How to perform a CRO audit

How to perform a website CRO audit

Around 88% of online shoppers won’t return to a website after a bad user-experience (UX). So how do you satisfy them enough to stick around, convert and come back?

For Marketing Managers, Conversion Rate Optimisation (CRO) audits are the perfect exercise to identify website problems and areas of opportunity. Once you know this information, you can make that all important plan to fix them.

But knowing where to start is hard, especially if you have quite a complex website with lots of pages, components and traffic. 

In this guide, we share six tips for conducting a website CRO audit to enhance UX and turn more visitors into customers.

Getting started with your CRO audit

Before starting your CRO audit, find out your company’s objectives and define what a website conversion is. If you’re an e-commerce company, a conversion is likely to be a purchase. If you’re a service provider, it’s probably a form completion, download or subscribe. But also consider smaller micro actions that are good indicators of a potential conversion e.g. if we want to track a form completion are we tracking if they even saw the form?

Next, keeping in mind the above, set up your tracking to measure and learn from your optimisation efforts. The tracking tools will depend on your platforms and conversion type, but GA4 is perfect for analysing key metrics like conversion rates, traffic and clicks.

So now you’ve got your goals and tracking in place, here’s six tips to conduct a comprehensive CRO audit. 

Identify areas of friction 

We all know how annoying it feels to visit a website that’s slow, hard to navigate or broken. That’s why identifying and removing friction is so important to make your users’ journey smooth and prevent frustration.

Use ‘The BS test’

One useful tool to identify areas of friction is ‘The BS Test’, which will help you discover if something is broken or slow.

What is a broken website element?

Broken website elements are anything from a button or link not working, a form that can’t be completed or an image not loading. Broken elements are a nightmare from a UX perspective, so it’s crucial to make sure everything is working as it should be.

How to identify broken website elements

To find broken elements, act like a visitor using your website and have others do the same. This might feel like a manual process, but user testing is the best way to identify issues that you might otherwise miss.

In addition, use GA4 to identify which devices and resolutions convert well and poorly. Users may be converting on desktop but not mobile, revealing problems with mobile usability or navigation. This gives you a confident starting point for your CRO audit based on real-time data.

Remember that just because something works on desktop doesn’t automatically mean it does on mobile, so always test both.

How to check if your website is slow

Use Google PageSpeed Insights to see your website’s LightHouse Score and check if it is too slow. LightHouse Scores are a metric that measure how well your website is doing in terms of performance, accessibility, best practices, SEO, and Progressive Web Apps.

If your website’s LightHouse score isn’t in the green (90-100), there’s room for improvement and you need to speed it up. Google PageSpeed Insights will show you problem areas and suggest ways to fix them for better performance. Common suggestions include reducing image sizes, JavaScript execution time or the impact of third-party code.

Identify areas of distraction

There are many ways to identify areas of distraction on your website. An effective one is through the concept of visual hierarchy.

Visual hierarchy is the way page elements are organised in order of importance.  For example, your call to action (CTA) matters more than other elements, so it should be high up on your page’s visual hierarchy. This means it should be clear and easily accessible in order for users to click it.

Areas that steer users away from clicking this CTA are elements of distraction. Too much text, contrasting colours, or conflicting messaging for example can distract users and cause the CTA to be lost.

The ‘Squint Test’ is a great way to identify areas of distraction. Open your webpage and squint your eyes so everything looks blurry. The areas you see first are high contrast sections, and therefore at the top of your page’s visual hierarchy. Your CTA and other important elements should stand out first. If they don’t, focus on improving your page’s visual hierarchy because users are getting distracted. 

Push your value proposition

If you haven’t created a value proposition yet, talk to stakeholders and conduct customer research to determine what it should be. Survey your team and a sample of your customers to understand their wants, needs and motivations. After you gather this information and define your value proposition, clearly display it on your website. This ensures users know what makes you different and why they should choose you over competitors. 

Decide if your content is relevant

Research your competitors because the experience users have on their websites influences their expectations for yours. Look at what features they offer, their page layouts and value proposition. If your website isn’t as good as theirs, users will be let down and choose competitors instead. So make sure yours looks the part, is enjoyable to use and provides real value to your customers. 

Make everything as clear as possible

Make it easy for users to find what they want on your website and get a real feel for your brand identity. So make sure your page design is engaging and clean, and your copy is clear and concise. 

