Red Kite Creative

Security

Did Your Site Get Blacklisted by Norton Safe Web?

by

One of my sites was blacklisted by Norton Safe Web last week. A client’s site was blacklisted two days after launch. Both have no malware and are not blacklisted anywhere else – a sure sign that Norton is doing something very different than all the other blacklisting services.

Here’s how Norton describes their ‘service.’ While I’m sure there are legitimate flaggings going on, the only ones I’ve encountered so far are not. Sucuri confirms that Norton is sending out ‘false positives’ in a chat I had with them today:

‘Regarding the Norton blacklist alert, Norton systems have been flagging a lot of false positives lately.’

One of my clients first reported this problem about about a month ago. Despite not being on any other blacklist, and having her site cleaned by Sucuri repeatedly and verified to have no malware whatsoever, she remains on Norton’s blacklist. Here’s what her site profile on Norton Safe Web says:

‘This is a known dangerous web page. It is highly recommended that you do NOT visit this page. The threat categorization is not complete & details will be added soon.’

So if your site is blacklisted by Norton and a potential customer is running some form of Norton’s security software, when they visit your site they will see a warning like the one above. They will most likely choose to avoid your business as a result.

Improperly flagging a site without due process can harm the business and doesn’t help anyone except Norton. No one should blacklist without due process, and unless they offer a reasonably fast and easy removal process for improperly flagged sites.

Here are the steps required to request (but not necessarily receive) a review from Norton to get your site off their list.

1. When you go to their report for your site you’ll see the link for ‘Site Owner? Click Here.’

2. You’ll see a menu of choices. If you click on ‘Do you think your web site’s rating is inaccurate,’ you’ll see this: ‘Please note that your site needs to be registered and site ownership verified to get the site re-evaluated.’ It goes on to say:

If you feel that your Web site has been given a rating by Norton Safe Web that is inaccurate, you can easily request a re-evaluation following these steps:

  1. Sign in to your Norton Safe Web account.
  2. On the “site dispute” tab, click the “Re-evaluate my site” link next to your Web site name. You can raise your concerns and issues regarding content on your Web site here.

The “site dispute” tab lists any threats detected on your site. You must remove these threats from your site.

3. You are required to sign up for NortonLifeLock and join their Safe Web community and create a display name.

LifeLock is an identity protection company that many of us were signed up for in the wake of the credit reporting agencies’ personal information theft debacle. If you were one of those signed up and later tried to leave LifeLock, you know that they make it extremely difficult, time-consuming, and onerous to remove yourself from their services.

4. When you go back to your site’s report page, you can click on Add Site under Site Dispute and then will have to verify that you actually own it. To do this you’ll have to either upload the supplied HTML file to your site or add a meta tag to your site header. I chose to get the HTML file, but I don’t think it matters which one you do.

5. Once you do one of the above (HTML file or meta tag) click ‘Verify Now.’ During this step, I got this message: ‘The Norton Safe Web site is unavailable. Please try again later.’

…..

6. When I could see the profile page again my site was verified. Click on ‘re-evaluate my site.’

7. You’ll see that the language is broken, looks like a scam email rather than a legitimate company: ‘Please provide re-evaluation reason for each reported threats and proceed to click on Submit button.’  There was no space to provide any reasons or comments, at least not for my submission.

8. After you click the Submit button you should see your site and a ‘re-evaluation in progress’ message under Status.

That’s it for now – I’ll report back when I get a response.

EDIT: An email from Norton says it takes 2 weeks for a re-evaluation. Don’t hold your breath – one of my colleagues has had a clean site blacklisted for 9 months – 3 attempts to contact Norton have been met with complete silence.

If you work with Sucuri (recommended if you know you have a legitimate malware issue, they are great) they submit a request to all blacklisting databases once their cleanup work is complete. But my client has been on Norton’s list for almost a month now. Even Sucuri is having problems getting false positives removed from Norton Safe Web, it seems.

Also – Norton began sending me ads the day after I registered on their site to request removal.

Weekly Links Roundup – Podcasting Mics, WordPress Updates, Social Media Marketing

by

The top website and online marketing links of the week.

Thinking about starting a podcast? Or already doing one, but need to upgrade your gear? Here’s a review of the top 10 podcast microphones and some reasons to justify getting one!

Do you keep your WordPress website up to date? A recent study showed that only 36% of WordPress users have the latest version of the core software installed. That’s a big security problem. Did you know that the WordPress folks publish the details about the reasons for each update they publish in their changelog? That makes it easy for everyone (including hackers) to learn about the vulnerabilities in old versions of the software. Here’s an example of that from May 2019. So if you’re not up to date, hackers have a roadmap to exploiting your website.

(If you need help with updates (as well as backups, security, high-quality hosting and much more) sign up for one of our WordPress Care Plans and get 10% off any monthly plan when you sign up in March with coupon code O1485GNVFH.)

If you’re thinking about getting started with social media marketing, you may be feeling a bit overwhelmed. Where do you begin? That’s a great question and here’s a post that tries to answer it. Start with a clear goal (get people to see your products; share promotions; show how customers love your services) and then think about the content types you want to share. The social media platform(s) you choose to concentrate on must fit with your brand, what you want to publish, and what your customers are using. This is a great article for starting out!

