GoDaddy is one of the most popular hosting providers for small businesses, but it appears the hosting service may also be making changes to sites on its platform which could significantly slow or break sites entirely.

The service is injecting a piece of JavaScript code as part of its Real User Metrics (RUM) technology, which allows the service to track and measure the performance of websites. However, none of this information is provided to the sites on GoDaddy’s service in the form of analytics but is instead used solely by the company to improve systems and server configurations.

With this in mind, it is hard to see any benefit to continue allowing GoDaddy to install code for RUM on your site.

All US GoDaddy customers agree to opt-in to using RUM as part of the terms of service and the company does little to inform you of how it uses the technology. In a help document, the company also concedes it may have a negative impact on websites:

“Most customers won’t experience issues when opted-in to RUM, but the javascript used may cause issues including slower site performance, or a broken/inoperable website.

If you’re using Google’s AMP, you have pages ending with multiple ending tags, or your site performance is slower, you may want to opt-out of RUM.”

Considering how important site speed is to both search engines and actual consumers, it is highly likely RUM could be costing you traffic AND conversions.

Thankfully it is easy to opt-out of the RUM service if GoDaddy is your hosting provider. Just follow these steps:

  • Access your cPanel hosting account by going logging in to your cPanel and clicking on your hosting account.
  • Click the three-dot menu button, and then click “Help us.”
  • Click “Opt out.”

Once this is done, the code will be immediately removed from your site.

Google has given webmasters their final warning to convert their sites to HTTPS or be branded as “Not Secure” with a prominent message in the browser bar of all Chrome and all Chrome-based browsers after October of this year.

Why is Google doing this?

Google has been urging webmasters to switch their sites to the more secure HTTPS security protocol for years, using increasingly drastic measures. Currently, Google is denoting sites that are secure using a green icon in the browser bar. Since so many sites have now adopted the protocol, Google is taking this a step further with a prominent red warning for sites that are not secure.

What does this mean for you?

Internet users don’t give up their information easily. They have to trust that you won’t let their data be breached or misuse their information. If they see that your site is specifically “Not Secure”, they simply aren’t going to trust you with anything.

That could mean increasing bounce-rates for your website, fewer e-commerce sales, fewer newsletter sign-ups, or fewer internet-driven leads for your business.

Two-Stage Roll Out

Rather than “switching on” the security warnings all at once, Google will be rolling out the change in two steps.

First, Chrome will remove the green icon signifying safe websites from browser bars. In its place, they will temporarily leave the small lock icon in its place.

Then, beginning in October, Google will introduce the official red icon identifying sites that are “Not Secure.”

This latest warning from Google gives webmasters plenty of time to make the switch, but I advise taking action sooner rather than later. You can get started right now with Google’s HTTPS set-up guides here.

Days before Facebook CEO Mark Zuckerberg is set to testify to Congress about the social network’s role in allowing Cambridge Analytica to exploit user data, Facebook is working to make it easy to see if your information was shared with the scandal-plagued analytics firm.

Facebook has published a new section within its help center called “How can I tell if my info was shared with Cambridge Analytica.” You can also quickly find the page by simply searching “Cambridge or Cambridge Analytica” in the Facebook search bar.

If you’re logged into your Facebook account, this page will automatically inform you whether your data was potentially breached by the “This is your digital life” app.

Since information has come to light about how Cambridge Analytica has been potentially misusing user data, the company’s relationship with Facebook has come under scrutiny. In response, the social network has taken several steps to attempt to re-win the public’s trust – such as launching this latest page. It has also introduced a data abuse bounty program that allows users to report app developers that may be misusing data.

Questions will likely remain long after Mark Zuckerberg’s testimony tomorrow, but at least you can now personally check to see whether your personal account details are safe or have been exploited.

Do you have a search box or form on your website? Are you still using HTTP for your site? If so, you may want to begin the process of switching to HTTPS sooner rather than later.

Google says it is preparing to launch new efforts within their Chrome browser to encourage webmasters to migrate to HTTPS, the newer, more secure security certificate for websites. Beginning I October, the browser will begin showing warning messages to visitors on pages with search boxes or forms.

As Google says, “[in] October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

You can preview what the warning will look like in the gif below:

 

The warnings are just the latest effort by Google to encourage the adoption of HTTPS. Just recently, Chrome warned webmasters that pages with logins are now required to use HTTPS.

The end goal for Google is to mark any web page using HTTP as insecure, but it could be a lengthy process.

HTTPS
Between the countless public hacks, identity thieves, and an increasing awareness of how vulnerable personal information is, protecting customer’s personal data has become a hot-button topic over the past year.

