Ah the day of Love! We have designed some Free Memes for your use ranging from the Traditional ‘Roses are red’ to Sentimental.
Check them out on our Holiday Announcement Page or visit our Facebook page for easy sharing!
We’re having a Special on Personalized ‘Cards’ for that someone special for you to email, share on Facebook or even have Printed and Framed(4″x 6″)!
We can also design one for your Business, Website or Facebook Page?
Send me a message on Facebook or Contact Me to get started!
Some of you that purchased a SSL Cert or had one included when you set up your new website, may still be showing the ‘i’ in a circle in the URL address box.
Well, have you ever clicked on that ‘i’? It stands for Information. When you click on it, it has a drop down window that shows what type of connection (secure, not fully secure and not secure), number of cookies that are used on that site. In this window, where it says that this is not a secure site, there is a word “Details” in blue and underlined. Click on it.
It opens a window on the right side of your browser screen. At the top of this screen is a toolbar with Elements, Console, Sources. . .Security.
Click Security. What do you see?
Well, it says I have a valid SSL Cert and the connection is secure. Then it says Mixed Content with a red dot?
That’s why. YOU have a secured site but you are offering links to other sites that do not have/purchased a SSL Cert.
But I thought I was good to go by purchasing/having a SSL Cert. Well, in a sense you are correct.
This is saying that you have linked to a site that does not have a secure site. Or are utilizing an image with a link back to an insecure site.
But, But. . . ah damn, I have a headache now!
All’s well my friends! Give it some time. They will work the kinks/bugs out.
Educate yourself! Call your hosting company, visit their Blogs, ask questions!
Chrome Dev Summit 2016
Mythbusting HTTPS (Progressive Web App Summit 2016)
How does this apply to me and How do I know I need one?
There are some basic industry questions to determine this questions:
Now your saying: I don’t met any of this criteria. I do have a Newsletter form or a Quote form where I do ask for an email address and name.
No Problem, this is public information and does not meet Industry standards.
Ok, so if I don’t meet the basic criteria and it’s public info, What’s the big deal and why am I being asked to get one?
Well, The Industry is pushing and upgrading to a more secure internet. Predominately over the last few years with all the hacks/leaks/Ddos/phishing/man-in-the-middle attacks that has been covered in the Media. As well as “Big Brother is watching”. So by going to an encrypted secure internet there’s less chance of any of these happening. A lot of this has been happening behind the scenes that most web users really haven’t been aware of other than their browser has released a new update.
And you have now noticed the little green padlock or the whole URL address window is green or red. That was the beginning. Companies started making the move to HTTPS. You have probably seen this for your Financial Institution. You may have noticed that your Facebook URL has a green padlock.
But you ask, wait didn’t you say in your last post that SSL Certs are not created equal? Why, yes, yes I did, thanks for remembering. They are not! But remember, the criteria to get the Green Address Bar is very stringent.
Again you say: But I still don’t meet the standard.
There does seem to be a BIG industry push to purchase an SSL, especially with Google soon to be released Chrome 56. Where they are enacting a stricter criteria for the Green Lock, hence a SSL Cert and touting that it will also give you a higher ranking. BUT if you watched the video in my Post: Why am I receiving email. . . .you saw and heard from Google itself that at this point it is small. And as a I am on both sides of the fence by being a website owner and that I design websites, I know first hand how it is coveted to be on the first page for a Google Rank. But, I also understand that there are x amount of slots on the first page AND that in the last couple years those slots have lowered due to GOOGLE ADS!
In today’s fast paced world, of course you do not want to have to go 15 pages deep to find what you are looking for but have you actually stopped and taken a look at that page? 4 ADS, next top 3 websites listed are the companies with those Ads, and then a sprinkling of what you where searching and at the bottom MORE ADS! It’s frustrating sometimes with all those ADS and I still go 15 pages deep to find what I am looking for.
WordPress Websites & Blogs:
How does this pertain to my WordPress Admin log in?
If you purchased a ‘Managed’ WordPress hosting it may have come with an SSL and that covers your log in page for your admin as well as showing the ‘Green’ lock in the address window. Please note that there could possibly be an annual fee for the SSL Cert. Check your account with your Hosting Company.
