Versions Compared

Old Version 13

changes.mady.by.user Danielle Donley

Saved on

compared with

New Version 14

changes.mady.by.user Danielle Donley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Website - Getting Started

...

Website security is gaining significantly more attention as Google and other browsers have begun forcing SSL adoption.  This guide covers the basics of SSL and the impact SSL Certificates (or lack thereof) have on the Member/Visitor experience on your Club’s Website.

SSL stands for Secure Socket Layer, which is the defacto method used to encrypt sensitive data such as usernames, passwords, and other private information that is passed back and forth over the Internet between your website, visitors’ browser(s), and your club’s website server.  An SSL Certificate provides visible assurance to visitors of the site, that the site is legitimate, and that data encryption is taking place to ensure their sensitive data is protected.  Once the site has SSL, an “s” is placed after the http:// of the website’s address - i.e. https://www.anyclub.com.


Use Case(s)

    • Club Web address is http://www.yourclub.com (missing the “s” after the http)

    • Club Members are calling the Club indicating they are receiving a “Connection is Not Secure” message when visiting the Club’s Website.

    • When entering sensitive data into your Website, Club Members are receiving messages such as “This connection is not secure.  Logins entered here could be compromised.”

...

Please NoteThe Club’s Account Manager can provide clarification and assistance should you have any questions.

What will an SSL Certificate Provide?

Fostering a safe and secure environment for all Club activity is of the utmost importance. Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network. An SSL certificate will help verify the Club’s Identity and will then encrypt any data that flows to and from the site, keeping it secure from outside users.

Please Note: For increased online security, most browsers are making sure users are educated on the security of the sites they visit. Find more information on this transition to a safer online environment, below.

Secured by SSL vs. Not Secured by SSL: A Quick Indicator

When you connect to a secure website, the URL begins with "https" instead of "http", like in the example below. The "s" means that the website has been secured with an SSL Certificate.



Websites not protected by SSL will display some type of warning in the URL bar, indicating that the "Connection is Not Secure", see the examples from different browsers below:



Browser Security Changes - Warnings

Anyone using Firefox version 52 and up will see warning messages regarding their site security when they enter their password into the login field or the "Password" field in the member profiles as seen above.

Similarly, Google Chrome announced that beginning in October 2017, anyone using Google Chrome version 62 and up to view a website that's not protected by SSL, will also begin seeing "Not Secure" warning messages when entering sensitive information into online fields like password or credit card fields, or email address fields on prospective member inquiry forms. For more information from Google on this change, please see article here. 

FAQs

Q: How can I tell if a website is secured with SSL?
A: Website's that are secured with SSL will have HTTPS at the beginning of their domain and will have a green padlock in front of the domain.

...

Q: I’ve seen some free SSL Certificates. Why would I pay Clubessential for SSL?
A: Most of the free SSL Certificates are actually free 90 day trials which put the onus on you to renew every 60 days or so. If you forget to renew, then your website loses its SSL. (We purchase for 2 years, and then we auto-renew the SSL certificates for you so you don't have to worry about forgetting to do so.) Also, many web hosts that offer “free” SSL are actually bundling it with their other products and services, which you’ll still have to pay for.

Q: Why wasn’t SSL included with our website to begin with?
A: Securing your website with SSL has not always been as pressing of a matter as it is right now. To be frank, Google is forcing our hand.

Google announced that beginning in October 2017, anyone using Google Chrome version 62 to view a website that's not protected by SSL, will also begin seeing "Not Secure" warning messages when entering sensitive information into online fields like password or credit card fields, or email fields on forms.

Imagine if your members enter their passwords on the login screen of your website and receive the following message, “This site is NOT SECURE.” They're going to be concerned, and they're going to call you to see if the website is secure.

Furthermore, let’s say a potential member fills out a membership interest form on your public website… she’ll likely get the not secure warning too. That will lower your conversions and scare off some potential members.

Q: We secured our main website domain of www.site.com with SSL. We also own the domain www.site.org which redirects to www.site.com. Do we need to secure www.site.org too?

A: Yes, you need to secure your redirect domains or else users will be presented with a warning/error page. The screenshot below illustrates the following example: The website visitor is using Chrome. He enters a domain (which we've blurred to protect the client's identity) in the browser bar and hits Enter to go to that website. The domain he entered is actually a redirect domain that goes to the main website, which has a different domain. The main website is secured by SSL, but the redirect domain is not.

Image Modified

According to this Comodo article, this warning message is due to a Name Mismatch Error.

Q: Have you ever been hacked? 
A: No hacker has ever gained access to the Clubessential servers.

...