Website Security

Website Security provided by a leading URL. HTTP or HTTPS? There is way more to it, but it begins with this. If a newer browser encounters a website without an SSL certificate (HTTP), a warning may be given to the website visitor who came looking for information, perhaps to sign up for services, enter volunteer hours or several other reasons making your work worthy. Perhaps you sell fine wares or art pieces as diverse as you. It often prevents them ‘for their safety’ from entering your domain. For shame. It’s not fitting with your inclusive atmosphere. The websites many non-profits use are provided via a ‘shared web server’ their telecommunications companies host, for example Shaw and TELUS (Telus site might not display in Google Chrome browsers) shared hosting servers. Even some startup businesses saving the cost of a full domain, perhaps for a blog. This is included in their communication packages, including phone and email. It does not include a free SSL certificate.

On my website privately owned and paid from a server (a shared domain too), the SSL Certificates are insisted upon. SSL = Secure Sockets Layer. An ‘unsecured’ website brings excess junk traffic, bogging and slowing down as it attacks the root server and all on the shared domain. You have to ask for it, but it’s provided hassle free without an added cost. Running without it can add those costs tenfold in bandwidth overloads hourly. A website I manage is on the TELUS Shared hosting service as an HTTP now (screenshot above). This is a report for our board meeting upcoming as I type this post. I am working on upgrading the website to HTTPS and providing a means to track Volunteer Hours on that website. Our board members (all board members leading BC Provincially Registered Volunteer organizations) need to input Volunteer hours. Any time ‘working’ towards the volunteer organizations forward movement in projects, except for board meetings, is ‘Volunteer Work’ trackable.

Where do we find those SSL certificates? What type is needed? How much does one cost? So, in answer to the first question, we turn to our favorite search engine. I use Google. Meh, don’t hate me.  In a conversation with TELUS sales, I was told ‘No, it is not provided. Go anywhere, IE Godaddy HostMonster and others, and find the most affordable one. Use the Installer found on the Server. Yes, there is support in installation.’ I assume the answer from Shaw would be the same if they don’t provide it. SSL Type search informed me we need a single domain server, prices starting at $5.99 for a 5 year plan. I could use a ‘Wildcard’ SSL but that cost likely is prohibitive for a nonprofit to sustain. Renewal cost after perhaps 5 years is about a buck higher most of the time, on the one I chose anyway, and that I assume is fixed for further renewals. I found this one at https://www.namecheap.com/security/ssl-certificates/single-domain/. The prices listed are on a long-term rate, lump sum of 12 (* number of months in years from 1 to 5) months paid in one large amount) is what they ask for. A website owner can choose the maximum of 5 years or as short of a year at most servers. If you were to build a website on that server, the cost of space usually includes the certificate as mentioned above in the same increments. Renewing at the same server for whatever reason is slightly more expensive as something servers do as a sales gimmick focused on new clients but losing the renewals to other servers where the expensive domain fits but the customer keeps the less expensive server space perhaps with a slightly altered ‘.com’ or ‘.ca’ or ‘.info’ even designation.

For Non Profits of Canada, this can be a hindrance to install the certificate on a domain they own with ‘http’. It’s an expensive upgrade that remains the length of the time their websites are on that server so generously offered but not supplying a certificate. Perhaps we should all look at grants together. A google search for Non Profit Grants in Canada brought this link up focused on website improvements. It also brought this one to filter through at our government’s available grants website; it’s focused on British Columbia. Once it is installed, a ‘plugin’ to the WordPress Website will be installed for Volunteer Hrs. That’s a service I’m looking into used by another nonprofit I connect to, ‘Trackitforward’ which has prices starting at $12 a month paid annually, $144. Volunteer Hrs? Whazzup with that? Apparently, when a registered Non Profit receives funds from the Province of British Columbia and others, they love seeing the results of the support. Stakeholders, including website visitors. Wouldn’t it be a great thing to celebrate on a website accessible to everyone, the most diverse group of stakeholder’s first contact? They support Volunteer driven projects. Volunteerism assists all aspects of human life.

Volunteers are smart. They enter their information better on a secure HTTPS website so staff can record work and people on official forms privately. The information that’s displayed publicly are the hours they work collectively while stakeholders reach for credit cards for a worthy active volunteer organization project. On a secure website, donations and memberships can be asked for and accepted. If you are the ones with a credit card supporting Non-profits above the appreciated gaming funds many receive thanks to our government, I hope you’re still reading this. I personally thank you for that and rest assured, they are trying to make to so your donations simpler and more direct. I thank you as well for following my rantings I try to pass off as education.