Thursday, August 02, 2018

3 Updates Your Author Website Needs Now

By Laurie Dennison, @lauriedennison

Part of The Writer's Life Series

A current, dynamic author website is a crucial tool for connecting with readers. An effective online presence does more than just promote your books and events—it builds your audience by showing your personality, experience, and engagement. If you’re an indie author selling books directly through your website, professionalism is imperative.

(Jami Gold talks about using your author website as your distribution method here)

Whether sellingbooks or services directly or using buy buttons linked to retailers, we all want our websites to represent us well.With the frequent changes in online tech, updating your author website regularly means more than just generating new content. Two major changes in 2018 impact all websites, with direct implications for authors: the release of Google Chrome 68 and GDPR. With three simple updates, your website will present your brand and books professionally whileprotecting your online assets.

1. Maximize Website Security

With the release of Google Chrome 68 in July 2018, Chrome marks all HTTP sites as “not secure”. Chrome is the most used internet browser, and other browsers are expected to follow suit.

HTTP (HyperText Transfer Protocol) refers to the procedure for exchanging information on the internet. Information can be easily intercepted in HTTP, and to protect that information, administrators developed HTTPS (HyperText Transfer Protocol Secure). Sites using HTTPS encrypt information using an SSL (Secure-Socket Layer).

What does this mean for your author website?

If your website uses HTTP, this is how the change affects you:

In Chrome 68, the omnibox displays “Not secure” for all HTTP pages.

No one wants their website to show users a “Not secure” message, but for authors selling books directly, this could be a huge impact for sales. Google currently boosts the search rankings of sites using HTTPS over HTTP. If your site uses HTTP and you’ve noticed a decrease in traffic, these ranking shifts may already be impacting your site.

How do I know if my site uses HTTP or HTTPS?

Visit your website. If your author site uses HTTPS, you’ll see a green lock and the word “Secure” in the browser’s omnibox, followed by the letters “https” in green. You don’t need to make any changes—your website is secured with an SSL Certificate.

If your website shows an “i” or “Not secure” in grey, your site uses HTTP.

How can I make my site secure?

If you have a third-party webmaster who manages your site, contact them and ask for SSL encryption. While some users pay a webmaster to handle technical issues, most of us keep our costs down by managing our own sites. If this is your situation, you’ll need to add an SSL Certificate to your site and migrate from HTTP to HTTPS. How to do this depends on your hosting provider and domain registrar.

If your website uses Squarespace, Wix, Weebly, or Blogger, SSL encryption is included with your hosting.If it’s not active, HTTPS probably wasn’t the default when your site was built. All you need to do is enable SSL or HTTPS in your site settings. These providers should include simple, specific instructions in their help or support centers at the links included.

If your site uses WordPress with a third-party hosting provider and domain registrar, the process has a few more steps. Providers like Bluehost, HostGator, and DreamHost all include SSL Certificates in their basic packages. If you use one of these providers but your site uses HTTP, you’ll start by enabling the SSL through the hosting provider using the links included. GoDaddy  still charges for SSL with all of their basic hosting packages, meaning you’ll start by purchasing an SSL Certificate through their dashboard.

Next, you’ll install the SSL Certificate on your site. Your hosting provider should provide detailed directions for this process, too.With the SSL installed, now you’ll need to migrate your site from HTTP to HTTPS. This is where things get more complicated. I highly recommend backing up your site before you begin and using a staging environment to test these changes before pushing them to your live site.

Every page and post on your site will need to change from HTTP to HTTPS, but that’s not all. Every internal link, including photos, documents, videos, or any other media item in the WordPress media library, will all have to be adjusted. Then you’ll need redirects from HTTP to HTTPS to ensure all your users land on the updated pages. Experienced developers can handle this process directly, but for most users, a WordPress plugin like Real Simple SSL can handle both of these processes.

When your migration is complete, you’ll also need to update your Google Search Console if applicable, create a new sitemap, and change any inbound links to your site from social media profiles or other websites you manage.

2. Establish a Privacy Policy

Using HTTPS is a good first step to improve a user’s experience on your site, but you’re not finished yet. With the implementation of GDPR in May of 2018, site owners now face higher standards for how they use and collect data. GDPR, or the General Data Protection Regulation, establishes the rights of European Union citizens to know what personal data websites collect about them, how that data is used, and what steps the site owner has taken to ensure their security and privacy. Even if you aren’t based in the EU, if EU citizens can access your site, you bear responsibility for compliance. GDPR targets businesses, but if you sell books or anything else through your site, or if your site is monetized using ads, it fits the description of “economic activity”. The fines for noncompliance are steep, and taking steps to ensure your compliance protects you and your site users.

What should my privacy policy include?

I cannot provide you with legal advice, and if you have an e-commerce site or use your site as a source of income, I encourage you to seek legal counsel regarding GDPR. With that caveat, let’s look at creating a privacy policy to give users the best experience possible on your site.

