Branding – Incorporate memorable elements of your brand into your Web site, such as your logo and company color scheme. Make your logo prominent on your home page and put it on all subsequent pages to promote your brand.

Home page – Visitors should be able to tell immediately what your site is about. Any call to action such as “Buy Now” sould be visually prominent on the page.

Navigation – Put some real thought into site layout, so customers can navigate it easily. Make sure all important sections are prominently listed. Link as many pages as you can into the main navigation bar, instead of having subpages from pages.

Content – If your primary business is offline, just present enough clear, concise information to get customers to call or email. If you sell your products or services online, provide complete information to give customers the confidence to click and buy. Don’t put too much content on any one page, as Internet readers don’t like to scroll down.

Refresh content – Changing content draws customers back. One easy way to renew your content without a lot of code changes is by starting a blog.

SEO – Always bear search engine optimization (SEO) in mind as you design. Photos and splashy graphics may look nice, but likely won’t be read by search engines. One fix: have a text link that says “View portfolio” instead of a graphical button. The text will be more easily read by search engines.

Colors – Use complementary colors that make your text easily readable. Clashing colors such as red text on a blue background make text too hard to read and turn off visitors.

Be accessible – Make sure your contact information or a prominent link to it is at the top or bottom of every page of your site.

Sound good – Music that starts playing automatically when your site loads is an automatic turnoff for many visitors. If you have sound, make sure it’s pleasant and easily disabled.

External links – Links that take visitors away from your site should always load in a new window. Make sure your site stays in front of the customer, even as you provide them with additional resources.


There is a nice technique to reduce the amount of calls your browsers has to make to the server. This will be every image, every css and every JavaScript file included in the webpage. Each time you want to load in one of these elements you will be sending a request to the server which will return the requested object known as a HTTP request.
Reduce Page Loading Time With PHP

Each one of these uses up time on your page loading, so to reduce page load all you have to do is reduce the amount of calls being made. But what if you want to organise you JavaScript files, jquery file, general file, application file and page file. There could be upto 4 requests for some javascript for the page.

It is possible in PHP to combine these JavaScript files together and trick the browser into thinking they are just one JavaScript file, therefore reducing the amount of calls being made to the server. This is done by reading the JavaScript with PHP then changing the header to JavaScript like the example below.

Create a PHP file and use the readfile function to bring in your Javascript files then change the header to Javascript and the server will treat this page as Javascript.





header(‘Content-type: text/javascript’);

This technique can be used for css files too.. [thanks to paulund]

Are you a web designer or do you run a website? Good, because this article is for you. If you’re designing websites for a living or running your business online, there are 18 tips in this article that you should definitely read and remember.

You can have the best visual design skills on the planet, but if you build a website that works like crap and doesn’t allow the visitor to feel comfortable going from item to item and page to page, you are missing the very core of a good website design. So in today’s article I’m going to go over some of the dos and don’ts of usability on the web.

Do utilize a grid for your website structure

Before you get upset and start screaming that a grid is a box for creativity, I’m not saying to ensure your entire site is boxed in. What I do want you to understand though about a grid is that it helps structure your site and keep the eye flow going for your visitor, which is key. Once you’ve got the main structure down and it’s clean – create the funky stuff you do to go around it all and incorporate everything into a killer design, but don’t forget the grid.

Do Not forget your search form

A lot of people will go to your site and immediately look for a search box. It’s just instinctive I guess. So, if you don’t have one, guess what happens – they leave. They’re not going to feel comfortable on a site where they don’t feel in control. The ideal spot for a search bar is somewhere towards the top of the page on the right hand side as this is where users are used to it being displayed.

Do make your navigation easy to find & readable

If you’re designing a site and your navigation is supposed to take your visitor from point A to point B, why the hell would you place it in a weird spot or use images that do not generally showcase the type of links they are (ie: a house for the home page is ok, but a circle with a lightning bolt inside of it for services isn’t). Try keeping the navigation easy to read, right at the top of the site so the visitor can easily navigate through your site.

