Technology

Do You Need to Break Into a Locked Windows 10 Device? Ask Cortana

Posted on

Are You Locked Out Of Your Windows 10 Device

Windows 10

June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates. If you have not, just be sure not to leave your laptop lying around! The patches in this cycle fix a code execution vulnerability using the default settings for Windows and the “Cortana” voice assistant. We’ll detail how this vulnerability can be used to execute code from the locked screen of a fully patched Windows 10 machine (RS3 at the time of our original submission, and confirmed on RS4 prior to this patch cycle). The vulnerability was submitted to Microsoft as part of the McAfee Labs Advanced Threat Research team’s responsible disclosure policy, on April 23. Attribution for this vulnerability submission goes to Cedric Cochin, Cyber Security Architect and Senior Principle Engineer.

In this post, we will address three vectors of research that have been combined by Microsoft and together represent CVE-2018-8140. The first of these is an information leak, but we’ll culminate with a demo showing full code execution to log in to a locked Windows device!

Using “Hey Cortana!” to Retrieve Confidential Information

Personal digital assistants such as Siri, Alexa, Google Assistant, and Cortana have become commodities in many technologically inclined houses. From telling jokes, to helping with the grocery list, to turning on the kitchen lights, these robotic voices are beginning to feel oddly more and more personal as they expand their roles in our daily lives. However, we should consider the increased risk of built-in digital personal assistants when looking at new attack vectors for laptops, tablets, and smartphones. Our research on Microsoft’s Cortana voice assistant began after reading about the “BadUSB” attacks demonstrated by industry researchers. We decided to take this a step further and ended up finding and reporting to Microsoft several issues related to Cortana.

If you have spoken with Cortana, you may have noticed that “she” is very helpful for a number of simple tasks: providing definitions, or looking up corporations, movies, artists, or athletes. She can even do math! In Windows 10, on the most recent build at the time of submission, we observed that the default settings enable “Hey Cortana” from the lock screen, allowing anyone to interact with the voice-based assistant. This led to some interesting behavior and ultimately vulnerabilities allowing arbitrary code execution.

We begin this analysis with a quick look into Windows indexing. If you have ever opened the advanced view of the Windows Indexing control panel, and navigated to the File Types tab, you will see a long list of file extensions. For each of them you will find details about the associated filter used by the indexing process. Essentially you have the “file properties filter” and several other filters that could all be summarized as “file properties and file content filter.”

This means the index process will crack open the files and index their content, including some strings present in these documents. Let’s keep that in mind for later as we continue.

Using this knowledge, we wanted to try to access the same menu that you would see when using a Cortana search on an unlocked device.

This will come as a surprise and lies at the core of all the issues we found, but simply typing while Cortana starts to listen to a query on a locked device will bring up a Windows contextual menu, as shown below:

On top: the result of typing “pas” in the Cortana search field on an unlocked computer. Above: the result of asking “Hey Cortana, P A S” and using a whitespace keyboard sequence.

In the preceding example, we queried Cortana for the term pas, no preamble to the question, just speaking the three letters, P. A. S. Why not “pass”? Because Cortana can be quite picky with verbal statements and there is no dictionary definition for “pass,” leading to Cortana inviting us to continue in Edge after unlocking the device. Alternatively, instead of issuing a verbal statement, we could click on the “tap and say” button and just start typing this text, for example.

We now have a contextual menu, displayed on a locked Windows 10 device. What could go wrong?

Remember that all the results presented by Cortana come from indexed files and applications, and that for some applications the content of the file is also indexed. Now we can simply hover over any of the relevant matches. If the match is driven by filename matching, then you will be presented with the full path of the file. If the match is driven by the file content matching, then you may be presented with the content of the file itself.

Keep in mind that the entire user folder structure is indexed, which includes the default location for most documents but also for mappings like OneDrive.

Example of data leakage using voice command with Cortana and the whitespace keyboard sequence.

Armed with this knowledge, you can use your imagination to come up with specific keywords that could be used to start harvesting confidential information from the locked device.

Code Execution from the Windows Lock Screen (User Interaction May be Required)

Next, we asked the question: Could we go a step further and get code execution in the context of the authenticated user? Remember we are using only a combination of voice commands and mouse/touchpad/touchscreen to gain access to the contextual menu at this point. We observed that just by hovering over a file, the full path or content of the file would be displayed. What happens if we were to click on it? That depends on the target. If the file being opened is an application or an executable (such as notepad or calc.exe), the file will run and be accessible only after the user properly logs in. If it is a document, script, or text file, it will be opened by an editor instead of being executed. At this point we can execute various preloaded Windows utilities such as calculator, but we cannot pass any parameters to the command line. We can open scripts including PowerShell, but instead of being executed, they will be opened in a text editor (notepad). The lack of parameters is a limitation for a “live off the land” attack, which uses current tools and content to achieve a malicious purpose; however, there are plenty of malicious activities that could be performed even with these restrictions. For example, many uninstallers will happily remove software without any need for parameters.

Let’s return to our goal: code execution from the lock screen. The only requirement for something to show up in the contextual menu is for it to be indexed.

Public folders indexed by default.

There are multiple ways for an unauthenticated attacker to get results to show up in the index of an authenticated user. One method relies on OneDrive. As the root of the OneDrive directory structure is in the user folder, all the OneDrive content is indexed by default. Basically, if you ever share a folder or file with “edit” rights, the person you share it with, as well as any other recipients of a forwarded link, can now drop a file that will be indexed. With the file indexed we have multiple options to proceed.

Option 1: Drop an Executable File

This method assumes you can write an executable file to the disk; it does not require you to have executed it. Via a phishing attack or another vulnerability, an attacker could drop a backdoor (for example, Cobalt Strike Beacon or Meterpreter) and be in business. If you need to execute the payload as an administrator, you can simply right-click (for a touchscreen this is a longer-hold screen press) and select “Run as administrator.”

When running applications that do not have the Auto-Elevate Privilege, you will trigger a user account control (UAC) prompt and nothing will execute. This could still result in a valid attack because users rarely check the content of the prompt and often proceed through the warning dialog box. The attacker would have to execute the program, and then wait for the authenticated user to log in and finish the job. If the application has auto-elevate privileges, there will be no UAC prompt and the application will execute at high integrity.

This is interesting behavior, but on its own not a very likely attack scenario, so let’s continue to explore our options. Why not simply use a USB key to drop the payload because we have physical access? The content of the USB key is not indexed, so it would not be presented as a result of the search query (although there are other ways to use a USB device; see below).

Option 2: Drop a non-PE Payload

Portable executable (PE) backdoors are great, but can we gain execution with a non-PE payload, for example, a PowerShell script?  We can use the same right-click capability to assist, but with a small twist. The right-click menu is not always the same, even for a given file type.

When you ask Cortana about “PS1,” you will be presented with your indexed PowerShell scripts. A right click will allow you to “open file location” or “copy full path,” but with no means of execution.

If you click on the file as we already mentioned, the file will open in edit mode. Curiously, it will not open the default editor (PowerShell ISE) for PowerShell scripts; instead, it will open the script in notepad. We assume this was intended as a security measure because notepad cannot execute scripts, unlike PowerShell ISE.

The default right-click menu for PS1 files.

Remember we mentioned that Cortana changes results based on your input query? When properly logged in, if you ask Cortana about “txt” using the query “Hey Cortana” followed by the letters “T,” “X,” “T,” she will present you with text documents, Notepad, and the most recent documents open by Notepad. Yet the right-click menu for items in the Recent category is different than the right-click menu for the same item in the Documents category.

At top:the context menu for a Recent item; above: the context menu for a Document item.

