Servertastic

UK £ US $ Euro

Which SSL Certificate is Right for your Business?

HTTPS has become necessary to ensure a website’s success. If you are looking to make the switch yourself, then you should consider what type of SSL certificate is right for your website.

SSL certificates come in different varieties, each designed to suit the needs of certain businesses. You need to understand what sort of features your website needs to get the best results.

When deciding on which certificate to buy, you should consider the following:

  1. What information do you gather from your users? Are your users required to create a password to access an account? How much personal information are they giving you? Are they giving you credit card or bank details? The more information you gather the more vital it is to secure your website.
  2. How important is your user’s trust? Your reputation could be key to how much business you acquire. Potential customers will turn away from your business if they do not feel safe using your website.
  3. What number of domains need securing? Does your business have just one domain, or does it span multiple. Do you have subdomains branching off your main domain? (For example, mywebsite.com may have a subdomain of blog.mywebsite.com)

Once you have considered these questions, you can find out which type of certificate would suit your needs.

Domain Validation

SSL Certificates which are Domain Validated offer the basic encryption necessary to secure your website with HTTPS, and can be issued in a matter of minutes. They are also the most affordable.

However, these certificates do not confirm the identity of the business to your users. They are unsuitable for e-commerce or any website that gathers personal information from its users. DV certificates are best if your website does not gather personal details and you just need to get the encryption to switch over to HTTPS quickly.

Organisation Validation

If you need to increase the trust your users have in your business, then consider Organisation Validation. OV certificates place information about your business in the certificate details. This signifies that your website is legitimate, and not a spoof for a scam.

Organisation Validation should be considered a minimum requirement for any e-commerce website. They are also good for public facing websites that deal with less sensitive data from the users.

To obtain these you need to undergo a vetting process to prove that your are the real domain owner.

Extended Validation

These SSL certificates give your website the Green Address Bar, where the name of your business appears in green text in the URL bar next to your address. This proves to your users that you are the owner of the website and that your business is legitimate in a visible fashion. EV certificates also come with larger warranties, which provide another layer of protection should the worst happen.

Extended Validation certificates are more expensive. They also require you to undergo vetting before they can be issued.

E-commerce sites, and other business that rely on their online presence, should consider Extended Validation.  Businesses that take user’s card details or identifiable information should also consider Extended Validation.

Wildcard

If your website has subdomains that need securing, then use a Wildcard certificate. Using a Wildcard certificate to secure your subdomains is cheaper and easier to manage than purchasing a certificate for each domain.

Wildcard certificates cannot be offered with Extended Validation however, meaning you cannot get the Green Address Bar. They can still be offered with Organisation Validation.

Multi Domain

A single Multi Domain certificates allows a single certificate to cover multiple domains. Use these if you have various domain extensions for your website and you want to cover all of them in one certificate.

We provide a chart comparing a wide range of certificates from the most popular brands if you want to find out more.

Consider your options carefully, as selecting the right certificate for your website can save your business headaches and even money down the line.

Tips for Switching to HTTPS

Photo by Glenn Carstens-Peters on Unsplash

HTTPS is quickly becoming a minimum requirement for having a successful business online. Google Chrome and other browsers have begun flagging websites that have not made the transition. Therefore it is better to make the switch over sooner rather than later. To avoid getting a headache or damaging your business’s presence online it is important that your HTTPS certificate is installed properly.

There are many issues that can arise during the transition. We are to offer you some advice to keep in mind when making the switch to HTTPS.

Get the Right Certificate

Selecting the right SSL certificate for your website is the first step. If you need to ensure your user’s trust then you should go for a certificate which validates your organisation’s identity. These include Organisation or Extended Validation certificates.

If your website spans multiple domains or any number of subdomains then you may require a Multi Domain or a Wildcard certificate respectively. Using a Wildcard certificate is cheaper and easier to manage than buying a separate certificate for each subdomain.

Use a Test Server

Making your changes on a test server first can prevent issues from damaging your live website. When you are confident that the changes have been successful on the test server, you can then go ahead and apply them to the live site in the knowledge that everything has been checked beforehand.

Check your Third Party Add-Ons

Make sure that any third party services your website uses can be run over HTTPS. This can include features such as analytics or advertising. If they cannot, then this will result in “mixed content” issues, where some of your pages will not run over a secure connection. Users may become uncertain about your website if parts of it are still using HTTP. Mixed content can also render the protection provided by encryption useless.

Once you have switched to HTTPS make sure to update any plugins or modules your website uses.

