If your website is not secure (using http instead of https) unless you act fairly quickly, there is trouble ahead! From October if your site has an input form Google will mark it as ‘not secure’, possibly in red on the browser bar. This may well be a deterrent for potential clients and damage your brand. Google have also said that secure sites will be upgraded in their search results, effectively downgrading sites without security certificates, and they want all websites to install SSL certificates quickly. Whether you agree with Google or not is irrelevant because in this case, ‘might is right’.
What is a Security Certificate/SSL?
SSL is a Secure Sockets Layer and is the standard technology for establishing an encrypted link between your web server and the clients browser. This ensures any data passed between the two is private.
SSL certificates are issued to companies or legally accountable individuals. It will contain your domain name, your company name, your address, expiration date and details of the Certification Authority. When a browser connects to a secure site it will retrieve the site’s SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
Why are Google (and others) doing this?
Google are in the business of providing search results that sometimes seem almost psychic. They are also in the business of providing a safe environment for their users. They have deemed that the risk posed by non secure sites warrants this action. If websites are not encrypted it is possible for a third party to intervene either way to replace the website or steal the information you key in.
How do you get a SSL certificate installed.
It is possible to install one yourself if you have access to your website control panel. You can purchase on through an issuing authority. It is usually easier and cheaper to get your hosting company to do it. A word of warning though, I have installed a great number of these in recent weeks, mostly on WordPress sites. Not one single site has had a trouble free installation. The most common problem is mixed content. If your site is pulling a resource (and you may not even be aware it does) using http instead of https there will be warnings about the site not being safe, With WordPress that usually comes from the theme or plugins. It can also come from your content, especially in widgets, so before you install it make sure you have someone who can fix these problems. The scripts will need to be updated, and in some cases plugins or themes replaced. Also make sure you do not force the use of https until the problems are sorted.
What happens if you do nothing?
Your website will continue to operate normally, however there will be warnings that the site is not secure in Chrome and Firefox. You will eventually lose position in Google to competitors who do have SSL installed. So is doing nothing an option? I don’t think so!