In late 2014, Google began encouraging businesses to obtain an SSL certificate for their websites in order to create a more secure and trustworthy online ecosystem. Recently Google announced it is now making site security transparent to all users and is therefore forcing businesses into action. The reason for the move is an attempt to make it harder for hackers to exploit security flaws.
In addition, Google announced that it will be rewarding websites with SSL certificates in the search results, but they will not penalise websites within the algorithm that do not have SSL certificates - this means that sites with an SSL certificate may get a ranking boost. As more websites begin making the switch to SSL, it has forced businesses to jump into action to remain competitive within Google’s search results.
What changed in January?
Google’s latest browser update, Chrome version 56, has significantly changed the way it displays websites that do not have an up-to-date SSL certificate, by displaying a ‘not secure’ message to all visitors.
Not sure if you have an up-to-date SSL certificate? An easy way to check is to visit your site and look in the address bar in your browser. If you see your website url beginning with HTTPS instead of HTTP then you’re all set.
What is HTTPS?
HTTPS stands for Hyper Text Transfer Protocol Secure. It’s a variation of the popular HTTP used to display web pages across the internet. The difference in the additional ‘S’ is that HTTPS adds a layer of security by encrypting the data. A normal website is accessed by putting http:// before the domain name, such as http://www.i-com.net. If the site supports HTTPS, the URL will look like https://www.i-com.net.
How will this affect my site?
Any website without an up to date SSL certificate will have a message appear in the address bar that says “Not Secure” on pages that collect passwords or credit card details:
Unfortunately some users may not understand this message and could interpret to mean that the site has been hacked or compromised in some way. This could have a detrimental effect your business by losing the trust of users who will then go elsewhere for what they need.
Any websites that already have an SSL certificate will display the green padlock icon and ‘Secure’ message, as shown below:
What about other browsers I hear you say? Firefox, Safari and Edge will not necessarily display a “Not Secure” message, however they have made similar updates to the address bar to inform users of the site’s security.
For example, Firefox displays a padlock icon with a red line across it to indicate the site is not secure.
Consequently, with Chrome’s market share at around 60 percent and other browsers showing similar security warnings, it would be fair to say that most mobile and desktop browser sessions will be impacted, if not actioned.
What Do I Need to Do?
The first step is determining what type of SSL Certificate you will need:
Single Domain – this type of SSL certificate is only valid on one domain.
Multi Domain – also known as a Universal Communication Certificate (UCC), this secures multiple domain names and multiple host names within a domain name. This is great for businesses with multiple sub domains and URLs for different service, product lines or geographic locations.
Wildcard – this type of certificate is for securing all of the subdomains you may have for a single domain, ie. blog.example.com
The costs of these SSL Certificates vary depending on the number of domains and/or subdomains.
At I-COM we are already underway with helping all our clients understand the impact this will have on their websites and we can help you too. For information on costs and the process of implementing the switch, please get in touch by calling 0161 402 3170 or complete our contact form.