Of course, some websites have a lot of products and services that are complicated. If you try to simplify them too much, it can make things more complex. In this case, consider techniques such as movement and animation to guide the user in a visually engaging way. 


Getting people to your website is one thing, but turning users into sales or leads is completely different. To convert website visitors, conduct a CRO audit to identity issues, fix them and ensure your UX is seamless.  Optimise every element of your site including usability, navigation, design, trust signals, and site speed. 

Everything we’ve shared in this article are just examples, and differ depending on your website’s purpose, sector and audience. Just remember your goals and that your website should guide the user to conversion. So the easier you make their journey, the more likely they’ll convert.

Want us to run a complimentary CRO audit on your website? Simply get in touch and we’ll book you in.

With 64% of businesses planning to implement Enterprise Resource Planning (ERP) systems within the next three years, it’s clear that many companies are starting to prioritise workforce productivity, efficiencies, and data management. 

However, some businesses do still overlook ERP integrations for fear of change, cost, required resources and impact on day-to-day operations. But this shouldn’t be the case and in fact, ERP integrations can save you time and money in the long-term. 

In this blog, I’ll explain exactly what ERP integrations are, the four biggest business benefits of ERP integrations and why they shouldn’t be neglected.

What is an ERP?

An Enterprise Resource Planning (ERP) system brings together various business functions such as sales, customers, finance, HR, and supply chain, into one place.

The core purpose of an ERP is to streamline processes and make the day-to-day running of an organisation easier. There are lots of different ERPs on the market, with three of the most common being NetSuite, Microsoft Dynamics 365 and SAP. 

What is an ERP integration?

An ERP integration is when you connect your ERP system with other business applications such as your e-commerce platform, CRM or finance software.  The aim of an ERP integration is to share company-wide data across systems to boost productivity and efficiency.

Here is a list of applications that ERP systems can integrate with:

  • Business Intelligence (BI) software
  • Customer Relationship Management (CRM) software
  • E-commerce platform like Shopify, WooCommerce or Magento 
  • Online marketplaces
  • Project management tools

What are the benefits of an ERP integration?

There are many benefits of ERP integration including streamlined processes, improved data visibility, enhanced communication, reduced costs and better customer service.

In fact, studies show that ERP integrations can improve processes by 95% and cut operational costs by 23%. (Forbes, 2024).

Here’s each ERP integration benefit in more detail.

Accurate, real-time data

By integrating your ERP with other applications, you’ll have one single source of truth for company data. This eliminates data silos and provides easy access to real-time data from different departments in one place. This is faster than relying on multiple systems with conflicting information, reducing errors and enhancing visibility. 

Automate manual tasks

With a fully integrated ERP, you can automate time-consuming tasks and workflows. For example, manually managing stock control on your e-commerce platform can take a long time but with an ERP integration, you could automatically feed live stock updates directly into your e-commerce platform so it’s always up to date. 

Enhanced collaboration

With everyone working from the same system, you’ll foster better collaboration and communication across teams. You’ll all be able to easily access and share data, leading to faster decision-making, increased productivity and a more enjoyable way of working.

Better customer service

With real-time access to customer data and order history, your sales and support teams can provide a faster, personalised and more informed customer service. This will boost customer satisfaction and retention which ultimately, will help you grow sales.

If you’re considering an ERP integration but not sure on the best approach, please get in touch and we’ll book a call in to chat about your ERP system.

If you’re using any of Google’s advertising services – Google Ads, Shopping, Tag Manager, GA4 – within the EEA, you should have upgraded to Google Consent Mode v2 by Wednesday 6th March 2024. 

Why? In this short blog, we’ll explain everything you need to know, including what Google Consent Mode is and why updating to the new version is crucial for continuing to serve targeted adverts to your audience.

What are Google Consent Mode and Google Consent Mode V2?

Google Consent Mode is a tool that enables websites to collect non-identifying data when the user doesn’t give cookie consent. However, because of ongoing developments in EU/EEA privacy regulations, and the phase out of third-party cookies, Google upgraded the tool to offer enhanced functionality. 

That’s when Google Consent Mode V2 was born. With this version, you can adjust Google tags based on the users’ consent preferences for ads and cookies. Essentially this means that you’ll be able to track users, but only when they give explicit consent. 

Why updating to Google Consent Mode V2 is important

Upgrading to Google Consent Mode V2 is crucial for continuing to target users within the EEA with relevant ads. Without it, you won’t be able to capture new user data in advertising platforms, like Google Ads and GA4. You also won’t be able to accurately measure and report on ads, create audience lists or execute effective remarketing ad campaigns. Your bidding algorithms will be running on inaccurate data, so you won’t be spending your ad budgets effectively.

