information

SSL – Eight Reasons to Implement SSL Encryption Now

This is the logo for Hannah West Design, web designer to artists, logo designed by Hannah West © 2000-2016 Hannah WestSSL padlock icon

Hannah West Design Now Secure!

Hannah West Design is now secured with a brand new SSL certificate! On January 14, we migrated www.hannahwestdesign.com to a new hosting service. This is NameCheap hosting, which we want to try out on behalf of our starving artist clients to find out if hosting service compares well to other hosts who don’t have the same affordable pricing.

In addition, Google is now promoting sites that are protected with SSL encryption and demoting those without it by placing an “Unsecured Site” flag (similar to the “This site might be hacked” flag we sometimes see) next to any website which does not have SSL. This is part of a widespread movement to encrypt the web (Learn more at Let’sEncrypt.org). With that in mind, we decided to make the switch to SSL encryption at the same time. As a result, our updated address is https://www.hannahwestdesign.com. We’re proud of that beautiful green padlock displaying in the address bar now!

What is SSL?

SSL stands for Secure Socket Layer. A correctly installed SSL certificate encrypts all information transmitted to and from your website. This protects your private information when visiting the site, from which pages you visit to sharing to submitting contact forms to purchasing online. Websites with contact forms, login pages, online shops, etc. can all benefit from the added security provided by this encryption. Visitors will feel more secure interacting with your site, which is a huge bonus. Importantly, each certificate comes with a guarantee, so if a malicious entity subjects you to liability for damage to a visitor, you will receive a settlement form the certificate issuer. This amount varies with the level of certificate used, but starts at $10,000.

There was a time when conventional wisdom said that applying SSL to an entire website would make its pages load more slowly. However, recent advice from numerous experts in the field now assures us that the opposite is now true. And we are seeing our website load with a bit more spring in its step today…the ultimate proof.

Implementing SSL

The process of implementing SSL can be simple and painless, but it can also be rather harrowing. For me it was somewhere in between those extremes. I have been through this before on client sites as well. While some need extra attention for various reasons, most of the time it’s complete—including all the content tweaks needed for that lovely green padlock to display—in 2–4 hours.

To increase your standing with the search engines, additional tasks are necessary. Once the SSL is in place, we need to make adjustments in Google Webmaster Tools so they can direct traffic to the secure version of your site. We also need to adjust your Google Analytics account so traffic stats will continue to be collected accurately.

Pricing and Other Requirements

Many things related to SSL certificates have changed in the last couple of years. For one thing, they used to be very expensive. While prices for certificates to protect sites that don’t involve e-commerce have become quite affordable, there are now free certificates available from Let’s Encrypt. The catch is that not all hosts have a quick and easy way to install them and the process of doing it manually can take a good deal of time. Furthermore, some hosts—like Ipower—refuse to allow third-party certificates to be installed on their servers. While we could have used Cloudflare on our site, we opted for a Comodo Positive SSL certificate, which NameCheap offers for only $1.99 the first year. Renewals are a very reasonable $9.00/year with discounts for advance purchase up to three years. That’s a big discount from the same certificate on Ipower ($31.99) and Bluehost’s for $4.17/month. What’s the catch? You have to have your website hosted with NameCheap too. Also very inexpensive, so definitely worth considering.

Previously you had to have a dedicated IP address (the numerical equivalent of your web address) for an SSL certificate. This meant you had to have private hosting (expensive) or pay a monthly fee of $4.99-6.99 PER MONTH to have a dedicated IP added to your otherwise reasonably-priced shared hosting. Because unique IP addresses have become more and more rare, this prerequisite has been lifted by many certificate issuers and hosts. Instead, they tie the certificate identity to the domain instead of the server IP. All this has made SSL encryption more affordable to the average website owner. The benefits are greater now too.

