June 18, 2018 ByCheryl Dykstra
If your website collects sensitive visitor information such
as passwords, credit card information, or other personal data – be warned.
Earlier this year, Google made changes that started to mark
websites without HTTPS as non-secure on Google Chrome, Google’s own web browser
that has 59.38% of the browser market
share. That’s way above the second highest used browser, Safari, with only
14.88% market share.
If you haven’t already made the switch to HTTPS and
purchased an SSL certificate to protect visitors and your site, now is the
time. That's because Google has finally put a deadline on this - July 2018.
What Exactly Is
“HTTP (HyperText Transfer Protocol) and HTTPS (HyperText
Transfer Protocol Secure) are both protocols, or languages, for passing
information between web servers and clients,” according to Search Engine
What is important to take away from it is that HTTPS is a
secure connection, whereas HTTP is unsecure. With a standard HTTP connection,
it is possible for unauthorized parties to observe the conversation between
your computing device and the site.
An HTTPS connection adds a blanket of security over that
conversation using an SSL/TSL protocol (Secure Sockets Layer and Transport
Layer Security) that prevents cyber eavesdropping, protects against data
corruption, and authenticates communication.
To ensure the safety of Google Chrome users, Google has
begun to penalize HTTP connections by alerting users of what it is… insecure.
Here is what a non-secure vs. secure web form looks like (notice the URL bar):
How to Secure Your
To enable HTTPS on your website, you must first acquire an
SSL certificate from a Certificate Authority (CA). This acts as a stamp of approval
from a trusted party because it ensures your website is legitimate and secure.
Once you have your certificate, it needs to be installed and
your website will need to be updated. That includes doing a full backup of your
site, changing all your internal links, checking code libraries, updating all
external links that you can, and creating 301 redirects.
It’s also important to update your URLs on Google (Search
Console, Analytics, Adwords), anywhere else you are running paid aids, on all
your social profiles, and across all your top citations.
This process can be very involved depending on the size of
your website and web presence, but the alternative is leaving your visitors
unprotected and jeopardizing their trust in your business.
Google Chrome flagging HTTP sites as unsecure is just step
one of changes soon to come that better protect the privacy and security of
sensitive information. There’s no reason to delay HTTPS any longer.
FAQs About Switching to HTTPS
Here are a few FAQs on what it takes to secure your website...
1. Does it affect me?
If you have a website, yes.
2. What does SSL do?
In short, it encrypts the pages on your website.
3. Why would I want that?
To protect your visitors and to reassure them that the information coming from your website is really your company sending the information. Last but not least, to pacify Google so they don’t tell 59% of the world that your website is not secure.
4. What do I need to do?
1. Get a secure certificate installed on your domain.
2. Change all the pages, links, images, etc. to be served from the secure domain.
5. Why are there two parts to this?
Part 1 is the getting a certificate and installation.
Part 2 is fixing your existing website.
6. How much is Part 1?
If you just need the certificate installed, a 1-year certificate is $50.
Plus $135 for installation. (Depending on your hosting provider, there may be a small additional installation fee from them.)
7. How much is Part 2 (the fixing of an existing website)?
If you have an existing website you’ll also need to get your website working off your new secure domain. (You should only have to do the second part one time). As for how much that costs - it's tough to say. It really depends on how big your website is and how many images and links you have. If you'd like us to give you an estimate, please fill out the contact form at the bottom of this page. Be sure to include your website address.
8. What do you do in Part 2?
We make it so the website pages are secure. In doing so, we will update images, apps and widgets, social share icons and internal page links to make sure all are served securely. Finally, we will do 301 redirects on all the pages to make sure the old insecure pages redirect to the new secure version of the page.
9. Do we need 301 redirects?
If you have an existing website, yes. To the search engines, moving to a secure domain can look like your old website is disappearing and a brand new website is emerging. You want to let the search engines know the page has just moved and is not gone away completely, so you don’t lose your ranking. Google actually said that going secure will help your ranking.
10. If I have more than one website domain, do I have to do them all?
No. You just need to do your primary website domain.
If you'd like to move forward with purchasing and installing an SSL certificate, call the SMT office at 407-682-2222 or fill out the contact form below with your website address and we'll get you a quote!