What are the next steps?

Now the March 6th deadline has passed, your website’s cookie consent banner must comply with Consent Mode Partners (CMP) V2. Google has several CMP partners but personally, we recommend Cookiebot

So if you haven’t already, don’t delay implementing Google Consent Mode V2. If you need support upgrading, choosing a CMP partner or have any questions, please get in touch.

On the 4th January 2024, Google officially started phasing out the use of third-party cookies for 1% of Chrome and Android users. This move mirrors actions already taken by Safari and Firefox, both of which blocked them a few years back to enhance privacy measures.

So what does Google removing third-party cookies mean for marketers? In this blog we’ll explain what third-cookies are, the impact the phase-out will have on marketing and alternative tactics to overcome the change.

What are third-party cookies?

Third-party cookies are placed on your device by websites that are different from the one you’re visiting. These cookies can be used to track user activity across multiple sites and social media platforms, collecting data such as demographics, interests and browsing patterns. Marketers then use this data to create targeted and remarketed ad campaigns, effectively reaching relevant audiences online.

For example, say you visit a clothing website and then start seeing ads for similar clothes on various other sites, that’s probably because third-party cookies have been tracking you all along. 

What are the advantages and disadvantages of third-party cookies?

Advantages of third-party cookies
  • Personalised advertising: You can effectively serve personalised ads to both new and existing website users, expanding your reach and increasing brand awareness. You can then retarget them with ads that encourage them to take an action, and enhance your user-experience by sharing valuable content that resonates.
  • Cross-site functionality: Third-party cookies allow websites to remember login credentials and user preferences. This enables convenient features like single sign-on across multiple websites, and easy content sharing through social media plugins.
Disadvantages of third-party cookies:
  • Privacy concerns: Companies use third-party cookies to collect high volumes of personal data and create detailed user profiles. The problem however is that many people don’t trust them due to the lack of transparency about how their data is collected, stored and used.
  • Security risks: Malicious actors can exploit third-party cookies for tracking, targeting, and delivering malware or phishing attacks. 

Why are browsers removing third-party cookies?

Browsers are removing third-party cookies largely due to escalating privacy concerns about how companies collect and manage personal data. Data privacy laws and regulations are evolving, and there’s a pressing need to enhance transparency and provide assurances that data is being handled securely and ethically. 

But Google’s phase-out of third-party cookies isn’t anything new because major browsers have been getting rid of them for years. Safari blocked them back in 2020, followed by Mozilla Firefox in 2023. Google however, was slow to follow suit and continued allowing them right up until January 2024. 

What does Google phasing out third-party cookies mean for marketers?

Marketers have heavily relied on third-party cookies to serve personalised and retargeted ads through platforms like Google Ads and Shopping. But by removing them, effective targeting is much harder as marketers lose access to crucial data regarding the users’ browsing habits, which is what made this tactic so effective. 

What should you do now Google is phasing out third-party cookies 

First of all, breathe. Remember that Google isn’t banning all cookies and there are still plenty of other ways to collect valuable marketing data and reach your audience.  For example, you could implement a first-party data strategy – that’s data about user activity on your own website as opposed to elsewhere  – or trial more traditional research methods like customer surveys. This is an effective, yet often overlooked, way to gain insights into your audience’s wants and needs, which you can then use to shape your marketing strategy. 

Additionally, make sure that the way your business uses cookies definitely complies with the latest data privacy regulations. For example, if you use any Google advertising products such as Google Ads, Shopping or GA4, you have until the 6th March 2024 to upgrade to Google Consent Mode V2, if you want to continue serving targeted ads within the EEEA.

What is Google Privacy Sandbox?

Another potential alternative to third-party cookies is Google’s Privacy Sandbox, an initiative designed to curb unauthorised data tracking whilst enabling targeted advertising in Chrome. 

Google is still developing Privacy Sandbox, but it says the three goals of the initiative are to:

  • Build new technology to keep your information private.
  • Enable publishers and developers to keep online content free.
  • Collaborate with the industry to build new internet privacy standards.

Keep an eye on the Privacy Sandbox website for monthly updates as the initiative develops.


