Securing Your Website

We all read in the news that websites are getting hacked nearly every day. How secure is your website? Is it secured at all? Did you know that in July 2018 Google is releasing Chrome68? What this means for you is that any website not protected with SSL/TLS (Secure-Socket Layer/Transport Layer Security) will be marked with a red triangle, indicating that the site is not secured. This could potentially have a huge effect on web traffic.

So how do you secure your website? You can install either an X509 Digital Certificate or an SSL certificate on your server. A trusted third party, called a Certificate Authority (CA), guarantees the Digital Certificate’s authenticity with a Digital Signature. This way your visitors can be sure they are where they thought they were going.

Let’s talk about SSL/TLS. There are three main types: Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV).

Domain Validation (DV)

A DV site is a site that has been registered by someone who has admin rights to the site. If the certificate is valid and signed by a trusted Certificate Authority (CA), a web browser connecting to the site will inform you that it has successfully secured an HTTPS connection. You can use a DV to secure a simple, single website.

Organization Validation (OV)

An OV validates the domain’s ownership and includes ownership information; the site owner’s name, city, state, and country. This is the minimum certification level for a commercial website and protects multiple sub-domains, but is seldom used.

Extended Validation (EV)

An EV legally validates the domain’s owners and could take weeks to get one. Sites with an EV SSL certification have a green address bar in most browsers, but it’s a single domain certificate. If you need to cover multiple sub-domains you’ll need multiple EV certificates. If you’re running an e-commerce site, use an EV SSL certificate from a well-regarded CA.

So how do you find a Certificate Authority? There are many you can use. The commercial ones, like Network Solutions, Entrust, Symantec to name a few, back up their security with a warranty. Usually between $500,000 and $1 million. There are also free ones you can do yourself, but these have no warranties. Another alternative is to self-sign your own certificate, but know that a self-signed certificate is useless for visitors since they can’t be sure your site is truly the one they had intended to use.

If you don’t have a website and are wondering if you should, check our this article.

And if you need any help with all of this, the folks here at BT Web Group are an excellent resource for you.