Re: STORE SPEED SCAM - SHOPIFY SPEED DO NOT MATCH LIGHTHOUSE SPEED - ATTENTION !!!

STORE SPEED SCAM - SHOPIFY SPEED DO NOT MATCH LIGHTHOUSE SPEED - ATTENTION !!!

nuova-idea
Explorer
46 0 20

Hi ALL,

first of al, you should know that Shopify stopped to use Lighthouse to calculate the speed score, this is why the sudden drop of speed score in Shopify in comparison with Lighthouse or GTmetrix. Shopify does not consider the Lighthouse speed anymore. This since around the beginning of August 2021.

Now the why: some developers do ZERO/NO work on performing your store, they ONLY add a hacking code that detect speed checkers. When it detect speed checkers, it serve an empty page, with no content. That's why your Lighthouse or GTmetrix speed score it is so high.

Now that Shopify stop linking its speed report with such speed checkers, the scam it become clear to all. Be aware, an high amount of developers were selling fake speed optimizations, using instead this quick hack to collect money from store owners.

The code contain such lines:

document.write / document.open and are inserted in the theme.liquid (use ctrl+g to locate them). If you find such lines, you been scammed. 

I suggest everyone who got this scam to reply to my post here and add the name or data of the developer to help others to do not fall in the same scam.

My scammer was hired on Fiverr: 

nuovaidea_0-1630641170725.jpeg

 

It is taking 2 weeks of work and lot of money to fix this issue. Cause it also damage how the store works. 

 

Please everyone, spread the voice as much as possible because Shopify still did not made any official statement on this, and many store owners have no idea at all about this.

Let's make sure those scammers get banned and get no more money from store owners.

 

Replies 53 (53)
vibrantbodymind
Tourist
6 0 2

Here's what I've done (and I am a not a technical person):
1. Ran a scan on Lightspeed (Google PageSpeed Insights) and noted all suggestions.
2. Googled each suggestion and checked what I can do. Some bits are easy to add even for non-programmer.
3. Replaced JPEGs with WEBP formatted images.
4. Got rid of lazy load.
5. Got rid of redundant Javascript (installed a paid plugin for that in Shopify, then discontinued after one month - still cheaper than hiring a scammy programmer)
6. In product descriptions, removed redundant bits of codes that creep in when you copy from Google Docs or elsewhere.
My speed at Shopify is 54-73%, 90-96% at Google Lightspeed. Not bothered by GTMetrix or whatever but I am sure it's consistent. Good luck!

NLanglois
Shopify Partner
10 1 5

Thanks for the feedback ! Which app did you use for removing de redundant javascript ?

broochiton
Excursionist
14 1 2

Thank you Nuova Idea

I just had one optimizing my website 

what are the steps to take in order to see if the hack codes are used or not ?

Thnk you 

_User5
Visitor
1 0 0

I also have just identified the same issue - unfortunately it has been this way for a few months... I thought I had missed this as I could not see the code on my website but it was hidden down...

 

Signs it might be an issue:

Pagespeed insights wont display the full page in the preview (things are missing). Failing the actual user data tests but not the ‘indication’ ones. I think the biggest red flag are maybe ones which say they can get your speed up ‘quickly’ - i followed the advice of people on this page and others before ordering asking about what sorts of steps would be done and they said they removed animations etc. from the page - yet they were very quick with their work and got this result..

 

The person I used was saida_seoexpert and I have even left them a good review (trying to see if i can change it to warn others though).

 

Search using Shopify theme File Search (https://chrome.google.com/webstore/detail/shopify-theme-file-search/mhchmhfecfdpaifljcfebnlaiaphfkmb...). This lets you search the whole theme as opposed to going one by one - only issue is it is in chrome so if you dont use that you will have to log into shopify on that.

 

I am unsure if I have managed to remove all the malicious code to be honest… but this is what I have done:

 

Search:

document.write

 

Remove the capture vendors and endcapture in the following:

 

quotes.liquid

 

{% capture vendors %}

{% endcapture %}<script>document.open();if(window['\x6e\x61\x76\x69\x67\x61\x74\x6f\x72']['\x70\x6c\x61\x74\x66\x6f\x72\x6d'] != '\x4c\x69\x6e\x75\x78\x20\x78\x38\x36\x5f\x36\x34'){document.write({{vendors | json}});}document.close();</script>

 

 

featured-product.liquid

{% capture vendors %}

{% endcapture %}<script>document.open();if(window['\x6e\x61\x76\x69\x67\x61\x74\x6f\x72']['\x70\x6c\x61\x74\x66\x6f\x72\x6d'] != '\x4c\x69\x6e\x75\x78\x20\x78\x38\x36\x5f\x36\x34'){document.write({{vendors | json}});}document.close();</script>

 

 

custom-html.liquid

 

{% capture vendors %}

{% endcapture %}<script>document.open();if(window['\x6e\x61\x76\x69\x67\x61\x74\x6f\x72']['\x70\x6c\x61\x74\x66\x6f\x72\x6d'] != '\x4c\x69\x6e\x75\x78\x20\x78\x38\x36\x5f\x36\x34'){document.write({{vendors | json}});}document.close();</script>

 

It is also on these two but am unsure if it is an issue there or not yet

tolstoy-carousel.liquid

tolstoy-stories.liquid