Death of the Web Home Page. What replaces it??

Go Back You Are Going Wrong Way Sign

One of the gold nuggets on the “This week in Google” podcast this week was that some US News sites historically had 20% of their web traffic coming in through their front door home page. 80% of their traffic arrived from links elsewhere that landed on individual articles deep inside their site. More recently, that has dropped to 10%.

If they’re anything like my site, only a small proportion of these “deep links” will come from search engine traffic (for me, search sources account for around 20% of traffic most days). Of those that do, many arrive searching for something more basic than what I have for them here. By far my most popular “accident” is my post about “Google: where did I park my car?”. This is a feature of Google Now on my Nexus 5 handset, but I guess many folks are just tapping that query into Google’s search box absolutely raw (and raw Google will be clueless – you need a handset reporting your GPS location and the fact it sensed your transition from driving to walking for this to work). My second common one is people trying to see if Tesco sell the Google Chromecast, which invariably lands on me giving a demo of Chromecast working with a Tesco Hudl tablet.

My major boosts in traffic come when someone famous spots a suitably tagged Twitter or LinkedIn article that appears topical. My biggest surge ever was when Geoffrey Moore, author of “Crossing the Chasm”, mentioned my one page PDF that summarised his whole book on LinkedIn. The second largest when my post that congratulated Apple for the security depth in their CloudKit API, as a fresh change to the sort of shenanigans that several UK public sector data releases violate, appeared on the O’Reilly Radar blog. Outside of those two, I bump along at between 50-200 reads per day, driven primarily by my (in)ability to tag posts on social networks well enough to get flashes of attention.

10% coming through home pages though; that haunts me a bit. Is that indicative of a sea change to single, simple task completion by a mobile app? Or that content is being littered around in small, single article chunks, much like the music industry is seeing a transition from Album Compilations to Singles? I guess one example is this weeks purchase of Songza by Google – and indeed Beats by Apple – giving both companies access to curated playlists. Medium is one literary equivalent, as is Longreads. However, I can’t imagine their existence explains the delta between searches and targeted landing directly into your web site.

So, if a home page is no longer a valid thing to have, what takes it’s place? Ideas or answers on a postcard (or comment here) please!

Email Subscriber Lists: Thunderbirds are go

Thunderbird One

I’d had someone last week ask where the “subscribe” button to my blog was. I didn’t have one. Also conscious that I need to get an email out to a portion of my LinkedIn contacts, I thought it was time to invest in a proper email platform. The WordPress WPMU Dev Community always appear to be in awe of Mailchimp, which has all the features to run professional looking email campaigns and which is free to use for subscriber lists of less than 5000 contacts. It also has excellent integration with WordPress.

I have downloaded my LinkedIn contacts into one list, which I will only use one time as part of my next role landing effort. I was taught many years ago that 70% of all roles tend to come by personal referral and which tend not to get advertised – and hence a small one time plea for referrals. Mailchimp allowed me to customise the email subject lines with people’s Christian names (Surname available also) and to lay things out very neatly. I then spent quite a considerable time laying everything into one of the many provided templates to look nice, and added pictures of some of my accreditation certificates on the end.

The dialogue you go through to finally release the email (in both HTML and Text forms) is really quirky and amusing (it shows a chimps finger dripping sweat about to press a big red button, and afterwards high-fives as the email send goes underway). 5 minutes later I have 21 out of offices and my first reply. Looking good.

The reply email action also allows you to pre-populate the subject and the message field, so it minimises the amount of work the recipient has to enter to reply back to you. Overall, very well thought out from start to finish.

I created a second “Simplicity Sells” mailing list which is totally empty – but which is populated by people who want to subscribe to this blog. After adding in the WordPress Mailchimp for WP Plugin, I put the widget in the right hand bottom footer. That, however, is right at the bottom of a potential very long list of posts, so I elected to add a custom “Subscribe” page using a short code and linked this onto the top menu. All worked first time, and confirmed my email address correctly – and into the mailing list things went.

Reading more on the Mailchimp blog and their knowledge base, you can see a lot of the hoops they jump through on your behalf to run a mailing list for folks that willingly subscribe to your content. Impressed.

All running fine so far. Let’s see how this rolls over the next few days.

Hey (you): Keep it short, use a name, profit


Seeing various bits and bobs about writing better emails today (or getting attention for your words among the surroundings in a typical email inbox). One from KissMetrics that advises keeping subject lines to 35 characters (which means that the full text of the subject fits on an Apple iPhone screen) and to start off with the recipients name. More (in multiple subjects squeezed together and a few sample short bits of email subject line click bait) here.

I had an account manager from AWS ask me where the follow facility was on my blog, and i’ve realised there is no easy link – so i’m currently building one using the very impressive Mailchimp. This has an associated WordPress Plugin which appears to have many 5* reviews and a vast majority of the support posts with quick answers. So, a small project to finish this weekend, and a side use to boot a very short message to some of my LinkedIn contacts using the same facility.

