larryaronson.com

Articles

Given the rise in hacking attacks and other forms of digital misbehavior, people are more cautious than ever about where they place their trust.

Google wants to help everyone manage their trust relationships and is making changes across their technology to nudge the Web onto secure platforms: https: and SSL.

https (httpsecured) is a version of the protocol web servers and user agents (browsers, apps, robots) use to talk to each other. SSL (Secure Sockets Layer) refers to the encrypted communication channel they use – the private side of the Internet.

SSL provides certificates website owners use to authenticate their websites. The certificate is a set of cryptographic keys your webserver uses to encrypt and sign the documents (webpages) it returns to your visitors. Their browsers verify the certificates  and get the decryption keys. If all the various components of the webpage are from secure sources, the browser puts a “Secure” tag or icon in the location bar.

It’s actually a good idea for the 5 reasons listed below.

But the clock is running! Starting next month, visitors to http webpages using the latest version of  Google’s Chrome browser will see a “Not Secure” tag appear in the location bar as soon as they start entering text in any input field on the page. This has been the case for pages containing a password or credit card number field since January.

This animated gif from SSL2buy, a global SSL provider, explains it all:

Chrome Security

https://www.ssl2buy.com/wiki/wp-content/uploads/2017/05/http-search-chrome-62.gif

Updates are automatic for most Chrome users and Firefox and Safari will be making similar changes. Starting next month (Oct. 2017) this becomes the default behavior.

This change affects every WordPress website owner and admin. Think about all the places you might have an in input element on your website. If you have a search field in your header or a newsletter subscribe form in your sidebar; that’s every page on your website!

 

5 Reasons why SSL/https is a good idea.

  1. Domain Authentication – Provides assurance to your visitor that the webpage they asked for is the webpage they got. That no man-in-the-middle has intercepted your visitor’s request URL and sent back a page pretending to be you.
  2. Data Integrity – SSL encrypts all communication between your website and your visitors. Any attempt to remove, modify or add data turns that communication into nonsense. Governments and telecom companies can still block traffic to your website through their networks, but they can’t interfere with the conversation if they don’t.
  3. User Privacy – It’s not just the newsletter signup form on your website that needs to be encrypted so spammers can’t steal names and email addresses. It’s also WordPress logins credentials, post comments and search terms. Think about how visitors connect through open WiFi and mobile data networks they know nothing about. Yet they ultimately hold you responsible for protecting their confidentiality.
  4. Load Speed – A new Web protocol version, HTTP 2.0, is replacing the very old version 1.1. HTTP 2.0 manages multiple connections over SSL more efficiently. Your website’s visitors will experience faster page loads. But this only works with secured websites. HTTP 2.0 falls back to the version 1.1 protocol for websites without an SSL certificate.
  5. Search Ranking – Google regards secured websites as more reliable, more serious in intent than unsecured websites, especially if the website requests user input via forms. Your secure website will appear in search result pages above insecure websites that would otherwise rank equally for a given search term. Not secure pages in SERPs will be labeled as such.

 

Migrating a WordPress website from http to https

The process will vary from one webhosting company to the next. So, the very first thing you need to do is check your hosting company’s documentation to see if they support https access for a website under your hosting plan. If they do, then ask them for help.

Make sure your WordPress installation and plugins are completely up to date and that the database and files are fully backed up before you start. Check what version of PHP your WordPress is running under. You’ll want PHP 7 or later to take full advantage of the speed improvements.

Here’s a overview of the steps:

  1. Get SSL certificates from a Certificate Authority for all domains and subdomains served by your website. Your webhosting company may do this for you.
  2. Duplicate your website & database. Enable the new website for SSL/https: and install the certificates.
  3. In the new website, change internal links from http://yourwebsite.com/  to   https://yourwebsite.com/ .  Do this for both the content in the database and the code in the theme template files.
  4. Find and replace non-secure external sources of content with equivalent secure sources. This has to be done on a case by case basis. Older plugins may not have secure sources for the assets they embed into your pages.
  5. When every page in the new website displays the “Secure” label, add a redirect directive to the old website to forward all http: traffic to the secure https: website.
  6. Update 3rd party services with your new URL, including: Google Analytics & Search Console, eMail marketing services, payment gateways and affiliate programs.
  7. Update your social media and other membership organizations where your URL is in a “profile”. While this isn’t technically required, you want the world to know you respect people’s privacy. Displaying a URL beginning with https: sends a subtle signal that you can be trusted.

Honestly, I’m not trying to make this look difficult; it really is a big job! For a webpage to be considered secure, every content component that goes into that page must come from a secure source. This includes: images, videos, embeds, objects, iframes, stylesheets and scripts. The more complex and content-rich your website is, the more problems you’ll encounter.

Not so long ago, the Internet was open territory populated largely by techies who shared a “Do No Evil” ethic. Now it’s an essential part of billions of lives and encountering people who don’t have your best interests at heart has to be expected. When you interact with your customers and prospects online, trust is no longer assured.

