The web is moving toward a time where all websites use SSL on all pages by default:
A secure SSL certificate was previously only necessary for checkout pages and those handling sensitive data. At BFI we’ve tended to only recommend them for websites that don’t outsource card handling to pages hosted by SagePay, PayPal or similar.
Since 2014 Google has been gently guiding us towards a more secure web – a project they called “HTTPS Everywhere” – indicating that in the future HTTPS would be used as a ranking signal (albeit a tiny one) when determining where to rank website pages in the search results. So far, the impact of that has been very minor.
Fast forwarding to the end of 2016, Google have stepped up the encouragement, releasing an update to the Chrome web browser that will “mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
This is part of a plan to eventually mark all HTTP pages as “Not secure”, regardless of their nature:
What does this mean for me?
In the short-term, it means that from the end of January 2017, websites with log-in pages – members areas, customer accounts, back-end admin pages etc. – that don’t use HTTPS:// in the URL will show a “Not secure” message in the address bar on Chrome:
Although Google Chrome will be the first browser to do this (Chrome has 46% of the UK market share), Firefox follows closely (11% of UK market share). It’s only a matter of time before the remaining browsers (Safari, 21%) and Microsoft Edge (6%) do the same.
To prevent this “Not secure” message showing on your log-in pages, it’s best to upgrade your website to use SSL.
In the long-term, Chrome will be warning when ANY page is not secure, so at BFI we’ll be building all new sites with “HTTPS everywhere” by default.
What are BFI’s plans?
BFI will contact all customers directly to arrange an upgrade. You’ll be contacted December 2016 through to February 2017, depending which server you’re on. Customers on our “Premium” & “Dedicated” hosting packages will be upgraded first, then those on our “Standard” hosting packages will follow. (This is due to our “Standard” servers requiring a software upgrade and it’s not sensible to do that during peak trade at Christmas.)
What should I do now?
For now, just sit tight. If your website is affected, BFI will be in touch when your website can be changed and you’ll be able to order the upgrade for your site. For most sites a basic certificate will cost £49/year + VAT and it’ll cost around £170 + VAT to implement.
There are a lot of websites to upgrade and not a lot of time, so upgrades will be applied on a first-come-first-served basis. Once contacted we would urge you to book your upgrade quickly (you can pay online) to avoid delay.
Take a look at our feature page to find out more about our WooCommerce WordPress plug-in:
If you’re an existing customer we can install & configure the extension free of charge; if you maintain your own website code the plug-in is instantly available to download after payment.
We’re testing our pilot stores through April 2016 and are currently taking pre-orders.
Keep an eye on our V12 page for the latest details and how to pre-order:
V12 Retail Finance integration with WooCommerce
Despite campaigns recently to increase awareness about the need for secure passwords in the UK, many web users leave use themselves open to hackers by choosing easy to guess and insecure passwords. A survey by Visa Europe found that “over three-quarters choose passwords relating to friends, family and memorable dates” whilst following a phishing attack on Twitter it was found that the five most common passwords are: password1, abc123, myspace1, password.
- 66% of users use the same password for more than one website
- 46% of users use the same 2 to 3 passwords for every website they access
- 45% of users use passwords made up only of dictionary words or names (the most easily cracked)
The lack of proper password security is one of the factors contributing to the ongoing problem of online fraud in the UK. The UK Cybercrime report identified the following worrying statistics: Read the rest of this entry »
Website owners who use Google Analytics generally want to see where traffic is coming from and what keywords/phrases they used. It is easy to become frustrated especially when we see large amounts of visits being labelled “not provided” or “not set”.
But what exactly do they mean? We will try and explain in more detail below.
There’s a mandatory change being made by SagePay this year migrating all customers from protocol v2 to v3. If you run a BFI ecommerce website, it’s likely that your current payment integration will no longer function after July 31st 2015. To continue taking online payments into August, your website must be updated to use the new v3 protocol.
Unless you ask us not to, your website will be upgraded from SagePay v2 to SagePay v3 during May & June. This will be a billable upgrade.
The upgrade process is low-risk and will work as follows:
- We’ll contact you to arrange the upgrade. One of the BFI team members will let you know the price & the upgrade date.