Google’s phase-out of third-party cookies has been a long time coming, and it’s not too late to make alternative plans. The main thing is that you’re proactive in adapting to the change, and implement a contingency plan to reduce the impact. Finally, keep up to date with the latest news and developments around third-party cookies and data privacy regulations, they’re constantly evolving and you’ll find navigating the landscape way easier by staying in the loop.

To kickstart the new year, we asked the team what their digital marketing predictions are for 2024. We’re keeping an eye on generative AI, omnichannel marketing and the results of game-changing industry cases like the New York Times suit against Microsoft and OpenAI. We also expect to see way more brands focus on social media, particularly leveraging UGC and video marketing to grow and engage their audience.

What’s in store for digital marketing in 2024?


Abi Crosbie, SEO Manager

“2024 is the year of AI finding its place in everyday life. We’ll start to see further roll out of Google’s generative AI,  and those brands using AI to improve work processes will stay ahead of the game. We’ll also see big impacts on the future of AI with the results of the New York Times suit against Microsoft and OpenAI for copyright infringement. Whether this case signals the blow up of AI being able to access anything, or it hobbles AI’s ability to access content to learn from, the outcome is one to watch closely.

I think there’ll be advancements in omnichannel marketing too. There’s been talk for years that other platforms meet the criteria for being search engines and that SEO techniques are transferable to them (think Amazon, Ebay, YouTube and TikTok), but few SEOs have ventured beyond discussion. I think 2024 will see SEOs going beyond a website-only focus, branching out to push the benefit of content on multiple platforms.

The reason we’ll see this is the transformation of the SERPs. Google in particular is adding more SERP features from platforms like X and TikTok into prime SERP positions. This means SEOs pushing for optimised content on these platforms is a technique that will help organic performance, increasing visibility right where we care about it – in search engines.”


Yasmin Rowlands, Social Media Executive

“Platforms like TikTok, Instagram, Facebook, Pinterest and even LinkedIn will continue to heavily invest in creator marketplaces and tools. This will make it even easier for creators to produce and distribute high-quality content, work with brands, and connect better with their audience. I also think we’ll see an increase in brands partnering with influencers and sharing UGC to build trust, credibility and ultimately, sales. Creators being the most authentic will thrive because people want to see real, relatable content that resonates”


Bryn Jones, Technical Director

“It seemed like 2023 was finally the year where the popularity and crucially, the capabilities, of AI and machine learning made a huge leap. In 2024, we’ll continue to see big developments and new ways of using these exciting technologies. You only have to look at the evolution of Midjourney, an image generation tool to see the staggering progress made in a short space of time. As a Web Developer, tools like Copilot and Chat GPT can be incredibly useful (when used in the right way) but they are far from perfect. They often give plausible yet inaccurate answers to prompts, so I definitely expect progress to be made here.”


Leanne Bates, Marketing Manager

“I think we’ll see way more brands putting the spotlight on their internal teams and sharing ‘real people’ stories to engage their audience. I think brands that have been reluctant to start turning to video marketing and while short-form styles will prevail, I do think we’ll see an increase in long-form video and live-streaming.”

Design systems have become a hot topic amongst brand marketers and designers. They’re a great way to bring your brand to life whilst maintaining design consistency and creating a shared vision across teams.

Design systems have become so valuable here at Reckless that we’ve created our own, which we adapt and personalise for different pieces of work. You may be considering doing the same thing, especially if your brand has been evolving for a while and you have various teams working across different projects.

In this blog I’ll explain what a design system is, the benefits of implementing a design system and even, what Lego and user experience (UX) have in common (you read that last bit right…)

What is a design system?

Here’s the perfect definition of a design system from software company Invision:

“A design system is a collection of reusable components, guided by clear standards, that can be assembled together to build any number of applications.”


The purpose of creating a design system is so you can maintain brand consistency across projects. This includes everything from colour palettes and typography to components and spacing. Having one design system brings order to chaos because it enables multiple team members to manage your brand in a way that brings it to life, whilst keeping everything aligned.

Here’s a short video of our design system in action

What are the benefits of a design system?

There are a wide range of benefits to using and maintaining a high-quality design system. For us, we’ve saved time, improved efficiencies and streamlined processes both internally and for our clients.

Here’s a quick overview of the different benefits you could enjoy by implementing your own design system:

Speed up processes

Your design system can contain hundreds of pre-built elements including colours, fonts and icons. Having these in one place allows you to take them straight ‘out of the box’, and use them for wireframing and prototypes. This will save you time and resources remaking common elements over and over again.


