security

Home/Tag:security

Why Your Website Needs an SSL Certificate

Do I Need an SSL Certificate?

Just what is the difference between HTTP and HTTPs? Most people we speak to are aware it means the website has an SSL certificate which means the connection is secure. But it’s not yet widely know that every website should now be using HTTPs and many reading this post will likely be thinking, “I don’t have a web shop or collect credit card information so it probably isn’t something I need to worry about”. If this is you then you definitely need to read this article!

So if you’re wondering “do I need an SSL certificate?”, the answer in 2017 is definitely. In our opinion, every website should now have an SSL certificate regardless of what you actually do and we will detail the benefits this will bring your business. But it may also surprise you to know that not all HTTPs websites are equally secure, this post will detail how HTTPs benefits your business and how you can maximise the benefits of using it.

Look for the Little Green Lock

Perhaps you’ve seen the ‘green lock’ in the top left of your browser bar before? If you use Google Chrome, this is what it will likely look like – each browser shows it differently, but will show you if the connection is partly, or fully secured.

If something is not right with the certificate (for instance: if it has expired or is invalid in some way, you will recieve an error like below:

You may have noticed – if the website is partially secured, you will see an imagine perhaps similar to that below:

Notice the grey ‘i’ and how this does not say ‘secure’. This means the website has an SSL certificate and is using HTTPs, however, something about the way in which it uses it is not safe. If this is your website – read on as we detail what you need to do!

What are the benefits of SSL?

First, what is SSL / HTTPs and why is it important? SSL provides the foundation of your website security, it does a few things to achieve this:

  • It ‘authenticates’ the domain to your server – meaning your visitors can be confident the website they are accessing is the ‘real McCoy’ (i.e. not a forgery or a dummy website set up to dupe people into handing over credit card information). To your business this means instant online credibility!

  • It encrypts data, securing it as it passes between the user and your website, making it practically impossible for hackers to ‘listen in’ and intercept communications (sometimes called a ‘man-in-the-middle’ attack). This applies to all information, including personally identifiable information (PII) and other sensitive information such as credit card details.

However, due to recent developments, your website will enjoy some new benefits as a result of having a fully secured SSL certificate, these are:

  • Google Indexing of mobile websites : In 2015, Google announced they would be indexing HTTPs over HTTP, this means if all else is equal between your website and a competitor, if you have SSL and they don’t, you can expect to rank higher. Who doesn’t want to give their business the best chance to win that business over a competitor?

  • SSL is required for AMP : As the web goes more mobile, a new technology has been developed by Google called “Accelerated Mobile Pages” (AMP) which is an integrated mobile platform. SSL is required for your website to be considered for this technology.

Why Some SSL Is Insecure

Notice how we say SSL ‘provides the foundation’ of your website security – what you build on top is just as important. This leads us back to why some websites that have SSL are less secure and show the ‘grey icon’ in the address bar we mentioned earlier.

Many websites use external code, scripts and services. If your website is integrated with other services such as Google Maps for example, it will likely need to load some Javascript code or HTML from Google’s server.

These should also be loaded using HTTPs. Even though your web page is secure to the end user, because it loads from insecure sources – the web page itself can no longer be considered secure at all! It is a bit like having secure locks on your front door, but leaving the window open. Just like your business premises, your website security can only be as good as its weakest point!

Thankfully, it’s usually fairly easy to audit your website and ensure all your scripts, code and resources load using HTTPs to win the prize of a green lock and enjoy the maximum benfit in search rankings of a fully scured website.

Do You Need Total Security?

If your website is not quite fully secured and you would like someone to audit your website to ensure you have a green lock and everything uses SSL, why not get in touch with Audit My Website? We specialise in auditing websites and resolving issues like these.

By | 2017-07-14T17:40:07+00:00 July 10th, 2017|Categories: Website Audit|Tags: , , , , , , , , |
Read More

Why you should not choose cheap website hosting

It’s very easy to look at your website hosting cost as the single most important factor when going through a hosting comparison and deciding who to host your website with. After all, it’s only hosting isnt it?  

From a business perspective, your hosting solution is an ongoing cost, so why would you not minimise this as much as possible? Quite a few reasons, actually!  Today we will be detailing why you should avoid cheap hosts and what you should look for when choosing a good host for your website.

