Category Archives: Online Security

HTTPS – encrypt your website now

For the past several years, Google has been strongly advocating that sites adopt HTTPS encryption. Within the last year, users of Googlge Chrome will have noticed that Google has been  gradually marking a larger subset of HTTP pages as “not secure”.

At the moment users will only see the ‘not secure’ warning on pages where personal details are collected, such as forms, or on purchase pages. However, beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

Chrome currently indicates HTTP connections with a neutral indicator. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.
A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. More than half of Chrome desktop page loads are now served over HTTPS. 
All our new websites use https protocol by default, and we are in the process of converting all our client sites at no cost to the client.

Do I need SSL for my website ? What is it ?

What is SSL ? How do I know if my website has it ?


SSL stands for Secure Sockets Layer. It is a protocol which encrypts all data sent between a website and the viewer.

If your website has SSL installed the URL visitors see when they visit your website will begin with https:// instead of http://, and there will be a padlock symbol displayed in the address bar of the browser . (See below to see what it looks like in Chrome)

What does this mean? Why is it important?

In the past it was only considered important for a website to use SSL if data such as credit card information was transmitted. Most modern e-commerce stores get round this by using external payment gateways that take the user off-site to complete purchases (eg to the PayPal site).


However, many websites use forms which transmit personal details. This data is transmitted in unencrypted format and it is possible for hackers to intercept these details. These include contact forms or the forms that people use to sign in eg to WordPress websites. While it is unlikely, it is possible for passwords used on forms to be intercepted.

SSL is becoming the new norm

Google believes users deserve and increasingly expect a secure and private online experience when using a website. Consequently, they will in future be penalizing HTTP connections in terms of the security information they give users, and also in terms of search results priority.

At the moment, if you go to a standard http:// web page using Chrome you will see this symbol to the left of the URL:

If you click on the ‘i’ symbol you will see a moderate warning that the site is not secure. However, if you open a page with a form requiring sensitive information on it – such as the login page for a WordPress site, you will now see a clear warning that the page is not secure:

Obviously this is likely to make users feel a little bit worried – or insecure – and Google has warned that this ‘Not Secure’ warning is to be extended to any pages with forms in the next revision of the browser. In the future, it is likely that ALL http:// pages will be tagged as not secure.

In addition, Google allocates a slight ranking bonus to SSL sites in search results – not huge, but only likely to increase in future.


So should I move my site to https:// now, or can I wait ?

 The use of https:// is going to rapidly become the norm so yes, probably now or in the very near future is the time to do it.


Oh no, isn’t this going to cost me a fortune?

Not necessarily. SSL certificates can be purchased from your hosting company for as little as $30 per annum including setup –  though some may charge a lot more. Do make sure the fee includes setting up your certificate on the server, as it can be a b it complicated for the average website owner.

More expensive certificates may offer a warranty against the encryption being broken. For most people this isn’t necessary though as all they really need is the reassurance for their visitors that the data is encrypted – and the actual encryption is just as strong on cheap certificates as on more expensive ones.

Some hosting companies also offer free SSL via a new certificate issuing authority called ‘Lets Encrypt’.


So I’ve got an SSL certificate – now what?

Now you need to convert your website to use the https:// protocol. If you have a CMS such as WordPress this can be relatively straightforward using a plug-in.

If you do not have a CMS then you will need to convert all your links to https://   then set up 301 redirects from HTTP to HTTPS via an .htaccess file. If you know what this means, then you can probably do it yourself – otherwise ask your web developer.


I want to move to https:// – can you help me?

We have installed LetsEncrypt on our servers and are currently converting all existing WordPress sites hosted by us  to SSL as a free upgrade.

For other sites – non-Wordpress or hosted elsewhere – please ask us to quote.

Stay Safe Online in 2012

 Just a reminder to everyone to stay safe online this year. The internet is a fabulous place, but it can also cause a lot of grief.  Based on problems people have come to me with over the last 12 months, here’s a few reminders and suggestions that I hope you will find useful:

 1 – E-mail and phone calls

Don’t fall for any e-mail scams.

a) If it sounds too good to be true it almost certainly is. You have NOT won any lotteries you don’t remember going in for and no-one needs your help laundering some dodgy money.

b) Your bank, credit card company etc. will NEVER send you e-mails telling you that you need to update your security details and offer you a link to click on. NEVER click links you are unsure of in an e-mail. If you hover your mouse over the link you can usually see the destination in the status bar at the bottom of the e-mail screen. A link that says ‘MyBank Credit Department’ may when you hover the mouse over it turn out to be going to … hquick.php or some equally unlikely address. Only access online banking etc. through your web browser, never from e-mail links.

c) Don’t forward virus warnings, chain letters etc. to all the contacts in your address book. These things are essentially manually transmitted viruses, clogging up the internet and wasting everybody’s time. In addition they usually expose all the addresses in your address book to everyone else in your address book – not a good idea as it compromises everyone’s privacy. (See d) below)

d) If you DO decide to send an e-mail to all your contacts use BCC (Blind Carbon Copy) instead of CC – this way no-one can see the entire contents of your address book.

