Follow me

Many people can’t see your website. Here’s how to fix it.

Bank Security Guard by Brad & Ying.

You’ve spent all that money and time building a perfect website, but can people actually see it?

I periodically hear from friends at some large enterprises that they can’t see the sites we manage (VersatileVC.com, Teten.com, and PEVCtech.com), because their corporate firewalls block them. Given we don’t have any NSFW content, this is both surprising and annoying. I’ve also seen some of the companies in which I’m an investor run into the same problem.

I worked with Akshat Dixit, an intern at Versatile VC and a Computer Science and Economics double major at North Carolina State University, to research this. We wrote up a summary of our learnings.

We found out that some corporate firewalls were miscategorizing our sites. They might classify versatilevc.com in a category like “careers”, and didn’t want employees using their work computers to search for new jobs.

To whitelist our sites, we started by looking at three free services:

  • Blacklist Alert checks various lists of malicious/blacklisted domains and IP addresses to see if your domain is listed or not, for different types of spam.
  • Google Safe Browsing checks billions of URLs and keeps track of the ones that are safe to visit and those that have been compromised or are unsafe.
  • Sucuri is a tool to check websites for security issues, blacklisting, malicious errors, and more.

Of the leading firewall vendors, several offer an easy way for you to check how your site is being categorized. We recommend you look up your site on Barracuda, BrightCloud, Checkpoint, FortiGuard, McAfee, Sonic Wall, Symantec, and Palo Alto Networks.

We looked for an automated way to whitelist our site, but couldn’t find it. (There is definitely a startup idea here, although you’ll have to worry about bad actors misusing it to increase their own sites’ reach.) If your site is miscategorized, we suggest you reach out directly to each list/service, with an email similar to what we used: 

I write on behalf of versatilevc.com because we believe it is misclassified in your database. As a result of its classification, it is inaccessible to many users who are behind a corporate firewall, who are potential partners for us.

The site is currently categorized under “Job Search & Career Development,” but it is actually a personal blog. Please let me know if any other information is necessary to make the appropriate change in classification. Thank you for your time.

To avoid getting blacklisted in the first place, here are some of the steps we have taken or are taking. Thanks to Scott Allen, CEO, TheVirtualHandshake.com (past coauthor), and Brian Bigda and Danni Norwood of Ella J Designs (my designer) for many of these recommendations. Unsurprisingly, these are also recommended basic hygiene for SEO, privacy, and security in general:

Links

  1. Double-check all links on your website, especially ones to external sites from your website. If they’re broken or mistakenly lead to phishing or spam websites, your website could get blacklisted. 

Privacy

  1. Make sure you have a CCPA and GDPR compliant privacy policy, and that it is updated at least once a year. (We’re going to do this soon.)
  2. If your site uses cookies, you’ll need a cookie permission check.  You might be surprised to learn, for example, that WordPress uses cookies by default to remember a user’s name and email address if they leave a comment.  Also, some plugins use cookies, as well.

Security

  1. Make sure your site has SSL both enabled and defaulted.
  2. Keep your content management software and any plugins up-to-date. Developers are constantly patching backdoors or vulnerabilities and if you don’t keep the latest version of all software, you’re allowing hackers to exploit these openings. It is also important to use plugins that are supported and routinely updated by the developer; the small cost of a license is worth it.
  3. Use an automated malware scanner, e.g., Sucuri, to ensure that your website is not host to any malicious code such as trojan horses that could get your site blacklisted.
  4. Make sure to maintain strong as well as unique passwords for access to your website to avoid brute force attacks or hackers reusing login credentials from breaches from other websites to gain access to your site.
  5. For WordPress sites, change the admin login page. The default is yourdomain.com/wp-admin, which everyone knows. If you change it to something unique, it will be a little harder for hackers to locate automatically.
  6. Use a secure hosting provider. A secure and reputable hosting provider will not only improve site speed, it should provide continuous monitoring, strong firewalls, and built-in server-side security can help detect vulnerabilities and prevent security breaches. 
  7. Limit login attempts. This will prevent brute-force attacks, when a hacker uses a bot to quickly run through billions of potential username-password combinations in the hopes of guessing the right credentials eventually.

Thanks to Taimur Hassan for help researching the initial version of this research.

Enhanced by Zemanta

Get invites to exclusive events and research.

Discuss On Twitter