From January 2017, if your site is not protected by a security certificate (known as SSL), it will soon be marked as insecure for all visitors using the Google Chrome browser.
This may confuse site visitors who arrive at your website because they may think the message means that your website has been hacked, that it carries malicious code, or is in some other way not a desirable place to be. They could think that your site has some underlying security issue.
What is SSL?
SSL is a standard which establishes an encrypted link between your browser and a web site. It ensures that all data – not just credit card information or passwords etc. – all data passed between them remains private. It is currently used by millions of websites (such as banks) to protect online transactions with customers – you may have noticed websites whose addresses begin with https instead of the usual http. They may also display a little padlock in the browser address bar. This is to indicate that they are secured through the SSL standard, that they are certified as secure and that they are who they say they are. The site you are currently viewing has been secured in this way.
So why all the fuss?
Beginning in January 2017, we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
So Google believe that all pages on all websites should be secured to at least this standard – it is their attempt to create a more secure web. To this end, they are prepared to give sites secured in this way a boost in their rankings – a Google carrot if you like. But they will also expose sites not secured in this way as insecure using their own browser – Chrome. This is the stick. Whilst the motivation for this move is undeniably beneficial, it does leave website owners to arrange their own security.
What do I need to do?
You need to get an SSL certificate for your site! Normally, these are available through your site hosts (at a typical cost of around £50 for a basic one), and must be renewed annually – your host will set it up for you at their end. This does mean your overall web hosting costs will increase. However, there is a FREE alternative known as TLS which does the same job. Here the certificates are provided through an authority called Let’s Encrypt and they are sufficient to satisfy Google … at least for now. Sometimes you may be able to arrange this form of certificate through your host too, otherwise you’ll have to arrange them with Let’s Encrypt directly. That is part one of the equation.
Part two is that once the certificates have been set up you will need some alterations to your site to force it to use the SSL certificate. You will most likely need to contact your favourite web developer to get the necessary changes made to the code – it’s not a long job and it only needs to be done once, but without it people will still be able to access your site through the old http route and it will not be secure. It’s also a good idea to work through the site to ensure that any links to images, pages etc. all use the new standard – ie. begin with https rather than http – and alter any that don’t. This will prevent browsers such as Firefox complaining about ‘unsecured content’ on a page.
And finally …
Have a cup of coffee! Your site is secured, your visitors are noticeably more relaxed and Google loves you again. What’s not to like?