Over the course of this year Google, via their Chrome Browser, have started highlighting sites that are not using SSL Encryption (HTTPS) as non-secure. In the coming months this is going to continue with sites that have pretty much any type of form being flagged, and prompted, to the visitor as non-secure. As you can image this can and will have a pretty big impact to site views and form compilations. By all accounts it will also start to affect SEO processes, but i think that is different topic altogether.
So what is a secure web site and why is this now an issue?
Lets start with the fact that SSL or HTTPS sites have always been around. Typically they are seen on your Banking Web sites and the Shopping sites where you are entering senstive information like passwords and credit card information. The HTTPS part of the request would encrypt the data being entered and submitted so it couldn’t be taken by hackers watching the sites. On a standard web site using HTTP (note the S is missing), anything that is browsed or submitted through a form is not encrypted and essentially passed over the internet in clear text. Not so good if you are putting in your credit card details as they could potentially be picked up as they travel through the inter-webs.
The HTTPS sites would show you the little padlock and give you a sense of safety on the site. Here is an article with a bit more information and back ground – https://nakedsecurity.sophos.com/2016/09/09/google-to-slap-warnings-on-non-https-sites/
Essentially it is Google who are pushing for a more secure internet, and they want all sites to be secure to protect users as they visit sites. A good initiative but with anything like this it adds some complexity and cost to your standard web hosting package. Essentially any of your sites that have a form of some description, and if Google have their way all web sites, will need to have an SSL Certificate installed otherwise it will be made very clear to the visitor that the site is not secure.
How to update your web site
There a few ways to achieve this protection on your web but essentially you need to work with your web hosting partner to purchase an SSL Certificate and install this to your web hosting environment. In some cases this will then mean a conversation with your web developer to ensure your site is running HTTPS and all pages are referencing this correctly.
- From your web hosting your will need to create a certificate request. The specific process will vary depending on the platform and provider, but the terminology should remain the same – A certificate request or CSR
- This request file gets provided to the SSL Supplier. There are a few around such as GeoTrust and Comodo and prices vary depending on your specific requirements. But for a basic web site an Quick SSL or Rapid SSL Certificate will be fine
- One you have paid for the Certificate you will be sent a Certificate file which is then uploaded to your web site and is linked to the certificate request that was completed
- You will now have the ability to assign the Certificate or SSL to your web site
- You can now browse to https:// to get yo your site.
Working with your developer you can then do some things like update the site to ensure that anyone who visits always gets redirected to the https pages to ensure they are protected as they browse your site. Your visitors will see the little padlock in the browser confirming the status.
We have just started the process on our main site and now have the SSL encryption almost in place, but it certainly has had a bit of an impact. Many of our pages and embedded images seem to have been hard linked to the old HTTP Location so it has caused a few little hiccups but all in all our site, and our main form based pages, are now SSL Secured.
We have leveraged a 3rd party platform know as Cloud Flare to make overall management of the SSL Certificate process a little easier, and allowed us to incorporate some additional layers of protection. This still required the upload of the certificate to the web hosting and quite a few changes to our WordPress site. As you can see there are a few different ways this can be done. In any case it is going to require some time and discussion with your web partners. If you need any clarification talk to your web hosting provider or developer and if you don’t feel like you are getting anywhere feel free to reach out for some direction and advice.