Limited Resources

Most cheap hosts are cheap because they load their servers with many websites – in some cases hundreds or even in the worst cases thousands in order to make their business model work. This will have several unintended consequences for your website:

  • Slower, less reliable service: A busy server will take longer to respond, meaning your pages and site will take longer to load. This in turn will hurt both rankings and visitor experience and as a knock on effect, it’s likely to cost sales in the long run.
  • Artificial limits: Cheaper hosts will often place an artificial ‘limit’ (usually on amount of data or data over time) and once this limit is exhausted, they will either insist you pay more for the service, or simply suspend the service so your website goes offline.  This is the opposite of what you need: if your website suddenly becomes popular, you want to be able to ride this crest and enjoy the benefits that more traffic and increased enquiries brings, not suddenly shut down your shop the moment it starts to become a success!  Similarly, many cheap hosts will have limits such as limiting the number of databases (and therefore the number of websites) you can host.
  • Hidden costs will actually make ‘cheap’ hosts more expensive in the long-run. This is achieved by charging you large amounts for services that typically don’t cost the hosting company anything significant.  These include things like: automated website backup processes, transferring your domain or website, having a second database or escalating a support ticket, additional bandwidth being just a selection. The trouble is, in each of these cases, a quick resolution is needed to help your business operations be profitable. If your website is offline due to some technical difficulties, each moment it is offline it could potentially be losing sales and lose customer confidence that you actually are still trading.

Staff skills and experience

Cheaper hosts will typically have much lower skilled staff and greater lead times to resolving any technical issues that should arise. It also means you are not given the long-term advice and support you need to head off longer term issues before they develop.  For instance, as time goes on and security vulnerabilities are found in software your website uses, ideally you want a host who can make you aware, and, where needed, ensure you are protected going forwards i.e. by offering to upgrade your content management system (such as WordPress or Umbraco) website to the latest versions. Similarly, you want a host who can perform a quick security audit on the plugins / extensions or packages your website uses to ensure that any that need it are patched as soon as possible.

Security

In addition to the lack of skills, most cheap hosts will also not have set up their servers securely, for instance, they won’t necessarily ring fence website and technology with firewalls, have any suitable DDoS (Distributed Denial Of Service) protection nor will they likely audit your plugins / extensions or packages your CMS website uses to ensure they do not include any vulnerabilities.  

In fact, most won’t want to get involved in any of this and will provide your hosting account on a “use at your own risk” basis. As you can imagine, the cost and disruption of even a single big incident will usually cost more to your business than the entire year of hosting. If your website is hacked you will need a developer to carefully review the code, clean up any data, and the cost if their time will be a lot more expensive than the support the host would offer (and will likely need to be repeated the next time the website is attacked!)

Monitoring

Typically, cheap hosts don’t offer any kind of website monitoring. The only time you will ever even know there is an issue with your website will be when any of your customers let you know, and this never reflects well on your business. Not only will website outages cost you rankings in Google (and therefore, visitors and enquiries as a result) but may also cost your business credibility which will be much more costly and longer-term to put right.

Backups

Something we recommend all hosting has in place is some kind of automatic backup and recovery process. If the worst should happen to your website, you want to be back up and running as soon as possible! The cost of every extra day your website is offline will quickly dwarf any difference in cost for hosting that year.

The cost of putting it right!

Probably the biggest reason for not choosing a cheap host is that when any of these issues arise, they will be little help to you and it will fall down to your web developer to put it right. I’m sure, like ourselves, most web developers would be very keen to offer help, accept their time will be a lot more expensive, and they will likely need to revisit this work again because they are now using ‘sticking plaster’ to fix a fundamental problem. The problem will never be truly fixed, and likely end up needing further repair at a later date, leading to bigger ongoing costs in the long run!

It’s too expensive

I recently had a client on the phone that wanted to move their website hosting over to ourselves – note it’s a business website, not a personal site. When we got down to costs, I asked the simple question ‘How much are you paying now’.

The following is a snapshot of the rest of the conversation.

Client: We are currently paying £70, that is for a year.

Me: Ahh ok, and how has the service level been with your current host?

Client: Well we’ve had email go down on us three times in the last six months and the site is slow compared to others.

Me: Well our hosting is £45 per month for a WordPress site, it’s more expensive as we have very good reliability and support structures in place.

Client: My current site is being hosted by a friend of the old design company. Hes doing it as a favour. I can’t afford £45 per month.

Me: Let me ask you a quick question, how much do you charge an hour for your services?

Client: £40-55 per hour depending upon the service

Me: Do you realise, that just one paying client for an hours service pays for your website hosting for the entire month?

Client: Oh yes, you are right!

Summary

In summary, can you really not afford to have a decent hosting provision in place? The example above is typical of what we experience on a daily basis from clients. Yes I can put you in touch with £5 per year hosting, however I would expect that to go down regularly, be slow, not have any support etc

Personally if it’s a business site, i’d rather pay more and get a high quality service, know my data is backed up, know my site is protected by firewalls and more.

 

Buy safe, buy once!

Privacy Preference Center

    Necessary

    Advertising

    Analytics

    Other