Due to the flexible nature of design systems, you’ll be able to quickly prototype ideas, test them with real users and adapt them off the back of your findings.

Eliminate inconsistencies

Design systems allow you to create one central style guide with a set font type, size and weight, as well as brand colours and elements. You can also design different variations for desktop and mobile devices, so your visual language is consistent across all layouts. This is a huge benefit and these changes tend to be quick, simple and easy to implement.

Communication with a common language

You’ll really start to enjoy the benefits once you’ve explained to your team how your design system works and why it’s so important. Explain the functionality, requirements and how the components should behave, so everyone has a shared understanding. Your design system will become your ‘brand guardian’ that keeps everyone on the same page so your brand looks and feels consistent.

Best practice UX

Pre-defining components in your design system helps you ensure a consistent UX across your website too. For example, in our design system, we’ve created a wireframe structure specifically for Shopify, so we can create seamless experiences for each of our clients’ websites.

Here’s an example of some website components we designed for Castle Green Homes.

See how everything looks aligned and on brand? From the colours and icons to shapes and spacing – it all comes together as a result of the pre-defined components.

So, what do Lego and UX have in common?

Well, there tends to be a common misconception that having pre-defined components makes design repetitive, but in our opinion, this is far from the truth. I recently came across a stat which perfectly explains why we feel this way…

How many ways can you combine six 2×4 LEGO bricks of the same colour? The answer is 915,103,766!

The best ways to secure your website from cyber attacks

October is Cybersecurity Awareness Month, marking 20 years since the campaign began. While big security advancements have been made over the years, cyber attacks are unfortunately more common and sophisticated today than ever before.

For context, in 2022 there were around 2.39 million cases of cyber crime across UK businesses. More recently in August 2023, the largest-ever Distributed Denial of Service (DDoS) attack attempted to take down Google, Amazon and Cloudflare. Luckily, this attack was stopped but if it wasn’t, it would have caused an unimaginable amount in damages.

Attacks like this emphasise why you must prioritise your company’s website security, especially if your site generates a lot of revenue. Failing to do so could seriously hurt your business; you could lose significant amounts of money (both revenue and legal fees), damage your brand’s authority and reputation – the stakes really have never been higher. 

In this blog, I’ll share the most effective ways to protect your website from cyber attacks, explaining what a DDoS attack is and steps to mitigate risk. 

There’s also a cyber security glossary here, to help you familiarise yourself with key terms along the way.

What is a DDoS attack?

A DDoS attack is one of the most common types of cyber attacks that can be launched against your website. Generally, the attacker floods your web server with a huge volume of requests to take your site offline as your server collapses.

This is exactly what Google, Amazon Web Services (AWS) and Cloudflare all recently survived. This particular DDoS attack was launched by a relatively small botnet using a new ‘Rapid Reset’ technique. This exploited the commonly used HTTP/2 protocol, leaving each brand’s web servers open and vulnerable. 

The scale of this attack was unprecedented, lasting just two minutes and peaking at 398-million requests per second (rps). That’s more requests than the total number of article views for Wikipedia in the whole of September 2023. What’s more, the largest attack was seven and half times larger than the previous record-breaking DDoS attack, a mere 46-million rps back in June 2022. 

How do I protect my company’s website from cyber attacks? 

There are plenty of ways to reduce the risk of your website being attacked. The best measures depend on your network infrastructure and platform because they have different considerations and some are more vulnerable.

For example, if your website is powered by a popular web application such WordPress or Magento, you’re unfortunately at more risk of being targeted. This is because these platforms power millions of potentially unpatched websites, so finding exploits is more valuable.

However, there are steps you can take, regardless of platform, to add an extra layer of security to your company’s website. Here are four effective ways to protect your website and mitigate the risk of being attacked.

Use Cloudflare

One of the best ways to add extra security to your website is by managing your DNS through Cloudflare. If you choose the “proxied” option, this sits between the internet and your server recognising malicious traffic, caching your site, hiding personal data – the list of security features goes on. The best news is that Cloudflare is free, with the option of upgrading for more features if you need them.

Cloudflare protects against the vulnerability that made the DDoS attack mentioned earlier possible. That’s why no websites using Cloudflare were impacted by the breach, and why implementing Cloudflare is one of the first things we do when we onboard a client.

Keep everything up to date

💻Website platform
Let’s go back to basics. Your website runs on software, and like your phone’s operating system or Xbox game, it needs regular updates. This is often to implement critical bug fixes or security patches that stop vulnerabilities being exploited. You must complete updates fast to prevent cyber attacks, so don’t ignore notifications.

