Why Your Website Must Be SSL Compliant

As internet technology evolves, website best practices transform from courtesies to mandatory elements. For example, firewalls were once used only by tech-savvy enthusiasts. Today, most people wouldn’t dream of using a computer without a firewall. With cybercrime on the rise, providing an encrypted connection has become one of many security elements visitors have come to expect.

Website security is a big deal. Every bit of data transferred across a network is susceptible to being intercepted mid-transfer. While encryption can’t prevent hackers from stealing data, it does ensure stolen data remains unreadable. Encryption uses a complex algorithm to scramble data streaming across a network, making it unreadable by anyone without a decryption key.

Secure Socket Layer encryption, or SSL, is a high-level encryption standard that uses both asymmetric and symmetric keys to authenticate data and secure it. SSL uses a public key from the website server and a private key from the user’s browser. Since both keys are needed, an SSL certificate is a package of information that delivers a public key to the user.

Once a secure connection is made, all data transfers are constantly encrypted in real time by something called a cipher. This is where the word “decipher” comes from. When you decipher data, you convert it into normal language.

When an SSL encrypted connection is terminated, so is the private encryption key; a new key is generated for each connection. To learn about SSL encryption in-depth, check out this Beginner’s Guide to SSL.

Website encryption has been standard for a while, but some website owners have been dragging their feet. If you haven’t given serious consideration to securing your website with SSL, here’s why you can’t put it off any longer:

SSL protects your visitors from identity theft

You care about your visitors – they’re the reason you’re in business. Protecting their data from hackers should be your number one priority.

Chances are, visitors submit some kind of information through a web form on your website. It could be a simple signup form, an account login page, or a complete e-commerce transaction requiring credit card information. All of this data is susceptible to theft and should, therefore, be encrypted.

It makes sense to encrypt an e-commerce website that handles credit card information, but what if you don’t sell anything on your website? What if you run a blog, and only collect email addresses from your followers? Even if your visitors only submit their name and email address, that transmission needs to be encrypted because hackers piece together information from various sources to eventually steal someone’s identity.

All visitor data needs to be protected

Any website with user accounts should use SSL encryption to prevent account information from being stolen. Stolen account information is how cybercriminals obtain enough information for identity theft.

Against good advice, many people reuse passwords for multiple accounts. Once a hacker has an email address and a password, they’ll use that password to gain access to other accounts they can find. Most user accounts have a personal profile where people provide links to their other accounts; it’s all low hanging fruit for the cybercriminal. If your website visitor uses the same password for their Twitter, Facebook, or Instagram accounts, leaving their data unencrypted could cost them more than a compromised account.

Protecting your visitors’ data is no longer the only reason to use SSL. Browsers are starting to monitor and inform visitors of the presence of SSL encryption, and Google officially made SSL encryption a search ranking signal.

Using SSL makes you look better and rank better on Google

On August 6, 2014, Google reinforced its commitment to making the internet secure by informing webmasters everywhere that the presence of SSL/TLS encryption is officially a lightweight search signal. At the time, Google said the signal would affect fewer than 1% of global queries, but they might strengthen it in the future to encourage website owners to switch to HTTPS.

Browsers are telling visitors if your site is secure

A securely encrypted website connection between a client (visitor) and the server (website) is what enables the use of the HTTPS protocol. Google not only gives more weight to websites using HTTPS, but its popular browser, Chrome, warns visitors when a website is not using HTTPS.

In September of 2016, Emily Schechter from Chrome’s security team published an announcement that Chrome was going to start labeling HTTP connections non-secure. A small information icon (i) with the words “not secure” are displayed to the left of the webpage URL in the address bar. As of January 2017, all HTTP pages, including ones that collect passwords or credit card information, are being marked as non-secure. In the future, Schechter says the HTTP security warning will be a red triangle with an exclamation point in the middle, currently used for broken HTTPS.

Firefox implemented a similar strategy to warn of password security vulnerabilities. When login credentials are requested over HTTP, Firefox gives a warning to the user by placing a red slash through a lock symbol in the URL bar. According to the Firefox security team, each page is checked against the W3C’s Secure Contexts Specification to determine whether it’s secure.

Firefox and Chrome are popular browsers, and these warnings may not look sinister today, but given time, they will evolve, and it’s only a matter of time before visitors start bouncing from unsecured websites.

SSL protects public Wi-Fi users unaware of potential threats

A secure browser connection prevents Man-In-The-Middle (MITM) attacks, which are fairly common, especially on public Wi-Fi.

Unfortunately, consumers don’t realize the urgency of securing their own data over public Wi-Fi. Studies have shown that over 60% of Wi-Fi users believe their personal information is protected when using public internet. About 50% don’t know they’re responsible for securing their own data, with 36% believing it’s either the website owner or Wi-Fi providers job.

