Just Launched

Summerland Winery website homepage

We’re proud of our latest winery website, SummerlandWine.com. We’ve created a one-of-a-kind experience for visitors that conveys the fun side of Summerland Winery.

The winery’s website is built on WordPress and Vin65. WordPress manages the Retail/Restaurant finder, the recipes section, most of the pages, all of the events, and all of the posts. The Vin65 portion of the site manages the online wine shop, email subscriptions, club signups and account management.

There’s even a custom post type for the Dogs of Summerland Winery where website visitors can post their dog (including photo) to the dog wall.

Take a closer look at the new Summerland Winery website, brochure, label, and tasting room design in Our Work.

Tarfoot is Santa Barbara’s Only Certified Vin65 Designer

Vin65 logo

We’re excited to share the news that we’re now a Vin65 Certified Designer! In fact, we’re the only Certified Designer for Vin65 in Santa Barbara!

You can see some of our recent Vin65 work for Carr Winery and Happy Canyon Vineyard.

Stay tuned for some exciting news about our focus on this industry and the changes that are happening in the technology areas of wineries.

My History in the Vines

Vineyard and Oak from the Central Coast AVAs

It’s no secret to those that know me that wine is and has always been a big part of my life. From the time I was little, I can remember counting the bottles (and losing count) of the bottles in my parents wine cellar. They would make a few treks to Europe every year and restock the cellar at our home in Santa Maria. One of the first vacations I can remember was a trip to Germany, Austria, Switzerland, and Italy. I can still remember riding on the barge on the the Rhine river and visiting the intersection of the Rhine and the Moselle. Even at the early age of eight, I can remember how steep the hillsides along the rivers were. I tried to imagine how hard it must have been to tend to the vines.

In my later high school years, I took classes at Hancock College in Santa Maria to study viticulture and enology. A close friend of mine, Matt – who now works up in Napa managing vineyards – had a greenhouse in his backyard and we would endlessly argue the merits of the various canopy systems in vineyards and the best practices for maximizing fruit production. Around the age of 17 or 18, we started visiting the wineries, tasting rooms, and caves on the Central Coast of California. I can recall visiting the tasting room at Sanford Winery when it was owned by Richard and consisted of only a tiny shack in the Sta Rita Hills AVA. Tastings were free, you were allowed to keep the glass as a gift, and the sign outside the tasting room reminded visitors “Please don’t feed the fat dog.” I continued to learn about winemaking and vineyard management throughout my time at Cal Poly in San Luis Obispo during my studies in Graphic Communications; not as a career path, just for fun.

Fast forward 20 years and here I find myself in beautiful Santa Barbara and in the middle of one of the hottest wine producing areas on the planet today. The Central Coast of California is absolutely bursting with grapes, vineyards, and wineries. I love driving from Santa Barbara to Paso Robles and seeing vineyard after vineyard where there was only dry grass decades ago.

It’s so thrilling for me because it presents me with an opportunity to marry my love of marketing, technology, and design with my love of wine and viticulture! I’ve enjoyed working with the Urban Wine Trail in Santa Barbara since 2012 producing the Tasting Room Map/Brochure, the Passport and promotional materials for Passport Weekend, and the Urban Wine Trail website.

We recently designed and launched CarrWinery.com  (built on Vin65 and WordPress) for Carr Vineyards and Winery here in Santa Barbara and Santa Ynez. They’ve always been one of our favorite Santa Barbara Wineries. Take a browse and stop in to say “hi!” I know they’ll be glad to share their story with you.

Simple Tips to Help Secure Your WordPress Website

WordPress Hacking is on the Rise

Alert Icon

We’ve been hearing more and more about security issues on WordPress websites from people contacting us to help lock down their websites. Just this last week we’ve had 3 new clients come to us to help remove malware infections. Wordpress is by far the most popular content management platform on the web and unfortunately, when you’re at the top of the mountain, a lot of nefarious characters make you the target of their attacks. We see relentless attack attempts on websites from bots all over the world and they’re targeting the vulnerabilities and the known file structure of the out-of-the-box WordPress installation.

We stay tuned in on various security vulnerabilities on the WordPress platform. We are now seeing many sites exploited through some pretty intricate and impressive hacks. Many times these security holes can be patched with the proper setup. We’ve developed a few tricks over the years for deploying more secure WordPress websites than the average developer is capable or even aware of. Many of these tactics and methods won’t be revealed here but there are some simple steps you can take to help secure your site from the outset.

Some of the dangers of an insecure installation are:

  • Placement of Malware on your website which can infect and or redirect your links to malicious software which may harm visitors computers
  • Placement of hosted files on your system — This means you’re paying for the bandwidth to host someone else’s files
  • Placement of links on your site — Usually done to up the ranking of other sites by creating “backlinks” from your site to theirs
  • Infection of your system with MySQL injection attacks which will continue to open vulnerabilities on your website.

