Tag

Security

Jan 15
0

Security and Username Updates

By | Feature / Release, Tech Update, Under the Hood | No Comments

As part of our ongoing effort to upgrade our systems and improve security, we have made a couple of significant updates that we wanted to share with you!

 

CMS Login Page

You have probably noticed that the Login screen to the CMS looks somewhat different than it used to. This change helps establish the foundation for us to improve security, add options for single-sign-on, and more efficiently integrate the tools we use across our platform to be consistent.

The CMS URL has not changed, but it will redirect to https://account.dealeron.com to log in, and then redirect back to https://cms.dealeron.com. This is similar to how if you go to gmail and are not logged in, it will redirect you to account.google.com briefly in order to sign in.

CMS Login Screen

 

 

 

 

 

Username Updates

If you have been logging in with a username (JoeDealer) instead of an email (joedealer@dealership.com), you will likely have seen a message when you log in to the CMS alerting you to upcoming changes:

CMS Username Alert

 

 

 

 

Since there is no longer a need for a single person to have multiple accounts, there has been an ongoing cleanup effort to remove duplicate usernames and email addresses. In cases where active users have more than one account, or there are multiple usernames tied to the same email address, we have reached out directly to resolve those accounts. At this point we have resolved most of the active duplicate email addresses and are reaching the end of this phase of the project. The last step is to convert all usernames into an email format.

If you are not already using an email address to login, you will need to update your account. You can either do this immediately, or wait until your next 90 day password reset. If you run into any issues while updating, your support team will be able to help you get back in action!

 

Nov 30
0

Coming Soon – Platform-wide Support of HTTPS

By | Feature / Release | No Comments

This is a friendly reminder that we are in the process of updating our platform to serve all sites from HTTPS instead of HTTP. We are looking to have this update complete by the end of 2016. Please be assured that we are doing everything in our power to make this transition as smooth as possible to ensure your content continues to display without errors. Read on for more information, and please don’t hesitate to contact us at 877-543-4200, Option 1 with any questions.

Over the last several months, our IT and Development teams have been collaborating on a large initiative to improve overall website performance across our platform. In short, we have been migrating websites to a faster, more robust and secure environment that also helps with website ranking on the search engines. As early as 2014, many web browsers have stopped supporting many features served over HTTP, with more and more restrictions expected by end of 2016. DealerOn has been working on several projects to be able to route traffic securely and stay ahead of these advances. Not only will this allow the sites to be more secure and build more trust from a consumer perspective, but according to Google, secure (HTTPS) websites will receive ranking preference over non secure (HTTP) websites.

Throughout this process we have worked closely with our third party partners to ensure a smooth transition with minimal impact to websites, however, there are a few potential conflicts that may occur on sites with this move that we want to make sure you’re aware of.

HTTP iframe on HTTPS site (meaning the iframed URL starts with “HTTP” instead of “HTTPS”)

Conflict: The iframe is blocked and the part of the page where the iframe appears will be blank. Users can manually choose to load the frame in all browsers, but it will not show by default in any browser.

Solution: Update iframes URLs to use HTTPS protocol.

Example of Conflict:

http-iframe

HTTP-hosted images and content on HTTPS site (this only applies to images/content not uploaded through our CMS)

Conflict: The images will load, but the page may display some errors.

Solution: Update images and content to HTTPS to avoid errors and possible negative impact of serving non-secure content on a secure site.

Example of Conflict:

http-image

Non-HTTPS Active Content (scripts, iframes, fonts, CSS, Ajax)

Issue: Once the switch to HTTPS is complete, all browsers will block non-HTTPS active content (scripts, iframes, fonts, CSS, AJAX) on secure sites, and you’ll see warnings or errors for non-HTTPS passive content like images and videos.

Solution: All content should be HTTPS wherever possible. Some custom scripts may need to be adjusted to work properly when the update is made.

Example of Conflict:

http-script

Read more about the value of HTTPS:

How Does This Affect SEO and Site Speed?

Using a CDN to serve assets creates a faster, better user experience for your customers.  While using a CDN should be a no-brainer for Site Speed and customer experience, the one potential pitfall is that if it is not implemented according to Google’s best practices, it can have a negative SEO impact.  Content is served from servers close to dealers or their customers. This will make sites faster to people and crawlers, making sites rank higher in Google and other search engines. The mistake that many providers make is hosting your images on a URL different from your domain. If the CDN is set up in that way, Google may not credit the image content to your website’s pages for their algorithm, because they are hosted on a different domain/url.  By making the changes that we are recommending you will get the benefit of much faster websites, AND the full SEO value of all of your images, pictures, and other digital assets.

 Read more about SEO value and site speed: