Blog

For anyone wondering if their Twitter feeds are doctored...

Public Service Announcement:
Beware of the latest Craigslist scam, where they attempt to gain access to your Google account by tricking you into sending them the two-factor authentication codes!

While the GDPR laws are written for EU countries, many of my enterprise-level clients have been asking me to add scripts and plugins related to addressing these basic rights:

1. The right to access.
2. The right to be forgotten.
3. The right to data portability.
4. The right to be informed.
5. The right to have information corrected.
6. The right to restrict processing.
7. The right to object.
8. The right to be notified.

(original article)

Ecommerce site’s “blind trust” makes the service a perfect place to dump data.

Hackers are abusing Google Analytics so that they can more covertly siphon stolen credit card data out of infected ecommerce sites, researchers reported on Monday.

Payment card skimming used to refer solely to the practice of infecting point-of-sale machines in brick-and-mortar stores. The malware would extract credit card numbers and other data. Attackers would then use or sell the stolen information so it could be used in payment card fraud.

ZOOM, THE video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

With millions of people around the world working from home in order to slow the spread of the coronavirus, business is booming for Zoom, bringing more attention on the company and its privacy practices, including a policy, later updated, that seemed to give the company permission to mine messages and files shared during meetings for the purpose of ad targeting.

We are urging all clients to enable "2FA" (2 factor authentication) for any web-related dashboards:

• Domain registration (e.g. GoDaddy supports it, Network Solutions not yet)
• Hosting control panel (e.g. InMotion, SiteGround)
• CMS control panel (e.g. Joomla, Wordpress, Drupal)
• Newsletter / Subscriber (e.g. Mailchimp supports it, Constant Contact not yet)
• Google (Analytics, Adwords, Adsense, Webmaster Tools, etc.)

A few articles that I want to share:

• SEMrush SEO Writing Assistant - Plugin for Google Docs - checks your content for SEO friendliness on the go
• GDPR, Data Protection, and You: It's not just for the EU and California!  How to create a "compliance plan" when it comes to storing sensitive information, obtaining consent, and managing that data.  
• It's Not About SSL Certificates: Clarifies a common misconception that adding an SSL certificate makes your site more secure.  Incorrect!  It makes the traffic to and from your site more secure, but doesn't help with software / server / plugin vulnerabilities.  
• Multi-Column Editing in Joomla: For any clients who want to be able to edit multi-column content using a clean, responsive, browser-based content editor

Apple and Google are both rolling out significant updates to their respective "Map" apps.  Here is a quick recap:

1. Google Maps will be moving the "Contribute" feature to a more prominent location, making it easier for users to post reviews and other information. Previously, this was hidden in a menu. This implies that Google Reviews that users post for your business will become a much more important factor in local / map / business searches.  (Source)
   
   
2. Apple is releasing a full redesign: Apple started out by incorporating Google Maps into its mobile platform. In 2012, they parted ways when Apple introduced its own Map app.  In case you weren't aware, Apple uses Yelp data for listings and reviews. This means that it's important to have a well-built Yelp business profile, so that anyone on an Apple device who uses the Apple Maps instead of Google Maps is able to find you!  (Source)

Question:
Our site has been up and running with out any problems since for years! Do I really need to patch my Wordpress (Joomla, Drupal) site?

Answer:
I agree! For over 10 years, many people have been getting away without patching their websites, they've been lucky!

Todays' article includes a screenshot of a typical Wordpress site. This person hired someone else to build their Wordpress site, and it was never patched. Their site was built in 2017 and hacked in 2018 & 2019...

Three scary aspects of having your business listing "Suspended" by Google, after personally going through the experience with my wife's house cleaning business:

1. Google will not notify you when your listing gets suspended,
2. Google will not tell you why it was suspended, and
3. Google won't coach you through getting it un-suspended.

You can sign in to your GMB account and submit an "appeal" to have it reviewed by someone at Google (presumably a human being), but that doesn't guarantee anything. If they review your listing and it is still in violation of Google's terms of service, you'll find yourself sitting around for days (weeks?) wondering if your business listing will ever come back online.  The reason that Google won't "coach" you through changing your listing to bring it into compliance is they don't want to directly educate people on how to game the system.

The new tool temporarily block URLs from showing in Google, it shows outdated content and content filtered by SafeSearch.

Google has launched a new removals tool within Google Search Console. This tool does three things (1) lets you temporarily hide URLs from showing in Google search, (2) show you which content is not in Google because it is “outdated content” and (3) shows you which of your URLs were filtered by Google’s SafeSearch adult filter.

