Today it was supposed to be a great day for our WordPress AB / Split Testing service but thanks to Google, it has end up being a nightmare (well, at least nobody died though a couple of us almost had a heart attack in the process). We’ve decided to explain all details of what happened to: 1 – Assure visitors that our website is (and always has been) safe to visit (and subscribe) and 2 – Let other companies know the bizarre things that can happen during a (pre)launch day becuase you´re never prepared enough.
So this is the chronology of the facts:
- To get some traction for our beta program we decided to contact Jeff from WPTavern and ask him if he could cover our service as a kind of prelaunch announcement. We chose him because of his reputation in the WordPress community and were sure a mention of our service in his site would make some waves (Jeff already covered a couple of years ago our other WordPress service MigrateToWP and that post has been a good source of visitors for us ever since).
- Yesterday Jeff told me the short interview I had done with him describing the service was up online. It was already quite late (in my CET – Central European time), so I just forwarded the info to my co-founders and went to bed.
- I woke up early today and first thing I did was to check mailchimp to see how many people had joined the beta thanks to Jeff´s post. Strange, only 4 people had joined. I start to think something is going on
- I check the email and I see a message from Sumobi saying “Just a heads up in case you are unaware. When I tried to visit your website, google chrome blocked it with their malware detected page. Might stop a lot of people signing up to your mailing list :)”. WHAT?????? This is impossible!!! A quick visit to the announcement post confirms it, several people are complaining: “Visiting this page now is very likely to infect your computer with malware.” , “I got the same warning. Wonder what’s going on there.”. Not exaclty the kind of feedback we were expecting.
- Google WebMaster tools says that the site is clean. So Google is contradicting itself. It flags the site as malware to our visitors but to us, the owners, it says that everything is ok. Very helpful, thanks!
- None of us is able to get this warning when visiting the site ourselves, it seems that only some people see it, making even more difficult for us to trace the source of the problem. Thanks to the info we get from our visitors we are able to detect that the problem is a couple of links to the demo site of the WordPress theme we bought for the site.
- After contacting the theme shop we immediately get the following explanation: Google had blacklisted our demo site earlier today as the result of a false alarm. Google has since removed that blacklist entry and the message should have disappeared. If the message was displayed on a client’s site it is likely that they hot-linked an image somewhere on their site that was hosted on demos.shapingrain.com. I could not find any links anywhere on either that blog or the final site, but that warning message would even appear if Google suspected content on a site that was linked via 3 or more levels on a remove site (if you link to a site, that links to another site, which links to demos.shapingrain.com) — so it might have been an avatar or something similar. It is even possible that the mention of shapingrain.com in the theme’s stylesheet could have triggered that, depending on the browser and whether or not additional anti-virus software was used, since some users saw the message and some did not. Again, there was no actual threat or malware posted anywhere and Google has reacted quickly and removed the blacklist entry. I apologize for any inconvenience and hope to have answered your questions. If you have any follow-up questions, please feel free to get back in touch and I would be happy to answer those as well.
- (In theory) this closes the problem.
So, to sum up, everything was just a misunderstanding between the theme shop and Google. And we were just unlucky this happened the day we were doing a first big announcement. Well, thanks Google for screwing us up
You can argue that Google needs to protect internet users but Google should also protect the businesses which in the end is who make Google rich. It doesn´t make sense that it decides to block my site without alerting me at the same time (otherwise, what’s the point of Google Webmaster tools?). And really, I believe Google algorithms can do better than this. All the other malware scanning tools we tested this morning said our site was clean so why Google can’t be smart enough to see it as well? I bet to say it’s just because for them a false positive (flagging a site as malware when it’s not) is not a problem at all. It’s not them that suffer the consequences but us. And unfortunately, “When Google sneezes our businesss catch a cold, if not something worse”. So please, Google, if you read this be more business-friendly the next time. Do not assume that you are the only ones that follow the “Don’t be evil” motto.