Every customer would like to see their support ticket resolved as fast as possible. When contacting our support team you should include as much relevant information as possible. By doing this our support team will be able to solve your issue and give you a reply faster.
We offer VIP support for all Pro Premium and Enterprise web hosting or as an add on service for any other service or product we offer.
1. Check knowledgebase and run diagnose
The first thing you should do when experiencing any issues with one of our services, is to check the knowledgebase for solutions. If you do not find the answer there, you can run a diagnose via the client portal. This will give you information on any issues with your services.
2. Use descriptive title
If you did not find the solution to your problem in the knowledgebase or by running a diagnose, you should contact our support team.
The first information we receive regarding your problem is the title of your problem. Please try and describe the problem as clearly and precise as possible. Using titles as “Help! Everything is offline” or “Important!!!!” gives us no information on what the problem is regarding.
Use titles such as “Outgoing email is not working for any accounts” or “Disc space is full”. These titles will give our support team essential information on what the problem is regarding from the beginning.
3. Only give us information related to the issue
At times clients gives our support team an extreme amount of information when contacting us. Remember that the more unrelated information you give us, the more information our support team will need to read through and the longer time it takes them before they can start working on the issue.
In other words, the more information related to the issue, less time is spent scanning for relevant information.
Here are some examples of relevant information you should let us know:
What domain name is the problem regarding
Which service (website, email, DNS, database) is the problem regarding
Here are examples of relevant information you should include when you have issues regarding email:
Is webmail working?
Which email client are you using?
Which operative system are you using?
Is the issue regarding incoming-, outgoing email or both?
Is the issue regarding one specific email account or all the email accounts?
If the issue is only concerning one account, please state the account.
Have you received any error messages? What is the content of these?
4. Grant access and permission
To solve an issue our support team will often need to reproduce the issue. This requires a form for login. You should therefore give us access to the account if it is required to reproduce the issue or to solve the issue.
Sometimes it may be necessary to change configuration or the account to solve the issue. If you already know this when contacting us, you should give our support team permission to execute these actions. You will then save the time spent with us asking you for permission and waiting for your reply.
5. Use the same support ticket when updating your issue
If you need to update your support ticket with more information, you should use the same ticket code. If you send us a new support ticket, our support team will spend time collecting information from different support tickets regarding the same issue.
In case you have solved your issue before you have received an answer from us, we always appreciate if you update your support ticket so we can close it.
6. Priority support
All our Premium and Enterprise web hosting has VIP support included and will have priority support. You can easily upgrade your web hosting from Pro Start or Pro Medium if you would like to have the benefits of Pro Premium web hosting. Alternatively you can order VIP support as an add on service for any other service or product we offer for only 3€ per month. VIP support cover all services and products in your account.
When you have an issue with your web hosting or any other service at PRO ISP you should always check our knowledgebase first. If you do not find the solution to your problem here, try running a diagnose.
If you are still experiencing the issue, you can contact our support team via email, live chat and phone. Please provide relevant information, give us access and permissions to give our support team all the tools they need to solve your issue in one reply.
We include VIP support for all Pro Premium and Enterprise web hosting or as an add on service for any other service or product we offer.
LiteSpeed webserver (LSWS) is a webserver with extremely good performance compared to other webservers. LiteSpeed can replace Apache without one having to do any changes to the configuration file for the installation.
LiteSpeed cache plugin
If your installation is located on a server that is running LiteSpeed, you can use powerful plugins from LiteSpeed that will ensure full optimization and caching of your website. There are modules created for WordPress, Joomla, OpenCart, Drupal 8 and several of the popular CMS systems. At PRO ISP LiteSpeed is free to use if you have Pro Medium, Pro Premium or Enterprise web hosting.
LiteSpeed cache for WordPress is one of those powerful plugins available when on LiteSpeed server. The plugin offers optimization of your website, with cache, optimization of scripts and pictures. One of the best benefits of using LiteSpeed Cache plugin is that you can optimize your website with just a few clicks.
When you have installed and activated the plugin, standard configuration will be active, and you will be able to see the four first options under “Settings”. Normally you will not need to change any of these.
Tab #5 – WooCommerce will only be visible if you already have WooCommerce active.
As soon as you active the plugin, the optimization will begin, and standard cache will be activated. To see other settings, select “Show advanced options”. A selection of 12 tabs will appear (thirteen if you have WooCommerce installed).
Optimize (tab #5)
Optimize contains Minify, combining and HTTP/2-push of scripts and is important when optimizing a website. In short terms it removes any unnecessary code, comments and combine CSS and JS files, resulting in fewer request for your visitors.
With the changes mentioned under this section, we had good results from GTMetrix.
