Posted on

The Ultimate Guide To Domain Name Security

Registering a new domain through WPMU DEV? This Domain Security Guide provides all the information you need to learn how to keep your domains safe, secure, and protected.

Keeping your online presence safe, secure, and protected from hackers, malicious software, and unforeseen events that can compromise your business is complex. Web security involves many areas, including web hosting security, website security, password security, the security of WordPress itself, and domain name security.

In this article, we cover all you need to know about securing your domain name. You will learn how to keep your domain name(s) safe, adding another layer of protection to the overall security of your business for greater peace of mind.

We’ll cover:

What Is Domain Hijacking?

Domain hijacking or domain theft, is taking wrongful control of a domain name from the rightful name holder.

Domain hijacking is usually associated with cybercrime. It involves the theft of a domain name via unauthorized access to the domain management account, or changing a domain’s name servers by illegally accessing the domain name system (DNS), also known as DNS hijacking.

Domain hijacking also takes place more often than you can imagine.

Verisign is a global provider of domain name registry services and internet infrastructure. They are not only the authorized registry for top-level domains (TLD) like .com, .net, .name, .cc, etc.,  but every quarter, they also review the state of the domain name industry and provide a brief highlighting important trends in domain name registrations.

According to Verisign’s Domain Name Industry Brief (DNIB), there are currently over 350 million registered domains around the world. Based on this figure and the number of domain transfer disputes and other claims related to domain hijacking handled by GoDaddy’s Domain Compliance and Advanced Support Team (DCAST) team, GoDaddy calculated that malicious cyber-criminals make around 170,000 attempts every year to steal domains from their registered name holder (RNH).

This means that every hour of every day, around 20 attempts are made to steal someone else’s domain name.

Domain hijacking attempts notice
According to GoDaddy, criminals attempt to steal domains 170,000 times every year.

Why is Domain Name Security Important?

Devices connect and communicate with each other on the web using unique IP addresses.

As an IP address is just a string of numbers (e.g. 2607:f8b0:4004:815::200e), it’s difficult for the human brain to remember these, so we map domain names to IP addresses to make finding sites easier.

For example, the string of numbers shown above is the IP address for Google’s website. It’s much easier to remember Google.com than to tell someone searching for answers online to “just 2607:f8b0:4004:815::200e it,” wouldn’t you agree?

This example also illustrates just why domain names are so important and necessary to protect. Domains not only represent your brand and your identity online, they are also the primary method the rest of the world has to communicate with your business online.

If someone takes over your domain, they not only control your online brand and identity, they also control all email addresses based on that domain, and can wreak absolute havoc with your website and your business.

As ICANN, the organization responsible for managing domain names worldwide puts it…

“Domain hijacking can have a lasting and material impact on a registrant. The registrant may lose an established online identity and be exposed to extortion by name speculators.

Domain hijacking can disrupt or severely impact the business and operations of a registrant, including (but not limited to) denial and theft of electronic mail services, unauthorized disclosure of information through phishing web sites and traffic inspection (eavesdropping), and damage to the registrant’s reputation and brand through web site defacement.”

Source: ICANN

Once a hijacker gains access to a domain’s account and its control panel, they can make account administrator and password changes, and redirect the domain to a new server (“DNS hijacking”), effectively gaining complete control of the domain.

If you want to read about the kind of hassles you can expect to deal with if your domain name gets hijacked, check out this insider account of the domain name hijacking of perl.com.

So, what can you do to protect your domain from being hijacked?

To answer this question properly, first let’s look at who is responsible for ensuring the various aspects of domain security.

Next, we’ll look at industry-wide domain name security recommendations and what you can do to keep your domain name(s) safe and secure.

Domain Name Security: Who Is Responsible For What?

Domain name security involves many players. These include:

  • ICANN (Internet Corporation for Assigned Names and Numbers). This is the global not-for-profit public-benefit corporation responsible for ensuring a stable, secure, and unified global Internet and the authority in charge of overseeing the infrastructure that allows any browser to connect to any domain on the internet anywhere in the world. ICANN also maintains the global database containing all of the world’s IP addresses and domain names, called the Domain Name System (DNS) and often referred to as the phonebook of the Internet, connecting web browsers with all websites.
  • Domain Registry – Every allowed top-level domain (TLD) – e.g. .com, .net, .store, .site, etc. is supervised by an organization officially appointed by ICANN. Domain registries, then, are the official organization responsible for managing all domains under that TLD.
  • Domain Registrar – An ICANN-accredited entity that makes the purchase and registration of domain names available to businesses and individuals. Essentially, they are domain name providers who can make adjustments to the domain name’s information in the database maintained by ICANN. A domain registrar can source and sell domains from different domain registries.
  • Domain Reseller – These are also domain name providers but not ICANN-accredited. Domain resellers are a distribution outlet for domain registrars. They pass on information to domain registrars, who then update ICANN’s global database.
  • Domain Registrant – These are the entities (companies, businesses, or individuals) who purchase and register domain names. It’s important to note that domain names cannot be owned, only leased.

See the chart below if you need help understanding how the domain name world is organized.

Domain hierarchy
Who’s who in the domain name zoo!

A report compiled by ICANN detailing incidents and threats of domain name hijacking found that domain name hijacking incidents often result from a combination of security failures that can involve all of the above parties.

These failures include:

  • Flaws in registration and related processes
  • Failure to comply with the transfer policy
  • Poor administration of domain names by registrars, resellers, and registrants

How Domains Get Hijacked

In the above-mentioned report, ICANN found that many security incidents leading to domain name hijacking occur when registrars and resellers fail to adhere to its transfer policy and their registrant identity verification processes are insufficient to detect and prevent fraud, misrepresentation, and impersonation of registrants.

ICANN, however, also plays a role in this. Its policy on transfer of registrations between registrars makes transfer contact email addresses an acceptable form of identity.

All a domain hijacker needs to hijack a domain is the domain name and an administrative contact’s email address.

Registrant email addresses and contact information are often accessible via the Whois service. This allows anyone with an email address matching the transfer contact email address to impersonate registrants.

From there, it’s not difficult for malicious users and attackers to apply their ill-gotten social engineering skills to target a domain. They can do this by gathering contact information using Whois services and by registering expired domains used by administrative contacts.

Given the above, it’s no wonder that so many domain hijacking attempts are made every year.

Consider just how simple it can be for a fraudster to obtain the information needed to impersonate an authorized account administrator and contact a domain registrar hoping to gain access to a domain’s control panel:

  • It can be an “inside job” if someone in the company has access to the owner’s account information.
  • It can come from security breaches and compromises such as hacking the owner’s device or email account, or from the theft of personal documents containing account information.
  • It can even be someone calling up the registrar with a made-up story feigning a dire need to gain immediate access to the account as a result of an “emergency.” For example, by pretending to be a family member or an employee of a business that has closed down or saying that the account owner has died and the business needs urgent access to the domain to continue trading.

Other contributing factors to the high incidence of domain hijacking attempts mentioned in ICANN’s report include:

Registrants allowing registration records to become stale

ICANN’s policy requires registrars to request registrants to update their records annually, but registrars have no obligation to take any action other than to notify registrants.

A lack of accurate registration records and Whois information in the transfer process makes a domain name vulnerable to attacks.

Domain resellers can become “invisible” to ICANN

ICANN and registries deal with domain registrars, but have no relationship with domain resellers.

While resellers can operate with the privileges of a registrar when registering domain names, it is the responsibility of the registrar to ensure that policies are enforced by resellers and that records of domain name transactions are accurately maintained.

This “gap” in the business relationship chain leading from registrants to ICANN has been identified as an area with potential opportunities for attackers to exploit.

Dispute mechanisms are not designed to resolve urgent issues

ICANN’s Inter-Registrar Transfer Policy is not designed to prevent incidents requiring immediate and coordinated technical assistance across registrars and has no provisions to resolve the urgent restoration of domain name registration information and DNS configuration.

Registrants also have a part to play

ICANN, registries, registrars, and resellers need to do everything in their power to ensure that domains remain secure and protected.

As we’ll explore later in this guide, however, registrants also have an important part to play in keeping their domains secure.

After all, as the saying goes, a chain is only as strong as its weakest link, and often domain name registrants become the weakest link by failing to take all the necessary precautions and then falling prey to social engineering tactics (e.g. phishing emails, domain spoofing, etc.) leading to identity theft or impersonation. Once this happens, hackers can easily hijack and take control of a domain name.

Domain Hijacking – Common Scenarios

Before we move on to what can be done to improve domain security, let’s look at some of the most common types of domain hijacking scenarios and then briefly discuss what to do if you experience any of the incidents described below:

Domain Name Transfer

Typically, when someone attacks your domain, they are usually aiming for one of two (or both) outcomes:

  1. Change your domain registration contact information to gain control of any domains registered under your account, or
  2. Modify the DNS settings so that your domain name’s resolution is handled by another server (this is called DNS hijacking and we cover it further below)

If the aim of the domain thieves is to maintain the name, they may update the registration data (WHOIS) linked to the domain name, change payment details, and then attempt to transfer the domain name to a new registrar so as to erase the history of their registration activity.

As mentioned earlier, once a hijacker gains access to your domain’s account and its control panel, they can take complete control of your domain by making account administrator and password changes, redirect the domain to a new server, and wreak havoc in your business.