It’s not just your main website platform that needs security updates either. Third party plugins, modules and extensions, as well as your server operating system and services, can also have vulnerabilities. So, it’s important to keep them updated and manage them properly for maximum security.

🔥Antivirus, malware protection and firewalls
Install trusted antivirus and malware protection software on your computer or laptop. These don’t just keep your device safe, they protect your website too. 

Without them, you’re vulnerable to many things including  ‘keylogging’. This is malicious software that records everything you type, including passwords and personal data. If you fall victim, hackers could gain access to any of your online accounts, including your website.

Similarly, have effective firewall software (or hardware in your company’s network infrastructure) set up and running smoothly. This monitors and blocks potentially malicious requests being sent or received by your computer, or other network devices.  

Firewalls do typically exist as part of your website’s hosting infrastructure too. One particularly useful type is a Web Application Firewall (or WAF), which specifically targets HTTP/S traffic. As I mentioned earlier, Cloudflare offers one for proxied traffic. Using WAFs is becoming increasingly common as they offer targeted protection, often with rulesets that can be application specific – for example, if you need to block known exploits specific to WordPress or Magento, or web servers like Apache.

Limit and secure website access

Compromised user accounts are the number one cause of cyber security issues. To prevent this, ensure strong security measures for logging into your website’s CMS. After all, this is where highly sensitive information is stored such as customer contact details, so if a bad actor gains access, the potential implications are enormous.

Here’s a few ways to improve your website’s admin security:

Don’t share logins
Create everyone who needs access to your website’s admin panel their own account. This ensures that you can see who is doing what in your application. Notice that order 820316 was refunded, but not sure why? You can ask Geoff from Sales, rather than seeing the action was performed by ‘Admin’.

Also, assign each user the correct account type or role by implementing the principle of least privilege (PoLP). This means only giving a user the ability to do what they need to do. If someone doesn’t need to create other users or create discount codes, don’t allow them to.

🔐Enforce strong passwords
Always use a minimum password length of 12 characters and a mixture of uppercase, lowercase, numbers and symbols. Avoid dictionary words and any personal information such as names and significant dates. Don’t use the same password across multiple accounts, and set your passwords up to expire regularly. Browsers like Google Chrome typically offer a password manager that suggests strong passwords and stores them on a per site basis. Leverage these to make password management much easier. 

📱Two-factor authentication (2FA)
More and more web applications offer the ability to enable 2FA so if you can, set it up. This requires an additional step on login, which usually involves clicking an email link or providing a code sent to your phone. Without this additional step, authentication will fail, so even if your password is compromised, your account is still protected.

Backups, backups, backups

No matter how careful you are with cybersecurity, having a good backup and disaster recovery plan is always important. Ask yourself, how critical is my data? What is the cost to my business if I experienced data loss or an offline website due to a cyber attack? If the answers fill you with dread and you don’t have a back-up plan in place, now is the time to make one.

💡How do back-ups work?
Nowadays, website infrastructure tends to be virtual or cloud-based, not stored in physical boxes sat in data centres. This means they’re spread across a range of hardware and software, often with redundant copies in different regions. Physical hardware failure was once the most important reason to back up your hardware, but this is less true than it once was.

However, regular off-server and off-network backups are an essential way to protect against attacks. Track your site’s application code in a trusted code repository, and back up transactional data, such as databases and user uploaded files, as frequently as their importance dictates. If your server and infrastructure are compromised, having this copy will enable you to quickly recover – even if that means changing your server or wider infrastructure. 


Website cyber security is complex, and specific advice is not possible without knowing your business’ infrastructure. Updating software, using a WAF, setting strong user permissions, and making backups are important, but they are just the basics. 

That’s why we highly recommend having a web maintenance plan, either with your in-house IT team or a maintenance contract with an external agency. This way, your website’s security is kept up to date and you have people constantly monitoring for potential threats and fixing issues fast. Without this, the potential for hugely costly data breaches is all too real. 

Cyber security glossary

Antivirus: A software program designed to detect, prevent, and remove malicious software (malware) from computer systems to protect them from security threats.

Bad actor: An individual or entity that engages in unethical, malicious, or harmful actions, in this case in the context of cybersecurity.

DNS: A Domain Name System (DNS) translates human-readable domain names (e.g. into IP addresses (IP 123.45.68). This enables computers to locate and communicate with each other on the internet.