If you do not have a SSL for your site, there are numerous Plug-ins available to help protect against your login page getting hacked. I personally install a Limit Login Attempt plug in on all my customers sites, even if they have a SSL.
WordPress itself also has it’s own security features covered here https://wordpress.org/about/security/
Now you should have an even bigger eye-crossing basic understanding. I cannnot answer the question ‘Should I get one?’ You need to assess your business, on-line presence and your business/hobby goals.
There does seem to be a BIG industry push to purchase an SSL, especially with Google soon to be released Chrome 56.
In my research, there’s a lot of talk about a ‘more secure web’. At this point, I am asking myself ‘Shouldn’t encryption be a standard feature with my Hosting/Domain?’
Shouldn’t I be able to reasonably expect that if I have my website on their server, that their server is secure and encrypted to talk to browsers and if I installed a Malware Protector like SiteLock shouldn’t that also improve my security standing without having to purchase a SSL? Especially when I purchased my malware protector through my hosting?
My concern is that I now must make this same decision myself. So, once Chrome updates sometime in January 2017, my site will now have a red lock. And I ask the basic question: Do I collect customer credit card info, username/passwords, provide e-commerce, etc on my site? The answer is no.
So all the reasons, should take into account, how does this apply to you comes crashing into a big brick wall with the question: How does this affect us little guys? The answer: MONETARILY!! According to their standards, I do not need an SSL. But yet, with “new improved security standards” I now need to buy into ‘The industry’.
As in all things, BUYER BEWARE!!! Ask questions, pay attention to links you click on whether on a website or in your email. Not sure about a link? READ THE LINK ADDRESS! Copy it and put in a new browser window to verify. Looks like it came from a Company you do business with? Go to that Company’s website with a direct url.
My father always told me: ‘Follow the money’ & ‘A lock only keeps an honest man honest’
Sources: WordPress.Org; GoDaddy.com; SSLShopper.com; GlobalSign.com; Zen-cart.com; Siteground.com & My Dad
SSL stands for Secure Sockets Layer.
It is a security certificate issued by a Certificate Authority Company that generates an encrypted connection between your web server and your visitor’s web browser.
Here’s a short video that explains this process: https://www.youtube.com/watch?v=iQsKdtjwtYI
Not all SSL’s are created equal. There are 6 versions that I have found:
What is a certificate authority (CA)?
A certificate authority is an entity which issues digital certificates to organizations or people after validating them. Certification authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined procedures. Every certification authority provides a Certification Practice Statement (CPS) that defines the procedures that will be used to verify applications. There are many commercial CAs that charge for their services (VeriSign). Institutions and governments may have their own CAs, and there are also free Certificate Authorities.
Every certificate authority has different products, prices, SSL certificate features, and levels of customer satisfaction.
Note: The standards that all SSL providers have to follow to issue any version of a SSL Certificate were created and agreed upon by all the members of the CA/Browser Forum.
What is browser compatibility?
The certificate that you purchase to secure your web site must be digitally signed by another certificate that is already in the trusted store of your user’s web browser. By doing this, the web browser will automatically trust your certificate because it is issued by someone that it already trusts. If it isn’t signed by a trusted root certificate, or if links in the certificate chain are missing, then the web browser will give a warning message that the web site may not be trusted.
So browser compatibility means that the certificate you buy is signed by a root certificate that is already trusted by most web browsers that your customers may be using. Unless otherwise noted, the certificates from all major certificate providers listed on SSL Shopper are compatible with 99% of all browsers
So, now that your overloaded with that info, I’m going to stop here so you can chew on this information.
Tune in tomorrow for the next installment: How does this apply to me?
Sources: WordPress.Org; GoDaddy.com; SSLShopper.com; GlobalSign.com; Zen-cart.com; Siteground.com
Customer: Why did I get this email? Why is it asking: Does your site pass Chrome’s security checks? and there’s a link to scan my site.
Well these are completely loaded questions and in doing research on this subject, I’m thinking it will need to be broken down into multiple posts over the next week.
