04/17/2018

What is an Extended Validation (EV) SSL Certificate?

Chrome ssl

SSL secures the transmission of data passed between your web browser and the web server. When you enter data into a comment, or pay for something online, the information flows over the internet securely if and only if, the connection is secured by SSL. It turns out that there are 3 different types of certificates and they are indicated very differently by web browsers.

Insecure transactions will soon show "not secure" by Google Chrome as displayed below. Currently they show an i with a circle around it, but that will change this summer with the release of Chrome 68. Here is how all websites without SSL will display:

Treatment-of-http-pages2x

Below is a comparison of the 3 different security states a website can appear currently:

3 types of SSL certificates

There are 3 different types of security certificates available for websites, Domain Validated (DV), Organization Validated (OV) and Extended Validated (EV). Domain Validated certificates can be obtain by anyone, and even for free using Let's Encrypt. These are the simplest to obtain because they do not need any validation other than some sort of control over the website you are securing. This means just about anyone can obtain and secure a website, even for $0. Even though these websites are secure, you have no idea exactly who owns or runs them so the trust level for DV secured sites should be quite low. Situations where trust and credibility are less important such as personal websites and small forums that need basic encryption for things like logins, forms or other non-transactional data.

An Organization Validated certificate has different procurement requirements. To obtain an OV certificate the issuing certificate authority (CA) has to confirm the organizational existence using a non-automated method. As well as checking up on ownership of the domain name, the Certificate Authority will also carry out additional vetting of the organization and individual applying for the certificate. This might include checking the address where the company is registered and the name of a specific contact. OV certificates should be used for public-facing websites dealing with less sensitive transactional data. OV Certificates do not offer the highest visible display of trust like EV certificates which show a green browser bar organization identification.

The Extended Validated certificate is the current gold standard in SSL certificates. Any business that sells products or accepts payment information online should use an Extended Validation (EV) SSL Certificate. An EV certificate uses the same powerful encryption as other SSLs, but getting one requires a thorough vetting of the applicant's business. Only those businesses that pass this process will receive an EV SSL Certificate. Typically the use of an EV certificate is indicated by a green color – but this varies by browser. Anyone who sees the green address bar while on your site knows instantly they’re on a legitimate website.

EV verification guidelines, drawn up by the Certificate Authority/Browser Forum, require the Certificate Authority to run a much more rigorous identity check on the organization or individual applying for the certificate. Sites with an EV SSL certificate have a green browser address bar and a field appears with the name of the legitimate website owner and the name of the Certificate Authority that issued the certificate. From the CA/Browser Forum:

Having an EV certificate for your website is an indication to your customers (or users) that you are very interested in ensuring their safety and privacy by taking the most care that you possibly can in authenticating yourself (through your web site) to them. Even though it might take more time and money to apply for an EV Certificate, after following the application procedures through to successful completion of the vetting process, the CA will issue an EV Certificate to you. 

Before an EV Certificate is granted, a certificate vendor verifies that the business listed on the application is:

  • Legally registered
  • Currently in operation
  • At the address listed (PO Boxes are not allowed!)
  • At the telephone number listed (Voice mail systems will not be allowed for validation, there must be someone answering the phone!)
  • Owns the website domain name (usually done thr0ugh a CNAME record, a file placed on your server or by email.

You will need to pass this vetting process every two years to keep your Extended Validation (EV) SSL. 

Most types of organizations can get an EV certificate relatively easily if they have an established business background and are located in a jurisdiction that provides good online access to records of incorporation or registration.  But regrettably, there are a few types of organizations and a few jurisdictions for which there just isn’t good enough external registration information available in order for the CA to be sure enough of the details supplied by the person applying for the certificate for the CA to be able to easily issue an EV certificate.  For example some CAs do not accept PO Boxes as the organizational mailing address (even though the IRS or a local tax jurisdiction does!). Generally, if your organization is incorporated or fits into one of the more common business types such as an LLC or 501(c) not for profit, then you should be able to obtain an EV certificate.  Here's an example EV Certification Checklist from Comodo should you decide to go this route. It takes time and you should confirm your registration information is up to date and the phone number on file is answered by a person (not a voice mail service).

 

03/05/2018

WordPress.com Supports Plugins and Themes

Wordpress plans
WordPress.com plans

Automattic, the company behind WordPress.com, has upped their game by allowing plugin and theme installations on the business offering of WordPress.com. For $33 CAD ($25 USD) per month you have access to a fully managed WordPress website, but there are some features missing from this new entrant into the custom WordPress hosting space.