Perhaps this may be why an increasing number of sites are switching to the more secure HTTPS web security protocol. In fact, a new report from Moz suggests the more than half of first page listings on Google are using HTTPS.

While Google has suggested site security could potentially influence a website’s ranking, Moz says the steady growth of HTTPS suggests the rise is more likely attributed to sites making the switch – not an algorithm update. Google has also stated that it has no plans to increase the weight of HTTPS on rankings in the future.

To verify the findings, Moz worked with Rank Ranger who produced almost the exact same results using its system.

Dr. Pete Meyers, who reported the findings for Moz, believes up to 65% of front page results on Google could be using HTTPS by the end of the year. This is entirely possible, given that Chrome is set to begin marking non-HTTPS pages as non-secure if they ask for personal information such as a password or credit card information.

Interestingly, the growth of HTTPS appears to be fairly equal across markets. The results suggest approximately half of the biggest names in Google search results have adopted the security protocol, while newer pages are using HTTPS because it is inexpensive and easy to use.

As part of its #NoHacked campaign to raise awareness and prevent site hacking, Google released its latest annual review of hacked sites this week. As the data shows, site hacks will continue to be a major issue for webmasters for the foreseeable future.

From 2015 to 2016, the number of hacked sites grew by 32%. According to Google, hackers are becoming more aggressive but many webmasters are also letting down their guards. Instead of proactively keeping their site and security up to date, a significant number of webmasters are letting their sites become vulnerable and outdated. These sites are easy targets for hackers.

While the number of sites getting hacked is on the rise, Google is willing to show forgiveness to those affected. The company says it approved 84% of reconsiderations requests from webmasters who have cleaned up their site from any hacking. However, Google also says it was unable to inform over half (61%) of affected site owners because their sites were not verified in Search Console.

What To Do If Your Site Has Been Hacked

In addition to the report, Google has also released several new documents aimed at educating webmasters about what to do if your site gets hacked and how to protect yourself.

These new help documents recently released by Google include:

The company has also released help documents focused on specific types of common site hacks, such as Gibberish Hacks, Japanese Keyword Hacks, and Cloaked Keywords Hacks.

How To Prevent Site Hacks

As always, an ounce of prevention is worth a pound of cure. Google’s top recommendation for facing the epidemic of site hacking is to avoid letting it happen in the first place. Specifically, they suggest keeping all software and plug-ins on your site up-to-date and keeping an eye on any announcements from your Content Management System (CMS) provider.

Also, be sure your site is verified in Search Console so Google can notify you in the event your website does get hacked.

Giving your visitors a place to comment on content or in a forum on your site is a great way to encourage interaction and build a bond with potential customers. But, it can be a headache trying to keep any sort of open comment area clean from spammers, trolls, and other sorts of nogoodniks.

This creates two different problems. If visitors see your pages and blog posts are followed by nothing but spam and other types of website vandalism, they’re likely to think less of your brand and potentially move on to someone else. Additionally, you can even get penalized by search engines like Google if it detects an abundance of spam or malicious links or code on your site.

So what can you do to keep your forums and blog comments clean of those seeking to use the opportunity for their own ends without shutting it all down? Google recently offered a few tips to make sure the only comments and posts your visitors see are from real humans interested in building a valuable discussion around your brand and products:

  • Keep your forum software updated and patched. Take the time to keep your software up-to-date and pay special attention to important security updates. Spammers take advantage of security issues in older versions of blogs, bulletin boards, and other content management systems.
  • Add a CAPTCHA. CAPTCHAs require users to confirm that they are not robots in order to prove they’re a human being and not an automated script. One way to do this is to use a service like reCAPTCHA, Securimage and  Jcaptcha .
  • Block suspicious behavior. Many forums allow you to set time limits between posts, and you can often find plugins to look for excessive traffic from individual IP addresses or proxies and other activity more common to bots than human beings. For example, phpBB, Simple Machines, myBB, and many other forum platforms enable such configurations.
  • Check your forum’s top posters on a daily basis. If a user joined recently and has an excessive amount of posts, then you probably should review their profile and make sure that their posts and threads are not spammy.
  • Consider disabling some types of comments. For example, It’s a good practice to close some very old forum threads that are unlikely to get legitimate replies.
  • If you plan on not monitoring your forum going forward and users are no longer interacting with it, turning off posting completely may prevent spammers from abusing it.
  • Make good use of moderation capabilities. Consider enabling features in moderation that require users to have a certain reputation before links can be posted or where comments with links require moderation.
  • If possible, change your settings so that you disallow anonymous posting and make posts from new users require approval before they’re publicly visible.
  • Moderators, together with your friends/colleagues and some other trusted users can help you review and approve posts while spreading the workload. Keep an eye on your forum’s new users by looking on their posts and activities on your forum.
  • Consider blacklisting obviously spammy terms. Block obviously inappropriate comments with a blacklist of spammy terms (e.g. Illegal streaming or pharma related terms) . Add inappropriate and off-topic terms that are only used by spammers, learn from the spam posts that you often see on your forum or other forums. Built-in features or plugins can delete or mark comments as spam for you.
  • Use the “nofollow” attribute for links in the comment field. This will deter spammers from targeting your site. By default, many blogging sites (such as Blogger) automatically add this attribute to any posted comments.
  • Use automated systems to defend your site.  Comprehensive systems like Akismet, which has plugins for many blogs and forum systems are easy to install and do most of the work for you.