Benefits of SSL Encryption

Some hosts provide free SSL certificates, but most do not. These free certificates may have downsides you’d rather not deal with. We found that Bluehost’s free SSL, issued by Comodo, only covers the root domain (https://your-domain.com) and NOT the www version. Big problem for sites installed with www.your-domain.com addresses. We can avoid this with the use of Cloudflare. Though it’s a completely different setup, their free certificate will cover both the bare domain and the www version. Entry-level SSL certificates have become much more affordable than they once were, too.

I’m ready to begin helping others to make this important change as well. I’ve learned the ins and outs of what is possible and what is not on several hosts. I can inform you of your options and advise you on which is the best choice for the money.

If you’re not sure you even want to deal with this undertaking or not, please consider the benefits:

  1. Receive payments through your ecommerce website – Most payment gateways now require SSL, even PayPal
  2. Give your visitors greater confidence in the security of their transactions, interactions with your site, and personal information
  3. Limit liability for identity theft
  4. Boost page load times
  5. Greater protection from hackers
  6. Prevent unknown people snooping on activity to and from your website
  7. Boost your SEO
  8. Participate in the movement to encrypt the entire web

Are you ready to apply SSL to your own website and enjoy these benefits? Please contact me!

Distributed Denial of Service DDoS Attack Alert

DDoS Attack Alert

DNS (Domain Name Server) provider Dyn.com is currently under heavy DDoS attack (Distributed Denial of Service) which has affected many well known brands across the Internet including Amazon, Netflix, Reddit, Paypal and many others.
This morning one of my clients wrote to tell me her site was down. Fortunately it came back up fairly quickly and is fine now. However, the widespread DDoS attack which is currently underway may affect your site if you use dyn.com for DNS or if you use any service, like Paypal, that uses DynDNS.
The larger providers seem to have worked quite quickly to mitigate this attack, but it is ongoing so it’s important that you’re aware of it and carefully monitor your website during this time.
While it is a priority to protect every website I create with reasonable security measures, when there is an attack on your domain name provider there is little we can do but check in with your domain name registrar and ask them to estimate how long it will be before they can bring their service—and therefore, your own website—back online. Please contact me if you are having trouble with your website today.

More Information

Security provider Wordfence has posted on their blog with more information about this type of attack HERE.

Bulletproof Security Pro + Donate to Security Plugin Developers for the Holidays

My clients know I’m always concerned about security for their websites. It’s an ongoing and fluid situation, with new threats being identified constantly. I have used the free version of the BulletProof Security plugin with great results, but it doesn’t cover everything, and a new threat to content management systems like WordPress, Drupal, and others that was identified late last year is on the upswing, with millions of attacks cloaking even more attempts to discover user naems and passwords so they can log in to your website, install malware in the code, and then use it for malicious purposes. I’m recommending that all my clients and anyone else concerned about the security of their WordPress site now upgrade to the Pro version of Bulletproof Security. It’s only $69.95, and will save you more than that if your site is hacked even once! If you don’t know what to do after making a purchase, contact me and I will help you get it installed and configured properly. Learn more and buy Bulletproof Security Pro here:
BPS Pro Learn More

 

On a related note, I install at least two security plugins on every website I build and/or maintain. All plugin developers work incredibly hard to create plugins that will enhance the functionality of your website, and the developers of  security plugins deserve much more than mere kudos for their work. You may not know how effective their work is, because I insulate you from the day to day security notifications that come from some of these plugins, but believe me, I get hundreds of security notifications, alerts and warnings every single day. Most of them have an optional Donate button or link in the plugin’s admin area. Some of their plugin users actually make a monthly donation to them to reward their work and make it possible for them to continue improving their code, which you should consider doing as well. Even if you don’t want to step up to the plate with a monthly donation, however, PLEASE…the holidays are coming, and these guys need to know how much you value their efforts to keep your website safe! If you can’t make a donation to the developers of all the free plugins in use on your website, please send a generous gift to those who have created the security plugins that protect your website night and day!

