Your site has been automatically updated to the latest version of Wordpress

Wordpress software is quite user friendly. It even provides an automatic update feature, so you don't have to think abut it at all. Pretty cool, huh?! Or is it?

I received a call from a client today who had received one of those automatic update alert from her website, which is built on Wordpress. She had decided that her son was capable of handing the simple maintenance of her site, and she was working with on on her other internet marketing and presence. He son has set Wordpress to automatically update. In the last week alone, there has been three updates.

The problem is, that the update had a conflict something else that was installed on her website and now her website wasn't working. Some pages were goobly gook and others were totally crashed.

In a panic, she called and begged hoping there was a simple fix. The answer was maybe and sort of.

I asked a very important question - "When was the last time you did a full backup of your site?"  Her answer was the key to how easily (or not) her site could be restored.  Her website had been backed up only a month ago. Good.
However, since that time her son had made several updates to plugins, changed a few settings and then set Wordpress to automatically update. Not so good. In short, her update was outdated.

She was advised that it was still possible to restore her website to that previous backup, however, any changes her son had made since that date would not be included. And she would still have to  update Wordpress.

It's not uncommon for a conflict to occur between on outdated plug in and Wordpress. It's also not uncommon for two plugins to dislike each other. Some developers never update their plugin or offer support once it's been released.

Putting her site back online also meant she needed to troubleshoot what may have caused the conflict so it didn't happen again.

Fortunately for her we were able to get her back online in a few hours and our regular rush fee. The glitch was a conflict between an outdated plugin and the new version of Wordpress.  All it takes is one line of code to cause a conflict.  We found a few other questionable areas in the code of her old theme (we didn't design) that also prevent her site from converting well on mobile devices. That's an entirely different fix.

It's all good for her now. Her son now knows that although automatic updates can be convenient, they can also be costly.  He will be doing more backups now.

Your website is your brand online.  Regardless of how someone may have heard of your, they will attempt to learn more about you from your online presence.

 For assistance, training or consultation with your internet presence, call 800-569-8279

FBI warns, Wordpress sites are a target for malicious code and hackers

On April 7, 2015 The FBI issued a warning "Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). 

WordPress hacking is not new. WordPress is attractive to hackers simply by virtue of being so popular. Over 60% of websites are build on a WordPress platform.

You need to know

If you delegate the management of your website to a company or person outside of your firm, you may not be aware of how much protection you have or need, and if you are getting it. If you are the one who is doing the work on a WordPress platform, you are aware of how many times a plug-in or theme needs an update. If you are running security software on your site, you may also see how many times an attempted hack has been thwarted, If you are not running security software on your site, you are simply opening yourself up to trouble.

Having an old, updated site is not only bad for marketing, it is critically dangerous to the security of your site.

Your site is not too small to be hacked

Although you may think your site is too small or not a target, if you are hacked it is disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected  websites and computer systems.

Keeping your site secure may seem complex and tedious, however, it is important to take consistent measure to keep your site and your visitors safe.

The solution:
1. Check your site daily and update themes, plugin's and software
2. Use an administrative log-in other than "Admin"
3. Use strong passwords and change them often
4. Install and keep updated security software on your computer and your website
5. Use a plug-in that limits the amount of log-ins
6. Keep your plug-ins updated.
7. Be proactive about protecting your website
8. Make sure the computers you use are free of spyware, malware, and virus infections.
9. Always keep your operating system and the software on it, especially your web browser, up to date to protect you from security vulnerabilities.
10. Make sure you are running secure, stable versions of your web server and the software on it.
11. Update the firewall rules on your router.
12. Be careful about what networks you work from, ie: free WIFi is NOT secure and neither are the passwords you use when using these free networks. If you get infected or hacked when using free WiFi, you can carry this infection back to your basic home or work computers.
13.Work with a competent web management person or firm who will stay on top of all this for you..

Read the complete FBI announcement here: ISIL DEFACEMENTS EXPLOITING WORDPRESS VULNERABILITIES

Other suggestions from WordPress on how to "harden" your Wordpress Site.

