GDPR: What’s All the Fuss, it Doesn’t Affect Me, Right?

The short answer is–WRONG, you are more likely to be affected than not!

Be forewarned, this is a lengthy post…but since the GDPR has weighty consequences, it deserves it–and there is no hiding from it!

no hiding from GDPR

My Business is US Based so GDPR is Irrelevant

You live in the US, and your business is based in the US. You don’t market to people in other countries. So you may be thinking, understandably so, that you don’t have to worry about GDPR.

Sadly, you would be wrong. red buzzer equals GDPR wrong answer

My personal disclaimer: Let me start off by saying, I am not a lawyer.  I never even played one on television. So, after reading this you have legal-type questions, please contact your attorney.


OK, not that that is over with, let’s start off with what GDPR is, because since you probably thought it didn’t affect you, you might have glossed over it.

What is GDPR?

GDPR stands for the General Data Protection Regulation.

It is law that was passed by the European Union (EU), but don’t let that stop you—because, believe it or not, it just might impact your business.

(If after reading this post, you want more info, you can go to the European Commission’s Principles of the GDPR.)

Just Whose Data is Being Protected?

OK, so the law is about Data Protection, but what data and whose? European Economic Area

The regulation is intended to protect individuals who live in the European Economic Area (EEA)*.

It gives people some protection and control over what personal information is collected by businesses online, and how it is stored and used.

Notice that we said ‘individuals who live in’ not citizens.

What Data is Protected

“Personal Data” is the term they use, but what does that really mean?

Some things that are protected are fairly obviously, like a person’s name, address, email address, credit card information and the like.

But this regulation also covers things that can identify an individual “indirectly.”

That would be things like a person’s IP address, because that IP address actually identifies every computer. IP stands for Internet Protocol. And an IP address is a unique string of numbers. That number is linked to everything you do online. You don’t have control over your IP address, so there’s no need to memorize it.

A person’s IP address, unlike their home address, changes. The address is assigned by your Internet service provider. If you are using a different network (like when you’re surfing the web while waiting for your car to be washed, or checking your email from your remote office, AKA the local coffee shop), you will be assigned a different IP address. Even at home your IP address can, and frequently does change.

(Click to read more about IP addresses)

What Businesses does GDPR Apply to:

The GDPR applies to ‘Data Controllers’ and ‘Data Processors

Data Controller: someone/entity that determines if you will collect data and what data you will collect.

Data Processor: the entity or application that processes or stores the data on behalf of a controller.

Most internet marketers are therefore Data Controllers. Some may also be processors, but most will probably engage other entities or applications as data processors.

red buzzer equals GDPR wrong answerMy Business is Small, Surely I’m Exempt

Wrong Answer. Size doesn’t matter if you collect or process personal data,

But I Don’t Target Europeans

Unfortunately, your intentions don’t actually seem to matter. This is about the end-user’s location, not you or your business.

Non-EU based businesses are required to comply with the GDPR if that business “collects or processes” any EU residents’ personal data.

I Don’t Charge Anything on My Site, So I’m Good  GDPR is in effect whether you charge money or not

Wrong, again. There is no requirement under the GDPR that money must change hands.

When Does it Go into Effect?

May 25, 2018

Why is this Happening?

Let’s face it, people are pretty pissed off that some of the big businesses have collected our personal data and abused it.

woman angry at how personal data was used

Those big guys have the staffing, the lawyers, and the bucks to cover their bases. Good for the consumer, but it still leaves smaller businesses with a huge burden to protect people—even though they never abused anyone’s info in the first place.

Penalties and Enforcement

The fines for not complying a pretty hefty: up to 4% of a company’s global turnover. The exact amount would be determined based on how bad the violation was.

How this regulation will be, well, regulated, and enforced is not clear.

What Do I Need to Do to be Compliant?

GDPR compliance checklist

This regulation may require you make some significant changes on how you obtain consent, who you collect and store personal data, and your disclosures.

