Recently, you may have noticed or received complaints from your visitors that they aren’t able to access your links from Facebook on their mobile devices. You may have tried it yourself and gotten through without an issue.
This problem is very specific and seems to only be effecting certain people. While it appears random, there actually is logic behind what’s going on and things you can do to potentially minimize the impact
Characteristics of the Issue
First off, let’s define what’s going on.
- The impact is primarily with mobile users (though it can occur in almost any environment) and particularly with newer mobile devices. I’ve had it reported to me on the iPhone5 or Samsung Galaxy Tab.
- A person is trying to click a link that is posted on a timeline. When they do they get the following screen.
- When they click the Follow Link, they are finally able to get to the page.
- If they go directly to the page and not click the link from Facebook they get to the site fine without any issues.
- When you check your site through the Facebook debugger, nothing flagged as spam or came up as being wrong
Why is this happening and why so sporadic?
This actually isn’t as sporadic as you might suspect and the issue can be narrowed down. Why this is happening is because this link to your site is being flag as a “potential spammer”. I highlight the word potential here because if you check other resources you may not actually be a spammer. This error is coming up because of a particular safety measure to prevent some forms of spam… the Redirect Malicious Link.
You may be familiar with this type of spam but didn’t realize it before. The redirect malicious link is easier to understand as it relates to emails with those bogus links in them. They emulate a particular URL but when you click on it you actually get sent to another URL that could be harmful to your computer or device.
In order to safe guard against these types of spam attacks, different browsers and online sites have built into them fail-safes that prevent you from making too many “jumps” (or redirects) from the original url you clicked. The idea is to try to prevent your computer or device from accidentally landing on a website that could cause you harm.
Why does this happen in Facebook?
When you enter a link in Facebook, Facebook actually doesn’t just post the link itself. Instead Facebook sends all traffic through their internal redirect to strip the personal information you might send across (such as your userid which is within the URL). This is called link shim and has been around since 2008. Link shim also does additional checks for redirect malicious links and is what is throwing the error you see above onto the device. However, because of link shim, you are inadvertently taking an additional “redirect” step in process of getting to your link.
With newer mobile devices and because of the pervasiveness of these redirect spam links that might cause your mobile phone to sent text messages or dial numbers you hadn’t intended, newer phones have tightening down their security.
This increase in security coupled with the number of redirects presently on the website plus the Facebook redirect causes the error issue to crop up.
Huh? But, I’m not redirecting.
Okay, we’re going to get a bit techie here to bear with me but if you’re running a website today, you’re more than likely doing some sort of redirect. Here are some examples of “hidden” redirects which happen without you actually asking the website to do it:
- Permalinks or pretty URLS. If you’re showing anything like http://www.mysite.com/post_name rather than http://www.mysite.com/?p=1234 or anything that’s intelligent, you’re doing this through redirects.
- Subdomains. If you’re running anything on a subdomain, so http://blog.mysite.com, you are using the redirect to tell the server to send all traffic to a folder on your server (probably /blog) when they see that address.
- www.mysite.com vs mysite.com. There is a difference if you add the www in front of the URL or not. Depending on how you set things up, typing one or the other will trigger a redirect.
- Multiple sites on one account/server. Many of us run more than one site on an account. Whenever you do that you are using redirects to tell the browser where to go to get files. In addition, most of us are on shared environments, so the server guys have to do the same thing to get us to look at our pages and not some other customer’s.
- Mobile specific sites. If you’re using any programs to generate a true mobile site (vs just using responsive design to resize/adjust things), you may run into this problem. Some of these programs (not all) do the mobile site by actually redirecting traffic to another location.
- Cache programs. Certain caching programs work on the premise of “redirecting” visitors to a saved copy of the site rather than the live site itself.
These are just some of the more common ones I’ve seen. I’m sure there are other examples that can occur.
Should you be worried?
If this is happening to your site, you should absolutely be worried about it. Based on the error message, the phone is assuming you’re a spammer and trying to redirect this user to a malicious site.
To the uninitiated, they will get this error and simply click the back button or close the browser window. Most users assume this means the link isn’t reachable and won’t attempt. If they are really diligent (and there are very few visitors like this) they will try to copy the URL and paste it into a browser directly to get to your link.
That means you could be losing a lot of traffic!
Some people who have seen this issue on their sites have reported as drastic as 50% drops in traffic from mobile visitors.
How do I fix it?
Unfortunately, redirect issues are one of the hardest to track down and resolve. I’ve had several sites where I’ve literally had to just give up and start the site over on a new site. But before you get that desperate, there are some things you can look into.
What you’re looking to do is reduce as best you can the number of redirects you’re forcing the devices to go through. If you can get below the threshold, you may be able to get your site to appear.
- Try without a shortened URL. Some people like to use bit.ly or the like to shorten the URL so they don’t take up as many characters on the screen. These programs also help to track traffic from various sources. While they work wonderfully, in this situation they represent one more “redirect” and a possible item to eliminate in the mix.
- Check if you are using www or nothing. Each site is setup a bit differently. In WordPress, you do a lot of that setup under the Settings->General area. They key here is if your site uses http://www.mysite.com to identify itself, then make sure the link you use in Facebook also uses the www at the start when you post the link on Facebook to avoid at least 1 redirect.
- Remove anything unnecessary in your .htaccess. The .htaccess controls some of the redirects on your website. It’s a very powerful (and dangerous) file but if you know what you’re doing you can adjust it to reduce the number of redirects it’s trying to call. Having a clean .htaccess has so many benefits even beyond this issue.
- Redirect fix programs. If you’re on WordPress, there are a few (very few) redirect fix plugins available. While I’ve not had success using them personally, I have heard of situations where they reduced the number of redirects just enough to let people through again.
- Cloudflare or CDN sites. It sounds a bit counter-intuitive. What I’m to use yet another redirect to stop this redirect error? But I’ve seen situations where the way CDN compress the files and place them all on one site that it sometimes helps to cut down on the bogus redirects. So yes, you’re calling another redirect here but because it processes things so much quicker and most files will be in one location, sometimes… just sometimes… it can actually fix this issue.
- Turn off mobile views. If you’re running a custom mobile view of the site, try turning it off and seeing if that fixes it. If so, you may also be able to direct that mobile view to only work with certain types of browsers and exclude the newer phones. That way some of your users who aren’t impacted by this can still get the mobile version.
I hope this helps. There are still a lot of things we don’t know about this issue but these suggestions might lead you down the happy path of getting your links to work again.
Did you find another solution or have additional advise?
Please consider sharing below in the comments. I’m sure others will appreciate it! If I can help, please let me know at firstname.lastname@example.org