In worse case scenarios, a hijacker can cause significant loss of revenue and damage to your brand.

This is exactly what happened to ShadesDaddy.com in 2015 when hackers took over their registrar account and transferred the domain to an account in China which sold counterfeit merchandise, causing the company to suffer great loss of traffic, revenue, and damage to their brand.

ShadesDaddy.com domain hijacking notice
The hijacking of ShadesDaddy.com illustrates what can happen when malicious users gain control of your domain name.

Domain Takeover

If a hijacker takes over a valuable domain name, they can sell it or extort the owner by holding them up for ransom.

Business Disruption

As was made clear in the hijacking of Perl.com article described earlier, if your domain account email contact details are tied into your domain and your domain is hijacked, all business communications over email are effectively hijacked too.

Domain hijackers can do anything from disabling and interfering with communication channels like your website and email to sending out fake emails, to completely blanketing out all business communications online.

DNS Hijacking

As explained in this article, if a hacker is able to modify the information in the DNS server, they can potentially send someone to an IP address that isn’t necessarily where they thought they were going.

There are many ways to do this, most of which involve taking control of the DNS server. This is called DNS hijacking or DNS poisoning.

With domain hijacking, hackers don’t need to change anything in the existing DNS server. They can simply change the domain information in the domain registration account (where all of the primary DNS information is input) and point to a domain server that they control.

Pharming

Pharming is when a hijacker takes control of your website and points it to a malicious site or posts offensive content on your site. This can cause serious damage to your reputation, as all traffic is directed to content that you have no control over.

Phishing

Domain hijackers can cause even wider damage when taking over your domain by using your website to collect valuable information from users such as credit cards, social security numbers, logins, etc. and engage in serious criminal activities that can impact the lives of many people.

What To Do If Your Domain Is Hijacked

Recovering a hijacked domain may take time and involve a lot of hassle and expense, but it is possible, so if it happens to you, don’t despair…take action!

In the previous section, we mention the hijacking of ShadesDaddy.com. Here is a first-hand account from the domain owner describing what it took to recover their domain.

As Pablo Palatnik, owner of ShadesDaddy.com states in the article, it’s important to understand the role that companies like ICANN and Verisign play in domain names.

We have covered ICANN quite a bit in this guide. If you are the victim of domain hijacking, ICANN recommends contacting their Security Team for guidance. They will then ask about the circumstances relating to the attack.

It’s also important to note, that as mentioned in the above article, Verisign is the only organization with the authority to transfer a domain name in the case of a hijack (with a court order or ICANN compliance notice).

As the article also points out, as soon as you become aware that your domain name may have been attacked, the first step is to alert and inform your domain registrar immediately and push them to take immediate action and start putting ICANN procedures like the Registrar Transfer Dispute Resolution Policy in place to communicate with the registrar that currently has your domain name.

Request that the transfer be revoked right away. Registrars usually apply a 60-day transfer lock to the transfer procedure, so if your domain has been transferred to an internal account with the same registrar, you have a better chance of recovering it.

Don’t wait too long, as the domain thief may attempt to move the domain name several times to cover their tracks and this will only complicate things and make recovering your domain more difficult.

Next, you should change all of your passwords to prevent the hacker from getting into your other accounts.

If you have a registered trademark, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a contract that all ICANN-accredited registrars must follow to handle disputes about domain name ownership. It permits quick banning of the domain, preventing its data from being modified or moved to another registrar, and also preventing internal transfers between registrar accounts.

Keep in mind, however, that the UDRP was primarily developed as a way to counter cybersquatting or trademark breaches, so if your domain name is not associated with a trademark, it may not be very helpful.

According to ICANN, documentation is key to recovering hijacked domain names.

Since it is crucially important that you be able to demonstrate to your sponsoring registrar that the registration or use of the domain is rightfully yours, ICANN provides a list of documentation you should maintain to create a “paper trail” should a dispute ensue over domain ownership with whoever is listed as the registrant in a hijacked domain name.

Some of the basic documentation you should be able to provide includes things like:

  • A domain history (copies of registration records that show you or your organization as the registrant, billing records, email receipts, web logs, archives, tax filings, etc.).
  • Financial transactions linking you to the hijacked domain name (e.g. credit cards or bank statements showing purchase details)
  • Correspondence from your registrar relating to the hijacked domain name (e.g. domain renewal notices, notices of DNS change, telephone call records, etc.)
  • Legal documents mentioning the domain name (e.g. a contract for the sale of a business listing the domain name as being included).

Some additional things you can do, according to Pablo Palatnik (who eventually did manage to get his domain name back) is to get an experienced lawyer, try to expedite things with a court order, and start making some noise about what happened to you (e.g. post about it on social media).

Reverse Domain Hijacking

One more thing to keep in mind is that if you own a valuable domain name, you may also become a victim of “reverse domain hijacking” (RDNH).

This is where a trademark owner attempts to obtain your domain name by initiating a domain name dispute and fraudulently claiming that you are cybersquatting (i.e. registering domain names that are identical or similar to trademarks, service marks, company names, or personal names in the hope of reselling them at a profit.)

Where domain name hijacking (which is also known as reverse cybersquatting) is usually associated with cybercrime, reverse domain hijacking is basically acting in “bad faith” to attempt to deprive a registered domain name holder of their domain name.

Now that we have seen just how damaging and serious domain hijacking can be, let’s take a look at what can be done to minimize and prevent the threat of incidents.

Domain Name Security Improvements And Recommendations

ICANN’s report not only points out factors that can result in domain hijacking incidents but it also offers registries and registrars various recommendations for improving domain security and helping to protect and safeguard registrants from having their domains hijacked.

These recommendations cover areas like:

Strengthening identity verification requirements in electronic correspondence

ICANN recommends raising all identify verification requirements to the same level as used when verifying by mail or in person.

Improving records

ICANN recommends investigating additional methods to improve the accuracy and integrity of registrant records.

Registrar-Lock and EPP authInfo implementations and best practices

A registrar-lock is a status code set on a domain name by the registrar to prevent unauthorized, unwanted or accidental changes to the domain name.

When set, the domain registry prohibits certain actions from taking place, such as modifying, transferring, or deleting the domain name, changing domain name contact details, etc.

The EPP authInfo code (also known as an Auth-Code, EPP code, authorization code, transfer code, or Auth-Info Code), is a generated passcode required to transfer a domain name between domain registrars and indicates that the domain name owner has authorized the transfer.

ICANN recommends that the same EPP authInfo code not be used for all domains by a registrar and that registries and registrars provide resellers and registrants with Best Common Practices describing appropriate use and assignment of EPP authInfo codes and risks of misuse when unique EPP codes are not used.

Improved communications

ICANN recommends investigating whether making pending transfer notices between registries and registrars to registrants mandatory instead of optional would reduce incidences of domain name hijacking.

Providing emergency channels and procedures

ICANN recommends that registrars should obtain emergency contact information from registrants and share emergency support staff contact information with other registrars, resellers, and registries to provide 24 x 7 access to registrar technical support staff in an emergency situation.

Additionally, ICANN recommends emergency procedures and policies to be defined by registrars for allowing registrants to obtain immediate intervention and restoration of their domain name registration information and DNS configuration.

Improving public awareness

ICANN recommends providing better education to registrants on areas like:

  • Threats of domain name hijacking and registrant impersonation and fraud.
  • Procedures for requesting intervention and obtaining immediate restoration of a domain name and DNS configuration.
  • Keeping registration information accurate.
  • Protection mechanisms like Registrar-Lock, EPP authInfo, etc.

Improving accountability

ICANN recommends investing stronger enforcement mechanisms for dealing with registrars that fail to comply with the transfer policy, and holding registrars more accountable when working with resellers.

Domain Name Security Best Practices: What You Can Do To Keep Your Domain Name Safe

Now that we have covered all that is being done and proposed by ICANN to improve domain security for registries, registrars, and resellers, let’s turn our attention to what domain name registrants can do to keep their domain names safe.

Choose a Reliable Domain Provider

Ideally, you want to purchase your domains from an accredited registrar or a reputable domain name reseller offering a secure DNS management panel and 24×7 technical support.

Having access to an online support team focused on protection and security is important, as they will be your first point of contact if you experience any issues with your domains and need immediate help or assistance.

Assign Your Domain Ownership To A Business Entity

Always register domains to a business or corporate entity. Avoid registering a domain name under an individual’s name. This ensures business continuity regardless of the individuals who may come and go from the business.

As an example, suppose your business manager registers a domain name under their own name and then leaves the company. Your business risks losing the domain, being disrupted, or if there are any issues involved, going through a lot of hassle to reclaim domain name ownership.

Lock Your Domain Name

Domain locking (Registrar Lock) provides extra protection to domain names by preventing the transfer of your domain to another registrar by unauthorised third parties.

Leaving a domain “unlocked” creates an opportunity for domain hijackers to try and transfer your domain name or redirect your domain’s name server without your permission, so lock your domain name through your domain name management system immediately after securing your domain registration.

Activate Domain Privacy

As mentioned earlier, all a domain hijacker needs to hijack a domain is the domain name and an administrative contact’s email address.