Consent: you must obtain “explicit consent” before you collect personal data from an EU resident. Consent must be voluntary, specific, informed and unambiguous.

That means a several things to marketers

  • You can’t pre-tick boxes for people, or presume that by using your site someone agrees. You must require they take an action in order to agree.
  • The language has got to be clear and understandable. And it can’t be buried in a bunch of legalize—it needs to actually be separate from other terms and conditions.
  • You must specify what data you are collecting or processing and what will be done with that data.
  • You must identify any third-party controllers or processors that will be using that data
  • You must explain how a person can later withdraw their consent
  • You should avoid making consent a precondition of service
  • You must keep records of the consent (even if this wasn’t required, you would want to do this, because it would be how you would defend yourself should the need ever arise.)
  • If you will use data for more than one purpose, you must inform the user of each use and allow them to accept or reject each use individually.
  • Parental approval is needed before collecting data on children under the age of 16

What Data Do You Collect?

businesses collect and store personal data

Start by figuring out what data you actually collect.

Ex: Names, email address, IP address, mailing address, payment info

Where did that data come from?

Ex: an opt-in form, Google Analytics, a comment area, a contact us page

Do you share that data with anyone?

Ex: email client, credit card processing company, website hosting company, a cloud storage server, a company that you are an affiliate for, a company that serves of personalized information (such as retargeting ads) on your website

Do you currently have any data on an EEA resident?

If you do, did you get ‘explicit consent’ or do you need to do that now?

Change Your Privacy Policy GDPR requires security of personal data

Make sure your privacy policy is up to date and addresses the GDPR. You have probably been getting a lot of emails from businesses about their updated privacy policies. You might take a look at those to see how they are handling it.

In the privacy policy you should disclose the data you collect and how it is used, and if you share it with anyone. Also include how a person can rescind their permission.

Keep in mind, the privacy policy is important, but it is NOT in place of getting informed consent.

Change How You Get Consent

Once you know what data you collect and how it is used, you can now create forms, opt-in boxes, etc that lay it all out there.

Allow the user to check one, several, all, or none of the boxes giving consent accordingly.

Be Sure to Check These Easily Overlooked Areas of Your Site/Business often overlooked areas affected by GDPR

Analytics: Most marketers use some sort of analytics in order to determine where their traffic is coming from, and how well their efforts are working. The GDPR doesn’t mean that you cannot do this, but you may have to make a few tweaks

GDPR cookie consent example

to your collection.

You can make the data anonymous (including not tracking IP addresses) before it is stored or processed.

OR you can add an overlay to the site that 1) gives notice that your site uses cookies, 2) what the cookies are used for and 3) requires the user to take an action to give consent prior to entering your site.

Here is an example of an overlay that gives informed consent about the use of cookies. This example is from the UK’s Information Commissioner’s Office, page on GDPR FAQs for small organisations (sic)

Tracking Pixels, Retargeting Ads: If you use retargeting ads, you must inform users when they enter your site and obtain informed consent before they enter your site. This includes using Facebook’s tracking pixel.

Sponsored or Guest Content: anyone who publishes content (editorial or advertising) on your site must also be GDPR compliant. So check it out before you publish.

Email Lists: Have a checkbox (unticked) that the visitor must check to indicate consent. Your opt-in form may have several checkboxes.

If you use tracking pixels in your email campaigns (commonly used to see if/when someone opens an email) you must list that expressly before they subscribe to your list.

Your email service provider should give you the tools you need in order for your emails to be GDPR compliant—but it will be up to you to use the tools.

Affiliate Links: Get consent for cookies—it can be on a post, a page, or an overlay, but it must be before a website visitor clicks the actual affiliate link.

Display Ads: If your site displays ads from a third-party, you must get consent from site visitors immediately—before they actually enter your site. The consent might be that this third-party is colleting data for advertising and marketing purposes, but if they gather data for more personalized targeting that should be specified.

GDPR and contact forms

Contact Forms: Hey, we think it should be self-evident that if a person is requesting you contact them that they are giving permission for you to collect their data. But, apparently it isn’t. Are you storing the data? How will it be used? What data are you collecting and why? Bottom line, include the disclaimer and get explicit consent.

