolio.  It’s just that you must ensure you’re not sacrificing the practical aspects in favor of the visuals.

header image courtesy of  Webshocker

The post Doing UI Design the Right Way appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Building a website is critical for the success of your business, but once you have found a reliable hosting provider and chosen a domain name, the next stage in the process can be a challenge. Or so most people believe.

A few years ago, building a website was tricky. You needed to have a good understanding of coding, which meant asking a tech geek to do the honors. Today websites are plentiful and there is a ton of tools to help even the totally clueless build a fully functional website. Most website hosting providers offer free website builder packages, which are there if you want to use them. For some people, this is a quick and easy way to build a website, but with so many other options available to try, is it worth bothering with a free website builder?

Easy to Use Drag and Drop Interface

Free website builders are designed to be very easy to use. They utilize a ‘drag and drop’ facility. All you have to do is drag blocks around, insert text and media, and then publish the content. It is easy for novices to create good-looking websites and the best bit is that you don’t need to have any coding knowledge at all.

Content management systems such as WordPress give better results, but they are not quite so simple to use. WordPress is fairly intuitive and once you get the hang of how to add new themes and install plugins, you will have no problem figuring out what to do. However, if you have never done anything like this before, there will be a steep learning curve in the early stages.

A Free Website

Free website builders are free. For new businesses, this is a bonus. Paying a website developer is expensive and although you will end up with a bespoke website, you may not have the budget to spare. WordPress is free to use, but if you don’t have any experience, you may end up having to pay someone to help you out, which is not free.

Free website builders can work well for complete novices. With their simple “what you see is what you get” interface, it is very easy for a newbie to shuffle things around and create a simple website. Free website builders come with a selection of templates. You can try a few out for size and if you get bored with one, swap it for another.

Build a Website Fast

The good thing about using a free website builder is that you can build a site for your business in no time at all. For a new start-up with big ambitions, this is very important. The last thing you want is to wait weeks or months to create a strong online presence. Using a website builder gets the website creation bit out of the way, leaving you with more time to focus on other areas of your business, such as finding customers.

If you need a website fast, and you don’t have time to figure out WordPress, use a free website builder such as Weebly or Squarespace. However, if you are keen to learn the ropes and you want a better quality site, try WordPress as it has more to offer.

header image courtesy of  Laura Reen

The post Are Free Website Builders Worth Trying? appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Your business’ reputation is one of the most important assets you have. Without a solid reputation, your business is sunk. That is why it is so important to include reputation building in your digital marketing plan.

The Importance of a Digital Reputation

You know your basic business reputation is important, and in the past, that was all you had to worry about. Today, though, your digital reputation is what you really need to focus on because such a large part of your consumer base is going to be finding you through digital marketing. Digital means cell phones, applications, the internet, and anything using digital media.

Your reputation is so important because it helps you stand apart from the competition, lets your customers know you can be trusted, and encourages people to become employees of your company. When you have a positive reputation, you will find yourself coming out on top in comparison to competitors, drawing in customers easily, and having a great pool of people from which to choose when you are hiring.

Where to Focus Your Digital Marketing Efforts

When you are developing your digital marketing plan, make sure that you are considering the top places to build your reputation and engage your customers. If you are new to digital marketing, then it helps to learn more about it and possibly hire a company to help you, such as ReputationDefender. Getting help from a professional will really make things easier and allow you to manage your digital presence better.

The first thing you want to do is invest your time in building your social media profiles, this includes the following sites:

Twitter
Facebook
Instagram
LinkedIn

These are just four of the most commonly known platforms, but there are many more out there. Just make sure you don’t get too in over your head. Remember that you have to maintain a presence on these sites, too, so start out small and add more sites as needed.

You also need to create a blog. People really want to see that you are an expert in your field, so you need a blog where you can publish helpful information. You also want to be sure your blog is offering them unique content that will help them to understand your business better and establish a good connection with you.

If you are super ambitious and really committed to building a solid reputation, then you need to consider developing an app. This will really depend on what business you are in, but it could be anything from a shopping platform to a helpful program to a game. Just make sure it is useful and better than anything similar on the market.