Not only will your customers be upset to see links to cheap pharmaceuticals on your website, but when the legitimate web crawlers index your site, they’ll likely identify this malicious software on your site and will blacklist your domain. Once you’re on the blacklist, any visitor to your site may see a message that warns them against proceeding to your website. Most visitors will turn tail immediately, as they should. It can take weeks to resolve a blacklisted status losing you valuable business opportunities.

How Do These Hacks Work?

The top two types of attacks on WordPress websites are:

  1. Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software.
  2. Attempting to gain access to your blog by using “brute-force” password guessing.

The most common brute-force attack is attempting to sign in as “admin” at www.yourdomain.com/wp-admin/. (See item 1 in the list below for more info)

How Can You Protect Your Website?

Here are a few simple steps that you can take to create a secure installation of your WordPress website:

  1. NEVER use the out-of-the-box “admin” user for your website. And we mean NEVER!!! Hackers know that many people building their own sites use this standard username. (See the screenshot of the email (right) to see a hackbot trying to sign-in with the username “admin”
  2. Only use strong passwords for all users on your WordPress website. Names, dictionary words, and obvious passwords should never be used.
  3. Be sure any computers accessing the site are free of malware — particularly key loggers that may be recording keystrokes and transmitting them to a hacker.
  4. Remove unused plugins from the site. Don’t just deactivate them. Get ridof them completely. Even deactivated plugins can create security vulnerabilities when they become outdated.
  5. Keep your website software and plugins updated. As security holes are identified by developers of the community, software publishers create updates to keep your site safe. Take advantage of their knowledge and update your software.
An email alert from Wordfence on a WordPress website
A typical email alert from Wordfence showing that a user or “hackbot” was blocked from accessing the site due to suspicious activity.

Some additional (not-so-easy) tips for the brave include:

  1. Turn off remote connections to your database. (For most installations, there’s no need for a database to accept incoming connections that aren’t from the web server on which the site is hosted.
  2. Purchase and install a Secure Socket Layer certificate to encrypt your connections to the WordPress dashboard.
  3. Use a secure user password for your WordPress database.
  4. Turn off comments from the outset. That is of course assuming that comments aren’t an integral part of your website. If you do want comments on your blog then navigate to Settings->Discussion in the WordPress dashboard and require all comments to be moderated. Then be smart about your moderation.
  5. Install and configure a firewall plugin. Right now we fancy Wordfence for its capabilities and ability to monitor your website while you’re out doing something better. Attacks will happen. Having a firewall in place will help prevent these attacks. And after all, burglars usually avoid the house with the security lights, deadbolts, and vicious attack dogs…they like the house that looks like no one’s guarding it.

We love receiving email alerts from our firewall packages that tell us that a specific IP address has just been blocked because it tried to login too many times unsuccessfully. Because it means that’s one less website that will succumb to the evils of some hacker or robot on the other side of the planet. And one more website that will be there tomorrow to earn revenue for its owners.

As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” Contact us right away if you think your website has been hacked or if you would like an evaluation of your website’s security.

Find more information about securing WordPress on the WordPress Codex site and be sure to learn more about the Wordfence security plugin.

Creating an Environment for Exploration

Britt Jewett at Studio 7 is one of Santa Barbara’s premier architects and allied design artists. He has a long history of work both on the central coast and across the nation that should be appreciated in person whenever possible.

Britt’s vision was to create an evironment of exploration for his website visitors. He wanted people to have fun on the site while they browsed his extensive portfolio. One of our guiding principles in designing this website was, “Less is more.”

Continue reading “Creating an Environment for Exploration”

Building a better way

One pretty cool project we recently completed was for MindClick SGM (Sustainable Growth Management).

MindClick had an interesting challenge, they needed to help connect charitable organizations like Good360.com and Habitat for Humanity with a large hotel chain to facilitate the removal of recyclable and reusable products from the hotels during remodels.

They were managing this daunting project through a series of Excel spreadsheets. The process was quickly becoming overwhelming to those working on the project.

What we designed and built was a marketplace for the reclamation of furniture, fixtures, and equipment from hotels that are remodeling. It’s crazy to think that all of this used to end up in landfills! The hotels can sign in to their accounts, post pictures of items, attach descriptions, associate contact information to their hotels for the General Contractors and the Owner’s Representatives. The hotels can even schedule construction dates and pickup dates for each half-floor.

The Reclaimers (e.g. Habitat for Humanity) can browse the site and search by hotel name or zip code. They add different items to a cart, sometimes from multiple hotels. Then they check out and an order is sent to the project administrators. MindClick then picks up the phone and schedules the rest of the details by phone.