Website Plugins: If your website uses plugins, it is your responsibility to ensure that the plugin developers are also GDPR compliant. The good news is that’s guidelines prohibit approved plugins (on the directory) from tracking users without their clear consent. Keep in mind however, that just because a plugin WAS on the directory when you installed it, it doesn’t mean that it STILL is.

Webinars: If you are a guest on a webinar or other web-based event, be sure that your host is using GDPR compliant tools. If you are the host, and you share your data with a guest, you must ensure that the guest is GDPR compliant.

Live Events: GDPR is not strictly for web events. If you attend a live event and collect data, you still must follow the GDPR.

Other Marketing Efforts: do you have or buy a list for mailing, phoning, or email marketing? Those all fall under the jurisdiction of the GDPR as well.

Security: Keep in mind that everything you have done to protect data in the past is also affected by the GDPR. This includes, but is not limited to off-line storage (do you back up to a different hard drive, or to a thumbdrive or CD?), malware protection software, cyber security software…

Help Managing GDPR GDPR compliance help

There are some checklists that can help you make sure you are in compliance, and if not, the steps you need to take in order to get there. Check out these at and you might want to check out their 12 steps to take now info here.

Plugins: There are WordPress plugins that are touted as being able to help businesses manage data and be GDPR compliant. We are not, at this time, vouching for any specifically.

Email: contact your email service provider to be sure they offer the tools you need

Hosting company: check with your webhost to be sure they are GDPR compliant

Forms: if you use any kind of forms, check with that provider to be sure they are GDPR compliant

Storage: where do you store data? Is it GDPR compliant?

Final Thoughts on GDPR

GDPR and future for business

Quick recap: any business, even those based in the USA, must obtain explicit consent from any resident of the EEA prior to collecting any data that could identify them, either directly or indirectly.

Although the GDPR is an EU regulation, it wouldn’t surprise us if something similar comes down from other countries. So, if you decide you are not going to protect data now, you may be required to do so in the future.

We pulled information from a variety of sources for this post in order to better understand the ramifications of the GDPR for us, our clients, and readers. This is not necessarily the ‘final word’ on the topic, and there are many other sources of information that may provide similar info and advice—or advice that contradicts our conclusions. We cannot tell every business owner what is right for their business; this is general information that should help you make an informed decision about what your next step(s) should be.

*Residents of the following Countries Covered by the GDPR: The EEA includes all countries in the EU (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK—at least for now), and also includes Norway, Iceland, and Liechtenstein. Switzerland’s residents may, or may not be covered, that is unclear.

Map of the European Economic Area from Wikipedia

Clearly Communicate Requests with Designers

Designers are used to getting Requests from Clients, but…

designer submits original concept to client

Clients beware–you might just get what you asked for. Which isn’t necessarily what you really want.

Check out this “ad campaign”…it is really a spoof, but it certainly points out some of the types of requests designers are faced with.

client makes crazy requests of advertising designer

So the designer dutifully makes changes, with the magic of photoshop, and you can see the results as the designer created a “cheesy” version of this ad

designer creates cheesy version of advertising campaign

Of course, you guessed it, this is not the end of the requests for the intrepid designer…

advertising campaign change requests 2nd round

Clearly some of these requests are pretty ridiculous, but from the designer’s perspective, they may not be as far-fetched as some of the real requests they get.

The Designer’s Final Submission for the Advertising Campaign

designers final advertising submission

Designers want to make clients happy, and will try their best to incorporate changes that clients feel are important to their message.

The key take away (IMHO) is to communicate upfront what your intended message is. Of course to do that, you Mr or Ms Client must know what that message is. When you have a clear idea of what you want your customers to feel or learn about your product–the kind of image you want to project into that happy internet, the better the designer can get the job done. And the job will give a better result, more quickly, for less money.

