Connect with us

SEO

What You Need To Know

Published

on

What You Need To Know

SEOs are once again dealing with another broad core update–the first of 2023. And this one touched down hard and fast, shaking things up more than the previous September 2022 update.

With all the fluctuations and volatility in search results before and after the update, how can you ensure your website comes out as a winner once the dust settles? 

Let me discuss my insights and a few key strategies to help you deal with the March 2023 Core Update.

What Does a ‘Broad Core Algorithm’ Update Mean?

The name is self-explanatory. It’s an algorithm update that focuses on broad changes, with no specific focus in each area.

Core updates are made to keep the search results both updated and accurate to user queries. Think of it as similar to a list of recommended restaurants to eat – year to year, there may be newer, better places for you to eat at. Updating this list every few months is pretty similar to a core update in that it keeps your list relevant and up to date. 

With each core update, there are often widespread fluctuations in ranking, which ultimately means that your website could either be positively or negatively affected. 

The information we get about these updates is limited, as you can see from Google’s official document on core updates and their announcement post. Most of the data and strategies we get from this update are through webmaster tools, expert insights, and speculations. 

How often do Google core updates happen?

Generally, they’re released every few months, with the last two being in May and September of 2022. You can check the release dates of all the core updates so far in this document.

Google tends to announce these updates a few days before, or the day of. At times, you might even start to see the effects of one a few days before it’s officially announced.

Once released, it can take several days up to a few weeks to finish rolling out for users. 

The March 2023 Core Update

Google’s March 2023 Core Update was released on the 15th of March and officially finished rolling out on the 28th of March, 07:26 PDT.

The official twitter announcement of the March 2023 Core Update

It took 13 days to roll out, and this update was more noticeable than the last one we had in September 2022. 

Here’s a quick rundown of what widely notable effects I and other SEOs have seen so far:

  • Target: All types of content, as is usually the case with core updates.
  • Penalty: No penalty, focused on promoting or rewarding pages that fit their new algorithm.
  • Impact: Global update, impacting all regions, and in all languages. This one hit hard and fast, and we saw significant volatility in the SERPs (more on that later).
  • Features: Core updates impact Google’s features, such as Discover, featured snippets, and more. 

Just like any other core update from Google, the update seems to reward websites that follow E-E-A-T, high-quality content, and improved user experience. Websites that don’t hit these criteria or practice black hat SEO will likely see significant losses.

This update does not particularly target specific types of websites in fact, the goal of a core update is to improve the quality of the search engine results and make sure every result is relevant to every user by assessing the overall content in the SERPs.

SERP Volatility

Checking the SERP sensors from our various tools, it is noticeable that there were drastic movements in the SERPs, starting from the day after Google released their new broad core update. Below is a snapshot of Semrush’s Sensor:

Snapshot of SEMRush's SERPS sensor, the weeks after the March 2023 Core Update

Diagnosing an Algorithm Update

Since the algorithm changes in a core update aren’t detailed or explained in any of Google’s official documents, it can be hard to tell if your website has been hit by them.

And, because the updates are made in broader strokes than more specific changes to Google, I’ve found that pages that suddenly drop in the SERPs don’t necessarily have anything ‘wrong’ with them–it might just be that your competition better fits what Google is looking for currently. 

All in all, it can be difficult to diagnose whether the losses (or gains) you’re experiencing now are due to the March 2023 Core Update. That said, I understand that those doing less well after this rollout are feeling the need to do something about it. 

So, what SEO checklist should you look at to narrow it down? 

The Timing

First, check when your pages dropped in ranking or traffic. If it happened within a day or two of the rollout, then there’s a good chance that Google’s algorithms have changed in a way that prefers other sites’ content over yours. 

But, there are a few cases where unfortunate timing for landing page optimizations, website revamps, or any other significant changes on your site were made–which can also be the root cause of your problems. 

This is when I recommend digging around in your webmaster’s tools.

Search Console

The next step is to check your Google Search Console performance tab. This is where you can find if your impressions and clicks dropped off for specific landing pages. 

