Tag Archives: https

hurry and go to HTTPS now

Google: “HTTPS now. Or else.”

What Is HTTPS

If you look at the address bar at the top of your browser page, you’ll see the URL for this page of the Web.  If you’re using Chrome, the most popular browser today, you’ll see that the URL starts with “https://”, and to its left is a green lock with the word “secure”.  The happy symbol tells you that all the communication between your browser and the server that’s fetching Web pages for you is encrypted.  A third party who intercepts your communication won’t be able to read it, and, also important, won’t be able to change it.

The use of HTTPS instead of the earlier protocol HTTP, that doesn’t encrypt traffic, has grown to the point where more than three-quarters of all Web traffic is now encrypted.  Google has been pushing for the use of HTTPS.  Their advocacy is an important reason for this shift, which protects all of us, those who have Web servers and users who are using Web browsers.

Their pressure for HTTPS has helped all of us, but don’t think of them as crusading white knights.  Their revenue comes from user trust in their search engine, and user trust in the use of the Web.  Google’s neverending font of revenue depends on a safe Web, so this advocacy has been strongly in Google’s interest as well as ours.

What’s Changing

Today, if you’re using HTTPS, you’ll see the happy green lock and the word “secure” to the left of the URL.  However, Google has confirmed on May 17 that they believe that users expect the Web to be secure, so instead of showing HTTPS as exceptional, they’re going to assume that HTTPS is the standard, and if your site still uses HTTP, then they’ll display a red warning that your site is not secure.

This won’t take place until the next release of Chrome, so you have over the summer to make the transition to HTTPS.  However, it’s no easier in September than it is today, so the best approach is to get with it and make the change now if you haven’t done it already.

The other reason to use HTTPS is that Google also tells us that they’re considering it as a ranking factor in search engine results, so if you want to have your site show up prominently in Google search results, then you’ll use HTTPS.

The Bottom Line

If you’re not using HTTPS, make the change now!

If you’re using Dave’s Super Hosting Service, this isn’t a problem for you, because HTTPS is provided for all sites that I host.  In addition to backup to the Amazon cloud, the most secure backup server.  And the most advanced Web security protection that’s available.

It's only fair to share...Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
Linkedin
Share on google
Google
Share on print
Print

Act Fast if Your Site Uses Certs from Symantec, Thawte, VeriSign, Equifax, GeoTrust or RapidSSL

HTTPS

In another issue, We’ve recommended that you should be running HTTPS, to protect your visitor’s interactions with you, and also to improve your ranking in Google search.  That’s still good advice.  However, HTTPS introduces some other complexities. One of them is the need to rely on a third party to issue the certificate that’s essential to running HTTPS on your site.  And what if that third party messes up?  We’re now learning what happens!

There have been multiple incidents of Symantec not following accepted industry procedures in the issuance of certificates.  Symantec is one of the largest issuers of certificates, so it tool a company the size of Google to stand up to them.  Symantec and other brands they own, listed in the title above, have been judged by Google to be not completely reliable.  So Google has established a time frame for ending Chrome’s support for these certificates.

What are the consequences of continuing to use these certificates as Google ends support for them?  Your visitors will see a security alert like the one at the top of the page.  That’s not what you want them to see!

There’s a good discussion of this issue in the WordFence blog, along with links to find the time-tables for nonrecognition of various certificates.

The Bottom Line

Check to see whether your site is using a certificate from Symantec or a Symantec company. If it is, make a change now.  If you’re using Dave’s Super Hosting Service, don’t worry, we don’t use Symantec certificates.

It's only fair to share...Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
Linkedin
Share on google
Google
Share on print
Print
protect your site with https

Let’s encrypt! It’s time for HTTPS.

What’s HTTPS?

HTTPS is the secure version of the HTTP (hypertext transfer protocol) that our browsers use to access Web sites, that your visitors use to access your own Web site. HTTPS protects communications between the client program that your visitor uses and your Web server, so that eavesdroppers can’t listen in, no one can tamper with data that’s transmitted, and your Web site data can’t be forged.  HTTPS allows your visitors to visit your site in privacy.

It’s growing in importance, and it’s time for you to adopt it, if you haven’t already, both because you owe it to your visitors and because not adopting it will impede your efforts to use the Web to promote your business.