Revise Internal Links

Just like with your add-ons, failure to inspect internal links can lead to mixed content issues. You should check your internal links and links to website assets to ensure they lead to proper HTTPS versions. Assets can includes images, video and audio media, web fonts, CSS, and Open Graph tags.

Checking your internal links can also help catch out links which have been broken by the transition.

Redirect

When you make the switch to HTTPS you should make sure that your users are properly redirected to the correct webpages. Without proper redirection your users might end up still visiting your website over HTTP. Search engines like Google see the switch to HTTPS as a website move, similar to changing domain names. Therefore you should redirect all of you webpages to their HTTPS versions and update your Google Webmaster tools. Make sure to update any existing redirects.

If you send out any adverts with links to your website, such as paid search ads or email marketing campaigns, then you should update them to include links to the HTTPS versions of your webpages.

Update Sitemap

Once you have switched to HTTPS you should update your sitemap with the correct HTTPS URL addresses and submit it to Google. Sitemaps make it easier for Google to crawl your website.

Check Robots.txt

To make sure that search engines like Google can still crawl and index your pages after making the switch you should check your robots.txt. You need to make sure that you have not restricted any of your HTTPS pages, otherwise potential users will not be able to find them through organic searches.

It is a good idea to re-crawl your website to check what pages can be indexed. Pages that return a 200 status code can be indexed.

Hopefully your switch to HTTPS can be free of hassle. Thorough inspections of your website and careful monitoring are key to ensuring a smooth transition.

Comodo CA Rebrands as Sectigo

From the first of November Comodo CA will officially be rebranding as Sectigo. The goal of these changes is to emphasise their expansion beyond simply offering SSL certificates into a full blown web security services. They are also intended to distinguish them from Comodo cyber security and reduce market confusion. These changes come with a brand new website and imagery.

Many of their products will also be changing their names in line this rebranding. For example, ComodoSSL will become SectigoSSL. There will also be a new trust seal featuring the Sectigo logo.

Sectigo trust seal

The good news for customers is that nothing about their service will change for the worse. Any certificates bought under Comodo CA will still be valid and will not require any changes. Their prices will not be affected by the rebranding, and you will still receive the same level of support as you were before. Here at Servertastic, the cost of Sectigo certificates will not be changing from the Comodo CA versions.

All account manager phone numbers will remain the same, though customers should be on the lookout for notifications of their new email addresses.

With this rebranding, Sectigo are looking to build upon their past successes and grow their company even further.

New logos for PositiveSSL and EnterpriseSSL

You can find out more information on the Sectigo rebranding on their new website.

You can find our range of Sectigo SSL certificates in our new Sectigo section.

Why HTTPS is Essential to your Business

Businessman on laptop

Photo by rawpixel on Unsplash

As more business than ever is being conducted online, the need to protect your website and its users is more vital than ever to ensuring your success. Switching your website to HTTPS is just one of the ways you can enhance your site's security. While HTTPS used to be considered best practice, is quickly becoming an essential to online businesses.

HTTP means Hypertext Transfer Protocol. It is used to determine how data is sent between a website and the user. HTTPS is a protocol which is secured.

When your website is running off regular HTTP the data being sent between the site and the user is sent in plain text. If a hacker were to intercept the data they would be able to read it. This means they could learn sensitive information such as the users passwords or credit card details.

If your site uses HTTPS however, all data sent back and forth will be encrypted meaning anyone intercepting it will not be able to read it. This protects your users from cyber crime. The verification provided by HTTPS certificates also makes it difficult for frauds to impersonate your business and use your identity to scam others through phishing.

When your website has the Green Padlock indicating HTTPS, or the Green Address Bar provided by an Extended Validation HTTPS certificate, the confidence of your users to complete transactions on your website will be boosted.

The enhanced trust from your users will lead to a higher conversion rate and better business all around.

Browser Changes

Browsers will alert users when a website in not secured using HTTPS. Google Chrome’s latest updates now flag every website without HTTPS as “Not Secured” in the address bar. Potential users are likely to turn away from your website once they have been alerted that your website cannot be trusted with their data.

Other browsers will warn users then a website without HTTPS requires them to enter a password or credit card details. These browsers will be expected to follow Google’s example in the future and flag all unsecured pages. As browsers push for more encryption, HTTP will become the exception rather than the norm.