If significant drops are aligned with the initial rollout date (March 15, 2023) or the official finish date (March 28, 2023), then it’s likely caused by the Core Update.

If so, I suggest looking at the affected landing pages and keywords. You can also look at the ‘Search Appearance’ filter to see which rich results are showing for your site. Segmenting this data can help you understand what keyword clusters or specific site areas were hit by the update.

Analytics

Your Google Analytics profile is another tool I suggest you check. You can combine its data with the insights you found on Google Search Console to see what aspects or content of your website you need to work on.

Go to the Behavior category, and check on your Landing Pages report. Filter the results by ‘Organic Traffic’ to narrow down the data. Here, you can continue to dig into the issues that were revealed to you in your Google Search Console Data.

Use this to benchmark your website’s performance against previous dates, as well.

Competitor Analysis

Performing Competitor Analysis either manually or through SEO tools (such as SE Ranking, Semrush, or Ahrefs) can also highlight what your website is currently missing.

Take a look at your competitors–what are they doing that you currently aren’t? Ask yourself these questions:

  1. Do they have higher quality content than what you have currently published?
  2. Do they have higher-quality link-building efforts than you?
  3. Do they have greater keyword coverage for the products and services you’re offering?
  4. Are these things you can add to or improve on your website?

Sitewide Effects

Core updates often have a sitewide impact–which means they often affect most of your pages, though not every single page on the site. 

If you notice changes on just one page, this is probably not due to a Google core update.

How Can I Optimize My Website With The March 2023 Core Update?

Similar to previous core updates, Google did not provide any specific information about their recent algorithm changes. As a result, there is no definitive procedure on how you can optimize your website following this update. Instead, you’ll have to look at holistic changes to your website and its content.

Google mentioned in their page quality guidelines that practicing E-E-A-T (Experience, Expertise, Authoritativeness, and Trustworthiness) is one of the important things you need to consider to maintain good quality content in the SERPs. 

If you’re interested in understanding how to recover from a broad core algorithm update, I have a few key SEO practices to help you:

Improve user experience

This is one of the relevant factors Google considers since they are user-centric. Letting users navigate your website easily will make you gain a high engagement rate online. These are the vital recommendations and some tools I would suggest for you to maintain and improve your website user experience:

  • Ensure your website is mobile-friendly: you can check your website’s mobile-friendliness through Google Search Console’s Mobile-Friendly Test.
  • Improve page speed: You can use PageSpeed Insights to check your website’s speed on mobile and desktop. This tool also suggests improvements and factors you need to improve on or avoid on your website.
  • Improve Readability: check your website regularly and make sure the font details and the positioning of the texts are readable and uniform. 
  • Improve accessibility and navigation: make sure your website is accessible and navigational to all kinds of users. This includes providing descriptive alt text on images, closed captions on videos, and ensuring compatibility for text, visuals, buttons, etc. on all types of screens.
  • Avoid using intrusive ads or pop-ups: this may lower users’ perception of your website, or distract them–both will reduce engagement. Additionally, make sure your website is secure from any kind of online threat.

Create high quality content

Creating high-quality content will always be a must for ranking high and ensuring Google finds your website authoritative. 

I’ve written a guide on how to write helpful, informative content (following Google’s most recent content update) if you want to improve your content strategy or revisit your old blogs and landing pages. 

Other standard practices you might have to double-check on your website are keyword stuffing, readability, duplicate content, scraped content, and relevance to users. Not following what we consider good practices in these areas can harm your credibility as a website. 

If you ever have trouble refreshing your old work or generating new content, you have the option of using generative AI. Tools like ChatGPT and Jasper can help you lessen the time and effort spent on updating your content–though use these tools carefully. 

Make sure to proofread and fact-check (as AI tools are never 100% accurate when it comes to data), and add your unique insight and expertise to what they generate. Doing so makes all the difference for your rankings. 

Other tools, like Bing AI, can also help generate content, though not on the same level as tools specifically designed for copywriting. Unlike ChatGPT, however, it does have access to the internet and is integrated with OpenAI’s GPT-4. So it can create more informative or insightful answers for you.