We follow a three-step process:

Land a PowerShell script in a location that will be indexed Public folder, public share, or OneDrive Execute a search query that will show the document and click on it “Hey Cortana, PS1” Select the PowerShell script you just indexed and left click The PowerShell script opens in Notepad Execute a search query that will show the recent documents, right click, and… Using Cortana, type or search in the contextual menu for “txt” Right click on the PowerShell script in the Recent category under the Apps tab at the top (not Documents) Click “Run with PowerShell”

“Run with PowerShell” right-click menu option for Recent items.

We now have local code execution with the payload of our choosing, without any exploit, even if the device is encrypted, on an up-to-date locked Windows 10 device.

This technique helps us understand some of the differences between apps, documents, extensions, and the way Windows handles them from a locked or unlocked screen. Yet it probably does not represent much of a real-world attack vector. Then again, we are not finished.

Logging into a Locked Device with no User Interaction

Finally, we have local code execution, but with some real limitations. We need to get our payload indexed but we cannot pass command-line parameters. This could be a limiting factor for our PowerShell attack vector because the execution policy may prevent its execution, and without command-line parameters we cannot pass an “-ExecutionPolicy Bypass” (or any other flavor). We would also have to find a way to land a PS1 script on the victim’s box, and have remote access to the physical machine or the login screen.

The techniques we have described so far are far too complicated compared with the simplicity and effectiveness of what comes next.

You recall the use of the keyboard-timing sequence to trigger the contextual search menu from a locked screen while querying Cortana. Any keystroke can trigger the menu from the time when Cortana begins to listen to when the answer is displayed. Press any key at this point; we like to use the spacebar because you cannot backspace and Windows will nicely ignore or trim out the space in its text results anyways. Invoke keyboard input too early or before Cortana is listening and you will be prompted to enter your password; invoke too late and Cortana goes back to sleep or returns normal results without a context menu.

It is not very intuitive to use the keyboard in addition of voice commands, but you can type your search the same way you do on an unlocked device, assuming that you triggered Cortana to listen.

The following screenshot demonstrates this behavior:

Trigger Cortana via “Tap and Say” or “Hey Cortana” Ask a question (this is more reliable) such as “What time is it?” Press the space bar, and the context menu appears Press esc, and the menu disappears Press the space bar again, and the contextual menu appears, but this time the search query is empty Start typing (you cannot use backspace). If you make a mistake, press esc and start again. When done (carefully) typing your command, click on the entry in the Command category. (This category will appear only after the input is recognized as a command.) You can always right click and select “Run as Administrator” (but remember the user would have to log in to clear the UAC)

You can use the following example of a simple PowerShell command to test. Enjoy the soothing beeps that demonstrate code execution from a locked device.

What can we do at this point? You name it. Our demo shows a password reset and login on a Windows 10 build, using only this simple technique.

The easiest mitigation technique, in the absence of patching the device (which we strongly recommend), is to turn off Cortana on the lock screen. This week’s Patch Tuesday from Microsoft contains fixes for these issues under CVE-2018-8140.

This concludes our examination of Cortana (at least for now). The McAfee Advanced Threat Research team has a fundamental goal of eliminating critical threats to the hardware and software we use; this month’s patch is a clear step toward furthering that goal. The attack surface created by vocal commands and personal digital assistants requires much more investigation; we are just scratching the surface of the amount of research that should be conducted in this critical area.

A team of several independent researchers also discovered and disclosed this vulnerability around the time of our submission. Additional credit for this discovery goes to: Ron Marcovich, Yuval Ron, Amichai Shulman and Tal Be’ery. Their names are also on the Microsoft disclosure page.

The post Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140) appeared first on McAfee Blogs.

Read more: securingtomorrow.mcafee.com

Marketing

Indexing Sites For Conferences Large Site Crawl Paths

Posted on
Internal Linking

Internal Linking And Indexing Sites For Conferences

Posted by Tom.Capper

By now, you’ve probably heard as much as you can bear about mobile first indexing. For me, there’s been one topic that’s been conspicuously missing from all this discussion, though, and that’s the impact on internal linking, indexing sites for conferences and previous internal linking best practices.

In the past, there have been a few popular methods for providing crawl paths for search engines — bulky main navigations, HTML sitemap-style pages that exist purely for internal linking, or blocks of links at the bottom of indexed pages. Larger sites have typically used at least two or often three of these methods. I’ll explain in this post why all of these are now looking pretty shaky, and what I suggest you do about it.

Quick refresher: WTF are “internal linking” & “mobile-first,” Tom?

Internal linking is and always has been a vital component of SEO — it’s easy to forget in all the noise about external link building that some of our most powerful tools to affect the link graph are right under our noses. If you’re looking to brush up on internal linking in general, or even indexing sites for conferences, it’s a topic that gets pretty complex pretty quickly, but there are a couple of resources I can recommend to get started:

This top-level Whiteboard Friday from RandThis 30-minute audit guide from me

I’ve also written in the past that links may be mattering less and less as a ranking factor for the most competitive terms, and though that may be true, they’re still the primary way you qualify for that competition.

A great example I’ve seen recently of what happens if you don’t have comprehensive internal linking is eflorist.co.uk. (Disclaimer: eFlorist is not a client or prospective client of Distilled, nor are any other sites mentioned in this post)

eFlorist has local landing pages for all sorts of locations, targeting queries like “Flower delivery in [town].” However, even though these pages are indexed, they’re not linked to internally. As a result, if you search for something like “flower delivery in London,” despite eFlorist having a page targeted at this specific query (which can be found pretty much only through use of advanced search operators), they end up ranking on page 2 with their “flowers under £30” category page:

Indexing Sites For Conferences Internal Linking

¯\_(ツ)_/¯

If you’re looking for a reminder of what mobile-first indexing or even indexing sites for conferences Large Site Crawl Paths is and why it matters, these are a couple of good posts to bring you up to speed:

General guide to mobile-first indexing, by my former colleague Bridget RandolphHow mobile-first indexing disrupts the link graph, by Russ Jones

In short, though, Google is increasingly looking at pages as they appear on mobile for all the things it was previously using desktop pages for — namely, establishing ranking factors, the link graph, and SEO directives as well as internal linking for indexing sites for conferences. You may well have already seen an alert from Google Search Console telling you your site has been moved over to primarily mobile indexing, but if not, it’s likely not far off.

Get to the point: What am I doing wrong?

If you have more than a handful of landing pages on your site, you’ve probably given some thought in the past to how Google can find them and how to make sure they get a good chunk of your site’s link equity. A rule of thumb often used by SEOs is how many clicks a landing page is from the homepage, also known as “crawl depth.”

Mobile-first indexing and indexing sites for conferences impacts this on two fronts:

Some of your links aren’t present on mobile (as is common), so your internal linking simply won’t work in a world where Google is going primarily with the mobile-version of your pageIf your links are visible on mobile, they may be hideous or overwhelming to users, given the reduced on-screen real estate vs. desktop

If you don’t believe me on the first point, check out this Twitter conversation between Will Critchlow and John Mueller:

 

Read more: tracking.feedpress.it

Marketing

This Is How to Design Your eCommerce Site for More Conversions

Posted on
Website Design And eCommerce

To increase conversion rates on your ecommerce website, no part of the user journey can be overlooked. From that initial landing page through checkout, every step a user takes on your website needs to be carefully designed with that final purchase in mind. But building a user path that successfully balances an enjoyable shopping experience with a clear path to conversion is easier said than done.

To help you design a more delightful and intentional conversion path on your ecommerce website, we’ve put together a list of some best practices.