Regardless of the size of your law firm, or your website, your site could be vulnerable. This may be the time to take a deep interest in your site security as a general approach to helping protect your site visitors and your investment.

 For assistance, training or consultation with your internet presence, call 800-569-8279

Are Your Site Visitors Safe?

Forbes discovered on December 1, 2014 that on November 28th a file had been modified on a system related to the Forbes website.

Two research firms involved,  detected and attributed the attack to the Chinese. They describe the attack as using multiple zero day vulnerabilities.

 The hackers tinkered with the Adobe Flash widget that delivers the Thought of the Day page that visitors to Forbes.com are taken to when they visit the site. The attackers did this to send specially-chosen visitors to a hacker-controlled site that would serve up an exploit against a zero-day vulnerability in Flash and, if it was needed, another flaw in Microsoft Internet Explorer.

Malware that sought to acquire basic system information from victims’ machines could then potentially have been downloaded on targets’ systems. The malware would attempt to download itself after visitors hit the Forbes.com site.

Forbes describe the attack as: “Anyone who was running on any Windows OS above XP and using browsers other than Internet Explorer should have been safe, though targets using other systems could have been affected.”

 There haven’t been any reported cases of successful exploitation, though they could exist.

 How secure is your site from hackers?

 Regardless of the size of your law firm, or your website, your site could be vulnerable. This may be the time to take a deep interest in your site security as a general approach to helping protect your site visitors and your investment.


For assistance, training or consultation with your internet marketing, call 800-569-8279

Is your site Mobile Friendly? If not - you are losing clients!

What does it mean for a site to be mobile friendly? The top three things are:
1.) Test that can be read without having to scroll
2.) Images that automatically resize
3.) No Flash software use.

As mobile devices are fast becoming the #1 method of accessing the internet, Google has started to send emails to non-mobile website owners to advise them that it't time for a facelift, if not a full redesign. Just because you think your site is attractive,doesn't mean that Google agrees.

An email from Google seen below:

 Some people found out by accident, or are still in the dark, because this notice is usually sent to the webmaster of the site.

Visit your own website on the internet. Do you have to scroll to read the test? Go through each page. How easy is it to read by someone who doesn't know what it should be saying?

A website that hasn't been redesigned for over 4 years is not only out of date in design, it is out of date in functionality - two things that hurt your SEO and potential new clients.

If your website is not delivering the results you need or it's in need of a face-lift to become mobile friendly, let's talk. Click to email us.   We'll listen first to your goals, research your Internet presence and provide our solutions to meet your unique objectives.

Don't plan to do everything, rather - do what's best for your firm

You can have the best looking, snazzy website; and all the social media sites, plus you can be blogging and posting everyday….however, unless you engage your audience, your target market , it can be compared to being the best attorney, with the best case preparation, all the best trial exhibits and pleading your case in an empty courtroom.

Social has become an integral part of an organization’s digital marketing mix. To do this well, you need to strategize an ongoing plan, one that creates relevant and personalized social activity and one where you can do real-time optimization.

It is not a plan of ‘doing everything’ in digital marketing because it’s there, but rather ‘do what’s best’ for your firm.

As with any marketing approach, you must first determine why you want to use social media for and what you hope it will do for you.

The Internet is impersonal, and can support or wreak havoc on your image,  your brand.
When done correctly it can:

• Give exposure to your experience and expertise
• Support your reputation 
• Showcase your testimonials
• Fit easily into your marketing mix
• Fit well into time management.
• Provide a flexible and changeable message
• Low cost or free*
•  Level the playing field

Your website should be your Hub, to go-to place to find information about you, your areas of practice, your wins, etc. Social Media post should be engaging, sending people to your website regularly.

Your marketing messages need to "speak to" your target audience - referring attorneys and potential clients, keeping in mind that opposing counsel and jurors will also find this information.


For assistance, training or consultation with your internet marketing, call 800-569-8279 

IS YOUR WEBSITE COMPLIANT WITH THE LAW?