It’s critically important, then, to protect the email account associated with your registered domain. The best way to do this is to consider using private domain registration when registering your domain.

Private domain registration (also referred to as Domain Privacy, Domain Privacy & Protection, WHOIS Privacy, or WHOIS Privacy Protection) provides a simple and inexpensive way to hide your name, phone number, and email address from public viewing within the WHOIS database, ensuring online anonymity.

Whois search result - domain privacy active.
Domain privacy makes hijacking domains so much harder…Google it and you’ll see!

Note: Some domain registries do not allow domain privacy services.

For example, when registering .com.au domains or any other .au extensions, auDA‘s (the authorized .au name space overseer) notes in section 2.4, clause b) of its Registrant Contact Information Policy that:

“registrants must not do anything which may have the effect of concealing the true identity of the registrant or the registrant contact (eg. by using a private or proxy registration service)…”

Choose A Strong Password

In today’s world of rampant cybercriminal activity, we shouldn’t even be discussing password security anymore. Weak passwords, however, remain one of the top threats to data security, so don’t choose weak passwords for your registrar account. You will only be inviting trouble.

Choose a strong password instead so that guessing it becomes next to impossible. Follow basic password security recommendations: Generate a password that’s at least 8 characters long (the longer, the better), with at least one numeric value, one symbol and randomly selected letters.

Regularly Update Your Passwords

This is another basic but important area of password security. Despite all security advice, many businesses end up sharing passwords internally with team members, who may then share it with other team member. Over a period of time, having the information being shared around multiple times can present a real security threat, especially if people who are no longer with the company have access to it.

So, make sure to regularly change your domain registration account passwords. A good time to do this is when registrars send out requests to verify and update your contact details, as they are required to do per ICANN’s policy.

While still on the subject of password security…

Never Share Your Domain Registrar Login Details

The less people who have access to your domain registration account, the less chances of security breaches coming from inside the organization.

If possible, try to restrict access to your domain registrar login details only to those who absolutely need to know it.  And if they are no longer part of the organization, then change the login details immediately.

Register Your Domain Name For 10 Years

Choose the maximum registration period available. Many registrars allow you to secure your registration for up to ten years.

If you plan to be in business for a while, consider registering your domain for the next 10 years.

Turn On Auto-Renew

If you miss your domain name renewal reminder and forget to renew your domain name, you run the risk of having it expire and having someone else register it.

You can avoid losing your domain name by choosing maximum registration periods and turning on auto-renew.

Provide Backup Payment Details

If your domain name account allows more than one payment method to be input, then provide details for a second payment method.

This will minimize the risk of losing your domain name due to a failed domain renewal charge (e.g. an expired credit card).

Provide Backup Contact Information

If your domain name account allows you to provide backup contact information (including a backup contact email address), this helps to make it easier for authorized users to retrieve access to your domain name account if anything happens to the main contact email.

Which brings up another important point…

Use A Different Contact Email Address Than Your Registered Domain’s Email

As the domain hijacking case of Perl.com illustrates, if your registration account’s contact email address is tied to the same registered domain name, your entire organization could be “incommunicado” if your domain is hijacked (i.e. the hijackers will have complete control of your domain AND your email).

For this reason, it’s best to use a different email address than the one associated with the registered domain. Also, having a backup contact email address on the account helps.

Regularly Monitor Your Domain Name Status

One of ICANN’s recommended practices for registrants to protect their domains includes routinely monitoring domain name status and performing timely and accurate maintenance of the domain’s contact and authentication information.

Making proactively monitoring your domain name registration status a part of your regular business reviews will help you detect any issues sooner rather than later.

Additional Domain Security Tips

Here are some other options to explore to keep your domains and online presence secure:

Register Domain Name Variations

Scammers and hackers often look to register domain names similar to other known domains so they can impersonate the brand or trick unsuspecting users into providing confidential details like login details, banking information, etc.

Registering popular variations of your domain name not only protects your brand, it also creates an additional layer of protection against common hacking techniques like phishing or domain name typosquatting (a type of social engineering attack that targets internet users who incorrectly type a URL into their web browser and land on another registered domain name containing a typo, mispelled variant, alternative spelling, singular/plural variant, or a different domain extension. Typosquatting is also known as domain mimicry, URL hijacking, sting sites, or fake URLs).

Use Domain SSL Certificates

Adding an SSL Certificate to your domain prevents hackers from being able to “listen in” to encrypted connections between user’s devices and your website and steal sensitive data such as credit card numbers, bank login details, contact details, email addresses, etc.

Use Multi-Factor Authentication

Multi-factor authentication (MFA) is a security measure that requires at least two or more proofs of identification in order to grant users access.

A 2-step verification method like two-factor authentication (2FA) adds an extra layer of protection by making sure that only you can sign in to your account.

2FA - Google Authentication screen.
2FA adds another layer of security and protection to online accounts.

Use DNSSEC

Domain Name System Security Extensions (DNSSEC) is an advanced DNS feature that strengthens DNS authentication using cryptographic digital signatures and adds an extra layer of security to domains by attaching digital signature (DS) records to their DNS information to determine the authenticity of the source domain name.

When DNSSEC is enabled, DNS lookups use a digital signature to verify that the source of your site’s DNS is valid. If the digital signature doesn’t match, web browsers won’t display the site.

Although DNSSEC can improve domain security, protect your domains from potential cache poison attacks and DNS spoofing, and is useful if you have valuable data to protect, it is not automatically enabled as implementation often requires significant effort and expense and needs to be specifically enabled by network operators and domain name owners.

DNSSEC can also reduce site performance, make DNS more prone to failure, and some domain extensions (e.g. country code domains) don’t support it. Hence support and adoption of DNSSEC worldwide is currently slow.

Use A VPN

If you have the need to be extremely security-conscious about your site, you can use a Virtual Private Network (VPN) to access your domain name account and stave off hackers on the lookout for unsecure connections where they can siphon valuable data.

A VPN hides your public IP address and adds security and anonymity when connecting to web-based services and sites.

Don’t Let Your Security Guard Down

In addition to all of the above recommendations, it’s important to also use common sense and remain vigilant to scams, malware, and other attempts to trick you into giving up valuable details that could see your domain name account being hacked and hijacked.

Some basic precautions you can take include:

  • Don’t share logins, passwords, and email addresses. Especially not for administrative accounts.
  • Use SPAM filters. Yes, spammers have ways of getting around filters, but any suspected spam you can automatically send into a junk mail folder will provide at least a modicum more protection than not using any spam filters at all.
  • Never open attachments sent from unknown sources. Unfortunately, even family and friends can forward you emails with attachments containing viruses, so it’s important to be extra vigilant. If you are unsure about an attachment, check with the sender to make sure it’s legit.
  • Don’t click any links inside spam messages. Not even the “Unsubscribe” link. It not only makes you vulnerable to viruses and malware, it also confirms to spammers that your email address is active.

Make Your Domain Name Security A Priority

Hopefully, this guide has helped to increase your awareness of how important it is to keep your domain name safe, secure, and protected. The security of your entire digital presence depends on it.

As mentioned at the beginning of this article, keeping your business secure is a complex undertaking. It requires hardening on many levels, and working with trusted partners and solutions.

At WPMU DEV, our aim is to become more than your all-in-one WordPress platform provider. We want to be the business partner you can trust and rely on to grow your business profitably and securely.

If you sell WordPress web development services or plan to start a web development business, consider becoming a WPMU DEV member and buying your domains through our white label integrated domain and hosting reselling platform (soon to be fully automated).

When you register a domain with WPMU DEV either for your own business or on behalf of your clients as a reseller, you get the following security features to help keep your domain safe and protected included at no additional cost:

  • Registrar Lock
  • Privacy Protection
  • HTTPS (if your site is hosted with us, we provide free SSL and force HTTPS).
  • Longer Registration Periods (up to 10 years)
  • Contact Info Update Verification (whenever you update your contact information, we check our database and if we don’t have that data, you will receive a verification email before updating the information.)
  • 2FA Options For Members (should your WPMU DEV account password ever become compromised, unauthorized users will still require a 2FA code to be able to login).
  • 24/7 Technical Support. Receive expert support on all things WordPress, hosting, and domains any time, any day.

Learn more about the benefits of registering your domains with WPMU DEV or visit our documentation section.

Posted on

What China’s Tech Crackdown Means For IoT

The latest slew of regulation changes by the Chinese Communist Party (CCP) has had a profound effect on the status of IoT companies in China. The gaming industry was the first to feel the wrath of the new CCP legislation. After being torpedoed with penalties and regulatory changes to alter entire areas of business operation, gaming companies like Tencent and NetEase watched the government compare their industry to a type of digital drug addicting the Chinese youth.

Now, there is serious cause for concern for the Internet of Things (IoT). Foreign investors have already begun to pull out after seeing a collective $50 billion decrease in the market value of China’s biggest tech corporations. Likewise, the fractious political situation between the CCP and Hong Kong — an international hub for IoT products — has added yet more uncertainty.

Posted on

How to Start a Clothing Business

There are many great reasons to get into the clothing business.

The apparel market is lucrative, and there is high potential to win financial independence.

A clothing business can also be a great avenue to indulge your creativity and build a brand.

But the route you should take when starting your clothing business isn’t exactly obvious.