Scam Alert!  I just received this earlier this morning from a company who tried to trick me into renewing my domain registration with them and paying extra for search engine registration - two separate items that aren't typically combined:

Subject: Domain Notification for (redacted).com : This is your Final Notice of Domain Listing
Date: Wed, 18 Dec 2019 07:43:56 -0800
From: (redacted).com Support <This email address is being protected from spambots. You need JavaScript enabled to view it.>
To: (redacted)

A few clients have asked about whether they should use the backup system provided by their hosting company to backup their websites.

Specifically they were asking about InMotion Hosting’s new Backup Manager that is rolling out across their servers.  

I'm torn on this. Part of me is saying that you can't have too many backups.

System Preferences -> Software Update -> Advanced -> Uncheck -> "Automatically: Check for Updates"

Related:
Google Is Rolling Out Quote Request Buttons on GMB for Branded Searches

1.  Sign into your Google My Business management area here and confirm your Google account is properly managing the business on Google Maps:

https://www.google.com/business/

2.  Install the Google My Business app one your smart phone.

Out of the box, Drupal can email you notifications whenever there are security patches available.  These are some common questions that I receive from my clients about installing these patches: 

Should I go ahead and click update?

If the security updates are for Drupal "Modules" then yes, you can install the updates right through the Drupal admin panel.  For updating the Drupal Core software, this needs to be done at the server-level (hosting account). 

Since Google has phased out old recaptcha (v1), some of our clients reported that their old Joomla 1.5 installs are suffering - getting spammed, now that they no longer have a decent captcha available.  While we realize that Joomla 1.5 sites should be upgraded to the latest version, not all clients are willing, or able to afford this.  

Here’s how to submit a Google My Business spam complaint:

1. Click here to head to the form (you’ll want to bookmark it as it’ll soon become your best friend)
2. Read the guidelines linked to in the form’s introduction carefully. This is what the Google staffer reading your form will judge your complaint against, so you need to make sure what you’re claiming is misleading or fraudulent is specifically at odds with something in these guidelines.
3. Enter your information. Even if you’re a local marketing consultant or agency representing another business, you’ll need to enter your name and email address.
4. If you’re submitting just one complaint, select the fraudulent content in question (Title, Address, Phone number, or Website) and add the public GMB URL in the field below. (More than one type of content to complain about? Sorry to say this, but it appears that you’ll have to submit multiple forms).
5. If you’re submitting more 1-10 complaints about different businesses but the same content type, select the content in question and then add multiple URLs by clicking ‘Add additional’ after you’ve added the first.
6. If you’re submitting more than 10 complaints about different businesses but the same content type, you can use the form’s bulk CSV upload feature to submit a spreadsheet of all URLs (up to 100).
7. Now for the fun part: write, in detail, why the content is malicious or fraudulent. I can’t stress enough how important the level of detail is. Google Gold Product Expert Ben Fisher championed those who gave great amounts of detail when submitting spam to the GMB forum in a recent webinar, and we can only assume that Google’s own team require a similar level of detail. Write clearly, professionally and respectfully, and be make sure to refer to how the subject of your complaint is contravening the aforementioned Google guidelineswhere possible, to make the Google staffer’s job a little easier. If you’re reporting multiple incidents of spam, it makes sense to have those exhibiting the same bogus characteristics (e.g. keyword stuffing in business name) grouped together in one complaint to save you having to submit multiple reports.
8. Take one last look through the completed form.
9. Rub a lucky rabbit’s foot.
10. Click ‘Submit’.

I recently started using Gusto payroll processing service and wanted to share a quick review.  I think it's a great system.

For $45 + $6/employee / month it gets you weekly direct deposit, it keeps track of vacation time, overtime, bonuses, tips, deductions, AND all of the employer / employee taxes.  Plus it integrates with my Quickbooks software, I can download a simple IIF file each payroll and Gusto plugs all of the data into Quickbooks.  Plus, Gusto handles all of our W2 and employee data, so I don't have to worry about it.  

You may have noticed a red warning message in your Joomla admin panel saying something like this:

Error
We have detected that your server is using PHP 5.6.x (or PHP 5.4.x or PHP 7.0.x) which is obsolete and no longer receives official security updates by its developers. The Joomla! Project recommends upgrading your site to PHP 7.1 or later which will receive security updates at least until 2019-12-01. Please ask your host to make PHP 7.1 or a later version the default version for your site. If your host is already PHP 7.1 ready please enable PHP 7.1 on your site's root and 'administrator' directories – typically you can do this yourself through a tool in your hosting control panel, but it's best to ask your host if you are unsure.