The other day, I got a phone call from a gentleman who had become manager of a brick-and-mortar retail business with a website. The site had been set up before his arrival and he had been given little information about it. But for over a month, customers have been calling him to tell him that his website has a virus. I could feel the frustration and pain in his voice.
When customers visit his URL they get a message similar to the one above. That’s a big DO NOT ENTER sign saying that the site may have malware or a virus. Well, you can imagine what this would do to your business.
The designer has not taken care of the problem in over a month, nor is he returning phone calls or e-mails. The caller asked: Can I either fix the site or create a new one?
First I did a little bit of research to see what the problem might be. In a nutshell, this is what I told him:
“Your site has a malware notice because… the shared hosting you are on has been found to distribute viruses. It does not appear that your site has distributed anything in the last 90 days (maybe because no one clicked on it though!). This is because the host [note — a cheapie host I have never heard of…not a good sign especially since this business takes credit cards online] is not following security protocol or updating their servers. I googled some more and found this to be a common problem with [above-referenced cheapie host].”
In other words, Google thinks that this site is in a bad neighborhood.
Now, I can understand that if Google has flagged you with malware, this flag may not be removed a speedy manner. However, if this has indeed gone on for more than a month, the designer should have by now either gotten resolution from the hosting company, or moved the website to another host.
I also told the manager that the domain name the previous designer had chosen was a bit odd, and gave him a link to to register the better one that was (fortunately) available.
He said “You have just given me more information in 15 minutes than this guy has given me in over a month.”
I visited the website of the designer (someone I had never heard of) and it is a hot mess, to say the least. It was clear to me that this person is not a professional.
If I proceed with this project, I hope I can get the log-in to the domain name registration (that’s the great database in the sky that says you own your “address” on the web, i.e. sheepboutique.com). I can set up a new site on a new host, simply point the old domain to the new (better) name, and he won’t lose any more business.
However, I am afraid the previous designer may have registered the domain. Since he is uncooperative now, if he has not already provided client the log-in for his domain name (or if the client cannot locate it), we may not be able to kill the old site and redirect it to the new one.
How to keep this from happening to you….
1) If you are thinking of setting up a website, go to a site like register.com, and grab the domain if it’s available. Pay the $10/year or so yourself, put it in your name, and own the log-in info. Please do not buy a hosting plan yet (that’s the place where your site actually lives — it typically costs about $100/year) — let your designer choose the most appropriate plan for your business.
Unlike some designers, I give my clients the “car keys.” That way if the worst happens to me, the client is not left in the lurch. Also if my credit card is compromised and I have to get a new number, I am not changing billing information for an entire client base at risk of having their sites go down for non-payment.
2) Hire a professional designer. Please read my rant on this. Is he or she involved in the community? Don’t just go by how supposed past projects’ sites look. Get references and contact them. Don’t make a decision based on price alone. Get a complete proposal that details exactly what is included and what is not.
3) If your designer has a hosting company preference, use it. Actually if he or she does not have a preference, it’s probably not a great idea to use that designer! Don’t use the cheapest host because the support and security precautions may not be there.
Whether this manager hires me or someone else, I sincerely hope that he gets the professional support he needs to run his business.
…and now the rest of the story….
The company hired us. Once I got the login to the previous site, I was able to see that the website had been compromised with redirects to spammy websites based in other countries. We created a new website on a new host. Google removed the malware flag within just a few days of my notifying them, and killing off the site that had been compromised.
The customer is happy, their customers are happy, and I have gone on to do other projects for them.