Some industries have specific rules they must adhere to for all their advertising and marketing, both offline and online.  The Healthcare industry has specific marketing regulations, codes and guidelines. Lawyers and legal associations must follow Bar Rules. In California,  this includes Rule I-400.

Any website, blog , internet site or application (app)  that wants to stay in good standing with search engines, must follow their specific terms and conditions. The two largest, Google and Yahoo, have these webmaster guidelines prominently posted, updated and available.

There are also State and Federal laws governing how ALL websites must behave to insure the privacy of their visitors.  There are additional laws (below) that are specific to protect the privacy of children. The following list does not cover all the internet privacy laws currently in force, or being proposed. You are advised to be knowledgeable of the laws that apply to your business – Federal, State and your specific industry.

• CALIFORNIA – Online Privacy Protection Act of 2003 – California Business and Professions Code sections 22575-22579. This law requires operators of commercial web sites or online services that collect personal information on California residents through a web site to conspicuously post a privacy policy on the site and to comply with its policy. The privacy policy must, among other things, identify the categories of personally identifiable information collected about site visitors and the categories of third parties with whom the operator may share the information. The privacy policy must also provide information on the operator’s online tracking practices. An operator is in violation for failure to post a policy within 30 days of being notified of noncompliance, or if the operator either knowingly and willfully or negligently and materially fails to comply with the provisions of its policy. This law takes effect July 1, 2004.

• Assembly Bill No. 370 (AB 370) amends Section 22575 of the state’s Business and Professions Code. Section 22575 requires the operator of a website that collects personally identifiable information on consumers residing in California who use or visit the site to conspicuously post its privacy policy on the site.  (The operator of an online service must make its privacy policy available by any reasonable accessible means.) As amended by AB 370, Section 22575 requires such an operator to include in its privacy policy a description of how the operator responds to do-not-track settings in consumers’ browsers. The law describes such settings as “signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services.” An operator can satisfy the new requirement “by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.” The law also requires an operator to disclose in its privacy policy whether, when a consumer uses the operator’s website or service, other parties can collect personally identifiable information about a consumer’s online activities “over time and across different Web sites.”

• CALIFORNIA NON PROFIT COMPANIES – California Ed. Code § 99122
  Requires private nonprofit or for-profit postsecondary educational institutions to post a social media privacy policy on the institution’s Internet Web site

• CONNECTICUT Gen. Stat. § 42-471
  Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be “publicly displayed” by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.

ADDITIONAL LAWS TO PROTECT CHILDREN’S PRIVACY

• Children’s Online Privacy Protection Rule (“COPPA”). COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

• Calif. Bus. & Prof. Code §§ 22580-22582 (2013 S.B. 568, Chapter 336) (Effective 1/1/2015.)
  California’s Privacy Rights for California Minors in the Digital World Act, also called the “eraser” bill, will permit minors to remove, or to request and obtain removal of, content or information posted on an Internet Web site, online service, online application, or mobile application. It also prohibits an operator of a Web site or online service directed to minors from marketing or advertising to minors specified products or services that minors are legally prohibited from buying. The law also will prohibit marketing or advertising certain products based on personal information specific to a minor or knowingly using, disclosing, compiling, or allowing a third party to do so.

Laws regarding making false and misleading statements in website Privacy Policies

• NEBRASKA  Nebraska Stat. § 87-302(14)
  Nebraska prohibits knowingly making a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.

• PENNSYLVANIA 18 Pa. C.S.A. § 4107(a)(10)
  Pennsylvania includes false and misleading statements in privacy policies published on Web sites or otherwise distributed in its deceptive or fraudulent business practices statute.

Your privacy policy should be specific to  your website, blog, app, etc. and not simply copy of someone else’s. Your privacy policy should be as unique and specific as your business.

Is your website compliant? Contact us to discuss your specific industry website, your goals and needs. Click to e-mail us or call 800-569-8279

Additional Resources:

SBA and Privacy Policy
FTC
Cal Gov
FTC Privacy and Security

THEY SAID WHAT ABOUT ME!?....Your Internet Reputation

Your day was progressing as usual and then you discovered a scathing review that someone left about you on the internet.

