White Fir Design Blog

A Good Reason Not to Advertise on Reddit

With the amount of problems with major platforms for advertising online, looking for better alternatives makes sense. Recently we have been trying out advertising on Reddit again, to see if running ads on there is a good idea now. When setting up ads with their system, one thing that seems rather significant is that by default commenting on ads is disabled. Considering that discussion is a major part of Reddit, you might wonder why that is.

While we haven’t enabled commenting to see what happens, we got somewhat of an idea of what might happen, based on a contact form submission we received. The subject of the message was “You Dumb?” and the body read:

You Dumb? Seems like it. WTF you doing advertising Magento websites on Reddit and get a drop-off link a MS FrontPage 98 website?

Bitch, please.

Beyond the childish tone of the message (though likely from someone well into adulthood, considering the reference to MS FrontPage 98), the criticism leveled doesn’t make much sense. If you want to criticize the look of our website, fine, but we were not “advertising Magento websites”, but upgrading them. That is both clear in the ad and the landing page. The look of our website shouldn’t be all that relevant, since an upgrade shouldn’t change the look of a website. We would have pointed this out to whoever sent this, but they provided a bogus email address. Are there a lot of advertisers looking to reach people that are spending time doing something like that at 10pm on a weeknight? Probably not.

We have also received multiple messages from people clicking through our advertising on Reddit looking for services that were only tangentially related to what was being advertised and not related to anything we offer. Some of these messages were also not totally coherent.

If you are running advertising looking to take advantage of people, based on this, then Reddit might be a good option, but for legitimate advertisers it looks like a lot of who you could reach, wouldn’t be who you are interested in reaching.

Upgrading OpenCart Doesn’t Require Migrating Products or Other Data To a New Install

A question that comes up from time to time in relation to us potentially doing upgrades of software on websites and recently came up in relation to doing an upgrade of OpenCart, is does the data, in this situation product data, need to be migrated or moved into the upgraded version? The answer is no.

It wouldn’t make much sense to do an upgrade if you need to restore all the data, why not just do a new install in that situation? There are some situations where moving to a new version of web software, you need to do just that, but those are referred to as migrations, not upgrades.

Dealing With a Hacked WordPress Website Without a Backup

One question that comes up from time to time when we are brought in to deal with hacked WordPress websites is can the website be cleaned up if there isn’t a backup. In almost all situations, the answer is yes, and in fact a backup usually isn’t all that useful for cleaning up the website.

One suggested solution for cleaning up a hacked WordPress website, or websites using other software for that matter, is to revert to a clean backup. The big problem with that is that the backup has to be clean, reverting to a backup that from when the website was already hacked, won’t solve the problem. Since hacks can have started well before it becomes noticed, simply reverting to a backup from before you were aware the website was hacked isn’t always going to do the trick. Assuming it can be figured out when the website was originally hacked, most of the work needed to clean up the website without a backup has likely already been done.

The work needed to clean up the website without a backup can also be important for determining how the website was hacked. If you don’t figure out how the website was hacked, then you can’t insure it won’t get hacked again because of the same issue. (Surprisingly, a lot hack clean up providers that claim to have expertise in dealing with hacked websites, don’t even try to figure how websites have been hacked, leading to far too many of their customers’ websites getting hacked again.)

Another issue with reverting to a backup is that you need to do the reversion correctly. Done incorrectly files that were part of the hack could still be on the website or the website could be broken (sometimes in a way that is only realized later).

The exception to the ability to do a cleanup without a backup would be if the files or data has been deleted or is damaged beyond repair, which in almost all instances isn’t the case.

Microsoft Advertising’s Dynamic Search Ads Fail to Deliver on Claim of Reaching Relevant Searches

Yesterday, we wrote about Microsoft poorly auto-generating ad copy for customers of their search advertising system. While it appears they haven’t done basic testing, as many of the ads generated for us are incoherent, among other issues, they have started auto-apply these ads. That is part of a larger initiative by Microsoft to automate the advertising process, where even what seems like it should be a lot easier to handle than generating ad copy, isn’t even close to being where it should be before being widely available.

