...
Website security is gaining significantly more attention as Google and other browsers have begun forcing SSL adoption. This guide covers the basics of SSL and the impact SSL Certificates (or lack thereof) have on the Member/Visitor experience on your Club’s Website. SSL stands for Secure Socket Layer, which is the defacto method used to encrypt sensitive data such as usernames, passwords, and other private information that is passed back and forth over the Internet between your website, visitors’ browser(s), and your club’s website server. An SSL Certificate provides visible assurance to visitors of the site, that the site is legitimate, and that data encryption is taking place to ensure their sensitive data is protected. Once the site has SSL, an “s” is placed after the http:// of the website’s address - i.e. https://www.anyclub.com. Use Case(s)
|
...
Clubessential offers Basic and Advanced SSL Protection Options.
Basic
Basic Protection has the padlock in front of your domain (see screenshot below). Additionally, Basic covers just Domain Validation (DV), meaning just the domain ownership is checked prior to issuing the certificate.
Advanced
Advanced Protection includes the padlock as well as your club’s official organizational name in front of the domain, thus delivering a higher level of assurance to your users (see screenshot below).
...
...
Advanced Protection covers Extended Validation (EV), meaning that in addition to domain ownership, business registration is also checked prior to issuing the certificate.
...
For more information and to choose the type of SSL Certificate you would like please click here.
Please Note: The Club’s Account Manager can provide guidance and assistance in the process.
What will an SSL Certificate Provide?
Fostering a safe and secure environment for all Club activity is of the utmost importance. Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network. An SSL certificate will help verify the Club’s Identity and will then encrypt any data that flows to and from the site, keeping it secure from outside users.
Please Note: For increased online security, most browsers are making sure users are educated on the security of the sites they visit. Find more information on this transition to a safer online environment, below.
Secured by SSL vs. Not Secured by SSL: A Quick Indicator
When you connect to a secure website, the URL begins with "https" instead of "http", like in the example below. The "s" means that the website has been secured with an SSL Certificate.
Websites not protected by SSL will display some type of warning in the URL bar, indicating that the "Connection is Not Secure", see the examples from different browsers below:
Browser Security Changes - Warnings
Anyone using Firefox version 52 and up will see warning messages regarding their site security when they enter their password into the login field or the "Password" field in the member profiles as seen above.
Similarly, Google Chrome announced that beginning in October 2017, anyone using Google Chrome version 62 and up to view a website that's not protected by SSL, will also begin seeing "Not Secure" warning messages when entering sensitive information into online fields like password or credit card fields, or email address fields on prospective member inquiry forms. For more information from Google on this change, please see article here.
...
FAQs
Q: Can’t we just purchase our own SSL Certificate?
A: We handle it for you. There’s no need for you to purchase your own SSL Certificate. Even if you did purchase your own certificate, there’s still back and forth work needed between your club and Clubessential to set up and maintain the SSL.
Q: I’ve seen some free SSL Certificates. Why would I pay Clubessential for SSL?
A: Most of the free SSL Certificates are actually free trials which are only valid for a short period of time. Also, many web hosts that offer “free” SSL are actually bundling it with their other products and services, which you’ll still have to pay for.
Q: Why wasn’t SSL included with our website to begin with?
A: Securing your website with SSL has not always been as pressing of a matter as it is right now. To be frank, Google is forcing our hand.
Google announced that beginning in October 2017, anyone using Google Chrome version 62 to view a website that's not protected by SSL, will also begin seeing "Not Secure" warning messages when entering sensitive information into online fields like password or credit card fields, or email fields on forms.
Imagine if your members enter their passwords on the login screen of your website and receive the following message, “This site is NOT SECURE.” They're going to be concerned, and they're going to call you to see if the website is secure.
Furthermore, let’s say a potential member fills out a membership interest form on your public website… she’ll likely get the not secure warning too. That will lower your conversions and scare off some potential members.
Q: We secured our main website domain of www.site.com with SSL. We also own the domain www.site.org which redirects to www.site.com. Do we need to secure www.site.org too?
A: Yes, you need to secure your redirect domains or else users will be presented with a warning/error page. The screenshot below illustrates the following example: The website visitor is using Chrome. He enters a domain (which we've blurred to protect the client's identity) in the browser bar and hits Enter to go to that website. The domain he entered is actually a redirect domain that goes to the main website, which has a different domain. The main website is secured by SSL, but the redirect domain is not.
According to this Comodo article, this warning message is due to a Name Mismatch Error.
Q: Have you ever been hacked?
A: No hacker has ever gained access to the Clubessential servers.
...