Many website owners are getting approached by their hosts to move from http to https. What is important to know is that there is an easy way to do this and a hard way.
Here are my tips to easily move from http to https
Typically I will recommend that you buy your SSL certificate through your web host. Although it may be slightly more expensive, when you use your host’s provider your host is eager to help you set up your SSL cert correctly.
I paid $199 for my SSL certificate which is renewable each year through my web host. Once you have purchase the certificate, your host take over the installation on your server. For most clients this is all that needs to be done. Everything should work yet be under the green padlock and your site should start with https.
I do recommend that if you do move to SSL that you have your webmaster review your website files to assure that there are no hard coded in page links within your website referencing http. If there are, you will want them to change them to https.
Also if you are running WordPress in a directory on your site, you will want to update your logins and locations so that your blog and the blog access control panel are now all https.
Last of all do not forget to update the links in Google Ads. Change your site links and ad URLs to https to complete the project.
One tip, I typically recommend moving to https before you do a website redesign. There is nothing worse than having to troubleshoot server issues for https while you are troubleshooting a new site launch. Don’t do these updates at the same time.
Occasionally we have a client who is using a low-end web host or who is self-hosting and does not have a cgi-bin or scripting enabled in order for us to install a contact form processing script. Sometimes this has lead to expensive programming charges. We do not offer programming and so we have to contract out this portion of a project adding to expenses.
We have found a service that will process the script for you on their servers and so far it looks like a clean and elegant solution to a thorny problem for some clients. You will want to click our post title to review the site MyContactForm.com. With a premium account for $24.99 per year, now any client can have a professional seamless contact form installed on their site without complex programming initiatives. I think that it is a very smart solution.
Since I last wrote about the privacy updates that are mandated by the EU to cover website traffic on American websites by EU nationals, much has happened.
Several clients have shared their thoughts with us on why the sudden change. Some are listed below.
“I do feel lucky about not getting caught, but also want to be safe.”
“I’ve just had a lawyer call me and I feel like I need immediate action on the privacy updates as I don’t want to end up in court on a new matter.”
As for me, my perspective is that it is not expensive or hard to do the implementation to be in compliance with the GDPR. I am risk adverse and feel that eventually the US will institute some controls so we will be ahead of the game by changing our own websites now.
Errors, they may your heart beat faster and stomach clench especially when they impact your website. But, not all errors that are reported in plugins such as Yoast or even WordFence are real errors.
For example, today the Yoast SEO plugin flagged my site as not having a home page that was visible to search engines. But on additional testing and review of files; both the robots.txt and .htaccess file there was not issue. Additionally, on testing in the Google fetch feature in the Google Search Console – no errors were triggered. The Google bot was fully allowed even though Yoast said it was not.
Sometimes errors you see are false positives. But, that does not mean you can simply mark them as ignored or disregard them all together.
All website errors should be reviewed and corrected if found to be true. Don’t guess make sure that you do not have a problem each time one is brought to your attention.
Hackers, how do they get in to your website and hosting account? In today’s wild web, it just seems like sometimes you can’t keep hackers out!
Here’s what happened recently to me. I set up a new hosting account at a quality hosting service (not GoDaddy). The same day I loaded the site files, the site was hacked. Files were loaded and links to malware installed in newly created pages that mirrored my own site pages but with a .shtml instead of .html.
The host told me that all was secure and although the site was in a shared hosting environment that their network was not where the hack came in.
The only thing that I can possibly think of that caused the problem for this non-WordPress site is I emailed the passwords to the client. What the client did with the logins, I do not know. I am not sure if he even tried to login, but doubt it.
The host said that possibly a hacker got into the site via a field in the contact form, but there is a Captcha and tests for validity of information and on top of that no database connection for the form. I am mystified!
What I do know is that sometimes you just do not know how hackers get in, could they tunnel in from the host? Could they intercept logins by email? Could they be trawling the web for new hosting set ups and attack them? Your guess is as good as mine.
One thing I do know is that there is a new hack for WordPress websites that targets new hosting accounts where WordPress installation has not been completed. There are bots that are scanning the web for these new sites and coming in via WordPress setup files and taking control of hosting. Could this type of attack possibly be what I experienced? It is possible.
What I do know if that prompt action to clean up, wipe the server, and change all passwords for hosting and FTP and also no longer emailing logins is our newest protocol.
Moving to a new web host? Here are my top tips on quickly moving with a minimum of downtime for HTML and PHP (non-database driven) websites.
Know Before You Go
Make sure you know what is going on with your site before you go. What are you using at your old webhost? Email? Script? When you repoint your domain to your new host, anything that you had at your old host is wiped. That means you will have to set up email accounts, any scripts, and any other things you have been using. Make sure before you move, that your webmaster does their due diligence and make sure you are knowledgeable to inform them of what you have and are doing. Typically they can see scripts that run your website, but may not know of your mail server set up.
Use a Web Host that Provides a Temporary Domain
I like Hostway, when I set up a new domain that is owned or pointed elsewhere, Hostway gives me a temporary domain to use. I can load files and even test scripts and make any changes I need to before I move a domain and go live. If you don’t see this option ask, as sometimes it can be turned on for you.
Test, Test, Test
Before launch of any site, I do extensive testing both in my clients area and then in the temporary domain. Try to get all problems resolved before you turn your new site on. It will save having headaches and frustration.
Be Prepared for Propagation
Once you repoint your domain name servers to a new web host, be prepared for propagation. Know that it takes typically 4 to 6 hours for servers to refresh and longer for small internet service providers for your domain at the new web host to be seen consistently and properly. Don’t freak out when you cannot see your site. This takes time and there is nothing you can do to speed the process.
Looking for a webmaster to help you move to a new web host? Contact us and review our webmaster services today.