This is the results before the Optimize function was activated (cache was already activated).
This is the results after the Optimize function was activated.
If you are not sure which settings to select, we recommend activating CSS Minify, CSS HTTP/2-push, JS Minify, JS HTTP/2-push. Activating CSS Combine, JS Combine can result in scripts and CSS failing.
After you have activated any options or made any changes in the plugin, you should check that your website is working as normal. If you are experiencing problems with the Combine function, but still want to activate this one, you should check out “How to fix problems caused by CSS/JS optimization“.
When activating HTML Minify the source code will not be easy to read should you need to later. All code will be “pressed together” to save resources. It is still recommended to activate this one. Under the same function you will see Inline CSS Minify and Inline JS Minify. These will remove any spacing, sections and comments in all CSS- and/or JS-files.
Load CSS Asynchronously is a function that will make sure CSS and HTML are loaded simultaneously. As a standard CSS is always loaded first so the website will be displayed correctly as soon as it loads. By activating Load CSS Asynchronously, the website will load faster but could give your visitors a bad impression since they will be able to see your website without images and CSS for a second. We therefore recommend you also activate Generate Critical CSS. This will connect to LiteSpeed’s Critical CSS server which will insert the necessary CSS, so your visitors will not see a lesser version of your website. We also recommend to activate Generate Critical CSS in the Background which makes sure the website is loaded automatically in the background and caches ready for when a visitor will want to see the website as fast as possible, without errors.
Load JS Deferred will make sure all scripts are loaded according the HTML-code. Activate this and test your website. If you are experiencing any errors, you should activate Exclude JQuery and try again.
The final option in Optimize is “Remove Comments” meaning comments or scripts typically deactivated by */ or //. These will automatically be removed in the cached version of the website and can in many cases contribute to faster load.
The settings in the Optimize tab can make a big difference to increase the speed for your website. When activated. this function will replace any other plugins (for example Autooptimize) within minify-options.
Tuning (tab #6)
Combined CSS Priority and Combined JS Priority only needs to be activated if you are experiencing problems with your design after activating the options from Optimize.
Remove Query String makes sure a website with different possible strings behind the URL is ignored and only the website shown is cached.
An example could be:
Without Remove Query Strings all these sites will be cached even though it’s the same site as the visitor is currently on. When activating Remove Query String, they are ignored, and resources are saved since only exampledomain.org/product/ball is cached. You can read more about this and see examples on LiteSpeed’s blog.
If you are using Google Fonts, you can load these quicker by connecting to Google servers before the actual load of the website starts. Use Load Google Fonts Asynchronously. Remove Google Font will remove any external fonts loaded from Google. If you are unsure if you need these options, you can check your website after activating and see if it works better.
We will not be looking into rules/excludes as this is highly advanced.
Remove WordPress Emoji will reduce the number of requests from your website. We recommend this since you can use standard emojis if needed.
Media (tab #7)
We will leave Lazy Load Images remain inactivated since this is a function you alone should consider if you need. Perhaps not everyone will need this, but it will save resources when it comes to loading the website, but remember you need to satisfy both visitors and search engines.
Optimize Automatically we recommend activating as this will activate optimization of your images. We also recommend activating Optimization Cron, Optimize Original Images, Optimize WebP Versions, Optimize Losslessly and Image WebP Replacement.
After activating these, you can click “Image optimization” under the options for LiteSpeed. You will have an overview of how much space you have saved and a que of how many images being optimized.
As an example, we have uploaded an image of 1,4MB which was already optimized by a third party, after a few minutes of processing in the background, I got an 8% less image file size. With standard settings you will not see any noticeable changes to the image.
CDN (tab #8)
In this tab we will insert CloudFlare’s API at the bottom of the page, since the website is using CloudFlare nameservers. If you are not using CloudFlare (or any other CDN) you can ignore this. You do not necessarily need CDN if your target group is in Norway and you are located on a Norwegian server. CloudFlare has many other interesting functions included in our web hosting. If you are expecting a lot of tragic from abroad, you should use this.
Regarding Load JQuery Remotely you should only activate this is your visitors are from other countries than Norway since both Google and Cdjns can retrieve this from foreign servers. Analytics sites will also consider this as external requests.
In short terms this is a function within cache, displaying different cached websites for different roles (guest, admin). We recommend activating this in addition to Cache Admin Bar and Cache Comment Form.
Vary Group settings do not need to be altered, unless you have a web shop with different prices displayed according to role (for example retailers seeing different prices than private parties).
