In another issue, We’ve recommended that you should be running HTTPS, to protect your visitor’s interactions with you, and also to improve your ranking in Google search. That’s still good advice. However, HTTPS introduces some other complexities. One of them is the need to rely on a third party to issue the certificate that’s essential to running HTTPS on your site. And what if that third party messes up? We’re now learning what happens!
There have been multiple incidents of Symantec not following accepted industry procedures in the issuance of certificates. Symantec is one of the largest issuers of certificates, so it tool a company the size of Google to stand up to them. Symantec and other brands they own, listed in the title above, have been judged by Google to be not completely reliable. So Google has established a time frame for ending Chrome’s support for these certificates.
What are the consequences of continuing to use these certificates as Google ends support for them? Your visitors will see a security alert like the one at the top of the page. That’s not what you want them to see!
There’s a good discussion of this issue in the WordFence blog, along with links to find the time-tables for nonrecognition of various certificates.
The Bottom Line
Check to see whether your site is using a certificate from Symantec or a Symantec company. If it is, make a change now. If you’re using Dave’s Super Hosting Service, don’t worry, we don’t use Symantec certificates.
HTTPS is the secure version of the HTTP (hypertext transfer protocol) that our browsers use to access Web sites, that your visitors use to access your own Web site. HTTPS protects communications between the client program that your visitor uses and your Web server, so that eavesdroppers can’t listen in, no one can tamper with data that’s transmitted, and your Web site data can’t be forged. HTTPS allows your visitors to visit your site in privacy.
It’s growing in importance, and it’s time for you to adopt it, if you haven’t already, both because you owe it to your visitors and because not adopting it will impede your efforts to use the Web to promote your business.
Adopting HTTPS, which uses the SSL (secure sockets layer) protocol to communicate, so that it’s called either HTTPS or SSL, today will put you somewhat ahead of the crowd, except for financial systems and medical systems, which have widely adopted HTTPS. However, HTTPS adoption grew by 80% last year, so its time has arrived. Mozilla has reported that more than half of pages visited by Firefox now use HTTPS:
This doesn’t mean that half of all sites now use HTTPS; far from it, in fact. This result is strongly skewed by the use of HTTPS for financial and shopping sites and by Google, which all together carry a significant portion of all Web traffic.
How to Convert
The mechanics of conversion have become less onerous now that there are low-cost certificates available, that are required for implementing HTTPS. Most Web hosting companies can help out with the implementation; it no longer needs to be expensive or difficult to convert to HTTPS. You’ll notice that my own site now uses HTTPS.
The method of conversion depends on how your hosting service is implemented and the technology that dellivers your site, so a discussion of that here wouldn’t be of much value. Just understand that the technical work to be done is not difficult and shouldn’t be costly.
Why Convert? Here Are Five Reasons
1. Protect your visitors’ privacy
Your visitors deserve to be able to visit your site in privacy. In these days of ever-intrusive commercial data collection, HTTPS helps your visitors keep their private activity on the Web private. Outside the US, of course, a visitor can fear exposure to the state of his Web activity. HTTPS is a way of respecting our visitors.
2. Search engine ranking
Google has announced that the use of HTTPS is a ranking factor in your position in search engine results. This can be viewed as a carrot–Google is offering better placement in search engine results for use of HTTPS, or as a stick–use HTTPS or suffer a penalty. But however you see it, it’s real, and there are benefits to you from adopting HTTPS.
3. Browsers will mark HTTP as insecure
Today, browsers typically show a small lock next to the URL when HTTPS is used. However, both Firefox and Chrome are preparing to mark HTTP sites as dubious at first, and then as insecure. This is not something you want shown to your visitors!
Finally, in 2015, the successor to HTTP/1 has been adopted, and HTTP/2 has many improvements, especially in performance. For compatibility reasons, browsers will support HTTP/2 only over HTTPS. If you want to benefit from the evolution of the Web, particularly performance improvement when delivering data-heavy sites, you need to adopt HTTPS.
5. iOS and Android compatibility
iOS 9 has a strict requirement for HTTPS, and Andrioid M has a less strict but still real requirement. If you intend to deliver content to iOS and Android smartphones, in the future you’ll have to use HTTPS, so changing now makes sense.
Dave’s Super Hosting Service
If you’re using Dave’s Super Hosting Service, don’t be concerned. All the sites are being converted to HTTPS, using my own site as a test vehicle.