Do Not make your “contact” link in your navigation bar a mailto: link

A lot of people (myself included) will hover over a link and see what the bottom of our browser screen says before we click on it, especially the contact link since some people think it’s a bright idea to link this directly to your email address, causing an email program to open up. This is not a good UX practice. Create a contact page, put your email address on it and also add a contact form – your user will thank you – and will actually email you more often.

Do utilize UX Apps as much as possible for web tests

Keeping track of the various forms of data from your website is something you should definitely get a grasp on if you haven’t already. Google analytics is perfect for seeing where your visitors are coming from, what pages they’re going to and how long they’re on your site. A UX app like Crazy Egg is perfect for learning where your visitors are clicking and seeing what parts of your site are getting the most attention. You can also use a site like Feedback Army to test how users see and use your site. Learning these types of stats for your site can ensure you’re utilizing space as well as possible and making sure that you’ve got the important stuff where it needs to be.

Do Not flood your website’s sidebar with tons of widgets

O.K. We get that you’re running a blog and there are a million widgets you can use on it – but you don’t actually need to use them all. Think of it like a bedroom. If there’s clutter everywhere and it’s not clean, that special someone you brought home might not want to stay – so tidy up and keep things organized. Your readers don’t (in most cases) need to see your google friend’s, mybloglog friends, friendfeed friends and the various other social profiles you’re a part of, so leave them alone and stick to the things that matter most for the user experience on your site.

Do make sure that your website displays well on various browsers

We all know that IE6 is dead and no one is complaining about that, but do not forget that there is still a lot of users on IE7, IE8, Opera, Safari, Firefox, Chrome, ect. Just because your website looks good on one or two of them doesn’t mean the visitor using another browser will like that your site isn’t displaying properly. Take a couple hours, dig into the code and make sure it all works across the various browsers.

Do Not make your visitor jump through hoops to fill out a form

Your contact form shouldn’t be a mile long and neither should a sign up form. Keep things simple. The chances that people will turn away when they’re faced with a 20 part sign up form is far greater than if they were staring at three simple questions (name, email, comments).

Do ensure your various pages are consistent in structure

Unless you’re a design blog and you’re structuring/designing every one of your posts different like (insert names here), you need to remember that people want familiarity when they’re viewing your site. If they feel like they’re somewhere different when they load a new page up, they’re going to click the back button – and fast.

Do Not forget a print stylesheet for those who want to print your content

This is especially true for blogs/content sites. If your reader wants to print off content (trust me, many still do, especially older visitors), you shouldn’t require them to print off your entire design, plus all of the comments and advertisements across the page. That’s unnecessary clutter. If you look at the print preview on this post about why better blogging equals better business for freelancers, you’ll see a clean page, black and white, no images, no comments, no sidebar. The content is what matters for printing, so make sure it stands out.

Do make sure your content is easy to scan and follow along with

In general, people have short attention spans. So, by utilizing section titles (h2, h3 or h4 tags) to split your article up, you allow the visitor to scan the article quickly and see if it’s something they’re looking to read and if they’ll be able to get anything out of it. When you’re writing your content, you should also be aware of the size of each paragraph as users will tend to get tired of scanning 20+ lines in a paragraph. Things are much easier to read when split up into 5-10 lines (at most).

Do Not cram more into a space than what can fit comfortably

Minimalism. We love it here at Spyre Studios and I know readers here do as well. That’s why this tip is so important to all of us – crowding things into a small space and not allowing the users eye to focus on the important stuff is counter productive. Yes, you’ve got a ton of information above the fold, but why would you worry about the fold so much? Paddy Donnelly already debunked the life below 600px, so allow your design and content to breath. Your users will thank you.