Advanced (tab #10)
The only option we are going to activate is Browser Cache with a TTL of 1296000. You can also leave the standard values as is. Browser Cache stores logo, images and fonts locally on visitor’s units so they will not need to load this every time they visit the website or any other of your links. Most static files that is rarely altered will be stored. TTL do not need too be to high as you will sometimes change the content. Anything from one day in seconds to one month is fine.
We will not be looking into Object Cache as this is highly advanced.
Debug (tab #11)
If you suspect any errors on your website is caused by LiteSpeed, you can activate “Disable All Features”, store and then check your website (remember to deactivate after).
In this tab you can also alter how much information is logged. You can deactivate ADMIN-AJAX by deactivating “Heartbeat”. You should not do this unless you have a valid reason.
Crawler (tab #12)
Currently only Enterprise servers have this function available, so we will leave this out of the article. If you are interested, please contact us and we will help you select the best web hosting.
In this tab we have activated all options and left Product Update Interval remain on “Purge Product on changes to the quantity or stock status. Purge categories only when stock status changes.”
* You will only see this if you have the web shop module WooCommerce installed and activated.
If you wish to be located to a LiteSpeed webserver please follow instructions in “Change web hosting server”. If you wish to upgrade in order to move to a LiteSpeed webserver please follow instructions in “Upgrade services”.
Fake emails are one of the biggest security threats online against private individuals and companies. Behind these emails are scammers trying to steal your personal information to abuse this. In a survey conducted by Intel Security, 80% of people cannot identify phishing emails.
What is a fake email and what is phishing?
A fake email is a type of fraud. Most of the times so called phishing is used. Phishing is a term for digital spying or “fishing” for sensitive information, such as passwords or credit card information.
A phishing email will try to cheat the receiver into believing the sender of the email is someone else. The email will contain logo and other elements to give the impression its a serious and genuine email. It will encourage you to click the links in the email. These links will lead to what may appear as a serious website, such as Google, DNB or any other companies we deem as secure and trustworthy. In reality you have now accessed a fake website created by the scammers, who will have access to any information you enter on the website.
As much as 95% of all attacks on company’s networks are the result of a successful spear phishing attack (an advanced and targeted form of phishing often directed towards companies) according to Networkworld.
There are several precautions you can do in order to avoid being a victim to fake emails and phishing, as a person and a company. An advanced and sophisticated spam filter is the first line of defense since this will stop many of the fake emails. All our web hosting includes spam filter. If you have Pro Premium hosting you also have access to SpamExperts, which is a more advanced and accurate spam filter.
Since the human factor is the weakest link when it comes to this problem, the most important measure you can do is get yourself (and your employees) familiar with some guidelines:
Do not trust senders name
One of the most used tactics for fake emails is abusing the senders name. Do not trust the senders name, but also check the email address as well. If it seems suspicious, do not open the email.
Look, but do not click
If the email contains links, hover the mouse over these to check where they lead but do not click. If the link appears suspicious, do not click them.
Check for spelling mistakes
Companies and organizations are meticulous with their emails. Serious emails normally do not have spelling mistakes or poor language.
Analyze the subject
If the email is addressed to “Dear client” it could be a sign of a fake email. Companies and organizations normally use a greeting including at least the first name of the client.
Do not give out personal information
Banks and companies with access to sensitive information will never ask you to provide this information via email.
The use of “urgent” or any threatening language in the subject
Giving the impression the email is urgent or using fear is a tactic often used in phishing emails.
Check the signature
Lack of details regarding the sender and how you can contact the company is often a sign of phishing. Serious companies will always include their contact information.
Do not open attachments
Fake emails often include attachments with malware. If you open this it can destroy files on your computer, steal your passwords or even spy on you without your knowledge. Do not open attachments you did not expect to receive.
These fake emails have become highly sophisticated. Even though an email has the company’s logo, correct spelling and appears to be a valid email, this does not mean it is. Be skeptical and if you find an email to be suspicious, do not open it.
The importance of maintaining security online is nothing new. Many people tend to only think about security when visiting a website, but as an owner of a website, no matter what the type of website it, you need to think about security. Informational websites, blogs, online newspaper, web shop or any other.
Security is important for you as an owner of the website, and for those visiting and using the website. In this article we will take a closer look at how to maintain basic security and what needs to be done if an incident occurs.
Security on your website involves:
It should be safe for everyone to visit the website
The website should not be infected with malicious code that may infect visitors
The website should not forward visitors to any websites with malicious code
Information exchanged between visitors and website/server should not be accessible to anyone unauthorized
The topic is comprehensive and one article cannot cover it all, but we will focus on the most important; It should be safe to visit your website!