Although everyone should do their part to protect their data, at the end of the day, the website owner will take the legal blame if data gets stolen. Even when a consumer is careless with data security, they can sue a business for any data breach that caused them provable harm.

Get hosting from a provider that offers SSL

Your visitors depend on you to protect their data. You might not have SSL enabled, or you might find it difficult to implement site-wide. At Skylands, we offer SSL encryption and handle the setup for you.

Contact us today to find out how our fully managed boutique hosting can create a secure website connection for your visitors.

5 Best Practices To Support Your WooCommerce Shop

Choosing to power your ecommerce shop with WooCommerce is a smart move. Thirty percent of all e-commerce stores are powered by WooCommerce, including some of the world’s big brands like Singer, Weber, and Ghostbed. There’s a good reason for that: WooCommerce provides a higher level of customization than other platforms, which is exactly what brands need.

Customizing your WooCommerce store is easy. You don’t need to be a programmer to perform most modifications. If you’re not familiar with WordPress, the internet is full of tutorials designed to teach you how to do anything.

However, before you dive into implementing those tutorials, there are some best practices to follow to maintain the integrity of your e-commerce site.

1. Plugins aren’t always the best way to add custom features

You may be tempted to install a new plugin for each custom feature you want to add. However, plugins should be reserved for minor changes only. Additionally, WordPress sites with too many plugins tend to perform slower and become a security risk.

The Code Snippets for PHP plugin allows you to add snippets of PHP to your site that you can deactivate at any time. This is a convenient way to add features to your site that you can turn on or off. The Jetpack plugin allows you to edit your CSS. Making these minor changes with a plugin is acceptable, although, if you’re going to implement major changes, you need a child theme.

2. Always use a child theme from the beginning

A child theme is a directory that holds a couple core theme files (styles.css and functions.php). A child theme’s files will override the same file in the parent theme. For instance, any code you add to your styles.css file in your child theme will override the styles defined in the parent theme’s styles.css file.

The override feature is how you can change your site’s style without having to worry about your changes being wiped out in an update. For example, say you want to modify the background color of your theme. Instead of editing the parent theme’s CSS file, you’d activate a child theme and edit the child theme’s CSS file.

However, you define the background color property in your child theme’s CSS file will override the style defined in the parent theme’s CSS file. You don’t need to copy the entire original CSS file to change it – you only need to define the specific elements you want to override the parent theme’s stylesheet. Your child theme’s CSS file might be completely blank, except for a single line of code.

Not using a child theme means you’ve got to work harder to create and maintain your customizations. There’s nothing wrong with customizing your CSS through your theme’s custom dashboard, provided the option exists. In fact, this is a fairly safe method of customizing CSS. However, you should know how to use a child theme just in case you end up using a theme that doesn’t have a styles dashboard.

3. Test your sales and checkout process frequently

Schedule a time to test your sales and checkout process at least once a month. If once a month sounds too frequent, consider that it doesn’t take much to disrupt the checkout process, and not every customer will send you an email if they encounter a problem. Especially if the glitch is small and they’re still able to successfully checkout.

The biggest reason for abandoned shopping carts is a difficult checkout process. According to Forbes, the Baymard Institute reported that 67.91% of people will abandon their shopping cart. Some of the difficulties are within your control. For instance:

  • 56% of consumers said they abandoned their shopping cart due to unexpected costs at the end.
  • 25% said the website navigation was too complicated.
  • 21% said the process took too long.
  • 18% said there were too many payment security checks
  • 16% said the delivery options didn’t work for them.

All of the above factors are within your control to fix.

It’s important to test your entire sales process as a new customer as well as a registered user (if you offer that option). You’ll be able to catch and fix problems quickly.

4. Ensure the continuity of your email marketing messages

You might only have one main email marketing campaign with a set amount of emails you drip-feed to every new subscriber. That’s fairly common, and it’s a great strategy. Just make sure your welcome email is general enough to apply to all of your customers to avoid confusion.

This is especially important when you collect leads from various sources and offers. You don’t want to send everyone an email that says, “thanks for downloading our free ebook” when you’re also collecting leads through a free trial, or another offer.

If you created your email marketing campaign prior to collecting leads through multiple offers, make sure you aren’t thanking leads for signing up for a specific offer. That email will just confuse anyone who came to you through a different offer. It might even make them unsubscribe.

If you can, segment your leads based on what offer they’ve signed up under, and send each group an individual welcome email.