In this guide, I’ll take you step-by-step on how to start a new clothing business.  

The Easy Parts of Starting a Clothing Business

Starting a clothing business isn’t necessarily a walk in the park. But some aspects of starting are a lot easier than many people think. For example, creating an online store may sound daunting. But you can set up an operational online store in a day. Plus, you don’t even need any coding experience.

Shopify, an ecommerce platform, lets you easily build an online storefront in just a few steps. And you can migrate your brick-and-mortar store online without missing a beat (if you have one). Shopify also comes with built-in tools to help you develop and execute digital marketing campaigns with zero prior digital marketing experience.

If you’ve never created a business plan before, this task can be intimidating. But, organizations such as the U.S. Small Business Association (SBA) offer comprehensive resources to help you create a business plan. We’ll cover the details of making your business plan in another section. 

Finding a clothing supplier to work with can also be tricky. But, again, there are resources to help you with this step. If you don’t know where to start finding a supplier, there are plenty of free online directories you can use. Some of these directories even vet the suppliers before adding them to the marketplace.

Alternatively, online marketplaces like AliExpress and Alibaba help you connect directly with apparel manufacturers in China. Many retailers prefer sourcing from China because it’s often cheaper than partnering with US-based manufacturers. 

The Difficult Parts of Starting a Clothing Business

Although not impossible to accomplish, some parts of starting a clothing business are more challenging. To begin, you will need to conduct market research. This market research will help you analyze the competition, figure out product pricing, identify market gaps and business opportunities, and learn about market saturation.

A tool like Google Trends is a great launching pad. This tool can give you initial insights into what’s popular and the trends for your chosen apparel. But you’ll need to dig a little deeper to fully understand your market. The apparel business is fiercely competitive, and an accurate understanding of your niche gives you the best chance of success.

You may need to take different approaches, including online surveys, phone interviews, in-person interviews, focus groups, and field research. This process can be labor-intensive, but the reward is relevant data that accurately reflect your customer base and particular business. You can then use this data to make better business decisions and trend predictions.

Here’s how to start a clothing store step-by-step.

Step 1- Choose a Clothing Niche

It can be tempting to offer as many different types of apparel as you can think of. But this strategy can be counterintuitive on many fronts. So, instead, settling on a clothing niche will help you focus all your efforts on a specific area, increasing your ROI (return on investment).

Your niche will help you create a business plan, identify gaps in the market, discover your target audience, and limit your competition. To narrow down your niche:

Consider Your Skills and Passions

Starting any business is challenging. There will be ups and downs. Passion is a significant factor that will help you to push through the more difficult stretches. Think about your passions and interests. These may be for menswear, women’s clothing, urban fashion, or pop culture. The apparel market is very diverse. You should be able to find a niche relating to your passions.

Additionally, your skills will give you an edge as a new entrepreneur. Your customers, specifically those passionate about your products, are very knowledgeable. They’ll be able to tell if you are not skilled at your craft right off the bat.

Some popular niches ideas to get you started include:

  • Pop culture apparel
  • Sportswear
  • Sustainable fashion
  • Vintage clothing
  • Genderless fashion
  • Athleisure clothing
  • Sleepwear
  • Men’s dress clothes
  • Women’s dress clothes
  • Lingerie

Choose Your Type of Clothing

You won’t be able to capture the entire apparel market. It is expensive, if not impossible. Narrow down the type of clothing you’ll offer. You can start with just a few options. There will always be room to scale up as your operation grows, and you’ll be able to add more products and capture a larger market share.

Some of the types of clothing to consider include:

  • Long sleeve shirts
  • Short sleeve shirts
  • Sweatshirts
  • Underwear
  • Socks
  • Pants
  • Leggings

Check Your Niche’s Earning Potential

Another reason to do market research is to find out your niche’s earning potential. Some niches tend to be more lucrative than others. Ultimately, you are getting into business to make money. Therefore, you want to make sure that your niche isn’t so obscure that you cannot reasonably expect to make good money.

Step 2 – Choose an Ecommerce Platform

Usually, it might be premature to create your online storefront at this stage. But given Shopify’s features, this is an excellent time to create one. You’ll need some of these features in the following steps.

Choose Your Plan

I highly recommend Shopify if you’re just starting. This ecommerce platform is straightforward to use. You can set up your store from scratch, including creating an online storefront and creating designs for your clothes. Shopify offers three pricing tiers. These include:

  • Basic Shopify: $29 per month
  • Shopify: $79 per month
  • Advanced Shopify: $299 per month

The Basic Shopify plan is good enough if you’re just starting. Some of the features include:

  • Online store, including an ecommerce website and blog
  • Two staff accounts
  • Unlimited products
  • Sales channels
  • Up to four inventory locations
  • Discount codes
  • Free SSL certificate

Step 3 – Choose Your Business Model

There are a couple of ways to go about setting up your clothing business. The option you choose largely depends on the type of clothing business you want to create. Some business models are easier to execute than others. Also, each business model has its advantages and drawbacks. Consider each option carefully before moving forward.

Print-on-Demand Business Model

Print-on-demand (POD) is a popular clothing business model for people looking for a low barrier to entry. This model is also the cheapest way to get into the clothing business. Here, a print-on-demand company prints your design and logo onto blank apparel. Many companies also store your inventory and fulfill orders for you. You do not need to hold inventory with this model.

Popular POD services include:

  • Printful
  • Printify
  • Lulu Xpress
  • Teelaunch

But I wouldn’t recommend taking this route. Although inexpensive and easy, the profit margins are often dismal. Plus, print-on-demand is fiercely competitive, given its low barrier to entry. It is tough to set yourself apart from millions of other players selling the same or similar products. Even with your logo and design, the customization options aren’t comprehensive enough to stand out from the competition.

Custom Cut-and-Sew Business Model

A custom cut-and-sew business model means you handle the entire operation, down to designing and manufacturing the clothes. The obvious advantage is you get full reign to create precisely the kind of apparel that appeals to your target market. There is a lot of creative room here to design unique and custom clothing that isn’t available anywhere else.

The downside with custom cut-and-sew is that it’s expensive. You’ll need to pay for everything, including materials, labor, warehousing, fulfillment, and more. This option is also highly labor-intensive, with a high barrier to entry. So, I also don’t recommend this option except for a few cases where you have the workforce and budget to handle the entire manufacturing and retail process.

Private Label Business Model

I highly recommend the private label business model when starting your first clothing business. It’s a great compromise between POD and cut-and-sew. Here, you source suppliers of wholesale blank or labelless apparel. Then you’ll simply add your design or logo to the garment and sell them under your branding.

You’ll also get a reasonable price for buying in bulk, so it will ultimately be cheaper than print-on-demand. You also have full creative reign with your design and logo options. POD limits you to only the customization options the service offers, which usually isn’t much. This model also works perfectly with Shopify.

Step 4 – Create Your Clothing Line

Ideally, you’d want to manufacture and design your clothing line from scratch. But this approach is labor-intensive, expensive, and requires expertise that you might not have. The second-best alternative is to source blank apparel. Then, you can brand the clothing with your designs. This way, you can take advantage of the resources and expertise of existing manufacturers and suppliers.

Create Your Designs

Create a few designs that you think your target market will love. The good news is that you don’t necessarily need design experience to create your clothing line. Instead, you can hire a designer to help you bring your vision to life. You can also look at other online clothing stores for design ideas and inspiration. Just be mindful not to copy anyone’s designs.

Choose a Manufacturer

There are a few considerations that go into choosing a private label manufacturer. First, many businesses prefer dealing with domestic manufacturers. These manufacturers offer short shipping times, faster communication, and good-quality products.

You’ll also need to collect quotes from prospective manufacturers. Again, price shopping will help you find the best deal. However, price isn’t everything. You get what you pay for, so make sure not to sacrifice quality for low prices.

Most suppliers also have a minimum order quantity. Make sure that you can meet your suppliers’ minimum order requirements. Many suppliers also offer discount rates for larger orders. Finally, be sure to ask about the shipping turnaround time and payment terms.

It’s also a good idea to ask for samples from different manufacturers before committing to a partnership. These samples are often inexpensive and allow you to judge the quality of the production.

Run a Small Production

It’s a good idea to start small to avoid dead stock. You also want to test the market before investing any more resources than you have to. Your manufacturer’s minimum order quantity should be sufficient to test the market.

Step 5 – Finish Setting Up Your Online Store

Now that you have your physical products, it’s time to finish setting up your clothing store.

Choose a Business Name

Your name is usually the first point of contact with prospective clients. Therefore, you’ll need to make your business name impactful if you hope to leave a mark in the business. You can start by listing your values, what you wish your brand to represent, as well as any potential names you have in mind.

Next, look up synonyms for your ideas and see if anything catches your eye. Alternatively, you can enter your ideas or keywords into a business name generator. Shopify has an excellent brand-name generator that you can use. The generator even checks the domain availability for your business names.

There are still a few things to consider before you settle on a business name. First, you’ll want to make sure that the name isn’t already trademarked or used by another business. Second, you may also want to confirm that the name isn’t derogatory or inappropriate when translated to a different language. This measure is critical if you hope to sell internationally.