Firewalls: A security barrier that filters and controls network traffic to protect against unauthorised access and security threats.

HTTP/2 protocol: An improved web protocol that makes web pages load faster by allowing multiple requests and responses to happen simultaneously on a single connection.

Malware: Any software intentionally designed to cause harm, steal data, or disrupt computer systems and networks.

Security patching: The process of applying updates or fixes to software, operating systems, or applications to address known vulnerabilities and enhance security.

Software: A set of instructions and programs that enable a computer or other device to perform specific tasks, processes, or functions.

Web app: A software program or application that is accessed and operated through a web browser and provides various interactive functions or services to users.

A bit about Reckless
We’re an e-commerce digital marketing agency in Liverpool, Chester and Manchester. We support brands with custom website builds and maintenance, bespoke software development, paid media, SEO and online marketplaces. If you need support with website maintenance and cyber security, drop us a message in the form below. We’d love to chat ☕

Google, Amazon and Cloudflare have successfully stopped the largest-known online attack

In the last week, Google and Cloudflare released details of the largest ever cyber attack in terms of volume, that has ever been received. For context, Google said “the two minute attack generated more requests than the total number of article views for all of Wikipedia in September 2023”.

These attacks are used to bring the largest of websites down, causing potentially unlimited amounts in costs. Scarily, it’s believe the attack came from a (relatively) very small botnet of around 20,000 machines, whereas often large scale attacks come from hundreds of thousands, or even millions of machines. Were that to have been the case here it could have been possible to send the same amount of traffic the entire web sees to a small number of targets.

Our advice

Cloudflare protects against the vulnerability that made the attack possible. It’s a service we use for clients that sits between the internet and their servers. It filters out all the bad traffic, and speeds up requests for everyone. It’s completely free to use (they have a paid tier which unlocks some extra features), and we highly recommend it. All clients who were already on Cloudflare are already protected against the attack (named “HTTP/2 Rapid Reset”), and we’re patching servers for all other clients.

If you’re not already on Cloudflare, we highly recommend it and can help you move over.

A bit about Reckless
We’re an e-commerce digital marketing agency with offices in Liverpool, Chester and Manchester. We help brands grow through custom websites, bespoke software development, paid media, SEO and online marketplaces. If you need a hand taking your e-commerce brand to the next level, get in touch.

Let’s talk

    Reducing shipping costs has become a key concern for e-commerce businesses. Finding the balance between providing exceptional customer service and optimising operational expenses has never been more critical.

    Exploring commercial shipping rates, enhancing your customer experience and streamlining your returns process are all great ways to reduce e-commerce shipping costs. In this blog, we’ll delve into how you can cut shipping costs without compromising on quality of service.

    So, how can you reduce e-commerce shipping costs?

    💸Explore commercial shipping rates

    A common mistake many brands make is continuing to ship with public rates when commercial rates are available via shipping wholesalers. Commercial rates are generally 10% cheaper, but can be up to 140% cheaper than buying directly from a courier. Here’s a quick example to highlight the cost difference between Royal Mail vs Despatch Bay, and Evri vs TransGlobal.

    🚛 Talk to couriers

    If sales start to build, you may be able to negotiate with couriers directly and receive better prices, shipping times and collections. For example, if you’re selling with Amazon, you can receive excellent rates by joining Amazon logistics:

    How to reduce e-commerce shipping costs
    Amazon Logistics rates – August 2023

    You’ll need to be shipping at least 200 units a day to be considered for Amazon, DPD or Evri’s logistics services, but it may be worth building these prices into your product margins and seeing if you can push sales further to qualify.

    Whichever you choose, make sure they’re a logistics partner you trust and that compliments your customer’s buying journey. When visitors are considering buying from your website, they’ll want to know which delivery dates and shipping methods you offer so make these crystal clear. 

    Post purchase, they’ll want tracking numbers, delivery dates and times. Most prominent courier and logistics companies use automated emails or SMS, but make sure they’re available because delivery can make or break whether a customer comes back to your brand. Let’s face it, nobody wants to wait weeks for something they’ve bought and have no idea when it’ll turn up. 

    🆓Offer a free shipping threshold

    Offer free shipping for orders above a certain threshold. This encourages customers to buy more so they qualify for free shipping and as a result, increases your average order value (AOV) and potentially covers the shipping costs.

