Google Mandates Secure Sites – HTTPS

It used to be that websites that were not taking payments online did not need an SSL certificate. After all, you weren’t transferring any confidential information, you were simply displaying text and graphics to your visitors. If you had an online store, you were strongly encouraged to use SSL to keep your customer’s data safe. But given the world we live in, this has changed.  According to Google, ALL websites, even if you are not collecting any information, must be secured.

By the end of this month, October 2017, Google has officially broadcasted, that websites using SSL certificates, would gain boosts in Google rankings to make small steps to keep everyone safe on the web. Google will not only penalize you for not having a secure site, it will soon publicly shame your credibility and label your site as unsecure. Some browsers, notably Firefox and Chrome (in incognito mode) are already doing this when displaying a login form. Google will make a much bigger deal about those sites without SSL. A red caution warning “Not Secure” will display next to the URL in Google Chrome browsers. What does this mean to you? It means it is time to add an SSL certificate to your website if you don’t already have one.

How can I tell I am visiting a site with SSL?

First of all, you can tell by your browser.  It will display the site URL as https://www.sitedomain.com.  Secondly, there is usually an icon or symbol in place (often in color green) such as a padlock that provides a safety signal.  Often, clicking on that icon will reveal information about the type of SSL that in place for further verification.

What is SSL?

Secure Socket Layer (SSL) is a security protocol that offers a degree of insurance and protection against hacks and malicious intrusion. Technically, SSL provides encryption of customer data.   Browsers see the SSL Certificate and secure URL structure to interpret that a website is “safe” and provide a degree of comfort to site visitors.  SSL is especially beneficial for first-time visits to an unknown site.  Site visitors can have a degree of confidence that in linking to a site, there will be no exposure to malware or other malicious content.  It also protects the data stream during a session, such as when on is entering credit card information or logging into a website with a password.

Why should HTTPS be used?

  • Unsecure sites make it simpler for hackers to intercept logins and or payment info, which could lead to fraud.
  • Quite simply your website rankings will be affected. Your search credibility will be penalized.
  • It protects your visitors, especially when sharing free Wi-Fi.

Is there any fine print from Google?

Yes. Having SSL alone is not sufficient.  The entire website must be fully encrypted, so it’s not something that one can deploy on the part of a site – for example, on a WooCommerce store, it has been common in the past to secure just the checkout and account pages and return to HTTP for all other pages.  No longer will that be an acceptable practice.

How much does SSL cost?

Installing an SSL certificate can be time consuming, and you must update it every year. Unlike domain names, there is not an auto-renewall process for SSL certificates. This means that the cost of running a website just went up at least $100 per year, regardless of who you host with. Blame the cyber-terrorists and hackers, not me.

Some hosts may provide a shared SSL at no cost. This means that multiple websites are using the same shared SSL. I do not recommend this approach, even if it is available to you.  You need your own certificate. Costs for SSL can vary and can be quite expensive. Plus, there is the potential for hidden expenses that can make the migration a hit on the budget.  The primary difference between a standard SSL certificate and an expensive one is the amount of insurance that it provides. If you are storing credit card information or social security numbers on your website (a really bad idea), then you should opt for an expensive SSL certificate. For most small businesses, a basic SSL certificate costing less that $100 is adequate.

How do I get one?

If you are a WebStores Ltd. customer, give us a call at 303-688-6560. We will purchase the certificate for you and install it and configure it to make sure it is working. The certificate will be good for one year. Let us know how you want to proceed.