1. Clear Purchase CTAs

Having a clear call-to-action (CTA) is essential to convert website traffic into sales. It’s what turns a visitor into a customer in the shortest amount of time possible. Most CTAs are typically a ‘Buy Now’ or ‘Add to Basket’ style button which stands out from the rest of the page to grab the visitor’s attention and encourage them to click — this can be done by using contrasting colors or design elements.

The wording of the CTA should be kept short and sweet. Phrases such as ‘Buy Now’, ‘Add to Cart’, ‘Checkout Now’, etc. work best. Put simply, the CTA should align with the visitor’s interest; someone on the product page is interested in clicking ‘Buy Now’, whereas someone on a content page will be interested in ‘Reading More’.

You might also want to consider creating a sense of urgency on your ecommerce site. It has been proven that when users feel a sense of urgency when shopping online, conversation rates can increase by up to 332%. This can be done simply by changing the way you word your CTAs — for example, changing ‘Shop Here’ to ‘Shop Now’ could make the difference in pushing the visitor to check out.

Below, you can clearly see how the CTAs stand out from the background.

If the eye is drawn, so is the cursor.

 

2. Simple, One-Click Checkout (For Guests Too)

Although adding clear CTAs to get visitors to add items to their cart is a good step in conversation rates, there is another step which can increase this even more.

By adopting a similar checkout process to Amazon with a one-click checkout process, you can skip the ‘add to cart’ step and have visitors check out quickly and efficiently on the product page. Amazon recently lost their patent for the one-click checkout process, so you are able to implement this onto your own website.

According to a recent blog by Magento, shortening the checkout process to one-click allowed visitors to place an order in 10% of the time it takes in a conventional method, which is a big factor in the percentage of abandoned carts — when visitors simply abandon the checkout process because it takes too long.

If we look at the top five reasons for ecommerce cart abandonment we can see that by eliminating the extra steps required in a traditional checkout process, we will significantly increase the chances of checkout conversion. A recent article by eMarketer reported that just under 75% of shopping carts are abandoned, and even more for mobile users.

Even if you do not want to implement a one-click checkout, it is critical you streamline the checkout process as much as possible by requiring the very minimum data input from the user — Amazon does an excellent job of this with their one-click checkout system, and a well-recognized CTA.

Image result for amazon one click

 

3. Greenbar SSL

It has been shown that shopping cart abandonment dramatically decreases when you display the greenbar SSL on your website. Here is what they look like on different search engines:

Image result for greenbar ssl

The greenbar SSL is essential when conveying a trustworthy and reputable website, as it is something that all major ecommerce sites should have. It is not only a visual cue to the potential customer, but also an important security aspect as well.

Having a greenbar SSL encrypts the visitor’s payment information, which makes it harder for hackers and scam artists to steal their information. Simply put, users do not want to purchase from an unsecure website — the large red X with an unsecured padlock can be a real barrier to converting visitors into sales.

Even Google has started to include SSL certified websites in their SEO ranking, offering up to a 5% increase (a very cheap and easy way to bump up your SEO score).

In a recent test by Blue Fountain Media, two forms were created on their website. One showing a Verisign seal (the right hand side image) and the other without (left).

Through testing they found a 42% increase in conversions on the form containing the Verisign seal, demonstrating that visitors are more inclined to share personal data and convert when they are confident that it is secure.

Visitor anxiety 4. Payment Methods (Visible with PayPal)

There are currently over 200 different ways to pay online that aren’t reliant on a card, including direct debit, bank transfers, digital wallets, e-invoices, digital currencies (such as Bitcoin) and many more.

It is essential to cater to this market when designing your ecommerce website, especially when we consider that these types of transactions are predicted to be over half of all ecommerce payments by 2019, according to a report by Global Payments.

Although it is impossible to have over 200 different payment methods on your website, it is important that you understand your target market and are able to offer payment methods best suited for them. For example, a clothing website where the average spend is £50 may benefit from offering mainly credit and debit card-style payments, whereas a website such as overclockers.co.uk may want to push finance more — as the value of the products being sold is significantly higher.

By providing the top three payments methods in your sector, you can expect to increase your conversion rates by 30% alone. However, it is not as simple as setting your payment methods and forgetting about it — you must analyze the data received from your customers’ checkouts on each payment method and be ready to adjust and tweak them accordingly.

Overclockers does a great job of this by showing all their available options to buy in the product description, and near the CTA.

5. Product or Company Reviews

Reviews are one of the most powerful tools to convert any interest in your product to a sale. Visitors want to hear from other buyers, not only if the product they are interested in is actually any good, but also about the service they received from your website.

By showing reviews directly next to or below the product, you are demonstrating instantly that you are a trustworthy seller. It has been shown that customer recommendations drive between 20% and 50% of all purchasing decisions and that 87% of people believe the reviews they read online on products and services.

It all comes back to reassuring the customer. Without reviews, the customers might ask themselves questions about your website: Why are there no reviews? Is this a genuine site?

Websites such as AO.com and Amazon give customers opportunities for instant feedback on the quality of a product or service, so much so that when it is not shown it can cause concern and worry for potential customers, thus hurting conversion rates.

Again, Amazon leads the way with reviews — it’s the first thing you see when searching for a product, and gives you an instant indication of a product’s quality.

6. Well-Selected Imagery

Excellent photography of either the product or service you are selling is pivotal when trying to push more sales on your ecommerce website — as the old saying goes, ‘a picture is worth a 1000 words’. We’ve written on this very subject and its importance in all sectors.

Humans by their very nature are visual beings. We often look at pictures and graphic elements before reading the information about a product — it is what initially grabs our attention. You need to ensure you have the best possible photos of your product, as well as a good range of images covering all angles and details. This gives the buyer confidence in what the product is, the quality, and what they are to expect when they receive it.

On the other hand, if you have low quality pictures, no zoom function, and a lack of detail shots, you can leave your potential customer anxious, asking themselves if you perhaps have something to hide? Maybe the product is fake? Why are the images bad quality? These are all enough to potentially deter a visitor from converting.

Data shows that visitors don’t actually read the information on your websites, just 16% of readers will actually go through the entire page and read it word for word, while over 75% will just skim for snippets of information and photographs.

It is also worth noting that by creating good quality images you have more chance of them being shared on social media. Studies show that 74% of people rely on their social media networks for information about purchasing decisions.

7. Mobile Optimized

Over 50% of all web traffic is now mobile. With this number increasing drastically year over year, it is essential that your ecommerce site is mobile friendly.

In 2015, Google officially declared that mobile searches outnumbered those on desktop. When you consider that mobile shopping carts are abandoned much more than on desktops, users abondon websites if they don’t load in under three seconds, and users want to check out quickly while on the move, you’ll quickly realize it’s critical your website is optimized for mobile. A mobile-optimized website will lead to a massive uptake in conversion rates.

Having a simple checkout process is even more important on mobile than it is on desktop. Users are working with a significantly smaller screen, so the less distractions the better. Keep it simple. Users want to add the item to their cart, pay, and get out. This can be done by stripping back any unnecessary elements for mobile and directing the user down a simple and easy to follow path towards checkout.

It is also important to remember the unreliable nature of phone data. With phone signal dropping in a split second reducing users download speeds to a snail’s pace, it is imperative that your mobile optimized site has the smallest possible page size, meaning fast load times even on a slow internet connection. Simple steps like this can make the difference between converting sales on mobile and not.

8. Concise and Effective Product Descriptions

Product descriptions are a key tool in your ecommerce selling arsenal. Without effective product descriptions that sell the product to your customer base, you are losing out on click-through rates and purchases.

Having a boring or unclear product description isn’t going to cut it — your customers will switch their attention off and won’t be interested in purchasing. That’s why it’s vital to focus on your ideal buyer and target them personally, with words and descriptions that relate to them — doing this gives your customer a sense that you understand their wants and needs, which ultimately makes them feel more confident in choosing to purchase from you.

