Is your website protected with a Secure Sockets Layer? If you don’t have the “https:” prefix on your site, then the answer is probably, “No.” Unfortunately, this might cause problems getting and retaining visitors in the near future.
In fact, Chrome users will get an SSL warning starting in 2017 which may hurt your site’s performance.
What does this mean? Users will see a clear message stating if your website is safe for use. This includes both URLs as well as entry fields on the website.
Currently, your browser may already show “Secure” and “Not Secure” messages in the address bar after a page loads. This tells visitors whether the website is using SSL certificates or not.
As of October of 2017, this applies to everything from actual domains to filling out online forms.
What, Exactly, Will This Change Entail?
Google is constantly promoting security and safety in the online universe. Because Chrome is a Google product, it only makes sense that those users will have the greatest advantage in finding secure websites. After all, more than 60% of all Internet users are browsing with Chrome.
Warning of Domain Names
When you visit a website, Chrome will display a “Secure” message with an icon of a lock if there is an SSL present. Otherwise, you’ll see a grey message stating, “Not Secure” with an icon of an exclamation point.
Now, I’m not saying that all non-secure websites are bad. However, they are the ones that pose the most risk to visitors’ security.
Entering Data On a Website
Many people will use contact forms and other elements to collect information from a visitor. After the Chrome 62 update, visitors will also be advised if they are using a secure site to share information. Even using a search field on a site can display if it’s a secured interaction or not.
How Not Having SSL Will Affect You
Since the Penguin algorithm change in Google’s search engine in 2012, the company has been diligent about providing quality and security. Questionable content is often buried deep while more rich materials and information bubble to the surface.
These changes have advanced to the point where sites with SSL certificates are viewed in higher regard by the search engine giant. This means those with the “https:” prefix on their sites perform better in results pages.
This, in turn, leads to more site traffic.
If you own an eCommerce site or other online business, SSL protection is vital.
In today’s Internet-driven world, trust is everything. The fist thing a lot of people will notice is the message of security in the web browser. It can quickly affect a person’s opinion about a website before he or she even begins to read the content.
Even blogs need to have a layer of security whether they store information about a user or not. In reality, up to 61% of online consumers in the US make purchases based on what they read in blogs. Now, imagine they see a security warning on a site before even reading the content.
It all boils down to if a visitor will feel safe using your website. Hackers have a variety of tools to invade a person’s privacy especially if a website is not encrypted through SSL.
And with cyber attacks running rampant on the Internet, people are more apt to trust the simple green sign that says, “Secure.”
Keeping Your Site Safe with SSL
If you don’t have an SSL yet, don’t worry. It’s really not all that difficult to install one. In fact, you can find SSL certificate services that are cost-effective and quick to implement.
If you use content management systems like WordPress or Joomla, setting up SSL on your site is relatively easy. In fact, you can install plugins for WordPress that automate a large portion of the work. The best part is may of these systems are free to use outside of the annual fee for certain kinds of SSL certificates.
Reasons to Have SSL Outside of Google Chrome
A website appearing secure according to Google is only one reason why you should invest in an SSL certificate. Here are some reasons that should make anyone contact customer support today and have it installed.
Protecting Users
The SSL encrypts data from your site to the visitor and back. This makes it far more difficult for hackers to intercept information during transit. It’s kind of like having your own personal tunnel to and from a store that no one else can access. No one is able to see what you’re carrying or interact with your transaction.
Protecting the Website
Without being able to intercept data, some exploits are not easily found in SSL protected websites. I’m not saying that it’s impossible for a hacker to force his or her way into your files and cause mayhem.
However, it does limit what kind of attacks will be successful. Then, those trying to break in have to deal with firewalls and other security measures.
In other words: users can sneak around the guard dog, but they’ll still need to pick the lock without tripping the alarm.
Improving Search Results and Traffic
I mentioned this earlier as Google tends to promote secured websites in search results. The better exposure in the results page alone is often worth the annual fee for the SSL certificate.
Building Trust
A lot of people have misgivings about unsecured websites before Google announced changes to Chrome. Think about it. Would you trust an eCommerce site that didn’t have apparent protection for users? Many online shoppers require SSL before they even consider making a purchase.
Other Ways to Protect Your Website
Although having an SSL is vital to success beyond 2017, you have other options available to protect your content. Here are just a few of the more prominent ones I can think of off the top of my head.
Always Keep Applications Updated
Perhaps one of the most important things to remember when running a website is to keep all of your applications updated. This is because updates are often developed to fix problems and remove exploits. This includes using current versions of software on web hosting servers.
For instance, you can choose to use the newest versions of PHP on GreenGeeks web servers.
Routinely Create Backups
Never underestimate the value of a recent backup. You might not think you’ll need it today, but disasters happen when you least expect them. This helps recovery and reduces downtime in the event something happens to your website.
And it’s not just hackers that cause damage, either. Anything from bad coding elements to server crashes are possible.
Implement Login Attempt Caps
If you have a login screen, like that used in WordPress, implement tools that limit the number of times login attempts can be made. It will greatly reduce the effects of brute force attacks.
If someone doesn’t remember his or her credentials, that’s what the “forgot password” screen is for. Lock the login screen down.
Limit Uploaded Materials
A lot of hackers will use software payloads in the form of a seemingly innocent file. As soon as malware is deployed, it can cause all kinds of havoc within your website. You may not even be aware of some of it until it’s too late.
If you require uploads from visitors, implement strict rules and scan everything.
Be Mindful of User Roles
Some systems allow user registration and interaction within a website. Make sure these roles are not being taken advantage of. For example, you wouldn’t want a basic subscriber having editorial access.
Even if you don’t have registered users, limit the number of people who have direct access to your web hosting account, such as admin access.
Do Not Use “Admin” Usernames
Although “Admin” is the default for many systems, do not keep it. Create a unique administrative username. Because “Admin” is so common, it’s often the first thing hackers will try when attempting to access a website.
Using it will only give them half of the credentials they need to cause some real digital damage.
Enforce Strong Passwords
Too many people try to simplify their logins. Unfortunately, this makes it easier for hackers to gain access. Enforce strong password protocols even if it’s unpopular among visitors and employees. It’s better than what happens if you do not.
Keeping Your Data Secure
Install an SSL today removes the “Not Secure” message in Chrome while providing a slew of benefits for yourself as well as visitors. It’s one of the easiest and most cost-effective methods of security for any website.
From visitors trusting your brand to improving SEO, it all starts with an encrypted website. Get your certificate as soon as possible and prevent your site from slipping in the search results.
So when will GreenGeeks allow clients the option of using Let’s Encrypt?
Hi Jeremy,
We’re actually working on implementing Lets Encrypt now. We anticipate the launch early next year.
Can you give us an ETA on when GreenGeeks will support Let’s Encrypt?
Hi. We are projecting January 2018 to bring support for LetsEncrypt.
Sweet, thank you!
It’s March 2018 — I’m till wondering about the LetsEncrypt support. Is it coming soon?
Hi Greg,
Get in touch with us by opening a suport ticket via our Account Manager, we’ll roll LetsEncrypt out for you. It’s currently in closed-beta. We’re getting close.
Hi. It is April 2018, what is the status on Lets Encrypt?
Hi Fawad,
We are offering a closed beta of LetsEncrypt to customers. You’ll need to log into your Account Manager and request it via a support ticket.