SOSA Presentation 2-23-15

I’m very grateful to have been invited by the Southern Oregon Association of Artists (SOSA) to give a presentation at their February 2015 members meeting on Monday, February 23 at 7pm! I’m posting this presentation document, “Help Your Website Help You,” so those who attend can download it to their computers for reference.

Help Your Website Help You

Help Your Website Help You - thumbnail image for document for 2-233-2015 SOSA presentationI’m very grateful to have been invited by the Southern Oregon Association of Artists (SOSA) to give a presentation at their February 2015 members meeting on Monday! I will discuss ways to help your website help you, including ways to work with social media to promote your art, as well as website maintenance and security to protect your site and your visitors – all to improve your search engine visibility and bring more visitors to your website.

Just before the meeting, I will be posting a presentation document, “Help Your Website Help You,” so those who attend can download it to their computers for reference. Anyone who is interested or who couldn’t make the meeting is free to view and download this document, too. SOSA invites all artists to attend their monthly meetings, so I hope I will see you at the Medford Public Library this Monday, February 23, 2015. The meeting starts at 7pm and the library locks the doors at the same time, so be sure to arrive a few minutes early! If you have a mobile device, please bring it along.

New Year’s Reminder: Update your Website’s Copyright!

It’s important to keep your copyright notice updated from year to year to protect your intellectual property and your reputation, and it’s that time of year. If you don’t know how to change the copyright notice on your website or just don’t have time to figure it out, please contact me at webmistress@hannahwestdesign.com or call 541.899.2012 to request this change. It’s quick and easy, so it’s inexpensive too. Happy New Year!!

Looking forward to Free SSL!

Updates on Website Security and Free SSL

Securing your website is increasing in importance to the point that soon your site could be disregarded by Google and avoided by visitors if they don’t see the familiar “https://” with a tiny padlock icon at the beginning of your url. Last year Google announced that websites secured with Secure Socket Layer encryption, or SSL, are getting added favor from the search engine company, increasing their rankings in search result pages at google.com. A number of recent high-profile security breaches such as the one at Sony Pictures demonstrate the possibility that any site can be hacked and illustrate the business-halting disaster that the ensuing data loss can cause. The little understood hacker phenomenon, combined with our fascination with the idea of artificial intelligence, has inspired numerous movies on the subject since the birth of the internet, with the Girl with the Dragon Tattoo released in 2011, The Hacker Wars released last year and Black Hat (Chris Hemsley) leading several new ones slated for release in 2015. Television writers have also explored the phenomenon in many shows, my own personal favorite being “Kill Switch,” one of the most thought-provoking episodes of The X-Files and possibly an inspiration for Transcendence (Johnny Depp). Such fascination reveals how little most of us actually know about what hackers do and how they do it, even the filmmakers, as most movies do not represent hacking with much accuracy. Nearly none of them show the ethical side of hacking — those we can thank for testing sites for vulnerabilities and helping design software to protect the rest of us from that shadowy threat we know nothing about aside from its existence. And of course there’s Anonymous, a group of hackers who seek social justice via computer-hacked threats. Most of us — that is, those of us who do not operate ecommerce websites that conduct credit card transactions online — have been able to get away without SSL up until now, but clearly that era is ending. As responsible citizens of the internet, we all need to step up to the plate and secure our websites to protect our investment in the site itself and any data it may contain, but also to give our visitors confidence by demonstrating our commitment to protecting them from “drive-by” malware infection. Taking these measures will help us retain (and hopefully boost) the search engine rankings we work so hard to gain.

