If you’ve missed it, there’s a lot of hype going around right now about Google flagging sites without SSL certificates.
Whether you’ve seen this before or are just hearing about it for the first time, you may be now thinking:
- What is SSL??
- Why do I need it?
- Is this really something to pay attention to, or just the internet freaking out again?
You’re not alone if you have any of these questions.
But this time it is something pretty important, and eventually everyone with a website is going to have to think about SSL – and pretty soon.
We use & recommend SiteGround for hosting – you can get SSL for free, and right now they will also migrate your website for free. Or you can ask us for help with that.
(Affiliate link – but we only recommend it because after research and trying a lot of other options, we found & now use SiteGround for hosting ourselves & love their speed, reliability & customer service.)
The security of your site and of your website visitors’ information is only going to become more and more important and not just for e-commerce sites taking credit card information.
It’s being talked about now, but it’s been heading this way for a while – in rankings and warnings, not having SSL will increasingly penalise you, and perhaps cost you the confidence of your customers.
Having “Not Secure” in red in the address bar of your site is not exactly going to inspire confidence, is it!
Do you really need SSL?
If your website is very basic, static and purely informational and you don’t have any forms collecting any information whatsoever – not even a Search bar – then it’s not such a big deal. (There seems to be a coming push though to make ALL sites secure, so it may have an impact down the road – and may already have a slight impact on search rankings.)
But most websites aren’t so basic.
If your site collects ANY information from people – emails, passwords and especially credit card information – then yes, you should have SSL. Really, it’s something you probably should have had already, but it’s been something people don’t always know about. And it’s only now that Google – and other who will be following suit – is making it an even bigger deal, that people are even learning what it’s all about.
You probably have taken it for granted on bigger sites you use – Amazon, Facebook etc. They are all secure, and they’d want to be!
But that has set us up to be fairly trusting of everywhere we put our information – if we know it’s a legitimate website, we assume it’s going to keep our information safe. A lot of people may not even think to check for that little padlock symbol.
But without SSL, your information is vulnerable and open to being intercepted and stolen by people who are not so legitimate.
So what is SSL?
When your website collects information from readers or customers, or has password protected pages or membership login, an SSL certificate encrypts that information so that as it is passed between your website and server, it is protected.
Kind of like when you cover the keypad while typing in your pin code at the ATM so the person behind you can’t see it – but a lot more high tech and reliable than that. 😉
This is especially important for a site that takes credit card details or passwords, but it also applies to any form people might fill out on your site. Even if they are just entering their name and email address in a contact form, this is all information most people would prefer to stay private!
How do you tell if a site is secure?
You can tell a site has an SSL certificate because the address will begin with https:// instead of http://
You should see a padlock symbol also, and the address bar may display the word ‘Secure’.
Depending on the extra features the site has paid for in their SSL certificate, you may potentially also see the name of the business, and the whole address bar may turn green.
But as long as their is the padlock at the very least, the site is secure – the rest of the features add more layers of reassurance and validity in a customers mind, but cost more to have and aren’t essential.
(Please note: this doesn’t mean that a site that does have an SSL certificate is automatically safe and legitimate – scam sites can easily get SSL too. So still only use sites you know are real.
It just means that your legitimate site is secure, looks extra legitimate, and is free of scary warnings for visitors.)
And why is SSL important?
Google is very soon going to be delivering warnings to people visiting sites that are not secure – and already has been in certain circumstances since the start of 2017.
In Chrome, it will quite literally say “Not Secure” up by the site address in red writing, letting them know their information is not protected when they go to enter it into any forms you have on your site – whether this is for mailing list sign ups, contact forms, or during the checkout process in your online store.
Currently for most non-secure sites the only warning is just the absence of the padlock symbol, which people don’t always check for.
But soon, if your site has any sort of fillable form field for any reason and no SSL, Google is going to actively warn people.
You can imagine if you got that warning on someone else’s site, it would make you feel nervous about entering your info. It might even make you think twice about using the site at all.
So you can see why the push to make all websites secure with SSL is going to be important – you don’t want to lose the confidence of your readers & customers, which would also cost you sign ups and sales and business.
People may not have always noticed or been aware of secure vs non-secure sites in the past, as it was just the difference usually between the little padlock symbol or no padlock symbol. So if people didn’t check, they didn’t notice.
But now that they are actually going to start being warned about the security, that’s a completely different matter.
Currently this is just applying to Chrome, Google’s browser. But Chrome is a popular browser choice across all devices, and I don’t imagine it will be long before other browsers follow suit with pushing all sites to be secure.
So this is real, not hype?
Afraid so. This is not meant to freak you out. I am the first person to dismiss internet freak outs – like every time a post goes around that Facebook is going to start charging, or so and so is doing such and such and you are but mere pawn in their evil games… I take it all with a grain of salt.
But I hope I’ve explained how this could have a real impact on your business site, because of the way ‘Not Secure’ warnings will very likely impact customer confidence in using your site.
And so, calmly and with no freak outs, we would definitely recommend you get SSL for your website. Your site is not going to suddenly implode if you do not do it this minute, but add it to the top of your to do list.
So now what?
If you’re setting up a new site, go with hosting that includes a free SSL certifiate and make sure this is installed right from the start. This ensures there’ll be no glitches later (as the url changes from http to https.)
If you’ve already got a website, your hosting may include SSL for free – many are now. Get in touch with them if you’re not sure.
And if your hosting doesn’t include free SSL, we recommend switching to SiteGround for hosting – you can get SSL for free, and as of writing this they will also migrate your website for free.
If you have multiple domain names or subdomains, a bigger e-commerce set up, or a few other needs, there are more advanced options for you that may require some payment. Get in touch with us or with your hosting company for advice.
Any more questions? Please get in touch!