UPDATE (May 17, 2018): Google has announced that their approach to labeling sites will become even stronger in September of this year. In version 69 of the Google Chrome browser, the default state for websites will be “secure,” so they will stop labeling secure sites as such. More critically, in October (with version 70), Google has announced that they will label Non-secure websites with a red warning label in the address bar:
Image courtesy Google
If you have not yet implemented SSL on your website, this is another important reminder that it is an important step to take for you and your website visitors!
Which would you rather have your visitors see when they get to your site?
Get Secure with an SSL Certificate on Your Website Today!
Back in 2014, Google called for “HTTPS Everywhere!”
Once recommended primarily for ecommerce and other transaction-based websites, implementing an SSL certificate on your website is more important than ever for ALL website owners! An SSL certificate will change all of the URLs in your website so they begin with “https://” rather than “http://.” That may seem like a minor change, but it is not merely cosmetic. To website visitors, the presence and correct implementation of an SSL certificate shows up in a couple of ways. First, the website address uses the https protocol rather than the http protocol. The “S” stands for “secure,” and modern browsers are increasingly adding visualizations to browsers so users can see at a glance whether or not a given website is indeed secure. Here are a few quick reasons to implement SSL:
- Google and other major search engines label sites as “Secure” and “Not Secure” in the browser
- SSL encrypts information to improve Cybersecurity
- SSL adds a layer of security protecting you from hackers
- SSL gives peace of mind to your customers and visitors
- SSL shows that you are a serious company that takes visitors’ security seriously
What’s Your Label?
Pressure from search engines — especially Google — for website owners to implement SSL Certificates has been growing for the past few years. In January of 2017, with the release of version 56 of the Chrome browser, Google began marking HTTP pages (as opposed to HTTPS pages) that collect passwords or credit cards as “non-secure.” This was merely the next step in Google’s long-term plan to mark all HTTP sites as non-secure. To see how a “non-secure” site is affected as of this writing, keep reading, and keep in mind that the current treatments are stricter and more obvious than they used to be. It’s expected that these labels will get even more prominent moving forward.
In the past we recommended SSL Certificates for clients operating e-commerce or other transaction-focused websites, but have expanded that recommendation to have ALL of our clients implement the technology as soon as possible. We’re here to help with that, but often we are asked questions about SSL basics. This post is designed to help you understand a bit about what an SSL Certificate is and why we are recommending them so strongly.
Whether you understand what an SSL certificate is or how it works, you probably encounter websites that do and do not have them every day. Recently, how you experience them as a user of the web has become more prominent, and that’s one of the main reasons that we are now promoting them so strongly to our clients.
What Does it Look Like? (as of early 2018)
Here are a few examples of how (secure) https URLs appear in various browsers. Note those nice, locked padlock icons in each address bar, giving the website visitor a level of comfort that the site has a layer of security in place for any data transferred.:
1. Google Chrome
3. MS Edge
HTTP: (not secure)
Now let’s take a look at what a (non-secure) http URL looks like in the same browsers. In addition to the missing lock, and “Secure” label, browsers are displaying drop-downs with warnings for the user (with the exception of Safari):
1. Google Chrome – “Your connection to this site is not secure…”
2. Firefox – “Connection is not secure…”
3. MS Edge – “Be careful here…”
4. Safari – Simpler, but no comforting locked padlock
Those are the kinds of warnings that might cause someone to “abandon ship” and move on to a competitor’s website. The browsers are clearly using a carrot-and-stick approach here, and they are promising to step up the pressure on both, with Google hinting at using a site’s secure status as a ranking factor while.
So Now What?
Implement an SSL Certificate.
An SSL Certificate is a small data file that digitally binds an organization’s details to a cryptographic key. SSL Certificates should be installed on web servers where they enable secure connections from a web server to a browser.
Implementing an SSL Certificate does not need to be a difficult or expensive endeavor, but the complexity and price is largely tied to which web host you use. Explore your options, or give us a shout to take care of it for you!
- Some web hosts offer SSL certificates for sale directly, but still require work on your part to implement them.
- Some web hosts offer SSL certificates and implementation services.
- There are low or no-cost certificates available as well, but not all hosts allow for their use, and they can be complicated to set up for a novice.
Good luck getting secure and if you feel lost, reach out! We are here to help.