First, you’ll need to determine exactly what data your site collects from users. Do you use any kind of analytics to track site traffic? Is that data anonymized, or does it contain personally identifying information? Does your site use tracking cookies? Do you or your content management system have a method for users to sign in to your site? What about a contact form or newsletter sign-up? Most authors will answer yes to at least one of those questions. And if you sell anything through your site, you’re likely also collecting more sensitive information for billing purposes. How do you store that information, and how long do you keep it?

Once you’ve evaluated what data you’re collecting, ensure that you have a method to export or delete that information for users if requested. For WordPress users, the May 2018 update included these procedures. You can find the them under Tools>Export or Erase Personal Data. But it’s important to remember many third-party plugins also collect data, including form builders. Most form builders have added a feature to integrate the export and delete process with WordPress, but you’ll need to enable that functionality. For Wix users, you’ll find the export and delete features in the Content Manager under the Filter menu item. Squarespace offers options to turn off tracking cookies, and their export and delete functions are specific to the build of your site. Weebly users currently must contact Weebly for any export or deletion requests.

A basic privacy policy includes:
  • The Website Name and URL
  • What Data this Site Collects (Including information about tracking cookies)
  • How Data is Stored (Including where and for how long)
  • What Data is Used For
  • How Data is Shared
  • Security Procedures (Including SSL if applicable)
  • Contact Information

Check through your website’s content management system for the procedure to add a privacy policy. Many providers have also included templates to help you get started. In WordPress, you can find this in the dashboard under Settings>Privacy. Once you’ve added a page and published your policy, be sure to provide a link in the footer of your site.

3. Evaluate Your E-mail Collection Process

Now that you’ve established your privacy policy, let’s take a closer look at the specific collection of user emails. If you allow users to subscribe to your blog by email or send any type of email updates or newsletters to users, another stipulation in GDPR also applies to you.

GDPR says you must obtain consent before using personal information, and the consent must be freely given, specific, informed, and unambiguous. A newsletter sign-up form can no longer include just a box for an email address and a submit button. Subscribers should also check a box giving explicit consent for the use of their email, including an agreement to the privacy policy. These boxes cannot be checked by default—the user must actively check the box. Many providers also recommend including a double opt-in policy, requiring a user to confirm that choice again through email. Mailchimp and Constant Contact both have the tools necessary to comply with the new regulations.

These three updates require a little work up front, but your author website will benefit from the professional edge and heading off issues with user privacy long term.

Have you added an SSL and created a privacy policy for your author website? What do you wish you’d known before you started?

Laurie Dennison is a writer, editor, and website coordinator. In addition to her own writing, Laurie is an editor and internet consultant at The Editor Garden, founded with the goal of cultivating craft through community. Based in Florida, Laurie loves helping others improve their writing and engagement in the community.

Website  | The Editor Garden | EFA Profile | Twitter  | Instagram


  1. Thank you so much for this tutorial as to how to get my author's website up to date. I appreciate your help so much. I think I am now all set!

    1. You are welcome! I'm glad it was helpful!

  2. Terrific information.

    BTW, this site shows: "Not Secure".

    1. Ironic, I know (grin). I haven't had a chance to put Laurie's advice to work yet, but I will.

  3. Laurie,

    I switched over to https last year, and my site says my certificate is valid and no longer shows as "not secure." But it still has the circle-i rather than the green lock. I suspect that's because of a plugin that's not operating on https or something like that.

    Do you know of any way to dig into what makes an https site still insecure? Thanks!

    1. It could be a plugin issue. You can try disabling your plugins to test, but I recommend using a staging environment for that, or you could end up with additional issues.

      Most commonly this is an issue with mixed scripts, meaning the page contains links or resources that are reading as not secure. Images, CSS, or Javascript files could be the culprits--you'll want to check the links on each page.

      Other reasons could be an expired SSL certificate or a configuration issue. Sometimes it takes a bit of trial and error to find the problem.

    2. Ah, ha! Perfect advice! :)

      Yes, some of the pages on my site have the green and some -- the ones with my sidebar -- don't, so it must be a link there. Thank you!!!

    3. P.S. Got the problem fixed. :) And I talked to my tech guy afterward, and he said I could have used to check for what's preventing a green lock on our pages. Just thought you might like to know about the tool (if you didn't already).

    4. Thanks, Jami! I'm glad you were able to take care of it.

  4. This comment has been removed by the author.

  5. Thank you Laurie for this great post. I've been saving it until I had time to make the changes. Thought I'd pass my experience at making my site meet the new security requirements.

    My website Mystic.Coffee has always had an SSL and should show up as secure, but it didn't. The url indicated 'Not Secure'. My domain host is GoDaddy so I had a little chat with an agent and we determined that my SSL was in good shape, but I now needed to download a plugin to my site. It's called WP Force SSL By Kostas Vrouvas and I found it by doing a search on my WP Plugins page. Easy peasy.

    One more thing though, which is very important. On, on your Settings page you have the option to change your WP and Site address from http:// to https:// This was also easy and seemed to do the trick.
    Thought I'd pass this.