So if you want an image that is more fantasy, or you have specific thoughts like aliens enjoying your product, tell the designer upfront so they can incorporate those ideas into the design from the very beginning.

Sometimes a reshoot is a cost effective solution. Other times, the magic of photoshop is key. Often it may be both.

And please, if you radically change your concept, understand that your designer may also radically change their fees.

Thanks to DesignTaxi for the original article

Thanks to Kimiko Foo for the translation

Facebook Moves to Block Fake News

New Facebook Update Expected July 17 will Affect Your Ability to Edit Posts–But is that the Right Answer?

Fake News keyboard

In late June, Facebook announced they were taking steps to make if more difficult to edit what readers see in the “preview windows”. In reality, this ‘preview’ is all that many people actually do see.

And there is the underlying problem. Many, if not most professional “publishers”–the loose term given to anyone who posts content on the internet–make changes to the headlines and descriptions.

Why do we do this? Because we want people to click on our post. We want people to be so moved by what they see, they click it and “read all about it”–on our site, rather than the competitions.

Some publishers are really good at writing compelling copy that results in lots of people looking at their websites.

NASA runs a child-slave colony on Mars!


Photos taken by a Chinese orbiter reveal an alien settlement on the moon!


Shape-shifting reptilian extraterrestrials that can control human minds are running the U.S. government!

The above are some of the headlines that have been purported as truth in the media. (Thanks to Scientific American for these.)

So what is the problem with allowing people to edit the headlines and description?

Most people just want you to click on their site, but are not intending to pass off false information. There are more nefarious types out there though whose main goal is to make you believe things that are just not true.

Fake News cartoon by Frederick Burr Opper

This isn’t anything new. As the image above shows, Fake News has been an issue for a lot longer than Facebook or the Internet. The image is a portion of an illustration of reporters with “fake news” dating to 1894 by Frederick Burr Opper

There are more examples of fake news being propagate in history in this article by Scientific American.

Now, it may be that the headline and description are merely provocative, and if you were to read the actual post it would not be ‘fake news.’ The problem is that, as we mentioned earlier, most readers don’t bother to click and read more. They actually believe the headlines and descriptions, and share that information as if it were the wisdom of the ages.

After all, if we read it online if must be true. Right? Not right? Really?

Our goal is to support publisher workflows and app functionality, while limiting malicious misrepresentations of underlying link content. As content customization evolves we continue to work closely with our partners to support the best tools for sharing links on Facebook.

Even though Facebook is attempting to clean up the information stream that they control, it is still smart to question anything that you see online. Even if it is “everywhere”–probably even more so if it is everywhere!

Facebook of course is not the only entity facing this issue. Most of the social media outlets are looking at their policies, and trying to determine how much policing they should, or want to do.

Fake News is News Worthy!

PolitiFact is actually covering Fake News as a newsworthy topic!

There’s an interesting discussion happening now about the spread of fake news on the Internet and what companies like Facebook, Google and Twitter, among others, should do to stop it. That’s a healthy conversation to have, and one we hope continues in the weeks and months ahead. But that doesn’t mean we can’t do something now. Here at PolitiFact, we’re beefing up our coverage of fake news to help our readers better sort out fact from fiction on their social media feeds. The claims can be about anything — politics, entertainment, a fishy-sounding medical cure.

There is no 100% fool proof way to verify that what you are reading is the truth. Reading the real article and not the “cliff notes” version is a good start. Be willing to read and engage your brain. Rather than having a knee jerk reaction and sharing everything you see, pause, take a deep breath.

Let us take a little bit of responsibility for what we believe. Maybe we’re being unkind. Scientific American in their article, How Fake News Goes Viral says that maybe we’re aren’t just super gullible. It could be that we are just overwhelmed with information.

“If you live in a world where you are bombarded with junk—even if you’re good at discriminating—you’re only seeing a portion of what’s out there, so you still may share misinformation,” explains computer scientist Filippo Menczer of Indiana University Bloomington

But, even SA admits that the solution may rest on the shoulders of the readers. At least, that is what they said in February: The Ultimate Cure for the Fake News Epidemic Will Be More Skeptical Readers. Despite computer algorithms, we have to be more discerning.