SEO Benefits of HTTPS

Using HTTPS also enhances your SEO. It has been confirmed by Google that sites using proper HTTPS encryption are given priority in their search engine. The presence of HTTPS can be used as a tiebreaker between two sites that would otherwise be equal in search ranking. So taking the time to ensure your site is secure can translate into more visitors through organic searches.

HTTPS will be required for using certain new technologies online such as HTTP/2. This is a new version of the protocol which can reduce the load time of websites, but major browsers will only allow it to be used with HTTPS.

The easiest way to switch over to HTTPS is to purchase an SSL/TLS certificate. Your website will switch over to HTTPS as soon as the certificate is installed. Not making the switch risks not only your users, but also the reputation of your business.

How Do Wildcard SSL Certificates Work?

Secure multiple subdomains with a wildcard certificate.

Photo by Jon Moore on Unsplash

A wildcard SSL certificate differs from other types of certificates because they allow you to secure an unlimited number of subdomains along with your primary domain. This saves you the time and money of having to purchase and manage separate SSL certificates for each subdomain.

These certificates are issued to domains with the wildcard character, represented by an asterisk (*), in their hostname. This character is used to represent an unlimited number of subdomains.

For example, if we wanted to buy a certificate for mywebsite.com, we would have it issued to *.servertastic.com when generating the CSR code. Any subdomains that share the same primary name of “.servertastic.com” would be covered by the certificate. This could include...

  • forums.mywebsite.com
  • support.mywebsite.com
  • blog.mywebsite.com

And we could add as many subdomains to this list as we want, so long as they share the .servertastic.com on the end. Wildcard SSL certificates can only cover first level subdomains. So login.support.mywebsite.com cannot be secured by the wildcard certificate.

Wildcard certificates can be issued as domain validated (DV) certificates, which means they can be issued in a matter of minutes and only require you to prove that you own the domain. You can also choose to get an organisation validated (OV) certificate, where the details of your company will appear in the certificate details. This requires you to go through a vetting process to prove your website is legitimate.

They cannot be issued at extended validation (EV) certificates however. This means you cannot get your company's name in green text in the URL bar.

You can learn more by viewing our range of wildcard certificates.

How do I Make my Site Secure?

website security

Photo by Ilya Pavlov on Unsplash

Why is it Important to Secure my Website?

Businesses operating online today face many challenges, the biggest being protecting themselves from cyber attacks. These attacks come in many forms:

  • Distributed Denial of Service (DDoS) attacks that can overload your website and force it to shut down. Your site will not be able to conduct any business while it is offline.
  • Phishing attacks being sent to your customers. These scam people into giving up their personal information.
  • Malware infections and ransomware attacks which hold your computers hostage.
  • Data breaches where the personal details of your customers are compromised.

The fallout from a cyber attack can be incredibly costly for your business. Your business even risks incurring legal action if it is found that you did not take the correct preventative measures.

Cyber attacks not only damage your finances but also to your reputation. People will be reluctant to engage with your business because they will not feel their information is safe with you.

Certain web browsers, including Google Chrome, indicate to their users when a website is unsecured by displaying a “not secured” message in the URL bar. This will ward off potential customers from using your website. Securing your website however will give you the green padlock or even the name of your business in the URL bar and assure your customers about your commitment to keeping their data safe.

Google have also confirmed that secured websites are given priority in their search engine rankings. So proper security does not just protect you and your customers, it can also boost your business’s presence.

The best course of action is to prevent cyber attacks by properly securing your website.

How do I Secure my Website?

SSL Certificates

The first way to secure your website is to make the switch over to HTTPS.

HTTPS encrypts information being sent between a website and the user, ensuring that hackers cannot read the information.

To switch to HTTPS your website needs an SSL certificate. SSL certificates come in different types depending on the scope of your website and level of trust needed.

  • Domain Validation - These can be issued in minutes and offer the encryption needed to protect user information.
  • Organisation Validation - These put your business information in the details of your certificate which ensures users about the legitimacy of your website. Obtaining this certificate requires your business to undergo a vetting process to verify your identity.
  • Extended Validation - Puts your business’s name in green text in the URL bar. These certificates also require you to complete a vetting process.
  • Wildcard Certificates - These can used to secure an unlimited number of sub-domains in one certificate.
  • Multi Domain - These can secure up to 100 domains in one certificate.

Upon installing your certificate the green padlock will appear in the URL bar and the HTTP will change to HTTPS. This indicates to your customers that your website is secure.

You can check out our range of SSL certificates to find what kind you need to satisfy your business needs.