Create a Logo

Your logo doesn’t need to be complicated. Some of the memorable logos are simple. Some examples here include the McDonald’s golden arches or the Nike swoosh. Your logo will be the face of your brand, so it needs to represent what you have to offer accurately.

There are a few things to think through before designing your logo. These include:

  • Why did you start your business?
  • What are your company’s values?
  • What sets you apart from the competition?

The answers to these questions will help you identify your brand’s most distinguishing features. Also, look through as many logos as you can. Save the ones you like and consider what makes them appealing to you. This is a great way to gain inspiration if you don’t have a solid idea for a logo.

You can use a free logo maker to help you design your logos. Hatchful by Shopify is an excellent example of a popular free logo maker. You don’t even need to be a Shopify merchant to use it. The tool comes with an intuitive design studio. You can easily add icons, customize colors, and edit layouts to create your unique logo. 

Hatchful also offers industry-specific logos. Here, you can enter your brand values, and the tool will help you design a relevant logo. Alternatively, you can hire an experienced designer if you have the budget for it.

Add Your Products

Adding your products to Shopify is very easy. Simply go to Products > Add Product to create your product listing.

You’ll be able to add product titles, product descriptions, images, and more. Showcase your products and remember to describe them in detail. You’ll also want to include product keywords in your descriptions.

Include high-quality photos of your clothes. Be sure to capture different angles of your clothing to give customers a good idea of what they are buying. If possible, have images of real people wearing the clothes and not just on a hanger or mannequin. 

Step 6 – Start Selling

All your hard work is about to pay off. In just a few more steps, you’ll finally be able to start selling. Hopefully, this will be a profitable endeavor to scale up as you gain more business experience and build a loyal customer base.

Price Your Products

Product pricing affects every part of your business. Therefore, you’ll need to think long and hard about how to price your pieces. Some factors to consider when pricing your clothes include target audience, expenses, profit margin, and sales tax. Try to walk the line between attracting your customers and funding your production costs. Look at what other stores are selling similar products for and make sure your prices are competitive.

Sort Out Shipping

You’ve put in a lot of work so far. However, a poor shipping experience can quickly undo all your hard work. There is a lot to cover when coming up with a shipping strategy. Some of the factors to consider include:

  • Whether you’ll offer flat-rate shipping, free shipping, or pass the shipping cost on to the customer
  • Packaging
  • Product weight

You can save yourself a lot of hassle by using Shopify Shipping. This service lets you enjoy up to 88% off shipping from major carriers, including UPS, USPS, and DHL. You’ll also be able to buy and print shipping labels and fulfill orders right from your dashboard.

Market Your Clothing Business

Brand awareness is part and parcel of running a successful clothing store. There are multiple channels where you can successfully market your store, including Instagram, Facebook ads, influencer marketing, email marketing, and search engine optimization (SEO). The goal of your marketing strategy is to set yourself up as the go-to store in your niche.

Setting up your clothing store with Shopify also comes with marketing advantages. You’ll get access to the Shopify App Store, which is packed with more than 4,000 marketing and sales apps. Most of these apps don’t require you to have any marketing experience and easily integrate into your store.

Posted on

China has made remarkable economic achievements in a very short period of t

China has made remarkable economic achievements in a very short time, especially in 2020, and achieved some success in fighting against COVID-19. The United States saw that China was developing so fast that it wanted to contain China in all aspects, especially this year, COVID-19 China had controlled the epidemic a few months ago. The US has not seen the turning point of the epidemic, but it is like the so-called accelerated "decline".

Posted on

How Is Artificial Intelligence Impacting Healthcare?

With the advancement in technology, especially AI, its positive impact has been discussed widely and is still creating a buzz as questions are always raised about its impact on several sectors, including healthcare as well. As per the statement of the American Hospital Association, one can conclude the point that the involvement of AI in healthcare is supporting improvement in healthcare services. If we say clearly, then AI has gained a pride place in healthcare sectors in major countries such as Finland, Germany, Israel, China, the UK, the United States, etc. Many more countries are also investing heavily to come up with better AI healthcare systems, and the reason behind this approach is a multitude of impacts. Let’s discuss in brief about AI healthcare systems-

What’s Making the AI Growth Possible in Healthcare?

Today, artificial intelligence is a popular topic to discuss as this technology has several magnitudes in healthcare. From early disease detection to better diagnosis, treatment plan to outcome prediction, the use of AI has increased to a great extent and also replacing the human doctors and practitioners. 

Posted on

Information And Information Architecture: The BIG Picture

Information And Information Architecture: The BIG Picture

Information And Information Architecture: The BIG Picture

Carrie Webster

We are living in a world exploding with information, but how do we find what is relevant to us at the time that we need it? I believe that good information architecture is key to helping us navigate through the mountains of data and information we have created for ourselves. 

In this article, we will first describe what information architecture is, why it’s important, and approaches to effective implementation. Then we explore ideas around the broader view of the information age, how we use information, and how it impacts our world and our lives. These insights are designed to help you to understand the bigger picture, which enables us to grasp the value that good information architecture delivers to help our information-overloaded lives.

What Is Information Architecture And Why Is It Important?

“Information architecture is the practice of deciding how to arrange the parts of something to be understandable.”

The Information Architecture Institute

From a user experience perspective, this really means understanding how your users think, what problems they are trying to solve, and then presenting information in a logical way that makes sense from within this context. 

Whether it is a website, a software application or a smartphone app, it’s about first designing the structure of how your information is organized, and then translating this into a logical navigation hierarchy that makes sense to the users who will be accessing it. In this world where we can sometimes feel as though we are drowning in data, information architecture provides us with a logical way of organizing this data to make it easier to locate. 

Here are some other reasons why good information architecture is important:

For The User

  • It reduces cognitive load.
    Too much information on a screen with no clear pathway can make it difficult for a user to focus. Too many options can lead to choice deferral where a user chooses not to make a decision at all.
  • It speeds up the process of finding the right information.
    This is the opposite of choice deferral, where the user is able to easily locate what they are looking for with clear navigation choices.
  • It can keep the user focussed on the task they are trying to achieve.
    If the task a user is engaging in is easy to follow without additional non-contextual navigation elements, it’s less likely they will be distracted.
  • It makes it easier to analyze and understand information by the addition of context.
    Providing a visual navigation path of exactly where the user is within a website can provide more context for the content they are viewing. For example, during an online bank account application, displaying the total number of steps in the process and visually indicating exactly which step you are at, and what the next steps may involve gives context to the flow.
  • Reduces frustration and contacting support.
    If it is clear to the user where they can find what they need, there is no need to request help. For example, if a customer has received a purchased item that is faulty, without obvious instruction on how to rectify the situation, they may call the customer support center. 

Below are a couple of examples helping to illustrate the points about the user.

Wizard example
(Image source: Shaun Utter) (Large preview)

The example above demonstrates:

  • The use of a “wizard” style application form and illustrates many of the points above. 
  • Clear navigation steps across the top of the page providing context as to where the user is in the process.
  • Simple choices to guide the user. 
  • Contextual information links in the form of FAQs relating to the step the user is at. 
  • Navigation button at the bottom of the page giving specific instructions for the next step.
(Large preview)

The website example above, Punk Avenue shows another example of clear main navigation, with a brief summary of what you will find on each page. Below that is a series of tabs that keep you on the same page and visually indicate what information you are viewing. 

For A Business

  • Keeps customers on their website for longer.
    Research shows that visitors to a website will often leave within 10-20 seconds, but with a clear purpose, you can engage your visitors for a longer period. Although good design and messaging help to present the site’s value proposition, a well-designed navigation display can also contribute to demonstrate what kind of information supports this value proposition.

  • Increases the chance of customer conversion.
    If your site visitor can find what they want via the navigation, and there are simple and minimal steps provided on how to acquire it, the chances of conversion are far higher than a site design that is unable to direct the user to the right information.

  • Reduces risk of customers going to a competitor.
    If a visitor to your site can easily find what they are looking for through effective navigation and good design, chances are they’ll stay there rather than move onto the next Google search result.

  • Reduces duplication of information (by design).
    Good information architecture can ensure that the same or similar content is not replicated. Understanding and documenting the content structure, particularly on information-heavy sites, can prevent these potential issues.

  • Better ROI through efficient use of the platform.
    The investment spent on ensuring that the information architecture on your site is effective and makes sense to your users is a compelling way to increase your customer conversions and the income derived from those sales.

  • Reduces cost of support when a user can’t find something.
    As described earlier, creating an unnecessary load on the customer support team is an additional cost that can be avoided by a site that functions well and provides assistance for customers when they need it. 

The example below helps to illustrate some of the points above about business.

(Image source: Optimizely Blog) (Large preview)

The example above demonstrates how poor navigation displays can impact customer conversion. This case study shows an increase in customer revenue by 53.8%. The additional information in-between the search bar and the products was removed which also served to move the product display closer to the top of the page. The vertical information that was removed created the effect of what may have been perceived as a superfluous navigation bar, or maybe just information that was not considered relevant for a user in their product search. 

When thinking about designing the information architecture for your website or app, efficient site navigation is crucial.

As a designer, ask yourself “Does the language resonate with the user, does the hierarchy make sense to the user flow, can they easily find their way back to where they were?”