Is it true is it kind is it necessary

And in the words of the poet Mary Ann Pietzker, ask yourself, “Is it True? Is it Necessary? Is it Kind?

In an example of the internet getting it wrong, this quote has been claimed, with some slight variations, to be the words of Buddha, of Sai Baba, and an ancient Arabian Proverb. No doubt there are others who have claimed the words, or attributed them to someone else entirely!

Thanks to Facebook, Scientific American, and PolitiFact for providing us with just the facts, ma’am.

Image of the special Fake News keyboard credited to Credit: Peter Dazeley Getty Images and appears on Scientific American, from their article “How Fake News Goes Viral—Here’s the Math”

Read more about Fake News on Scientific American:

Windows Ransomware Attack Underway

Patch Available for Ransomware Attack

microsoft icon

You are going to want to cry–unless you make sure you are protected

WannaCry Ransomware

Wordfence security software has announced they have confirmed a serious virus called  WannaCrypt0r/WannaCry has affected Windows computers. Reputed to affect computers on shared networks, the virus has been reported in at least 74 countries worldwide.

According to Kaspersky Lab there have been more than 57,000 individual instances reported to date. And that number is growing rapidly.

Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.

This virus is of the type known as ransomware.

Why ransomware? Because it will take over your computer, completely locking it down. You can’t access anything. Then a pop-up screen appears, announcing that you can liberate your device by paying them for a special tool or decryption device.

Is Your Windows Computer Safe from this Ransomware Attack or Infected?

Clearly, if you see the ransom notice on your computer, then you have been compromised.

However, experts don’t yet know how long the virus may be resident on your computer BEFORE it actually takes over and locks up your system.

Have you accessed a public network with your computer? If you took your laptop to a cafe, used it at another place of business, for example, they you may have received the infection.

microsoft building ransomware attack response

The Good News

Microsoft has been aware of this vulnerability and released a fix back on March 14th for Windows. If you have automatic updates enabled, you should be fine.

If you don’t have updates automatically, be sure to check to see that you have the latest release.

Click to read more about Microsoft’s take on ransomware attacks.

There are older versions of Windows, (XP, for example) that are no longer supported by Microsoft. These did not receive the security update–although there are reports that Microsoft is changing that policy and may issue, or may have already issued a patch for these users as well.

This report is courtesy of our friends at, to read more about this specific attack, please read their May 12, 2017 blog post.

Kaspersky Lab is a  multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated by a holding company in the United Kingdom.

Learn more about internet security and keeping your online business safe.

Don’t Read Terms, Just Agree

Terms of Service Resulting in Spam is Quick Way to Get Your Site in Trouble

stack of dictionaries

Yes, we know they are long. Yes, it can be as exciting to read as reading the dictionary.

Yes, most of the time they are pretty standard. But what about when they aren’t?

We’re talking about Terms and Conditions or Terms of Service. You know, those things you have to click “I agree” to before proceeding–on just about everything on the internet these days.

It is easy to get lazy. Especially when you have read a bunch of them and they all seem to be the same. Pretty much verbatim the same, in fact.

But there are people who, whether intentionally or not, will provide you with a ‘service’ that can actually harm your website. Sometimes you won’t even know it. But Google and other search engine bots might. They might actually interpret it as spam or something else that is against their policies–and that is a big problem.

And that’s where the problem begins.

Case in point is the 404 to 301 Plugin, but it isn’t the only one. And to their credit, the authors of this plugin have theoretically already fixed the issue that was causing the main problem with Google.

So, read the terms of service or terms & conditions. If you don’t understand what it means or the implications, then wait before you install. Talk to someone you trust who can advise you.

Mistakes can happen, even when you are careful. So monitor your website’s health. Keep backups in case you need to “roll back” your site to an earlier date. Consider a security software.