Make sure the website is not/cannot be infected
When a website is available online it poses a potential target for hackers. A hacker is not necessarily a man in a black hood in a dark basement. In most cases a hacker is an automated “Bot” (robot). These “bots” are constantly scanning known and unknown websites for vulnerabilities to exploit. Vulnerabilities exist in the code running, directly or in add-ons such as plugins.
A classic example is a website created in WordPress, with a theme and a few plugins installed. Since WordPress is quite popular it is also popular to search for vulnerabilities in this type of installation. If a hacker can successfully infect 1 website, they can potentially do the same to thousands of websites.
The motive behind infecting a website may include; a hacker might want to spread their message, send spam from your account, collect sensitive information from visitors, forward visitors to other insidious websites, use the resources of the account for other attacks and so on. All of the mentioned is of course something you want to avoid. In general, it is rarely you directly, they are targeting.
Checklist to avoid having your website infected
Everything must be updated, always Since WordPress (and other similar systems) is popular, when vulnerabilities are found, improvements are made and updates released. It is important to update when new ones are released. As soon as a vulnerability is detected and known, it is only a matter of time before the websites not updated will be attacked. The same goes for anything installed on the system. As we mentioned in our example, we have a theme and plugins running. These can also contain vulnerabilities and developers release updates correcting this. It’s therefore important to keep both theme and plugins updated as well as the installation itself.
Anything not being used on the hosting should be removed
Any theme or plugins not being used should be deleted/removed. Even if you deactivate a plugin or a theme everything is not actually gone. Files are often left and can potentially be abused. This means; only what is necessary to keep the website running optimal should be openly accessible. Anything else must be deleted or moved to an unreachable area.
Use captcha for forms
Forms; contact forms, order forms and similar must be secure so they cannot be completed automatically. The “bots” we mentioned before can also be used to abuse forms, when available and send spam from website/account. This will affect the visitors in two ways:
1. Resources for the hosting can be used for this, preventing visitors from loading the website.
2. Causing abuse of such a magnitude that the account will be suspended to avoid further issues. Suspension means the website will be offline and not available for visitors. All forms where visitors can fill in information, should have an extra check. Captcha is the most common (and recommended) check for this.
Password must be secure
A secure password is long and composed by numbers, small and uppercase letters and other characters. Long password can also be sentences or phrases with random numbers/letters more easy to remember. Password is used on our client portal, hosting, email and the website/installation. The password used the most is also the most vulnerable. You should change password at least a few times each year. You should never use the same password several places.
Implement extra security wherever its possible
For many CMS (WordPress/Joomla/Drupal) special plugins are developed focus solely on security. Check what needs you have and install what you think is best for your website and needs. There are several decent free options, but if you have a larger website with heavy traffic it can be worth paying for the extra security. Sucuri (sucuri.net) provides a free plugin as well as a paid version and is known for value for money.
Make sure to always have a backup of your content
You should always make sure to have a backup of your content. All of our clients have access to the best solution in the market for backup. At PRO ISP you have access directly to your backup via the control panel (cPanel). Backup is performed once each day of all the content and is kept for 30 days. In addition to the backup solution with PRO ISP we recommend always having an external backup. Once each month or once each quarter, depending on how critical it is and how many changes you are willing to lose.
Website has been infected, what to do?
What if the damage has already been done? What if your account has been suspended by PRO ISP? This can happen to anyone and most people experience it as unfair.
All hosting companies operate the same way when it comes to hosting; several hosting share resources on the same server. To illustrate, imagine the server as a hotel and the clients account as hotel rooms in the hotel.
When a hosting company detects resources being abused, this must be stopped to avoid it affecting the other clients in the same hotel. Imagine a hotel room with so many visitors that no other guest can get in or out of their room. The room creating the problem will have to be closed to avoid this. Its not always an account will be shut down, but if signs of hacking/abuse is noticed we can notify directly.
The most important in such cases is; follow the instructions given and ask for tips/advice/guidance if you are unsure.
If we detect hacking/abuse, and either give notice or suspend the account, we always give instructions on what needs to be done.
In most cases the hacking is so recent you can use a backup included in the hosting. The procedure is easy:
Delete content on hosting related to the website.
Restore content from a date before hacking/abuse occurred (if you are unsure, use the oldest backup available)
Review all the mentioned measures above to prevent further hacking/abuse. Update everything, secure all forms, change all passwords and implement extra security
If you do what is recommended and follow this you are as secure as possible. Both you as the owner of the website, the visitors, and we who serve the website form our servers will be happy.
