5 Popular Web Hosting Companies Vulnerable to Simple Takeover Hacks

Security vulnerabilities are nothing new when it comes to tech. Every day, we are increasingly and often unknowingly putting ourselves at risk for digital intruders. Doorbells, hot tubs, baby monitors, Facebook, Google+ and yes, website hosting companies to name a few. The consequences include potential access to your accounts, sensitive information, or worse.

A recent report by Paulos Yibelo, an experienced security researcher, found that five popular web hosting companies were easily hacked by one or more means:

  1. Bluehost
  2. Dreamhost
  3. HostGator
  4. OVH
  5. iPage

Paulos identified dozens of bugs that vary in severity and allow hackers access to sensitive information, full account takeovers or both.

Given the importance of security, it’s worth noting that the article says the vulnerabilities have been fixed. That said, it may be time to invest in a higher quality hosting company, especially if you use a popular content management system (CMS) like WordPress.

Leaving WordPress Drops Traffic by 44% (and Tangentially, Why Mockingbird is Awesome)

Sometimes our clients leave us. And it always makes me sad…especially when they move to a different provider, who insists on them paying for an “updated” website and locking them in for a multi year contract. Especially, when they were already on a very good, well built WordPress site. But it’s even worse, when this website redesign underperforms.  Immediately and drastically. Our ex client, experienced this as a 44% decrease in website traffic that rolled out immediately after her new site launched. No new content, no changes in backlink profile, no changes to her local tactics or platform. Just a new website on a vendor’s proprietary platform, that frankly can’t compete with her, ahem, “old” (and in this case, the site was about 4 years old) WordPress site.

In the off chance that this was a random change in tracking infrastructure, we further validated the data above in Google Search Console – the results mirror the significant drop in search traffic – 44% in fact – once the law firm migrated away from WordPress.

Take this as yet another example of the value of a well coded WordPress website, which intrinsically outperforms proprietary platforms.

Now, not all WordPress sites are created equal – in fact many of the widely available and utilized templates are extremely poorly coded from an SEO perspective. (This is the part where I tangentially brag about our developers’ collective coding prowess.) And not all WordPress sites are fast – great hosting (in our case, WPEngine) is important – efficient code is important – expertly compressed imagery is important. In our case, we tend to obsess over those things. Now our ex client is seeing a 44% drop in her website traffic.  And because she is heavily dependent on the web for client development, presumably a 44% decrease in business. And it’s a real shame if she’s locked in for a multi-year commitment. I’m not saying you have to work with us – just be aware that platform matters. I apologize if this comes across as bitter…and yes, there’s a little bitter taste in my mouth…but I hope you can avoid the same mistakes she made, even if it’s not with Mockingbird.

SEO Disaster: “This Site May Be Hacked”

Oh….. its so bad when a site gets hacked.  Check out what people looking on Google for attorney Steve Boyd see:

Note that under the listing for the website there’s a Google warning:  “This site may be hacked.” This is Google’s attempt to protect users from sites that may unwittingly download malware or aren’t what they really purport to be.  WordPress is a notoriously common target for hacks due to its ubiquity.  Here’s a close up of that Google warning:

Further – it’s highly unlikely that Google will send anyone to any other pages on the site…. most likely, the only results you will get are for that flagrant brand queries.  And this is because the site has over 12,000 indexed pages, mostly in Japanese, peddling everything from Nike sneakers to Patagonia jackets.

But wait – there’s more! Go back to that original result and let your eyes land on the pictures to the right in the Knowledge Graph….. looks like not only Steve’s site was hacked, but someone also took the time to upload some new pictures for his office.  Either that, or Steve really likes galavanting in one-size-too-small football pants after taking a dip in the ocean and completing his morning’s 1,000th sit-up.

What to Do?

First off – don’t let this scare you away from WordPress – it is still the one and only website platform you should use.  But…

  1. Update it regularly.
  2. Host it on a Managed WordPress provider.  We recommend WPEngine – read more: Our Love Affair with WPEngine.
  3. Check results for brand searches regularly.
  4. Claim your Google My Business result.
  5. Monitor your site in Google Search Console.

And Steve – if you are reading this…. my apologies (or admiration if that is really you).

Squarespace vs WordPress for your Law Firm Website

Although it’s been around for a while, we’ve been hearing more and more about Squarespace lately. While it could be a great option for a portfolio or personal website, the real question is: can you use Squarespace for a law firm website?

