Google has started penalizing websites that do not have an SSL (https://) in thier URL. Even though I haven’t posted about it, I Heart Blank has been taking steps and measures to get our sites secure. As you know, I like to keep people educated so they can make the best decisions for their business. So here’s the deal so far…
What Is SSL / TLS?
So before we get into it, the simple question everyone asks me is, “What the hell is an SSL?” The simple answer is it makes your website secure. Traditionally, an SSL is used when transferring sensitive information across the internet like entering your credit card number on a website. a2 Hosting has a little more in-depth explanation if you’re interested; “SSL (Secure Sockets Layer) enhances a web site’s security by providing two important features: encryption and authentication.”
An article over at Gizmodo also has a good ‘beginner understanding’ of SSL’s too:
[SSL’s] encrypt all of the data you’re transmitting. Anyone who happens across the traffic coming to or from your computer when it’s connected to an HTTPS site can’t make sense of it—they can’t read it or alter its contents.
Google, Google Chrome & SSL
The basic ‘deal’ is that Google (since 2004) has ranked website’s more significantly with SSL’s in search results. Starting in January 2017, Google Chrome (starting at version 56) will show a more prominent warning for sites that are not SSL, attempting to make a shift to get the whole internet secure. I’ve even experienced websites where Chrome shows warning pages for WordPress login pages. According to WP Loop:
At the moment Chrome is not explicitly labeling HTTP sites as non-secure. However, with version 56 (coming out in January 2017) it will mark sites that collect passwords or credit cards as non-secure if they use HTTP.
If your curious about reading more here are some articles about it:
- Google will soon call out websites for not being secure (CNN Tech)
- Google to Further Penalize Websites Lacking SSL in 2017 (Valet)
- Moving towards a more secure web (Google Blog)
This, all-in-all, is good news. Making your site more secure is a great thing.
How To Check For SSL?
So, for you, the first thing you should do is see if your site has an SSL / TLS. The easiest way to do this is to see if there’s an “s” at the end of your http://, so it should be https://. If your site has an SSL, you’ll also see a green padlock next to your URL.
Let’s Encrypt Is A Free, Great Solution
When I first heard about this I got a little ‘fired up.’ SSL’s can cost anywhere from $60 – $120 per year (on the low-end.) I have clients who might think of this as an inconvenience, and explaining why they need it could be even difficult.
Then I learned about Let’s Encrypt. Let’s Encrypt is a free SSL service. Which means anyone can get their site secure for free. It’s sponsored by a lot of the big dogs including; Mozilla, Cisco, Facebook, Google and more. In June 2017, Let’s Encrypt hit 100 million certificates. It is the most popular option out there.
There are a few differences between Let’s Encrypt and a traditional SSL, like a warranty / insurance for the SSL (anywhere from $10,000 – $250,000.) If you’d like to read more, a2 Hosting has a great article about what the differences are between Let’s Encrypt and traditional SSL’s (or CA’s) including; extended validity, warranties, support, customer vetting, certificate options.
Should you pay for an SSL or get a free one?
Most ‘general’ sites can definitely get away with a Let’s Encrypt SSL. Having a simple contact form on your site doesn’t necessarily need a warranty on it. Some e-commerce sites that use PayPal or a third-party for payment processing can also get away with Let’s Encrypt. This is because the transfer of sensitive data is done on PayPal (or another third-party site) and not your website.
New Hosting / Free SSL
As most of you know, we recently got a new hosting company back in February. The amazing news is that if you’re hosting with I Heart Blank / I Heart Sites, Let’s Encrypt is automatically installed on all accounts. If you have experience with WordPress and SSL’s, you’re welcome to log into your cPanel (and/or WordPress) and update it yourself.
Any / All new accounts set up with I Heart Blank will automatically include a Let’s Encrypt SSL.
If you don’t have experience and still don’t know what’s going on but you know you want an SSL…
Let I Heart Blank Set Up Your Let’s Encrypt SSL
I’ve converted a whole bunch of sites to a Let’s Encrypt SSL over the past few months. Most ‘normal-sized’ websites take about 30 minutes to complete. This does not account for any issues that may come up in the process due to the websites Theme, code, etc. but as a general rule-of-thumb you can expect it to be about 30 minutes (maybe around $50, one-time.)