There’s been a little buzz, and frankly some people freaking out over Facebook’s plan to force all fan pages to be secured by October 1, 2011. As of this writing, that leaves us fan page owners about a month to prepare. According to Facebook:
As the web evolves, expectations around security change. For example, HTTPS — once a technology used primarily on banking and e-commerce sites — is now becoming the norm for any web app that stores user information. We feel that HTTPS is an essential option to protect the security of Facebook accounts, and since Apps on Facebook are an important part of the site, support for HTTPS in your app is critical to ensure user security.
Just a quick look at the comments shows that this sweeping – and unstoppable – change is not being taken well by a lot of developers and fan page owners. Myself, I feel that forcing developers to secure fan pages that are displaying basic content with a fan gate, video and images is a little over the top.
The effects of this is that every single fan page on Facebook – whether they use free tab apps, custom code, Fanpage Connect Free or Pro – all of them have to be secured. So the bottom line is, whatever your feelings on the upcoming change, it’s really beside the point. It’s going to happen. So what can you – or what must you – do about it?
As of right now, you havedayshoursminsec
Until Facebook flips the switch and requires all fan pages to be secure. Are you ready? Let’s see what securing your fan pages means, and more importantly, what it’ll cost you. It’s not as bad as you think!
What is SSL?
SSL stands for Secure Socket Layer. Basically, it’s the technology whereby a user’s browser and your server talk to each other using encrypted data. This makes it much harder (not impossible) for hackers and other nasty people to get personal data.
To secure your site, your server needs to have a secure certificate installed, either shared by your host (works for a lot of domains), or a single certificate for your site/domain only.
If you’re going to be using a single site certificate, then you’ll also need a dedicated IP address for your site.
Shared SSL vs. Standard/Dedicated SSL
Shared SSL can be provided by your web host and generally doesn’t take too much work to get going, and is typically no additional cost. Basically, your host will give you an additional domain/URL that lets you access your site securely, like yourWebSite.yourHostsSecureURL.com. While the URL is ugly, it’ll work, especially if you’re pages will be inside Facebook’s iFrames.
The downside to shared SSL is that WordPress doesn’t play well with it, and while your web host may provide shared SSL, it might not work on your blog. If it does work, then you’ll still need an extra WordPress plugin to make it work well – but we’ll get to that in a minute.
As an example, we use IX Web Hosting for some of my sites, and their shared SSL is working very well with our fan pages. Our shared SSL URL is: fanpageconnectdemo.c9.ixwebhosting.com (wow that’s ugly) and you can see that our Fan Gate example works pretty well. However, we’ve had some reports that other hosts’ shared SSL doesn’t work so well with WordPress.
Standard SSL will most likely be the solution for most fan page owners and developers. To secure your site, you’d need to A) buy a secure certificate, B) get a dedicated IP, and C) have your host install your secure certificate. All in all, the process is not overly hard.
Ok, So How Much is This Going to Cost?!
This is what’s been freaking people out, and really it’s not bad. Seriously! How much are you paying for hosting – 7, 8, 10 dollars per month? Typically, a dedicated IP address will cost you an extra $4 per month. That’s less than one grande latte per month. One of our hosting accounts, IX, costs about 8 bucks a month, and we get 15 dedicated IPs. That’s a great deal.
Ok, so let’s talk SSL certificates. Right now, GoDaddy has a sale on secure certificates: $12.99 for a 1 year certificate. So that’s what, three lattes? For a whole year?
Usually, SSL certs aren’t that cheap and they normally run about $89 per year per domain. Ok, so now we’re up to about $7.50 per month. And if any cost is too much, then StartSSL.com has SSL certs free for one year!
So while your costs might go up somewhat to market your product or company, it definitely won’t be breaking the bank. In fact, it’s really more of a nuisance to do the the work of securing your fan pages.
How Will This Affect My Fan Pages, or Pages I Create for Clients?
If you’re creating fan pages for your clients on their own domains, then your options are pretty clear – your client will need to purchase a secure certificate and get their site secured. Of course, you can help them secure their site gratis, have them purchase the secure cert through your affiliate link, or handle the whole thing and pass the charges on to them.
Now, if you’re hosting the pages, you may consider securing one domain and host all the pages there. In that case, you could just run the pages on the site and manage them yourself, or set up WordPress Network (the subdirectory install would only require one certificate) and let your clients manage their own pages.
The bottom line is that it shouldn’t impact your fan page business at all. When you consider the cost of setting up fan pages (we’ve seen upwards of $700 for a single page) compared to the cost of a dedicated IP and SSL certificate, one client would more than take care of the additional costs!
So What’s the Next Step in Securing My Fan Page?
If you don’t have good hosting, then you’ll need that first. Here are just the links and some info I pulled up from some basic research:
StartSSL.com – free, 1 year secure certificates.
GoDaddy (hosting/secure certificates) – $12.99 certificate sale, reregularly $69.99/year.
IX Web Hosting – Their Unlimited Pro plan is $7.95/month and comes with 15 dedicated IPs. You can also use Shared SSL, which is confirmed working with WordPress HTTPS.
DreamHost – $15 secure certificates, a dedicated IP, and hosting at $8.95/month
Securing Your Facebook Applications
However you secure your fan page, either by Shared SSL or your own secure certificate, you’ll need to make the appropriate change in your Facebook Applications. To do this, head over to the Facebook Developer App. Once there, you’ll need to edit your application’s settings.
In the settings, you would need to add the link to your newly secured fan page URL in the Secure Canvas URL and Secure Page Tab URL. In this case, you can see I’m using Shared SSL:
That’s it – your fan pages are now secure!
What Else You’ll Need
If you’re fortunate enough to be able to use Shared SSL, then you’ll absolutely need to download and install the WordPress HTTPS plugin. This is the plugin that will actually force WordPress to play nice with Shared SSL and also make sure that any graphics or other content is secure.
Even if you’re using dedicated SSL, I’d suggest using this plugin. Otherwise you’ll chase away fans if they start seeing warnings like this:
These warnings will pop up if any content on your page – scripts, theme files, images, etc are sourced unsecurely. WordPress HTTPS makes absolutely sure that all your site files are sourced securely.
Test Your Pages
Even having WordPress HTTPS installed, you’ll want to test your fan pages to make sure all your content is secure. Normally, this involves viewing the source code of your page, searching for “http:”. However, we developed a plugin that’ll do all that for you: Fanpage HTTPS Test.
This handy little plugin will chew through your fan page and highlight any unsecured content – forms, on-page links, images, everything. It’ll also show you a list of those unsecure elements with a click of a button.
Using Fanpage HTTPS Test
Simply install Fanpage HTTPS Test either by FTP or through Plugin > Add New in your dashboard. It’ll work for both free and pro versions of Fanpage Connect. When you enable it, you can view your fan page, and a button “Test My Site’s SSL” will be displayed. Click it and you’ll see all unsecure items get highlighted and another button will show “View Report”.
When you’re done testing your page for unsecured content, simply disable the plugin.
So, to Recap…
So we know that Facebook’s going to require you to secure all your fan pages by October 1, 2011. But now we also know that it’s not the soul crushing catastrophe that some users are claiming it’ll be. With a little bit of research, a handy WordPress plugin, and minor elbow grease, your fan page can be secured well ahead of the deadline.
If you have any additional suggestions, hosting or secure certificate links, be sire to leave them in the comments!
- Fanpage Connect is Live!
- Version 1.4.1 Released – minor updates, more fonts!
- Fanpage Connect 1.1 is Available!
- How to Create Your Fan Page Reveal Tab
- Fanpage Connect Version 1.3.1 is Available!