Pros of Using Squarespace

  • Low cost – Squarespace websites run between $8 and $18 a month. For comparisons sake, using WordPress and hosting on WPEngine (which we recommend), runs $29/month. Although that extra $10 provides daily automatic backups and increased security measures, it’s still more expensive.
Squarespace Pricing
  • Ease of use – For some one with minimal tech experience, Squarespace is very user-friendly. It’s designed well and uses a drag and drop page builder, which allows you to see your changes in real time. WordPress, while still fairly intuitive, comes with a lot more bells and whistles.
  • Mobile responsive – While it’s not uncommon for site builders to be mobile friendly, it’s important. All Squarespace sites work on computer monitors, phones, and all devices in between. WordPress is also mobile friendly, but it’s theme/developer depenedent.

Cons of Using Squarespace

  • Lack of customizability – Squarespace pales in comparison to WordPress in terms of customizability, in both functionality and design. Do you need a multilingual site? Want randomized blog posts in your footer? Have a vision in mind of exactly how you want your site to look? Squarespace won’t work for you.
  • SEO limitations – Squarespace makes SEO basics possible, but certainly not easy. Titles and meta descriptions indicated as “optional.” URL redirects, absolutely vital if you ever do any site restructuring, are hidden in Advanced settings. In WordPress, using a plugin like SEO Yoast makes SEO basics easy.


  • Proprietary – Unlike WordPress, which is open source, Squarespace is a proprietary system. While this might not cause problems short-term, it could mean trouble down the road. For example, only Squarespace developers can create tools for their websites or help you if something goes wrong.
  • Image focused – While for some this may be a plus (think wedding photographers and chefs), this can be a limitation for the legal industry. Many law firms lack high quality images that represent their firm.

Should You Use Squarespace for Your Law Firm Website?

My final verdict? Squarespace isn’t a bad option, especially if you’re on a shoestring budget and have a couple free hours on a Tuesday night to build it yourself. You could do worse. But you could also do much, much better.

Assuming time and money negligible, a custom WordPress site will always be your best bet. It will allow you to do everything you want to do and differentiate you from your competitors. For more information, you can read up on our website build process here.

If a custom WordPress site isn’t in the cards for you this year, you may be a good fit for Echo. Echo is our alternative to Squarespace and other website builders. It’s a legal-specific templated site that gives you the SEO benefits of a custom WordPress site and the low cost simplicity of Squarespace. If you want to learn more about Echo, you can do so here.

If you are going to use Squarespace, here are a few parting nuggets of wisdom:

  • Utilize their 14 day free trial without changing anything on your current site to see how it works for you. Make sure you no index your site during this time so it can’t be found by search engines.
  • Purchase a new domain or link your existing firm domain (use lawfirm.com vs lawfirm.squarespace.com).
  • Utilize the Google Analytics integration. Squarespace provides their own proprietary analytics in your site dashboard, but should you ever move away from Squarespace, you would no longer have access to it. You are nothing without data

Have more questions? Need advice? Give us a call.

What to do When FindLaw Pulls the Plug on Your Website

Want to see the world’s ugliest law firm website?

404 Coffman

That’s what Kendall Coffman’s FindLaw website looked like on Tuesday.  What follows demonstrates how Kendall was able to get his site (admittedly stripped down) back up and running with 21 hours.

1:27 PM Tuesday

I receive an email from Kendall.

I have been in a dispute with Findlaw for several months now, and Findlaw has decided to “take down” my website.  My site was www.sanmateobankruptcylawyer.com, and if you go there, you will see nothing except maybe error messages.

2:02 PM Phone Call

I give Kendall a call – what follows are my notes from the call:

Kendall is locked in to a long term contract with FindLaw after moving his website from a self made 1&1 website. He’s become increasingly concerned over the decline in performance of his FindLaw site – and has been in an ongoing dispute over the fees he’s being charged and the site’s underperformance. Now I think that part of Kendall’s problem is entirely exogenous to FindLaw – as the real estate market and economy have picked up, the demand for his specific practice area has declined. But, Kendall is concerned that his site was hit by Panda 2.4 in September 2011, but unfortunately FindLaw hasn’t installed Google analytics on his site – despite his bringing up the issue – so this is just conjecture at this point.  He’s also concerned the backlink package he purchased from FindLaw has resulted in low quality links which may be impacting the site negatively.  However, it seems that FindLaw has viewed his inquiries about his site’s lagging performance as an upsell opportunity.

