For a long time now Google has been increasing the importance of HTTPS and having your website on a secure server. In January they started marking http pages that collected passwords or payment details as non-secure in the Chrome browser as shown below:
Following the release of Google Chrome version 62 later in October Google will be expanding on the warnings introduced in January so that any page with a form that is running on a http connection will be marked as insecure. It is important to realise that this does not simply apply to contact or payment forms, but to any sort of form. This means that, for example, if your page has a search field on it then it will trigger the warning if the site is not on an https connection.
What Should You Do?
Ezone recommends that if you are considering getting a website built you ensure that whoever is building it for you is going to set it up with an SSL certificate.
If your site is already online then don’t delay as Google are only going to increase the importance of HTTPS in their search results and browser so it will need to be done sooner or later.
There are a number of different providers of SSL certificates including RapidSSL and Symantec and many hosting providers also offer SSL Certificates on their platforms. Lets Encrypt is a popular free option that you can setup on your site if you are comfortable implementing such things on your site.
If you don’t want to have to spend the time working out how to set up an SSL Certificate yourself then check out our SSL Certificate setup service.
A question that many business ask is whether or not they need an SSL certificate for their website. Until recently the answer has been that if your users were entering sensitive information on your website such as name, address or payment details then you absolutely should be using an SSL certificate. However, if your users were not entering sensitive information on your site then it probably wasn’t necessary to have an SSL certificate.
But this all changed recently with Google announcing that they would be aiming to create a safer web:
“To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
This means two things: Firstly, as stated, Google will mark http pages that collect passwords and payment details as non-secure in search results. Secondly it indicates that this will be expanded to include all http pages regardless of content in future.
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
This means that although it may not be immediately necessary to have an ssl certificate from the point of view of being marked secure or not there will come a time in the near future where it is essential.
However, Google have also announced that, in addition to marking sites as secure or not, they are penalising non-https sites position in search results.
This means that whether you are handling sensitive information or not if you want to continue to rank highly in Google search you need your website to be on a secure SSL connection.
What Actually is an SSL Certificate?
Put simply an SSL certificate is a small data file that binds a cryptographic key to an organisation’s details. When installed on a server this allows the website to pass information between the user and the server in a scrambled format that is only decipherable using the cryptographic key. In this way it is possible to pass sensitive information in a much more secure way making your site less susceptible to hackers using methods such as man in the middle attacks.
When an SSL Certificate is active on a website you will see the padlock symbol in the address bar and https (Hypertext Transfer Protocol Secure) in the web address instead of plain http (Hypertext Transfer Protocol).
How Do I Get an SSL Certificate?
SSL Certificates are available from a number of different providers including RapidSSL and Symantec and many hosting providers also offer SSL Certificates.
If you don’t want to have to spend the time working out how to set up an SSL Certificate yourself then check out our SSL Certificate setup service. We’ll guide you through the purchase of your SSL Certificate and then do all the leg work installing and configuring it for you.