While we’re talking about instilling confidence in your customers, it is crucial to avoid using cliché phrases such as ‘excellent quality’, ‘genuine’ etc. These are all things that your customer should already know by your excellent product photos, slick website, and efficient checkout process that we have already covered. Trying to convince your potential customer that your product is ‘excellent quality’ gives the impression that you might have something to hide and are trying too hard to convince them what you’re selling is indeed good quality.

Above all, the most important factor to consider when writing your product descriptions is to keep it concise. As we mentioned earlier, users of your website will skim read and anything longer than a few lines is either going to get ignored or skipped over. If you do have a large amount of information that you need to convey to your customer, you might consider hiding it behind a ‘read more’ button or cutting it down in easy-to-digest bullet points.

Overclockers does really well with their product descriptions — although they aren’t the most personal. They are concise and to the point, but also offer tons of information (if you want it) by scrolling further down the page.

9. Minimal Layout

Creating an easy to follow and cohesive journey from homepage to checkout is one of the most important factors when looking at bounce and conversion rates, as a study by EyeQuant showed websites that adopt a cleaner look (more white space, bigger images, less text etc.) saw significantly less bounce rate and higher conversion rates than those that had a more complicated website.

While it might seem daunting to think about redesigning your ecommerce site to be more minimalistic, it is actually relatively straightforward if you follow a few simple rules:

Focus on product imagery with less design elements and distractions on product pages. Direct your customers to the add to cart, purchase or checkout with large CTA buttons that stand out. Test your website — this is often forgotten but it’s crucial you make sure your checkout process is as slick on your brand new iMac or iPhone as it is on a five year old desktop PC running Internet Explorer or old smartphone. Limit your colors. Again, the less distractions the better. Get your user focused on the product itself, then onto the checkout button. Less is more. If the product page still works without it, then lose it. It’s all about focusing the customer towards the end goal — checkout!

If you follow these four steps to rework your product pages, you will see a significant increase in checkout completion and a drop in bounce rates.

Read more: blog.hubspot.com

Online Services

70% OFF Website Hosting Cost From Siteground

Posted on

70% Off Siteground Hosting Packages Ends Soon 

This is a friendly reminder that our big Back to Business Sale is in effect until September 9th. All new clients can get great web hosting deals at up to 70% off! Hurry while it lasts.

Is your website hosting speed loosing you customers and are you paying a high website hosting cost? A slow loading site can truely influence your customer retention and sales of your products/services. There are many factors to slow page speed but the main one is your hosting accounts.

Siteground is a leading website hosting company with lightning fast servers no matter what level your account is on. They endevour to bring fast site speed to thier customers because they know how important this asset is for marketers and website owners. Their website hosting cost is the best you will get anywhere else and right now they are having a sale for 70% off the cost of whatever package you purchase which is unheard of untill now. Not only are they the best priced hosting company around but now they are giving deals of 70% OFF. WOW!

Since I have been using Siteground my sites have been more stable and faster than ever before and some of my sites are over ten years old so I do know lots about hosting and hosting companies. Not only is their website hosting cost truely affordable for Siteground also have the best support I have ever come across. No waiting around for your ticket to be answered in 24 hours or so but INSTANT 24/7 service via their chat support which has allowed me to really get things done. The longest I have ever waited for support is about two minutes and that was a long wait. They will help you with almost anything that your site requires within their scope.

Don’t miss out their super 70% OFF sale which is only for a short time and lock in your hosting for the next year or so. I know I will be.

Heres the link to Sitegrounds super 70% OFF Sale below. This is a friendly reminder that our big Back to Business Sale is in effect until September 9th. All new clients can get great web hosting deals at up to 70% off! Hurry while it lasts.

 

CLICK HERE FOR  70% OFF SITEGROUND HOSTING PACKAGES

 

Heres A Little Info About This Fantastic Hosting Company And Their Website Hosting Cost

  • SiteGround has three plans and one can sign for any of them with a great discount 70% as we speak
  • The StartUp plan is perfect for people with one website that are starting now
  • The GrowBig plan is a great value for money offer, including the option for multiple websites and the SuperCacher that greatly improves a WordPress and Joomla website speed
  • The GoGeek plan is perfect for people with e-commerce and larger sites, or more geeky development needs like staging and GIT integration

We load websites faster!

SPEED

The results below are based on tests with real accounts on 12 of the most popular web hosts on the market: Bluehost, HostGator, iPage, Fatcow, Justhost, AsmallOrange, InMotion, WebhostingHub, Arvixe, GoDaddy, GreenGeeks and A2Hosting.

Loading speed

We load websites faster!

  • Industry average loading time: 4,7 sec
  • Our loading time without cache: 1,7 sec
  • Our loading time with cache: 1,3 sec

Website Hosting Cost Site Speed

Siteground Website Hosting
We have used Pingdom to test the loading time of identical WordPress websites hosted on the 12 different hosting companies. The faster loading result for SiteGround was achieved with the SuperCacher switched on for the website.

We can handle more traffic!

  • Industry average hits handled: 2852
  • Without cache we handle 3 times more: 8276
  • With cache we can handle: over 230 000

Great Website Hosting Cost

Website Hosting Cost
Apart from loading speed, we have tested how many hits can be successfully handled in two minutes by each of the 12 accounts with the same test WordPress website. The test was done with the help of the Siege testing and benchmark utility. The higher number of handled hits by SiteGround was achieved with the SuperCacher switched on for the website.

 

  • The GoGeek plan is perfect for people with e-commerce and larger sites, with low website hosting cost compared to other hosting companies and more geeky development needs like staging and GIT integration

How to Use Hosting Sign Up Step 1

Step 2. Choosing Domain

Clients can choose to buy a new domain, or sign up with an existing domain. With The GroeBig and GoGeek plans, clients recieve a free website transfer, which is included in these two plans.

How to Use Hosting Sign Up Step 2

Step 3. Review and Complete

Unlike many other hosting providers our advertised discount applies to any of the initial periods chosen during the sign up process. Being able to get the low price for the one year period is a fact that increases conversions greatly in comparison to other providers where the lowest monthly price applies only for the longest period. So highlighting this fact may strongly increase your conversions.

CLICK HERE FOR 70% OFF SITEGROUND HOSTING PACKAGES

 

Web Hosting

Marketing

Content Writing Too In-Depth Is Like Throwing Money Down The Toilet

Posted on

In Depth Content Writing Is A Google Friendly Must Do Task

Content writing

Do you have people telling you that you need to write in-depth content because that’s what Google wants.

And it’s true… the average page that ranks on page 1 of Google contains 1,890 words.

word count

But you already know that.

The question is, should you be applying content writing 2,000-word articles? 5,000? Or maybe even go crazy and create ultimate guides that are 30,000 words?

What’s funny is, I have done it all.

I’ve even tested out adding custom images and illustrations to these in-depth articles to see if that helps.

And of course, I tested if having one super long page with tens of thousands of words or having multiple pages with 4,000 or 5,000 words is better.

So, what do you think? How in-depth should your content writing be?

Well, let’s first look at my first marketing blog, Quick Sprout.

Short articles don’t rank well

With Quick Sprout, it started off just like any normal blog.

I would write 500 to 1,000-word blog posts and Google loved me.

Just look at my traffic during January 2011.

quicksprout 2011

As you can see, I had a whopping 67,038 unique visitors. That’s not too bad.

Even with the content writing being short, it did fairly well on Google over the years.

But over time, more marketing blogs started to pop up, competition increased, and I had no choice but to write more detailed content.

I started writing posts that were anywhere from 1,000 to a few thousand words. When I started to do that, I was able to rapidly grow my traffic from 67,038 to 115,759 in one year.

quicksprout 2012

That’s a 72.67% increase in traffic in just 1 year.

It was one of my best years, and all I had to do was write longer content.

So naturally, I kept up with the trend and continually focused on longer content.

But as the competition kept increasing, my traffic started to stagnate, even though I was producing in-depth content.

Here are my traffic stats for November 2012 on Quick Sprout.

quicksprout 2012

I understand that Thanksgiving takes place in November, hence traffic wasn’t as high as it could be. But still, there really wasn’t any growth from January to November of 2012.

In other words, writing in-depth content that was a few thousand words max wasn’t working out.

So what next?

Well, my traffic had plateaued. I had to figure something else out.

Writing longer, more in-depth content had helped me before… so I thought, why not try the 10x formula.

I decided to create content 10 times longer, better, and more in-depth than everyone else. I was going to the extreme because I knew it would reduce the chance of others copying me.

Plus, I was hoping that you would love it as a reader.

So, on January 24, 2013, I released my first in-depth guide.

It was called The Advanced Guide to SEO.

advanced guide to seo

It was so in-depth that it could have been a book.

Literally!

Heck, some say it was even better than a book as I paid someone for custom illustration work.

Now let’s look at the traffic stats for January 2013 when I published the guide.

quicksprout 2013

As you can see my traffic really started to climb again.

I went from 112,681 visitors in November to 244,923 visitors in January. Within 2 months I grew my traffic by 117%.

That’s crazy!!!!

The only difference: I was creating content that was so in-depth that no one else dared to copy to me (at that time).

Sure, some tried and a few were able to create some great content, but it wasn’t like hundreds of competing in-depth guides were coming out each year. Not even close!

Now, when I published the guide I broke it down into multiple chapters like a book because when I tested out making it one long page, it loaded so slow that the user experience was terrible.

Nonetheless, the strategy was effective.

So what did I do next?

I created 12 in-depth guides

I partnered up with other marketers and created over 280,000 words of marketing content. I picked every major subject… from online marketing to landing pages to growth hacking.

I did whatever I could to generate the most traffic within the digital marketing space.

It took a lot of time and money to create all 12 of these guides, but it was worth it.

By January of 2014, my traffic had reached all-time highs.

quicksprout 2014

I was generating 378,434 visitors a month. That’s a lot for a personal blog on marketing.

Heck, that’s a lot for any blog.

In other words, writing 10x content that was super in-depth worked really well. Even when I stopped producing guides, my traffic, continually rose.

Here’s my traffic in January 2015:

quicksprout 2015

And here’s January 2016 for Quick Sprout:

quicksprout 2016

But over time something happened. My traffic didn’t keep growing. And it didn’t stay flat either… it started to drop.

quicksprout 2017

In 2017, my traffic dropped for the first time.

It went from 518,068 monthly visitors to 451,485. It wasn’t a huge drop, but it was a drop.

And in 2018 my traffic dropped even more:

quicksprout 2018

I saw a huge drop in 2018. Traffic went down to just 297,251 monthly visitors.

And sure, part of that is because I shifted my focus to NeilPatel.com, which has become the main place I blog now.

But it’s largely that I learned something new when building up NeilPatel.com.

Longer isn’t always better

Similar to Quick Sprout, I have in-depth guides on NeilPatel.com.

I have guides on online marketing, SEO, Google ads, Facebook ads, and the list goes on and on.

If you happened to click on any of the guides above you’ll notice that they are drastically different than the ones on Quick Sprout.

Here are the main differences:

No fancy design – I found with the Quick Sprout experience, people love the fancy designs, but over time content gets old and outdated. To update content when there are so many custom illustrations is tough, which means you probably won’t update it as often as you should. This causes traffic to go down over time because people want to read up-to-date and relevant information. Shorter and to the point – I’ve found that you don’t need super in-depth content. The guides on NeilPatel.com rank in similar positions on Google and cap out at around 10,000 words. They are still in-depth, but I found that after 10,000 or so words there are diminishing returns.

Now let’s look at the stats.

Here’s the traffic to the advanced SEO guide on Quick Sprout over the last 30 days:

quicksprout seo guide

Over 7,842 unique pageviews. There are tons of chapters and as you can see people are going through all of them.

And now let’s look at the NeilPatel.com SEO guide:

neil patel seo guide

I spent a lot less time, energy, and money creating the guide on NeilPatel.com, yet it receives 17,442 unique pageviews per month, which is more than the Quick Sprout guide. That’s a 122% difference!

But how is that possible?

I know what you are thinking. Google wants people to create higher quality content that benefits people.

So how is it that the NeilPatel.com one ranks higher.

Is it because of backlinks?

Well, the guide on Quick Sprout has 850 referring domains:

links quicksprout

And the NeilPatel.com has 831 referring domains:

links neil patel

Plus, they have similar URL ratings and domain ratings according to Ahrefs so that can’t be it.

So, what gives?

Google is a machine. It doesn’t think with emotions, it uses logic. While we as a user look at the guide on Quick Sprout and think that it looks better and is more in-depth, Google focuses on the facts.

See, Google doesn’t determine if one article is better than another by asking people for their opinion. Instead, they look at the data.

For example, they can look at the following metrics:

Time on site – which content piece has a better time on site? Bounce rate – which content piece has the lowest bounce rate? Back button – does the article solve all of the visitors’ questions and concerns? So much so they visitor doesn’t have to hit the back button and go back to Google to find another web page?

And those are just a few things that Google looks at from their 200+ ranking factors.

Because of this, I took a different approach to NeilPatel.com, which is why my traffic has continually gone up over time.

Instead of using opinion and spending tons of energy creating content that I think is amazing, I decided to let Google guide me.

With NeilPatel.com, my articles range from 2,000 to 3,000 words. I’ve tried articles with 5,000+ words, but there is no guarantee that the more in-depth content will generate more traffic or that users will love it.

Now to clarify, I’m not trying to be lazy.

Instead, I’m trying to create amazing content while being short and to the point. I want to be efficient with both my time and your time while still delivering immense value.

Here’s the process I use to ensure I am not writing tons of content that people don’t want to read.

Be data driven

Because there is no guarantee that an article or blog post will do well, I focus on writing amazing content that is 2,000 to 3,000-words long.

I stick within that region because it is short enough where you will read it and long enough that I can go in-depth enough to provide value.

Once I release a handful of articles, I then look to see which ones you prefer based on social shares and search traffic.

Now that I have a list of articles that are doing somewhat well, I log into Google Search Console and find those URLs.

You can find a list of URLs within Google Search Console by clicking on “Search Traffic” and then “Search Analytics”.

You’ll see a screen load that looks something like this:

search console queries

From there you’ll want to click on the “pages” button. You should be looking at a screen that looks similar to this:

search console pages

Find the pages that are gaining traction based on total search traffic and social shares and then click on them (you can input URLs into Shared Count to find out social sharing data).

Once you click on the URL, you’ll want to select the “Queries” icon to see which search terms people are finding that article from.

page queries

Now go back to your article and make it more in-depth.

And when I say in-depth, I am not talking about word count like I used to focus on at Quick Sprout.

Instead, I am talking depth… did the article cover everything that the user was looking for?

If you can cover everything in 3,000 words then you are good. If not, you’ll have to make it longer.

The way you do this is by seeing which search queries people are using to find your articles (like in the screenshot above). Keep in mind that people aren’t searching Google in a deliberate effort to land on your site… people use Google because they are looking for a solution to their problem.

Think of those queries that Google Search Console is showing you as “questions” people have.

If your article is in-depth enough to answer all of those questions, then you have done a good job.