That apart, i’ve done my share of reading to try to improve my own writing. All the way from “Write Like the Pros: Using the Secrets of Ad Writers and Journalists in Business” by Mark Bacon, to revising from “How to Write Sales Letters that Sell” by Drayton Bird. Even to buying and listening to the three videos in Drayton Birds “How to Write (and Persuade) Better“. I hope it shows!

In the meantime, I notice Drayton’s off on a rant about a menu he’s been subjected to at a Restaurant up the Shard today. Typical Drayton, though he’s got a lot more mild since he phoned up the CEO’s office at Thus (ScottishTelecom as was, before being subsumed into Cable & Wireless, then Vodafone). I wouldn’t dare repeat what he said, but it caused some immediate impact, and he got some business out of being so explicit at the time. I just cringed.

Help available to keep malicious users away from your good work

Picture of a Stack of Tins of Spam Meat

One thing that still routinely shocks me is the shear quantity of malicious activity that goes on behind the scenes of any web site i’ve put up. When we were building Internet Vulnerability Testing Services at BT, around 7 new exploits or attack vectors were emerging every 24 hours. Fortunately, for those of us who use Open Source software, the protections have usually been inherent in the good design of the code, and most (OpenSSL heartbleed excepted) have had no real impact with good planning. All starting with closing off ports, and restricting access to some key ones from only known fixed IP addresses (that’s the first thing I did when I first provisioned our servers in Digital Ocean Amsterdam – just surprised they don’t give a template for you to work from – fortunately I keep my own default rules to apply immediately).

With WordPress, it’s required an investment in a number of plugins to stem the tide. Basic ones like Comment Control, that  can lock down pages, posts, images and attachments from having comments added to them (by default, spammers paradise). Where you do allow comments, you install the WordPress provided Akismet, which at least classifies 99% of the SPAM attempts and sticks them in the spam folder straight away. For me, I choose to moderate any comment from someone i’ve not approved content from before, and am totally ruthless with any attempt at social engineering; the latter because if they post something successfully with approval a couple of times, their later comment spam with unwanted links get onto the web site immediately until I later notice and take them down. I prefer to never let them get to that stage in the first place.

I’ve been setting up a web site in our network for my daughter in law to allow her to blog abound Mental Health issues for Children, including ADHD, Aspergers and related afflictions. For that, I installed BuddyPress to give her user community a discussion forum, and went to bed knowing I hadn’t even put her domain name up – it was just another set of deep links into my WordPress network at the time.

By the morning, 4 user registrations, 3 of them with spoof addresses. Duly removed, and the ability to register usernames then turned off completely while I fix things. I’m going into install WP-FB-Connect to allow Facebook users to work on the site based on their Facebook login credentials, and to install WangGuard to stop the “Splogger” bots. That is free for us for the volume of usage we expect (and the commercial dimensions of the site – namely non-profit and charitable), and appears to do a great job  sharing data on who and where these attempts come from. Just got to check that turning these on doesn’t throw up a request to login if users touch any of the other sites in the WordPress network we run on our servers, whose user communities don’t need to logon at any time, at all.

Unfortunately, progress was rather slowed down over the weekend by a reviewer from Kenya who published a list of best 10 add-ins to BuddyPress, #1 of which was a Social Network login product that could authenticate with Facebook or Twitter. Lots of “Great Article, thanks” replies. In reality, it didn’t work with BuddyPress at all! Duly posted back to warn others, if indeed he lets that news of his incompetence in that instance back to his readers.

As it is, a lot of WordPress Plugins (there are circa 157 of them to do social site authentication alone) are of variable quality. I tend to judge them by the number of support requests received that have been resolved quickly in the previous few weeks – one nice feature of the plugin listings provided. I also have formal support contracts in with Cyberchimps (for some of their themes) and with WPMU Dev (for some of their excellent Multisite add-ons).

That aside, we now have the network running with all the right tools and things seem to be working reliably. I’ve just added all the page hooks for Google Analytics and Bing Web Tools to feed from, and all is okay at this stage. The only thing i’d like to invest in is something to watch all the various log files on the server and to give me notifications if anything awry is happening (like MySQL claiming an inability to connect to the WordPress database, or Apache spawning multiple instances and running out of memory – something I had in the early days when the Google bot was touching specific web pages, since fixed).

Just a shame that there are still so many malicious link spammers out there; they waste 30 minutes of my day every day just clearing their useless gunk out. But thank god that Google are now penalising these very effectively; long may that continue, and hopefully the realisation of the error of their ways will lead to being a more useful member of the worldwide community going forward.

Supporting Child and Adolescent Mental Health Services

Child & Adolescent Mental Health Services Poster

I’ve been setting up a WordPress site with an associated BuddyPress Forum on my Digital Ocean Linux Server during the gaps today (we have our 2 year old granddaughter staying with us this weekend). This for my daughter in law Gill, who is doing some work with Mental Health Charity MIND, and potentially with CAMHS (Child & Adolescent Mental Health Services). This to provide a much needed information and shared experience resource for Medical Professionals, Parents, Teachers and Children. The latter both the afflicted, and siblings plus others they have regular contact with.

