Blog

We are urging all clients to enable "2FA" (2 factor authentication) for any web-related dashboards:

• Domain registration (e.g. GoDaddy supports it, Network Solutions not yet)
• Hosting control panel (e.g. InMotion, SiteGround)
• CMS control panel (e.g. Joomla, Wordpress, Drupal)
• Newsletter / Subscriber (e.g. Mailchimp supports it, Constant Contact not yet)
• Google (Analytics, Adwords, Adsense, Webmaster Tools, etc.)

A few articles that I want to share:

• SEMrush SEO Writing Assistant - Plugin for Google Docs - checks your content for SEO friendliness on the go
• GDPR, Data Protection, and You: It's not just for the EU and California!  How to create a "compliance plan" when it comes to storing sensitive information, obtaining consent, and managing that data.  
• It's Not About SSL Certificates: Clarifies a common misconception that adding an SSL certificate makes your site more secure.  Incorrect!  It makes the traffic to and from your site more secure, but doesn't help with software / server / plugin vulnerabilities.  
• Multi-Column Editing in Joomla: For any clients who want to be able to edit multi-column content using a clean, responsive, browser-based content editor

Apple and Google are both rolling out significant updates to their respective "Map" apps.  Here is a quick recap:

1. Google Maps will be moving the "Contribute" feature to a more prominent location, making it easier for users to post reviews and other information. Previously, this was hidden in a menu. This implies that Google Reviews that users post for your business will become a much more important factor in local / map / business searches.  (Source)
   
   
2. Apple is releasing a full redesign: Apple started out by incorporating Google Maps into its mobile platform. In 2012, they parted ways when Apple introduced its own Map app.  In case you weren't aware, Apple uses Yelp data for listings and reviews. This means that it's important to have a well-built Yelp business profile, so that anyone on an Apple device who uses the Apple Maps instead of Google Maps is able to find you!  (Source)

Question:
Our site has been up and running with out any problems since for years! Do I really need to patch my Wordpress (Joomla, Drupal) site?

Answer:
I agree! For over 10 years, many people have been getting away without patching their websites, they've been lucky!

Todays' article includes a screenshot of a typical Wordpress site. This person hired someone else to build their Wordpress site, and it was never patched. Their site was built in 2017 and hacked in 2018 & 2019...

Three scary aspects of having your business listing "Suspended" by Google, after personally going through the experience with my wife's house cleaning business:

1. Google will not notify you when your listing gets suspended,
2. Google will not tell you why it was suspended, and
3. Google won't coach you through getting it un-suspended.

You can sign in to your GMB account and submit an "appeal" to have it reviewed by someone at Google (presumably a human being), but that doesn't guarantee anything. If they review your listing and it is still in violation of Google's terms of service, you'll find yourself sitting around for days (weeks?) wondering if your business listing will ever come back online.  The reason that Google won't "coach" you through changing your listing to bring it into compliance is they don't want to directly educate people on how to game the system.

The new tool temporarily block URLs from showing in Google, it shows outdated content and content filtered by SafeSearch.

Google has launched a new removals tool within Google Search Console. This tool does three things (1) lets you temporarily hide URLs from showing in Google search, (2) show you which content is not in Google because it is “outdated content” and (3) shows you which of your URLs were filtered by Google’s SafeSearch adult filter.

Scam Alert!  I just received this earlier this morning from a company who tried to trick me into renewing my domain registration with them and paying extra for search engine registration - two separate items that aren't typically combined:

Subject: Domain Notification for (redacted).com : This is your Final Notice of Domain Listing
Date: Wed, 18 Dec 2019 07:43:56 -0800
From: (redacted).com Support <This email address is being protected from spambots. You need JavaScript enabled to view it.>
To: (redacted)

A few clients have asked about whether they should use the backup system provided by their hosting company to backup their websites.

Specifically they were asking about InMotion Hosting’s new Backup Manager that is rolling out across their servers.  

I'm torn on this. Part of me is saying that you can't have too many backups.

System Preferences -> Software Update -> Advanced -> Uncheck -> "Automatically: Check for Updates"

Related:
Google Is Rolling Out Quote Request Buttons on GMB for Branded Searches

1.  Sign into your Google My Business management area here and confirm your Google account is properly managing the business on Google Maps:

https://www.google.com/business/

2.  Install the Google My Business app one your smart phone.

Out of the box, Drupal can email you notifications whenever there are security patches available.  These are some common questions that I receive from my clients about installing these patches: 

Should I go ahead and click update?

If the security updates are for Drupal "Modules" then yes, you can install the updates right through the Drupal admin panel.  For updating the Drupal Core software, this needs to be done at the server-level (hosting account). 

Since Google has phased out old recaptcha (v1), some of our clients reported that their old Joomla 1.5 installs are suffering - getting spammed, now that they no longer have a decent captcha available.  While we realize that Joomla 1.5 sites should be upgraded to the latest version, not all clients are willing, or able to afford this.  

