General

If you don’t have a website, then you might not realise all the great things they can do for you. Maybe you think there wouldn’t be any point, because your business is too small or maybe you don’t even have a business! Perhaps you think it’d be a lot of work for little reward. Or maybe you paid big bucks for a site back during the dot-com ‘boom’ days, only to get nothing but trouble out of it and shut it down a year later.

Whatever your situation is, though, you need a website, and I’m here to tell you why.

1. People Will Look for You Online.

Sooner or later, someone’s going to type your name into a search engine. What do you want them to find? Nothing? These are people who want to find you, and if you don’t have a website then you’re letting them down they expect you to be online. For many people, you might as well not exist if you can’t be found with a search engine. Not having a website is like not bothering to get listed in the phone book. Whether it’s customers or old school friends you’re hoping for, very few people are going to find you if you aren’t online.

2. Websites Cost Next to Nothing.

Once, it cost a lot to run a website but those days are long gone. There are ‘pay as you go’ services out there now charging as little as $1 per gigabyte of bandwidth. If you’re sensible about the size of your pages, that dollar could last you a whole month, or even longer! If you don’t want to pay for design, it’s never been simpler to do it yourself, or find free software to do it for you. Really, it’s never been cheaper to have a website than it is today.

3. Websites are Great Advertising.

Whatever you’re advertising your services, your products, or just yourself a website is a great way to do it. Every other kind of advertising going costs a premium, especially if you want to target a specific kind of person, and there’s no guarantee that they’re paying attention. Websites are like brochures that are free to reproduce, interactive, and quickly distributed to people who are already looking for them. No advertising medium even comes close to the ease-of-use and effectiveness of a website.

4. A Website is a Worldwide Presence.

On the web, it doesn’t matter whether someone is next door to you or on the other side of the world they can see your website just the same as anyone else can, at no extra cost to you or to them. Phone and post both cost enormous amounts long-distance, but a website lets you send information anywhere without any extra effort or expense. You can make friends and contacts in places you’ve never been and will never go suddenly, working globally is no more effort than working locally.

5. Your Website Can Make You Money.

There’s a lot of money on the web, and it’s not hard to get some the longer you’re online for, the bigger your share can get. If you have something to sell, you can sell it worldwide, thanks to credit cards. Doing business online eliminates almost every overhead there is: all you need to do is have the goods. If you’ve written something useful, you can put it out there with a few ads. You won’t get rich overnight, but you can set up a steady trickle of income… and there’s no limit to the number of trickles you can set up.

6. Your Website Can Save You Time.

Giving out information takes time, whether it’s on the phone, or in brochures, or even if it’s just emailing your family. Websites are designed to save you time. All your family and friends can read your online diary (known as a weblog), but you only had to write it once. Customers can see your whole product catalogue without ever needing to talk to you or visit you. This is the power of the web: things on it are written only once, but can be downloaded endlessly a good website runs itself, and keeps being useful to people for much longer than you’d expect.

If you enjoyed this post, make sure you subscribe to my RSS feed!

HTML is a relatively simple language, but that doesn’t stop people from having problems with it. Why is that? It’s mainly because, while the HTML tags themselves are easy, creating an HTML document that works as intended on a web server requires you to know a few extra things that aren’t often explained. Here, then, is a guide to understanding those parts of HTML that they just don’t tell you about in the books.

Step 1: Understand Doctypes.

It isn’t often noted that valid HMTL documents don’t actually start with the tag they have one extra tag before it. This is the doctype, and it must be present right at the top of your document for it to be valid HTML.

There are only really two doctypes that you really need to know about. The HTML4 doctype looks like this:

The XHTML one looks like this:

These versions of the doctypes that are a little more forgiving if you’re a purist, you can use the strict ones instead by changing the words ‘transitional’ and ‘loose’ to ’strict’.

But what is the doctype for? Well, its purpose is simple enough: it tells web browsers exactly what version of HTML your page was written in, to help them to interpret it correctly.

Step 2: Understand HTTP Errors.

