I just sent this email out to my mailing list so have decided to share it here as a blog post too. See below or read the eNewsletter here:

Hi,

Hope and trust you had a great Christmas.

As many of you know we provide SEO monthly services to clients (who sign up for this service) and we also keep a sharp eye out for any security issues related to website security (and general computer security). Two issues have come to our attention this week. Both are very important so we are sending out this urgent email so you are aware of them too. Here they are:

Critical Vulnerability in PHPMailer. Affects WP Core.

We have been watching this (click here) very closely since it was announced. In the comments of the article this has been posted on the 27th:

—————-

WordPress Core Lead Developer Team statement on issue:
[Link to where it was announced]

(rough paste follows, see link for original)
The WordPress Security team is aware of the PHPMailer issues. We’ve been in contact with the author and security researchers and discussing the fixes.
Presently, WordPress Core (and as a result, anything utilising wp_mail()) are unaffected by the recent disclosures, the vulnerabilities require the usage of a PHPMailer feature which WordPress & wp_mail() does not use. This applies to WordPress 4.7, 4.6.x, and all previous secure versions.
A note on plugins: If plugins are correctly utilising wp_mail() they’ll not be affected either, however, if a plugin is doing something wrong, the plugins team will be in contact with the plugin authors.
The upcoming 4.7.1 release will contain mitigation for these issues, we’re committed to only shipping secure libraries with WordPress – regardless of whether we use the feature or not.
We don’t have any specific timing details to share at present, however the preparations for a 4.7.1 release was already underway when we learnt about the issues.

—————-

Be assured that if you are paying us at Green Valley Digital to do the Security Maintenance of your website we are watching things all the time very closely and are always taking proactive steps within your website. Some of you with complex websites like online shop sites are sometimes notified by us when we do security work on your site, some of you with simpler websites tell us you’ve seen we’ve been doing things and some of you may not even be aware we’ve done anything (stealthy ninja type stuff 🙂 ).

Unfortunately security maintenance of a website is something that affects ALL types of websites… not just WordPress. It’s unfortunate too that even though many of us in business are supposed to be on holidays atm the web/internet itself and hackers never take a break.

Quick note: If you don’t know how to professionally security update your website (without breaking your site <– which is very easy to do) feel free to contact us and ask for our ‘Security Maintenance Care Plan Rate Card’.

Please note: If you know of other people who have a website that may need security maintenance care please let them know about us (and also let us know so we can get in touch with them). You would be surprised how many people contact us after it is too late and have NO backup of their site. Their site has been hacked and now they face the challenges of paying a professional to attempt to fix it (which we can assist with via a specialist Agency in Brisbane we work with and also Sucuri who are well known internationally)…. or if it is too far gone they have to commission someone to help re-build their site from scratch.

BOTH are very costly.

As per everything,… prevention is key/ is the best option (and WAY cheaper). Once their issues are resolved (and/or as we help them through their tough time) they tend to become very loyal clients of ours btw.

Watch Out for Malicious Images in Google My Business Listings

If you own a business or manage a business you will want to read this!
Sucuri has made it known that there is a new negative SEO tactic going around which involves photos being maliciously inserted into Google My Business listings.
We all have (or should have a ‘Google My Business’ profile for our business. If you don’t or don’t know what it is send me an email. It is super important and is something people see when they search your business in Google. The issue here is that if someone (some malicious ‘so-and-so’) hacks your Google My Business profile and adds very distasteful images they may appear in Google when someone searches your business. It will PROBABLY PUT THEM OFF contacting you as these images will negatively reflect your business. This relates to topics like ‘online reputation management’ and ‘perception = reality’.

If you are one of our SEO Campaign clients (meaning you pay us a monthly fee to assist you with your SEO efforts and help monitor your activities and/or if you are one of our SEO DIY clients who we tutor (at monthly fee) we will be checking your Google My Business account today and every month from here on in.

IF YOU ARE NOT one of our monthly SEO clients then I strongly recommend you check your Google My Business account yourself (or ask us to take you on as a SEO client). I suggest doing this now and at least once every month. Please click here to read more about this and what to look out for >>

PS. Off Topic: The Christmas/New Year break is a great time to check through your website to make sure it is a great reflection of your business and all is up to date. See the below tip at the end of this email for more info.

Have a great Thursday. Have a great New Years too btw!! 🙂

Please Note: I have not properly proofread this email so please ignore/disregard any typos. I haven’t got the time to proofread it properly and don’t want to bother my proofreader atm as she is on a well earned holiday break.

PPS. Here’s a few sites we have launched in the last 5 weeks:
http://mountainhighpies.com.au/
http://www.bargaragolfclub.com.au/ <– Under the agreement with the client we provided them with a website framework and training…  and THEY then added pages, images and text themselves (with our help). We then Quality Assurance (QA) tested it before launching it.
http://www.1770fishing.com/ <– this site is exactly as our client wanted it. We launched it just before Christmas.

PPPS. If we are not already facebook friends and Instagram buddies please feel free to friend request or follow me on both.

I also post information about security and SEO (and many other things) to our business and community facebook group. If you’re not already a member please feel free to join.

Best Regards,
Jay Daniells and the Team 

Tip: It is a good idea to review your website fully every 3 – 6 months to make sure everything within your website is up to date, accurate and working well for your business. Here are some of the important things to pay attention to:

  1. Re-read the text, make sure it has no spelling errors.
  2. Check that all your latest core services and new product lines are promoted within it.
  3. Check that any discontinued services or products are no longer mentioned.
  4. Check that you are still happy with the look and feel of your website, that it is mobile optimised and that your website is not being affected by the Google Mobilegeddon update.
  5. Critique all aspects of your website including the Home page. Click here to read an article that contains some pointers on how to critique your Home page.
  6. You can and should also check and review your direct competitors’ websites to see if they have changed anything on their sites in order to make sure your site is still better than theirs. Also check to see if they have started using or are still using Google Adwords. If they are, chances are they’re getting more business from people searching Google than you. This is because of the dramatic changes Google have made to their search results pages. More people than ever before are clicking on Google Ads when doing desktop and laptop computer searches, as well as during mobile phone and tablet searches.
  7. Read through your blog articles and update sections within them if some of the info is out of date and no longer accurate. Don’t delete the blog articles, just update their text in the places where necessary and only if they need it.
  8. Make sure there are no broken links.
  9. Check that no webpages are missing or are generating an Error 404 message.
  10. Check how your webpages and blog articles look when you share them on Facebook. More info about that is here.
  11. Check every other thing you can think of to ensure your website is working and performing excellently for your business.
  12. Plan your next round of special offers, promotions and sales funnels (to be advertised using Google Adwords and Social Media) for the start of the year (once potential customers are willing to part with $’s after the Christmas spending.

The extended version of this list is here and it’s worth having a good read through it. I also recommend copying and pasting this list into your businesses processes and procedures documentation and delegate either yourself or a key and highly trusted team member to perform this task every 3 – 6 months. Pre-scheduling it year round using your preferred scheduling software tool is also a good idea.

Jay Daniells

About the Author: Jay Daniells

Jay Daniells has been doing advanced Search Engine Optimisation (SEO) work for clients since 2010. He is an SEO specialist. He first started doing SEO work in 2005. He has also been creating websites full-time since 2003. Amongst things Jay is also a graphic designer, digital marketing consultant and creative person. His focus is helping businesses, community groups, clubs, charities, organisations and other entities achieve their goals. He is the owner of Green Valley Digital.