    However, make sure you research what your realistic free shipping threshold should be. Quite often many retailers succeed in increasing their AOV but cut deep into their margin. As the saying goes, revenue is vanity, profit is sanity.

    Here’s a quick explanation on how to ensure your free shipping threshold is sane:

    🧮Calculate your AOV (excluding shipping costs). For example £20
    💸Determine your average shipping costs. For example, £5.00
    💰Calculate your gross profit margin. For example, 25%
    📨Propose a free shipping threshold. For example, £25.00 

    Now that you have a proposed free shipping threshold, put it to the test: 

    🧮Determine the difference between the free shipping threshold and the AOV (£25 – £20 = £5)
    🫰Multiply the difference by the gross profit margin (£5.00 * .25 = £1.25)
    💷Subtract the result from the average shipping cost (£5 – £1.25 = £3.75)

    In this case, you’ll end up paying £3.75 per order to cover the free shipping which is over 60% of your increased gross profit margin. A bit too big of a hit to your bottom line.

    Let’s try again with a £30 proposed free shipping threshold:

    🧮Determine the difference between the free shipping threshold and the AOV (£30 – £20 = £10)
    💰Multiply the difference by the gross profit margin (£10.00 * .25 = £2.50
    📨Subtract the result from the Average Shipping Cost (£5.00 – £2.50 = £2.50) 

    In this case, you’re going to pay £2.50 per order to cover the free shipping, which is 33% of your increased gross profit margin. A much healthier balance of profit to increase AOV, whilst offering your customers increased value and incentive to buy.

    Of course, all this is theoretical. A lot depends on the weight and size of your items, and the shipping rates available to your business. However, the key message is to think carefully and do the calculations.

    ⏲️Show your estimated delivery times

    Integrate real-time shipping calculators into your online shop that provide accurate shipping quotes based on your customer’s location and order details. This not only prevents undercharging for shipping (hello, Scottish Highland and Northern Irish orders!) but it encourages customers to buy when they can plan their purchase around their day to day life.

    How to reduce e-commerce shipping costs
    Example of estimated delivery times and dates

    This can be a particularly effective way to increase your margin too when offering a Standard and Express/Next Day/Name Day shipping. Customers will be willing to pay a little extra to receive the certainty of the item arriving on a particular day, cutting down your e-commerce shipping costs.  

    🗃️Add marketing materials into your boxes

    Upsell to your customers by including marketing materials or promotional offers in your packages to encourage repeat business and offset shipping costs. This can be particularly effective when trying to acquire customers from one platform to another (warning, do not try this with Amazon orders, as this could lead to an account wide penalty).

    How to reduce e-commerce shipping costs. Example of marketing materials for Feeds & Seeds.
    Marketing materials for Feeds & Seeds
    📨Streamline your returns process

    Implementing a streamlined return management process to reduce the costs associated with processing returns and exchanges is an effective way to keep e-commerce shipping costs down.

    It could be as simple as having a clearly structured returns policy, or as advanced as a returns portal that deals with all returns and exchanges for you. Either way, having a dedicated system to deal with customer returns is vital when trying to reduce costs. Here’s a great example by Mountain Dog.

    How to reduce e-commerce shipping costs.
    Mountain Dog’s returns management portal

    Instead of a customer having to contact a customer service agent, they just simply pop in their order number, email and the reason they’re making a return. If it matches a certain criteria for a paid return, the portal will produce a return label. If not, the customer will be instructed to process the return at their cost.

    As you can imagine, every eventuality has been thought out and this tool likely saves Mountain Dog precious operational costs while also making the returns process more convenient for the customer.

    🏭Use third-party fulfilment centres

    Utilise third-party fulfilment centres that are strategically located to reduce shipping distances. They can handle order processing, picking, packing, and shipping on your behalf, often more efficiently and cost-effectively.

    This can be particularly effective if you want to continue selling to areas like Northern Ireland, Scottish Highlands and the various island locations dotted around Britain’s coasts. These locations can be quite expensive to ship to, often costing two times the cost of shipping. To reduce the costs of shipping to these areas, consider fulfilment centres like Huboo, Whistl, Fulfilment Lab or Shft Fwd. 

    A bit about Reckless
    We’re an e-commerce digital marketing agency with offices in Chester, Liverpool and Manchester. We help brands grow through custom websites, bespoke software development, paid media, SEO and online marketplaces. If you need a hand taking your e-commerce brand to the next level, get in touch 👇

    Let’s talk