A truly shocking number of people writing HTML pages don’t know how HTTP works and they quickly run into trouble because of it. HTTP is the way a web browser communicates with a web server, and this communication includes information about your pages, such as cookies.

You don’t need to worry too much about the internals of HTTP, but it’s worth knowing that it works by the browser sending a request to the server for a certain page, and the server then responding with a code.

Your website should be set up to handle error codes well. For example, a 404 (page not found) error should show a page with links to the most useful parts of your site. Other common error codes include:

200 - OK

301 - Page moved.

403 - Forbidden (no authorisation to access).

500 - Internal server error.

For more information, visit www.w3.org/protocols.

Step 3: Understand MIME Types.

MIME types are another part of the HTML header an important one. Also known as the content-type header, they tell the browser what kind of file they are about to send. Browsers don’t rely on HTML files ending in .html, JPEG images ending in .jpeg, and so on: they rely on the content-type header. If you don’t know about this, you can have problems if you need to configure your server to send anything unusual.

Here are some common MIME types:

text/html - HTML.

text/css - CSS

text/plain - plain text.

image/gif - GIF image.

image/jpeg - JPEG image.

image/png - PNG image.

audio/mpeg - MP3 audio file.

application/x-shockwave-flash - Flash movie.

Step 4: Understand Link Paths.

One of the hardest things to understand about HTML is all the different things that you can put in an ‘href’ property. Abbreviated URLs are created using the rules of old text-based operating systems, and there are plenty of people writing HTML today who are completely unfamiliar with these rules.

Here are some examples. For each one, the assumption is that the link is on a page at http://www.example.com/example1/example1.html.

- links to http://www.example.com/example1/example2.html
- links to http://www.example.com/example1/example2.html
- links to http://www.example.com/example2.html
- links to http://www.example.com/example2.html
- links to http://www.example.com/
- links to http://www.example.com/example1

To put it simply, one dot means “in the folder we’re in now”, while two dots means “in the folder above the one we’re in now”. This can get confusing fast just look at the difference one dot can make! Be careful with it.

Step 5: Understand How to Insert Things That Aren’t HTML.

One of the most common HTML questions is how to insert things like Javascript and CSS into an HTML document. This is one of the easiest questions to answer: you simply use the link and script tags, like this:

If you enjoyed this post, make sure you subscribe to my RSS feed!

When you’re selling things, you need people to be able to pay you. Sure, they could send you cheques in the post, but that’s not really convenient or scalable, is it? No, to do business on the web, you need to be able to accept card payments electronically and, luckily for you, it’s never been easier. Here’s the whole process, in five simple steps.

Step 1: Choose a Payment Service.

While you could get a merchant account and do your own card processing, it isn’t usually worth it, unless you do an awful lot of transactions. For most business, third-party payment services are a better solution, and there are lots of services out there that let you accept card payments for a small fee.

When you choose a payment service, then, the main things you want to consider are the prices, and whether your customers will trust it. You used to need to consider which services your customers would have accounts with, but as most services now let you accept payments from people who don’t have accounts with them that’s not much of an issue any more.

Right now, the biggest general payment player is PayPal, and they’re worth considering first, but you should be aware that many businesses have had issues with PayPal freezing their accounts and being slow to respond (see www.nopaypal.com for more). StormPay (www.stormpay.com) is a decent general-purpose PayPal alternative, and useful to keep around as a backup. You might also like to check out more specific services, such as AuctionCheckout (if you’re taking payments for auction items) or ClickBank (non-physical products only, popular for ebook sales).

Step 2: Create an Account.

The next step is to create an account at your chosen online payment provider. This will require you to give out either your personal name and address or a business name and address. Depending on who you’re registering with, you may also need to give out credit card or bank details. It almost goes without saying that you shouldn’t give these details out to anyone you’re not sure of be suspicious of payment services that you’ve found with a search but never actually seen in use.

Step 3: Get Verified.