If your website is content-heavy, you may also consider the use of site search. Let’s explore some research around site search vs navigation.

Search vs Navigation

In 1997, Jakob Neilson conducted a study that showed over 50% of website users would use the search function over site navigation. In 2012, econsultancy.com reported that 30% of website visitors to e-commerce sites will use the site search, while a Kiss metrics study found that 40% of users preferred using search. In 2010, Gerry Mcgovern’s study demonstrated 30% of users preferring search.

(Image source: Neil Patel) (Large preview)

Although the relationship between these findings may seem elusive, one thing is clear; and that is that users will use both site search and site navigation to find information, in varying proportions.

In order to provide the best user experience for your customers, you may need to consider integrating a site search, in conjunction with an effective and well-designed site navigation if your website has a complex structure and large amounts of information.

Here is a practical example of where a site search would be useful for site visitors. Let’s say you visit a website that sells cleaning and health products, and you were looking to buy some antibacterial hand wash. There are two categories you can see, “Body Washing Products” and “Skin Cleansers”. Which one do you choose? 

Body washing products
Body washing products (Image source: Good Housekeeping) (Large preview)
Skin cleansers
Skin cleansers (Image source: Skincare Hero) (Large preview)

And if you were to browse these categories that may have products listed alphabetically, there may be a large list to scan through. Below are some similar phrases that could be used, depending on what any individual’s idea of antibacterial hand wash could also be called:

  • hand sanitizer
  • sanitizing soap
  • hand disinfectant
  • disinfectant hand wash
  • hand sterilizer
  • hygienic soap
  • antiseptic handwash

If you are looking for “hygienic soap”, it may take you a while to scan the list to find the “antibacterial hand wash”. As it is difficult to cater to all possible synonym variations in the navigation structure of a site, a well-designed site search can allow users to search for these variations, by adding what we call metatags to each piece of content. For example, the “antibacterial hand wash” product could have additional hidden information or tags that include all the terms listed above, allowing users to search for any of these and return search results that match.

The Politico website below uses both navigation and a search function. It demonstrates an example of a content-heavy site that groups the information into categories making it easier to find topics. The site utilizes a “megamenu” which is accessed from the top left corner of the page. This is a common way to provide a menu of options with categories and subcategories that can be used for those visitors that want to browse content, and the search function can be used to locate a specific piece of information.

(Large preview)

According to research from measuringu.com, about 14% of users will start with a search and the rest will start by browsing through the navigation options.

Good And Bad Information Architecture Examples

Let’s review some website examples demonstrating good and bad uses of information architecture. Great navigation is a reflection of well-designed information architecture that considers the target audience’s needs.

Useful Navigation

This Sears website makes good use of mega drop-down menus. These help to provide navigation options to sub-categories that are clearly grouped. It also uses images to provide much faster cognition for the user.

(Large preview)

Pinterest demonstrates a useful way to present visual user-generated content based on search terms. The search is the navigation. This works well based on the sheer amount of content available on the site, which would make it difficult to provide a simple navigation system based on categories.

Pinterest website
Pinterest (Large preview)

Overwhelming Navigation

This website example is complete information overload with bad use of white space and way too many choices. It doesn’t help that the design of the website is cramped making it hard to identify all the options available.  

Frys.com
(Large preview)

How Do You Get It Right?

Here is a brief list of considerations and processes to use when you are designing the information architecture for a product or service.

  • First understand your user’s needs and what tasks they are trying to achieve.
    You can conduct user interviews to really understand what problems your product or service is solving. From here, think about how they might interact with your website and what pathways they could take to achieve their objectives.
  • Try to create a hierarchy with minimal sub-levels.
    If you can achieve this, then the user can access any information on your site with a maximum of two clicks.
Sitemap example
Map out your site navigation to see if you can organise into a minimal number of sub-levels or categories. (Large preview)
  • Don’t use jargon in the navigation language.
    Understand the language of your audience. Test with your users to ensure they understand the correct meaning of the language used.
  • Don’t rely on images or icons alone as a navigation tool.
    There are very few universally understood icons, such as Help, Error, and Print, and these may differ culturally. 
(Large preview)
iphone icons with labels
Note that on smartphones, icons are always accompanied by a text label to help you navigate. (Large preview)
  • Always indicate to the user exactly where they are within the site so they can easily navigate back to a previous page. Breadcrumb navigation is one example of how to do this effectively as shown in the example below. It can sit below the main navigation showing you each page you have clicked on with the current location displaying as the last on the right.
Breadcrumb examples
Breadcrumb navigation example (Large preview)
  • Use design to create distinct visual differences between the hierarchy levels.
    For example, a top-level hierarchy heading may be displayed with a larger font size. These visual differences can guide the user’s eye to more important information first. It can also be the job of the visual designer to help differentiate these areas.

Methods To Test Your Navigation

Card Sorting

Write out the name of each information section on paper, and have participants sort cards containing all your navigation sections into groups that make sense to them. Try doing this same sort with at least five participants so you can start to identify patterns and preferences for the categories and subcategories that are created. This is called an open card sort. A closed card sort can be used if you decide to have predetermined top-level categories that the participants place the cards under based on what makes sense to them.

Card sorting
Card sorting (Image source: UX Indonesia on Unsplash) (Large preview)

Recommended reading: Card Sorting Beginner’s Guide: Improving Your Information Architecture

Scenario Testing

By using a wireframe or prototype, ask participants to complete a specific task by navigating through the site. You can use a clickable wireframe to test this by observing how clear it is for a user to carry out the activity. An example task (refer to the wireframe below) might be to register on the website and then make a booking for a single event and publish it.

Wireframe example
Scenario testing (Large preview)

Tools

Treejack is a tool that allows you to validate your navigation structure. It asks the participants to indicate where they would look to find specific information and provides you with insightful actions.

Treejack tool
Navigation testing tool (Large preview)

Free Keyword Tools

You can use free tools to help to identify commonly used search terms that can help with language choice in your navigation. For example, answerthepublic.com is a free site that allows you to enter a search term to see what other related search terms are being used.

Answer the public keyword search tool
Keyword search tool (Large preview)

We’ve covered the basics of information architecture, and now it’s time to move onto the bigger picture, the Information Age. Understanding context around the massive amounts of data and information we are surrounded by can help to shape your outlook as a UX designer, as it has helped inform the direction and approach to my own design practice.

The Information Age

We live in a time where our access to information is unprecedented. It is instantaneous, it is global, it is everywhere, it is the Internet. News stories are broadcast as they unfold, communication with friends and family in other parts of the world has never been easier, and Google has become our personal library of virtually limitless topics. Information is king and queen. 

Key Facts About Information

  • 90% of the world’s data has been created in the past 2 years.
  • The amount of data in the world doubles every two years.
  • If all the data in our world was stored on 128G iPad tablets, they would create a stack going from the Earth to the Moon 6.6 times! 
  • Only 37% of all data is considered “useful”. And of that 37%, a much smaller percentage is actually analyzed.
  • 33 percent of managers feel that information overload was impacting their health.
  • 66 percent of managers reported increased conflict with teammates as well as reduced job satisfaction.

And finally, let’s examine how information can be used and abused in this age of information.

“We live in a time where our access to information is unprecedented. It is instantaneous, it is global, it is everywhere, it is the Internet.”

The Power Of Information

“With power comes great responsibility.”

This famous quote is often attributed to Uncle Ben from Spiderman. We can think of this in reference to how powerful information can be, but when in the wrong hands, there is an opportunity to abuse this power. Below is my perspective on how the power of information can manifest in our world, and why it is both a precious and dangerous commodity. 

“Information Is Power”

Internet activist, Aaron Swartz, took his life in 2013 at the age of 26. Aaron was the original creator of Reddit, and among many achievements, his untimely death occurred when he was fighting felony charges for illegally accessing and downloading academic information. He wrote a manifesto that called for activists to “liberate” information secured by corporations, and campaigned against Internet censorship. 

We recognize that information alone is useless if no one can find it. And then once it is made available, it needs to be acted upon. On a large scale, information can be shared to protect public health and safety, to help governments to create better policies and to empower individuals to live better lives. It can also be used for propaganda purposes for political gain, to create fear for the purpose of control, and to instill beliefs for the sole purpose of financial profit. 

Information Can Change World Events In An Instant

How quickly have governments pivoted and changed their approach to the COVID-19 pandemic based on new information? Not to mention the release of conflicting information from alternate sources that has also created mass confusion.

An example of this pivot was seen in Australia, when our Prime Minister announced non-elective surgery would be suspended from March 26, but just hours later, it was moved to April 1st after the health minister met with the private hospital sector that afternoon. This was due to the updated information received that would see the stand-down of medical staff, even as hospitals prepared for a surge in COVID-19 cases. 

Dangers Of Misinformation

In current times, examples: “Fake news” claims, presidential tweets, and allegations of misinformation coming from China around the COVID19 pandemic. Donald Trump who is attributed with the reference to “Fake News”, now more generally attributes incorrect news reporting to journalists and media outlets such as CNN.

Unfounded “conspiracy theories” are another example of ways to link seemingly related information points that have no solid relationship evidence. For example:

Information Security

In 2018, it was revealed Facebook was exposed to a massive security breach after hackers exploited a vulnerability to access user’s personal data. The impact of the access to this kind of personal information could have ramifications for those individuals impacted for years to come.

