SSL is no longer optional for your website.

Your website should most likely be labelled with “Not Secure”. What does it mean, and how do you get it fixed?



Background

Nearly two years ago, Google announced that Chrome would eventually start marking all sites that are not encrypted with HTTPS as ‘Not Secure’ as an attempt to motivate site owners to improve the security of their websites.

On July 24th 2018, Google officially launched Chrome 68 and with it rolled out the warning labels on all websites.

Chrome is a widely used browser accounting to about 80% based on statistics by W3Schools, where their website receives 50 million visitors a month.

What do these labels mean?

As seen above, there are three (3) types of labels.

i) Not Secure

This means that you do not have an SSL certificate installed on your website. I’ll explain what that is, and how it helps in a bit.

ii) Secure

This means that everything is good – and you don’t need to do anything more.

iii) Notice

This usually means that while the site itself is secured, there may be some content that has been loaded on the website which is not secure. If you’re getting this, your website developer or webmaster will need to fix it. The most common things that cause these are external links using http:// instead of https:// or preferred simply as // to support both.

Some examples include:

  • External images shown on your website.
  • External links to javascript files such as jQuery.
  • External links to CSS files such as Bootstrap.
  • Embedding of Google Fonts, Analytics and pretty much any other services.

Note that, using https:// on any of these require the external service/server to have a valid SSL installed on their end too!

What does Secure mean?

Any communication over the internet could either be secured, or not. A secured communication means that the data that is received or transmitted is encrypted which prevents prying eyes from looking at it.

Let’s say – you’ve typed in your username and password on a website. If that information, when sent over the internet is not secure – then anyone between your computer — and the server/service — could potentially “see” that data. However, if the website is secured, then the same information is encrypted making it extremely difficult for someone to see it.

Should I care if my website doesn’t have any login forms?

Yes, you should. Login forms are just one example. Maybe, you have a contact form where you ask your website visitors to fill in a message to reach you. The information that they type in there would be transmitted insecurely which could allow someone to see it.

SSL is no longer optional. Add SSL to your website today to avoid losing visitor confidence and sales. Plus, with SSL you get all these benefits too:The other benefits of having your website secure include:

  • More secure user experience
  • Protect user privacy
  • Increased conversions
  • Boost search rankings
  • Increased user trust
  • Show you care about users’ data

How do I secure my website?

You’ll need to get an SSL certificate installed for your website. This could be done by yourself, your webmaster, website developer or your web host.

What is an SSL certificate?

SSL is short for “Secure Sockets Layer”. It was introduced in the mid 90’s as a protocol to secure traffic. While SSL itself is depreciated, the newer versions of SSL protocols are actually known as “Transport Layer Security” (TLS). The certificates however are still commonly referred to as SSL certificates.

An SSL certificate is used by the browsers such as Chrome, Firefox, Safari or Edge to establish trust, validate that it is valid with a Certificate Authority (CA) and use it to encrypt the communication between you — and the server/service that you are communicating with.

These certificates are issued by Certificate Authorities (CA) who vet and issue the certificates. There are a few types of SSL certificates:

  • Domain Validation (DV) SSL Certificate
    Domain Validation SSL certificates are the cheapest provided by well known SSL brands. They are also freely available through Let’s Encrypt, a free – automated – and open certificate authority sponsored by big names in the internet industry.Free SSL certificates are also included in some hosting plans offered by web hosting companies like Extreme Web Technologies. They are ideal for basic security for websites and blogs, and are usually issued in minutes.
  • Organisation Validation (OV) SSL Certificate
    Organisation Validation certificates are slightly expensive as have some documentation processes required such as verifying your organisation legal information. The certificate authorities usually ask for your business incorporation documents, as well as physical address and sometimes identities of website/business owners. These are always purchased separately — and are a must have for serious businesses. These could take about a week to be issued, sometimes a bit more.
  • Extended Validation (EV)

    Extended Validation certificates are the most expensive certificates available. They could cost unto $2000 per year and go through extended validation processes including credit checks. These certificates also include a special feature supported across browsers which makes the address bar green showing your company name. These certificates are a must have for internet banking portals, as well as other applications to ensure user trust in the service. These certificates take the longest time to be issued, generally between 2-4 weeks.

I have a certificate, but my website still shows Not Secure when accessed.

When website visitors type in your website link on the address bar, they end up on the non-secure version of your site. You may need to consult your website developer or hosting company to assist you with this. 

How to fix Not Secure on WordPress.