Do make sure to include breadcrumbs in your design

Breadcrumbs are useful in giving your visitor control over where they’re at and what they’re going to do next. If they’re on a sub page of your about page, your breadcrumbs will look something like this (Home > About > Sub Page Title). This tells the user exactly what page they’re on and how to go back various levels if they’d like to.

Do Not forget to utilize color and contrast to shift focus

If you use a heading and then a sub heading for sections of your site, try various shades of color to allow the visitor to notice the important stuff first (ie: #464646 for the title and #c1c1c1 for the subtitle). These shifts in color and contrast will dictate what your user sees next, ultimately bringing them into a space where you want them to be (a sign up page, a contact form, a subscription page, ect).

Do check for broken links and images

Checking for broken links and images in your older articles is great because you may have visitors coming to your page from a search engine and if there are broken links, they’re going to assume one of two things: 1, you’re an old site that isn’t being updated anymore or 2. you’re not keeping up to date on the value of your site, so they’re going to go elsewhere. If you’re a wordpress user, there’s a plugin that is amazing for this: Broken Link Checker. You can also head over to iwebtool and use their free broken link checker (5 requests per hour is the limit).

Do Not neglect your footer and the power it has

So, you’re on a website and you scroll through everything and get to the bottom of the page only to find a bland, single line of text telling you that there’s a copyright on the site. Boring. Why not spruce your footer up a bit, add some extra content into it like popular articles, a search box, a newsletter subscription, ect. If you’d like to find some ideas on how to design a killer footer for your site, you should check out Footer Fetish, not to be confused with the other foot fetish.

Do use wireframing in your design process

Drawing out wireframes for your site on paper (or in simple box shapes in photoshop) can really help you visualize what’s the most important aspect of the page and how you can use it as a central focus point. By doing this, you’re also able to experiment with various layout options without having to break up a killer design you may have been creating already. For wireframe inspiration, I check out the I love Wireframes group on flickr – it’s full of amazing wireframe drawings.

Do Not write for search engines – write for your readers

Last, but not least is the tip that you should be writing for your readers, not search engines. Keyword stuffing may have worked in the past (and may still today), but if you have an actual reader come across your page, only to find the word “designer” 100X times in 3 paragraphs, what do you think the odds are that they’re going to hit their back button and never step (virtual) foot on your page again? Yeah, the odds of that happening are extremely high.

A tip I’ve heard before is to read your content out loud and if it doesn’t sound like a natural flowing conversation you’d normally have, rewrite it until it does. People will read your content and expect it to sound like something a real person would say, so make sure it does sound that way.

original Content from =>  http://spyrestudios.com/dos-and-donts-of-usability/

12 htaccess Tips

1. Redirect to a secure https connection

If you want to redirect your entire site to a secure https connection, use the following:

  1. RewriteEngine On
  2. RewriteCond %{HTTPS} !on
  3. RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} Continue Reading »

Building traffic to your website is not an easy task. “If you build it, they will come” concepts work only for movies and it does not work with your website. A well designed website is just the first step in your internet business venture. Driving traffic to your website takes Knowledge, proper planning, time and great effort. I write this post believing that these tips will help you reach the right people to achieve online business success.

It is imperative to determine your online business objectives or goals before you plan the online strategy and definitely before you even write the first line of code for your website. Know your objectives and build your website around them, it will ensure satisfaction at the end of the day.

Presenting your website message carefully is yet another important factor for any successful website. The visitors to your website need to know and understand your message instantly from the very first page that is your home page. If not they will bounce back to another website most probably your competitor. Keep an eye on your website load time. The visitor to your site may not have time to wait till it loads the first page of your website. Imagine if your home page loads very slowly and the face of an impatient visitor. A good visitor will definitely tell 100 friends about your website, while an unsatisfied visitor will tell 1000 people about your website.