Secure information between visitors and server (SSL certificate)
Security certificate is becoming more and more relevant to discuss, and highly useful when it comes to security for websites. We have previously had articles about “SSL certificate- How to chose the right one” and how larger suppliers are planning to force more and better use of this to maintain security online (“Google warns: Secure your website”). Now it is about to get a little technical but we will need to explain some technical stuff:
SSL* is an encryption protocol, or a set of rules telling a server/client (website and visitors) how encryption of the data will be executed. The encryption is the process of making something unreadable or incomprehensible to others.
* In reality TLS is used, but SSL and SSL certificates are used in everyday speech so therefore also in this article.
The end goal for SSL is to make sure the visitor, and the server/website, will be able to read the data sent between these two parties. It is therefore essential when personal and sensitive data is exchanged, such as phone number, username, password, e-mail addresses, credit card information and similar; because we do NOT want this information seen by others.
In order to enable this encryption we use “keys”. When the visitor and a server/website have the same kind of “key”, only they can read, and encrypt the information. An SSL certificate is a certificate confirming the ownership of the “keys”, and that they are authentic and valid. How thorough this confirmation is, depends on the certificate, read more about it in “SSL certificate – How to choose the right one”. In short terms the certificate confirms it has been issued by a valid issuer, for the website visited, and its validation for this. As a visitor, you can see this by the green padlock in the address field and that the browser reports the website as secure.
As mentioned in “Google warns: Secure your website” encryption of information is highly relevant since it will be a demand soon. You can of course avoid using SSL certificates, but visitors of the website will be receiving a warning when entering your website. This warning can compare to shouting at your customers: “I do not care about security”. If you have not made the transition from http to https the time is definitely now!
Du you have any questions?
In the beginning of the article we mentioned security is a quite large topic and cannot be covered in one single article. Still, follow the advises given, and be more aware of security you will have come a long way already.
Did you read the article and is left with many questions? Do you want some guidance? Please, do not hesitate to contact us.
Security for websites are undergoing major changes. The extent of these changes is comprehensive and will affect all websites using HTTP:
The implementation of the changes has been done gradually and the “final” date has been changed several times, but according to Google (8th of Febuary 2018) you will need to make your website secure by the beginning of July. If you still have a website using HTTP after this your visitors will see this when using Chrome:
HTTP has been used for many years, but has a major flaw. All data transfered via HTTP can be stolen or manipulated because it’s not secured.
HTTPS is secured and ensures all data transferred is encrypted and protected. We can therefore understand why web browsers now will require the use of HTTPS as standard.
The data is not only protected and encrypted but using HTTPS will give up to 5% increased visibility in search engines and more options for your mobile website. HTTPS also enables the use of HTTP/2 which provides 20-30% faster page load compared to HTTP.
How do I get HTTPS?
In order to get HTTPS your website needs to have an SSL certificate. Choosing the correct SSL certificate can be confusing. We recommend reading “SSL certificate – how to choose the right one”. Please do not hesitate to contact us and we will help you choosing the right SSL certificate for your website.
Symantec is one of the worlds leading certificate authority (CA) and have now entered a collaboration with DigiCert. Fall of 2017 the two partnered to form the worlds leading CA.
If you haven’t heard the exciting news, Symantec, the world’s foremost Certificate Authority, is now powered by DigiCert, another industry titan. This past Fall, Symantec and DigiCert went into business together and formed the most powerful Certificate Authority in the world.
We know you’ve probably got a lot of questions. So here’s a quick explanation of why this happened, what to expect and when you’ll start to see changes.
The world’s most powerful CA
Symantec’s new partnership with DigiCert truly is a perfect match—the two CAs are a perfect complement for one another. Now Symantec’s premium security offerings, powerful add-ons and unmistakable recognition will be undergirded by DigiCert’s industry-best validation practices and mechanisms, along with its universally trusted PKI.
Customers can expect to see:
The same great Symantec and DigiCert products
Streamlined validation that cuts days off issuance
A universally trusted PKI
Continued trusted status from browsers
The latest encryption and hashing algorithms
Why did Symantec and DigiCert merge?
Symantec and Google had been negotiating for months regarding issues with Symantec’s PKI. After coming to an agreement on a fix, Symantec sold its SSL and PKI division to DigiCert in exchange for $950-million. Symantec also now has a 30% stake in DigiCert.
What does this partnership accomplish?
In the interim, it will keep all of Symantec’s currently issued digital certificates trusted. In the long run? The two companies will slowly merge, identifying the strength of each and using them to build a new, more efficient CA. The new PKI system is expected to go-live on December 1, 2017. This means all new, reissued, or renewed SSL certificates issued after December 1, 2017 will be publicly trusted across all browsers.
Your Action is Required
In order for this transition to work as smoothly as possible, you may need to re-validate and re-issue your SSL certificates from DigiCert’s new PKI. Don’t worry, we will guide you seamlessly through this industry transition. This process will be quick and painless, and most important: FREE. All impacted customers will receive detailed instructions via email about how-to re-issue your SSL certificate.
The re-issue process will take place in multiple phases. There is a strategy behind this transition and when to re-issue your SSL certificate based on the issue date, expiration date, and browser timeline. The start date for re-issuing your SSL certificates is after December 1, 2017.
If your SSL Certificate was issued before June 1, 2016, you have until March 15, 2018 to re-issue your SSL certificate.
If your SSL Certificate was issued after June 1, 2016 you have until September 13, 2018 to re-issue your SSL certificate.
Here is a visual representation of the upcoming dates:
We’re here to help!
As always, if you have any questions or concerns regarding this transition, feel free to contact us.
The demand for SSL certificates have been increasing rapidly the last couple of years. The reason for this is most likely because security have become more important as there are continuously new cases of hacking and cyber-attacks. Google and the web browser community have also contributed to the increasing demand. Not having an SSL certificate will cause a warning to appear for the user in the web browser. Here at PRO ISP we receive daily inquiries regarding SSL and the most common questions are:
SSL certificates are used to create a secure connection so that the information being sent cannot be monitored or altered by anyone. In other words, it ensures safe communication. On a website with SSL certificate, the URL will contain an S so it will say https:// instead of just http://.
SSL certificates are not only used for web servers, but for any type of service where secure communication is required (email, FTP for example). However, it’s mostly on websites that you will notice the use of SSL due to the visible indicators to increase end user trust and confidence in the browser. We will elaborate more about this later.
SSL certificates also have another function. The certificates are issued by certificate authorities (CAs). These issuers have a set of rules to follow for when a certificate can be issued – in the same way as there are rules for issuing passports or driver’s license.
There are currently 3 levels of validation for SSL certificates and each level have higher requirements than the previous level. The requirements verify control and ownership of the domain. Each level is meant to provide increased trust for the client that you are who you say you are. As each level require more information to be verified the price is usually higher for each level.
The easiest certificate to get issued is domain validated certificate. This certificate only verifies that you control the domain, which can be done via email, DNS and file. This part is done automatically for all our clients who order certificates for web hosting at PRO ISP. All our web hosting includes a free Basic SSL certificate which is a domain validated certificate. This only takes a few second to issue.
This is how a DV certificate will look in a web browser:
Site seal is not included for the free certificate, but is included in all the other certificates. You can however add a site seal to your free Basic SSL, which is cheaper than purchasing a SSL certificate. If you are wondering how a site seal looks on a website, look on the bottom at proisp.eu. Clicking the site seal will provide more information about the website and what is verified. Site seal is used to show visitors the owner of the website has secured the website and show what has been verified by a third party. This increases the chances for the first-time visitors to more quickly establish enough trust to the website so they may contact you or make a purchase. The site seal included with certificates typically contain more information the higher level they are, as well as being more expensive. The site seal for proisp.eu is one of the ones with most verified information as well as issued from the worlds most recognized brand when it comes to security online.
Paid certificates have a warranty covered by the issuer if the certificates have been issued to someone performing fraud and issuer should have known about. Visitors of the website is covered by this warranty. The warranty is another way to ensure the visitor to have trust in the website.
About 5% of our clients are denied Basic SSL by the certificate issuer due to information on the domain, domain name or contact information seeming suspicious. In these cases, a manual review is required by the issuer and you will need to purchase a SSL certificate instead.
2. Organization validation (OV)
Organization validated certificates must in addition to domain validation also validate the information regarding the organization/company. Private parties can therefore not purchase these. Required documentation is that the organization:
Own/operate the domain
Operates from the correct address
Can be contacted through public available contact information
In a web browser the URL will look the same for OV as DV certificate, but the visitor can check which organization and address the certificate has been issued to, as shown below.
The site seal for OV certificates contains more information (company name), the warranties are higher and there are some available extra functions such as malware and PCI scanning. As there is more to verify for OV it usually takes the issuer around 1-2 days from order to the certificate is issued. This is also reflected on the price.
3. Extended validation (EV)
EV SSL certificate requires the highest level of validation before being issued. Basically, most of the same information as OV certificates but the difference is there are fewer approved sources as well as the validation process is more thorough and more documentation is required. Compared to OV certificate there is overall more to validate on each check point. The most visible difference is seen in the web browser. This is how our URL is seen in the web browser:
You can clearly see who is the owner of the website as the company name is shown next to the URL.
Since there is more to validate for the certificate issuer it usually takes 2-7 days to issue EV SSL certificates. These certificates are normally the most expensive.
What do I need SSL certificate for?
In today’s society with increased focus on protection of privacy and security, secure communication is essential to maintain both.
Higher ranking in search engines Search engines have added SSL as a part of their algorithm ranking and it is estimated websites with SSL have about 5% better results than websites without.
Faster loading websites Web browsers have chosen to support the new HTTP/2 protocol when using SSL/TLS only. HTTP/2 can reduce the loading time with 20-30%. All our web hosting supports HTTP/2, but only when you have an SSL certificate your website will use HTTP/2 instead of the older HTTP/1.1 protocol.
Avoid warnings in the web browser Web browsers shows a warning that the website is not secure when inserting data into a form and the website is not using SSL. In the future a warning will be shown for all websites not using SSL.
Increase conversions A conversion is a visitor performing a desired action on your website. This could be a purchase, registration or anything else. All paid SSL certificates contain many benefits to increase conversions, such as site seal, warranty, malware scan and increased visibility in search engines. These benefits will help increase the trust for your website while showing your customers you are serious about security.
Company name visible in web browser EV SSL certificate clearly shows the owner of the website and that it has been validated from a secure third party. A message to show you have been through the most thorough check and give you the highest level of trust with your customers.
Which SSL certificate should I choose?
Which SSL certificate is the right one for you will depend on what kind of website you have and how it is used. Some have several domains and websites with different needs and therefore may need many different certificates.
Generally, we recommend you consider who your visitors are and what you want them to do. These questions should be answered:
To what extent does users notice if the website is secure?
How much will it mean for the visitors to see the website is secure?
Will indicators showing that the website is secure, or to show who you say you are, increase trust for your website and its visitors?
Will increased trust to your website increase the likelihood of visitors doing as you want them to?
If the visitors will not notice it the website is secure, and it will not increase the likelihood of visitors doing as you want them to, you do not need more than our free SSL certificate or Start SSL (RapidSSL). Even though it may not matter much, it would not be negative to add a site seal included in the certificate on your website.
Typically, simple blogs with personal information or simple websites with few pages. To avoid warnings in the future that the website is not secure it is a minimum requirement to use SSL. Since there is no need for increased trust there is no need to pay for a certificate unless the free Basic SSL could not be issued.
A small website with information about the company and a contact form could have different need for SSL. Depending on what type of clients (IT and security related versus non IT related such as carpenters for example) we have different recommendations.
If you want a certificate for alias domains on the same web hosting you will need to use a multi-domain certificate for these. This also applies to other sub domains and domains pointing to the same folder on the web server. Read more about SSL certificates that covers more than one address.
Please follow and like us:
SSL certificate not to be used for website
SSL certificate not to be used for websites are often used for email services. They are also used for other services such as FTP, APIs/apps and other services that require SSL. They have in common that they only need the security SSL provides. It is therefore no need for a higher-level certificate than DV certificate.
Since you can only use basic SSL with our web hosting, you will in most cases need a DV certificate (such as Start SSL) which covers one domain.
If you have several sub domains on the same domain you wish to use for such services, we recommend you use Start SSL Plus.
Our servers have been upgraded to cPanel version 64. Within this upgrade there are several new functions available (read about them in this article). Another new function available is iOS push notifications for email on devices from Apple. This has been tested and can be found on all our cPanel servers at PRO ISP.
This technology will improve the battery time for your iOS device and receive email quicker.
This technology is only available if email is set up using IMAP. If you are using POP3 this will not work. This is also only available for Apple’s email application.
New emails will not automatically show on the screen when the unit is locked. You can adjust the settings to receive warnings when specific people send you email. Follow these steps:
1. Open Mail application.
2. Choose “Mailboxes” on the top left corner.
3. Choose “I” symbol to the right of the VIP menu.
4. In the VIP list choose “Add VIP”.
5. Choose which of your contacts to be shown on the locked screen when you receive email from them.
During the next few weeks cPanel will be updated to cPanel version 64 on all of our servers. These updates are done a few times each year after they are tested and available. Since updates contains several different things we have written about the most important ones for our customers.
Fast Email Searching (IMAP Full Text Search)
This technology (Solr) will be activated on all our servers and will work for everyone using email with IMAP at PRO ISP. The technology works on all iOS units, Microsoft Outlook, Mozilla Thunderbird and all the webmail clients we have available.
How does it work?
When searching for an email with text or other the server will index the entire email account. The first time the search will be somewhat slow, but all future searches will be much faster compared to before as the account was indexed earlier.
This technology will require more resources from the server (CPU and disk space). This will not affect the disk space for our clients, but directly on the server.