If your website is built on WordPress, then the simplest way to make the switch is by going to your WordPress Admin (wp-admin), under the Settings > General screen, update your WordPress Address (URL) and Site Address (URL) to include https://.

How to fix Not Secure on my website which is NOT built on WordPress.

This will work on pretty much any basic website on cPanel hosting, such as the hosting plans offered by Extreme Web Technologies.

Log into your cPanel, find the File Manager, under public_html folder, look for a file named .htaccess and edit it. If it doesn’t exist, you can create it and paste the following snippet.

Make sure to update your domain name in it:

# BEGIN SSL
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.co\.tz [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.co.tz/$1 [L,R=301]
</IfModule>
# END SSL 

I’m stuck and need someone to do this for me.
Please contact our customer happiness team at Extreme Web Technologies to assist you get your website secured.

This blog post was written by Mohsin Sumar (@mohsinsumar) who is the Founder and CEO of Extreme Web Technologies. Mohsin with his Customer Happiness team constantly strive to deliver top notch quality web hosting in Tanzania.

Image credits: Creativeart – Freepik.com

.tz Marketing Workshop

I attended a marketing workshop representing Extreme Web Technologies, top performing .TZ accredited registrar on 10th & 11th December 2015 which was organised by tzNIC in collaboration with ICANN. It was held at BOT Conference Room and facilitated by Bob Ochieng and Ali Hussein Kassim.

The workshop aimed to share and provide necessary business skill-sets as well as exposure to the domain industry players to the participants which comprised mostly of .TZ registrars, as well as representatives from various academia, government bodies and students.

The workshop came at a time when African continent of about 1 billion people is striving to grow the ccTLD domain business from about 1.3 Million domains that are in use today.

Key questions that were discussed at the workshop included what should be done to change the situation? What can the ccTLD manager and registrars do to grow the .tz domain business in Tanzania? And finally, what other stakeholders should do to propel the .tz domain name industry?

I was also a panelist of a discussion where we discussed various ways to market the domain business through raising awareness of .tz domain by educating small & medium sized businesses on the importance of their online presence, the need of personalised email addresses and more.

Mobile friendly websites are more important than ever

Earlier this year, in April 2015, Google released an update to their Search Engine which now includes mobile friendliness as a ranking signal. This change will affect all mobile searches in all languages all over the world.

It will help users on the move, using their mobile devices to reach relevant websites that are mobile friendly.

Use this tool to check if your website is mobile friendly.

If your business website is not mobile friendly yet, it’s never too late to give your website a makeover. Make sure to mention to your designer that your new website should be mobile friendly.

Source: Make sure your site’s ready for mobile-friendly Google search results.

Why you need a website

This blog was first published on Extreme Web Technologies’ Blog.

Don’t have a website yet? Here are some compelling reasons why you need to have a website.

1. Your website is available 24/7/365.
Your website is open and available to provide information to potential customers 24 hours a day, 7 days a week, 365 days a year to provide information about your business even when you are asleep.

Think of your website as your 24/7 sales person who can provide potential customers with information about your business, what you deal in, your recent work, portfolio or products, client testimonials as well has do some sales.

Need a website? Get a .TZ domain, 1GB email storage and a website from TZS 30,000*/month

2. A website will help potential customers find you through search engines.
More and more information is now available at peoples’ fingertips, thanks to mobile phones that allows people to use search engines to find information they need, when they need it.

On average, there are 40,000 Google search queries every second (source), that’s 3.5 billion searches per day and 1.2 trillion searches per year!

3. Your competition has advantage over you.
If your competitors have a website, they have an advantage over you. Level the playing field by having a website.

4. Business emails improves your company credibility.
A website usually comes with email storage for business emails, something like [email protected] Using these instead of free email service providers improves your company credibility.

5. A website is affordable than advertising on traditional media.
Ever placed an ad on newspaper, or perhaps a local magazine? Compare the cost with that to a website, and you’ll quickly realize that having a website is very affordable than traditional media. And whenever you do advertise on newspaper or other media, always promoting your website address can help potential customers to your website.

Do you need to setup a website, check out Website Solution from Extreme Web TechnologiesWebsite Solution gives you a website address, email storage, and lets you setup a website in minutes using one of several ready to use mobile friendly website designs!

Share your thoughts and more reasons in the comments below!

Editors Note: This article was written by Mohsin Sumar (@mohsinsumar) and serves as the Technical Director of Extreme Web Technologies. Mohsin with his Customer Happiness team constantly strive to deliver top notch quality web hosting in Tanzania.