Before you can receive any significant amount of money, most payment providers require you to become ‘verified’ this is usually nothing more than the minimum they need to do to comply with the law. If you haven’t been asked for your bank and credit card details already, you will be at this point, and some services will even ask you to fax them a photocopy of your physical card, to prove you’re the real cardholder. Some services will even cross-reference your phone number with your address and then phone you up to make sure it really was you. Don’t be too disturbed by all this: it’s all in the name of security, and you’re not doing anything bad (or at least I hope you’re not!).

Step 4: Add the Payment Button to Your Pages.

When it comes time to actually start accepting customers’ money through the service, all you’ll need to do in most cases is add some kind of button or image of a button to your sales page that says ‘Pay Now’. The payment service will usually provide the HTML for this, and a few tutorials to explain things like ways to make sure that the correct amount shows up on the payment page.

Step 5: Withdraw Often.

Whenever you’re dealing with electronic payments, the final step is to withdraw every time you get an amount of money you consider significant, and an absolute minimum of once per week. There are all sorts of reasons for this, but the biggest one is that online payment services aren’t anywhere near as strictly regulated as other financial institutions, and aren’t under that much of an obligation to give it to you in any timely manner. You should consider any money left with them to be at risk until it’s securely in your bank account. Besides, you don’t want your money sitting there earning interest for them instead of you, do you?

If you enjoyed this post, make sure you subscribe to my RSS feed!

Promoting your website can be a daunting task: it feels like there are thousands of ways to do it, but all of them take a lot of time or money for no guaranteed return. To help solve this problem, I’ve compiled a list of ten easy ways to promote your website.

1. Advertise in the Media. Now, you might have already ruled out advertising in newspapers and the like as too expensive, especially since the chances are your audience doesn’t live in any specific local area. That mostly rules out radio, too, and TV is even more likely to be out of your reach. What you might not have realised, though, is that you should stop looking at the general media and start looking at the specialist media for your area. For example, if you run a house-buying website, you could advertise it in specialist property magazines, and even on ‘lifestyle’ cable channels that show programmes about moving home.

2. Write Your Web Address on Things. If your business has any physical objects, whether it’s a product, a carrier bag or just the front of your office, make sure to write your web address on there. Even if people don’t keep or remember the exact address, it at least lets them know that your website exists.

3. Give Out Leaflets. There’s nothing wrong with a bit of old-fashioned paper promotion: leaflet as many areas as you can. The chances are that your website is targeted to a specific demographic rather than an area, but the post office will be surprisingly helpful when it comes to getting your leaflets where they need to go, if you ask them.

4. Go to Specialist Events. If there’s some kind of trade fair for the industry your website is in, turn up to it and promote your website. While there might not be all that many people there, the ones who are there will be influential, and can get your site talked about.

5. Put it on Business Cards. It should go without saying, but once you’ve gone to all that trouble to set up a website, don’t forget to put it on your business cards. After all, if you’re relying on them to get people to phone you, why not give them the option of reading more about you on your website?

6. Astroturf on Forums. An often overlooked way of getting traffic to your website is to participate on forums related to the subject and put your web address in your signature. This gets you more traffic than you’d think, especially at very popular forums.

7. Create Controversy. A great trick to promote your website is to use it to say controversial things: as the saying goes, any publicity is good publicity. This works best if you say something that you know will be provocative to a certain kind of person, getting it linked from all over the place. Bear in mind, though, that this strategy is better for advertising-driven websites than it is if you’re trying to build a reputation and make sales directly.

8. Keep a Good Blog. While more and more businesses are starting blogs, few of them are doing it right. If you’re using your blog to publish product announcements in corporate-speak, it’s useless. You need to remember a simple mantra, ‘views not news’ make sure your blog has something interesting to say.

9. Buy Search Engine Ads. Many people seem to think it’s some kind of admission of defeat, but search engine advertising can work very well, especially with keywords that aren’t already cluttered with ads. If you do it right, you can get very targeted ads very cheap indeed, ironically, the more targeted the ads, the cheaper they tend to be.