It used to be that disgruntled clients would leave your office, complain to a few friends and family; maybe write you a nasty letter, and then they simply moved on with their lives.

Not so today. The internet has opened new and dangerous venues for vocalizing complaints, right or wrong.

Recently, a client called, very upset, that one of his previous clients from over a year ago had just posted a flaming negative review on Yelp. My client knew that every thing that was written online was fabricated and incorrect, but what could he do. Suing someone for defamation is a difficult road.  A week later, another client called with the same problem. 

Both clients' initial response was to write a long reply defending themselves and their firm. Fortunately, they talked to me first.

WHAT NOT TO DO:

1.) Don't panic. Seldom can you think clearly when you are angry and in a panic.

2.) Do not attempt to defend yourself in a posted response. You will lose! Defending yourself, you will provide more information for your reviewer to attack; then  you will defend again,and the reviewer will attack your defense, and so on and so on...... you will lose!

3.) Do not break client/attorney privilege by writing anything about the case.  Not only will this give the reviewer something else to attack, you have now provided them something to take to the state bar.

4.) Do not attack the credibility of the poster. This is not a courtroom and it quickly becomes your word against theirs. Most times, you will lose! 

5.) Do not write a advertising type review of yourself; citing how all of your clients are happy with your work, etc. In your haste to defend yourself,  you may unintentionally violate Rule 400.

6.) Do not respond as a victim. What you write will remain on the internet for future clients to find. Broadcasting yourself a victim may interfere with your brand as a competent attorney.

7.) Do not ignore it and hope it will go away. A negative post without a response may be the one result a searcher will find.

8.) Do not continue clicking on the link, or send it to friends to read. What assists search results to stay at the top of results is their popularity. The more clicks - the longer the life of the link.

9.) Do not ask others to immediately post on this review, or respond to the poster of the review. Positive reviews all posted immediately after the negative review, posted on the same day, near the same time and worded similar will appear manipulated and dishonest.

Removing or reducing the impact of your negative reviews is best achieved when following a strategic plan.

WHAT TO DO:

1.) Take a breath.

2.) Write our your response in a word document, and set it aside for a day. 

3.) Make a plan to ask colleagues and clients to post positive reviews on several OTHER sites, including your firm website, over a few weeks span, without any reference to the negative site.

4.) Claim your profile on this site, if possible, to respond appropriately in proper time. Build this profile with the same focus as your website.

5.) When you feel you are ready to respond to the review, have what you intend to post reviewed by someone who understands Rule 400, client/attorney privilege and Public Relations, in order to make sure your response is appropriate and places you in the best light possible.

6.) Submit a request to the search engines to de-index the offending site/page. Be prepared to explain why it should be removed from the database. Your request should be as carefully worded as your direct response to the post. In some cases, you can ask the specific site to remove a post. Revenge sites are another matter. They have sprung up with the intention to give people a platform to say anything. They have shown to be unreceptive regarding removing negative posts. In those cases, your strategy needs to be one to drown the bad review with  a strong plan of positive actions and reviews.

7.) Post positive reviews on your website. Update the content on your website so it continues to be fresh and current for the search algorithms.

8.) Take advantage of free attorney profiles on legitimate 3rd party sites to build your brand and acquire positive reviews.

9.) Be active on legal websites where you can answer legal questions and showcase your expertise.

All that being said, some negative reviews can be a support to your image. All 5 star, glowing reviews can appear disingenuous.

Another Big DO: Stay on top of your internet reputation. Do not simply trust a Google Alert to keep you informed. Google and Yahoo have their separate and sometimes similar database so you may not see everything that is on the internet about you. I recommend using Dogpile.com , Mamma.com or zabasearch.com. These mega search engines aggregate and organize the web's content from several of the leading search engines.

These are only the top tips on what you should and should not do. Your internet strategy should contain additional actions. All that being said - when in doubt - call me.


For assistance, training or consultation with your internet marketing, call 800-569-8279 or email me through this link