The Push for Secure Sites

Starting in July 2018, Google Chrome will start warning users if a site is not secure. Up to this point Chrome would display a neutral icon.  It will now have a very clear statement that an http site is not secure.  This will coincide with the rollout of Chrome 68, the latest version of the Chrome browser.






What does this mean for your site?


Google has been making the push to secure websites for quite some time.  They have even given incentives to https sites in rankings over http sites.  It isn’t a significant push, but one none-the-less.  Google hasn’t come out and stated they will ‘punish’ http websites but, they are giving preference to https sites, so one can argue they are ‘punishing’ http websites.

In my opinion, the biggest concern is user perception. If a user is surfing with Chrome, lands on your site, sees “Not secure”, panic is likely to set in and the user will debate if he/she wishes to stay on your site.  Data security is the hottest issue right now as new stories break about data breaches and data mining of our personal data.   

In my opinion (I do have a lot of them) it is worth the effort and money to ensure your users your website is secure.  The amount of effort and the cost is dependent upon the size and complexity of your website, and whether you can do this in-house or depend upon an outside company or firm to perform your IT functions.  Either way, it is a good investment to protect your site traffic and your users.

How do you make your site HTTPS compliant?

The process to make your site secure is through the use or purchase of an SSL.  SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication.  HTTPS encryption protects the channel between the browser and the website, ensuring no one in the middle can tamper with the traffic or spy on what the user is doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

An SSL can be purchased through your host provider and installed by your IT department or provider.  There are some sites that offer free SSLs, however, not all host providers can accommodate them.  Others cost as little as $25 annually.  

Resources

The best way to navigate through these changes is to understand the process.  The following articles provide in-depth reviews and information on the process of securing your website:

A Comprehensive Guide to SSL Certificates
HTTP to HTTPS: An SEO's Guide to Securing a Website
Using the Mixed Content Audit Tool in Lighthouse

Do NOT Panic

If this article has created panic, please allow me to assure you the process is not as daunting as it may seem.  When my neighbor explains how to repair my lawn mower by replacing the spark plug, I get that frozen-deer-in-headlights look.  While I may understand the words, I have no clue how to do what is required.  That doesn’t mean the task is impossible, expensive, or requires the planet to stop rotating … it only means I need to acquire the assistance of those who have the knowledge and understanding to