This isn’t meant to scare you, just alert and educate. You can’t be expected to know everything about your business and the internet, too. That doesn’t mean you shouldn’t have a website. It just means sometimes we have to get help from someone else.

After all, just because I can watch a YouTube video on how to fix my car, paint my house, or trim the trees in my backyard, it doesn’t mean that it is necessarily a good idea. I might save myself some money–or I might make more money by focusing on my business and paying someone else to take care of these things.

Neither way is inherently right or wrong. Just be smart about it. Do you enjoy learning new things–go for it. But if you are frustrated or overwhelmed, or not having the success in your business that you want, and deserve, then focus on that.

Read the blog post by WordFence security for more info.

Not on Angie’s List? Why Now May be the Time to Reconsider

How Angie’s List’s New Free Membership Could Impact Your Business

Read about Angie’s List decision to offer a new free membership and how it can help local business SEO…

Angie's List Business Owners page

Perhaps you have heard about Angie’s List and were not sure if it had much of an impact on your local business.

As a local business owner, you should know that many customers and potential customers have found the List to be a great place to read, and place, reviews on local businesses.

Like many review sites, a reviewer must join Angie’s List in order to place a review. Not only that, they have to be a member in order to read other reviews.

For many, both consumers and businesses, this was a small stumbling block.

While many people have joined, others have balked because there was a membership fee. Some found the fee to be worthwhile and others decided they would rather use one of the free review sites.

Since the fee did deter some people from using the site, you might have decide that Angie’s List was not that relevant to your business, so you didn’t bother to even claim your profile. (Yes, you might have a profile–and some reviews–there and not even know it, in this case!)

You could be on Angie’s List already and not even know it.

Angie’s List is a community where members and local providers can connect. Your profile is your first impression to members, so make it count! Build a robust profile that includes a business description, operating hours, areas of specialty, responsiveness, reviews and more. Members consider this information before deciding who contact.

After you interact with members, they submit reviews on their experiences. Reviews are given in the form of a letter grade, and are a great way to gain insights about how customers and patients view your services.

Angie’s List reviews are:

      • Never anonymous

      • Verified by BPA Worldwide’s certification process

      • Submitted online, through mail or over the phone

      • Easily accessible to read and respond

Well, hang on to your seats…because Angie’s List’s new CEO has decided to offer a free “green” membership.

This is great news for your local business because now even more people will be able to see your profile page and all your positive reviews–without having to pay ‘for admission.’

Angie's list graphic

We have long encouraged our clients to claim their profile on AL if their business was in one of the appropriate categories. Now, they have not only providing a free membership, they have also expanded the list of business categories, from Air Duct Cleaning to Welding!

Angie's List Categories

One of the benefits of claiming your business profile is that you can manage your reviews. Keeping on top of both positive and negative reviews is essential for your business.

On review sites, whether Google, Yelp, Brownbook, Angie’s List or others you want to be sure you are responding promptly to negative reviews. Your prompt response gives you the opportunity to rectify any situations that need to be fixed–and let the customer (and others) know how you have handled it. All good PR, and it should be SOP (standard operating procedure) for any business.

Angie’s List is one of the review sites that is also excellent from an local business SEO perspective–one of the other reasons we suggest claiming your business listing. AL is seen as a trusted site, which links out to your site–and you can link to theirs–and that all is good search engine “mojo.”

So what have you got to lose? If you haven’t already claimed your listing, this just might be the final push you needed to convince you that it is a good idea.

3 Important Facebook Changes Every Local Business Should Know

Heads Up! Facebook is rolling out lots of new changes

Some of the changes are “available” now…meaning, they are live. You may have already discovered some of them, either with joy or consternation.
Facebook changes for local business

If you don’t see these changes on your page yet, just keep this as a reference, because they are coming. Or maybe not…some changes are based on the category that you selected when you created your page for your local business!

Let’s cover 3 changes that are immediately apparent right on your Facebook cover.


Facebook create page username

This should be a great help for people wanting to find your business on Facebook, especially if your name is very common–or very long. Now you can create a unique username.

