Home > Web Smart

Web Smart...

The Xplore team ponders the mysteries and “scary technical things” in cyber space and shares these with you in plain English.

If you have a question you'd like the Xplore team to answer, please ask us here >>

Why Google is forcing you to add an SSL Certificate to your website

<< Back to news feed
Jayne Millar
12-Jun-2017
General Industry News

Do you have a search box or form on your website? Then you need to switch your pages over to HTTPS by October 2017.

In January this year, Google began a quest to make the web a more secure place for its users. They introduced a plan for Chrome and Firefox browsers to start warning users when a website is not using a secure connection. They did this by displaying a message in front of the website’s URL. This message is designed to deter users from submitting any personal information via the website, as it could be intercepted and stolen by hackers. 

This is currently being shown as an information (i) icon in front of the URL, which (when clicked) displays the message: ‘Your connection to this site is not secure’.

 

 

Google has now released an update outlining the next phase of ‘warnings’ to push website owners harder to move to a secure connection.

“Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode”.

 

Here is a timeline showing how these changes will display in Chrome:

 

Here is a GIF of how it will function:

 

Eventually, Google plans to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle used for broken HTTPS.

 


So how do I move my site from http to https?

To move to an HTTPS connection you will need to apply an SSL Certificate to your website. You may remember our Article from October 2016 (when this issue was first announced), which outlines what an SSL Certificate is, and what’s involved in adding it to your website, however to summarise:

“An SSL Certificate is a third-party security service that uses special encryption between your website and your user’s web browser. Without this encryption, it is possible for hackers to intercept the data users enter into their browser, before it gets to your web hosting server.”


What type of SSL Certificate do I need?

Most websites can make do with a free SSL Certificate from Lets Encrypt. However, if your website is currently using Xtools, collects and stores more sensitive information (such as proof of identity) or has ecommerce functionality (i.e. credit card payments), you’ll need a more robust certificate.

There are a range of service providers who supply different types of certificates to suit all levels of business needs. These certificates also allow site users to make warranty claims (starting at $10,000) in the case of misuse or a data breach – something Let’s Encrypt doesn’t provide.

The Xplore team can help you to identify which certificate you need and the associated setup or ongoing fees.


What do I need to do?

Check with the Xplore team (or your web developer) to see if a free Lets Encrypt SSL Certificate can be applied to your website. The Lets Encrypt certificate is not compatible with all websites, particularly those built with older code (such is the case with some of our clients with websites built using our xTools software). If not they will help you to decide which paid certificate is the best fit for your needs.


Are there any other costs involved to set this up?

Yes. Even though the certificate itself may be free, there will be an initial one-off setup fee for your developer’s time to:

  1. Generate the initial certificate for your site
  2. Install the certificate on your web hosting server
  3. Setup the server to allow the certificate to be auto-renewed every 60 days.
  4. Ensure any links to your site (or internal links) don’t break when your site is moved from HTTP to HTTPS.

However, if your site can use a Let’s Encrypt SSL Certificate, once the above is complete there should be no ongoing costs.


Do I need to add an SSL certificate to my current website if I’m thinking about upgrading to a new one?

If you don’t want your website to be penalised for being ‘un-secure’ we do recommend that you add an SSL Certificate to your current site, sooner rather than later. Especially if you have a login area or forms on your website). 

If you would like further advice, or are thinking about upgrading your website, contact Xplore today to talk through your individual requirements.


Whilst it may seem like Google bullying you into adding yet another element to your website, their intentions are good.

Hackers are becoming more brazen, as seen recently with the global cyber-attack by WannaCry ransomware, which affected hundreds of thousands of computers and devices Worldwide.

It is our responsibility to protect the information our visitors submit to us via our websites. Wouldn’t you rather play it safe than sorry, for their sake?

More related articles:

Search Web Smart:

Go on! Treat yourself.

• Subscribe to our blog

Xplore our spam:

Chomp down on our monthly bite sized chunks of fun and fascinating web marketing advice, emerging trends and what we’ve been up to.