Refrain from doing Black Hat SEO

Websites that practice Black Hat SEO may experience spikes in traffic and ranking–but these are inconsistent. And, these practices essentially set you up for future penalization. 

Common black hat practices are using hidden headings, texts, or links, duplicating content, spamming, keyword stuffing, and cloaking content or URLs. 

Websites that take advantage of these methods will eventually drop off the SERPs, despite the initial visibility boost they can provide. 

How Long Will it Take to Recover from the March 2023 Core Update?

SEO, no matter what strategy you decide to use, takes time to show results. It’s why I don’t suggest you wait when it comes to recovering from a core update. Starting right away by reviewing your website and auditing your content will help you stay ahead of the competition and minimize losses as quickly as possible. 

Key Takeaway

Google is and will always be user-centric. Changes like the March 2023 core update are meant to improve user satisfaction, and push people-first content to the top of the SERPs. 

If you’re one of the many SEO specialists scrambling after this core update, it’s time to step back and start creating a plan. You should focus on improving your website as a whole. 

There is no silver bullet to recovering from this, or to jumping back to your initial position. Instead, this update calls for a thorough sweep through your website and analyzing where to improve. If you have not started practicing this, then I encourage you to.



Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

SEO

Research Shows Tree Of Thought Prompting Better Than Chain Of Thought

Published

on

By

Research Shows Tree Of Thought Prompting Better Than Chain Of Thought

Researchers discovered a way to defeat the safety guardrails in GPT4 and GPT4-Turbo, unlocking the ability to generate harmful and toxic content, essentially beating a large language model with another large language model.

The researchers discovered that the use of tree-of-thought (ToT)reasoning to repeat and refine a line of attack was useful for jailbreaking another large language model.

What they found is that the ToT approach was successful against GPT4, GPT4-Turbo, and PaLM-2, using a remarkably low number of queries to obtain a jailbreak, on average less than thirty queries.

Tree Of Thoughts Reasoning

A Google research paper from around May 2022 discovered Chain of Thought Prompting.

Chain of Thought (CoT) is a prompting strategy used on a generative AI to make it follow a sequence of steps in order to solve a problem and complete a task. The CoT method is often accompanied with examples to show the LLM how the steps work in a reasoning task.

So, rather than just ask a generative AI like Midjourney or ChatGPT to do a task, the chain of thought method instructs the AI how to follow a path of reasoning that’s composed of a series of steps.

Tree of Thoughts (ToT) reasoning, sometimes referred to as Tree of Thought (singular) is essentially a variation and improvement of CoT, but they’re two different things.

Tree of Thoughts reasoning is similar to CoT. The difference is that rather than training a generative AI to follow a single path of reasoning, ToT is built on a process that allows for multiple paths so that the AI can stop and self-assess then come up with alternate steps.

Tree of Thoughts reasoning was developed in May 2023 in a research paper titled Tree of Thoughts: Deliberate Problem Solving with Large Language Models (PDF)

The research paper describes Tree of Thought:

“…we introduce a new framework for language model inference, Tree of Thoughts (ToT), which generalizes over the popular Chain of Thought approach to prompting language models, and enables exploration over coherent units of text (thoughts) that serve as intermediate steps toward problem solving.

ToT allows LMs to perform deliberate decision making by considering multiple different reasoning paths and self-evaluating choices to decide the next course of action, as well as looking ahead or backtracking when necessary to make global choices.

Our experiments show that ToT significantly enhances language models’ problem-solving abilities…”

Tree Of Attacks With Pruning (TAP)

This new method of jailbreaking large language models is called Tree of Attacks with Pruning, TAP. TAP uses two LLMs, one for attacking and the other for evaluating.

TAP is able to outperform other jailbreaking methods by significant margins, only requiring black-box access to the LLM.

A black box, in computing, is where one can see what goes into an algorithm and what comes out. But what happens in the middle is unknown, thus it’s said to be in a black box.

Tree of thoughts (TAP) reasoning is used against a targeted LLM like GPT-4 to repetitively try different prompting, assess the results, then if necessary change course if that attempt is not promising.

This is called a process of iteration and pruning. Each prompting attempt is analyzed for the probability of success. If the path of attack is judged to be a dead end, the LLM will “prune” that path of attack and begin another and better series of prompting attacks.

This is why it’s called a “tree” in that rather than using a linear process of reasoning which is the hallmark of chain of thought (CoT) prompting, tree of thought prompting is non-linear because the reasoning process branches off to other areas of reasoning, much like a human might do.

The attacker issues a series of prompts, the evaluator evaluates the responses to those prompts and then makes a decision as to what the next path of attack will be by making a call as to whether the current path of attack is irrelevant or not, plus it also evaluates the results to determine the likely success of prompts that have not yet been tried.

What’s remarkable about this approach is that this process reduces the number of prompts needed to jailbreak GPT-4. Additionally, a greater number of jailbreaking prompts are discovered with TAP than with any other jailbreaking method.

The researchers observe:

“In this work, we present Tree of Attacks with Pruning (TAP), an automated method for generating jailbreaks that only requires black-box access to the target LLM.

TAP utilizes an LLM to iteratively refine candidate (attack) prompts using tree-of-thoughts reasoning until one of the generated prompts jailbreaks the target.

Crucially, before sending prompts to the target, TAP assesses them and prunes the ones unlikely to result in jailbreaks.

Using tree-of-thought reasoning allows TAP to navigate a large search space of prompts and pruning reduces the total number of queries sent to the target.

In empirical evaluations, we observe that TAP generates prompts that jailbreak state-of-the-art LLMs (including GPT4 and GPT4-Turbo) for more than 80% of the prompts using only a small number of queries. This significantly improves upon the previous state-of-the-art black-box method for generating jailbreaks.”

Tree Of Thought (ToT) Outperforms Chain Of Thought (CoT) Reasoning

Another interesting conclusion reached in the research paper is that, for this particular task, ToT reasoning outperforms CoT reasoning, even when adding pruning to the CoT method, where off topic prompting is pruned and discarded.

ToT Underperforms With GPT 3.5 Turbo

The researchers discovered that ChatGPT 3.5 Turbo didn’t perform well with CoT, revealing the limitations of GPT 3.5 Turbo. Actually, GPT 3.5 performed exceedingly poorly, dropping from 84% success rate to only a 4.2% success rate.

This is their observation about why GPT 3.5 underperforms:

“We observe that the choice of the evaluator can affect the performance of TAP: changing the attacker from GPT4 to GPT3.5-Turbo reduces the success rate from 84% to 4.2%.

The reason for the reduction in success rate is that GPT3.5-Turbo incorrectly determines that the target model is jailbroken (for the provided goal) and, hence, preemptively stops the method.

As a consequence, the variant sends significantly fewer queries than the original method…”

What This Mean For You

While it’s amusing that the researchers use the ToT method to beat an LLM with another LLM, it also highlights the usefulness of ToT for generating surprising new directions in prompting in order to achieve higher levels of output.

  • TL/DR Takeaways:
  • Tree of Thought prompting outperformed Chain of Thought methods
  • GPT 3.5 worked significantly poorly in comparison to GPT 4 in ToT
  • Pruning is a useful part of a prompting strategy
  • Research showed that ToT is superior to CoT in an intensive reasoning task like jailbreaking an LLM

Read the original research paper:

Tree of Attacks: Jailbreaking Black-Box LLMs Automatically (PDF)

Featured Image by Shutterstock/THE.STUDIO

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

SEO

The Lean Guide (With Template)

Published

on

The Lean Guide (With Template)

A competitive analysis (or market competitive analysis) is a process where you collect information about competitors to gain an edge over them and get more customers.

However, the problem is that “traditional” competitive analysis is overkill for most businesses — it requires impractical data and takes too long to complete (and it’s very expensive if you choose to outsource). 

A solution to that is a lean approach to the process — and that’s what this guide is about. 

In other words, we’ll focus on the most important data you need to answer the question: “Why would people choose them over you?”. No boring theory, outtakes from marketing history, or spending hours digging up nice-to-have information.

In this guide, you will find:

  • A real-life competitive analysis example.
  • Templates: one for input data and one for a slide deck to present your analysis to others.
  • Step-by-step instructions.

Our template consists of two documents: a slide deck and a spreadsheet. 

The Slide deck is the output document. It will help you present the analysis to your boss or your teammates.

The spreadsheet is the input document. You will find tables that act as the data source for the charts from the slide deck, as well as a prompt to use in ChatGPT to help you with user review research.

Competitive analysis template — spreadsheet sneak peek.Competitive analysis template — spreadsheet sneak peek.

We didn’t focus on aesthetics here; every marketer likes to do slide decks their own way, so feel free to edit everything you’ll find there. 

With that out of the way, let’s talk about the process. The template consists of these six tasks: 

  1. Identify your direct competitors. 
  2. Compare share of voice. 
  3. Compare pricing and features.
  4. Find strong and weak points based on reviews.
  5. Compare purchasing convenience.
  6. Present conclusions.

Going forward, we’ll explain why these steps matter and show how to complete them. 

1. Identify your direct competitors

Direct competitors are businesses that offer a similar solution to the same audience. 

They matter a lot more than indirect competitors (i.e. businesses with different products but targeting the same audience as you) because you’ll be compared with them often (e.g. in product reviews and rankings). Plus, your audience is more likely to gravitate towards them when considering different options. 

You probably have a few direct competitors in mind already, but here are a few ways to find others based on organic search and paid search ads

Our basis for the analysis was Landingi, a SaaS for building landing pages (we chose that company randomly). So in our case, we found these 3 direct competitors. 

Slide 1 — direct competitors.Slide 1 — direct competitors.

Look at keyword overlap

Keyword overlap uncovers sites that target the same organic keywords as you. Some sites will compete with you for traffic but not for customers (e.g. G2 may share some keywords with Landingi but they’re a different business). However, in many cases, you will find direct competitors just by looking at this marketing channel. 

  • Go to Ahrefs’ Site Explorer and enter your site’s address. 
  • Scroll down to Organic competitors
  • Visit the URLs to pick 3 – 5 direct competitors.
Top organic competitors data from Ahrefs.Top organic competitors data from Ahrefs.

To double-check the choice of competitors, we also looked at who was bidding for search ads on Google.

See who’s advertising 

If someone is spending money to show ads for keywords related to what you do, that’s a strong indication they are a direct competitor. 

  • Go to Ahrefs’ Keywords Explorer.
  • Type in a few broad keywords related to your niche, like “landing page builder” or “landing page tool”. 
  • Go to the Ads history report. 
  • Visit the sites that have a high presence of ads in the SERPs (Search Engine Result Pages). 
Ads history report in Ahrefs' Keywords Explorer.Ads history report in Ahrefs' Keywords Explorer.

Once you’re done checking both reports, write down competitors in the deck. 

You can also take screenshots of the reports and add them to your deck to show the supporting data for your argument. 

 Slide 2 — direct competitors by organic traffic. Slide 2 — direct competitors by organic traffic.

2. Compare share of voice

Share of voice is a measure of your reach in any given channel compared to competitors. 

A bigger share of voice (SOV) means that your competitors are more likely to reach your audience. In other words, they may be promoting more effectively than you. 

In our example, we found that Landingi’s SOV was the lowest in both of these channels. 

Organic: 

Slide 3 — share of voice on Google Search.Slide 3 — share of voice on Google Search.

And social media:

 Slide 4 — share of voice on social media. Slide 4 — share of voice on social media.

Here’s how we got that data using Ahrefs and Brand24.

Organic share of voice 

Before we start, make sure you have a project set up in Ahrefs’ Rank Tracker

Create a new project in Ahrefs' Rank Tracker.Create a new project in Ahrefs' Rank Tracker.