10. Start an Affiliate Program. Finally, if you’re selling something, don’t forget that old standby of web marketing: the affiliate program. Offer visitors a cut of the profits if they can sell your products for you, and all of a sudden you’ve got a crack sales team raring to go. The only trouble with this plan is that everyone is doing it, so you’ll need to offer a high percentage of your profits to your affiliates to make the offer attractive to them.

If you enjoyed this post, make sure you subscribe to my RSS feed!

One sticky point with many websites is this: they have absolutely terrible search engines. It does make sense, in a way, as searches are complicated to program for, and it takes time to write or implement a search engine on your site. Still, if you do search badly, it’s worse than not doing it at all.

Stick to Conventions.

If you look at the established search engines – Google, Yahoo, MSN and the rest – you’ll see that they follow a clear set of conventions when it comes to displaying search results. The titles of pages are large, underlined blue links, and they’re followed by an extract from or description of the page, and then the page’s URL. It looks like this:

Title of first search result
… here is the text where the keyword was found in the search result. the keyword will be in bold…
http://www.example.com/articles/123

Search results are ordered most relevant first, and are split across pages if there are a lot of them. The search box should remain at the top of the page with a search button, in case the user wants to edit their search. There should also be an ‘advanced search’ link, to help users make more complicated queries to your search engine (for example, pages that contain one thing but not another, or only pages in a specific section of the site).

There are many more conventions – study established search engines in some detail to figure out which ones will be important to you when you design your search. However much you might feel like it’s bad to just copy the search engines, they all copy each other anyway, and the reason they do it is that consistent interfaces are a big aid to usability.

Learning from PageRank.

Google’s idea of ranking pages by link popularity (that is, the number of pages that link to them using a keyword) is a good one, but lots of people seem to have forgotten it. Why? Well, because it doesn’t work all that well for indexing the whole web, where it’s easily gamed. When you’re doing searches across your own website, though, where you control the content and no-one can try to distort the link rankings, it’s a technique that works much better than counting the number of times keywords occur in each page. Of course, this assumes that your site links to other parts of itself well (it should, for the sake of rankings in the real search engines) and that your site is reasonably large.

Installing Search Software.

At this point, you’d have a big project on your hands if you decided to write your site’s search engine yourself. It’s much better to take an existing, open source solution written in whatever language your site runs on, and then adapt it to your own purposes in whatever way you need to. Good places to look for open source site search software are sourceforge.net and freshmeat.net, which both allow you to search by language and sort results by the popularity of the software.

Outsourcing Search.

Finally, if you don’t want to go to too much trouble with your site search, you might consider outsourcing it altogether: that is, making your search box send the user to the search results for your site at an external search engine. More and more sites with outdated or useless search engines are starting to do this, realising that they’re putting off users by forcing them to use bad search engines.

If you want to offer a Google search for your website, go here: http://www.google.com/services/free.html. Yahoo and MSN offer similar services, but they’re nowhere near as popular. You should really only consider outsourcing your search as a last result, as it looks amateurish unless you pay to customise it with your logo and design, and it may also have the unintentional result of sending your visitors back out onto the web instead of keeping them on your site. Still, if you really don’t have the time to spare to make a good search, it can be a useful alternative to have.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Paint Shop Pro is one of the most popular image editors out there. Even though it’s increasingly geared towards digital photography, you’d be surprised just how useful it can be to web designers.

Features.

So what features does Paint Shop Pro have? Well, for a start, it supports just about every image format there has ever been. It can ’smart fix’ photos, to sort out any brightness and colour issues, but you can still adjust everything about your images manually if you want to. You get ‘picture tubes’, tiny little pieces of stock photography that can spice up your designs.

You also get all sorts of ‘arty’ effects that can make your images look like they were drawn in oils or chalk, and you can even create authentic looking black and white pictures. The selection tools are second to none, letting you select areas freehand, by shape, or using other factors like colour and brightness. PSP is especially good at removing foreground elements from their backgrounds, and letting you combine one image with another using layers.