If not, you’ll have to go more in-depth.

In essence, you are adding more words to your article, but you aren’t adding fluff.

You’re not keyword stuffing either. You are simply making sure to cover all aspects of the subject within your article.

This is how you write in-depth articles and not waste your time (or money) on word count.

And that’s how I grew NeilPatel.com without writing too many unnecessary words.

Conclusion

If you are writing 10,000-word articles you are wasting your time. Heck, even articles over 5,000 words could be wasting your time if you are only going after as many words as possible and adding tons of fluff along the way.

You don’t know what people want to read. You’re just taking a guess.

The best approach is to write content that is amazing and within the 2,000 word to 3,000-word range.

Once you publish the content, give it a few months and then look at search traffic as well as social sharing data to see what people love.

Take those articles and invest more resources into making them better and ultimately more in-depth (in terms of quality and information, not word count).

The last thing you want to do is write in-depth articles on subjects that very few people care about.

Just look at the Advanced Guide to SEO on Quick Sprout… I made an obvious mistake. I made it super in-depth on “advanced SEO”. But when you search Google for the term “SEO” and you scroll to the bottom to see related queries you see this…

seo related

People are looking for the basics of SEO, not advanced SEO information.

If I wrote a 2,000-word blog post instead of a 20,000-word guide, I could have caught this early on and adapted the article more to what people want versus what I thought they wanted.

That’s a major difference.

So how in-depth are you going to make your content?

The post Writing Content That Is Too In-Depth Is Like Throwing Money Out the Window appeared first on Neil Patel.

Read more: feedproxy.google.com

Technology

Pixel Stand might be Google wireless charging dock for the Pixel 3

Posted on

Pixel 3 concept Phone Designer

The new wireless charging technology hasn’t been included in Google-branded smartphones since the Nexus 6. A teardown of the latest Google app hints at a “Pixel Stand” which might be a wireless charging dock for the Pixel 3 and Pixel 3 XL. The wireless charging stand might include Google Assistant functionality for requesting personal information while the handset is locked.

Even though Google was one of the first proponents of wireless charging in the Android ecosystem, the company and its partners stopped including the feature after the Nexus 6 in 2014. Since then, Samsung, a handful of other Android manufacturers, and even Apple are now including the functionality in their smartphones. Thanks to a recent teardown of the Google app, it appears as though the search giant might be building its own wireless charging dock called the Pixel Stand.

Up to this point, we knew Google was working on a new “dreamliner” category that would allow various companies to produce wireless chargers that would include unknown features. These mentions of the Pixel Stand are our first clues that Google will also be making a dock to compete in this product category. Based on the Pixel Stand name, there’s reason to believe that the accessory will be compatible with the upcoming Pixel 3 and Pixel 3 XL.

Below are the strings of code that 9to5Google was able to uncover relating to the Pixel Stand:

<string name=”trusted_dock_action_text”>I Agree</string>

<string name=”trusted_dock_cancel_text”>No thanks</string>

<string name=”trusted_dock_message”>Your Assistant can use your personal info to make suggestions, answer questions, and take actions for you when your phone is locked and on your Pixel Stand</string>

<string name=”trusted_dock_title”>Get personalized help when your phone is on your Pixel Stand</string>

The third code string also hints that the Pixel Stand might be much more than just a wireless charging dock. Probably acting like a trusted device, when the Pixel 3 or Pixel 3 XL is docked in the Pixel Stand, Google Assistant will still be fully functional even though the phone’s display is turned off. This way, without having to first unlock the device, users can ask the Assistant for personal information and more.

Editor’s PickGoogle Pixel 3: All the rumors and leaks in one place (Updated June 8)Phone Designer In this post, which will be updated regularly, we’ll be looking at the latest rumors surrounding the Google Pixel 3 and Pixel 3 XL.  Last year’s Google Pixel 2 received plenty of acclaim, even if they …

Leaked hands-on photos of the Pixel 3 XL appear to show the handset with a glass back. Besides aesthetic purposes and improved internal antennae reception, the move away from metal is further evidence that Google is looking to add wireless charging back into its smartphones.

While it’s not clear when Google might introduce the Pixel Stand, it would make sense that the company would release it alongside the Pixel 3 and Pixel 3 XL at this year’s fall hardware event.

Up next: A second-gen Pixelbook will need more than just thinner bezels 

Read more: androidauthority.com

Web

Why Google Play Users Risk a Yellow Card With Android/Foul Goal

Posted on

Englands soccer fans have emotionally celebrated the team’s current run in the World Cup, as the tune “Three Lions” plays in their heads, while hoping to end 52 years of hurt. Meanwhile a recent spyware campaign distributed on Google Play has hurt fans of the beautiful game for some time. Using major events as social engineering is nothing new, as phishing emails have often taken advantage of disasters and sporting events to lure victims.

“Golden Cup” is the malicious app that installs spyware on victims’ devices. It was distributed via Google Play, and “offered” the opportunity to stream games and search for records from the current and past World Cups. McAfee Mobile Security identifies this threat as Android/FoulGoal.A; Google has removed the malicious applications from Google Play.

Once Golden Cup is installed it appears to be a typical sporting app, with multimedia content and general information about the event. Most of this data comes from a web service without malicious activity. However, in the background and without user consent the app silently transfers information to another server.

Data captured

Golden Cup captures a considerable amount of encrypted data from the victim’s device:

Phone number Installed packages Device model, manufacturer, serial number Available internal storage capacity Device ID Android version IMEI, IMSI

This spyware may be just the first stage of a greater infection due to its capability to load dex files from remote sources. The app connects to its control server and tries to download, unzip, and decrypt a second stage.

Android/FoulGoal.A detects when the screen is on or off and records this is its internal file screen.txt, with the strings “on” or “off” to track when users are looking at their screens:

The Message Queuing Telemetry Transport protocol serves as the communication channel between the device and the malicious server to send and receive commands.

Data encryption

User data is encrypted with AES before it is sent to the control server. Cryptor class provides the encryption and decryption functionality. The doCrypto function is defined as a common function. As the first parameter of the function, “1” represents encryption and “2” is decryption mode:

The encryption key is generated dynamically using the SecureRandom function, which generates a unique value on the device to obfuscate the data. The addKey function embeds the encryption key into the encryption data. The data with the key is uploaded to the control server.

We believe the malware author uses this AES encryption technique for any information to be uploaded to escape the detection by Google Bouncer and network inspection products.

Our initial analysis suggests there were at least 300 infections, which we suspect occurred between June 8‒12, before the first World Cup matches began.

The second round

The second phase of the attack leverages an encrypted dex file. The file has a .data extension and is downloaded and dynamically loaded by the first-stage malware; it is extracted with the same mechanism used to upload the encrypted files. The location of the decryption key can be identified from the size of the contents and a fixed number in the first-stage malware.

After decryption, we can see out.dex in zipped format. The dex file has spy functions to steal SMS messages, contacts, multimedia files, and device location from infected devices.

The control server in second stage is different from the first stage’s. The encryption methodology and the server folder structures on the remote server are identical to the first stage.

We found one victim’s GPS location information and recorded audio files (.3gp) among the encrypted data on the control server.

Variants

We have also discovered two other variants of this threat created by the same authors and published to Google Play as dating apps. Although all the apps have been removed from Google Play, we still see indications of infections from our telemetry data, so we know these apps are active on some users’ devices.

Our telemetry data indicates that although users around the world have downloaded the app, the majority of downloads took place in the Middle East, most likely as a result of a World Cup–themed Twitter post in Hebrew directing people to download the app for a breakdown of the latest events.

McAfee Mobile Security users are protected against all the variants of this threat, detected as   Android/FoulGoal.A.