Here’s how to submit a Google My Business spam complaint:

1. Click here to head to the form (you’ll want to bookmark it as it’ll soon become your best friend)
2. Read the guidelines linked to in the form’s introduction carefully. This is what the Google staffer reading your form will judge your complaint against, so you need to make sure what you’re claiming is misleading or fraudulent is specifically at odds with something in these guidelines.
3. Enter your information. Even if you’re a local marketing consultant or agency representing another business, you’ll need to enter your name and email address.
4. If you’re submitting just one complaint, select the fraudulent content in question (Title, Address, Phone number, or Website) and add the public GMB URL in the field below. (More than one type of content to complain about? Sorry to say this, but it appears that you’ll have to submit multiple forms).
5. If you’re submitting more 1-10 complaints about different businesses but the same content type, select the content in question and then add multiple URLs by clicking ‘Add additional’ after you’ve added the first.
6. If you’re submitting more than 10 complaints about different businesses but the same content type, you can use the form’s bulk CSV upload feature to submit a spreadsheet of all URLs (up to 100).
7. Now for the fun part: write, in detail, why the content is malicious or fraudulent. I can’t stress enough how important the level of detail is. Google Gold Product Expert Ben Fisher championed those who gave great amounts of detail when submitting spam to the GMB forum in a recent webinar, and we can only assume that Google’s own team require a similar level of detail. Write clearly, professionally and respectfully, and be make sure to refer to how the subject of your complaint is contravening the aforementioned Google guidelineswhere possible, to make the Google staffer’s job a little easier. If you’re reporting multiple incidents of spam, it makes sense to have those exhibiting the same bogus characteristics (e.g. keyword stuffing in business name) grouped together in one complaint to save you having to submit multiple reports.
8. Take one last look through the completed form.
9. Rub a lucky rabbit’s foot.
10. Click ‘Submit’.

I recently started using Gusto payroll processing service and wanted to share a quick review.  I think it's a great system.

For $45 + $6/employee / month it gets you weekly direct deposit, it keeps track of vacation time, overtime, bonuses, tips, deductions, AND all of the employer / employee taxes.  Plus it integrates with my Quickbooks software, I can download a simple IIF file each payroll and Gusto plugs all of the data into Quickbooks.  Plus, Gusto handles all of our W2 and employee data, so I don't have to worry about it.  

You may have noticed a red warning message in your Joomla admin panel saying something like this:

Error
We have detected that your server is using PHP 5.6.x (or PHP 5.4.x or PHP 7.0.x) which is obsolete and no longer receives official security updates by its developers. The Joomla! Project recommends upgrading your site to PHP 7.1 or later which will receive security updates at least until 2019-12-01. Please ask your host to make PHP 7.1 or a later version the default version for your site. If your host is already PHP 7.1 ready please enable PHP 7.1 on your site's root and 'administrator' directories – typically you can do this yourself through a tool in your hosting control panel, but it's best to ask your host if you are unsure.

I recently heard a story of a business that got caught with fake reviews on Yelp. They were also an advertiser spending thousands of dollars a month on ads. When they got caught, Yelp canceled their ad account and told them they would be demoting the listing’s ranking for 6 months. After that time, they would re-evaluate, but there was no guarantee that things would go back to how they were before. Yelp’s stance on fake reviews couldn’t be more completely opposite of Google’s. Here are a few ways they differ when it comes to approaching businesses caught with fake reviews:

1. Yelp issues a ranking penalty, Google does not.

2. Yelp stops the business from advertising, Google does not.

This is a free "K2 Content Module" template override for the Joomla component K2 that can be used with any Joomla 1.5, 2.5, or 3.x site. 

Download the template override files attached to this post and upload them into your Joomla template here:

/templates/your-template/html/mod_k2_content/

So the full path will look like this:
/templates/your-template/html/mod_k2_content/C2-Optimized/default.php

This video demonstrates how to use Joomla and K2 to deliver email notifications to your contact list using Mailchimp - you can specify in Mailchimp how frequently (monthly, weekly, etc) and on which day and time you want the emails to be delivered. 

The video below will demonstrate how I used Joomla + K2 to build an advanced, custom home page layout using regular Joomla modules.  This customization and technique will work on any Joomla 1.5.x, 2.5.x or 3.x site.  

Download the template override files attached to this post and upload them into your Joomla template here:

/templates/your-template/html/com_k2/

So the full path will look like this:
/templates/your-template/html/com_k2/home-override/category.php

Now would be a good time to remove the "Google+" profile link from your website, if you haven't already.

Original Article:

Google is about to have its Cambridge Analytica moment. A security bug allowed third-party developers to access Google+ user profile data since 2015 until Google discovered and patched it in March, but decided not to inform the world. When a user gave permission to an app to access their public profile data, the bug also let those developers pull their and their friends’ non-public profile fields. Indeed, 496,951 users’ full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status were potentially exposed, though Google says it has no evidence the data was misused by the 438 apps that could have had access.

The company decided against informing the public because it would lead to “us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal,” according to an internal memo. Now Google+, which was already a ghost town largely abandoned or never inhabited by users, has become a massive liability for the company.

[Full Article]

See Also:

• Google is shutting down Google+ following massive data exposure
• Google to shut down Google+ after failing to disclose user data breach