Now: 

  • Go to Ahrefs’ Competitive Analysis and enter your and your competitors’s sites as shown below. 
Create a new project in Ahrefs' Rank Tracker.
Create a new project in Ahrefs' Rank Tracker.
  • On the next screen, set the country with the most important market for your business and set the filters like this:
Content gap analysis filter setup.Content gap analysis filter setup.
  • Select keywords that sound most relevant to your business (even if you don’t rank for them yet) and Add them to Rank Tracker
Common keywords found via Ahrefs' Competitive Analysis.Common keywords found via Ahrefs' Competitive Analysis.
  • Go to Rank Tracker, open your project, and look for Competitors/Overview. This report will uncover automatically calculated Share of Voice
Organic share of voice data in Ahrefs.Organic share of voice data in Ahrefs.
  • Add the numbers in corresponding cells inside the sheet and paste the graph inside the slide deck. 
Filling the share of voice template with data.Filling the share of voice template with data.

It’s normal that the numbers don’t add up to 100%. SOV is calculated by including sites that compete with you in traffic but are not your direct competitors, e.g. blogs. 

Social share of voice 

We can also measure our share of voice across social media channels using Brand24.

  • Go to Brand24.
  • Start a New project for your brand and each competitor. Use the competitors’ brand name as the keyword to monitor. 
  • Go to the Comparison report and compare your project with competitors. 
Using Brand24's Comparison tool for competitive analysis.Using Brand24's Comparison tool for competitive analysis.
  • Take a screenshot of the SOV charts and paste them into the slide deck. Make sure the charts are set to “social media”.
Social media tab in share of voice report.Social media tab in share of voice report.

3. Compare pricing and features

Consumers often choose solutions that offer the best value for money — simple as that. And that typically comes down to two things: 

  • Whether you have the features they care about. We’ll use all features available across all plans to see how likely the product is to satisfy user needs.
  • How much they will need to pay. Thing is, the topic of pricing is tricky: a) when assessing affordability, people often focus on the least expensive option available and use it as a benchmark, b) businesses in the SaaS niche offer custom plans. So to make things more practical, we’ll compare the cheapest plans, but feel free to run this analysis across all pricing tiers.

After comparing our example company to competitors, we found that it goes head-to-head with Unbounce as the most feature-rich solution on the market. 

Slide 5 — features vs. pricing.Slide 5 — features vs. pricing.

Here’s how we got that data. 

  • Note down your and your competitors’ product features. One of the best places to get this information is pricing pages. Some brands even publish their own competitor comparisons — you may find them helpful too. 
  • While making the list, place a “1” in the cell corresponding to the brand that offers the solution.
Filling data in the spreadsheet.Filling data in the spreadsheet.
  • Enter the price of the cheapest plan (excluding free plans). 
Adding pricing data inside the spreadsheet.Adding pricing data inside the spreadsheet.
  • Once finished, copy the chart and paste it inside the deck. 

4. Find strong and weak points based on user reviews

User reviews can show incredibly valuable insight into your competitors’ strong and weak points. Here’s why this matters:

  • Improving on what your competitors’ customers appreciate could help you attract similar customers and possibly win some over.
  • Dissatisfaction with competitors is a huge opportunity. Some businesses are built solely to fix what other companies can’t fix. 

Here’s a sample from our analysis: 

 Slide 6 — likes and dislikes about Competitors. Slide 6 — likes and dislikes about Competitors.

And here’s how we collated the data using ChatGPT. Important: repeat the process for each competitor.

  • Open ChatGPT and enter the prompt from the template.
ChatGPT prompt for competitive analysis.ChatGPT prompt for competitive analysis.
  • Go to G2, Capterra, or Trustpilot and find a competitor’s reviews with ratings from 2 – 4 (i.e. one rating above the lowest and one below the highest possible). Reason:

businesses sometimes solicit five-star reviews, whereas dissatisfied customers tend to leave one-star reviews in a moment of frustration. The most actionable feedback usually comes in between.

  • Copy and paste the content of the reviews into ChatGPT (don’t hit enter yet). 
  • Once you’re done pasting all reviews, hit enter in ChatGPT to run the analysis.
Sample of ChatGPT output with charts.Sample of ChatGPT output with charts.
  • Paste the graphs into the deck. If you want the graphs to look different, don’t hesitate to ask the AI. 

There’s a faster alternative, but it’s a bit more advanced. 

Instead of copy-pasting, you can use a scraping tool like this one to get all reviews at once. The downside here is that not all review sources will a have scraping tool available. 