The post Google Play Users Risk a Yellow Card With Android/FoulGoal.A appeared first on McAfee Blogs.

Read more: securingtomorrow.mcafee.com

Marketing

How to Make an Instagram Story Like a Pro

Posted on

In these days, of social media, it’s all about documentation.

Where you go, what you eat and drink, who you see, and what’s most memorable: These are the typical fodder of Instagram Stories — seconds-long glimpses of people’s lives, shared on Instagram for only 24 hours.

The Instagram Story feature allows Instagram users to share photos and videos to their “Story” — which is visible to followers of the user’s Instagram account — and to specific users the Story’s sender follows. Like in Snapchat, Instagram Stories are ephemeral, meaning they vanish after 24 hours. Stories are published separately from the photos and videos found in the tiled gallery of one’s Instagram profile.

You might know the basics of sharing Instagram Stories, but there are hidden tools within the app that can make the photos and videos you share more creative and more engaging.

Social Media-Instagram

Download 25 free Instagram templates to increase engagement and elevate your presence. 

Below, we’ve created this guide to how to share Instagram Stories, and how to make those Stories are compelling and cool as possible. In this post, we’ll cover:

Why Share Instagram Stories in the First Place How to Post Instagram Stories (The Basics) Instagram Stories Tricks and Hacks for Awesome Instagram Stories

25-Free-Insta-Templates-1

 

Why Share Instagram Stories?

Instagram Stories can drive a ton of engagement and value — whether you’re sharing a Story from a brand account or your own personal profile.

Since launching back in August 2016, a total of 250 million Instagram users have started sharing disappearing content on Instagram Stories — contributing to the huge jump in time spent in-app every day from 24 minutes to 32.

What’s more, a lot of brands have already seen success publishing content to this platform. Instagram Stories have fueled the growth of brands like Teen Vogue, Insider, and Bustle. Whether publishers are trying to grow brand awareness, grow traffic to videos or newsletter outside of Instagram, or share sponsored content, publishers are flocking to Instagram to publish fun disappearing content that infuses brand voice and personality without taking up too much of the average techie’s dwindling attention span.

What’s more, Instagram Stories are credited with fueling the massive growth of Instagram Direct — private one-to-one messaging between users within the app. Instagram Direct has grown into one of the most popular messaging apps in the world with a staggering 375 million users. Even more impressive, TechCrunch reports that one in five Instagram Stories shared by a brand receives a Direct reply — giving brands a direct line to connect with their audience and learn more about them.

How to Make a Story on Instagram Open Instagram, and tap the camera icon in the upper left-hand corner of your phone. Share a photo or video you’ve already captured by swiping up on your screen to browse your gallery. Or, choose a camera lens to capture a photo or video in the app. Once you’ve edited your photo or video, tap “Your Story,” or tap “Next” to share it to your Story and to other friends at the same time.

You can make Instagram Stories this successful too — but it requires a few more hacks and tips to make them look like the Stories big brands and influencers share. (Some of my favorite Instagram Stories are shared by chef Chloe Coscarelli, actress Busy Phillips, mattress brand Casper, and interior design app Hutch — and don’t forget to check out HubSpot‘s Instagram Stories, either.)

But first, let’s review the basics of how to share an Instagram Story:

1. Open Instagram, and tap the camera icon in the upper left-hand corner of your phone.

Step 1, using the camera icon to make a story on Instagram

2. Share a photo or video you’ve already captured by swiping up on your screen to browse your gallery.

Disclosure: Yes, I did a photoshoot featuring my cats. Can you blame me though?

Step 2, browsing photos to make a Story on Instagram

3. Or, choose a camera lens to capture a photo or video in the app.

Step 3, choosing a camera lens to make a story on Instagram

You have a few different options to choose from:

1. Live

If you toggle your screen to the “Live” option, you’ll start filming and broadcasting live on Instagram. Like Facebook Live, friends can follow along and leave comments, and when you’re done with the broadcast, you’ll have the option to let the video disappear, save it, or share it Instagram Stories for an additional 24 hours.

2. Normal

It means what it says: Tapping once will capture a photo, and holding down will record a video. Instagram Stories can be 15 seconds in length, so if you want to share a video that’s longer, film in 15-second stints, or use CutStory to split your longer clip into 15-second installments.

3. Boomerang

Boomerang mode films looping GIFs up to three seconds in length.

4. Superzoom

Superzoom is, on the surface, a video recording lens that zooms in closer and closer on your subject. But turn up the volume, and you can use Superzoom to create a dramatic soundtrack to accompany your video.

As my friend Marissa put it, “It’s like it’s BUILT for cats.”

I will forever be in love with this Insta lens!!!! pic.twitter.com/HvU6rarmNa

— Sophia Bernazzani (@soph_bern) November 17, 2017 5. Rewind

Use the rewind lens to film a video in reverse.

6. Stop Motion

Use this lens to film cool stop-motion videos: several different still images woven together in one seamless video. Think of it like the video version of a flip book (like this example below):

Stop-motion artist Alex Unger spends months creating incredibly detailed pieces. pic.twitter.com/m6R4MNLIQj

— Business Insider UK (@BIUK) November 14, 2017 7. Hands-Free

Use hands-free mode if you want to set up your camera to film a video for you. Make sure you prop it somewhere stable before you call “Action.” We’ll talk more about this feature in a minute.

4. Once you’ve edited your photo or video, tap “Your Story,” or tap “Next” to share it to your Story and to other friends at the same time.

You can also save your edited photo or video to your gallery by tapping “Save” in the lower left-hand corner.

Step 4, tapping "Next" or "Your Story" to make a Story on Instagram

Now that you know the basics, let’s run through tips and hacks for producing high-quality, clickable Instagram Stories.

11 Instagram Story Tricks and Hacks 1. Use stickers.

Once you’ve captured a great photo or video, it’s time to jazz it up with some fun stickers. You can access these by tapping the smiling sticker icon in the upper right-hand corner of your screen once you’ve captured a photo or video — or swipe up from the bottom of your screen.

Swipe up to use stickers in your Instagram Story

Change the size of your stickers.

You can pinch the sticker once you’ve added to your story to increase or decrease its size. You can also tap and drag it around the frame to change its position.

Big sticker that says "Yasss" to add to your Instagram Story

Check stickers every day for new and unique ones.

Instagram releases unique Story stickers often — whether it’s Monday, a holiday, or a season. Check this section every day for new and timely stickers to add to your Story.

Thanksgiving sticker in an Instagram Story

Add location, hashtag, poll, and selfie stickers.

Boost the engagement on your Instagram Story by opening it up to other people doing the same things you are. Open up the stickers section, and tap any of these buttons to customize your story:

Location, hashtag, and poll sticker options to add to an Instagram Story

Location Stickers

Start typing in wherever you are, and you’ll be able to pull in a geographically-specific sticker to show where you are.

Setting a location for your Instagram Story

When people view your Story, they’ll be able to tap the location sticker and see other photos and Stories happening around the same place.

Instagram Stories posted with the location Boston Common

Hashtag Stickers

Same concept here: If you add this sticker and type in a hashtag, your Story will appear in searches for that hashtag, and viewers will be able to click it and see who else is using it. #MotivationMonday, amirite?

Instagram hashtag sticker that says #caturday

Poll Stickers

You can add a two-option poll to your Instagram Story, and you can even customize the possible answers so they’re more unique than “Yes” or “No.” Use a poll sticker to gauge if people are really engaging with your content.

Poll sticker in an Instagram Story

Selfie Stickers

Open up the Stickers menu, and tap on the camera icon.

Select the selfie sticker to add to your Instagram Story

Then, take a selfie — or take a picture of anyone else’s face (that will work too). Then, you can use that face to decorate your Instagram Story. Somewhat creepy, but very memorable and funny, too.

