“Have you noticed when using Google Chrome recently that some sites say ‘secure’ and have a green padlock in the top left before their URL? Those websites look like the first one on the right: In the last week Google have made some changes that mean any site that isn’t secure now has a horrid red exclamation mark and ‘not secure’ written just before their url – see the second pic on the right :
So what’s this green padlock stuff all about?
s it just another ruse from Google to keep us on our toes? Or is there a valid reason for this sudden and quite blatant ‘shaming’ of non secure websites.
The short answer is that it’s been in the pipeline for a while but it’s only now – January 2017 that people other than SEO geeks are really finding out what Google were on about when in 2014, they announced they wanted HTTPS to be used by every website on the web. Google want HTTPs to be used for three main reasons – but before we analyse those reasons – you may be wondering what HTTPS and SSL are:
HTTPS is the acronym for Hypertext Transfer Protocol Secure. It is a protocol used for secure communications over a computer network, like the internet. Communication over HTTPS is encrypted between the client and the server so eavesdroppers don’t listen in, no one messes with the data, and your website data isn’t forged.
And what is SSL?
SSL is the acronym for Secure Socket Layer and is often used interchangeably with the term TLS – Transport Layer Security. Both are cryptographic protocols that help encrypt communications over a computer network. Typically, if a website wants to encrypt the transmission of its data between the server and the client, they would purchase an SSL certificate that contains an encryption key that is placed on the server.
The Three reasons Google has for insisting that we secure our websites wth HTTPs and SSL
Authentication – addresses the issue of verifying the ownership of your website. Believe it or not, there are people out there that make replicas of websites and divert traffic to it in an effort to steal from you (those web violating odd balls whose motivation most right thinking humans can’t work out!) You now know that you need to check for the Green Lock in your browser before entering personal information into the website. You can go one step further and verify the SSL certificate to make sure it actually belongs to the website you’re on.
Data Integrity – concerns whether or not the data on your site has been tampered with while it’s zooming around the interweb. If someone know’s what they are doing and your website is not secure, they can mess with the data transmitted from your server back to the client. The form submission that the client just sent could go to a hacker and not to you!
Encryption – refers to the security of communications between the client and the server so that no one else can read them. This is a key point for commercial websites that are processing personal data. So while it’s extremely important to encrypt the transactional data on an ecommerce website, it’s equally important to encrypt the data submitted using basic forms.
So what does an SSL Certificate Cost?
The cost for an SSL certificate will depend on your site’s hosting provider, who they buy the certificate through, and the type of certificate they buy. There are three types of certificates.
Single Domain – This type of SSL certificate is only valid on one domain URL
Multi Domain – Also known as a Universal Communication Certificate (UCC) this secures multiple domain names and multiple host names within a domain name. You would set a primary domain and can add up to 99 additional Subject Alternative Names (SANs) in a single certificate. This is great for businesses with multiple sub domains and URLs for different service, product lines or geographic locations
Wildcard – This type of certificate is for securing all of the subdomains you may have for a single domain.
When selecting your SSL Certificate, please consult with your web hosting company, or Digital Consultant to make sure you are selecting the best option for your business.
2017 is the year of https and SSL!
Back in 2014, Google said that if your website was HTTPS it would give that site additional ranking signal in search results. This is a good thing for the SEO of businesses that have websites that are competing hard with other businesses for position Google results pages. Google also said they wouldn’t penalize the websites that are not secure. Well, at least not with their algorithm. Since then Google has conducted a number of studies that concluded that visitors do not consider the absence of a “secure” icon a warning. But it should be. This is why Google is taking the extra step to warn users of its browser (which is used by more than 55% of internet users!) that the site they are visiting and about to enter their sensitive information into – is not secure.
What’s the actual process of changing my site from HTTP to HTTPS?
At SYSTEMYZED™ we want to help our clients make this transition as simple as possible with little to no interruption to your website. The problem is there are potential issues that can happen, which is why we believe this is not a DIY project. Here are a few of the things we will need to do to get your website converted to HTTPS:
Help you secure the right certificate for your website if you are hosted with SYSTEMYZED™
Install the certificate on your website.
Update the configuration of your website to point to HTTPS instead of HTTP
Redirect all incoming requests for your HTTP website to the location of the HTTPS
Re-verify ownership of your website in Google Search Console and update the sitemap location.
Update your web property’s configuration in Google Analytics.
Test and confirm that the conversion was successful.
Keep in mind that while the domain of your website is not changing, the address to get there is. HTTP and HTTPS request your website from two different ports on the web server. Because of this, there is a risk that the traffic to your website will drop briefly as Google works to re-index your site.
From here, there are a few things to consider. If you have any marketing tools or digital adverts pointing to your website you will want to update the URLs they are pointing to. While redirects will be set up to send HTTP request to the HTTPS URL it’s still best practice to change them as redirects slow the request time and could decrease visitors and conversions.
What do I do next?
Our recommendation to all clients it that you make the switch to HTTPS with immediate effect. In 2017, every new website project we take on will include HTTPS and SSL in the contract. We want every website we make going forward to be secure, especially WordPress websites. Matt Mullenweg of Automattic, the creator of the WordPress project, is heavily advocating that all WordPress websites to be hosted on HTTPS as more and more features in WordPress will require it.