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

Weekly Links Roundup – Great Photos, Free Stock Photos, CCPA Compliance

by

The top website and online marketing links of the week.

Are you a stickler for great imagery on your website to show off your products or services to the max? Or is it just one of those things that doesn’t get a lot of attention – you either have little imagery or use photos you took on your phone? Whichever camp you’re in, the quality of your site images says a lot about your business. Learn why having great images is so important to giving a professional impression to your customers and how high-quality photos improve your credibility.

To follow up, here’s a review of 10 sources for free stock photos that have pretty good variety in their collections.

By now, you’re likely very familiar with GDPR (the European regulations that improve consumer privacy and control over personal information). Now we have the CCPA, the California Consumer Protection Act. CCPA is similar to GDPR but compliance will require you make some additional changes in your website, especially if you have customers in CA.

Many smaller business will not be impacted because they don’t meet at least one of the thresholds, which are:

  • annual gross revenues of $25 million;
  • annually buy, sell, receive, or share for commercial purposes the personal information of 50,000 or more consumers, households, or devices; or
  • derive 50 percent or more of its annual revenues from selling consumers’ personal information.

However, it’s still a good idea to get familiar with the new regulations because we’ll likely see more of these in the future. Learn how to make your WordPress site comply with CCPA.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

Weekly Links Roundup – Banner Ads, Blogging Ideas, VPN, Favicons

by

The top website and online marketing links of the week.

Don’t know if you noticed, but if you logged in to your WordPress site in the last day or two and are using Yoast SEO, you would have seen a great big irritating animated banner advertising Yoast’s black Friday sale. There were so many complaints and so much pushback, they actually apologized and released a new version of Yoast SEO minus the ad. (WP Minder users, you’ll get this update on Monday!). Please think about the impact banners and popups have on your users, this one is a good example of being pushy.

Next… Do you ever draw a blank when trying to come up with something to blog about? It can be hard sometimes… Here’s one of those posts that might help: 25 blog post ideas for when you’re stuck. This tool looks interesting, I’ll be trying it myself: Answer the Public.

Do you work on your website in public – at coffee shops or other locations with free wifi? If you do, you really should be protecting yourself by using a VPN (virtual private network). If your site uses SSL (it has an https address) that’s great, because it means your connection to the site is encrypted. But if not, a VPN is in order. It will act as a middleman to protect you from security problems on the free wifi network, where it’s frighteningly easy for hackers to watch your activity and gain access to your site. Learn about three VPN options for WordPress users.

Finally – all about favicons. What they are, why they matter so much. What’s the easiest way to get your favicon into your WordPress site? This plugin by RealFaviconGenerator.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

Weekly Links Roundup – Old Redirects, Nonprofit Sites, Calls to Action, Hacked Sites

by

The top website and online marketing links of the week.

When is it safe to remove old redirects within your site? The answer may surprise you – it could be ‘never.’ Learn how to judge if it’s okay to remove that old redirect or not.

Do you have a nonprofit website? If you do, this post is for you! Read about the 10 features every nonprofit site should have, including:

  • Ways to donate or become a supporting member
  • Members-only content
  • Clear calls-to-action to get people to join or donate
  • If you recruit volunteers, easy access to volunteer info

Check out the linked post for more ideas for your nonprofit site.

And speaking of calls-to-action, how do you know if yours are as effective as they can be? Read this guide to the best calls-to-action for your target audience.

If your WordPress website got hacked, how would you know? This infographic shows you 7 key signs of a hacked site. If you need help keeping your site secure, please get in touch! Prevention is almost always less expensive than recovering from a hack.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

Weekly Links Roundup – Site Speed, Product Pages, Contact Pages, WordPress Security Myths

by

The top website and online marketing links of the week.

You know your website is slow. It’s always been like that. But do you really understand what that slow site could be costing you in terms of customers and conversions? A recent report shows that 70% of buyers are influence by a site’s page loading time. The average site loads in about 15 seconds – but a number of studies show that the majority of online shoppers will leave a site if they have to wait more than 3 seconds. If you need help making your site faster, check out our Performance Optimization service or get in touch with questions.

Learn how to take your product pages to the next level with this great post on design elements to make product pages soar. Start with inviting, high-quality photography – this is really critical – and then polish your text descriptions to make your product seem irresistable. Be sure to have a clear call-to-action (Add to Cart) and don’t pack the page with too much information. Never get in the customer’s way!

Here are tips for making an effective contact page – including having a contact form (form submissions are something you can measure in Analytics). But don’t make your form too long – studies show that the more questions you ask, the less likely people will fill it out (that’s really true for general contact forms, and doesn’t necessarily apply to all types of forms).

Finally… it’s always fun to debunk WordPress security risks, and here are the top 5 for this week. WordPress is no more or less secure than other online platforms. The biggest security problem for a WordPress site is the negligent site owner who fails to keep plugins, themes and WordPress updated, making their site a prime target for hackers. Don’t be that person! Be better and keep your site safe.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.