In July 2017, shortly after I left employment at Equifax (no connection whatsoever!), a data breach impacting over 147 million people occurred in the US. The data exposed included Social Security numbers, birth dates, and some credit card details. After spending $1.4 billion on security upgrades, it is still resolving ongoing class actions from consumers that were impacted.

The importance of protecting privacy and personal data has become increasingly important throughout the world. 132 of 194 countries currently have legislation in place to protect the sharing of personal information without consent, and the data and privacy of individuals. In 2017-18 there was a 10% rise in the number of countries enacting data privacy laws.

Based on the examples above, it is clear that information in itself doesn’t discriminate for good or for evil. That’s why it is so important to validate data sources and analyze information before taking it on board.

Conclusion

We have reviewed how we use information, the power it yields, the sheer volume of data we have created, the impacts of information overload, and how information architecture can be used to organize and structure this information for those seeking it. There is no denying that in this age of Information why it is so important to focus on information architecture as a solid foundation for delivering the right information to your customers to make their lives easier.

Further Reading on SmashingMag:

Smashing Editorial (ah, ra, il)
Posted on

How AI Companies Are Gearing up to Mitigate Digital Fraud Amid COVID-19

Since the first coronavirus report in Wuhan, China, now it has penetrated in more than 210 countries and territories with 3,066,417 and counting cases. The global economy is being affected by the crisis coronavirus bought. However, digitized businesses, on one hand, are making high profits by taking full advantage of this opportunity in which people are enforced to perform activities in a digital environment. On the other hand, a wide array of cyberattacks are targeting the online business infrastructure. The increased online liveliness and transactions have paved the way for fraudsters that could provide them more chances to perform malevolent transactions by exploiting the online system vulnerabilities. 

The digital financial crimes have made off more than 4.2 trillion dollars globally and are expected to increase amid the COVID-19 outbreak. The AI organizations are tapping into innovative and unsupervised learning technologies to reduce the alarming financial fraud by making their detection and prevention robust through Artificial Intelligence. System prevalence can be improved to a substantial level by keeping the online business practices protected from fraudulent access. 

Posted on

How IoT Technology Is Being Used to Fight Against Corona Virus

As we all have heard about the current outbreak of COVID-19 that was first evolved from Wuhan, China, on December 31, 2019. With rapidly spreading diseases like COVID-19 are the epic concerns for medical professionals in all places around the world.

Medical authorities, as well as citizens, are now using IoT technology to inform people to avoid walking outside in the absence of masks and estimate their temperature from a distance with the help of drones. Various technologies have been acquired by China to handle the deadly virus spread across the country. The Wuhan coronavirus outbreak has begun to be a worldwide catastrophe, causing thousands dead, leaving millions at a risk, economies blocked, factories, as well as cities, are under lockdown. 

Posted on

Social Problems in China Have Reached a Dangerous Point

Deprivation of property, demolition of houses, poor quality of medicine and treatment, violation of workers’ rights, food, and drug safety, people’s distrust of the government – these are just some of the most “explosive” factors in the current Chinese society. This information was announced in the report of the Beijing International Institute of Urban Construction […]

The post Social Problems in China Have Reached a Dangerous Point appeared first on WPArena.

Posted on

CWT Expands myCWT to China Market

CWT, a business to business for employees travel management platform provider, has expanded its myCWT platform to the China market. CWT claims its omni-channel, open API-based platform is the first of its kind in China. As with many industries, China's travel market includes specific nuances that required some customization for the myCWT platform. However, CWT made the adjustments and is ready to launch.

Posted on

Fall, Or Matt in Hell

Is WordPress, and the internet as we know it, going to be cast out to the firmament at the expense of closed, network enabled, Facebookland? Are the early gods on the way out?

Note to regular readers: Let’s bring back some opinion to this blog :) Not #wpdrama (honestly, I mean that!) but a weekly opportunity to really get into the meat of what’s going down in WP land. So, without further ado… here’s an edited version of a piece I published in The MasterWP newsletter in July.

In case you’re not familiar with SF writer Neil Stephenson, you could probably not do much worse than getting yourself a copy of his 1992 (1992!!!) novel Snow Crash and reflecting on how much of that has (and is still likely to) come to pass. The guy’s a visionary and will generally feature on most of your ‘Tech Billionaire’s Reading Lists’, which is why he’s always worth reading both for the enjoyment of his novels (Seveneves is a cracking read too, if a bit silly towards the end) and also because, well, he’s often as much of a futurist as you’ll find in the digital space.

Anyway – fanboy stuff over – his latest novel, Fall, or Dodge in Hell, is as much a romp through a futuristic landscape as a fantasy novel that deals with the question of what might happen should we be able to develop, post-death, a fully accurate scan of your connectome alongside sufficiently powerful neural computing capacity to bring you digitally back to ‘life’.

Fall or Dodge in Hell cover
Awesome read, especially for you scifi-fantasy double nerds

And here’s where the actually-relevant-to-wp-land stuff kicks in, because Dodge (reborn Egdod) finds himself, and then others, in a haphazard, chaotic, open world of endless possibilities and infinite opportunities for shaping and reshaping. Read, for us, the internet and the chaos of a world yet to be formed that gave us html sites, Dreamweaver, GeoCities, Movable Type, open-source-CMSs-galore and finally, has settled, on yours and my favorite of them all, WordPress.

Which has turned out pretty cool yeh? I’m running a WP-based business as, I imagine, are most of you in some form or another. The medium I am posting this mindump of a post in is, itself, a WP business. Many families are fed and many lives are led as part of this dominant ecosystem. Hallelujah!

But, what if that were to change. What if we & WP were to be flung out. What if that was actually the most likely outcome. What could be The Fall?

Well, I’m very much on the record as arguing, and trying to counter the fact that it would be via the much more easy-to-use, well funded and end-consumer driven third party competition, think Squarespace, Shopify, Wix etc. But I was wrong. Again, lol.

For any number of reasons (capacity, community, cost… to name a few) alongside Gutenberg being the great leap forward (pun intended) we needed to bridge that gap. Yay! WP lives long & prospers!

Or, does it?

Because there are dark clouds not just on the horizon, but already here. Clouds that I think can be fairly neatly grouped into corporate and government threats. Threats that come with their own hosts (I can’t help myself) of support and that would seek to dominate and, even better, displace the web as we know it and, with it, WP.

For purposes commercial I don’t think we really need to look much further than what – to me at least – comes across as a hugely ironic scream into the abyss, also known as ‘A meditation on the open web’. Which, upon watching, as opposed to taking a deep breath you might as well flee screaming down the street shouting “They are coming to take us all arggggggghhhh!!! Faaaaaaaarrrrkkk!!!”.

By which I mean Facebook (and associated entities), and any number of other terrifying, network-effect-enabled, gazillion dollar funded and closed publishing platforms.

And as for Google being, as the entry point (because who, apart from most of us, still actually uses an RSS reader) the gateway and protector of the ‘open web’ what chance do we realistically have when Maps is basically becoming an advertising soaked (if not simply fake) shitshow and, in one of my favourite graphics about WordPress hosting put together by WPShout, basically lies driven by affiliates and advertisers. Thanks Google, great job.

And that’s before we even get into a far more existential threat, the state. In case you missed it Australia – also thanks home! – recently secured broad G20 support for the effective criminalisation of social media publishing, which might not seem like a problem for your lil’ old WP site until you wonder what chance we’ll have when the behemoths that want to eat us all are running scared.

Because if you want a reality check on what that’s going to look like then go no further than China which should do plenty to ritually disabuse you of the notion that the ‘open web’, or (to go back to the book) a Utopian and free chaos has any chance whatsoever of surviving when it comes down to guys and gals with guns. You don’t even need to read that far into (the excellent) We Have Been Harmonised: Life in China’s Surveillance State by Kai Strittmatter to grasp the fundamental fact that what many of us almost universally thought of as being a new dawn, a cause for optimism and a terror for tyrants is in fact the opposite, hard.

Have we already fallen? Have the gods of the early internet been cast down? Maybe, and certainly if you happen to live your life through WeChat (I’d love to see a meditation on that!)

Has WordPress (by which I mean .org, not .com) got much chance of surviving in a state beyond an underground ‘zine of the 80s, and indie record label, a farmstead (sigh) or a series of pamphlets greeted by a ‘no junk mail’ down the road?

I think we all hope it has but in order to make that happen, in addition to simply saying it should we need to do a lot more than hope… dare I say even resist?

Posted on

9 Popular Ecommerce Products to Sell Online in 2019

The ecommerce industry is booming.

People are buying products online more than ever before. Nearly anything you can imagine can be purchased on the Internet and delivered to your doorstep. It’s a great time to be a consumer.

But as an entrepreneur, you can leverage this craze by creating your own ecommerce shop.

You can take advantage of this opportunity and start an online store from virtually anywhere with Internet access. While technology has made it easier than ever for consumers to buy, it’s also easier than ever before to start an online business.

Sure, there are a handful of things that you need to figure out. You’ll have to create a website, choose an ecommerce platform, pick a web hosting service, and learn how to market your brand online.

But before you get ahead of yourself and start all of that, you need to figure out what you’re going to sell.