“When I ask for help, Findlaw tries to sell me something to cause my bill to go up.”

We go over the services Kendall is receiving.

His monthly bill is $1,519.44 and includes FindLaw Premium Profile ($59.40), FindLaw Firmsite 333 C Website Package ($628.95), Findlaw FS Web Advantage Starter Plus ($348.36). At one point he was sold on blogging and added FindLaw Post Plus Firmsite and FindLaw Blog Service Starter FS ($433.60 for 2 blogs a month).

So after ongoing billing and performance conversations, without any warning, FindLaw pulled the plug on Kendall’s website. (Note that it is particularly dangerous from an SEO perspective to do this as search engines are particularly loath to send traffic to an empty, broken, dead, error page.)

2:31 PM Pull the Fire Alarm

Occasionally at the agency, we “pull the fire alarm” – essentially everyone drops everything and jumps on a project where time is of the essence.  We’ve done this in the past, when a client’s host went AWOL, we’ve done it in response to news events in the mass torts space and yesterday we pulled the fire alarm for Kendall.  The goal was very simple: get a placeholder site up as quickly as possible.  Instructions to the team:

FindLaw has pulled Kendall’s current website and it is currently returning an error. The site, unfortunately is registered to 1&1. Our immediate goal is to get a barebones website back up and running.  We’re going to launch a very simple, scaled down version TOMORROW.  On our plate: build out a  5-6 page WordPress website from existing template; hosted on WPEngine.  Redirect old pages (there are 93) to homepage.  We think Kendall does NOT own any of the content, so he is going to have to rewrite it within our shell – we’ll need to provide him with the WordPress Guide.  Kendall is sending us information on his 1&1 logins.  We do NOT think there is an existing GA account – so should probably set that up as well.

3:46 Infrastructure

Kendall sends us log-ins to 1&1 – to which his domain is registered.  Fortunately 1&1 makes it easy for us to access these records.  (Note: good thing Kendal had an initial site through 1&1 – while he doesn’t technically own his domain – a big no no – 1&1 has made it easy enough for him to control what goes on that domain. His worst case would be if his vendor actually registered the domain and owned it – which has been known to happen.)

5:25 PM Creative Done

Mockingbird Design and Development used a preferred WordPress Theme and applied an existing basic design template. Utilizing the Wayback machine they were able to view Kendall’s FindLaw site (prior to the plug being pulled) and reviewed the general layout, imagery, content map, color schemes, logo and vital content like address, phone numbers etc.

Instructions emailed to Kendall along with the site and log-ins.

I would also suggest not to edit anything if you are not sure what that edit will do. With that said, I have set up some basic menus and pages for you to see how WordPress works. Attached is a basic WordPress Editing guide. This should help you create and edit pages.
Good luck!

Below are the old and new sites.   I might be a little biased but I think the new one looks just a little better.

Kendall’s New Site:

Kendall's New WordPress Site Kendall’s New WordPress Site 

Kendall’s FindLaw Site

Kendall's FindLaw site Kendall’s FindLaw site

11:36 PM Content Loaded

Kendall has written and uploaded content into the site and sends a few requests:
  1. Replace the FindLaw tracking phone numbers with his primary number.
  2. Add a Better Business Bureau badge
  3. Change the email address on the contact form on the site.
  4. Add ApexChat functionality.

9:31 AM Wednesday

Mockingbird Design & Development completes requested changes and modifies 1&1 registrar records to point to our WP Engine hosting solution.

10:11 Site Live

21 hours after Kendall discovered that FindLaw had pulled the plug on his website – he’s back up and running. You can now see it here: site. Its admittedly a stripped down version from a content perspective; but professional, functional (responsive) and much better looking than a 404. A few search queries and it looks like the downtime hasn’t decimated his search engine performance.  Over the next hour, we finish the process of redirecting the old URL’s.

Now, because the site is built on the ubiquitous and easy to use WordPress platform, Kendall can add much of the content himself without being beholden to a vendor’s proprietary platform. And if he wants further help on it, he can contract with one of the tens of thousands of professionals who work on WordPress throughout the US.


I started working directly with law firms precisely because I hated seeing small businesses going through these types of horrendous experiences. This may be naively idealistic and my MBA brethren would certainly scoff, but I’d rather foot a client’s hosting bill than deliberately hurt their business by leaving them naked and flapping in the online wind.  (Granted our hosting is only $29 monthly, but I digress.)