5. Choose the right hosting provider

Hosting is cheap these days, but cheap isn’t always the best. For example, if your hosting provider doesn’t offer SSL, you may want to reconsider your host. SSL is vital not just for security, but for SEO as well, since Google now considers SSL a search signal.

Need a host for your WooCommerce site? We can help

If you need a secure and reliable hosting provider for your WooCommerce site, we can help. We’ve got dedicated servers and custom solutions for any e-commerce site, big or small. Connect with us today, and we’ll help you choose the package that’s right for you.

8 UX Fixes To Reduce Abandoned Magento Shopping Carts

You’ve created a beautiful eCommerce website with a brilliant product your visitors fall in love with. You’ve done everything right – your sales copy is well written and convincing, and it encourages visitors to add products to their cart. However, when you look at your stats, you’ve got a high rate of abandoned shopping carts. Why? What went wrong?

If this is your experience, you’re not alone. Thousands of eCommerce websites experience a sharp drop-off during the first step of the checkout process. According to KissMetrics, this drop-off is caused by disconnects in the user experience.

Here’s what you can do to improve your user experience and encourage customers to complete their purchase:

1. Minimize clickable options (like full navigation)

Consistent navigation throughout all your web pages provides a seamless user experience. However, as with sales pages, full navigation becomes a distraction during the checkout process.

Your visitors may not be looking for a way out, but when they notice clickable options, they may want to explore. When a visitor leaves the checkout process to wander around, they’re more likely to abandon your website entirely.

Unfortunately, even when a wandering visitor comes back later to complete their purchase, their exit still registers as an abandoned shopping cart.

The checkout process should support the visitor’s commitment to buy from start to finish. It should keep the visitor engaged in the checkout process.

The process should keep your visitors moving toward entering their payment information without any distractions along the way. Any options to make changes (like adding items or changing quantities) should be made possible within the shopping cart, so there’s no reason to provide full site navigation during the checkout process.

2. Ask for payment information in the right order

If you haven’t provided the customer with shipping options and a grand total, it’s not time to ask for their billing information. Customers want to know their total before entering their billing address and credit card number. You can write copy that informs visitors their card won’t be billed until they finalize their order on the next page, but they’re still going to be nervous about hitting that “next” button.

3. Use a progress indicator

How many steps are in your checkout process? Three? Ten? Even if your process is short, it’s a good idea to add a progress indicator to the top of the page. Visitors like to know where they are in the checkout process, so they know there’s an end in sight.

Your shopping cart theme probably comes with a progress indicator already, but if not, it’s easy to add one. To add a progress indicator, you need a set of graphics that represent each step, with a transparent background. Any graphic designer with basic skills can create these for you. For example, if your checkout process has three steps, you need a set of three images – one for each step.

One thing a progress indicator can’t do is make an exceptionally long checkout process seem shorter. If your checkout process has more than five steps, it’s probably too long.

To shorten the process, see if you can combine steps. For example, if a customer needs to submit their billing address in one step, then submit their credit card information in the next step, see if it’s possible to combine those into one. What the customer inputs won’t change, but the perception of one less step will make them happy.

4. Allow guest checkouts

The checkout process is an opportunity to gather email addresses from your visitors, but don’t force everyone to create an account to complete their purchase. Most people have more accounts than they can even remember. The need to sign up for one more user account can make a visitor bounce and buy from a competitor.

The Baymard Institute discovered 37% of people abandon a shopping cart when the site asks them to create an account. Forcing users to create an account is a barrier that prevents conversions.

If you’re worried about not capturing email addresses, there’s little to be concerned about. Most email marketing systems – especially high-end systems like Infusionsoft – can be integrated to grab email addresses from the checkout process.

5.  Design your shopping cart to match your website

Consistent design between your website and your Magento shopping cart goes a long way to support conversions. Consistency in design tells people they’re in the right place. Some people hire a professional design and development team, so the shopping cart looks exactly like their website.

Thankfully, it’s easy to customize a Magento shopping cart design, even if you can’t hire a professional development team. You can customize some elements yourself by logging into your shopping cart and clicking on “settings.” From there, you want to click the link titled “design setting.” Here, you can change the default colors and images and add a custom background or header graphic.

6.  Present upsells sparingly

An upsell is perceived as a step in the checkout process. If your checkout process is short, upsells will make it appear longer. One upsell screen might be appropriate; however, two will make visitors bounce. Screens asking visitors if they’re “sure” they don’t want the upsell they just rejected are even worse.

7.  Make sure dynamically displayed currency is correct

When you want to display prices dynamically according to the visitor’s geographical location, it’s important to know for certain the currency displayed is correct. Many countries use the US dollar as a standard form of currency, and yet some currency plugins display the country’s old, antiquated form of currency instead.