Basically, Google is updating to Chrome 56. Within this there is a shift in the industry to start marking websites as Secure (green lock in url window), Secure (the whole url bar as green w/green lock) or a Not Secure in the url bar. Which we have already been seeing for some time and for some of the bigger companies, financial institutions & e-commerce sites. Especially with increase in all of the breaches/hacks/attacks that we have been hearing about over the last 2 years.
Excerpt from GoDaddy, more info:
When customers visit your website, they might check the URL in the browser bar to see if it’s a secure HTTPS, rather than HTTP, connection before entering their personal information. But Google research found that many people don’t check first for an HTTPS connection — putting themselves and their information inadvertently at risk, even on some of the world’s most trafficked websites .
The new Google Chrome Not Secure warning puts website security front-and-center.
When a page is loaded in Chrome 56, Google will look for forms that collect passwords and credit card numbers, plus check for valid SSL certificates that provide secure HTTPS connections.
Thus putting a green lock, green url address bar or not secure message in the Url address window which as stated above their research found that people don’t check?
What this means:
Websites that take in sensitive data but are not protected by SSL certificates will be flagged as “Not secure.”
Now Godaddy offers a Free Unsecure Form Scanner for your use. What does it do?
Scans your website for two things:
- Forms that handle login or payment information.
- The installation of an SSL certificate.
This determines whether your site will display the Google Chrome Not Secure warning message to visitors using the latest Chrome browser version.
Now this leads to the ‘Loaded” part:
If your CMS is web/browser based (WordPress, Wix, CMS Lite, and the list goes on) where in order to edit your website you have an Admin log-in window pop up and you do not have a SSL Cert, you will now be marked as Unsecure!
Ok, now your mind is racing with questions or comments:
Remember above I called this an INDUSTRY? It’s a business. As website owners we know that the Internet is not FREE!
So They have just ‘up ed’ the game to have your presence on the web.
The BIG QUESTION: Now What?
Do your research, call your hosting companies and ask questions.
I am not an expert on Security, so I can not advise you on what to do.
I can only give my opinion, which could be a big stinky onion to some, as they are a dime a dozen and everybody has one!
So check back as I do more research, add another layer to my Onion and try to answer some of your questions!
Here’s a Link to the Google Security Blog, Sept 2016:
Moving towards a more secure web
Was in the ‘Zone’ yesterday and designed 4 Friendship/Uplifting Memes. I call then Memes for a lack of a better term. Maybe ‘Quotes’ could work but some just aren’t really quoting anyone in particular?
AnyHoo, Check them out on the Inspirational/Memes Page under Free.
Along with that, I have also made Photo Albums on my FaceBook Page. So now you can go there as well and share!
Please bare with me as I get my FB page up and running
Here’s a new Pre-made WordPress Theme-CholoateDecadence!
Pre-Made Themes come with 1-2 Dividers, 2-3 Bullets and maybe 1-2 Accents (pending the theme). Of course there’s also the linkback banner.
When purchased, the Header and Linkback banner are personalized at no additional cost. Meaning that the little dog as pictured with this theme is there to give an idea and so the Header is not blank.
So, after taking the plunge and making a FB page, I obviously didn’t want to have to type more than I have too. So I went on a search for a plug-in to use that would ‘automatically’ update my FB page when I do a post here on my website.
Blog25Social came up. It has a Free version as well as the paid Premium. The difference? Options.
Apparently there are key time frames to post to your social media and Premium will post for you during those parameters. I equate that to setting a time for a text to be sent vs. immediate.
In the Free version it is immediate.
But, there’s a but here. Once you have created your post in your Blog, you then have to go into the plug-in Dashboard and manually share. It doesn’t matter is you have the Free or Premium versions. Like I mentioned above, Premium just gives you the option to set a timer.
So, it’s not completely ‘automatic’. It’s just a couple mouse clicks so I guess that’s better than having to Cut&Paste or even re-typing.
Once you get the hang of it, it’s all good.
So, I will be on the hunt for a plug-in that could actually be ‘automatic’ or more user-friendly for a beginning Blogger with limited experience.
I have just completed one of my New Year Resolutions! To take the Plunge and create a Facebook Page for my website! You can now follow me on FB!
Be the first to see a new design, welcome a new member of the FNFD Family, share a Memes, learn a little something from my mucking about and maybe a rant or two!
Join me and click on Like and Share!