Use your competitor site to the maximum and take advantage of it. They might have brainstormed 1000 ideas and stands strong as a competitor. Learn what they are doing, what do you feel your website lack, ask yourself. Visit your niche related sites and the sites that are listed on hot sites pages. In the coming posts I will discuss about studying the competitor website in a Search Engine point of view. It is the key techniques we do to make our clients stand strong in any competition. Look at the design of your competitor website and learn the do’s and don’ts of the niche website marketing. See how the information is organized, feature provided, color, background etc.

Realize the potential of your domain name. Domain name plays an important role in internet marketing. Your internet domain is your exclusive web address, which you can purchase through several domain registrars.The domain name itself can add traffic to your website. There are certain points you need to remember when buying a domain name. We will discuss that in the coming posts. The above given are some quick tips you need to revisit when you plan to create your online identity.

1. Unvalidated Parameters

Most importantly, turn off register_globals. This configuration setting defaults to off in PHP 4.2.0 and later. Access values from URLs, forms, and cookies through the superglobal arrays $_GET, $_POST, and $_COOKIE.

Before you use values from the superglobal arrays, validate them to make sure they don’t contain unexpected input. If you know what type of value you are expecting, make sure what you’ve got conforms to an expected format. For example, if you’re expecting a US ZIP Code, make sure your value is either five digits or five digits, a hyphen, and four more digits (ZIP+4). Often, regular expressions are the easiest way to validate data:

if (preg_match('/^\d{5}(-\d{4})?$/',$_GET['zip'])) {
    $zip = $_GET['zip'];
} else {
    die('Invalid ZIP Code format.');

If you’re expecting to receive data in a cookie or a hidden form field that you’ve previously sent to a client, make sure it hasn’t been tampered with by sending a hash of the data and a secret word along with the data. Put the hash in a hidden form field (or in the cookie) along with the data. When you receive the data and the hash, re-hash the data and make sure the new hash matches the old one:

// sending the cookie
$secret_word = 'gargamel';
$id = 123745323;
$hash = md5($secret_word.$id);

// receiving and verifying the cookie
list($cookie_id,$cookie_hash) = explode('-',$_COOKIE['id']);
if (md5($secret_word.$cookie_id) == $cookie_hash) {
    $id = $cookie_id;
} else {
    die('Invalid cookie.');

If a user has changed the ID value in the cookie, the hashes won’t match. The success of this method obviously depends on keeping $secret_word secret, so put it in a file that can’t be read by just anybody and change it periodically. (But remember, when you change it, old hashes that might be lying around in cookies will no longer be valid.)

See Also:

  • PHP Manual: Using Register Globals
  • PHP Cookbook: Recipe 9.7 (”Securing PHP’s Form Processing”), Recipe 14.3 (”Verifying Data with Hashes”)

2. Broken Access Control

Instead of rolling your own access control solution, use PEAR modules. Auth does cookie-based authentication for you and Auth_HTTP does browser-based authentication.

See Also:

3. Broken Account and Session Management

Use PHP’s built-in session management functions for secure, standardized session management. However, be careful how your server is configured to store session information. For example, if session contents are stored as world-readable files in /tmp, then any user that logs into the server can see the contents of all the sessions. Store the sessions in a database or in a part of the file system that only trusted users can access.

To prevent network sniffers from scooping up session IDs, session-specific traffic should be sent over SSL. You don’t need to do anything special to PHP when you’re using an SSL connection, but you do need to specially configure your webserver.

See Also:

  • PHP Manual: Session handling functions
  • PHP Cookbook: Recipe 8.5 (”Using Session Tracking”), Recipe 8.6 (”Storing Sessions in a Database”)

4. Cross-Site Scripting (XSS) Flaws

Never display any information coming from outside your program without filtering it first. Filter variables before including them in hidden form fields, in query strings, or just plain page output.