Today’s Usage

Adopting HTTPS, which uses the SSL (secure sockets layer) protocol to communicate, so that it’s called either HTTPS or SSL, today will put you somewhat ahead of the crowd, except for financial systems and medical systems, which have widely adopted HTTPS.  However, HTTPS adoption grew by 80% last year, so its time has arrived.  Mozilla has reported that more than half of pages visited by Firefox now use HTTPS:

sites accessed by firefox using HTTPS

This doesn’t mean that half of all sites now use HTTPS; far from it, in fact.  This result is strongly skewed by the use of HTTPS for financial and shopping sites and by Google, which all together carry a significant portion of all Web traffic.

How to Convert

The mechanics of conversion have become less onerous now that there are low-cost certificates available, that are required for implementing HTTPS.  Most Web hosting companies can help out with the implementation; it no longer needs to be expensive or difficult to convert to HTTPS.  You’ll notice that my own site now uses HTTPS.

The method of conversion depends on how your hosting service is implemented and the technology that dellivers your site, so a discussion of that here wouldn’t be of much value.  Just understand that the technical work to be done is not difficult and shouldn’t be costly.

Why Convert?  Here Are Five Reasons

1. Protect your visitors’ privacy

Your visitors deserve to be able to visit your site in privacy.  In these days of ever-intrusive commercial data collection, HTTPS helps your visitors keep their private activity on the Web private.  Outside the US, of course, a visitor can fear exposure to the state of his Web activity.  HTTPS is a way of respecting our visitors.

2. Search engine ranking

Google has announced that the use of HTTPS is a ranking factor in your position in search engine results.  This can be viewed as a carrot–Google is offering better placement in search engine results for use of HTTPS, or as a stick–use HTTPS or suffer a penalty.  But however you see it, it’s real, and there are benefits to you from adopting HTTPS.

3. Browsers will mark HTTP as insecure

Today, browsers typically show a small lock next to the URL when HTTPS is used.  However, both Firefox and Chrome are preparing to mark HTTP sites as dubious at first, and then as insecure.  This is not something you want shown to your visitors!

4. HTTP/2

Finally, in 2015, the successor to HTTP/1 has been adopted, and HTTP/2 has many improvements, especially in performance.  For compatibility reasons, browsers will support HTTP/2 only over HTTPS.  If you want to benefit from the evolution of the Web, particularly performance improvement when delivering data-heavy sites, you need to adopt HTTPS.

5. iOS and Android compatibility

iOS 9 has a strict requirement for HTTPS, and Andrioid M has a less strict but still real requirement.  If you intend to deliver content to iOS and Android smartphones, in the future you’ll have to use HTTPS, so changing now makes sense.

Dave’s Super Hosting Service

If you’re using Dave’s Super Hosting Service, don’t be concerned.  All the sites are being converted to HTTPS, using my own site as a test vehicle.

The Bottom Line

The first reason given, which is respect for the privacy of your visitors in this era of unprecedented snooping on all of us, is reason enough.  But if you add the second and then third reasons, it’s clear that you need to get on with it and adopt HTTPS if you haven’t already.

 

 

 

 

 

It's only fair to share...Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
Linkedin
Share on google
Google
Share on print
Print

Doctors, Dentists, Lawyers Victimized by Website Providers

Busy Professionals Victimized by Web Charlatans

I’ve worked with doctors, dentists and lawyers who have Web sites and wonder why the  site doesn’t enhance their practices.  They  have a perfectly good-looking site, developed by people who specialize in their very field, and the site just sits there looking good!

The problem is that these busy professionals are being victimized with Web sites that look good but are built so that looking good is all that they’ll do–they won’t help grow the practice.  And the purveyors of the site won’t give you good advice in that area, either–they are more interested in booking quick, high-profit cookie cutter jobs.

If you ask about search engine traffic, you’re likely to get an answer such as “We are not an SEO company, we are a Web site company.”   That’s certainly true; these outfits are not SEO companies.  But I think they should instead say “We will give you a Web site that looks good but will never ever bring you any visitors from search engines.”

In this issue, I’ll tell you some things to look for if you’re a professional looking for the development of a new site.  I’m not an artist so don’t do site designs myself, but I do advise clients who are having a new site developed.  If you’re getting a new site you can engage me to help you through the cycle, reading and evaluating proposals, helping choose a vendor, giving them some guidelines and evaluating and testing the result.  But these guidelines will give you a good start at it.

WordPress

The first question to ask:  are they using WordPress to build the site, and can you host the site that’s built on any hosting service of your choosing?