Managing Your Reputation

So, how do you handle your digital reputation? It is all about monitoring and making smart moves. The thing about digital marketing is that once people hear about you, they will start digging to find out more. They will look for your social media pages, website, applications, and any other digital presence you have to learn about your business. You have to stay on top of everywhere your business is being mentioned to maintain your positive reputation.

Negative reviews or remarks about your company can cause major damage to your reputation. To combat this, you have to make sure that your marketing plan includes a way to manage reviews and comments. You likely won’t be able to catch every single one, but you should at least be monitoring all your online accounts where messages could be left and any major review sites where your business has been reviewed. Respond to a negative review or remark in a positive way. Your goal is to turn things around and try to fix the situation.

Another thing you need to work on is getting your business out there on respected platforms. This could include creating an app that is highly rated, getting an article written about your business on a popular blog, or even being followed by a celebrity on social media. The goal here is to get recognition from someone who is already trusted and who people will look to for recommendations and advice. It is like the online version of a testimonial.

Finally, you have to take advantage of social media. It is not enough to just create an account. You must make it an ongoing part of your marketing efforts. You should be posting on social media regularly. You want people to follow you, but they will only do that if you are posting often and posting interesting things, so put a lot of effort into maintaining social media. This will do a lot for your reputation and help you gain recognition.

Building a positive reputation is really not too difficult when you are using digital marketing smartly. You have to be committed to it. It is not something you can just put in place and leave alone. The whole idea is to interact with your customers and let them see what a great business you are.

header image courtesy  of  Justas Galaburda

The post Why Building Your Reputation Must Be Part of Your Digital Marketing Plan appeared first on Design Reviver - Web Design Blog.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

WooCommerce gives WordPress owners the opportunity to add an online store to their WordPress website. It has become one of the most popular e-commerce solutions available and is used by thousands of websites to sell huge numbers of physical and digital products every day. Below are five of the main reasons why you should consider using WooCommerce.

WooCommerce is Easy to Use

If you and your website designer are familiar with WordPress, you should have very few problems installing and maintaining a website that uses WooCommerce. Setting up WooCommerce is a relatively easy procedure. In many instances, it is integrated into premium WordPress themes, which you install when you are creating a blog.

This means you only have to do a small amount of store configuration and you can quickly start adding products to your online store. Once these tasks are completed, you’re in a position to start selling your products on the internet.

It Can Be Easily Customized

Out of the box, WooCommerce is an effective selling system with an array of useful selling features. However, many website owners want more from their e-commerce solution and will request changes to be made to the default system that is installed on their website. WooCommerce can be customized to suit all types of requirements. The functionality and appearance of a store can be adapted to suit the needs of every type of online business.

WooCommerce is Affordable

In the past, setting up an online store was expensive and complicated. You also had to depend on expensive website designers, who often charged high fees for their technical services. These issues prevented a lot of businesses from selling online.

WooCommerce is one of the online shopping solutions that has changed all of this. It is free to use and most of the WordPress themes that use WooCommerce are either free or extremely cheap to purchase.

It Is Scalable

As a company grows, you want your e-commerce store to grow too. WooCommerce is a stable e-commerce system which lets you add more products as a business expands. Busier web sites usually require a more advanced hosting solution and WooCommerce is designed to handle more visitors and more products.

WooCommerce is One Component in a Powerful Sales System

WooCommerce is only one of the many features available on a WordPress website. You can also blog about your business and products, add social media components, build subscriber lists and much more, without having to use any other website platforms. This means all of these components can be used alongside your e-commerce store to develop an extremely efficient, integrated sales system, which is difficult to achieve using other website platforms.

Many of the hurdles that once existed for online sellers no longer exist and it has never been as easy to set up your own e-commerce store. WordPress and WooCommerce have played a major role in this change and look set to make it even easier for future online business owners to set up shop easily on the internet.

header image courtesy  of  Fireart Studio

The post 5 Reasons Why a Website Owner Should Consider Using WooCommerce appeared first on Design Reviver - Web Design Blog.

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview