Search the Community
Showing results for tags 'security'.
Found 2 results
I think it is way too easy for an existing user to change his/her banking details on your website. There should be some way perhaps via sms or email to just make sure it is the user himself that is doing the banking detail update. Just to improve the security.
Guest posted a topic in Selling on bidorbuyAs part of bidorbuy's migration to HTTPS/SSL we will stop the listing of trades with non-secure image links (i.e. an image uses a http:// URL) effective from 1st October 2017. No action is required if you upload directly to bidorbuy servers, feed products into bidorbuy through uAfrica or if you already use HTTPS image links. If you are unsure what HTTPS means and why you need it, read Does My Site Need HTTPS? Immediate action is required if your images are served from non HTTP-links. The document provides some guidance and in most cases your hosting provider will be able to assist you. Web-browsers will make HTTP pages as "Not secure" All browsers will start marking websites using HTTP:// as "Not secure" towards the end of 2017. Google Chrome version 62 for example will show the following in the address-bar when accessing a HTTP page: To ensure that your products will continue to be featured and rank high in searches, it is absolutely necessary that all your product images are served via HTTPS. How do I know if I am affected? Take any of your trade-item URLs and change the "http://" to "https://" - if your browser shows a "Connection is Not Secure" or a warning message, then you need to take action as soon as possible. Example of an insecure trade (which will be blocked from 1st October 2017): Example of a secure trade (this is how your trade item should display in the browser right now): If you self-host: SSL Certificates are free when using Let's Encrypt If you host your products and images on your own domain, you should change to SSL as soon as possible. With the upcoming Google Chrome changes in November 2017, any website not using HTTPS will be marked as insecure which will certainly have a negative impact on your SEO and will create uncertainty with your customers (who want's to shop on an insecure site). This means that all your content (images, scripts, CSS etc) need to be served via HTTPS. Switching to SSL/HTTPS is nowadays fairly easy as any decent hosting provider will support the trusted and free Let's Encrypt service. The Let's Encrypt service will automatically renew your free SSL certificate every 90 days and enabling SSL is typically just a click within CPANEL or can be done through your hosting provider. In most cases you will have to update your product descriptions to change HTTP:// URLs to HTTPS://. If you are running WordPress, you can follow a SSL migration tutorial to migrate your site. Free Photobucket blocks embedding images into 3rd party sites Since early July 2017, Photobucket has blocked 3rd party hosting of images on their free accounts. Your trade images will not display on 3rd party websites and will show a warning image instead: If you choose to upgrade to a paid Photobucket account you will still need to ensure that all your image links are HTTPS://. You are also able to migrate your Photobucket images to AWS, but this will require some effort and relisting of trades. IMPORTANT: If you use 3rd party providers (Flickr, imgur, Dropbox, Github etc) ensure that those providers offer secure image hosting and that their plans provide sufficient bandwidth for images to continue displaying securely. Choosing an unreliable image hosting provider could result in thumbnails to display place-holder images if your provider is down or you exceeded their cap when we tried to fetch and create thumbnails from your hosted images. What will happen if I don't migrate to HTTPS? We will disable the listing/relisting of any trades containing non-secure links. Insecure links will be removed when a trade is displayed (insecure image links will show a dummy-/placeholder image instead). I am not tech savvy - who can help? Your first port of call should be your hosting provider. If your hosting provider does not support Let's Encrypt it is probably time to look for another provider. At bidorbuy we also have 3rd party providers who can assist you with a paid migration/professional services and we can provide you with contact details should you require paid migration assistance.