PHP gives you plenty of tools to filter untrusted data:

  • htmlspecialchars() turns & > " < into their HTML-entity equivalents and can also convert single quotes by passing ENT_QUOTES as a second argument.
  • strtr() filters any characters you’d like. Pass strtr() an array of characters and their replacements. To change ( and ) into their entity equivalents, which is recommended to prevent XSS attacks, do:
    $safer = strtr($untrusted, array('(' => '(', ')' => ')'));
  • strip_tags() removes HTML and PHP tags from a string.
  • utf8_decode() converts the ISO-8859-1 characters in a string encoded with the Unicode UTF-8 encoding to single-byte ASCII characters. Sometimes cross-site scripting attackers attempt to hide their attacks in Unicode encoding. You can use utf8_decode() to peel off that encoding.

See Also:

5. Buffer Overflows

You can’t allocate memory at runtime in PHP and their are no pointers like in C so your PHP code, however sloppy it may be, won’t have any buffer overflows. What you do have to watch out for, however, are buffer overflows in PHP itself (and its extensions.) Subscribe to the php-announce mailing list to keep abreast of patches and new releases.

See Also:

6. Command Injection Flaws

Cross-site scripting flaws happen when you display unfiltered, unescaped malicious content to a user’s browser. Command injection flaws happen when you pass unfiltered, unescaped malicious commands to an external process or database. To prevent command injection flaws, in addition to validating input, always escape user input before passing it to an external process or database.

If you’re passing user input to a shell (via a command like exec(), system(), or the backtick operator), first, ask yourself if you really need to. Most file operations can be performed with native PHP functions. If you absolutely, positively need to run an external program whose name or arguments come from untrusted input, escape program names with escapeshellcmd() and arguments with escapeshellarg().

Before executing an external program or opening an external file, you should also canonicalize its pathname with realpath(). This expands all symbolic links, translates . (current directory) .. (parent directory), and removes duplicate directory separators. Once a pathname is canonicalized you can test it to make sure it meets certain criteria, like being beneath the web server document root or in a user’s home directory.

If you’re passing user input to a SQL query, escape the input with addslashes() before putting it into the query. If you’re using MySQL, escape strings with mysql_real_escape_string() (or mysql_escape_string() for PHP versions before 4.3.0). If you’re using the PEAR DB database abstraction layer, you can use the DB::quote() method or use a query placeholder like ?, which automatically escapes the value that replaces the placeholder.

See Also:

7. Error Handling Problems

If users (and attackers) can see the raw error messages returned from PHP, your database, or external programs, they can make educated guesses about how your system is organized and what software you use. These educated guesses make it easier for attackers to break into your system. Error messages shouldn’t contain any descriptive system information. Tell PHP to put error messages in your server’s error log instead of displaying them to a user with these configuration directives:

log_errors = On
display_errors = Off

See Also:

8. Insecure Use of Cryptography

The mcrypt extension provides a standardized interface to many popular cryptographic algorithms. Use mcrypt instead of rolling your own encryption scheme. Also, be careful about where (if anywhere) you store encryption keys. The strongest algorithm in the world is pointless if an attacker can easily obtain a key for decryption. If you need to store keys at all, store them apart from encrypted data. Better yet, don’t store the keys and prompt users to enter them when something needs to be decrypted. (Of course, if you’re prompting a user over the web for sensitive information like an encryption key, that prompt and the user’s reply should be passed over SSL.)

See Also:

9. Remote Administration Flaws

When possible, run remote administration tools over an SSL connection to prevent sniffing of passwords and content. If you’ve installed third-party software that has a remote administration component, change the default administrative user names and passwords. Change the default administrative URL as well, if possible. Running administrative tools on a different web server than the public web server that the administrative tool administrates can be a good idea as well.

10. Web and Application Server Misconfiguration

Keep on top of PHP patches and security problems by subscribing to the php-announce mailing list. Stay away from the automatic PHP source display handler (AddType application/x-httpd-php-source .phps), since it lets attackers look at your code. Of the two sample php.ini files distributed with PHP ( php.ini-dist and php.ini-recommended), use php.ini-recommended as a base for your site configuration.