Until sometime in August 2017, WordPress.com severely restricted the use of themes, offered no plug-in installations and limited the access to CSS for theme customizations.  The ability to install plugins, themes and customize CSS made WordPress.org the most popular platform in the world. Automattic’s hosting options were great for hobbyists and people running personal blogs, but not for businesses. That all changed late last year.

By giving WordPress.com customers the ability to install themes and plugins that satisfy most business requirements, Automattic could draw millions of customers from the existing WordPress hosting services.  The question is, has Automattic offered enough technology and service at each price point to deter the average website builder from installing and maintaining their own copy of WordPress?

There is no cut and dry answer to this question because every user has a different set of priorities. Automattic’s various service plans are compared on their website, and every website at WordPress.com now comes with a free SSL certificate and a few necessary plugins that are auto-installed. With the addition of the plugins, hosting at WordPress.com is now a viable option for business users.  

We’ll start by examining the free plan which used to be very cookie-cutter because users were offered only a yearly theme (2016, 2017 etc.) Now the free plan has dozens of themes to choose from, and several plugins are included. You can store up to 3 GB of files for pictures, audio and video, and even the free version comes with Jetpack essentials. Jetpack essentials is the most popular WordPress.org plug-in and offers features such as social media share buttons, stats and analytics about your traffic, site security, faster content delivery, a subscription system, and multiple site management from one interface. Some features in Jetpack you have to pay for such as VaultPress which offers back-ups and restoration for your site for $39/year.  The free plan will still insert “wordpress.com” in your domain name and you have no choice but to host ads on your site.

Where things become interesting is in the Personal plan for $5 a month. On this plan you can have a custom domain name and you get rid of all the WordPress.com ads that are sprinkled in the free sites.  Along with hosting and looking more professional, you get support by email and live chat, 6GB of storage space and email forwarding for five custom email addresses such as yourname@yourdomain.com.  WordPress.com only offers email forwarding and not email hosting so you have to go with another provider in order to be able to ‘send’ from your custom email address.  G Suite is available through WordPress.com for another $5/month per user but their email hosting is $50/mailbox/year. Note that to support email inboxes with WordPress.com you have to register your domain with WordPress.com (or transfer it to them).

The next plan up is a $10/month Premium plan where you get everything already mentioned in the Personal plan, plus access to all the Wordpress.com themes - there are about 300 of them to choose from. You also get full access to the CSS code in order to totally customize your your theme, an ad-free video player (Automattic’s VideoPress product), 13 GB of storage space and the ability to monetize your site through Automattic’s WordAds program.  

WordAds is a proprietary program only for WordPress.com sites that combines the features of Google Adsense and Adwords.  Adsense is actually one of the many partners that WordAds manages in this program.  Drawbacks include restricted participation in WordAds unless you get thousands of hits per month and they offer less control than Google’s Adsense over which ads are displayed on your site. Since its a new program, there’s no data yet on revenue generation as compared to Adsense but it will be interesting to see the stats on this program as it unfolds.  

The next plan is a big leap in price and options with the Business plan at $33/month.  On the Business plan you get unlimited storage, access to live training, SEO tools, access to the entire 50,000+ WordPress plugin directory, the ability to install custom themes from the theme directory and Google Analytics integration.  eCommerce, the ability to transact online, is delivered through plugins, so until the cheaper levels of WordPress.com include Woocommerce or another eCommerce option, the Business Plan is the only level where you can ‘sell’ on your site.  

Every WordPress.com site comes with one free, perpetually renewed SSL certificate which can save you up to $100/year from having to buy your own certificate. That’s 3-10 months of savings right there depending on which plan you buy. When you’re protecting your site with SSL your customers will be ensured that the data and their traffic is encrypted and no warning messages will appear due to lack of encryption. More importantly a little “secure” lock will appear on every page of your site, even if you don’t sell anything online. Google loves SSL so you get an instant SEO boost by having this certificate.  Some managed hosting companies, such as GoDaddy are countering this offer by also offering free SSL for every site on their premium levels of Managed WordPress Pro hosting.

WordPress.com charges for each site on an upfront annual basis so you’re locked in for a year with their plans, and there is no month to month payment schedule or any discounts for paying for a year.  

Now let’s compare the WordPress.com offering to Managed WordPress hosting offerings from web hosting and internet domain companies:

Managed hosting usually includes server monitoring to keep your site up and running, as well as proactively dealing with issues like security, back-up and restore, staging sites, storage space and support.  By putting your site in the hands of professionals, you are less likely to incur security breaches or have site downtime and you can choose a plan that meets your needs and budget.

As for pricing, let’s take GoDaddy Managed WordPress as an example. Their normal price is CAD$11/month for their basic managed WordPress (a domain, hosting, 1 WordPress site plus 1 staging site, daily back-ups and automatic core WordPress updates.  A visual page editor is also included as well as 24/7 support phone.)

GoDaddy is currently offering a 1 year discount of only $1.49/month including a Microsoft Outlook mailbox with 5GB of storage.  They are offering the same service on an monthly basis for $6/month.  GoDaddy’s regular pricing is $11/month for the Managed WordPress and $8/month for Office 365. GoDaddy has made the free domain contingent on an upfront annual payment so they are also looking for the one year commitment although they have more flexibility in their plans by offering monthly options.

GoDaddy includes SSL in all their Managed WordPress Pro pro plans which start at $20/month for 1 website. Most of their Managed WordPress Pro plans support the ability to manage more than 1 website from one account, which is not easily possible from WordPress.com. In fact you get a discount if you set-up a 5 or 20 website plan account with GoDaddy. These plans are aimed at web designers, developers and freelancers who build sites for customers rather than end users of WordPress.

After looking at WordPress.com and GoDaddy Managed WordPress if you are dealing with multiple websites, it will probably make more sense to go with a managed WordPress host for multiple WordPress.org collection of sites.  If you only have one site, have little interest in tweaking the theme you’re using and are only looking for an easy and low-cost way to get online, WordPress.com may be your best solution.  

Deciding between WordPress.com and managed hosting with WordPress.org is an interesting debate and we’ll revisit the discussion as we work with more of the WordPress.com plans and see how the Managed WordPress providers react.

02/19/2018

General Data Protection Regulation (GDPR) and Wild Apricot: May 25, 2018 is GDPR Deadline

On May 25, 2018, the European Union will begin enforcing a new set of data protection regulations, known collectively as the GDPR (General Data Protection Regulation). The GDPR regulates the collection and storage of personal data for EU residents (including UK residents), regardless of where the organization doing the collecting is located.

The GDPR replaces and expands upon the 1995 Data Protection Directive. The biggest change is the extended reach of the regulations, now applying to all organizations that collect the personal data of European residents, even if those organizations are based outside of Europe.

Consequently, Wild Apricot and any of its clients with members in Europe need to understand the requirements of the GDPR, and set up procedures for complying with them.

If your Wild Apricot database contains information about any European Union residents, please let us know and we can help you identify whether your organization is compliant with GDPR. Wild Apricot has begun auditing their processes and software for GDPR compliance, but as of February 2018 Wild Apricot staff have not completed the audit or any remediation actions. Organizations in breach of the GDPR can be fined up to 4% of their annual global revenue or €20 million (whichever is greater). There is a tiered approach to fines, whereby an organization can be 2% for not having their records in order, 2% for not notifying about a data breach, and so on.

 

02/16/2018

VIDEO: Using CSS to Customize the Main Menu System in Wild Apricot

The Kaleidoscope theme in Wild Apricot is beautiful! Changing the main menu design though is not something that can be done by pointing and clicking. You need to use CSS to modify the menu. This snippet of CSS code will help you modify the main menu in Kaleidoscope and Bookshelf, two themes that share the same menu styles.

Step 1. Download the CSS code

Step 2. Use the Website > CSS  option to copy and paste the CSS code, or use the WebDAV approach to create or edit the user.css file.

Step 3. Modify the various color and background options to your heart's content until you have the menu working just like you would like.

Hint: Popular colors are available online at W3Schools. You may wish to use your own hexadecimal colour values that start with #.

02/13/2018

VIDEO: The new Wild Apricot Membership App

The new Wild Apricot membership application is a breakthrough for membership-based organizations. Now your members can interact with your organization from their iPhone or iPad! The member directory is searchable, you can check out your profile and you can register and pay for events. There is even a place to store your tickets. This app joins the admin app as the second mobile app Wild Apricot has released.  Here's a short demo of the capabilities of the new membership mobile app for Wild Apricot.

VIDEO: Managing your Wild Apricot files using WebDAV

Your Wild Apricot account includes space to store files such as documents, pictures, and videos. Normally these are managed in the Files Manager. You can also edit user-defined CSS in the Website > CSS screen. To manage your files – upload, download, organize, delete, or rename them – you can go to the Files screen within Wild Apricot, or you can use WebDAV to  edit your files without touching the web browser. Using WebDAV allows you to copy multiple files or folders at the same time, and it is a much faster mechanism to edit your CSS. 

If you do a lot of CSS editing in Wild Apricot, you use your favourite editor (ours is Notepad++), make changes and refresh them instantly in the public view of your website. No more going into admin to tweak a bit of CSS and back into Public View. Check out the short video below for a real time saver!