My own website www.soartists.com (The Southern Oregon Artists Resource) was attacked by malware early in 2011. The entire site was taken down and its companion blog, Art Matters!, had to be reconstructed. Fortunately we did not receive any reports of massive spam attacks or anything else that indicated a loss of critical data for any of our listed artists or visitors to our site, but it was a painful wakeup call that directed my attention to the importance of internet security. As a result, all my clients with WordPress sites will see at least one and often three or more security plugins. I set these up to notify me when unauthorized attempts to gain access to the admin portion of their websites result in a “lockout.” This keeps my email inbox quite busy. For those clients who do not have WordPress sites, I recommend a security overhaul to install some basic code that will help protect their sites until they are able to purchase a SSL certificate that will encrypt all activity to, from and on their websites, making the “transactions” that include visitors’ activity invisible to hackers and ever-watchful malware bots looking for opportunities to inject malicious code on vulnerable websites.

So what has kept us all from investing in a SSL certificate that would protect our sites and their visitors? Most of us have a tendency toward complacency, clinging to naïve thoughts that justify inaction. One I hear often is “Why would hackers want anything from my website?” Trust me, it’s nothing personal. If you are not engaged in ecommerce, they probably do not want anything from your site itself, but like parasites they are always looking for “hosts” from which they can silently conduct their mischievous and often damaging activities. In early 2014, a client for whom I needed to create a website on a very restricted budget opted out of security measure “for now.” By Thanksgiving, her site had been blacklisted by Norton Safe Web and had to be cleaned of malware before it could be reinstated. I breathed a deep sigh of relief that we caught this before Google had blacklisted her, as their reinstatement procedure can be much more time-consuming. Still, the process wound up costing her an unexpected sum for cleaning and submitting her site for reconsideration as well as installing security measure that would prevent future infections—no fun for either of us, yet a relief once it was reinstated. For those who chose to look into a SSL certificate for their website, the dealbreaker has most often been the price. SSL certificates have been expensive, and the lineups of less expensive to most expensive types of SSL were not only confusing, but discouraging, making us feel that if we invested in a “minimal” (cheap) SSL certificate, it might not be effective and therefore a waste of money. But there is good news! A couple of days ago I received a little/big gift from one of the security companies whose plugins I use–a link to an article in my inbox with good news for 2015 – SSL will be free, and much easier to install, as of Q2 2015! Following is the source of the information reported in this excellent article. I strongly suggest you read both articles!!

Let’s Encrypt: Delivering SSL/TLS Everywhere

Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.Let’s Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process.Mozilla Corporation, Cisco Systems, Inc., Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc., and researchers at the University of Michigan are working through the Internet Security Research Group (“ISRG”), a California public benefit corporation, to deliver this much-needed infrastructure in Q2 2015. The ISRG welcomes other organizations dedicated to the same ideal of ubiquitous, open Internet security.

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.
  • Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background.
  • Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices.
  • Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
  • Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
  • Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.

If your website needs attention to security or you want to get a SSL certificate and you’re not sure what to do, please contact me at webmistress@hannahwestdesign.com or call 541.899.2012 to discuss your needs and what I can do to help. One of the primary lines of defense is simply keeping your WordPress installation, theme and plugins updated, and backing up your website regularly so you can easily restore it if a disaster does happen. I know you’re busy and have other priorities on your mind and your schedule, so let’s talk about an inexpensive annual contract that will allow me to do that for you so you won’t have to!

How Natasha Wescoat Rocked Her Online Art Sales

Great advice from a successful artist. If you haven’t checked out the Artsy Shark blog yet, it’s a terrific resource for artists that’s well worth your time. That’s where I found this very informative and encouraging article…and a whole lot more!

What makes this prolific artist such a sales superstar? Guest blogger Natasha Wescoat shares her secrets.

Natasha Wescoat

A well-rounded web presence is an essential part of your art business and brand if you want to sell online. Like any brick and mortar gallery, it’s the collector’s main source to the artist and stands as an authority and representation of you across the web.

In 2004, I began selling my art online through auction websites and established a presence through the social networking blog Livejournal. I then started my own website, which has evolved over the years through trial and error. I’ve found the keys to a successful website.