Google HTTPS Warning

Google is making some changes to protect users’ sensitive information online, and it could lead to your site being marked as non-secure by Google’s web browser at the end of this month.

Google released a warning that as of the end of January 2017, Chrome will mark sites without HTTPS as non-secure if they collect private information like passwords or credit cards.

Google #NoHacked HTTPS

“Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS.”

The company has encouraged implementing HTTPS in the past by making it a (very minor) search ranking signal. Now, from the sound of the alert, the company says an entire site will need to be HTTPS if any pages collect payment or sensitive information.

Switching over to HTTPS is an easy process, but you should begin preparing to make the switch now if your site fits the criteria. Otherwise, you are likely to be flagged as non-secure in February and lose a large amount of your web traffic.

Negative SEO alert

There’s a new malicious SEO tactic making the rounds and your Google My Business listings could easily be the victim, according to web security company Sucuri. The company says individuals are sneaking inappropriate or damaging photos into GMB listings with the intent of damaging a business’s reputation and image.

What makes this type of exploit unique, however, is that it doesn’t take any hacking skills to do. Unlike other negative SEO tactics, this specific technique does not include hosting images on a client server, malicious code, or even breaking into an account.

Ultimately, the attack is taking advantage of Google’s lax rules for uploading photos to a business’s location in Google Maps. Anyone can upload images to a business’s listing, and any of these images can be used for Knowledge Graph data about the business.

While Sucuri doesn’t have evidence of this, it is possible for a person to spam a business’s listing with lewd images and then send fake hits to them to increase their perceived popularity – all with the end goal of making sure they come up when people see your business online.

How to Protect Your Listings

Unfortunately, the nature of this type of attack makes it difficult to guard against. There is no way to limit who can upload photos to your listings or determine which image gets used in Knowledge Graphs. The best you can really do is to actively keep an eye on your listings and which photos are appearing next to your listings.

You can also watch to make sure no one is uploading inappropriate pictures to your Google My Business photos. While you can’t stop people from uploading lewd images, you can easily remove any associated with your location.

After months of testing a new verification in the San Francisco area exclusively for locksmiths and plumbers, the search engine has officially launched the “Google guaranteed” verification process.

If your business gets “Google guaranteed”, you get a special green badge next to your business in the search results – and customers get a few perks and protections through Google.

img_3099-760x1242

If you tap on any of the results, you are then taken to the home service ad specifically for that business, along with some extra details about what the Google guarantee really means:

img_3100-760x342

Tapping on Learn More goes even more in-depth, with a full page of details about what the Google guarantee covers and how it works:

”When you book an eligible home service pro on Google, you are protected by the Google guarantee. If you’re not satisfied with the work quality, Google may refund up to the amount paid for the job.”

What Businesses Need To Know

Currently, the Google guarantee is limited to just locksmiths and plumbers. This is because both industries have had recent issues with ad fraud and abusive advertising practices which Google is attempting to clean up.

There does not appear to be a public sign-up process for businesses hoping to be verified, and it is unclear what the verification process includes. However, this is likely to become more transparent as the verification process is extended nationwide.

What Customers Need To Know

To activate the Google guarantee, fill out this form before your first appointment. You can also call customer support at (844) 885-0761 to submit a claim or ask questions about your coverage.

Coverage

  • If you’re unhappy with the work performed, you can submit a claim and Google will cover the invoice amount up to a lifetime cap of $2,000.
  • The job must be booked through Google Home Services. Any future work completed by the same provider, unless booked through Home Services, is not covered.
  • Jobs completed before September 14, 2016, are not covered.
  • Currently only locksmith and plumbing jobs are covered.