If you are concerned about your own FindLaw site, download the FindLaw Jailbreak Guide to carefully plan your escape.

Website Refresh

We’ve finally completed a long overdue look and feel update to the website.  Like the barefoot cobbler’s children, we’ve been in need of a website redesign for some time now.  We’re also very proprietary about our client list and now, finally have a good site (our own) to reference.

And we eat our own dogfood adhering to guidelines from the Best Practices for Law Firm Websites post:

  • The primary job of a website is to make the phone ring – check out the cool custom persistent header that maintains the phone number when scrolling.
  • Built on easy to use (and easy to transfer) WordPress creating a custom look with limited incremental expense and automatically responsive.
  •  Hosted on managed wordpress provider WPEngine – more expensive at $29 monthly, but thoroughly worth it.
  • Yoast plug-in configured, GA-Code transferred.
  • Legacy URL’s checked and redirects installed where necessary.

And how much should these cost?  Had we billed our new site to a client – it would have come in at just under $4,500 – keep that in mind every month writing that $1,000 check for your website.

Super Sunday Sweepstakes

Super Sunday Sweepstakes

Win Free Law Firm Website Hosting for the Rest of the Year

Here at Mockingbird Headquarters, the 12th man is in full swing ready for this Sunday’s game.  And yes – we’re going to tie online legal marketing to the Big Game.

So – to the winning city of this Sunday’s NFL match go the geeky spoils:  10 Law Firms receive free hosting for the rest of the year on the best of breed WPEngine.

Seattle vs. New England

Personally, these are my two favorite teams – as a Seattle resident and Sherman fan, I have to support the Legion of Boom.  BUT.  I was a grad student at Michigan when Brady played (granted Lloyd Carr sat him during his senior year – a precursor of 15 years of Michigan coaching errors, but I digress . . . )  My in-laws live in West Barnstable, I attended Colby and my first post-college job was in Worcester – essentially, I’m a New Englander at heart.

And . . .

We promise to refrain from utilizing phrases like “we’re deflated” or “pumped up” to needle (oh sorry) my Boston brethren.

Why Are We Doing This?

We love the Seahawks and the Patriots (at least I do).  Despite running marketing for 50 law firms across the country and a strong relationship with the your amazing LOMAP office, our footprint in New England is underrepresented.

Our Love Affair with WPEngine

WPEngine is a best of breed hosting provider – we’ve written ad nauseum about their awesomeness.  Here are the CliffNotes:

  • Sites hosted on WPEngine are lightening fast.
  • They have amazing customer service
  • They specialize exclusively in WordPress.
  • They backup your site daily – reducing the downside of WordPress hacks.
  • They are based in Austin, TX – Seattle’s hot weather doppelganger.

“Wait – WPEngine costs $29 a month, That’s expensive!”

Yes – $29 is more than 3 times normal hosting costs, but the downside of a bad host is considerable – see list above.

“Wait – WPEngine costs $29 a month?  That’s a steal!”

No – you must be a customer of one of those website providers who fleece their customers to the tune of $750+ a month.  Hope you aren’t on their proprietary platform too.

Enter Now

Error: Contact form not found.

The Fine Print

Entry Dates:

Entry starting at noon on Monday, January 26, 2015.  Entries must be received by Saturday, January 31st, at 5:00 pm EST.

No Purchase Necessary

No Purchase Necessary.

Prize Description

Prize includes website hosting on WPEngine from February 2015 through December 31, 2015.

There are ten prizes total.

Prize Value of each prize is approximately $618 for both hosting (11 months at $29) and site migration (one time fee of $299).

Winners must have an existing website built on the WordPress platform OR build a new WordPress site.  This prize does NOT include the design, development or configuration of a new website.  This prize does NOT include the upgrade, migration or change of any non-WordPress site onto the WordPress platform. Migration of existing websites will be performed by WeMoveWP – and will be completed by the end of February. WeMoveWP is solely responsible for website migrations.

Winners are responsible for website hosting on January 1, 2016 – and available prepaid monthly at a retail rate of $29 if they select to stay on WPEngine.  Migration away from WPEngine is NOT included in this Prize.

Winners will be selected randomly from the winning location; one from each of the following Practice Areas.

  • Personal Injury
  • Divorce/Family
  • DUI
  • Criminal Defense
  • Immigration
  • Bankruptcy/Debt/Foreclosure
  • Tax
  • Estate Planning
  • Real Estate
  • Other

If there are no entries in a particular Practice Area an alternative winner will be selected in an additional Practice Area.