The Bottom Line
The first reason given, which is respect for the privacy of your visitors in this era of unprecedented snooping on all of us, is reason enough. But if you add the second and then third reasons, it’s clear that you need to get on with it and adopt HTTPS if you haven’t already.
Private IP Address: The Gold Standard in Hosting. Or Is It?
Recently I was looking for specialized Web hosting services, and when I asked at one company if their price included private IP addresses, the response I got was that “there is no benefit at all from having a private IP address, so why would you want one?” For a long time, a private IP address has been the standard for high-quality Web hosting, and it’s still promoted as such by many hosting companies. In this post, I review the reasons in favor of having a private IP address, and give you a concrete best-practice recommendation that can save you money while not subjecting you to SEO or other risk.
What Is a Private IP Address?
An IP address is a 32-bit number that identifies an interface to the Internet. Every connection to the Internet has a unique IP address; routers on the Internet use these addresses to forward information back and forth between machines on the Internet that communicate.
Your Web site is a collection of files that are delivered in response to requests that arrive over the Internet by a program called a Web server. That server program runs in a computer that’s attached to the Internet, that has an IP address. The server can be set up so that a number of Web sites share a single IP address, so that the server distributes information based on the domain name. It can also be set up so that each site has its own IP address, and the server distributes information from one site or another based on the IP address it is given.
A site hosted at a shared IP address is not necessarily slower to load than a site with a dedicated IP address. It’s true that the Web server for the shared IP address has one more step to perform when delivering pages, but that step happens so fast that it’s not a significant factor in the load time of your site. The important determinants of load time for your site are the total capacity of the computer hosting all the sites and the number of sites it hosts (with either shared or dedicated IP addresses), the computing demands placed by the sites, and the limits on computer resources placed by the hosting providers. Note that the reason $5 a month hosting is available is because that comes with low limits on resources used by the site.
What Are Potential Google Problems?
The Web server works just the same in either case. The questions about private IP addresses revolve around what actors other than the Web server might do in various circumstances. For example, suppose one of the sites hosted on an IP address is penalized by Google for something that Google doesn’t like. Suppose this is something extreme such as buying incoming links. Will Google penalize all the sites that use the same IP address?
Matt Cutts, who is still in charge of the ranking effort at Google, told us back in 2010 that Google treats sites on shared hosting the same way as sites with a dedicated IP address. Here’s a video with Matt Cutts explaining the situation.
From what he says, you don’t want to share an IP address with thousands of spammy sites, but under normal conditions, using shared hosting will not get you into trouble with Google.
Google tends to do its ranking based on domain names and not IP addresses, so their first intent will be to not be influenced by other sites at the same IP address, except in extreme situations. You need to be protected against those situations, but that doesn’t mean that you need a dedicated IP address because of Google.
What Are Other Potential Problems?
While Google doesn’t classify based on IP address, there other services on the Internet that do. Very much so in all the services associated with email. Estimates are that as much as 86% of all email is spam, as many as 400 billion spam emails per day. Because of this volume, email providers are under pressure from their customers to control spam email. . There are active exchanges of email addresses and IP addresses that are identified as distributing spam email. If your IP address ever gets put on one of those lists, even if the spam isn’t from you, you’ll have a significant amount of work to do proving that you’re legitimate, possibly to several different organizations.
During that time, your email or your customers’ email is blocked from delivery! Imagine the impact on customers if they can’t get or send email because of a spam blocking problem. This problem can damage the reputation of a company and make customers less interested in doing business with them.
First, check to see whether your site has a dedicated IP address. You can find out by clicking here and entering your URL. While you’re at it, you can see how big companies manage their IP addresses.
It’s interesting to use the tool to get a sense of IP address management of other organizations. Look up gm.com and you’ll see that this IP address has the home sites for GM’s major brands, a logical approach. That IP address is shared by XX domains. If you look up ge.com, you’ll see less discipline–their IP address is shared by more than 1,000 domains, many of which do not appear to be associated with GE. It appears that GE simply bought inexpensive hosting service, without addressing the IP address question. Another interesting domain to check is ibm.com–you’ll see that it shares an IP address with amazon.com.
If your firm has multiple Web sites, it’s OK for them to share a common IP address, presuming that your firm has control over what’s done with those domain names and the associated email behavior.
A Caution About Email
My friend Tim Brady makes the interesting observation that a dediated IP address for Web hosting does not guarantee you a dedicated IP address for email! That is, you could pay extra for a dedicated IP address for your site, thinking that you were protected against the actions of others, only to find that your email is being shepherded through mass servers with many domains sharing an IP address for their email.
