In May of this year, we wrote about the Google’s gradual implementation of their website security crack down. It appears to be happening with the October release of the new version of the popular Chrome browser.
Thanks to a heads up from two of our vigilant clients, and this article from Wired, it appears the need for an SSL certificate on your website is nigh.
Our may article explains more, republished below in full.
In short, if your website has an online form of any kind, it is likely that users visiting your site via the updated Chrome will see this nasty warning in the address bar.
To quote Google:
” … we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
We also want remind you that we see SSL security as a search engine ranking signal if you need another reason to go https://.
Here is our original article:
Over the past few years Google has been increasingly factoring sites secured with SSL (Secure Sockets Layer) as a ranking signal. Google has the power to shape the internet how it feels is best for consumers and it can do this by influencing website development technical requirements and behaviour. If it wants a secure internet for users, it can influence this by rewarding websites that employ security measures.
We have watched this on our own site and have noticed measurable improvements in our own ranking testings.
Improved Google SERP (Search Engine Results Pages) rankings might not be the only reason you might need to think about SSL. In the latest releases of the Chrome Browser, Google is now showing any site that collects passwords or credit card details without an SSL certificate as being Not Secure and indicating this in the address bar. At present this is only occurring in Incognito Mode, but indications are it will be in Native Mode before the year is out.
To quote the Google Security Blog direct:
To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
What does this mean for you? If your website does not have an SSL certificate, you are likely being penalised in the Google Algorithm for search returns in favour of competitors that do. It also means that before too long, visitors to your site will see a visual warning that your site is not secure. This can be off putting for your customers and give an air of distrust.
What are SSL Certificates?
SSL (Secure Sockets Layer) provides an encrypted link between the web server and your visitors web browser. This protects all data passed between the two, protecting privacy and providing security. Without it, data between server and browser, including credit card details or passwords, can be intercepted and retrieved.
What kinds of certificates are there?
Previously SSL certificates were quite expensive and usually only a requirement for online stores taking credit card payments or for websites with account and personal information contained within. Nowadays there is a much more accessible range.
There are free SSL options:
Let’s Encrypt is free and auto-renews after 90 days, this means that the inconveniently short renewal period is handled, however the drawback is that they require a lot of server expertise to install them or a host that provides an installer. At this stage our hosting supplier does not, but we will keep you posted.
CloudFlare is a CDN (more about that in a future post) which provides a distributed server network to load websites more quickly and provide security layers. Additionally to making sites faster, they can also supply free SSL. We are currently trialling this, along with our site speed testing, and will be able to assist in setting up this in conjunction with site speed improvements.
There are Single Domain Certificates:
These are relatively inexpensive options that secure www.domainname.com.au, domainname.com.au, and mail.domainname.com.au. They are identified with the padlock on the browser and the https:// in the URL.
There are Wildcard Certificates:
These are more expensive but are used for websites with multiple subdomains, e.g. www.domainname.com.au, shop.domainname.com.au, support.domainname.com.au. Websites protected with this kind of certificate is identified on all domains with the browser padlock and the https:// in the URL.
Lastly, there are the Business Identity certificates:
These operate in the same way but are dedicated to the site owner, and provide a full green address bar with the signatory business name in the address bar. These are very expensive but provide the highest level of security, protection, and business validation.
We are going to be offering our clients a single domain certificate as an addition to our hosting packages and renewals. If you would like to secure your site, and protect your website and consumer confidence, among these changes, we can procure and install an SSL certificate that suits your site needs.