Friday, May 2, 2014

SimplePart April 2014 Update

Welcome to our News and Update wrap-up for April 2014.

During the month of April, our client's websites saw 2,273,544 unique visitors (-3.8%) and generated 13,205 orders (+4.5%). Those orders totaled $1,803,446.98 (+3.5%) and brought  $479,085.04 (+4.7%) in Gross Profit from Parts and Shipping. Soft visitor traffic around Easter affected everyone’s volume, as it does every year – but this was offset by an increase (+8.9%) in purchase intent month-over-month.

Historically we see soft sales growth from April into May and June, around the end of the public school term (5/23 here in Atlanta). 

Google Search Traffic update

Our client's websites, particularly those with several years history and strong organic results for part number searches, saw a brief dip in Google Search traffic beginning around the 4th of the month, and recovering around the 24th. This affected a specific segment (part number searches) of the search traffic that our SEO targets. We believe this to be related to the “soft” Panda update of 3/24 that we mentioned in last month’s newsletter. Our team made a number of structural and SEO changes, which appear to have recovered a majority of that visitor traffic. We also are trialing several additional new techniques for increasing volume of part number searches beyond the original levels we saw before the “blip” – as we evaluate these trials, we’ll be bringing the best performing ones to our clients over the coming weeks.

Getting strong order volume from Search/SEO is very hard – maintaining that strong order volume over time is even more difficult.Our team is working very hard every day on our clients behalf. For every obvious “blip” in volume, there are dozens more that we are able to avert entirely, or react to quickly enough that our clients are not noticeably impacted.

Industry News


As of this month, Google is no longer providing keyword data for paid search clicks. In the past, Google passed information along with each paid click that conveyed what the user’s Google search was. This allowed us, and other smart websites, to tailor the first page that person saw to more closely match what they were looking for – leading to higher customer satisfaction and more orders. It also allowed us to see the searches that ads triggered for, and to tune out keywords that weren’t a good match – reducing costs, and improving the relevance of the ads users saw on Google. This is a big loss for everyone, and ultimately will hurt ROI for every dollar spent to market with Google.

Google has changed terminology in its reporting. Visits are now Sessions. Visitors and Active Users are now Users. Google’s new terminology is actually what we’ve used all along in our reporting at SimplePart. It clarifies terminology somewhat around the commonly used phrase “uniques.” Uniques can mean “unique sessions” or “unique users” depending on context – there are good reasons why you’d want one number or the other, based on context. Google’s method (and ours) is the industry standard.

Many believe that a “Soft Panda” update rolled out between 3/24 and 4/4. Impacted websites were mixed, and it’s immediately obvious what the common tread was among affected websites.

Google just got a patent approved for “using resource load times in ranking search results.” If applied, this means faster pages can rank better – something we’ve always suspected is already being done.

Google has been testing two new ways of displaying product data on search results pages. Product information in these tests appears to be a mix of Shopping feeds and on-page Rich Snippets. Among other effects, this makes it so that for many users nearly all of the above-fold page content in a Google search result is Paid – particularly with the Carousel trials, only the one top organic search results makes it into view.
1.       Products have been showing up in carousel above Organic Search results
2.       Products have been showing up mixed in with Organic Search results

Google is beginning to make noises about boosting rankings in organic search results for websites running all their content on HTTPS. No change yet, or even expected soon, but do stay tuned.

Websites with Rich Snippets/Schema Markup show in 36% of Google search results and rank better by an average of 4 positions, though only 0.30% of domains surveyed actually use Rich Snippets/Schema Markup. This type of markup tells Google categorically what kind of information exists on each of your pages, and marks where specific bits of information – part number, price, etc – are on each page. For reference, all your SimplePart websites already use this markup.

More guest blog network penalties from Google this month – PostJoint was hit, as well as a number of Japanese blog networks.

Other Security News
AOL put out a security bulletin this month advising of an internal investigation of a possible “security incident” resulting in a large volume of spam email recently from AOL email addresses.

Crafts store Michaels was subject to a hack between 5/8/2013 and 1/27/2014 during which nearly 3m credit card numbers were stolen. Their subsidiary Aaron Brothers was also impacted, for a further 400,000 card numbers.

Spotlight: Heartbleed SSL Vulnerability

There has been a great deal of buzz in the tech and mainstream media lately about the “Heartbleed” bug in OpenSSL. This bug would allow hackers to “listen in” on encrypted traffic between your computer and a website, and affects a majority of the Internet. When you see a “lock” symbol in your browser, the information you exchange with that website is secured by SSL – meaning, your web browser (Internet Explorer, Chrome, etc) encrypts the information you send so that only that one specific website should know how to decode it, keeping your information secure in-flight from anyone trying to “listen in.”

There are different complexity levels of SSL encryption, and many for-profit and non-profit outfits providing myriad flavors of SSL. There are also ways of layering additional security on top of SSL. No encryption is 100% secure. Given enough time and resources, even the most complex encryption can be decoded by someone who is determined enough.

It was discovered that one particular flavor of SSL, OpenSSL, has a bug in it which makes it easy for hackers to “listen in.” Since December 2011, websites secured by particular versions of OpenSSL (1.01 through 1.01f) have been exposing passwords, credit card numbers and sensitive personal information to anyone who knew how to ask for them. The best and most straight-forward explanation I’ve seen for how this bug works comes from a geek-comic called XKCD, below:

To be clear – nearly every web company you’ve ever heard of uses OpenSSL in one way or another. OpenSSL is free and ubiquitous. The list of affected companies which specifically used the vulnerable versions of OpenSSL includes: Google, Facebook, YouTube, Yahoo, Wikipedia, Bing, Pinterest, Blogspot, Instagram, Tumblr, Reddit, Netflix, Yelp, GoDaddy .. and on, and on.

Besides securing client-facing website traffic in-flight, SSL is also used to secure many back-end networking services. For example, we use OpenSSL here at SimplePart to secure the VPN tunnel technology we use for our programmers to access our office when they want to work from home. These kinds of uses for SSL are incredibly common. Companies using OpenSSL to secure back-end services were also at risk from Heartbleed – but generally not in a way that threw off sensitive customer information. The list of companies exposed in this manner to Heartbleed is far larger, though generally the risks are smaller or less obvious.

In our case, we layered additional security (TLS authentication with private keys for each user) on top of OpenSSL for our office VPN and were not actually vulnerable to Heartbleed. Regardless, our NOC team caught the Heartbleed news early and shut down our OpenSSL-secured office VPN well before the story broke in the mainstream press. Additionally, we use enterprise grade SSL certificates from Thawte – a top-tier commercial SSL provider – to secure your websites, checkout and control panel. Our production services were in no way affected by OpenSSL/Heartbleed. Overall, we believe our systems and your data were not at risk from Heartbleed.

The take-away from Heartbleed is that you should assume that any password you’ve used in the past is no longer secure. The online black market is full of compromised passwords and credit card numbers, which will take months or years to flush out. If you have not changed-up your passwords yet, you should.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.