Finally, of course, all the basics are there – resize, crop, rotate, blur, and so on. Resizing works especially well, giving a much smoother result than lots of other graphics editors do. In the latest version, PSP tries hard to make everything it can ‘one step’ or ‘one click’, which is quite a relief to those of us who’ve been using it for a while – with each version, the program gets easier to learn and use as well as a little more powerful.

Logos and Navigation.

Paint Shop Pro excels when it comes to producing logos and navigation elements.

Its text tools let you produce smooth, anti-aliased text in your favourite font, and position it exactly the way you want to create a logo. You’d be surprised how many good effects you can get by rotating your text, and PSP has an excellent feature that lets you curve your text around any shape you want to.

When it comes to navigation, PSP’s font functions excel again: it’s dead easy to copy one navigation element as many times as you want and add different text to it each time, thanks to the program letting you edit text as much as you like even once it’s been placed into the image.

Producing Mockups.

I have to admit, though, that my favourite thing to use Paint Shop Pro for is producing mockups. It’s so easy to create the boxes and text that make up a web page, and paste it any images you might need. You can have an accurate image of your website ready within ten minutes or so, and save it in a format your web browser can view, so you can get a better idea of what it would look like ‘for real’.

Even better, once you come up with a mockup you like, you can select parts of it to save and use them in the final version, in whatever image format you want. Once you know a little CSS, you can do most of your design work in PSP, using HTML and CSS as the glue that holds your image-based site together.

Photoshop Plugins.

Finally, one of the most notable things about Paint Shop Pro is that it supports Photoshop’s plugins, giving you access to a lot of the features Photoshop users rely on without having to actually shell out for Photoshop. Of course, Paint Shop Pro has plenty of plugins of its own available too.

Where Can I Get Paint Shop Pro?

Paint Shop Pro used to be shareware sold by its creators, Jasc, but it’s now owned by Corel (www.corel.com). It sells for around $50, which is a lot cheaper than anything comparable on the market, yet it does everything that most users would ever want it to do – the most recent version even adds CMYK, a big reason why many people stayed with Photoshop. You may even already have a copy, as plenty of computers and scanners come bundled with it now. If you don’t, though, you can download a 30-day free trial from corel.com.

If you enjoyed this post, make sure you subscribe to my RSS feed!

If you’re like 90% of web users, then you use Internet Explorer, Microsoft’s web browser. Why? Well, because it comes with Windows, usually, and it’s there on your desktop when you first want to use the web. When you’re creating a website, however, you have to consider the other 10% of the web’s users – the ones who use alternative web browsers. If you don’t test your site in each one of these browsers, you might be in for a nasty surprise when a large part of the web can’t use it. Here’s a guide to the most common alternative web browsers.

Mozilla.

While Mozilla is a web browser itself, it is also an engine (Gecko) that powers a lot of other web browsers. The Gecko code is free and open-source, created by Netscape, and is currently Internet Explorer’s biggest competitor. It works on Windows, Mac, Linux, and almost everything else out there.

The advantage of Gecko is that if you’ve tested with one of the Mozilla browsers, your site should work on all of them. The Mozilla browsers include Mozilla Firefox, Netscape, Camino, Kmeleon, and lots of browsers for the Linux operating system. You’ll probably find it easiest to download Mozilla Firefox from getfirefox.com and test your website using that.

Opera.

Opera is, in many ways, the alternative alternative browser, for people who are too odd to even want to use a Mozilla browser. It’s very much a niche product, developed by a small Norwegian company, and many more technical users like it because of its constant innovation when it comes to features – anything you like in another web browser was probably available in Opera first. Opera is for Windows, Mac and Linux.

You can download a free version of Opera from opera.com. It has ads, but it’s perfectly fine for testing. If you like Opera enough to actually use it for your own web browsing, you can pay a one-time fee of around $40 to remove the ads.

Safari.

Safari is now the official Mac web browser, which means that it’s important to test on it if you want Macintosh users to be able to see your website. Unfortunately, Safari doesn’t run at all on Windows.