Another piece of that involves dynamic search ads. Microsoft describes those with the following:

Dynamic search ads provide a streamlined, low-touch way to make sure customers searching on the Microsoft Search Network find your products or services.

In marketing these, Microsoft also claims they allow you to “[a]utomatically target relevant search queries based on the content of your website” and that they “can help you find customers searching for precisely what you offer”. At least in our case, based on the ten “search queries that could trigger your ad” they show right now, that isn’t true at all.

Four of the queries shown are hosting related, despite us not being in the hosting business:

wordpress vimeo hosting sixt
web hosting wordpress plans
best wordpress hosting sites
wordpress hosting

With one of those, “wordpress vimeo hosting sixt”, we couldn’t find what that would refer to.

Another could probably be classified similarly:

wordpress com

Another is website builder related, despite us also not being in the website builder business:

best website builder

Three queries involve software that we provide services for, but someone searching for just the name is not “searching for precisely what you offer”:

wordpress
magento
woocommerce

Since the services we offer involve things for people already using the software, it seems unlikely someone searching just on the name of it would be looking for that.

Finally, there is a query that doesn’t seem like it would be related to something for sale:

wordpress login

Overall, it looks like they have combined, for the most part, common searches that are very loosely related to what we offer. Having us advertise on those things seems like it makes sense for Microsoft, since they can make more money that way, but not for us, since it would target searches that have nothing to do with our business.

The saving grace with these two automated features is that they can be disabled, that isn’t true of other parts of the search advertising that overrule what advertisers want.

Microsoft Advertising Now Generating and Automatically Running Incoherent Ads for Customers

The quality of Microsoft’s search advertising system has gone down over time, as has Google’s, as they have taken more and more control away from advertisers. At best, they greatly overestimate the ability of their system to produce good results. At worst, they are intentionally doing things to increase their revenue, knowing that they are increasing costs for their customers while producing worse results for them.

About a month ago Microsoft announced they would start automatically running ads for customers generated by Microsoft, without the approval of customers. That seems rather ill-conceived idea, as they are putting words into the mouths of their customers. But much worse, looking at ads that have been generated for us, the implementation is even more ill-conceived, as the ads are often not even coherent.

When customers go to the Microsoft Ads web interface, they might now notice a somewhat vague message about this:

We’ve created recommended ad(s) which could improve your performance. Please review these recommendations as they may be eligible to automatically apply at a later date.

From there you can see up to 50 ad suggestions. While a few of the ones currently suggested to us are decent, most are not close to that. Here is one where the ad text looks like it mixed up the words install and upgrade:

As written, it doesn’t make sense.

In another example of this, this text seems like it should refer to second best instead of second chance:

Somehow they are messing up phrases like that.

This ad text combines an incoherent message with this odd capitalization of a word with an apostrophe in it:

It would appear their system isn’t advanced enough to understand not to add capitalization there.

Sometimes the headlines and ad text don’t go together, this headline makes no sense in the context of the service being advertised or the ad text:

The ad text of this one claims we provide an alternative to something that isn’t a thing as far as we are aware:

Others advertise services we don’t offer, like this one offering to install PrestaShop:

Here is the ad text for another one, which, among other issues, emphatically claims we do something, which we don’t do:

Probably the worst ad though suggests we get websites hacked:
It doesn’t look like Microsoft did basic testing before rolling out these generated ads.

Despite them creating this content, they have a notice in the documenation for that says that it is the customer’s content:

Any ads or content created by Microsoft Advertising as part of this program are subject to editorial review, and will remain your “Content” as defined by your Microsoft Advertising Agreement.

The Likely Reason Malware Keeps Returning to Your WordPress Website

One question that comes up from time to time when dealing with malware infected WordPress websites is why does malware keep returning to the website. While there are multiple reasons that can occur, what we find most often with websites that keep getting infected, WordPress or otherwise, is that they haven’t actually been infected more than once. Instead, the original issue was never fully resolved.

While some malware can be difficult to fully remove, in most cases what we find is that corners were cut during the cleanup process. That isn’t just an issue with hiring someone who doesn’t have much experience with malware infected websites, as we have often been brought in to re-remove malware form websites when that is the case with supposedly reputable providers. That includes companies who are frequently promoted by journalists, despite what they are covering being itself a pretty big warning that something is a miss with the company.

To properly clean up malware on a website, there are three key components:

Removing the malware.
Getting the website secured as possible (which usually involves getting any software on the website up to date).
Trying to determine how the website was infected and fix that.

If a company’s marketing material doesn’t focus on those, then there is a good chance they are cutting corners. You might get lucky and not experience the downside of that, but if you are like lots of people hire us after having hired someone else, you end paying more and dealing with more problems than if just hired us to remove it in the first place.

It Is Hard to Believe How Poor SiteGround’s Support Documentation Is

From our experience people trust their web host to provide good advice on dealing with problems with their websites, but also from our experience, unfortunately, the advice is often useless and sometimes even harmful. Since most of that is coming from one-off exchanges with support personnel, it is hard to attribute that to a general issue with the web host. But with a recent instance involving SiteGround, the public advice they provide in their support documentation is so bad it is hard to understand how it exists in that form.

With a website we have been brought in to do some work, a problem needing to be dealt with was at least part caused by an ill-conceived action taken by the SiteGround, but in trying to resolve that our customer had tried to resolve another issue, a mixed content error. Mixed content refers to having content on a page being served over HTTP when the page itself is served over HTTPS. SiteGround provides instructions on dealing with that, on a page titled What Is Mixed Website Content Error and How to Fix It?. Under the heading “How to fix the mixed content error” they write this:

The fastest way to solve this issue is by using the functionality ‘Force HTTPS’ in the SG Optimizer plugin. It will redirect all the traffic for your website to HTTPS which should help avoid mixed content, except in some cases of remote resources still being pulled over HTTP.

Then the first step to do that is:

Install the plugin by logging into the WordPress Admin > Plugins > Add New.

You can only log in to the WordPress Admin if your website is using the WordPress software, so these instructions are only relevant for WordPress websites, but that isn’t clearly noted. The first mention of WordPress is in step 1. After getting through all the instructions, they write this:

If you are not using WordPress or even after using SG Optimizer there is still mixed content on the website pages, then you can use this online tool to find which content is being served via HTTP. You would have to attempt to correct all of them to load over HTTPS manually, based on the specific elements.

Wouldn’t you want to note that the instructions are not relevant to websites not using WordPress before providing them, and not after?

It isn’t like that is something that you can only come across from their website with notice that it applies to WordPress. At the bottom of that page a related article, How to enable padlock on my site?, is listed. The totality of the information provided on that is, with a link to this page at the end:

Your SSL certificate is installed and valid.

The website is working over HTTPS.

There are no elements loaded over an HTTP connection (mixed content).

SiteGround Doesn’t Even Warn Their SuperCacher Caching System Can Break Website Functionality

Less than a month ago we wrote a post that mentioned a recent situation where a Zen Cart based ecommerce website was not allowing products to be added to the shopping cart in some instances, which is a big problem. The source of the problem was caching done by a web host we didn’t mention in the post. The same exact issue has come up with another website and this time we had access to the web host’s control panel, so we could better see what is going on with the web host, SiteGround, and things don’t look good.

When you go the settings page for their SuperCacher caching system, you are provided with this information about it:

SuperCacher services are developed by our server optimization experts to increase the number of hits a site can handle seamlessly and dramatically boost your website’s loading speed. There are 3 different caching options for maximum optimization of your websites. Our tests show that a website using simultaneously NGINX Direct Delivery & Dynamic caching along with Memcached can handle 100 times more hits than a regular website without any caching.

There is no warning that the feature can cause problems, like the one we have now run across twice in less than a month. Perhaps they don’t understand the implications of what they are doing, which is quite problematic considering the caching causing the problem with those websites is enabled by default.

Disabling Dynamic Caching

If that were not bad enough, while two of three types of caching provided, NGINX Direct Delivery and Memcached, can easily be disabled on the feature’s settings page, the one that is at issue here, Dynamic Caching, can’t. The tutorial for the feature, which is linked from that page, also doesn’t currently provide any information on disabling that. If you use the search function accessible on that tutorial, you also won’t find the information. There is a page on a separate part of their website, for some reason they have two different support sections, explains how to disable that using code added to the website’s .htaccess file.

Update – 4/16/2021 – SiteGround doesn’t provide a way to contact them through their website unless you are a customer (which is odd), but we tried notifying them through Twitter about the problem they are causing here. They responded, but the response wasn’t good, starting with them stating that performance is apparently more important to them than not breaking websites:

One of our primary goals is to ensure the best possible performance of all sites hosted on our servers and our caching setup plays a major role in the process.

The rest of it involved them ignoring the reality of the situation, so it doesn’t seem like they are a great option for a web host.

Dealing With Zen Cart Creating Many Log Files After Increasing PHP Version in Use

Changes in newer versions of PHP have led to more warnings being issued about code that isn’t correctly written for more recent versions of PHP. This is a more prominent issue for Zen Cart websites, since it can lead to the “logs” directory quickly filling with many files. That is something we have been dealing with quite a bit recently while working on upgrades of Zen Cart, which often coincides with switching to a newer version of PHP.

Making the situation more complicated is that the directory can also contain messages about errors, in which an issue with the website caused it to not function, alongside all those warnings of things that don’t currently cause the website to not function.

While changing back to the older version of PHP would stop those files from being created, if you are changing back to PHP version that isn’t supported anymore, you are reintroducing security risk. Though we should note, it has been quite a long time since a security issue in PHP was a major source of hacking.

More permanently dealing with the warning log files involves addressing what is being warned about. That starts with making sure you are using a version of Zen Cart that is compatible with the PHP version in use. From there, updating other software on the website may resolve issues, if the newer version has had changes made related to those. Once that has been done, that leaves you with other third-party code that needs to be updated. Those with some familiarity with PHP code or coding in general can probably handle making those changes. Others will probably want to find someone to handle that for them. With much of what needs to be dealt with, a prior familiarity with Zen Cart isn’t necessary.

While some of the issues we have run across are more complicated, most of the issue that need to be addressed are easy to fix. Take one common issue in our experience, usage of PHP 4 style constructors. The log files will provide a warning like this for that:

PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; rialto_export has a deprecated constructor in /home/[redacted]/public_html/includes/classes/observers/class.rialto_export.php on line 9.

Opening the file listed shows that class rialto_export has a constructor of the same name:

class rialto_export extends base {
	var $client, $web_username, $web_password, $success_message = false, $error_message = false;
 
	function rialto_export() {

That can be resolved by renaming the function to “__construct()” like this:

class rialto_export extends base {
	var $client, $web_username, $web_password, $success_message = false, $error_message = false;
 
	function __construct() {

For most issues, doing an internet search on the warning message will bring up documentation on how to address it.

With our Zen Cart upgrade service, we now include resolving any issues being warned about in the “logs” directory at no additional cost. If there is a interest in a service for dealing with those separate from an upgrade, please contact us.

Hiring a Freelancer Isn’t Necessarily Going to Save You Money on Web Development Tasks

We often deal with people managing their own websites who would probably be better served to hire someone to handle things for them on a continuing basis instead of handling things through a combination of doing things themselves and hiring someone like us or freelancers on a one-off basis. It’s worth noting that they are not necessarily even saving money by hiring freelancers to do work. Take something we ran across on a freelancer website recently while looking for some unrelated information. The person hiring a freelancer wanted a very simple .htaccess redirect written:

I need a website to redirect to www version and https in one hop. In other words, if user enters non-secured domain, it always needs to redirect to www. version.

For example, if they enter “[login to view URL]” it needs to go to “www.domain.com.”

If they enter non-secured domain, it needs to go to secured domain, www version. For example, If they enter “[login to view URL]”, it needs to go to “[login to view URL]”

So the end result should always be the secured domain, www version, in one hop.

I will not allow access to the server due to security reasons. The current code for the HT access is below. Please let me know if questions.

They ended up paying $60 for what should amount to a couple to a few lines of code being written. Which would take, conservatively, ten minutes to write and test. That is the sort of thing we do for no additional charge when doing other work, since it is so insubstantial.