5. Compare purchasing convenience

Lastly, we’ll see how easy it is to actually buy your products, and compare the experience to your competitors. 

This is a chance to simplify your checkout process, and even learn from any good habits your competitors have adopted.

For example, we found that our sample company had probably nothing to worry about in this area — they ticked almost all of the boxes. 

Slide 7 — purchasing convenience.Slide 7 — purchasing convenience.

Here’s how to complete this step:

  • Place a “1” if you or any of your competitors offer convenience features listed in the template. 
  • Once done, copy the chart and paste it into the deck.

Step 6. Present conclusions

This is the part of the presentation where you sum up all of your findings and suggest a course of action. 

Here are two examples: 

  • Landingi had the lowest SOV in the niche, and that is never good. So the conclusion might be to go a level deeper and do an SEO competitive analysis, and to increase social media presence by creating more share-worthy content like industry surveys, design/CRO tips, or in-house data studies.
  • Although the brand had a very high purchasing convenience score, during the analysis we found that there was a $850 gap between the monthly full plan and the previous tier. The conclusion here might be to offer a custom plan (like competitors do) to fill that gap. 

We encourage you to take your time here and think about what would make the most sense for your business. 

Tip

It’s good to be specific in your conclusions, but don’t go too deep. Competitive analysis concerns many aspects of the business, so it’s best to give other departments a chance to chime in. Just because your competitors have a few unique features doesn’t necessarily mean you need to build them too.

Final thoughts 

A competitive analysis is one of the most fruitful exercises in marketing. It can show you areas for improvement, give ideas for new features, and help you discover gaps in your strategy. It wouldn’t be an exaggeration to say that it’s fundamental to running a successful business. 

Just don’t forget to balance “spying” on your competitors with innovation. After all, you probably don’t want to become an exact copy of someone else’s brand. 

In other words, use competitive analysis to keep up with your competitors, but don’t let that erase what’s unique about your brand or make you forget your big vision. 

Got comments or questions? Ping me on X



Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

SEO

Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Published

on

By

Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server.

MW WP Form Plugin

The MW WP Form plugin helps to simplify form creation on WordPress websites using a shortcode builder.

It makes it easy for users to create and customize forms with various fields and options.

The plugin has many features, including one that allows file uploads using the [mwform_file name=”file”] shortcode for the purpose of data collection. It is this specific feature that is exploitable in this vulnerability.

Unauthenticated Arbitrary File Upload Vulnerability

An Unauthenticated Arbitrary File Upload Vulnerability is a security issue that allows hackers to upload potentially harmful files to a website. Unauthenticated means that the attacker does not need to be registered with the website or need any kind of permission level that comes with a user permission level.

These kinds of vulnerabilities can lead to remote code execution, where the uploaded files are executed on the server, with the potential to allow the attackers to exploit the website and site visitors.

The Wordfence advisory noted that the plugin has a check for unexpected filetypes but that it doesn’t function as it should.

According to the security researchers:

“Unfortunately, although the file type check function works perfectly and returns false for dangerous file types, it throws a runtime exception in the try block if a disallowed file type is uploaded, which will be caught and handled by the catch block.

…even if the dangerous file type is checked and detected, it is only logged, while the function continues to run and the file is uploaded.

This means that attackers could upload arbitrary PHP files and then access those files to trigger their execution on the server, achieving remote code execution.”

There Are Conditions For A Successful Attack

The severity of this threat depends on the requirement that the “Saving inquiry data in database” option in the form settings is required to be enabled in order for this security gap to be exploited.

The security advisory notes that the vulnerability is rated critical with a score of 9.8 out of 10.

Actions To Take

Wordfence strongly advises users of the MW WP Form plugin to update their versions of the plugin.

The vulnerability is patched in the lutes version of the plugin, version 5.0.2.

The severity of the threat is particularly critical for users who have enabled the “Saving inquiry data in database” option in the form settings and that is compounded by the fact that no permission levels are needed to execute this attack.

Read the Wordfence advisory:

Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution

Featured Image by Shutterstock/Alexander_P

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

Trending