This option was not available, at the time of this writing, on about half of the pages we are Admins on…and these pages cover a variety of page categories. Not sure if it will be in the future or not. So for now, we are showing a different page as an example.

But if you have the option, this is what you do:

Click on the link “Create Page @username”

A pop up window will appear that allows you to type in the username of your choice.

Some of the tips that Facebook provides include (our comments are in italics)

  • You can’t claim a username someone else is already using. so if you want your name, act FAST
  • Choose a username you’ll be happy with for the long term. Usernames are not transferable, and you can only change your username once. TRIPLE check your spelling!
  • Usernames can only contain alphanumeric characters (A-Z, 0-9) or a period (“.”).
  • Periods (“.”) and capitalization don’t count as a part of a username. For example, johnsmith55, John.Smith55 and john.smith.55 are all considered the same username.
  • Usernames must be at least 5 characters long and can’t contain generic terms or extensions (ex: .com, .net).
  • You must be an admin to choose a username for a Page.
  • Your username must adhere to the Facebook Statement of Rights and Responsibilities.

Once you have successfully created your Facebook Username you will get a pop up window that says “You’re all set!”

Your page can now be found by visitors by putting the following into the URL: (in this example that would be

If a potential visitor is already on Facebook, they can enter @YourUserName into the Facebook search field and find your business. Again, if your business name is long, or common, this can be very helpful.

People can also send your page messages at


Facebook Add Action Button

When you click on this button a popup appears that allows you to Create a Call-to-Action Button.

You can select any of the actions in the list, and that action will come up on your Facebook page, where the “Contact Us” is shown above. The Contact Us button gives you an opportunity to link to your Website’s contact page

This feature can be great, for example, if you want people to be able to easily call you—choose the Call Now button. If you want someone to be able to book an appointment you can link to your scheduling page so the potential patient goes directly there by clicking Book Now.

The Send Message function allows someone to send a message to your via Facebook’s messenger. A word of warning: consider your business needs and your schedule before you decide to go with this one or you may find yourself inundated with messages, or be taken away from your other important tasks. For folks who want instant messages from clients and who can handle the work themselves or via staff, this can be a great tool.

Shop Now is another button that can take someone to your website. This may be great if you are a services business that also sells products. If you are a store, you may prefer to have a different Shop function that creates a virtual store on your Facebook page.

Sign Up is another button that can take someone to your website, you would direct them to your opt-in page.


Facebook Use As Page feature

One of the things local businesses have been frustrated about is the fact that Facebook has taken away the “use as my page” feature. (If you still have it, enjoy it…it won’t last!) There is a workaround for much of this, and it is under the 3 dots next to the Message box.

Click on the 3 dots and you will have several options including

View as Page Visitor, which lets you see what someone else sees when looking at your page. We think this is pretty neat. Sometimes as the Admin of a page you see things that you don’t want other visitors to see. This button allows you to double check that that is what is going on, or give you the opportunity to make changes if visitors are seeing things that you’d rather they did not.

The “Like as Your Page” action is for when you find a page that you want your business to like (rather than liking it as your individual page)…so in this case, we’ve found a photography magazine page that NaturePhotoDigest would like, so on THAT Facebook page, we click “Like As Your Page” and then if you are Admin on more than one page, you will see this message

Facebook Like as Your Page feature

Now you simply select the correct page from the dropdown list…note, if you don’t see your page on the list, it is probably that you have already liked it!

Going back to YOUR page and the 3 dots, there are other functions that you will be able to do from here, such as view your page’s Insights and even create a new page.

Of course, those features won’t be available to you for pages you aren’t Admin on.

Hold on to your seats. There are lots of Facebook changes that local businesses should know about in store.

Dump QuickTime Now

Apple No Longer Supporting QuickTime on Windows, vulnerabilities found

Dump QuickTimeWhile Apple insists the QuickTime plugin will still work, however it has not been properly updated to work well with Windows 8 or Windows 10.