- We’ll build a new additional v3 payment module and apply it to your live website, but we won’t enable it.
- We’ll configure and test the v3 module, without live customers being able to see it.
- Once tested, we’ll enable the v3 module and give you a call. You’ll be able to put through a live transaction using your card, and then refund it.
- Once this second test is complete, we’ll remove the old v2 module from your website.
- The upgrade is complete.
At the moment there is nothing you’ll need to do. We’re working through our clients in batches and will contact everyone affected in the next 4-6 weeks to arrange your upgrade.
It’s likely that SagePay will have emailed you already, and may call too. You can let them know that everything is in hand and refer them to this page. We’re planning for all websites to be upgraded by the end of May 2015.
Introducing Direct Debit for our customers
BF Internet have an easy way to pay your invoices by Direct Debit. This allows you to pay invoices automatically, direct from your bank account.
You can authorise for payments to be taken for:
- All annual hosting and domain invoices
- Invoices for design & development work
Once you’ve authorised payments, we do the work automatically. This saves you time, leaving you free to concentrate on your business rather than boring admin tasks.
Registering for Direct Debit Payments
If you’d like to start using Direct Debit payments, you can register today in 2 ways:
- Visit www.wearebfi.co.uk/dd-signup to sign up
- Contact our Accounts department to request an authorisation email
Signing up online
- Fill out this online form – www.wearebfi.co.uk/dd-signup. We use GoCardless to process payments, if you don’t already have an account with them you’ll be prompted to create one.
- Once you’ve entered your bank details, you’ll be set up for Direct Debit payments.
- BF Internet will contact you for future invoices to see if you’d like to pay them by Direct Debit.
- BF Internet will notify you 3 days before any payments are taken via Direct Debit.
Signing up via email
- Contact us and request for an authorisation email to be sent out to you.
- Follow the link in the email, check the details are correct and submit the authorisation.
- BF Internet will contact you for future invoices to see if you’d like to pay them by Direct Debit.
- BF Internet will notify you 3 days before any direct debit payments are taken.
We love GoCardless
Interested in using GoCardless to accept Direct Debit payments for your own business? Click here to find out more – www.wearebfi.co.uk/we-love-gocardless
It is no secret that for the majority of ecommerce website owners, generating more traffic and sales is the key to success. Knowing where to start and what to do is not always clear which is why we have decided to create our own practical guide to Ecommerce SEO.
Before you start to think about optimising your website, you need to have a plan. You may already have a good understanding of which keywords/phrases are important (get in touch if you don’t) but don’t just stop there. Take some time to type those phrases into Google and see who already appears on page one.
Press release, courtesy of Moore & Smalley and Freshfield PR:
When Mark and Lucy Fuller became frustrated with the lack of a suitable system for managing bookings at their South Lakes Hotel, the entrepreneurial couple decided to create their own.
The booking system they designed, in partnership with a web development agency BF Internet, has been so successful at maximising sales and improving efficiency, they have decided to launch a new venture offering the software to other hotels and accommodation providers.
Direct Room Sales has been designed specifically to help smaller independent hotels offer online sales, manage room allocation, and take electronic payments, all within their existing website.
Mark, who owns The Sun Inn at Kirkby Lonsdale with wife Lucy, said: “For smaller hotels, such as those with fewer than 20 bedrooms, there was nothing out there in terms of software that enabled them to manage online reservations in the efficient way that larger hotels do.
“We wanted a system that allowed us not just to sell our rooms online, but to sequence those room sales in a logical order, offer packages and extras, and do things like automatically change room pricing structures for weekends or certain times of the year. A key feature for us was the link into our EPOS to automatically charge the guest room account.”
2013 sees an overhaul of our hosting packages, which we’ve recently updated onto our website. After listening to feedback from our customers the new range includes a wider choice of upgraded and premium shared hosting packages, offering increased server resource, uptime and support for businesses who rely on their website as a key source of income.
When putting together a hosting package, it is the physical rack space that makes up the bulk of the cost, rather than the hardware itself. By upgrading our hardware specifications to allow servers to be shared between 5-10 websites, we’re able to offer this new range of competitive commercial packages. Sharing the rack space means enterprise features are available at the fraction of the cost of a dedicated machine, whilst offering comparable performance & uptime levels.