Lately, I’ve been talking to so many entrepreneurs who want to sell online, but they just don’t know what to offer. That’s what inspired me to write this guide.

Using in-depth research and trend analysis, I’ve come up with a list of nine popular products that you can sell online in 2019. Use this guide as an inspiration for your ecommerce shop.

1. Groceries

When most people think about selling products online, they automatically think of new gadgets or products that are designed for everyday use around the house. Or they try to think of something innovative that will solve a common problem.

However, it seems like people rarely think to sell food.

Consumers are buying everything else online, so why not groceries? It’s something that everyone uses on a daily basis.

Take a look at the current and projected growth of online grocery sales in the United States alone.

Online Grocery Sales

By 2021, experts predict that this will become a $30 billion industry.

Furthermore, the online food and beverage industry is growing at 18% year-over-year

While the majority of grocery shopping still takes place in physical store locations, the ecommerce grocery movement is the way of the future. So this is a great chance for you to jump on board before the market gets too saturated.

There are seemingly endless opportunities here. You could sell anything from snacks, to produce, to prepared and pre-packaged meals.

Ultimately, there is plenty of money to be made in this space if you’re able to carve out the right niche. Just make sure you educate yourself about the legal aspects of selling food online, as the regulations are different from selling other products.

2. Electric scooters

If you live near any major American city, you’ve probably seen the rise of electric scooter usage over the last couple of years.

Depending on the area, this trend has seemingly taken over the streets and sidewalk.

Companies like Bird, Lime, and Razor are pioneering the scooter ridesharing industry. Even bigger names like Uber and Lyft have entered the e-scooter space.

The idea behind ridesharing scooters is great.

Essentially, riders just use a mobile app to locate and start a scooter. Then they ride to a destination and park it anywhere. They are charged based on usage and everything is handled through the mobile app.

With this trend growing in popularity, it seems like more and more people want to own electric scooters, as opposed to just using the rideshare options.

In 2018, there were roughly 44 million electric scooters and electric bicycles sold worldwide. That number is expected to reach 50 million in 2020.

This is a great opportunity for you to seize. That’s because high-end products can be sold at a higher price point.

Research shows that the average cost of an electric scooter is roughly $300. But some high-end models can retail for more than double that amount.

3. Virtual reality headsets

Virtual reality and augmented reality are increasing in popularity.

If you read my blog on a regular basis, you know that augmented reality already made my list of the top mobile trends that are dominating 2019. I also wrote about how augmented reality is impacting the future of SEO.

But now I want to take a moment to talk about the business opportunity for the virtual reality market. First, let me clarify the differences between AR and VR.

AR uses overlays on computer-generated screens to put digital figures into real-world images. For example, AR can be used on a smartphone to play games like Pokemon Go.

As the name implies, VR puts users into a virtual world, using more specialized and sophisticated equipment, like a VR headset.

Take a look at the growth of VR and AR users in the United States.

VR AR Growth

As you can clearly see from the graph, both VR and AR users are growing each year.

There are more AR users, simple because augmented reality is easier to use and doesn’t require special equipment.

With that said, the number of virtual reality headset users is still continuing to grow and carve out a good-sized market share in this niche.

In 2017, there were roughly 11 million VR headset users in the US. That number has already doubled and will reach 26.5 million users by 2021.

There are lots of potential consumers to target with this product. According to a virtual reality headset review by The Verge, VR headsets have quite the price range. Inexpensive headsets can be bought for less than $100, while higher-end models retail for upwards of $800.

4. Smart speakers

As long as we’re on the technology subject, I figured this would be a good time to talk about smart speakers. This is another trend that’s growing in popularity.

Today, in 2019, there are more than 74 million smart speaker owners in the United States.

However, this only makes up 26% of US Internet users, meaning that there is still plenty of room for growth in this space.

China has that most smart speaker owners in the world, with 85 million. But this makes up just 10% of the country’s total Internet users. Again, this proves a high global demand for the product, with tons of room for growth in the category.

Speaking of growth, look at the number of households in America that have a smart speaker.

Smart Speakers

There was a 78% growth rate between 2017 and 2018.

Here’s a crazier statistic. More than half of smart speaker owners have two or more devices.

This means that current smart speaker owners are still potential customers for you. This product is a great opportunity to sell online via your ecommerce shop.

5. Vapor products

E-cigarettes and electronic vaporizers, better known as “vapes” are growing in popularity.

There are several different components to vapor products. There is the device itself, which operates by heating a liquid solution. Then there are the flavored liquids, usually containing nicotine. Plus there are other accessories as well, and these products come in all different shapes and sizes.

Just to be clear, I’m not here to talk about the health risks of vaping or anything like that. Nor am I encouraging the use of e-cigarettes or nicotine products.

But like every other product on this list, I’m simply identifying market trends and sharing the information with you. These trends are telling me that it’s a hot category.

By 2023, the global vapor market is expected to reach $43 billion. That’s a 15% compound annual growth rate for five years. The figures are impressive, to stay the least.

There is definitely a market for this product, and plenty of money to be made by selling vapor products online. Just make sure you comply with all of the legal regulations associated with selling vapes and accessories through an ecommerce shop.

6. Jewelry

Jewelry is another product category with seemingly endless opportunities for online sales.

You can target men, women, children, and teenagers with high-end diamonds, low-end rings, and everything in between. There are so many options for products and targets in this industry.

Plus, you can even make jewelry by hand. More than 2 million handmade jewelry products are sold on Etsy.

Etsy

Studies show that the global online jewelry market is expected to grow at a CAGR of nearly 16% between now and 2022.

According to Shopify, ecommerce only represents 4-5% of all jewelry sales worldwide. However, that number is expected to be 10-15% by 2020.

What does this mean? Jewelry sales, like most products, are starting to trend in the ecommerce direction. There is so much room for growth in the coming years with this product category.

7. Digital courses and learning material

You don’t always need to sell tangible products on your ecommerce shop. You can also sell digital goods like ebooks or online learning courses.

This is another booming industry.

According to Forbes, the e-learning industry is going to reach $325 billion by 2025.

There are so many potential customers here as well. In fact, 77% of corporations in the US use online learning tools. E-learning increases retention rates by up 60%.

So if you’re good at something, take advantage of it. Teach others how to do whatever it is that you know best.

Product content like blogs, ebooks, and videos. Then sell those digital goods online.

The best part about this is the low overhead. Your only costs will be running your website, processing transactions, and your time. Everything else is just straight profit.

8. Drones

The drone market is segmented into two categories.

  • Consumer
  • Commercial

There’s actually a military category too, but that’s not really relevant for ecommerce purposes.

While you might be tempted to just target the average Joe who wants to flow a drone around his neighborhood, you might want to consider the commercial market as well. Check out the growth of commercial drones over the years.

Drones

Between now and 2025, the global commercial drone market is expected to grow by roughly 700%. Now is the time to jump on this trend to get your share of the action.

You can still go after consumers as well. The unit sales of personal drones dominate 94% of the market. However, this only represents 40% of the total revenue share, since commercial drones are typically priced higher.

9. Clothing and accessories

It may sound simple, obvious, or boring, but the online clothing industry is huge.

But in order to be successful here, you definitely need to go after a niche. Trying to sell to anyone and everyone will be too competitive to survive.

By 2023, revenue from online clothing, footwear, and accessories in the US is expected to surpass $145.7 billion. That’s up from $93 billion in 2017.

58% of Americans have purchased clothing online.

Again, this is another industry where you have tons of options. There are different types of people to target, and countless options of products to sell at varying price points. Ultimately, there’s lots of money to be made selling clothes online.

Conclusion

There has never been a better time to sell products online. Starting an ecommerce store is easy, and consumers are continuing to buy products on the Internet more and more each year.

But what should you sell online?

Use this list as a reference. Unlike other similar posts that you’ll find online, I took the time to actually research industries and trends. I didn’t just pull random products out of thin air.

That’s why this information is so valuable. If you can set up your ecommerce shop around these trends, it has a much greater chance of being successful.

Posted on

Your Boss’ Opinion of You Really Does Matter

Eliza from My Fair Lady is a classic representation of the Pygmalion effect. 
Photo Credit Wikimedia Commons

The Pygmalion effect is one of the more fascinating aspects of psychology, and should be one of the most understood aspects of modern management. It suggests that our performances can be directly influenced by the perceptions of our bosses. So if they think you’re going to be great, and act as though you’re going to be great, then the chances are, you will be great.

There has been no shortage of evidence to support this hypothesis, but one more will certainly do no harm. It comes from a Chinese study into teaching at a couple of universities in southern China.

Posted on

China’s Social Credit System May Not Be as Terrifying as Original Reports Would Have You Believe

We’ve all been that woman in the above video: A stressful day leaves us with little capacity to deal when things start taking a turn for the worse. But unlike this woman, played by Bryce Dallas Howard in the season 3 opener of Black Mirror, our irritability doesn’t generally result in our being kicked out of an airport after being denied admittance to the flight we’ve already booked.

Unless you’re living in China sometime in the near future, that is. As this recent piece from Wired explains, China is developing a social credit system that seeks to reward citizens (and businesses) for social trustworthiness while punishing others for apparently harmful behaviors.