Google is now actively Penalising websites not secured by SSL security certificates – is your site one of them?

Starting with the release of Chrome 62 in late October, Google will mark any website with an insecure form “Not Secure.”

If you haven’t added SSL to your website, you may want to—an important deadline is coming up. Starting in October with the release of Chrome 62, Google will be marking any website with an insecure form “Not Secure.” This isn’t just a warning for pages with an insecure login/password field, now it’s any field—anywhere a user can input information.

The warning for an insecure password field.

This is keeping with Google’s push for universal encryption. The company has continued to ramp up pressure for websites to add SSL. And Google doesn’t plan to stop at just warning Chrome users about insecure forms, either. Google plans to roll out a warning for all HTTP websites sometime in 2018.

So heed this warning, if your website is anything more than a blog or a personal website, you need to encrypt. Whether you’re just collecting an email address as part of a capture strategy or you’ve got a signup form somewhere, you’ll be sorry if you don’t secure it before Chrome 62 drops in October.

“Not Secure” warnings kill conversions

Nothing is going to kill your conversion rate faster than Google placing a “Not Secure” warning in your address bar or drop an interstitial warning when a customer attempts to type in one of your website’s fields.

And it’s not just Google, the other browsers are also adopting similar policies with regard to encryption and insecure websites.

Think about it, people tend to trust their browsers. When one of them tells a user that he or she is not safe on a website, the vast majority of people are going to leave. Nobody is sitting at their computer saying, “this seems like a worthwhile risk to take.”

So remember, if your website has any forms on it—install SSL. Waiting until Google flags your website is playing with fire. It’s time to add SSL.

Annual pricing for a secure SSL certificate starts at just $55 and Hostcake can take all the hassle out of purchasing, installing and testing your SSL certificate with our Installation Service for just $99.

Click HERE to buy or for further information.

 

How can I protect my website against hackers?

How can I protect my website against hackers?

you have been hacked

 

It is critical that your website is kept safe and secure from hackers. Although Hostcake employs a range of measures to keep our web servers secure, individual customer accounts can still be exposed and maliciously hacked. The following strategies should be used as precautions against hacker activity.

Keep your scripts and plugins up to date

This is an extremely important measure – make sure you keep abreast of the latest updates to any scripts you run, especially if they are popular and widely used (for example, Joomla and WordPress) well as any shopping carts, etc. Once a vulnerability is exploited, it spreads through the internet like wildfire. Most scripts cannot auto-update themselves, so you will have to do this manually. We also strongly suggest you consider subscribing to a website maintenance service that will take care of this task for you. Just like a car you can’t create your website and expect it to run trouble free without any form of servicing.

Hide your website admin area (very important!)

Hackers will scan and probe directories, using automated scripts, looking for tell-tale files like login.php, adminlogin.php and so on. It is certainly recommended that if you are using the well known “Word Press” website format that you DON’T name your admin user “admin”, try something more random. A WordPress plugin such as “WordFence” will help protect your site from repeated password guessing attempts.

Maintain strong passwords

Make sure you use strong passwords (at least 12 characters, with symbols and numbers where possible). This mitigates the possibility of a brute force and dictionary attack. Use different and unique passwords for your cPanel, MySQL databases, WordPress or Joomla and email accounts. If you need some secure passwords, try the random password generator in your Cpanel logon. It’s also good practice to change your passwords every month to maintain the security of your accounts.

Keep your own PC up-to-date and virus free

This tip is very important! Many customers have infected their own websites because their computer was compromised and used to attack the website. Make sure you set your Windows Update setting to ‘automatic’ (for Windows 10 users this is already in place) and always leave your firewall on (either the Windows firewall or the one provided by your antivirus software should do). Also, make sure you are running an up-to-date virus scanner. If your computer does get infected, hackers can potentially install a keylogger on your PC. Keyloggers record everything you type and send it back to the hacker, thereby compromising all your secure accounts.

Don’t log into your account at internet cafes or via unsecured wifi

You don’t know what is on the internet cafe PC, and therefore you shouldn’t trust it. Even if the internet cafe owner is legitimate, someone may have installed malicious software on the computer, capturing all your passwords and login details. Similarly, if you use a Wifi point, someone might be ‘listening in’ and intercepting your details.

Containment principle

Our servers are set up in a way that contains any damage or hacking activity to the affected user account. Therefore, if you make any mistakes and are hacked, only your user account will be affected. However, if you are affected, the best and quickest way to recover is to restore from backup.

Restoring from a backup

If your account is compromised, restoring from your last known good backup is preferred. Using this method you can be sure that none of your files have been tampered or modified. Although we keep our own backups of your websites, we urge all our customers to periodically make their own backup. Once your account is restored, you can then use the tips above to prevent it being compromised again.

Please contact us as Hostcake support if you would like further information.

support@hostcake.com.au

Safe Browsing!