It’s exciting to think that our work has helped reduce the amount of waste that is shipped to landfills and that we’re alleviating stress on the environment by reducing the need for new products to be made. Hats off to MindClick SGM and their HSP Index for all they do to help save our planet.

Just Launched

The Recovery Ranch web site homepage

A huge congratulations to our friends at The Recovery Ranch in Santa Ynez—a sober-living ranch nestled in the beautiful Central Coast area of California. We’re very happy to see your efforts come to fruition in the opening of your facility.

Tarfoot Consulting was chosen to help The Recovery Ranch build their website from the ground up and we worked closely with the Ranch’s Founder, Daniel Ross to turn his vision into a reality. We’re very happy to see TheRecoveryRanch.com take flight.

The Branding Design Process

I recently had a conversation with a friend who was starting her own company and needed a few assets to help build her brand—logo, business cards, etc. I showed her a few websites to help her get started with her branding efforts by utilizing the talents of designers and artists from around the world.

I can remember visiting the local print shop with my parents when I was a kid so they could have business cards made. The process was pretty involved and required a lot of telephone calls and visits to the printer to approve designs. My parents and other business at the time were limited to the resources that were available in their town. They were at the mercy of the vendors’ pricing and schedules, too.


Those times are gone because now there is a new option for people who are building their brands. It’s called crowdsourcing. Think of it as outsourcing to a crowd. Crowdsourcing is a fantastic way to find talent out on the internet. By opening the task up to a crowd of people, you’re able to find the best talent out there and reward them for their work. It’s a win-win for you and the talent!

My friend visited LogoTournament and for about $300 started a logo design contest that was open to the designers registered with LogoTournament.com. Over fifty designers worked on her logo and through a pretty intuitive rating and feedback system, she was able to communicate her likes and dislikes to the designers working on her project. She ended up with a logo that she was very happy with for a nominal fee and never once had to get into her car and waste time driving to and from her local design studio or print shop.

At Tarfoot, we use a combination of trusted designers and crowdsourcing to realize our customers’ visions. Not everyone can afford dedicated design time and that’s okay. Just because you don’t have a endless budget doesn’t mean you can’t have an effective, compelling design. Be warned, however, for novices, crowdsourcing does require a bit of patience and managing the process can sometimes consume more time than you anticipate but it’s a great way to accomplish small tasks on a budget.

The next time you have a need for something like logo design or business cards, and you want to handle it on your own, check out some crowdsourcing options rather than doing things the “old” way. I think you’ll be pleasantly surprised.

Opinion vs. Quantitative Analysis

A Matter of Opinion

At a recent meetup, I had the chance to discuss a web project with a web marketer. She lamented that her CEO had recently attended an SEO seminar and favored keyword-saturated language for the corporate website. Her option was human-friendly copy because she was sure that would produce more conversions. But they were at an impasse. Without quantifiable data on which style would convert visitors better, it boiled down to a matter of opinion. We see opinion guiding many websites. Not just in the language but in the layout, design, typography, calls to action, etc. This leads to high bounce rates, low conversions, and ultimately frustration for the site owner because the website doesn’t deliver the business they desire.

Quantify Users

One of the tricks we use at Tarfoot Consulting is A/B experimentation. Basically, two versions of a page are used in conjunction with conversion goals to determine which version of the page performs better. The experiment runs for a period of time or until results are statistically significant. The results then speak for themselves and the content or design that performs better is put into place as the default page. Here’s an example, let’s say our web marketeer ran an experiment to determine which language style led to more conversions on her website. Two versions of the home page could have two distinct styles: keyword-focused and human-focused. Each time a visitor lands on the home page of the site, they’re shown a random version. Half the visitors will get version “A” and the other half will get version “B”. Then a call to action, let’s say this is completing a sales contact form, is put in place as a conversion goal. If more people to version “B” of the home page fill out the sales contact form, then version “B” has been statistically proven to perform better than version “A”.

What else can I do?

A/B experimentation isn’t the only way to quantifiably gauge performance on a page. Heat maps are also a very useful way to see where users click on a page. Various link styles and positions leading to the same link can be placed on a page and data is then gathered on how many clicks come through each link. Heat maps are very useful visual representations of the data that make it easy to see what users are doing. Many times, we like to sit with users and do focused, user testing to learn more about how users interact with a website. We record the users eye movements, facial expressions, and voice as they navigate a set list of tasks within an web application or website. We also record everything that happens on the screen. then we review this information with our visionaries and project managers to determine what changes and/or enhancements need to happen in order to create a better experience for the user. Web strategy doesn’t work when it’s based on opinion alone. While it’s true that years of experience with the web and user interaction is very useful in the initial stages of development, continual user feedback creates a compelling website that converts visitors to customers or users and ultimately brings in revenue.  

Some Helpful Resources: