Image of the pop-up screen when you've verified a domain property type in search console

How to Verify Google Search Console Domain Property Types

…there’s a catch: it’s a little more difficult to set up one of these domain property types in Google Search Console. You see, you can’t use the Search Console unless you prove to Google that you are authorized…here’s how

The thumbnail image for the YouTube SEO part one course

Our YouTube SEO How-to Series has Begun – See Part 1 for Free

In this first part of what is expected to be a 3-part series we discuss the importance of YouTube for business marketing because of its critical role both as a stand-alone search engine, and as a provider of results to Google’s main search engine.

Picture of man discouraged to illustrate SEO frustration

Brutal Reality: SEO is a Process that Guarantees Frustration

I think Search Engine Optimization is in its own category for plans that don’t seem to work out right.

Google Analytics How To Video: Give Another Company Access to Your Account the Safe Way

When we start doing SEO and digital marketing for a new client we always need to request access to their Google Analytics accounts. In most cases where companies have used SEO and marketing agencies or consultants in the past, they have shared their Google login credentials as a way to let that entity into their account. So how does that sound to you? Well, if you have even a moderately cautious nature you probably hesitate to give the keys to your Google Analytics account to just anyone, much less a company you’re just beginning a relationship with.

And you don’t have to. Any professional digital marketing agency should be more than satisfied with the solution illustrated in this video. Use it and keep your analytics account secure!

Transcript

Hi. This is Ross with Horizon Web Marketing and this is a quick tutorial video to show you how to add a user to your Google Analytics account in order to give them access to the account. So here you’ll see, this is a demo of Google Analytics account and I’m assuming at this point that you know how to log yourself into Google Analytics.

And if you do [log into Google Analytics] you normally are given this dashboard or one that looks similar to it. And now you have an opportunity to add a user and we often will make a request of clients that we work with that they give us access to their Google Analytics account so that we can either manage it or do diagnostics on their site.

So you go down to the lower left there where it says Admin. Click on that and you’ll be given this panel here and Google allows you to change things that have to do with your account, your property or your view. Now you don’t need to understand what those three things are in order to do this process.

All you need to do is go to the account level which is normally where we need to have access. Click on User Management. It will show you what users are already granted access to this particular account. And then you’ll notice up here at the top right there’s a little blue or a white plus and a blue circle. You click on that and then we’re going to click on Add New Users.

Then you need to be able to do an email address that is a valid email address. So in this case I’m going to say Ross@HorizonWebMarketing. Then you have the chance to leave this by default. It’s checked and that is to notify new users by email. But if the person you’re adding doesn’t need to get an email you can just go ahead and un-tick that.

And then you also have a chance here to be able to enable certain levels of permissions. Now normally when we ask for access to account we want to have all permissions at least above the line here. Now to give full permissions you also need to tick this box here that says Manage Users and normally is you want somebody to be able to add other users to your Google Analytics account you’re going to have tick that box.
With respect to, for example giving access to a SEO Agency typically they’re going to want to have access these three and if you tick the top box here it’s going to by default, enable the other two. So at this point we are done with our job and now that new user is going to appear. And here I am, Ross@HorizonWebMarketing and then you’ll be able to see what the various levels of permissions are under the permissions column.

And once you’re done all you have to do is exit out. You can go back to the home screen of your Google Analytics property and you’re done. I hope this has been useful.

Thumbnail for video explaining how to check website for malware

Is Your Website Infected with Malware? Free Tools to Help You Check.

And You Don’t Even Need to Be “Techy” to Use Them!

Scroll down to watch the video (audio transcript is below that)

Do you know that “bad actors” on the internet will try to infect your site with malware and spam in ways so subtle that you don’t even know they’ve done it? And often they aren’t after your secrets, they just need your website to help them blast spam emails, practice negative SEO, or host hundreds of advertising pages you don’t even know about.

In they process they can hog your website resources and earn you or other websites a bad reputation with Google. For that reasons you need to be able to quickly check your website for unwelcome intruders. Of course there are lots of more technical tools for doing this (if your site is running WordPress our favorite tool for checking and protecting is Wordfence).

In this video we take a look at a number of other tools that require no technical expertise to use, and we find that they are not all created equal.

(Interested in more in depth SEO training? We offer live SEO workshops like this.)

By the way, if you discover that malware is infecting your website, you will need technical help, so be prepared. But whatever you do, don’t ignore this issue. It’s one of the first things we do when we’re doing an SEO Audit.

Audio Transcript

Hi, everyone. I’m Ross with Horizon Web Marketing, and I’m here with another SEO Audit How-To. So, we’ve been working our way through the SEO audit checklist that we use internally when we do an SEO audit on a site and giving you little tips on how you can clear items from your audit checklist. Let’s take a look at the checklist. As we scroll down under the technical factor section of the checklist, you’ll see that one of the sections is security issues, and I’ve done another video that talks about how we can clear these two items. Is the site using https, and is that being served consistently?

detail image of seo audit checklist with the security issues highlighted

Today, we’re going to talk about this question, is the domain clean of hidden malicious code? Now, you may think that your domain is as clean as a whistle, but on the other hand, the people that are out there planting malicious code on websites often do a pretty good job of not letting you know that they’re around. And don’t be going according to the assumption that every time someone hacks into your website, they want to steal something from you. Often they’re hacking into your website so they can do things like blast out spammy emails or put up advertising pages that you don’t know about using your domain, and now also they might use your domain for something called negative SEO, where they plant a whole bunch of really lousy links to other websites to try to take them down, and you’re just the unwitting host of this.

So, here’s how we go about checking a site, and before I do that I’m going to show you this article here and I’ll put a link to this article. It’s a pretty good one, “11 Awesome Tools for Website Malware Scanning.” So I went through there, and I actually saw some tools that I didn’t know about before. They’ve got a list of some. Now, many of these tools are ones you have to install on the backend of your site. What we’re going to focus on today, with the exception of Google Search Console, we’re going to show you tools where you don’t have to have login privileges in order to check out a site.

So, if you do have, when it comes to your own site that you own, probably the first place you’re going to go is to Google Search Console. Now, if you’re not familiar with Google Search Console, you need to change that, and we’ve got some videos that show you how to get set up with it.

When you’re within Google Search Console, on the left you’ll see that there’s a choice called Security Issues, and when we click on that, if Google has picked up on any malware, any malicious code on your site, they’re going to give you a notification here. So typically, they’ll push a notification to you if you have your email entered into Google Search Console, but as a matter of course for sites that we maintain, we make it a practice to check this at least once a month, make sure that Google hasn’t picked up on something that we’ve missed. However, this is a cursory check. It doesn’t catch a lot of stuff. I have had it catch security breaches before, but I don’t think it always does that.

The security issues screen in Google Search Console

Now, some of the checkers that are listed on that page that I showed you are not that great at catching code, so what I did is I decided to go to a website that I know has malware infection because I’ve been following this website for years because they’re a host for what we call negative SEO and have actually been used to launch attacks on at least one of my clients. So, I’m going to go to this website, and here it is. It’s called coopercomputers.com. It’s still up and online. You can see that it’s like an abandoned site. If you dig down into this domain, you’ll see pages like this where basically the pages have been hacked, and then all sorts of images have been placed. And if you dig down into the code, you can find all sorts of shady stuff going on. So, I decided to take this and do a little test on some of the malware checkers that are listed in the article I showed you.

The first one that I went to is this one here called virustotal.com. I ran that site through it, came back pretty clean. This is basically a meta check, so it goes and it goes through a lot of different checks. Notice it shows Quttera’s listing this as suspicious. Quttera is another one of the sites that we’re going to take a look at.

Web Inspector, another one here we go to, and boy, it looks like it’s pretty clean so far. And then I’ve gone to Rescan.Pro, which is another resource. We’ve scanned the site and once again, looking good. Alright. Now we’re going to go to the site that we always use when we do a check like this on a client’s website or on a prospect that we’re looking, for example, for a link partnership arrangement. We’re going to go to Sucuri, and a lot of developers know Sucuri. They really know their stuff pretty well. Plugged in the website. Notice, not so clean. “Warning: malware detected. Critical Security Risk. Known Spam detected. Your site is hacked and needs immediate attention. Malicious code was detected on your site.” Notice down here, “Malware detected by the scan and injected spam detected.” So, obviously this site is not as clean as some of these tools would have made it out to be.

picture of results page of check on coopercomputers

Our Go-To Web-Hosted Site Check Is Sucuri

Now, I have plugged this same homepage of this site into Sucuri, and it’s come back clean, even with this tool. As a matter of fact, just last week I was doing a demo where I plugged this computer in. Sucuri came back and said that the homepage was clean, so I had to go and put an internal page into the checker in order to discover the code. The moral of that is when you’re doing a check on your site, don’t stop at the homepage. Pick a couple of internal pages and run them through a couple of different checkers.

Now here, Google has their own what they call a Safe Browsing Report. Notice Cooper Computers came back clean with Google’s own report. But, Sucuri is not the only one. There is Quttera. Remember they were mentioned. It says, “Potentially suspicious content detected on this website.” And you scroll down here and it’ll tell you that it has potentially malicious files that it found on this site.

Also, Siteguarding here, another tool, actually gave me an extremely good readout on this site although it’s a little bit on the technical side. It says, “The website is infected.” Now, this is the one that was probably the most surprising to me because they actually identified the infection as “Spam SEO Linking Anomaly,” which goes along with the negative SEO. That’s a subject for another time, but basically the bottom line is they were able to pick up on the infection at Siteguarding. I think I have one more example here. Nope. No more examples.

So, there we’ve just walked through a few tools. I would say if you’re in doubt, I would typically recommend Sucuri as my first bet go-to site. But as I’ve shown you, these tools are not entirely perfect, and they don’t claim to be. There’s only so much that a tool can do running a scan, but this will give you a good start in checking whether your website is infected.

So, I hope this has been useful to you. Let me know if you have any comments, suggestions for this video or for any others, and definitely subscribe with the big red button. Next to it there’s a little bell icon. Make sure you click on that too because that’s the only way you’ll actually get notifications pushed to you from Google.

I also drop a few more resources and links down in the description, so be sure that you click on the ‘Show More’ button underneath the description to see everything that’s available with this video. And definitely come back and check out our other videos when you have a minute. I’ll see you next time.