Peace of mind is perhaps the most important feature developers can offer their clients. All of the hard work that goes into creating a phenomenal user experience can be completely undone in the matter of an afternoon if important safety checks are ignored, compromising internet privacy.
Why is internet privacy a developer’s responsibility?
Even if your client doesn’t require website visitors to enter sensitive information, they could still be prone to hackers who prey on the lowest-hanging fruit of unprotected site components.
There are three simple safety precautions every developer should incorporate into a build to protect the internet privacy of their clients and their clients’ customers.
1. Install an SSL
Previously the best practice for ecommerce and large corporate websites, installing an SSL is now first on the must-do list when building a website for any reason.
Serving all site content securely over the https:// protocol ensures that information passed between the website and its server is encrypted and lets visitors know that the site is authentic and not an imposter created by hackers to snare private information (which used to happen in the pre-secure days).
The other reason installing an SSL is crucial to a site’s success is ranking.
Google’s Webmaster Guidelines include a section on SSL installation, meaning it’s a safe bet that search algorithms have been tweaked to penalize non-secure sites. This is true even of sites that don’t require users to enter any sensitive information. Plus, it’s just a bad look to have a questionable icon next to a URL in Chrome’s address bar instead of the green padlock.
Once you’ve installed the SSL for the site you’re developing, you can ensure that all of its content is being served securely by using a tool like whynopladlock.com. You’ll get a detailed report showing you which aspects of your site are secure and which aren’t (a mix of secure and insecure elements will yield a yellow ! icon in the address bar).
That way, you can start the process of cleaning up as soon as possible so your clients will have the peace of mind that comes with a green padlock.
2. Encode email addresses
You could potentially be opening up the floodgates for spam emails by publishing plaintext email addresses on your client’s site.
Plaintext emails can easily be scraped in the source code if not encrypted. And because email will still be the primary form of communication for many small businesses online, it’s crucial to take the extra precaution and use a WordPress plugin that will encode the email address in the source.
There are several plugin options — like Email Address Encoder — that you should explore to protect your email addresses and mailto links from “email-harvesting robots.” Sophisticated bots may still get through if they really try hard enough, but this simple step will act as a deterrent for the majority.
3. Register a private domain
The WHOIS database is public record for any well- or poorly-intentioned individual. And you can’t take that risk with your clients and their customers’ sensitive information.
Private domain registration costs comparatively pennies more (a couple bucks, if your clients want to get specific), and lets your client be in control of what information they choose to make public.
Instead of personal identifiers like name, address and phone number appearing in your WHOIS listing, contact information for your domain registrar will appear instead. Your clients can then feel safe publishing names and addresses on their secure site only.
You should always pitch this inexpensive additional service to your clients to protect their internet privacy.
Put safety first
It’s safety-first when it comes to building a complete website for clients.
With the increased importance search engines are placing on security, and the ever-evolving set of tricks spammers are using to scrape for sensitive information, don’t let your clients skimp on internet privacy measures.
These three tactics are just the tip of the iceberg for developers, but they’re mandatory in the fight to keep your clients one step ahead of threats and their customers 100-percent secure.
Also published on Medium.