As a former special needs teacher, she finds there’s a massive gap in training and that from speaking to medical students, she’s found they learn barely anything about mental health. She’s keen to close that off and to also give online support to all concerned wherever and whenever it’s needed.

I’m just working around a few nuances on how one particular WordPress theme queues up a newspaper style layout on the front page, and to put in some of the preventative measures to arrest the usual torrent of user & comment spam that afflicts sites like this. Once done, she becomes mission control.

Really looking forward to the result when it goes live, her other commitments permitting!


Indie Web Fragmention support added here

Highlighted Pen Marks in Book

I saw an excellent article on Fragmentions on Medium, written by Kevin Marks. One of the big gotchas with telling someone to go look for information on a web page is that the paragraph you want to point at is often a far distance down – so the user has to go scanning the page to find the text you reference.

Kevin proposed adding two hashes to the end of a web page URL, where you could park words to look for in the text of the page. So, for example, if I wanted to send someone to the paragraph in my recent blog post about Police Statistics where I mentioned “crimes solved”, i’d cite a URL of:

and off it would go to that page, scroll down to that text and highlight the location where it resides. Job done. Fortunately, he mentioned this on an Indie Web IRC channel, and Jonathan Neal duly coded it up in short order. One implementation as a Chrome Extension, so you added support for this structure to any web site you visit using Chrome. The other implementation was for a single web site, so that anyone on any browser – without any special extension added – nevertheless could get the same effect immediately. You can download this off Github here.

I’ve implemented the web based Javascript version to work all across A few examples:

You get the idea. It works even without the final slash character before the ## – that is just a feature of the default URLs on my blog. You can do this for any URL on my blog – so feel free to refer away!

Footnote: I’ve implemented this as a custom child theme on my WordPress network site, leaving the fragmention.js file in the parent themes Javascript subdirectory, then adding the loading code and associated CSS into a copy of the header.php file in the child theme directory, just above the call to wp_head(). I avoid calling in the Javascript if the page being rendered is an Admin/Dashboard related page:

Fragmention Code in header.php

File style.css in the child theme directory just inherits the style.css content from the parent theme:

Code in style.css in WP Child Theme

Things should get easier as there are already at least two WordPress plugins queued up for approval to do all this automagically for any WordPress site (cited here). In the meantime, my handcoded version seems to work okay. Enjoy!

Louboutin Shoes, Whitened Teeth and Spamalot

Picture of a Stack of Tins of Spam Meat

I run a WordPress Network on one of my Linux Servers in Digital Ocean, Amsterdam – the very machine serving you with this text. This has all the normal network protections in place, dropping virtually everything that makes its way in through what can be classified as a common attack vector. Unless the request to fire up root access comes from my fixed IP address at home, it doesn’t get as far as even asking for a password. Mindful of this, I check the logs occasionally, mostly to count how many thousand break-in attempts my security handiwork resisted, and to ensure no-one inappropriate has made it through. That apart, everything just hums away in the background.

A few days back, I installed the iOS WordPress app on my iPad Mini, and likewise the Android version on my Nexus 5 phone. Armed with some access credentials, these both peek at the system and allow me to update content remotely. Even to authorise comments where i’ve chosen to allow them in, and to approve them for display where i’ve indicated I want that control. Even though I have only one WordPress site that even accepts inbound comments, I started getting notifications that comments were arriving and awaiting moderation:

Screenshot of WordPress App, showing Spam arriving and attached to Gallery Images

Strange thing is that “Oktoberfest” and “Loddon Medal” were images in sites where I nominally had all comments switched off. However, WordPress appears to have a default where people can comment on images stored as attachments on the site, and also allows folks to insert trackback URLs – pointing to other (nominally more authoritative) sources of same content. Both features now seem to have fallen into wide disrepute and used by bots to load up comment spam on unsuspecting WordPress sites.

Job number one was to shut the barn door on these – for which there is a nice “WP Comment Control” plugin that can deny all future capability to exploit these features, site by site, in your WordPress network. Duly installed and done. The next job was to find where all the comments had been left, and remove them; on inspection, they were all on a dummy template site i’d left as an example of work that I could easily replicate and tailor for a new paying customer. Over 10,500 comments and trackbacks awaiting moderation, mostly relating to folks promoting teeth whitening services, or selling red soled Louboutin shoes. I’d never noticed these before – a nice side benefit of having my iPad and my Nexus phone plumbed in and telling me I had new content awaiting for approval somewhere deep in my site hierarchy

You can do things manually, 20 at a time, marking comments as spam, trashing them and then emptying the trash. None of the automated removal plugins appeared to work on a WordPress Network site (only clearing things from the first site on the system), so a more drastic solution needed to retain my sanity and my time. I ended up working out how the individual sites on the network mapped into MySQL database tables (the /ld3 site on my host mapped into table wp-5-comments in database wordpress). Then some removal with a few lines of MySQL commands, primarily ‘delete from wp-5-comments where comment_approved = ‘spam’ or comment_approved = ‘0’ or comment_approved = ‘1’;

With that, all unwanted 10,500+ spam records gone in 0.39 of a second. All locked down again now, and we live until the next time the spammers arms race advances again.