Now is the time to dump QuickTime, at least according to the United States Computer Emergency Readiness Team, an organization within the Department of Homeland Security. US-CERT, as they are otherwise known is tasked with keeping the internet safe.

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.

Industry experts and the government are urging us to remove QuickTime from our Windows computers. This reaction is not solely because of Apple’s decision to not support the plugin for Windows. Two critical vulnerabilities have been discovered, that if QuickTime is left on your computer could leave your system open for attack. Since Apple is no longer supporting the plugin, these openings are not going to be patched.

Dump QuickTime vulnerabilities

According to Trend Micro:

…ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows. That is the only sure way to be protected against all current and future vulnerabilities in the product now that Apple is no longer providing security updates for it.

US-CERT also recommends uninstalling the plugin from your Windows based computers

…using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime

Many Windows users wonder about how they should play videos if they no longer use QuickTime. Fortunately there are many options available to us. You can still use an Apple product, iTunes, to play video and audio files. Your Microsoft computer should also have a built-in media player that will also work. Of course there are other companies who provide players as well if you are interested in a third-party solution.

The lack of support is not new. Companies often phase out support for older products. Microsoft itself no longer supports Windows XP, and is scheduled to stop supporting Vista this year and Windows 7 in 2020. Apple actually began this phase-out in 2013. In January of this year the QuickTime browser plugin for Windows was axed.

QuickTime 7, which is the latest version of the product, was introduced in 2005. It has been replaced on Mac machines since 2009. Those machines use the newer QuickTime X, which according to Trend Micro, doesn’t have the same vulnerabilities. There is no “X” version of QuickTime for Windows.

We find it interesting to note that Apple still has a link on their site allowing users to download the QuickTime plugin for Windows. Apple does not state on their site that the plugin will no longer be supported, nor do they, at the time of this writing, urge users to uninstall the plugin.

Sources: Wall Street Journal, 9 to 5 Mac, The United States Computer Emergency Readiness Team, Trend Micro

Did Plugin Result in Resignation of Iceland’s PM?

Could the Panama Papers Breach Been Avoided with Basic WordPress Security?

Read how a simple WordPress plugin may have enabled Panama Papers leak


By now just about everyone has heard about the “Panama Papers Breach.” The fallout is still coming from this leak of over 11.5 million documents, but at the very least the Prime Minister of Iceland has been forced to resign as a result. Russian President Putin and British Prime Minister David Cameron are also caught up in the controversy.

The Panamanian law firm Mossack Fonseca is at the center of the swirl. Our friends at WordFence security have done some testing and they have made a shocking discovery:

The Panama Papers Breach may have been a result of an outdated WordPress Plugin!

Forbes has reported that Mossack Fonseca (abbreviated as MF…how appropriate!) provided a portal for their customers to access their data. This portal reportedly was using an old, vulnerable version of Drupal. WordFence did their own digging and found this:

The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server.

Viewing this link on the current MF website to a Revolution Slider file reveals the version of revslider they are running is 2.1.7. Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.

MF has since put their website behind a firewall, but only within the last month did this happen.

On top of having an out of date plugin, and providing access to their website via an unprotected portal, it seems that MF also used the same server for their website as their email server.

While these hackers may have done the world a service by exposing corruption, learn a lesson from the failings of MF. Protect your business and your clients by securing your website.

Read more, or watch the video on CNN here

Read more about the possible plugin connection on WordFence’s blog here

Is Your Website Back Door Unlocked?

Over 300,000 Users May Have: Read Latest Website Security Update and Make Sure You are Locked Down

Website Security Updates from Internet Advertising that Works

The plugin User Role Editor has been reported to provide a backdoor way for your users to gain controls that you may not want them to have.

This popular plugin, which has more than 300,000 active installations has a serious vulnerability.

The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole.

As we mentioned in our post about Internet Security last month, it is important to keep your plugins current. Be sure to update your plugins immediately, and if you do have User Role Editor on your site be sure to upgrade to the latest version (currently that is 4.25.)

Read more of the technical bits on the WordFence blog post here