Category: Configure

  • Why Your Website Needs a Security Certificate

    When visitors come to your website, do they see a reassuring green padlock icon telling them that your site is Secure? Not only is this reassuring to visitors to your site, it’s reassuring to search engines like Google. This means if your website is not marked as secure, Google and other search engines will punish your site in their search results.

    In this article from the Google Webmaster Central Blog, HTTPS as a ranking signal (published on Aug. 6, 2014!), Google explains the importance of using a Security Certificate to signal to visitors and search engines that your site is secure:

    [W]e’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.

    What does this mean? Basically this: Google has determined that websites that use Security Certificates are more reliable and deliver better search results than websites that don’t use a Security Certificate.

    Why is that? Partly, it’s because it takes a little time and a little effort (and some money) to add a Security Certificate to your website. And who’s not going to make that effort? Spammers, and any kind of fly-by-night operation that wants to whip up a website quickly to make a fast buck. Do you want Google to lump your site in with these jokers?

    How Do Security Certificates Work?

    Website Security Certificates, also know as SSL Certificates (or, more accurately, TLS Certificates), make it possible for web browsers to connect to your web server over a secure, encrypted connection, using a protocol called HTTPS.

    Maybe you figured that secure connection was already happening? Unless you see that little padlock icon in your browser’s address bar, the site you’re visiting isn’t using HTTPS, but instead regular old HTTP. This means that all the communication between your browser and the web server is completely visible to anyone who wants to spy on you. Sending information between your browser and a web server using HTTPS is like sending a letter in one of those Tyvek Priority Mail envelopes that you can’t open without a knife or a chainsaw. Regular old HTTTP communications is just like sending your messages on a postcard: anyone can read what you’re sending if they bother to look at it.

    But who would want to spy on you? Well, most hackers aren’t after you in particular, but just looking for ways to steal information as easily as possible. If you’ve ever connected to a website in a coffee shop or an airport over Wifi, using an insecure HTTP connection, it means that anyone else on that network can snoop in and view everything you’re sending back and forth between your browser and the web server, things like passwords and credit card numbers.

    When you have an Security Certificate set up correctly on your website, all the network traffic between your browser and the web server is encrypted, and can’t be decoded except by your browser and the web server you’re connected to. This means that no one can eavesdrop, steal passwords, or create a fake website that looks like the one you want, but is just a trap set up to steal passwords (phishing).

    You Need A Certificate for WordPress

    If your website runs on WordPress, you absolutely need a Security Certificate. If you ever want to log into your site and add or update a post, you want to do so over a secure connection using HTTPS. If your connection isn’t secure — maybe you want to make that update while you’re traveling, or in your favorite coffee shop — anyone can grab your username and password and then log into your WordPress site to make any changes they want, using your account credentials.

    You Need a Certificate Before Your Site Is the Last One In Your Industry that Doesn’t Have One

    It’s already been several years since Google announced that they would rank sites with HTTPS better than those without. If your site doesn’t use HTTPS, and your competitors are, that might be why they are getting more traffic than you. Also, when visitors come to your site and see it’s not secure, where all of your competitors display that green padlock icon, whose site will they choose? And you certainly don’t want your site to be hacked or defaced because someone was able to steal your username and password when you logged in to update a blog post. Protect your site and protect your search engine ranking: add an SSL certificate to your site today!

    Cadent offers Security Certificates for all of our Hosting Packages. Since we specialize in WordPress hosting, we want your site to stay safe and secure. Plus, HTTPS will improve your site’s performance and reduce download times. Contact us if you’d like us to install an Security Certificate on your Cadent-hosted WordPress site, or if you’d like to move your hosting to our dedicated high performance WordPress servers.

  • The main menu on my WordPress site appears as an icon on smaller devices. How do I control that?

    My site displays a text menu across the top of the page when you view it in a desktop browser. But when you look at the site on a smart phone or a tablet, the menu is replaced by an icon with three stacked lines. When you tap this icon, the menu appears vertically. How do I control when the standard menu appears and when this mobile menu icon appears?

    Control how the main menu appears in your theme, and add features

    This is typically controlled by your theme’s Appearance settings. Try this, from the WordPress dashboard for your site (log in as an admin, of course):

    Appearance : Customize : Theme Settings : Navigation

    Look for a Mobile Menu check box. If it’s checked, uncheck it. You can also tweak this setting. If you leave the mobile menu on, under Mobile Menu Collapse, you can set:

    The resolution when the menu collapses into a mobile navigation menu. Value is in pixels.

    In other words, if you set this to, let’s say, 480, the mobile menu will appear only when the browser window, or the size of the smartphone screen, is 480 pixels wide or smaller.

    Be sure to click the Publish button to save any changes you make. On larger screens, you can see how the updated page will look in the preview on the right side.

    Note that the mobile menu is a feature, not a bug: it’s designed to appear on smaller screens so you don’t need to use a lot of screen space for a complex menu structure, but the full menu is just one tap away.

  • Review the Public WHOIS Info for Your Domain

    Do you control your domain record? You can check to see who has control over your domain with a free WHOIS search. The WHOIS search displays information about:

    • your domain registrar
    • The domain contacts: Registrant or Billing, Admin, and Technical

    If you or someone who works with you isn’t listed as one of the three domain contacts, you may need to contact the person listed to determine how to update your domain. The public WHOIS record for your domain will always display a current (active) email address for each of the three domain contacts.

    Sometimes domains (like cadent.com) are privately registered and display only generic contact information, although the listed email address will allow you to contact the domain holder.

    Search WHOIS with a Browser

    You can use the ICANN WHOIS service with your favorite browser. Simply enter your domain in the field in the form example.com (without adding anything before or after your basic domain).

    Then, click Lookup, fill out the captcha form, and the site will display your domain WHOIS information, neatly formatted. You can also view the raw results further down the page.

    Search WHOIS from the Command Line

    If you want to look up WHOIS information from your computer’s command line, you can do that too. At a command prompt, enter 

    whois example.com

    where “example.com” is the domain you want to review. The raw WHOIS data will appear in your terminal window.

    Related Articles

    Other Links

  • Set up a Secure Account at a Domain Registrar for Your Domain

    Your domain is your brand and identity on the Internet. You need to protect your domain by registering it securely with a domain registrar, like Namecheap or Hover. The domain registrar you select will maintain a public record of your domain, and important technical information about your domain required for your web site(s) and email server — plus many other Internet services — to function correctly.

    Not sure if you control your domain registration? Follow these steps to Review the Public WHOIS Info for Your Domain.

    What You Need to Set Up a Secure Domain Registrar Account

    To create an account at a domain registrar, you must provide:

    • a valid email address (not in the domain you want to register)
    • credit card
    • a user name
    • a strong password.

    IMPORTANT: You do not want to use an email address that is part of the domain you are registering. For example, if I was registering the domain “cadent.com,” I would not want to use an email address in the “cadent.com” domain to set up the domain registration account. Why? Because if there is any problem with your domain registration, your emails associated with that domain may also stop working correctly, which means you won’t be able to fix your domain.

    To avoid this, set up your domain registrar account with a secure email address on a different domain. An easy way to do this is to create a “company” Gmail address. Then use this email to set up your domain registrar account. Since this email account is literally the key to your Internet kingdom, make sure it’s secure by setting up 2-factor authentication. This means if someone steals your password, they still won’t be able to get into your Gmail account.

    Once you’ve set up your company Gmail account, you can set up auto-forwarding to send any emails on to your work email, so you don’t have to check yet another email account.

    Protect Your New Account with 2-Factor Authentication

    Once you’ve set up your new account, you should turn on 2-factor authentication, if possible, with your domain registrar. This will ensure that your domain registrar account will also be secure even if someone steals your password.

    Adding Domains to Your New Account

    Now that you’ve set up a secure account with your domain registrar, you can purchase your domain if it’s not already taken, or transfer it to your account from the account of the current owner. Read Transfer Your Domain to Your Secure Domain Registrar Account for detailed instructions on the transfer process.

    Related Articles

  • Transfer Your Domain to Your Secure Domain Registrar Account

    Before you transfer your domain to your domain registrar, you need to Set up a Secure Account at a Domain Registrar for Your Domain.

    To contact the current owner of a domain, Review the Public WHOIS Info for Your Domain.

    To transfer a domain from one account to another, you need to:

    1. Ensure the domain is ready to be transferred (the current owner needs to unlock the domain and make sure it isn’t set up as a private or protected registration) and verify the contact information for the current owner.
    2. Purchase a domain name transfer from your registrar.
    3. Your registrar will prompt you to unlock the domain and enter an authorization code (provided by the current domain owner).
    4. Wait for the confirmation email (sent to the address you specified when you created the account) and click the Approve button.

    This process ensures that the current domain owner is transferring the domain willingly to another legitimate account with a working email address.

    Configure Your New Domain with Separate Contacts

    Once your domain is set up in your secure domain registrar account, you can configure your domain so your web sites, emails, and other Internet services work correctly. You should also use separate contacts for the three domain contacts. The billing contact (or registrant) has the ultimate power over the domain, because they pay the bills. Using a separate admin and technical account means that you can still manage your domain if the billing contact isn’t immediately available, but the admin and technical accounts can’t cancel the domain or transfer it — only the billing contact can do this.

    Obviously, select the people you assign to these roles carefully, and ideally, don’t use email addresses that are in the domain you are managing.

    Tips

    • Always use an email from a different domain to register your new domain. Pro tip: set up a “company” Gmail account to manage your domains which will be available even if there’s a problem with your domain.
    • It’s best to register your domain with a different company than the company that hosts your web site. That way if your hosting company has a problem (and this does happen occasionally) you can still update your domain. So, if you want to host your site at, say, HostGator, then register your domain at different registrar (like GoDaddy or Hover). While it’s convenient to register your domain at the same company that hosts your web site, it also means that a single problem at that one company will take you completely off the Internet.

    Related Pages

    Transfer Your Domain

    Domain Name Registration Process | ICANN WHOIS