Since I last wrote about the privacy updates that are mandated by the EU to cover website traffic on American websites by EU nationals, much has happened.
Several clients have shared their thoughts with us on why the sudden change. Some are listed below.
“I do feel lucky about not getting caught, but also want to be safe.”
“I’ve just had a lawyer call me and I feel like I need immediate action on the privacy updates as I don’t want to end up in court on a new matter.”
As for me, my perspective is that it is not expensive or hard to do the implementation to be in compliance with the GDPR. I am risk adverse and feel that eventually the US will institute some controls so we will be ahead of the game by changing our own websites now.
Errors, they may your heart beat faster and stomach clench especially when they impact your website. But, not all errors that are reported in plugins such as Yoast or even WordFence are real errors.
For example, today the Yoast SEO plugin flagged my site as not having a home page that was visible to search engines. But on additional testing and review of files; both the robots.txt and .htaccess file there was not issue. Additionally, on testing in the Google fetch feature in the Google Search Console – no errors were triggered. The Google bot was fully allowed even though Yoast said it was not.
Sometimes errors you see are false positives. But, that does not mean you can simply mark them as ignored or disregard them all together.
All website errors should be reviewed and corrected if found to be true. Don’t guess make sure that you do not have a problem each time one is brought to your attention.
Hackers, how do they get in to your website and hosting account? In today’s wild web, it just seems like sometimes you can’t keep hackers out!
Here’s what happened recently to me. I set up a new hosting account at a quality hosting service (not GoDaddy). The same day I loaded the site files, the site was hacked. Files were loaded and links to malware installed in newly created pages that mirrored my own site pages but with a .shtml instead of .html.
The host told me that all was secure and although the site was in a shared hosting environment that their network was not where the hack came in.
The only thing that I can possibly think of that caused the problem for this non-WordPress site is I emailed the passwords to the client. What the client did with the logins, I do not know. I am not sure if he even tried to login, but doubt it.
The host said that possibly a hacker got into the site via a field in the contact form, but there is a Captcha and tests for validity of information and on top of that no database connection for the form. I am mystified!
What I do know is that sometimes you just do not know how hackers get in, could they tunnel in from the host? Could they intercept logins by email? Could they be trawling the web for new hosting set ups and attack them? Your guess is as good as mine.
One thing I do know is that there is a new hack for WordPress websites that targets new hosting accounts where WordPress installation has not been completed. There are bots that are scanning the web for these new sites and coming in via WordPress setup files and taking control of hosting. Could this type of attack possibly be what I experienced? It is possible.
What I do know if that prompt action to clean up, wipe the server, and change all passwords for hosting and FTP and also no longer emailing logins is our newest protocol.
Moving to a new web host? Here are my top tips on quickly moving with a minimum of downtime for HTML and PHP (non-database driven) websites.
Know Before You Go
Make sure you know what is going on with your site before you go. What are you using at your old webhost? Email? Script? When you repoint your domain to your new host, anything that you had at your old host is wiped. That means you will have to set up email accounts, any scripts, and any other things you have been using. Make sure before you move, that your webmaster does their due diligence and make sure you are knowledgeable to inform them of what you have and are doing. Typically they can see scripts that run your website, but may not know of your mail server set up.
Use a Web Host that Provides a Temporary Domain
I like Hostway, when I set up a new domain that is owned or pointed elsewhere, Hostway gives me a temporary domain to use. I can load files and even test scripts and make any changes I need to before I move a domain and go live. If you don’t see this option ask, as sometimes it can be turned on for you.
Test, Test, Test
Before launch of any site, I do extensive testing both in my clients area and then in the temporary domain. Try to get all problems resolved before you turn your new site on. It will save having headaches and frustration.
Be Prepared for Propagation
Once you repoint your domain name servers to a new web host, be prepared for propagation. Know that it takes typically 4 to 6 hours for servers to refresh and longer for small internet service providers for your domain at the new web host to be seen consistently and properly. Don’t freak out when you cannot see your site. This takes time and there is nothing you can do to speed the process.
Looking for a webmaster to help you move to a new web host? Contact us and review our webmaster services today.
GoDaddy Network Protect? What’s that? That’s what GoDaddy calls it when they take your site offline due to a high number of hack attacks on your shared server. Our client has now been down two days. GoDaddy says it will allow the website to be seen when the hack attacks stop and they can turn off the GoDaddy Network Protect.
Wow, that is bad. Could your business afford to be offline two+ days with no end in site? I just have to challenge the type of network protection that GoDaddy has in place if they are constant targets of hackers. Either they are not policing their customers or not properly securing their shared hosting environments. You would think that they would have security in place to protect their business.
If you are hosted at GoDaddy, you can remediate this issue when your website is blocked due to a Network Protect action by buying a dedicated IP address. I just did that for our client who was under a Network Protect and could see his site online in about two hours.
I do have to say that after one of my domains was blacklisted due to a hacked site on my GoDaddy shared hosting environment server and now this situation with a customer, I will only recommend using GoDaddy as your host if you do not want to move or if you get a dedicated IP address for about $75 a year on top of your hosting.
Better yet, consider a different web host who takes security more seriously than GoDaddy.
Are you moving your law website away from FindLaw.com due to high monthly payments; sometimes over $2,800? You are not the only law firm that is planning ahead to move out!
As a professional internet marketing consultant, I find it very hard to believe that a $2,800 a month charge is not “bringing home the bacon” in regards to leads. Although FindLaw.com may be the perfect place for some law firms, I have one firm I am working with right now that does not feel that way and has complained about the high costs and low lead numbers.
We are moving this firm away from FindLaw.com and here are some tips to consider if you are considering moving out as well.
Do not wait until the last minute.
FindLaw.com requires a 90 day notice that you are leaving. Don’t miss this deadline or you will be forced to renew another year. That’s what happened to our client. He was so aggravated, that he made a note on his calendar for the next year and contacted us to move.
When you decide to move get started on a new website.
Don’t wait to get started on a new site. You may need 90 days to get your new site up. Although FindLaw says that the site you paid for and “own” (minus all their scripting that makes it work and images that makes your site beautiful) is yours to move, I can tell you that the static site is nearly worthless and you may pay more to try to fix it than to simply start over.
Consider the static site they give you as a temporary “Band-Aid”
The static site we got has missing scripts, missing images, the code is one huge glob, not even readable, navigation elements are missing or in our client’s case weirdly commented out to not show in the source code. Consider this a site you can use only after significant cleanup for one to max. two years.
Push hard and early to get your static site sent to you.
We had to push the FindLaw rep to give us the static site 70 days out from stopping services to allow us time to try to fix anything we could. What we got I would call marginal. Don’t let them give you the static site a few days before you leave. Your webmaster will need a minimum of 30 days to work it over for it to work and look “good”.
Make sure to check back Wednesday for more on moving your site out of FindLaw.