Most of the time when we pitch to a new client we are asked for SEO guarantees. “Your competition has guaranteed top results and submission to 100,000 Search Engines and Directories”. We go all out educating clients that Search Engine Optimization is all about smart work and not just adding random keywords and submittíng to every directory possible. I’m writing this article to reach out to the SEO buyers and help them distinguish the crooks from the genuine SEO cos. I’ve compiled my Search marketing experience over the years in this article. I hope this helps you in selecting your Search Marketing initiative.

Commandment 1: There are No Rank Guarantees. (Period)

Search Engines alone control their indexing and ranking algorithm. Do not try to trick Search Engines. The only way to improve your search engine rank is by playing by the rules. And the rule is very simple: make it logical. Web content is primarily for the site visitor and not crawlers.

If your Search Engine Optimizer sold you magic “Top rank on Google in 10 days flat”. Forget it. There are no short cuts. Top ranking in Search Engine Natural Results will take time. Hard work is imperative especially in developing the content on your website and the links to your site.

Commandment 2: Ranking is Not the End, It’s the Means.

Ask yourself what will a top search engine rank get you? Most businesses are interested in increasing sales on a website or at the least driving qualified traffic. Ranking for the right keywords (keywords used by your target audience) is important. There are SEOs who will try to show case results for keywords that occur only on your website. Beware such gimmicks.

Commandment 3: Know Your Competition.

“Rank” is relative position and more so in the Search Engines’ natural results. How well you do in the search engine results is a function of how much hard work you have done in relation to your competition. Analyze your competition’s keywords, links, keyword density and spread, but be sure not to copy your competition.

Commandment 4: Use Search Engine Friendly Design.

A search and visitor friendly design is a must for any successful website. Your website should be compelling enough for repeat visits by search engines and potential customers. Make sure you have search engine friendly URLs and avoid those long URLs with query strings.

Commandment 5: Select Keywords that are Worthy.

You must research your keywords before targeting. There are tools that give you a good idea of a keyword’s search potential for example. It is important to know the number of searches for a keyword in the last month, last 6 months and last year. You should also find out the number of web pages that are targeting the keyword. It is advisable to start a campaign with keywords with moderate competition and a high number of searches.

Commandment 6: Write Great Content.

Even if your website site is technically perfect for search engine robots, it won’t do you any good unless you also fill it with great content. Great means it has contextual and editorial value. Great content brings repeat visits and increases the chance of conversion. Great content is factual and appeals to your target audience. Your web page should have your desired action embedded in the content and you must ensure that the content is fresh. Keep adding and editing content regularly.

Commandment 7: Use Good Hyper Linking Strategy.

Hyperlinks make your content accessible and contextual. You must hyperlink in the right context within the website and to other websites. Good links are appreciated by the Search Engines and by visitors. No one likes to be taken to a mall selling “Macintosh” when shopping for “apples”.

Commandment 8: Write Relevant and Original Meta Content.

Meta content is like a business card. Just as your business card tells who you are and what you do, Meta content tells the search engines the relevance and context of a web page. Resist the temptation to include everything in the Meta content, but make it detailed. Confused? The idea is to include only what is relevant to the page in the Meta Content but to include everything that is relevant.

Commandment 9: Acquire Relevant Links.

The links you acquire are the roads to your web page for search engine bots and visitors. Good links improve your webpage’s equity on the World Wide Web and bad links make a dent in your equity and credibility. Be selective in reciprocal linking. Both reciprocal and one way links work, if you are prudent in selecting the links. Submit your website to the relevant sections in relevant directories.

Commandment 10: Consult Experts, If You Need To.

If you have the competence, there are two ways to learn – learning from your mistakes and learning from others’ experience. You can choose either. If you have the time and can wait for the online dollars, do it yourself. If you want to get started now, it may be useful to consult the experts.