Instagram photo of a black cat with selfie sticker

2. Record a hands-free Instagram video.

If you’re a frequent video-recorder on Instagram, you know you need to hold your thumb against the record button for as long as you’re recording. This can make it tedious when attempting dynamic and interesting videos that require more hand mobility.

But did you know you can record these videos “hands-free”?

Hands Free video option in an Instagram Story

The hands-free video feature can be found in the carousel of camera lens options beneath the record button, as shown above. Simply tap the record button once to start the video, and again to stop it after you’ve gotten the footage you want.

3. Let viewers share your Stories.

Increase engagement and views of your Instagram Story by letting viewers share them with their friends — as Direct Messages.

Go to your profile, tap the gear icon, and navigate to “Story Settings.”

Story Settings button on Instagram

Toggle on “Allow Sharing” so viewers can DM your Story to friends to increase your audience reach. Voila!

Allow Sharing option on Instagram

4. Use the pen.

Use the pen to add embellishment, symbols, or more text to your Story. If you tap the pen icon in the upper right-hand corner of your screen once you’ve captured a photo or video, you’ll open up your options.

Various color pen options in instagram

From there, you can adjust the thickness of your pen stroke or change the color you’re writing with (more on that later).

I like using the highlighter pen (the third option) to add emphasis to words — or even the highlight of my photo or video.

Instagram Story drawing that reads "Ta-da!" with a blue pen and red background

5. Add a background color.

If you want to share a Story with a background color — like the images I’ve shared above — you can actually select it from the color palette.

Take a picture (it doesn’t have to be a picture of anything in particular), and then tap the pen icon to open up the color palette. (Here’s Leela again — my unwitting cat model.)

Add a background color to your Instagram Story

You can choose one of the colors from the three available menus, or if you want a specific shade of one of those colors, you can open up the full color spectrum by pressing and holding one of the colors.

colors2.png

Then, scribble anywhere on the screen, and hold your finger down until you get the background color you want to appear.

Orange pen added to Instagram Story of a black cat Orange color setting in Instagram

If you want to get really crazy, you could use the eraser tool (the fourth option) to create new words or shapes from the background, too.

Orange background added to Instagram Story of a black cat

6. Mention another Instagram account in your Story.

Sometimes, it’s just not enough to send an Instagram Story to a particular person — you need to give them a shoutout in the photo or video itself. In these cases, Instagram allows you to tag up to 10 specific handles directly in your Story’s photo or video.

To mention an Instagram account in your Story, shoot a photo or video and then tap the square “A” icon in the upper righthand corner of the screen. Enter the account you’d like to tag, starting with the “@” symbol and the account’s first letter. Scroll through the suggested accounts that appear below your cursor until you find the account you have in mind, and tap it. See what these options look like below.

Instagram Story mentioning another account in a photo

Once you post this Story, the person or account you’ve tagged in the photo or video will receive a notification of your shoutout, regardless of whether or not you send the Story to them.

7. Make your text funkier.

The text on Instagram Stories is pretty basic — jazz it up with these tricks.

Customize your colors.

If you’re unsatisfied with the color palette Instagram offers, create your own from one of the colors in the photo or video you’ve captured.

Open up the text icon, and tap the eyedropper icon in the lower left-hand corner of your screen.

Dropper icon to change custom color of Instagram Story text

Use the dropper to sample a color from somewhere in the image you’ve captured, and use it when typing out text or using the pen tool.

Dropper icon set to black in Instagram

Add a drop shadow to your Story’s text.

If you want to add some extra drama to your text, add highlighting or shadowing by retyping or rewriting your text in a different color. I recommend choosing black or white to add emphasis to a bright color you’ve picked. Then, move the text above or underneath the brighter text to add some drama to your words.

Instagram Story of Leela the cat Instagram Story of Leela the cat with white shaded text

Turn your text into a rainbow.

This one’s tricky, but you can actually turn your text into a gradient rainbow.

Tap the text icon, and type out your message to add to your Story. Then, highlight your text.

rainbow1.png

This is where it gets tricky: Turn your phone to the side so you can hold one finger down on the right side of your text, and with another finger, tap on a color and hold until the color wheel pops up.

Rainbow color bar in Instagram

Then, slowly drag both fingers across both the text and the color wheel from right to left to create rainbow text. Go slowly, letter by letter until you’ve created a rainbow. (This one took me several tries before I nailed it, and I succeeded using both thumbs to highlight the text and the color wheel.)

I wonder if Leela knows she is my model for when I write step-by-step instructions in blog posts pic.twitter.com/OgcKhmIdNV

— Sophia Bernazzani (@soph_bern) November 19, 2017 Gradually add text to a Story.

Sometimes, you might want to add text or stickers to an image to build on it — perhaps to promote a content offer or event, or to encourage viewers to swipe up to read a link you’ve shared (this is only available to verified accounts).

Start editing the photo you want to share, post it, and save it to your camera roll. Then, swipe up on your screen to add the screenshot to the next installment of your Story — adding new text or stickers on top of the first photo. Keep doing this for as long as you want the Story to last — just make sure to keep taking screenshots of your latest photo so you can add to it.

gradual1.png gradual2.png Instagram Story of Leela the cat with purple and yellow captions and design

8. See who has viewed your Instagram Story.

Snapchat users have always been able to see which of their friends have viewed their snapped Stories over the 24-hour period that the Story is visible. Well, Instagram Stories can do the same thing — in exactly the same way.

To see who has viewed your Instagram Story, navigate to the homepage of Instagram on your phone and click on the circular icon denoting your Story. See what this looks like in the screenshot below.

instagram-story-homeImage by Mari Smith

Click on “Your Story” from the Instagram home screen and swipe up from the bottom of your open Story. This will pull up a list of all the accounts that have viewed this content.

Seeing who’s viewed your Story might be an ego boost to personal Instagrammers, but business users can learn a lot about what their followers are interested in this way. By looking at which users view which Stories, you can figure out which types of photos and videos you should keep posting.

9. Center your text and stickers.

When you’re moving around text and stickers on your story, you’ll see blue lines appear vertically or horizontally in the frame. These are guiding lines you can use to make sure you’re keeping everything centered.

centered1.png centered2.png

Don’t put your text too high or too low on the screen.

That said, make sure you don’t add anything to your Story too high or too low in the frame — or it will be cut off when viewers scroll through your Story, when Instagram adds things like your name and how long ago your story was posted that could block out your carefully-crafted text.

10. Add music to a Story.

This one’s easy: Turn on music using your phone’s native streaming app, and record a video Story. Once you get ready to edit and share, make sure the sound icon isn’t muted so your viewers can jam with you.

Alternatively, if you’d rather your video be muted, tap the sound icon so an “X” appears over it.

unmuted1.png unmuted2.png

11. Upload Instagram Stories from your phone’s camera roll.

Great Instagram Stories aren’t just created through the Instagram app. You can also upload photo and video content from your mobile device’s native camera roll.

To upload a photo or video for use as an Instagram Story, open your Instagram Story’s camera lens and tap the little square icon on the bottom lefthand of the screen. See what this looks like below.

instagram-story-upload-photo

Tapping the icon shown above will call up your phone’s native media gallery, where you can select any photo or video to publish as an Instagram Story. It’s that easy.

We hope these tips help you post killer Instagram Stories your audience won’t be able to stop following. There are lots of hidden ways to take your Stories to the next level — some we may not even have covered here. Our best advice? Keep clicking around and see what you can do with the latest updates from the app. Happy ‘gramming!

Instagram Templates

Instagram Te

Read more: blog.hubspot.com