Website security and proper maintenance are a part of the ongoing web design process. In addition to creating functional features and an aesthetically pleasing experience, a well-maintained website needs to stay on top of industry trends – for your own protection.
- Is your website up-to-date and protected from potential threats?
- Is your website bounce rate higher than you’d like it to be?
If your answer to either of these questions is “yes,” you need to read about recent website updates in February.
Not Having HTTPS May Deter Visitors
In a survey of 100,000 websites, roughly 12% have non-secure pages.
Having an SSL certificate to show HTTPS has long been a best practice for websites, offering visitors peace of mind in knowing that they have a secure connection to your business. But you probably knew that already – what’s the big deal?
In light of recent hacking activities, Google Chrome has been updated to show websites without HTTPS as “non-secure,” adding the following warning to certain pages:
That’s a scary-looking warning!
Needless to say, the red font and warning symbol may be enough to impact your website’s bounce rate. This warning is shown on any pages that may require a login, so this is a particularly relevant if your business has a customer-side login of any sort.
It’s time to purchase an SSL certificate and upgrade your site, before your visitors are scared away!
You’ll also want an SSL certificate if you plan to use a store locator or an embedded Google Map on your website. Without an SSL certificate, you will not be able to automatically geolocate your visitors to show their current location.
Upgrading your site to HTTPS is quick and easy to do, but may have some implications on your SEO tracking setup. Always inquire with your webmaster before making changes to your site. If you don’t know where to start, contact our marketing agency and we’ll be happy to help you out.
If your website is built on WordPress, we highly recommend that you immediately update your website to the latest version, WordPress 4.7.2 (if you have not done so already).
The following security issues were noted directly from WordPress, affecting WordPress versions 4.7.1 and earlier:
- The UI for assigning taxonomy terms is shown to users who do not have permissions to use it.
WP_Queryis vulnerable to a SQL injection (SQLi) when passing unsafe data.
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
- An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.
If your website is running WordPress 4.7.1 or earlier versions, you are at risk of unauthorized access or SQL injection.
WordPress frequently updates to protect against new online security threats, so we always recommend updating to the most recent version. We always offer our web design clients a maintenance package, to ensure that their websites are continually kept up-to-date and protected against these common vulnerabilities.
If you have any questions or comments about these updates, leave a comment on Facebook or drop by our marketing agency in downtown Vancouver. We always have chocolate!