Simple Design

As an artist, your work should be representing itself. There is no need for fancy design or flashy colors. It should remain clean and simple, either in black, white or neutral colors. You want your art as the shining attraction here! Stay away from moving images or flash, noisy fonts or images that have nothing to do with your artwork.

 

artist painting

 

Content  is King

As always, with any site, the information and content you use is vital not only to driving traffic, but to inform your collectors and potential clients. You want to have all they need to learn about you, the artist, about your work and also most importantly, what you are offering THEM.

IMPORTANT PAGES TO HAVE ON YOUR WEBSITE:

About: This page is dedicated to describing you and your work. Your biography, artist statement and resume can go here as well as pictures of yourself (especially creating the work!) or if you remain a private person, some clever childhood photo of yourself for example. Make sure you have written a well thought out biography and statement. This can take time but is the foundation of your career.

Gallery/Portfolio: Whether you place them directly on your site (which I recommend) or you link to another site (Flickr, Imagekind or Photobucket, etc.) there should be easy access to look at your work! Be sure to include any past collections of art, present work, available work or projects you have done. Always add descriptions or captions on the art, along with a copyright statement and even links to where they could purchase it, if elsewhere on the web.

News/Updates: This page posts the latest news on your upcoming projects, events or sales. You could even connect your blog to this as blogs are a great way of updating people. Always announce stuff you plan to do, have organized to do and even the sales you want to put on. Create anticipation for your buyers and fans.

Contact: Make yourself as available and accessible as you can. Not only would it be good to provide your contact information here, but also include the information across the other pages of your site.

Links/Shop: Make sure you have posted links to every social network, online shop, print company, licensee, etc. that you use or who sells your work. This provides verification that those sites are really you and they help people find those other sites. You’d be amazed at how little your fans know about other websites or even what you’re doing.

 

artwork birds whimsical

 

Keywords and Linking

When writing the content for your site, from your bio to the descriptions of artwork, it’s vital to understand how keywords and SEO works. You want to make sure your content is full of the keywords that describe you and your art, so that when people search for art like yours on the web, your site is the one that comes up! Also, linking to other pages in your site from another page is important. Some people need a bit more help in navigating websites and can’t always understand or find something, no matter how easy you make it.

An example of what I mean: My About page, I may write a sentence that says, “For more info, contact Natasha…” The word “contact” could be linked to the contact page or even directly to my email address.

 

whimsical tree

 

Featuring Specials

If you are offering a sale, running a new club, or joined a new social network, you should highlight that somewhere on the front page. If you can, create a banner or box that advertises this and link so they can go to it.

Social Networking

A website is not complete without its supporting character – the social network. Whether you use Facebook, Twitter, Pinterest or MySpace, those sites will help create even more traffic to your main site. If you want to be a successful artist selling your work online, you really shouldn’t attempt a business without it.

Social Networking provides:

  • Connection with your collectors and clients
  • Adds humanity to your work
  • Adds value to your art career
  • Helps you build a fan base
  • Creates more opportunities for sales

Over the years, through discussions and making friends, I’ve found business opportunities. You can’t force it, but you should develop a reputation as a person as well as an artist. Make friends and new connections. Add value to their life. See how you can help or promote them. Don’t always blast or broadcast what you do or sell. No one responds to that. Learn what your collectors want. What they like. Who they are. Connect.

I’ve found this to be one of the most complex but important parts of a successful art business. Without it, you don’t really have much. It’s important to research and develop your social media strategy, your execution plan and how to use it. It’s the most affordable way to promote and advertise yourself. It took me many years, but because I already loved to learn about the web and adopted technology all the time, it just became part of what I do.

 

whimsical tree art

 

Be Present

And last but not least, make an effort to attend conferences, art shows, expos or fairs that are local and national. Find ways to connect with your fans, your artist friends and potential business opportunities in person. It’s always valuable to add a face to the profile. Online is not always enough, though it will be biggest part of your business. Offline events are still vital and beneficial to your art career.