Are you making these 5 BIG website mistakes?

When it comes to making sure your brand’s website is up to date, there can be a lot to keep up with in the ever-changing digital world. In the past five years, we’ve seen the world of web design and development evolve in a very unique way. Ten years ago, we saw major changes in what users SAW on the web, with major jumps on the design and mobile/responsive front. Now, the pace at which design trends move has slowed, and much of the evolution in the digital world is happening behind the scenes. These “invisible” technical and regulatory changes can be easily missed if you’re not paying attention and can cause MAJOR headaches for brands.

Here are a few top mistakes to avoid when it comes to the care and keeping of your website.

Jump to: Regulations | SEO Security | Expecting the Unexpected | I lost my website!

1. Ignoring new regulations that may affect your site and user base

The regulatory environment for websites is always changing, particularly in the context of privacy. Gone are the days when having a simple privacy policy on your website “Cs your A”. It’s important to stay apprised of these changes and plan accordingly; the good news is that as regulations roll out, companies are usually given an ample amount of time to comply.

Here are two examples of policies that have been recently enacted and changed best practices for a number of things on new and existing websites.



What is GDPR?

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment (Source: Wikipedia).

Do I need to care about it?

Do you do business in the EU? Do you have customers (or site visitors) in the EU? Keep in mind, the regulation covers the processing of personal data of individuals who are located in Europe and applies to any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of data subjects inside Europe.

google analytics location

GDPR and your website:

So how do I make sure my site complies? There are some simple steps you can take, starting with making sure your privacy policy is up to date.

When these changes rolled out in 2018, we created a Privacy Policy based on industry best practices that outline the rights that EU residents receive under GDPR and how our site aims to protect those rights. Here is a link to our website’s Privacy Policy:

We also added an ‘opt-in’ checkbox on the forms we have on our site that requires users to acknowledge our privacy policy. You can take a look at the opt-in here:

Additionally, if your site is built in WordPress like ours, it’s very easy to access and/or purge user data if requested by leveraging the Export Personal Data and Erase Personal Data features. Many WordPress plugins have also made a move to ensure they are GDPR compliant, such as Gravity Forms, which introduced a Consent field to their advanced field types.



What is CCPA?

The California Consumer Protection Act, enacted in 2018 and enforceable beginning July 2020, allows any California consumer to demand to see all information a company has saved on them, as well as a full list of all the third parties that data is shared with. Consumers can also sue companies if the privacy guidelines are violated, even if there is no breach.

Do I need to care about it?

The CCPA applies to any for-profit business that collects consumers’ personal data, which does business in California, and satisfies at least one of the following:

  • Has annual gross revenues in excess of $25 million
  • Buys or sells the personal information of 50,000 or more consumers or households
  • Earns more than half of its annual revenue from selling consumers’ personal information

Companies don’t have to be based in California or have a physical presence there to fall under the law. They don’t even have to be based in the United States.

As with any company policy or regulation change, we recommend checking with your compliance officer or counsel on the best protocol for your website and company, but I hope you find these considerations helpful!

CCPA and your website:

So how do I make sure my site complies? Most required website updates are technical in nature, not aesthetic. To ensure compliance, web designers should focus on the following:

  • Privacy policy – Updating privacy policy to include a reference to CCPA, as well as contact information and information about sharing and selling data, with a special concern for minors
  • Cookie notifications
  • Opt-In/Opt-Out options – Include Opt-Out options wherever data is collected
  • A “Do Not Sell My Personal Information” link – Prominently placed on the homepage
  • Additional internal procedures and processes:
    • Backend procedures – Develop a process to verify the identities of anyone requesting user data
    • Updates – Develop a notification system to alert users of any privacy policy changes or data breaches 

2. Ignoring basic SEO best practices

Phone with the web page extending beyond the phone.

The internet is FILLED with SEO tips; you could spend a lifetime reading “top 10 mistakes” lists about SEO. Oh hey there, 15 million results!