However, Safari uses the same engine as a browser called Konqueror, which can run on PCs on the Linux operating system. Linux is free, and you can easily download it, burn it to CD, and run it straight from the CD. Knoppix (www.knoppix.com) is a popular and easy to use kind of Linux for this purpose.

Alternatively, if you don’t want to mess around with a whole other operating system, you could try a service like BrowserCam (www.browsercam.com). They will load your website into many different browsers, and then send you pictures of it to let you see if there are any problems that need to be fixed. Because of the bandwidth and the number of computers that have to be involved, though, most of these services aren’t free.

Lynx.

Lynx works on a lot of very esoteric operating systems, but works fine on Windows too. It’s a text-only browser, and it pays no attention to layout or graphics. You can download Lynx at lynx.browser.org.

Why would anyone want that, you wonder? Well, Lynx is mostly popular among blind people who use screen-readers to turn web pages into speech. How well your web page works in Lynx is often considered is often considered to be a test of how accessible it is to anyone with disabilities, as well as to anyone who turns off things like Javascript in their browser settings.

The very worst sites will come back with a message telling users to download a supported browser when they’re visited in Lynx – never do this. You should be aiming to make sure that Lynx users can see a basic, text-only version of your site, with easy-to-use navigation. If your site doesn’t support this, then it’s probably breaking all sorts of disability discrimination laws, and you should fix it as soon as you can.

For more information, you might like to visit the Viewable with Any Browser Campaign at www.anybrowser.org/campaign.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Before you can start a website, you need to come up with a domain name. The domain name is the name of your site on the web – the ‘www.yourname.com’ that people will type in their browsers and see at the top of every page of your website. Obviously, it’s important to choose a good one.

Not Just Dot Com.

Many people don’t realise, but the web has a lot more to offer than just .com addresses. .com is primarily intended for companies (the ‘com’ is short for ‘commercial’) – alternatives include .org (organisations) and .net (intended for Internet service providers). There are also kinds of domains that you can’t get for yourself, including .edu (educational institutions) and .gov (government departments). In most cases, you should be looking at .com if you’re a ‘real’ company selling physical products, .org if you’re non-profit, and .net if you’re web-only – but if you can get a good .com, it’s often worth having just for the prestige and recognition factor.

There are some addresses that have been made available more recently, such as .name (for individuals) and .biz (for companies). They aren’t yet well-recognised, though, and both seem like a bit of a joke – asking customers to go to yourname.biz to get to your business website just makes you sound dodgy, so you should avoid it for now. You should also look out for fake domains like .shop and .free, which are sold at some places but won’t be accessible by most of the Internet.

On top of all that, each country gets its own code, and is free to divide it further how it sees fit. The United Kingdom, for example, owns .uk, and has divided it into .co.uk (companies), .org.uk (non-profit), and .me.uk (individuals), as well as a few non-public areas like .ac.uk (academic) and .gov.uk (government). If you want people to know where in the world you are, or you can’t get the .com name you want, a country address is a good alternative.

Choosing a Name.

Domain names aren’t at all expensive any more, but millions of them are already taken – it can feel very difficult to come up with one for your website. Here are some tips:

First of all, give up on any single word that can be found in a dictionary. There are people monitoring these domains constantly and buying them the moment they become available. It’s also not really worth trying anything under four letters long, especially under .com, because you’re deeply unlikely to find one.

The best thing to do is to come up with a series of three words or so that describes your website. You’ll need to think around this problem. If you’re registering a business website, you might want to include something in the domain to distinguish it from other businesses with the same name – the town where you’re based, for example.

If you want to get ranked high in search engines, it’s worth considering what your potential customers would be searching for when you’re registering your domain name.

If you’re trying to register your own name, then you might just be plain out of luck. Look at every kind of address you can think of. One common trick is to register a domain in a country where you don’t actually live, and use the last two letters as part of the domain – Robert Smith, for example, might register robertsmi.th, even though .th belongs to Thailand.