While implementing user security and privacy seems complicated—and I’ve only scratched the surface—migrating your website to SSL/https is well worth it. It shows respect for your audience.

 

 

 

Home_Page_-_Fovia

I’m delighted to announce the launching of the new Fovia Inc. website. Fovia Inc. provides software development kits and related services for high-quality, high-speed 3D image rendering. The kind of image data that’s output by MRI, CT and industrial scanning machines.

What makes this website so fascinating (and exciting to work on) are thousands of high resolution medical, archeological and industrial images showcasing the power and flexibility of Fovia’s XStream® HDVR® product. If that’s not enough to perk your interest, check out the high resolution, fly-through movies.

•••

Larry Aronson on Webcertain.tv

At MarketingProfs B2B Forum in Boston last October, I was interviewed by Gemma Houghton for Webcertain.tv.

our 11 minute conversion, “Capitalising On New Technologies”, can be seen here: http://webcertain.tv/vod/capitalising-on-new-technologies/13525 .

Power of Music Debut

Power-of-Music-screenshotI am proud to announce that The Power of Music, a project I’ve been working on since June, has finally launched.

The Power of Music is an eight-part, multimedia, professional development course for music educators. The video series and website provide an introduction to El Sistema, the pioneering approach to music education and illuminate the ways it’s being adapted for teaching music in the U.S.

The website was developed for WNET/Thirteen public television with support from the Annenberg foundation. It features over 45 videos and 3 interactive applications. The website’s graphic design was done by Michael Pinto of vm.com with additional graphics by Gwen Singley.

•••

Startup Secrets

Startup SecretsHow to pick a winning startup to work for

I was at the NY Tech Meetup last Tuesday evening. If you’re not familiar with it, the NY Tech Meetup is the largest monthly meetup anywhere.

For the September meeting, they usually pull out all the stops. True to form, it was awesome. Our mayor, Bill de Blasio, dropped by to make a Tech Sector booster speech (see approximate rendering at right).

The NY Tech Meetup is a demo-or-die event where 10 companies get 10 minutes each to show their stuff. There’s no judging. But let’s face it – attendees are picking winners and losers.

During the short Q&A sessions between demos one question is taboo: What’s your business plan?

•••

GoDaddy Update Question

A client friend recently wrote:

I got an email from go daddy and spoke to an agent about updating [the website].

I didn’t understand much of what he was explaining but he said it was not that hard to do. He said I need to back up and move the content over to the new platform. Something called a linix C panal web hosting.

I answered:

GoDaddy is trying to get you to move [the website] into their new-ish account management structure in order to make it easier to sell you additional hosting products and services. This is separate from your domain name registrations with GoDaddy which won’t have to be renewed for another couple of years.

  • You DO have to renew your Web hosting agreement for [the website] by Sept. 8.
  • You don’t have to change the hosting plan.
  • It would be a good idea to backup [the website] in any case.

Your current hosting plan is called, “Economy Classic Hosting Linux” and GoDaddy wants to move/upgrade you to “Economy Linux Hosting with cPanel”.  In anticipation, they’ve already setup the new account with a dummy website and a separate username/password. The new plan would cost you $6.99/mo whereas your current plan is $5.99/mo.

Linux is the preferred operating system for Web servers. It’s very similar to MacOS – like two sisters who went to different schools and dress differently. cPanel is software for managing an account on a Linux server. Like the Systems Preferences application on a Mac, it has a number of panels for changing your settings and adding/removing features.

If you have no interest in adding new features to [the website] – i.e: email accounts, e-commerce packages, premium support – don’t upgrade, just renew the current plan. I can help you with that.

Don’t let GoDaddy persuade you that [the website] needs more than “economy” level resources. Although it is a gallery website, all of the images are optimized for quick loading and minimal bandwidth. The web pages are simple HTML, requiring no extra resources on the server for the amount of traffic you anticipate.

About WordPress Themes

What to Choose, How to Choose.

There’s a never ending discussion about WordPress themes in forums I visit and meetups I attend. Paid vs. free; custom clones vs. child-parent themes; large frameworks like Genesis vs. stand-alone themes like Twenty Eleven. Here are my thoughts:

•••

Happy Birthday WordPress

WordPress is 9 years old today and has announced the availability of the first release candidate (RC1) of the next version, 3.4, which I’ve just installed on my local MAMP stack.

So far, there’s no sign of a new “TwentyTwelve” theme. However, there is a new theme previewer/activator that allows an administrator to set a number of theme options and see how they look before saving the options and activating the theme. It’s really nifty. I’ll have more on the new version after the weekend.

But, I also wanted to share my excitement on attending a wonderful event last Thursday and getting to meet Matt Mullenweg, the creator of WordPress and CEO of Automattic. The event was the first in a series of monthly “fireside chats” organized by Pandodaily.com. Matt was interviewed by Sarah Lacy, the founder and editor-in-chief of PandoDaily. It was a long, free-wheeling and thoroughly enjoyable interview and Q&A. My thanks to Howard Greenstein for  getting me in to the event.

Happy Memorial Day!
Larry Aronson