There are many reasons why a small business site should be built with WordPress.  Most of them stem from its popularity–more of the world’s sites are hosed on WordPress than any other platform.  So you can always get someone to work on it, and if you want to add function to it, someone has probably built a plugin to do just what you want.  And because it’s free, even the best add-ons that you have to pay for are cheap.

If the developer doesn’t propose WordPress right away as their first choice, choose someone else.  You don’t want to force them into using a development platform they don’t like or aren’t  not familiar with.

Hosting Service

Usually these folks will provide hosting service for the site after it’s built.  That’s a good thing, actually, because you need hosting service, and it’ll be convenient for them to make any changes to the site you may decide you want.

However, there are two issues that you should verify about their hosting service:

HTTPS

First, Google gives an edge to sites that use HTTPS, the secure version of the Web protocol HTTP.  If you’re getting a new site, the time is ripe to start with HTTPS.  Leading edge companies are using it now.  The developer may not propose it, but they should not resist at all a request from you to implement it.  Here, too, if they don’t want to do it, don’t waste time with them–move on.

It’s worth using HTTPS just for the Google search position bump you’ll get.  But it’s also timely because it protects site visitors’ communication with the site.  The FCC is now toying with rules that may allow users’ browsing data to be sold.  In that environment. competitive factors dictate that we keep that information to ourselves through use of HTTPS.

Dedicated IP Address

Your IP address is the numeric Internet address of your site.  If your hosting service shares your IP address with other sites, then if one of those sites behaves badly, your shared IP address can end up on one of the lists of banned IP addresses that are shared among Internet service providers.  The more other sites share your IP address, and how they are connected, has a lot to do with how much risk there is.

This subject has some complexity to it.  I’ve written a post about it, that includes an easy way for you to test whether your IP address is shared by any other sites.  You can also use that same method to look at the IP address strategy of major companies.  I suggest looking at the IP address sharing strategy for IBM, GE and GM.

If your developer tells you that there’s no reason to have a dedicated IP address, then they’re not telling you the truth, and you should move on.  You may decide, after reading my post, that you don’t need a dedicated IP address.  Certainly, though, you don’t want your IP address shared by a large number of sites.  If your IP address is shared by, say, six sites, with companies all well known to the site provider, than maybe that’s OK.  But if your IP address is shared by 100 sites, then that’s an issue.

Duplicate Content

If the content of your site duplicates another site’s content, then Google will decide which is the original and not index the other.  That is, you risk getting zero referrals from Google for any of your content that’s duplicated elsewhere on the Web.

Ask your site developer whether they guarantee uniqueness of the content they will supply.  Then, when the site is delivered, check every page for uniqueness.  To make the check, copy a sequence of about 15 words from the middle of a paragraph and paste it into a plagiarism detector such as Copyscape.

If they’ve provided a significant amount of duplicate copy, after promising unique content, don’t ask them to fix it–find someone else, and don’t pay the bill.  You’ve been deceived and cheated.  They’ll cheat you again.

Reviews

Some of these site developers provide a service to help you get reviews.  Typically this is simply a request that you email to a client or patient and ask them to do a review.  However, more than one of these companies doesn’t do the extra work required to make it easy for the person who’s being surveyed to write a review on a recognized review site; instead, they offer a review that’s posted only on your own site, or is posted on a review site that they own.

You want some help in getting genuine, favorable reviews from your real clients and patients–but on a popular review site, not just your own site and not some obscure site owned by your Web site provider. Today, your prospects are searching reviews in Google, Yelp and other important review sites,  If you have 50 to 100 good reviews on these sites, they will bring people to you.  For more detail, see the post that I’ve written on this subject.

If they offer a review service, you want a live feed of reviews on your site, so that recent reviews are shown, and there are links to the reviews on the review site.  This gives the display on your site great credibility with visitors to your site.

Your developer may not offer a review service; that’s fine.  You can use my service–or another service.   But if they service they offer doesn’t meet the requirements outlined here, they’re trying to sell you something that will actually hurt you, by wasting perfectly good reviews that, if located on review sites, would be helping you.

The Bottom Line

Use the criteria I’ve given here to test what’s being offered to you.  Or, if you’d like, get in touch with me and provide me links to a couple of sites that the developer you’re considering has developed.  I’ll be happy to look at them for you and give you my opinion.  I don’t develop sites, so have no stake in which developer you choose.

It's only fair to share...Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
Linkedin
Share on google
Google
Share on print
Print