Winners will be contacted via phone and email by Tuesday, February 3rd, 2015.


This sweepstakes is only open to law firms with physical headquarters in Connecticut, Massachusetts, New Hampshire, Vermont, Washington and Maine. One entry per law firm. All entries must include a domain currently owned by the law firm.

Entry Requirements

Enter at Mockingbird.Marketing.com/super-sunday-sweepstakes.  Entrants are required to provide: Firm Name, Contact Name, Phone Number, Email Address, primary Practice Area and existing domain owned by the firm.

Speed Doesn’t Kill (a.k.a. our love affair with WPEngine)

There are many ways to radically improve site speed, but the simplest is often to change hosts. Take Client X, for example. Before our engagement, their website was on a host that technically did it’s job by keeping the website online, but left a lot to be desired in terms of site speed.  We recommended they make the switch to our favorite host, WP Engine. They agreed, and we saw a drastic improvement in their site speed.

According to pingdom, the average load time went from ~6.29 seconds to ~1.2 seconds. Not perfect, but quite literally 5x faster than the site was on it’s previous host.

speed kills

WP Engine credits their remarkable site speed to their proprietary EverCache system – their “secret sauce” that makes their websites perform. We’re also fans of their speedy servers, expertise on how to optimize for wordpress performance, and stellar customer support. As an added bonus, they “automatically scan for, and fix, hacking attempts” to your website. Last but not least, they automatically backup their sites on a daily basis, which has been a lifesaver more times than we can count.

Granted, WP Engine is slightly more expensive than other hosts, but at $29/month it’s not exactly breaking the bank. Plus it’s completely worth it. As you may recall, Google takes site speed into account when determining rankings. Switching to WP Engine -> faster website -> better rankings -> more traffic to your website -> more phone calls -> more clients.

And did we mention automatic backups?

And if you’d like some help with the transition . . . we’d be happy to lend a hand . . . between Mockingbird and WP Engine the only thing you’ll notice is your site’s new lightening fast load speeds.  And while we are talking about hosting . . . if your provider charges you a penny more than $29 monthly to host your website, you have been taken to the cleaners.

P.S. In our humble opinion, the best customer support person working at WP Engine is Michael Anthony. He’s awesome. Seriously, somebody give that guy a raise.

WordPress Hacked: A case for a Managed WordPress Host

We push WordPress as the only acceptable platform for legal websites.  There is a downside: WordPress’s ease of use has led to widespread adoption.  And with popularity comes hacking.  WordPress is notorious as a target for hacks.  A hacked WordPress site is quickly rendered almost invisible (with the exception of highly branded queries) to search engines as they proactively steer users away from a sites that are out of the site owner’s control.

Here’s an example for the branded query “sostrin law office”:

Hacked WordPress warning

“This site may be hacked.”

This warning is the kiss of SEO death for a site.  In fact, searches for “criminal defense los angeles” didn’t return this site within the first 100 results, even after I had visited it.  Its a good looking site, with good content but I suspect is utterly invisible to search traffic.


We’ve had one client who came to us with a hacked WordPress site – their search traffic had essentially flatlined, the phone stopped ringing and their PPC spend had exploded by 300% as even branded search queries weren’t returning their site, so existing customers were clicking on their PPC campaign just to get the phone number.  Disaster.  For this firm, we were utterly unable remove the malicious code after three different attempts and were forced to rebuild their site entirely from scratch.  

The Answer: Managed WordPress Hosting

There are a few hosting companies that have sprung up to help site owners minimize the hacking risks of using WordPress – this is called Managed WordPress Hosting.  In short – this is the process of a)automating frequent backups b)automating updates to the most current WordPress version and c)eliminating WordPress plug-ins that are vulnerable to hacks. We use WP Engine and they also happen to offer stupendous customer service. While more mainstream hosting providers have started offering Managed WordPress hosting, I’d strongly recommend working with a company that focuses exclusively on the platform – Pressable (formerly ZippyKids) also has a strong reputation.

Managed WordPress is More Expensive

With basic plans coming in around $30 a month (at least 300% more than standard mass hosting solutions), Managed WordPress hosting is more expensive. But this is one situation where you get what you pay for – I’m pretty sure Sostrin Law Offices would be happy to increase their hosting budget right now.