Visitors will notice this mistake, and if they can’t select their preferred currency, they’ll bounce.

For example, some currency plugins are programmed to display prices in the Cambodian Riel. If you’ve never been to Cambodia, this seems logical. However, the US dollar is Cambodia’s second official currency. ATM machines dispense both currencies, but most residents rely on the US dollar for everyday purchases. They’re not used to seeing small purchases displayed in Riel.

If your currency plugin allows you to assign currencies to particular regions, this is an easy fix.

Remember, the US dollar is the most widely used currency in the world, and people are used to seeing prices in USD. If you’re not certain currencies are correct, it’s better to leave your prices in USD.

8.  Speed up your page load time with LiteMage

Speed is everything. If your website loads slowly, visitors will bounce.

If your eCommerce website is doing well, but your Magento website is loading slowly, you probably need a load balancer. Magento is a wonderful CMS, though it can be demanding of server resources resulting in site performance issues that can cost you conversions.

At Skylands Networks, we use LiteMage to help Magento stores run up to 5x faster, reducing server load and increasing site performance. Contact us today to find out how we can create a custom solution for your eCommerce website.

Why Load Balancing Is Vital With eCommerce Platforms

Launching an eCommerce website requires investing a significant amount of time setting up and managing IT infrastructure. To prevent unnecessary downtime, you need to consider things like disaster recovery, server security, and website security.

Traffic management also plays a vital role in keeping your website online. You need to generate traffic to make sales, but when you’re unprepared, too much traffic can cause your website to go offline.

Heavy traffic can impede your conversions

Each visitor that comes to your website is considered a single connection, but will generate multiple requests per page load. It takes resources to support connections; your website can only handle a finite number of connections at once.

Servers have a finite capacity for resources like memory, processing power, and bandwidth. If the demand for resources is greater than what your servers can handle, your website will either slow down or crash.

Your conversion rates are directly influenced by the amount of time it takes for your pages to load. According to a recent Google study, 53% of mobile users bounce when a page takes more than three seconds to load. You can’t afford to have slow loading pages killing off your profits.

Load balancing helps you handle heavy traffic

Heavy traffic can hit at any time, putting stress on your server’s resources and causing your website to go down. When your website goes down, you lose sales, and your brand perception may suffer.

Holidays, promotional periods, and new product launches can cause a surge in traffic. You need a strategy for managing server resources during these periods of heavy traffic.

The solution is load balancing, and it’s achieved with a special device called a “load balancer.” A load balancer distributes your visitors’ requests across a number of servers.

Load balancing is your best defense against a server crash due to heavy traffic. Load balancing is designed to optimize the use of server resources, minimize response time, and prevent overload on any single resource.

 Load balancing for reliability

 Your website or online service can only generate revenue when it’s actually online. Crashes or slowdowns due to hardware failure or sudden spikes in traffic come with a real cost, both to your income and your reputation.

Load balancing not only distributes traffic evenly across multiple servers, it eliminates any single point of failure. If any single server or load balancer happens to fail the system’s redundancy keeps the site online and running smoothly while the hosting team replaces the failed device.

 

How Load Balancing Works

 

There are various algorithms available which can determine how the load balancer distributes traffic. Your hosting provider can advise you on the best configuration for your specific setup.

Why choosing a dedicated hosting solution is ideal

 Shared hosting accounts are cheap – sometimes less than five bucks a month. You can install your own platform like WordPress or Magento in minutes. It sounds like a great deal. However, shared hosting isn’t a good option for eCommerce websites. Dedicated hosted solutions like the ones we offer are ideal because they give you full control over your dedicated resources.

Don’t be lured in by cheap shared hosting – it’s like moving in with unpredictable roommates who use all the hot water and hog the WiFi. Sharing resources puts you at the mercy of their demands all the time.

Your load balancing needs are unique – we can help

Basic load balancers can only do so much by monitoring for HTTP status code or text match. Skylands engineers are trained to create custom scripts to monitor your eCommerce website and balance visitors based on what defines up/down for your particular application.

We also offer LiteMage for Magento so all of your web servers can share a single cache. LiteMage improves warm-up time and reduces server load by eliminating the need to duplicate cache-loading efforts. In fact, our high performance caching serves cached content up to two times faster than other solutions.

If you’re a small business, the time will come when you’ll need to scale your applications beyond one server to improve speed and reliability. You don’t want to be caught off guard when your business takes off. Our flexible load balancing algorithms are activated on-demand and automatically scale to meet your seasonal and temporary traffic spikes.

We offer multiple hosting options for Magento websites, all of which offer load balancing. Contact us today to find out how we can help you with your eCommerce needs.