There’s been a little buzz, and frankly some people freaking out over Facebook’s plan to force all fan pages to be secured by October 1, 2011. As of this writing, that leaves us fan page owners about a month to prepare. According to Facebook:
As the web evolves, expectations around security change. For example, HTTPS — once a technology used primarily on banking and e-commerce sites — is now becoming the norm for any web app that stores user information. We feel that HTTPS is an essential option to protect the security of Facebook accounts, and since Apps on Facebook are an important part of the site, support for HTTPS in your app is critical to ensure user security.
Just a quick look at the comments shows that this sweeping – and unstoppable – change is not being taken well by a lot of developers and fan page owners. Myself, I feel that forcing developers to secure fan pages that are displaying basic content with a fan gate, video and images is a little over the top.
The effects of this is that every single fan page on Facebook – whether they use free tab apps, custom code, Fanpage Connect Free or Pro – all of them have to be secured. So the bottom line is, whatever your feelings on the upcoming change, it’s really beside the point. It’s going to happen. So what can you – or what must you – do about it?
As of right now, you have
Until Facebook flips the switch and requires all fan pages to be secure. Are you ready? Let’s see what securing your fan pages means, and more importantly, what it’ll cost you. It’s not as bad as you think!
What is SSL?
SSL stands for Secure Socket Layer. Basically, it’s the technology whereby a user’s browser and your server talk to each other using encrypted data. This makes it much harder (not impossible) for hackers and other nasty people to get personal data.
To secure your site, your server needs to have a secure certificate installed, either shared by your host (works for a lot of domains), or a single certificate for your site/domain only.
If you’re going to be using a single site certificate, then you’ll also need a dedicated IP address for your site.
Shared SSL vs. Standard/Dedicated SSL
Shared SSL can be provided by your web host and generally doesn’t take too much work to get going, and is typically no additional cost. Basically, your host will give you an additional domain/URL that lets you access your site securely, like yourWebSite.yourHostsSecureURL.com. While the URL is ugly, it’ll work, especially if you’re pages will be inside Facebook’s iFrames.
The downside to shared SSL is that WordPress doesn’t play well with it, and while your web host may provide shared SSL, it might not work on your blog. If it does work, then you’ll still need an extra WordPress plugin to make it work well – but we’ll get to that in a minute.