By Tim Ware on Social Media Examiner
Published September 30, 2011
Heads up, page admins! As of October 1st, Facebook announced that any iFrame page tabs not hosted on a secure server under HTTPS will not be displayed to users browsing under HTTPS. This article will tell you what you need to do.
According to Facebook’s Cat Lee, ”The content will not be accessible for users with secure browsing turned on. There will be a page that states something close to: This app does not support secure browsing.”
To help page admins locate a budget-friendly and secure hosting solution for their page tabs, I did some digging and located some great hosting companies offering low-cost secure hosting solutions.
There are certainly others, and I have provided some guidelines for making the right hosting choice. I have also laid out some of the basics of hosting and security certificates.
In February, Facebook introduced the “Secure Browsing (HTTPS)” option. Since then, when browsing under HTTPS, any page tab content not hosted securely displays a popup with a warning that the page is not secure. Users have to click on the popup before viewing the tab content.
Page tab creators had the option of providing a “Secure Page URL” to display to HTTPS users. As of October 1, a secure URL is mandatory, and page tabs not hosted securely will no longer be displayed to users browsing under HTTPS.
When a web page is hosted on a server enabled with the SSL (Secure Socket Layer) protocol via a security certificate, content sent between a user’s browser and the server hosting the secure web page is encrypted, and no one can intercept confidential information such as credit card numbers, Social Security numbers or any other information you type into your browser.
All web hosting companies offer security certificates in most of their hosting plans, either a shared SLL certificate, where all sites on a single shared server are sharing a certificate, or a private SSL certificate, available to websites with a unique IP (web address). For Facebook page admins, the shared SSL is a low-cost and workable choice.
If all you need is an affordable option for hosting your page tab’s “index” page (the iFramed page you host yourself), you can consider plans that offer shared SSL on a shared server, which is the cheapest option. Although not a good choice for an e-commerce site, shared SSL is fine for meeting Facebook’s requirement for a securely hosted page. Beware file size restrictions on shared SSL!
In researching this article, I did notice that BlueHost and HostMonster (both owned by the same parent entity) put a file size restriction of 100KB for each embedded file on your page (images, audio, video, etc.) which would be far too restrictive for most iFrame page tabs. But I didn’t see this shared SSL restriction anywhere else.
The following hosting companies all offer low-cost hosting, and most include a shared SSL option. I did some informal polling on the HyperArts fan page and the following companies stood out.
Note: “Bandwidth” is the total amount of data transferred from the server each month and this number increases as your website is accessed more often; “disk space” is the total amount of storage space that is provided for the files associated with your site, including log files and MySQL databases (but not email).
DreamHost has been around for years and is generally well-regarded. However, DreamHost doesn’t offer shared SSL, and their phone support, which costs extra, is minimal.
BlueHost offers a full array of budget hosting options. Although they offer shared SSL, there is a file size limit on each page of 100KB per included file, and BlueHost warns that “any embedded data (images, audio clips, etc.) larger than 100KB will be truncated.” So this limitation may not work for you.
HostGator is a popular budget hosting company in Texas that’s been around since 2002. They offer several very low-cost hosting plans, including the “Hatchling” plan beginning at $3.96/mo. and the “Baby” plan for $6.36/mo.
Lunarpages, although it seems more geared to business-level hosting, does offer a “basic” low-cost hosting package, but no shared SSL.
InMotion Hosting is another popular hosting company that offers the full range of hosting services, including budget packages.
Although GoDaddy states that its primary business is domain registration, they have also become a popular hosting company, offering the full range of hosting options. Although I tend to like hosting companies whose primary business is hosting, GoDaddy seems to have a pretty good reputation. However, theydo not offer a shared SSL plan.
HostMonster, located in Utah, has been around since 1996. It appears that HostMonster and BlueHost are owned by same entity, although their prices and offerings differ. Like BlueHost, HostMonster offers shared SSL but has the 100KB file size limitation, which may be a non-starter for those considering this company. They offer just one hosting plan, with optional upgrades and add-ons.
When choosing a hosting company, the devil’s in the details. Here are some things you should consider:
For more about Facebook Secure Browsing (HTTPS), check out my earlier article on the HyperArts blog.
With many thanks to Tim Ware for a great in depth article that covers all points re SSL and Facebook Pages.