SMG Tips: Google Security Alert. Act before July.

Google Chrome will soon mark your website as “NOT SECURE” if you do not have a Secure Certificate (SSL) on your website by July 2018.

This means whenever someone accesses your website using Google Chrome, a warning will appear in front of the website address saying your website is “NOT SECURE.” This has enormous implications for your credibility. Anyone looking at this warning will naturally think “I’d better get out of here! This site is not safe or not secure! Or worse – this business is dodgy!” In addition, not having a SSL certificate will affect your search engine rankings.

Over the last few years Google has been phasing this change in by placing an information symbol at the start of the website address. When you click on the top left info symbol a warning will pop up saying:



Currently, if you try to fill out a form or enter details on the website, another warning will pop up saying “Not Secure” at the start of the website address as shown below: 

However in July 2018, with the release of Chrome 68, Google is ramping up it’s security and will mark all HTTP sites as “not secure” right from the initial search.

 

This means any website without an SSL certificate will be marked as “Not Secure”.

See full release from Google here: https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

You might not have heard of Google Chrome but estimates say up to 65% of internet users regularly use Google Chrome when searching the internet.

The solution is to install a SSL Certificate and fortunately it is a relatively inexpensive solution. There are lots of different types of SSL certificates but we recommend three different ones

1/ Our Auto SSL Server certificate (Suitable for most websites) – $149 once off cost

2/ A validated certificate where the SSL company check validate the owner of the website (More trusted and recommended for E-Commerce websites) ($240 for 3 years)

3/ An Extended Validation certificate that actually puts your business name next to the security lock in the browser website window ($140 per year). This is the most trusted type of certificate as it is validated and adds your business name to the URL. Example below

Phone 07 3341 7224
Email [email protected]
 

Now for the detail:

What’s an SSL Certificate and why do I need one?

If you would have asked me if you need an SSL certificate for your website 12 months ago and didn’t have an E-Commerce website that took payments, I would have said, “Don’t Worry about it” but a lot has changed in 12 months and now the answer is “Hell Yes !!”

SSL is short for Secure Socket Layer. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. An SSL is the certificate that puts the https:// in front of your website address. It also displays a padlock symbol in front of your website address to show your website is secure.

Here’s an example of what it looks like in front of our website address:

The SSL encrypts the content from the viewer’s browser to the server so that any input into your site cannot be seen by any third party.

Previously we were only worried about credit card details being intercepted due to potential fraud, so we only put SSL on E-Commerce websites. That was until Google decided that it would be safer for all web users if all websites used an SSL.

So this is what Google did:

GOOGLE – SSL AS A RANKING SIGNAL

1/ Google started sending out hints to website designers some time ago that using https:// (SSL) on their websites would help to get a better ranking in searches on Google.

Although they said it was a “weak” ranking signal, a lot of website designers and people interested in Search Engine Optimisation jumped on this and started implementing SSL certificates on the sites that they managed. If we are doing Search Engine Optimisation for clients we will add an SSL as one of the things that we do to get better rankings but it’s not something that we would do alone and expect a great change.

Google saw a lot of websites starting to use SSL certificates but still weren’t happy so they have put another more convincing plan into action.

GOOGLE CHROME – SITE IS NOT SECURE

2/ Google Chrome is Google’s browser and it’s got a huge chunk of users (Some estimates are as high as 65% of your website visitors are using Google Chrome). To help webmasters to think about using an SSL for their websites, they started to mark websites that had any input fields such as a login, an enquiry form, credit card input etc etc as insecure when they didn’t have an SSL.

It looked like this:

If you open your website in Chrome and go to a page that has an input field you will probably see what I am talking about if you start typing into the input field – for example on an email enquiry form.

Google is continuing with this strategy and as previously mentioned from July 2018 is ramping it up even further.

THE CONCLUSION

Based on the points above we now think that it is essential to add an SSL certificate to your website. There are various types of certificates so here is a quick summary about how we can help you:

a) If you have a website that doesn’t take Credit Card payments then we would recommend a server AUTO SSL certificate.  This one is great for simple websites as there is only a once off install fee to configure on your site and point the website to the SSL certificate with no ongoing cost.

b) If you have a website that takes credit card details through it, then we would recommend an Authenticated Certificate that goes an extra step in confirming the owner of the domain. These certificates have a yearly cost.

c) If you would like to show your company name at the start of the browser bar to add an additional layer of credibility such as shown below we would recommend an Extended Validation Certificate. This certificate also has a yearly cost.

We can help you work out which certificate you need and help get this problem sorted for you before the final changes from Google come into effect in July 2018.

Please call us today on 07 3341 7224 to discuss your website security certificate (SSL) and get things moving.