So we’ll focus on the basics here; the lowest of the low-hanging fruit. At Jackrabbit, we enable clients to meet their organic search goals by implementing tools of the trade and teaching basic best practices. Here is some of the easy stuff you should think about:

  • Don’t ignore your page title tags and meta descriptions when adding content to your site; they should be descriptive and include the keywords you want that page to rank for.
  • Don’t ignore mobile! Even if you feel confident that your user base is not predominantly mobile users, Google looks at the mobile content of a page to determine how it ranks. A handy tool here:
  • Don’t ignore your images! Google looks at them too, and it relies on good image titles and descriptions to relay what the image is and how it relates to your content. And while we’re on the subject, make sure you’re optimizing your images. Large, unoptimized images can bog down site speed, yet another factor Google takes into account when ranking.
  • DO claim your Google My Business listing; GMB listings are another place where users can interact with your brand online, and subsequent engagement with your listing can help to boost you in the SERP.

3. Allowing your WordPress Core to get out of date

While WordPress can be a very secure platform for your website, ensuring that does require some upkeep. One of the easiest ways for your site to become vulnerable is to allow your WordPress core to get out of date. WordPress regularly rolls out version updates, in addition to features and functionality, and one of the main things addressed in these updates is addressing vulnerabilities.

For the last few years, we’ve been hosting all sites we design and develop with WPEngine. A key benefit of this service is that it eliminates this very problem; as a managed WordPress host, the service keeps your core updated as part of your package.

Not on WPEngine? Your core updates will be a bit more manual, below is a screenshot of where you can find out if your core is up to date or requires updating. While updating the WordPress core can be a one-click task, we recommend ensuring that you always have a site backup in place before making any updates to the WordPress core or plugins. Your agency or in-house developer can assist with setting up a backup service and executing updates.

4. NOT being prepared for the unexpected

When we are working on information architecture for a new site, we try and think through scenarios that could arise in the future that may impact the website and require related content. But as it’s said, you don’t know what you don’t know.

Because of that, as a standard for businesses and brands with physical locations, think schools and restaurants, plan for alert bars or pop-ups that can be turned on when urgent information needs to be communicated to site visitors in a visually-prominent way. These can be a handy tools to communicate closures, system maintenance, critical policies, changes in hours, and more.

Given the state of the world, we’ll be planning to implement these across all future sites we build, regardless of sector, as the COVID-19 pandemic has shown us the broader need to plan for the unexpected.

5. I lost my website!

Coffee spilled onto a keyboard with sticky notes scattered

This might sound silly, but we see it all. the. time. We often need to gather information about current hosting, domain registrars, and DNS records, and we frequently hear from clients that are not sure what services these are even held with, never mind how to access them!

Luckily this is all solvable, albeit labor-intensive… dig through MX Toolbox to find information about where accounts are held, reach out to services to try and regain access to accounts, provide documentation and details to be allowed access…and voila! 3 months later you have your access back!

The good news is this is also avoidable! The #1 tip we have for making sure you don’t lose your website is the use of a generic email address (such as [email protected]), rather than person-specific (such as [email protected]), email addresses for accounts. At the very least, discuss and establish what person or role is the keeper of this information.

Here are the things you should know about your website:

  1. Where is it hosted?
    • Common hosting companies include WPEngine and Media Temple.
    • Who is listed as the account owner (the owner of that account/ responsible for billing, renewals, and technical updates)?
  2. Where is your domain registered?
    • Common registrars included GoDaddy and Network Solutions.
    • Who is listed as the account owner (the owner of that account/ responsible for billing, renewals, and technical updates)?
    • TIP: be sure your account is set up to auto-renew your domain registration; letting your domain name lapse can cause MAJOR headaches including website downtime or loss of your branded domain and subsequent SEO issues.
    • Are your DNS records in the same place as your domain registration?
  3. Do you have an SSL certificate and if so, where is it registered?
    • Some SSL certificates automatically renew and are very hands-off while others need to be renewed manually.
  4. Any other connected accounts? Common examples include:
    • Google Analytics/Search Console
    • Content Management System i.e. WordPress, Drupal, Expression Engine
    • HubSpot

Check back on our blog for more news and tips from the Rabbits!

Continue the Conversation