02/12/2018

VIDEO: Using the Wild Apricot Sample Excel Spreadsheet

There is an alternative way to export all membership fields, contacts and members from Wild Apricot directly into Excel. Wild Apricot has created an Excel spreadsheet that access the Wild Apricot API to extract any piece of information from the Wild Apricot database. Currently the Excel spreadsheet only provides you instant access to the membership fields and all contacts and members. Check out the video below on how to configure and use this spreadsheet.

NOTE: The current documentation points to an older version. Here's the latest version from Wild Apricot's github repository.

02/02/2018

VIDEO: Setting up a custom domain with Wild Apricot: what can go wrong?

Setting up custom domains in Wild Apricot can be tricky. If all goes well you're good, but what if you don't know where to start? This video will show you how to find your registrar, which domain name settings you need to update and some final steps on what you can do for a successful launch.

A short recap:

  1. Setup DNS records you must have access to your control panel (GoDaddy, Wix, 1and1, etc). Use reset password if necessary to get access.
  2. Use WHOIS to check the registrar if you don't know where your domain name is registered
  3. Login and adjust the DNS records as per the Wild Apricot docs. The A record is absolutely critical to successfully launch under your domain name. If the DKIM records are not set your email may end up in your members junkmail folder.
  4. Wait for an hour or two for DNS records to propogate.
  5. Go to Settings > Site > Domain Name Management and click the Check... button. You should see this. If not continue to check your DNS settings or wait a bit longer.

05 Custom Domain Settings Checked

 

Once verified, set your domain as the primary domain name.

Note that the From email address has changed. Make sure the From: and Reply to: email settings are set to a real mailbox that can send and receive emails. Your emails will be addressed by default with these settings! 05 From Email Settings

Send a test email campaign to check your email settings are correct.

02/01/2018

VIDEO: Beginner's Guide to CSS in Wild Apricot

Have you ever wanted to change the style of a gadget, a menu or hide a few elements in your event registration process? Is the Colors and Styles under Websites feature failing to help you? The key is understanding CSS, aka Cascading Style Sheets. This short video shows you how to inspect and experiment with CSS and apply a change in Wild Apricot. 

 

Delighting Customers With a Digital Workplace

Customer-first-© iQoncept-Fotolia_70871759_XS

At NewPath we like to ask this core question: What's the most important thing to a small business owner?

Your business idea, you say? An idea is great. But without customers, it really is just an idea. And the value of an idea is related directly to the ability to bring the idea successfully to customers. The better you execute, the better the idea.

Time, then? Time is an important aspect of running a business, but we all have the same amount of time. Without customers, you just have a lot of time on your hands.

Money? It has to be money! Money is important, no doubt. But happy customers pay you for your services or product. Money on its own won't grow without value being delivered to customers.

So what IS the most important thing for small business success? Your customer! A customer is by far the most important objective for a small business owner. Happy customers will pay money for your idea and tell you when they'd like it delivered. Businesses increase their chance of success when customers are the MOST important thing.

Customer-oriented technology - a case study

So what does the customer have to do with building a digital workplace? Everything! Today, people are changing how they find valuable information, and they’re looking for help to prioritize what steps they take to run a business.

Therefore, your digital workplace should be set up in a way that you’re providing this kind of information (online content), in a way that your prospective customers can find it (and you). The pre-sales and post-sales process has changed so that customers are doing more research long before they may ever interact with you directly.

Yet there’s a natural tension between putting technology in front of your processes and being truly customer focused. That’s why when choosing the right technology solutions for your business, it’s important to discern when your technology will enhance your customer relationships, and when it will get in their way.

For example, we mentioned a customer in our last newsletter who is working on becoming digital workplace in a customer-focused way. They are trying to automate a process that is very cumbersome and complex for their patients.

When a client needs a medical test, they need to fill out forms through a paper clerical process that involves a staff member to select the right form so the patient can fill them out by hand. Different information is needed for different tests, different forms are needed for different insurance companies, and patients also want to identify the best price for the tests they need.

As you can probably tell, this is all very time-consuming and means the clinic can only serve a limited number of patients. The system NewPath designed routes data to the necessary forms depending on which insurance they have, and generates an editable PDF for the clinic that can be digitally processed or uploaded to the clinic website.

The whole thing takes far less time, and is more accurate. Automating this data collection for the customer, and automatically generating the right set of forms depending on the condition is much more customer-friendly.

In this example of digital workplace transformation, our customer was looking at what the customer values. They understood how painful it was for their patients to look for and fill out all the different requisitions, and investigate which clinics took their insurance, etc. This process ensures the right information is sent to the right place, helping their client navigate a very complex healthcare system.