If you decide that you want a dedicate IP address, be sure to clarify with your hosting provider vendor that your email will be sent from your dedicated IP address. Another approach is to have your company’s email processed by Google, whose gmail service is economical and very dependable.
The Bottom Line
Use a dedicated IP address for your company’s sites. The market value for a dedicated IP address is about $5 a month; you can afford it. The cost is a lot less than the direct and indirect costs of having your IP address blacklisted.
As an alternative, you can use Dave’s Super Hosting Service, which offers high performance, dedicated IP addresses, frequent backup to the AWS Cloud and special security protections.
We’ve all seen ads for inexpensive Web hosting. It’s even advertised during the Super Bowl! You can get your site hosted for $1 a month. Or even 99 cents a month! What can be easier? Should you use these cheap services? This issue digs into the issues of cheap hosting providers, based on actual experience.
We see cheap hosting services advertised on the Super Bowl. This tells us that lots of people are buying them, and also that they must be quite profitable for the vendors, since they can afford the huge cost of Super Bowl commercials.
We’re talking here about the difference between hosting that might cost, say $6 a month, compared to first-class hosting that you can get for about $20 a month. So the cost difference isn’t great. Does it matter? Is it OK to go cheap on this?
Why So Cheap?
Why is it that companies can charge so little for Web hosting? It’s easy to pay $30 a month for hosting service. How then can some companies sell it for $1? Or $3? Or $6? The answer, as usual, is that the service isn’t the same as the $30 product. I’ve seen three primary areas where the vendors cut costs:
• resource limitations are placed on these sites, particularly cpu time they can use and RAM that they can use to service requests;
• multiple sites may share an IP address; and
• customer support may be limited.
On one occasion I moved a site from a moderately-priced hosting service at a big company to my own hosting service, that’s more expensive but doesn’t put stringent limits on CPU and RAM resources, and the same site, with no changes, loaded twice as fast on a better hosting service.
We all know that speed to load is a factor that Google considers in assigning page rank in search results. Why? Because they’d like to point their customers–searchers–to pages that provide good experience by loading fast. So although loading speed is influenced by many factors, particularly site design,
If your site is hosted on a quality service, not only Google but your visitors will have a better experience when they visit your site.
In a more recent experience, a client was paying $16 a month for hosting service from one of the big companies. When I ran a WordFence security scan of his site to find malicious software, the memory limitations imposed by the hosting service kept the scan from completing. As it turns out, there was malware that was not being detected by the prematurely terminated scans; when the site was moved to a quality hosting service, the malware scan ran to completion, detecting and correcting the problems that went unfixed previously.
Shared IP Address
The very cheapest hosting services will have your site sharing an IP address with another site. Google tells us that a shared IP address will not, by itself, hurt your position in their search results. However, if your site shares an IP address with another site that gets infected with malware, then that IP address may be classified as one containing malware and suffer in search engine rankings. Similarly, if the other site sharing your IP address either deliberately or through malware sends out spam, your IP address may be identified as a source of spam, so that your emails aren’t accepted by many email servers.
A shared IP address saves money, but it’s a bad idea.
The big companies have various ways to limit service. One of them doesn’t provide telephone service at all–you send them an email. If they’re really interested they’ll call you back. Later. But at the moment you’re panicked or having problems–and you site is not delivering your message properly–you may not be able to get help.
You also may find that there is telephone support, but you have to wait a looooong time to reach them! How much is your time worth while you’re on hold? The most annoying part of this is that you’re likely to hear that “Your call is very important to us…” while you know that it’s not so important that they bothered to hire enough people to keep up with the call volume.
Perhaps the most annoying way to chisel on support is to have multi-tier support. You explain the problem first to someone who has limited knowledge, runs you through a script of actions for you to take, to screen out a couple of simple problems. Then you are transferred to someone else who perhaps can actually help you. Here, too, you’re paying for the cheap hosting service by wasting your own time.
The service that you want is a real person who can solve problems for you, available 24 hours a day.
The Bottom Line
Expect to spend $20 a month for site hosting. Use pingdom.com to measure your site’s home page load time. Run WordFence’s security scan on your site, and if it doesn’t complete, upgrade your hosting service or move to another service.
One way to get great hosting service is to use Dave’s Super Hosting Service; there are also other competent hosting providers.