e) Just because an e-mail seems to come from someone you know doesn’t mean it has. Their e-mail account may have been hacked. This is particularly common with web-based e-mail accounts such as Hotmail. There has been a spate recently of e-mails purporting to come from someone you know who is stranded abroad with no money/credit cards etc. Don’t whatever you do answer these.

f) If your own Hotmail or other web-based e-mail account is hacked you should IMMEDIATELY change the password.

g) Don’t open e-mail attachments unless you are sure what they are. Your anti-virus programme should be set to scan attachments automatically anyway, but be careful. In particular do not open .zip files or Word or Excel files from unknown sources without scanning them first. pictures – .jpg, .bmp, .gif or .png – are usually OK.

h) Microsoft will NEVER phone you to discuss security issues on your computer. This is a common scam. NEVER, EVER give a stranger on the phone remote access to your computer.

i) SNOPES is your friend. Snopes is a website that lists the vast majority of common scams. If you are unsure of something it is worth checking Snopes out.


 2 – Viruses and malware

a) Make sure your antivirus protection is up to date. I am currently recommending Microsoft Security Essentials as the best free antivirus solution – but remember that you can only have one antivirus programme installed at once, so do uninstall your current AV programme if you are installing a new one, or there may be trouble ahead . . .

b)If (heaven forbid) your copy of Windows won’t pass the ‘Windows Genuine Advantage’ test then you will not be able to install Microsoft Security Essentials. In this case I would recommend Avast.

c) Check that your antivirus programme is automatically downloading and installing the latest updates. If it isn’t then make sure you update it manually. If you got a free 3-month trial of Norton, Macafee or some other ‘big’ antivirus programme when you bought your PC you will need to pay when the trial period expires or it will stop working. This is an ideal time to uninstall the costly, resource-hungry monster and install MSE instead.

d) If you are installing an antivirus programme make sure you do it either through the programme’s own uninstall routine or via the Uninstall option in the Control Panel. Just deleting files will not do it and will cause problems.

e) Antivirus programmes will not necessarily catch all nasties – to stay completely safe I recommend installing the paid-for version of Malwarebytes’ Anrti-Malware, whcih gives real-time protection. This programme will co-exist happily with your antivirus programme. It costs £20. There is a free version which is very good at finding and detecting malware when you instigate a manual scan with it, but the free version does not provide real-time protection.

f) A lot of particularly nasty viruses will pose as anti-virus programmes themselves. If you suddenly get a pop-up window saying your computer is infected make very sure that it is from your own AV programme before you take any action. If it is a new type of window or warning then do not click anything – switch the machine off then reboot in safe mode and run Malwarebytes (see below)

g) If your computer does catch a virus or become infected with malware then switch it off immediately, start it in Safe Mode (repeatedly press F8 while booting up and select Safe Mode with Networking initially). Run Malwarebytes. (You may be unable to download it as many viruses and worms block access to antivirus and antimalware sites. It is handy to already have the last the free version of Malwarebytes installed on your PC for a rainy day). This is often enough to fix the problem. Other options include using System Restore to go back to a time before the problem occurred.

h) If after trying the above you are still infected then don’t keep trying the same old things or constantly restarting your computer in the hope that it has miraculously fixed itself as the problem may become worse. Contact someone with more knowledge than yourself.

i) Filesharing websites (sometimes called Torrent sites) are a rich source of infection. Only use them if you are very sure of what you are doing – and check for other people using your computer (esp. teenagers!) using these sites.


3 – Back-ups and other common sense stuff

 a) Computers can and will go wrong. Sometimes they can be fixed, but if the hard drive – where all your documents, photos etc are stored – becomes damage you can lose everything. Back up anything you cannot afford to lose or would not like to lose

 b) The built-in Windows backup is not great and is not easy to use, especially in older versions of Windows.  The easiest way to back stuff up is to drag and drop the relevant files onto some external medium. The best thing to use these days is a USB stick (also known as a Flash drive or memory stick). These are cheap. Get one big enough for your files (8Gb is usually plenty) and use it regularly to store a back-up of anything you create or upload to your computer that you want to keep safe.

c) If your e-mail is important to you and it is stored on your computer (i.e. if you use Outlook, Outlook Express, Windows Mail, Thunderbird etc) then you might want to keep a backup of this as well. To do this you need to find out where your mail is stored then copy that whole folder onto the memory stick. You can usually find where your mail is stored from one of the menus in the e-mail programme, otherwise use Google.

d) You might also want to back up your Favourites.

e) Don’t let friends or relatives install anything on your computer or change your settings without your permission, and if you give that permission make sure you know what they have done and why. People seem to think they have a god-given right to mess with other people’s’ computers because they know a little more than the hapless owner, but this is very much an area where a little knowledge can be a dangerous thing. Messing with your computer and its settings without your permission is no more acceptable than going through your underwear drawer, so just firmly but politely tell them to leave everything exactly as they found it.

Have a safe 2012 online! 😀