These technology solutions will also help our client scale their business and talk to more patients. We’ll talk more about the specifics of this project in a future article. If you’re curious about the tools we used, click these links to learn more about Formstack and WebMerge.

Delighting customers

In a digital workplace, a business uses cloud-based technology to deliver value to customers, ensure customer success, and manage their resources. They also use technology to help deliver their value proposition consistently, delighting customers and attracting prospects through digital marketing.

Let’s take a deeper look at these last three areas, beginning with consistent value proposition delivery. Right now, clients may have a different experience depending on how they interact with your business, and with whom, and also how you portray your business value, products and services.

When you use technology, you’re taking processes that are malleable and flexible, and creating an interface where clients can consistently get the same high level of service. For example, At NewPath we prefer to talk to our customers in short meetings on a regular basis to work through the issues in our projects, so we’ve created a consistent method to achieve this.

When customers want to book time with our director Alex Sirota, they access his online booking calendar, powered by Appointlet. Instead of having to go back and forth by email to find a mutually convenient time, Alex presents a digital interface that allows customers to choose a time that will work for both.

There are a consistent set of steps that occur every time they schedule a meeting. They choose their time zone, type of meeting, and preferred location (these preferences can be saved for future bookings).

Once they select a time, the underlying technology springs into action. The customer receives a confirmation with a calendar invite and a reminder before the meeting, all of which is totally automated and personalized.

Now let’s talk about the opposite of delighting customers, by using a not-so-delightful example we can all relate to: the automated phone system. You’re having an issue with one of your vendors so you dial customer service, and then various phone cues tell you which number to press for certain outcomes.

In the past we would have connected with a human voice, “How may I help you?” and that person would triage your call manually and connect you with the right person who could solve your problem. Today, customers are forced to do that routing ourselves, but if our problem doesn’t fit neatly into one of the options, it can be extremely frustrating.

So while these automated phone systems certainly make for a consistent experience, it’s definitely not delighting customers. Now with new advances in automation and artificial intelligence, there are some phone systems that you can speak to with natural phrases and it can translate those into its set menu items. In other cases, the system will identify your phone number and recognize you as a current customer to route your call accordingly. These are all steps in the right direction.

Another way companies are using digital to delight customers is by providing support via social media. They know customers are there already, and this may be the first place they go to talk about a problem they’re having with a company, product or service.

Some companies provide comprehensive social media groups on Facebook, online support materials or forums, which can be cost-saving as well. Others offer instant chat, or the option to have someone call you back instead of waiting on hold.

At NewPath one way we try to delight customers is with our customized video training sessions. Why not just send them to the support articles at Wild Apricot or our other vendors? The difference is that we train them on a particular sequence of things they need to know to reach their specific goals.

We also record these training sessions so our customers can review them later. We know that after the session when they try to replicate the steps, they may run into a bump or two. With the recording, they can re-watch the lesson as many times as they need to. Of course we’re always here for questions, but this empowers our customers to do more on their own and they tell us this is much appreciated.

We think there is a huge opportunity for service-based companies to do more video-based collaboration, training and support. It’s a way to delight customers, and can also save costs and time for you both.

Lastly, let’s look at attracting prospects through digital marketing. We find that the best way to do that is through content marketing and through building relationships with vendors that recommend our service.

How does being a digital workplace support your ability to distribute content? The first way is that you need to have a website built so that it allows you to categorize, structure, and publish content in a way that is optimized for the search engines. The second way is through email marketing, where you build a prospect list and keep in touch on a regular basis. We’ll talk about each of  these marketing efforts/tasks in detail in future articles.

Customer first, digital second

At NewPath we interact with customers primarily between email and
Zoom, and sometimes by phone. Internally, we use another channel called Slack that allows us to structure conversations around different customers and projects, but we haven’t given our customers access to that channel. We don’t want to superimpose our way of doing things onto our customers. If they hear about Slack and are interested, we will let them into Slack, but until then we’ll keep using the support channels our customers are used to.

Cloud

We think there is a place for digital transformation in every single part of your business: sales, accounting marketing, operations, HR, and client management. The caveat is that the transformation should be customer focused, not just an excuse to use an interesting digital tool. That’s why we suggest testing new solutions first with a subset of your customers, figuring out what really resonates and delivers value they have not experienced with anyone else.

If you have any questions about your own company’s digital transformation, feel free to get in touch, particularly around the implementation phase. We specialize in helping small businesses prioritize their digital transformation projects, and select and implement the right tools for the job.