Google Changes To Your Website Security
Getting Alerts Your Website Security Sucks?
Your website IS your business online. It is a part of your Brand Identity and should be a MAJOR Element in your Marketing Strategy. Yet once again the goal posts and rules are moving as Google forces changes to your website security. If you have an eCommerce site or take money on your website, chances are you already have an SSL (“Secure Socket Layer”) Certificate. If you are a small business like a lot of my clients then its something you’ve never even considered. So what has happened?
In January, Google began their quest to improve how Chrome communicates securely across the internet with the security of HTTP pages. At the moment Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. In a couple of days, (October 2017) Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page (i.e. fill in a subscription form), and on all HTTP pages visited in Incognito mode.
Google’s security plan is to eventually show the “Not secure” warning for all HTTP pages, as in their words, “it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.” Basically Google is doing their best to stay one step ahead of the scammers and spammers and protect your information and data you put out onto the internet through different websites.
It really is a no-brainer that SSL & therefore HTTPS should be used on every website. An SSL Certificate enables the HTTPS protocol to encrypt your Website’s traffic. To encrypt the connection means to secure the data that your visitors provide your website such as their personal information, passwords and credit card information from being intercepted or stolen. This in turn protects your website’s security and your users’ privacy. As an added incentive, Google is pulling out their major draw card – RANKING. Google has made it very clear that it will start penalising websites that are not secured and don’t have an SSL certificate.
How do SSL Certificates work?
At its basic, it encrypts all data sent between the server and the user using a private and public key. The server holds the private key and sends out the public key to be used by the client when encrypting traffic sent from their computer. At the same time, the browser generates a public and private key and sends the public key back to the server so the server has a method of encrypting traffic.
Benefits of having SSL
Firstly, as mentioned above if your website is secured and has an SSL certificate, it will rank better than other websites that don’t have SSL.
Aside from providing encryption, it also creates trust with authentication. Your website visitors are immediately assured that they are sending their information to the correct web server and not to another site pretending to be your website to steal their information. Your site visitors will be assured and actually told via their browser with a lovely green lock and the word secure.
If your website is secured when the visit, they should see this:
If your website doesn’t have SSL installed, it will be marked as “Not secure” like this:
Not Convinced About SSL & Securing Your Website?
If you’re tempted to put off enabling HTTPS and paying for a SSL Certificate for your website security, consider these things:
- Your WordPress admin & other login passwords can be intercepted without SSL/HTTPS
- Any details your users submit via your website can be stolen
- Your WordPress site will be insecure and can be hacked
- WordPress now recommends HTTPS usage
- Browsers are starting to show security warnings for non-SSL websites
- Browser warnings are slated to become more aggressive with time
- Google uses SSL/HTTPS as a search ranking signal — you may be losing referrals & get buried on page 10
- Not using SSL/HTTPS on your WordPress site can harm your credibility
- In the future, some WordPress features may work only when SSL/HTTPS is used
- “Everybody’s doing it” — and for good reason. This is not a fad!
Like Google and WordPress, I recommend setting up HTTPS and buying your SSL Certificate right away. You only stand to gain. Yes it is another annual fee alongside your Website Hosting and your Domain Name registration, but what is the price of security & ranking with Google?
“…don’t wait to get started moving to HTTPS.” — Emily Schechter via Google Security Blog
Finally it isn’t as simple as buying the certificate (its never simple online is it?) There are 3 steps that need to be taken:
- One time Installation of Your Selected SSL Certificate on your website. (This is then updated either annually, 2-years, 3-years)
- Full database & link updates from Http to HTTPS. (Avoids the pesky 404 “oops” errors)
- Complete Verification upon installation.
Please feel free to contact me here if you have any questions about using SSL & HTTPS with your Website.
If you would like to take more control of your business and digital presence, I have a series of Workshops designed to help you Lose The Marketing Overwhelm based here on the Gold Coast. Simply click on the link of the Marketing Element you’d love to MASTER and join me for 4 hours of hands on learning.
Blogging Masterclass & Workshop
Email Masterclass & Workshop