If you own a website then you absolutely need to know about this big change coming for a Secure Internet in 2018.
There is a push by some major players on the internet to force website owners to implement security using SSL the (Secure Sockets Layer) protocol starting in 2018.
Most websites currently use the insecure HTTP connection.
This means that the identity behind the website is not verified, and the communication between a device (computer, tablet, smartphone etc) and the website being visited is sent in clear text and can be intercepted and read by others.
To make a website secure the owner needs to purchase and install a security certificate called SSL (Secure Sockets Layer).
SSL certificates are issued by recognized authorities and will verify that the website and those behind it are legitimate.
The verification confirms to visitors that you are who you say you are giving them confidence.
This helps protect a website against phishing which is when another site attempts to impersonate a legitimate site.
The second thing an SSL certificate provides for a website is privacy by encrypting the communication between the device and the website.
This means that your communication cannot be intercepted and read by anyone else.
This is particularity important for websites that handle sensitive data such as passwords and financial records.
This encryption all goes on behind the scenes and is indicated to the user in the address by either the URL (website address) being preceded by HTTP: // (insecure connection) or HTTPS:// (secure connection)
There are other indicators of a secure connection which are dependents on the browser and try of the type of certificate being used. These include a closed padlock appearing before the URL, and part or all of the web address bar being shown in green.
WHY DO WEBSITE OWNERS NEED TO IMPLEMENT SSL?
There are a number of ways website owners are encouraged to switch to a secure connection including:
Chrome is Google’s own web browser and they have just announced a major change with regard to website security that will impact on almost every website and potentially cause confusion and concern to visitors.
In September Chrome announced that beginning in January 2018, they would start flagging websites that use the insecure HTTP connection to transmit passwords and credit card data as insecure.
A warning will appear in the address bar of the browser and will call users’ attention to the fact that their personal information could be snooped or stolen.
This is a good thing and anybody aware of security should welcome this change.
The concern is that they plan to eventually roll this out to all websites.
They have indicated that this warning will next be rolled out to HTTP pages when a user visits them in the browser’s “Incognito” mode, and finally, the warning will roll out to all HTTP pages.
This means that if a website does not have an SSL certificate installed providing secure encrypted connections (HTTPS://), then the browser will issue a warning that the site is unsafe.
This can potentially cause confusion and concern with visitors that the website they are visiting is insecure and even dangerous.
Secure websites using SSL have been around for a long time and while many people are already aware of it, there
Both Mozilla (Firefox) and Apple (Safari) have announced similar initiatives with their browsers.
Earlier this year Apple also announced that it would require app developers to force HTTPS connections for iOS apps by the end of 2016.
In addition to the insecure website warnings, Google Chrome will also reduce the functionality available on its browser when visiting insecure websites.
Search Engine Rankings (SEO)
There is another reason for website owners to move to secure connections.
Back in August 2014, Google announced the SSL/HTTPS would be a ranking factor for their search results.
In 2015 I made a video about this and at the time the SEO benefit seemed negligible. As is often the case with Google they announce things in advance of full implementation and I suspect this is the case with SSL certificates.
Check out what I had to say back in 2015:
"Protect your web services with SSL"
I expect to see the Google search results reflect this move to secure website connections.
Until now only e-commerce and websites that dealt with sensitive information were considered to need an SSL certificate.
These changes will effectively force all website owners to move to using a secure connection or be penalized.
You can ignore this change, and I suspect most website owners will, but those that make the change will have an advantage over those that don’t.
With major players pushing for secure website connections, it makes this move is something I believe every website owner can’t afford to ignore.
In general, I welcome this change as it will make the internet that much safer for everybody and increase awareness of security.
The first thing you need to do is check your current hosting to determine if you can install an SSL certificate.
The majority of websites, especially on cheaper hosting, use a shared IP address. To use HTTPS you actually need a dedicated IP address.
You should be able to add a dedicated IP to your hosting for a few dollars a month. Depending on your host and the support they provide some will also help you install the certificate.
You may also need to edit all the pages on your website to ensure every object (such as an image) is referenced using HTTPS otherwise a warning will appear in the browser which is exactly what you are trying to avoid in the first place.
SSL certificates have become more affordable in recent years. You can buy an SSL Certificate from as little as $10.99 per year from the SSL Store.
The SSL store has all the most trusted SSL Security Certificate providers and a price guarantee not just to match any other advertised price – but beat it!