A new icon will be available in the control panel to give an overview of the number of emails and disk space for the different email accounts. It will also be possible to tidy up the email accounts using these options:
– Remove all emails older than 1 year in a folder
– Remove all emails in a folder over 30MB
– Remove all emails in a folder
Look for the icon “Email Disk Usage” under the category “Email”.
Improvements will be made on a server level for the email servers as well. Mainly sending/receiving email will be faster as well as reducing the battery usage of iOS units.
New styles (white/black)
Several of our customers have changed to Paper Lantern theme in the control panel. Now white and black is available for anyone wanting to use this.
The most important and highly requested updated this time is phpMyAdmin which will be updated from version 4.0.10 to 4.6.6. The current version (4.0.10) was released in 2013 and the new in 2017. In the future new versions will be released more often.
SSL proxy subdomains
It will now be possible to use your own SSL on proxy subdomains (for example webmail.yourdomain.net/cpanel.yourdomain.net). If you have a wildcard SSL certificate you can install this on the subdomains in cPanel.
Within the zone editor it is now possible to add DMARC records within the interface instead of manually.
If you have web hosting with PRO ISP it is not only the website you should consider making secure when it comes to SSL. You are most likely using email and other services you are not aware of should use SSL. This is especially important if there are many users of these services. Wildcard SSL certificates will the best choice in this case. The following addresses are useful to secure with SSL on our web hosting (in addition to the website itself):
You can connect to http://webmail.exampledomain.org without any problem unsecured, but we recommend you always use https instead with the alternate address you have been given (which is a bit more difficult to remember). The benefit of SSL on webmail.exampledomain.org is that you can use this address with https and it is easier to remember for all the email users on the domain.
This address is used typically in email clients as host name when setting up email addresses. If you do not have a certificate on this address users will receive a warning regarding the SSL certificate not being the same as the address. The warning will not appear if you have installed a valid SSL certificate and you will avoid any confusion for the email users. Be however aware you may just as well use exampledomain.org as host name in the email client. The reason why many still use mail.exampledomain.org is probably because the address traditionally has been used for this.
This is the address you can log into cPanel with. If you do not have a certificate on this address we recommend you always use https instead for the alternative address you have been given. The benefit of SSL on cpanel.exampledomain.org is that you can use the address with https and it is easy to remember.
Many people use this address for FTP (up-/downloading of files) service. Several FTP clients are now using SSL/TLS automatically and these will show a warning for the error on the certificate unless you are using your own certificate.For many of the addresses above it is not possible to install a certificate for each address. There is however a type of SSL certificate that covers most of the addresses above and that cPanel sets up to secure all the addresses with: Wildcard SSL certificate.This certificate will secure all sub domains of the domain the certificate is issued for and will in the example above be *.exampledomain.org. You will in other words be able to use it for all the addresses above, as well as other sub domains you create, for example webshop.exampledomain.org.
When should you consider using Wildcard SSL certificate?
We would recommend this in two cases:
If you have several sub domains you wish to secure, as it will be easier to operate fewer certificates, and cheaper then several certificates.
If you have several users for webmail, email clients, cPanel or FTP as you will not have confusing errors and you can use easier addresses to reach the services.
Be aware there are not any Wildcard certificates for EV certificates.
Multi-domain SSL certificate
As the name indicates, multi-domain certificates can secure several addresses. Typically, it will secure a total of 3 or more addresses with the option to purchase more. The benefit of this certificate versus the wildcard certificate is that you can purchase several domains and sub domains on the same certificate. For example, you can secure the following in one certificate:
You can normally secure up to 100 different wildcard addresses in one certificate (even more in some cases).
When should you consider using multi-domain SSL certificate?
We would recommend this in the following cases:
The same recommendations for wildcard if there are a few sub domains to be secured.
cPanel prevents the installation of more than one certificate on domains and sub domains pointing to the same folder on the webserver. Typically, our clients have this problem when using alias domains where they would use mycompanyname.no, mycompanyname.com, mycompanyname.se all pointing to the same holder. You will then need to use a multi-domain certificate to secure these domains – if not it is only possible to secure one of them.
When you want to secure several (sub)domains with an EV certificate:
If you are in full control and have a clear overview of your domains this certificate would be practical. In many cases we however see there are issues with issuing, reissuing and renewal if you have many domains on one certificate. The reason could be errors in the information registered on one domain, a configuration that has been altered or other issues that causes delays.
Due to this we recommend you avoid use of a multi-domain certificate unless you:
Have full control and a good overview of the domains.
Do not have any problems with several addresses pointing to the same folder on the web server.
You don’t have many sub-domains
There are wildcard multi-domain SSL certificates as well!