Websites that aren’t safe and why HTTPS is important
Whoops! Not Safe Website
Try it out. Now, yes. Check the address bar at the top. Look to the right of the button that says “Refresh.” You will see a padlock, green lock with the word ‘Secure’. This small change makes a huge difference for Google and other people who use the internet.
Websites that have SSL certificates installed, will display the padlock or ‘secure’ text (websites and URLs beginning with ‘https’). In addition to securing your website’s connection, an SSL certificate improves your search engine rankings. All websites will have to be marked as “Secure” in order to rank eventually (and very soon).
Okay, cool – let’s take a few steps back and get stuck in.
Google simply wants to ensure that online audiences are safe. Google basically has a 90% + market share of the search engines – so, Google customers are your website customers. It comes with no surprise that they are coming down heavily on websites that are not secure and are without SSL certificates.
Information collected through online shopping websites, or businesses requiring online form submissions has made website security a major topic for years.
Nowadays users access and share private information more freely than in the past – with the expectation that the website is securely capturing their data.
Think about it, whenever you purchase something online, you expect that your credit/debit card details are being captured securely. Or when you are booking a flight or doing your online drivers license renewal – you expect that your ID or passport number is being captured securely.
Online security is no longer a nice to have – it’s become a must have.
What’s Google done about it?
Google keeps things simple – or they try to. The website is either “secure” or it’s “not secure”.
Pre-2018, Google Chrome started marking HTTP websites with password or credit card fields as “NOT SECURE” in the address bar. This then spread to websites with forms that asked users to share any information (including email addresses, phone numbers, and names).
Post 2018, Google Chrome will mark all HTTP sites as “not secure”. Full-page warnings will be shown to all the visitors of websites without a logged SSL certificate. You must have come across this before.
What’s this SSL Certificate, HTTP & HTTPS stuff?
How do SSL certificates work? The acronym SSL stands for “secure sockets layer.” These certificates are data files, often small and manageable for the benefit of the website, that you can install onto your website.
After the certificate is installed, a lock icon will appear next to your URL. If we’re talking about your URL, you’ll notice that the end of your URL prefix has a “S” added to it. By adding the SSL certificate to your website, you can also do this.
When the certification is put on a web server, this is the biggest difference that people notice. What’s the difference between HTTP and HTTPS sites, though?
HTTP
This is the most basic way for different systems on the Internet to talk to each other. Its full name is Hypertext Transfer Protocol. This is what makes it possible for your website’s data to move from the server to the browser.
This makes it easy for people who visit your website to get to your data. As you might expect, this is very important for getting leads and sales in the first place. Users won’t be able to do anything on your website without it.
This works because HTTP requests go through an origin server, which processes the request and sends a response. Then, it sends responses to the users, who then look around the rest of the website.
HTTPS
When you look at how they work, HTTPS is a lot like HTTP. The only difference is that “secure” comes before the word. This changes the way websites handle requests and answers in a big way.
When a user opens a web page with an SSL certificate, the server makes a private key and a public key. Users won’t notice much difference between an HTTP website and an HTTPS website. This is because they get the public key, and everything else goes on as usual.
But when the user sends information to the server, it is encrypted using the private key, which is the other session key. This makes sure that the communication between the user and the server stays encrypted, which protects the user’s data.
Does my website need an SSL certificate?
People often wonder if they even need an SSL certificate for their website. If the website works well even though it isn’t certified, why would you want to get it certified?
Web site security is the answer. More importantly, you need to make sure that your customers are safe. The customer’s data is safe from simple threats like spyware when it is encrypted.
With the help of the private keys mentioned above, this is what an HTTPS site does. When a customer communicates information to your web servers, it won’t appear as they typed it thanks to the private key encryption. From the outside, it will look like a random string of letters and numbers.
Only your website, which has the key, will be able to decrypt and read the message as it was sent by the customer.
Where can you get an SSL certificate?
Certificate Authorities that you can trust can give your website an SSL certificate. Only a small number of trusted CAs are able to make certificates that operating systems and other devices can read. What’s great is that most operating systems have lists of these trusted CAs.
If you’re presented with a certificate that’s not from one in the operating system’s list, then your device will show a series of error messages. Before getting certified, you should look up the CAs that the operating system of your device trusts.
What does it mean for my SEO if I have an SSL certificate?
Does an SSL certificate have any effect on SEO? Yes, it does, and it does so in many of the same ways as the other SEO trends of 2021. Here are a few ways that getting an SSL certificate can help your SEO score.
More steps to keep people safe
As was said above, SSL certificates do a lot to make sure that your website is safe. It not only encrypts the messages between you and your users, but also everything else on your website.
This makes customers feel safer on your website, which wasn’t the point. This is also why Google gives certified sites a boost to their SEO scores as a reward. This is a simple way to beat most other websites.
Rates of conversion have gone up.
Customers are more likely to do business with you if they feel safe on your site. Your conversion rates are one way that this increase in engagement shows up. This means that more different users and visitors will buy your products.
The more people who interact with your site, the higher it will rank on the SERP. This is because search engine bots like websites that are always changing. They will get more people to visit the active website in case they are also interested in the product.
How can I tell if my website is in trouble?
Type your site’s URL into Chrome and look to the left of the address bar to see if it says “Secure.”
If it does, you should be fine. But perhaps not entirely. You probably should read the next part.
If it doesn’t, you need to use HTTPS as soon as possible to protect your site.
Not having faith in the Symantec certificate authority
Google then announced its plan to disfavour Chrome’s trust in the Symantec certificate authority with an aim to sustain the security and privacy of users when browsing the web. (https://www.infoworld.com/article/3184482/google-to-symantec-we-dont-trust-you-anymore.html)
Why is it important to have a safe site?
Even if you don’t collect any information on your website, you should still make sure it’s safe. This is why:
- Better SEO rankings: Websites that aren’t secure will be penalised and pushed down the list.
- Security: HTTPS keeps hackers from getting to your website and the information about your users. Setting up a secure HTTPS site is the least you should do to protect your site.
- Updated browser labels–Your website users will feel safe when they see your site marked ‘Secure’, and in turn more confident to use your website.
- Increased conversions–Research shows that more than 80% of people would give up on a purchase on a site that wasn’t secure. Customers are much more likely to buy something from your site if they know it’s safe. There’s also proof that having a secure site can help bring in more leads.
Ok, so SSL Certificates are important and I don’t have one. How do I install an SSL Certificate? Well, it depends on how your website was set up and generally we recommend a webmaster to implement an SSL/TLS Certificate as it’s not worth the hassle if not done correctly. So, if you’re sure you can do it yourself, here are some instructions on how to install an SSL Certificate:
Before making big changes to a website, you should always make a backup of it first.
Adding SSL to your WordPress website:
WordPress makes it very easy to set up an SSL. The Really Simple SSL plugin(https://wordpress.org/plugins/really-simple-ssl/) is being used.
Log into the WordPress administration dashboard and go to Plugins > Add New to install the plugin. Find Really Simple SSL, then click the Install Now button.
You should get a message that says “Almost ready to move to SSL.” Click Go ahead and turn on SSL to get the process going.
If the SSL is found on your site, it will make the changes to the domain for you. During this process, you will be logged out of WordPress.
Success! Your site’s SSL should now be turned on; log back into WordPress to make sure.
And that’s it! You now have a website that is safe and secure.
Google has made it clear what it thinks about SSL: HTTPS will be the standard, not the exception. So, why don’t you just do it?
We can help if you don’t know where to start. As part of our SEO campaigns, SSL certificates are put in place. Just get in touch with us, and we’ll help you get your site ready for this change.