Keep Software Updated

Keeping your software consistently updated is vital because it can prevent hackers from taking advantage of vulnerabilities. CMS developers such as WordPress and Joomla are constantly working on their platforms and regularly put out updates. Any anti-virus or anti-malware software you are using should be regularly updated as well to keep up with new viruses coming out.

You should also keep track of any plugins that your website uses for updates. If you find a plugin has had no updates in a long time you should consider finding an alternative that is still being supported.

Create Backups

Creating backups of your website and databases can provide protection from some of the worst case scenarios. For example, if you become victim of a ransomware attack, rather than giving into the hacker’s demands, you can reformat your computers and restore your data using a backup. As a result your system will be cleaned with minimal loss of time and data.

Ideally you should create multiple backups and store them separately from the rest of your system so that issues affecting your system will not invalidate your backups. Using different formats, such a cloud backup alongside storing a backup to an external hard drive, can ensure you will also have a copy of your files ready.

Web Application Firewall

A Web Application Firewall can be used to protect your website from malware attacks in real time. They work by monitoring packets of information as they travel to and from your website. It can then filter or block those packets if it detects any suspicious traffic.

Web Application Firewalls can protect your website from DDoS attacks, as well as SQL injections and cross-site scripting.

Penetration Testing

Rigorous testing can help find the vulnerabilities in your website that hackers might exploit. You will receive expert advice on where you website is weak and what changes should be made to protect it.

Penetration tests combine a range of manual and automated inspections of your IT systems, scanning the entire breadth of your infrastructure.

Strong Passwords

Using strong passwords can prevent hackers from getting into the backend of your website. Passwords should be multiple words or phrases long and contain a mix of lower and uppercase letters along with numbers. You should avoid using the same password for multiple accounts. Any default passwords you are given should also be changed as soon as possible.

A password manager, such as 1Password, can be useful in both creating strong passwords and keeping them securely stored. This helps you get around the issue of having to remember too many passwords.

Why are Sites Being Listed as Not Secure?

Googles new updates is flagging sites as not secured

Photo by Edho Pratama on Unsplash

You may have noticed that from the 23rd of July many websites have been branded as “not secure” in the URL bar of Google Chrome. Google’s latest update to their web browser, Chrome 68, is now flagging any websites that have not made the switch over to HTTPS. This is an effort by Google to encourage websites to take measures in securing the data of their users.

HTTP stands for HyperText Transfer Protocol. It determines how data is transferred around the web. Websites using HTTPS are encrypting the data being sent to their server. The S stands for “secure”. Google reports that 81 of the 100 top websites are now using HTTPS.

not secure url bar

Image from blog.google

Websites without HTTPS are not encrypting the information being sent between you and the server. Hackers could potentially intercept your communications and read any information in plain text. They could potentially steal your password, bank details, and personal information like  address and phone numbers. With HTTPS active however, the data is scrambled during its transference, so hackers cannot read it.

Chrome would previously flag websites as not secure if they required users to enter sensitive information such as passwords or credit card details. They have expanded this, as of the 23rd of July, to cover any website without proper encryption regardless of whether the website gathers your information.

Firefox and other large browsers are also expected to implement changes to flag insecure websites in the future.

How Does Being Flagged as Not Secure Affect a Site?

Websites that are flagged as not secure can expect a loss in business from visitors. Research suggests that over 80% of internet users would not make a transaction on a website that was flagged as not secure. HTTPS by contrast can grant a website increased trust between it and its users.

Google have also confirmed that HTTPS is a factor in their search engine rankings. Websites that are not encrypted are failing to meet their full SEO potential.

Websites that are not encrypting their data are at higher risk of being hacked or having their data stolen. This can cause tremendous lost of finances and permanent damage to their reputation.

How do I Secure my Site?

If your website is being flagged by Google Chrome as not secure, that means you need to acquire an SSL/TLS certificate. Doing this will activate HTTPS for your website. These certificates are used to prove that you own a particular domain and that your business is legitimate.

A domain validated (DV) certificate is the fastest way to get HTTPS. These certificates can be issued in minutes.

Your website will switch over to HTTPS as soon as the certificate is installed. The green padlock symbol in the URL will also indicate that your website is encrypting data.

You can find a range of SSL certificates on our website at discounted prices.

Servertastic Limited is registered in England and Wales.
Registered Company Number: 04982077
VAT Number: GB125485804

Hosted by LayerShift

Mastercard Maestro Visa American Express
Diners Club JCB Discover Paypal
Sectigo Trust Seal
Reviews
Cyber Essentials