Why Your Website Needs an SSL Certificate Right Now
BY ANTHONY AHN
Your Website May Be Marked as Insecure and Rank Lower on Search Engines
Starting in July 2018, Google Chrome, one of the world’s leading web browsers, have begun marking all web sites not using an SSL certificate as Not Secure. These “insecure” websites use the antiquated http:// protocol, and Google is trying to lead the push towards adopting the new https:// standard. This has been a popular topic of conversation this year. Headlines have ranged from the benign (A milestone for Chrome security: marking HTTP as “not secure”) to the sensational (Beware the looming Google Chrome HTTPS certificate apocalypse!)
This will be done automatically as Google Chrome updates from version 67 to 68. It will take some time for all Google Chrome users to make the update, but you can bet that by the end of 2018 most Chrome users will be using the new version and your website could be marked as insecure. You can also bet that other popular browsers (Mozilla Firefox, Microsoft Edge, Safari, Opera, etc) will quickly follow suit to avoid any perception that they’re dragging their feet on security.
What is SSL and what does this mean for me?
An insecure site in this context means that the data sent between you and the website’s server is transmitted unencrypted through the internet. This means that anyone motivated enough can see any information you send (through a form, for example) in plain text as it makes its way through the amalgam of servers and cables that make up the internet from your device to where the website is hosted.
SSL (or Secure Socket Layers) is a protocol that encrypts data sent from your browser before it is sent to your website’s server. The data, once received, is then decrypted and processed. By purchasing an SSL certificate, you receive a set of files to upload to your web server. You can think of these files as a secret handshake set up between your web server and the certificate issuing authority.
The truth is: Your website may not even need an SSL certificate. If your website is purely informational and doesn’t ask the user for any of their data, there is essentially no information to be compromised. If this is the case, as long as your website’s hosting and login information are using strong passwords and you are using strong security practices among yourself and your website administrators, your website is as secure as it needs to be.
Why you should still get one
- Perception – You should still get an SSL certificate for the principal reason that most web surfers do not know what “Not Secure” really means. They may see the words NOT SECURE prominently displayed in the browser bar and navigate away without a second thought. It’s not hard to imagine what this could do for your website traffic.
- SEO – Not only is Google leading the way towards universal adoption of https, they are also lowering the Google search ranking of websites not using this protocol. However, this is something they have been doing for some time now. So, as a general truth, websites not using an SSL certificate will rank lower than sites using an SSL certificate for similar search queries.
- Responsibility – Even if you have a contact form on your website asking for a user’s e-mail, it is simply just safe practice to encrypt this data before it makes its way to your web servers. You DO NOT want to have your user data compromised and have to deal with the consequences.
How do I know if I need one?
This one’s simple, do you see this handsome green lock in the browser URL bar when you go to your website. If you don’t, you need an SSL certificate.
How do I get one?
This one’s tricky and there is no one answer. Web hosting companies (Host Gator, GoDaddy, Bluehost, etc) all do things a bit differently. The best way to find out is to contact your web host and ask. If you are getting your domain name and web hosting through the same company, this should be a simple process because your host, your domain registrar, and the SSL certificate issuing authority are the same. In this case, your web hosting company should take care of installing the certificate with all the correct information. However, companies vary in terms of support capability, and we’ve seen cases where they haven’t.
If you get your domain name and hosting from different companies, this process is significantly more complicated, and will likely involve you acting as the liaison between the hosting company, the domain registrar, and the certificate issuing authority. This will involve you having to deliver the necessary information between these companies and probably lots of hours on the phone 🙁 with support staff.
Is that all?
Unfortunately, no. So, you installed your new SSL certificate, but don’t see your shiny, green lock in the URL bar? This is because your website still needs to route all URLs to the new https:// protocol. You may be lucky and your host has made the routing change for you. However, for the less fortunate, you need to tell your web server that http://www.yoursite.com is now https://www.yoursite.com. Again, the remedy to this varies based on your website’s framework (WordPress, Drupal, etc). There are too many configuration possibilities to go over here, so this is something you’d have to research on your own.
But won’t this be expensive?
Back in the day, SSL was an addition that only top-tier sites used. Why? It was expensive and not worth it for many website administrators. However, hosting companies follow very closely what Google does, and SSL certificate prices have gone down significantly in price as a result. Talk to your host regarding pricing for this. Please note that you do not have to get your SSL certificate through your web hosting company. There are third party SSL certificate issuing authorities that may offer better pricing; however, using a 3rd party will add levels of complexity during installation.
Luckily, you have a friend in Clark Concepts, who have been configuring SSL on websites for many, many years across many types of installations. We can even get on the phone with support staff and deal with all the nitty gritty. We do all this quickly and charge competitive prices. Contact us to get started.
Final Thought: Do It Now
As mentioned before, Google begun doing this in July. This means that your website could be marked as not secure very soon. As a result, you should act on this now and please let us know if you need help.