Finding a Registrar.

Once you’ve made a list of domains you’re happy with, the next step is finding a registrar: godaddy.com, namecheap.com and registerfly.com are some of the cheapest out there right now. Really, anything over $10 per domain is a rip off – shop around.

When you type your chosen domains into a registrar’s search box, they will tell you whether or not each domain is available, and how much it would cost. Prepared to be surprised by some of the truly obscure names that are already taken, but don’t give up.

Finally, when you’re registering your domain, make sure to put in genuine contact details, as it can be taken away from you if you don’t. You should also remember the username and password you use, as you will need them before you can point that domain to your website.

If you enjoyed this post, make sure you subscribe to my RSS feed!

When it comes to accepting online payments and other sensitive information over the web, normal HTTP just doesn’t cut it. It’s an insecure method of communication where everything is sent over the wire in cleartext – it’s completely trivial for anyone in a network administrator position at a business or ISP to gain access to the network, and most networks are even vulnerable to ’sniffing’ by non-privileged users of the network.

Things are bad enough that you really shouldn’t even transmit any passwords without taking additional security measures, unless the things the passwords give access to are entirely trivial – put simply, as a webmaster, you need to be worried about encryption and security. But how can you add them to your website? Well, it’s not as difficult as you think, because there’s a standardised way of doing it: SSL.

What is SSL?

SSL stands for Secure Sockets Layer. It is a method of using cryptography to make sure that communication between a server and a client is secure: in other words, data sent can’t be intercepted or tampered with in any way. SSL works using a variety of encryption methods, but the most important feature is that SSL certificates effectively certify that a site is the real thing, which helps to prevent spoofing. When SSL is combined with HTTP, it becomes HTTPS (Secure HTTP), a powerful way for web browsers and web servers to send sensitive data back and forward securely.

If all that was over your head, maybe I should put it to you in the way that your customers will. SSL is what makes their web browser come up with the little padlock symbol that means your website is secure for them to enter sensitive information into. If there’s no padlock, they don’t want to do business with you.

However, you should also be aware of what SSL is not: it isn’t a complete security package. If you transmit data over HTTPS and then store it in a database unencrypted when it reaches your server, someone with access to the database will still be able to easily retrieve the data. SSL is not the answer to everything – it’s simply a way of avoiding anything happening to the data while it’s ‘out there’, travelling across the Internet. Of course, your customers are unlikely to realise that (they think the padlock works like magic), but you at least should.

Levels of Encryption.

There are three main levels of SSL encryption: 40-bit, 128-bit and 256-bit.

It’s very important to emphasise at this point that 40-bit SSL is now outdated and deprecated: you would be a fool to use it. The only reason 40-bit encryption was available to begin with was because the US government was initially afraid of exporting cryptographic algorithms that were strong enough to be used against them: 40-bit was strong enough for most web uses, but still weak enough that they could break it by brute force with their powerful computers. The US was persuaded to relax the restrictions when the government realised that they were doing nothing but forcing IT development to other countries, but by then there had been widespread adoption of 40-bit encryption.

Now, years later, there’s really no reason to be using it. You should go for 128-bit as a minimum, and preferably 256-bit – what you can afford will likely be dictated by the value of the goods you sell. If you think anyone is likely to try to break your encryption, you should get the best you can.

How Do I Use SSL?

If your web host supports SSL, then it should already be all set up for you (if you host your website yourself, then you might like to take a look at the tutorials at modssl.org to get it installed). However, before you can use SSL, you need to get certified – that is, buy an SSL certificate from one of the trusted certificate authorities. The big three are VeriSign, GeoTrust and Thawte, but they charge relatively high prices.

The whole thing works more-or-less the same way as buying a domain name, and, in fact, many domain registrars resell certificates – you can often get a better deal from them than you would from one of the big companies. You can often find perfectly good certificates for as little as $30 per year, if you shop around.

If you enjoyed this post, make sure you subscribe to my RSS feed!