Monthly Archives: June 2015

by

How Important Are Reviews to Conversion?

It’s no secret that most people today use their mobile devices to search for the products and services they want. Recommendations from their social media contacts are important, but even more influential are the reviews that accompany product descriptions on Amazon, Yelp!, eBay and other popular sites.

How important are reviews in the online decision making process? One recent poll found that a whopping 85% of people said they were influenced one way or another by an online review before making a purchase.

 

What Customers Are Seeing

The poll, which was conducted by the website Influence Central, also
found that 85% of women said that online reviews were “extremely important” or “very important” when it came time to make a buy or no-buy decision. In contrast, only 1% of people said online reviews were not important at all.

The poll also found that 90% of people believe online reviews are more important than information about the product coming from the seller.

Another 87% said they use reviews regularly when search for both online and brick and mortar businesses. Other findings of the poll included:

– 88% of people said they considered polls very important when buying products from a company they have never done business with before, and 67% said reviews were important when buying a brand they’ve bought before

– 97% of respondents said they can accurately spot a fake review, and 90% said they can tell most or all of the time if the reviewer is exaggerating, with another 86% saying they can detect bias in an online review.

– 89% of people said they don’t trust online reviews that are anonymous, but 77% said they have more trust in a review that includes the author’s name and photo.

 

What This Means for You

What this means is that if you aren’t paying attention to what online reviewers are saying about your products and services, you could be losing sales – especially if you are doing nothing to manage your reviews.

The poll’s statistics indicate that it’s usually not a good idea to try to pad your products with fake reviews you wrote yourself or to pay people to write positive reviews about your products or company. Organic reviews that express genuine opinions will carry the most meaning for your customers. So your goal should be to collect as many organic positive reviews from real life customers as possible.

 

How to Get Positive Reviews

The easiest way to get positive reviews from your satisfied customers is to ask for them. To encourage people to share their good opinions about your products or company, it’s a good idea to include an invitation with every interaction, both online and in person, such as, “If you enjoyed your experience, please share it with your friends and family on social media.”

You also can include plugins on your web pages that make it easy for page visitors to give you positive social media signals such as Facebook “Likes” and Google+ pluses. Or you can include a little box for people to write testimonials or their opinions about your company, the products you sell, or the brands you offer.

This actually is one of the best ways to manage reviews because you get to choose which ones you want to share. There’s nothing that says you are required to publish negative reviews, but they do offer you an opportunity to go back to that customer and try to win them back.

Today more than ever, people are paying attention to what other people are saying about your business online. If you aren’t, you may be missing out on one of your best marketing opportunities.

by

Security Breach Identified for Users of Popular WordPress Plugin and Theme

If you used WordPress to set up and maintain your website and you downloaded the JetPack plugin or the TwentyFifteen theme, you could be vulnerable to a newly-identified cyberattack.

According to the web security website Sucuri, any WordPress plugin or theme that uses the popular genericons package could be at risk of a DOM-based Cross-Site Scripting (XSS) vulnerability.

Both the JetPack plugin (which has more than 1 million active users) and the TwentyFifteen theme (which is WordPress’s current default theme) use genericons. The threat has been identified in the example.html file that comes with the package.

Eliminating the Threat

The quick fix is to remove the example.html file from the genericons package, which you don’t need anyway.

Sucuri said it detected this vulnerability before it ever became active, so it hasn’t done any known damage so far. Due to the website’s wicked fast response time, the threat level to WordPress users isn’t considered serious. But the site warned that it would be easy for the vulnerability to be exploited.

Sucuri reached out to the most popular web hosting services and notified them of this vulnerability and gave them the patch they needed to eliminate it. So if you use any of these services, you already have the virtual patch you need to protect yourself:

– GoDaddy

– HostPapa

– DreamHost

– ClickHost

– Inmotion

– WPEngine

– Pagely

– Pressable

– Websynthesis

– Site5

– SiteGround

But if your site is hosted by a different company, you may need to manually fix the issue yourself. All you have to do, according to Sucuri, is go to the genericons directory and delete the example.html file and you will be completely protected.

Who Is Responsible?

How the vulnerability got there in the first place and what its designers’ intentions were is not known. It’s strange that Automattic and the WordPress team would leave a simple example.html file in the genericons directory. Was this simply an oversight or something more sinister? At the moment, we don’t have a good answer for that question.

Here’s a wonky description of what it does from the group OWASP:

“DOM-Based XSS is an XSS attack wherein the attack payload is executed as a result of modifying the Document Object Model (DOM) “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.”

What that means, I don’t know. But I do know that the XSS payload is never sent to the server side and is executed entirely at the browser level. So even if your website has a firewall, it can’t do anything about the vulnerability because it doesn’t ever see it. While it’s possible to patch the exploit, DOM-based XSS can be very difficult to block.

A Close Shave

But they also are more difficult for hackers to exploit because they require a high level of social engineering to get people to click on the exploited link. But if hackers can get someone to click through, it provides the same level of access as other types of XSS attacks. Theoretically, the exploit could be used to execute javascript in your browser and take over any site you are logged onto as the admin.

Had this exploit not been caught, it could have had a devastating impact on unsuspecting website owners and businesses alike.

In any case, if you remove the example.html from the genericons directory, you should be okay for now.