You may be getting a call from your hosting provider, if you haven’t already received one. Websites with HTTP rather than HTTPS at the beginning of their url are being warned of the upcoming Google updates and the accompanying messages that may make visitors wary of continuing on to an “unsecure” site. SSL certification is a new product offered to website owners and requires some investment of time and energy to make the transition. Is it worth it? Do small business owners really need SSL certification or is it just one more product being pushed to make money?
If you have a website or will create one in the near future, you need to know about SSL certification. Understand more about SSL certification, benefits for those that make the leap and any penalties for website owners that stick with HTTP.
What is SSL Certification?
SSL is an abbreviation for Secure Sockets Layer and the associated method encrypts data as it travels, securing private information over the internet. Most users are not aware that private information may go through a number of networks and servers on the way to a final destination. Without encryption, customer information is vulnerable and may be intercepted from outside sources. HTTP is an open connection type using a different port when users connect to servers. Older websites would have HTTP if they have yet to make the transition to HTTPS. Websites with HTTPS operate over a “secure” or encrypted connection type with a different port for users. Website owners that decide they need SSL certification and make the transition will see a change to their url but the encrypted connection is what matters most.
SSL certification is used to protect online transactions, financial information, sensitive data, medical information and more. It is said that audiences can trust a website more when it is protected with SSL certification. Pages requiring login information and credit card information will be the first pages to show a “Not Secure” warning.
SSL Certification Fosters Trust
Customers are more cautious than ever of entering sensitive information and credit card data to make a purchase online. Stories of personal identity theft, website hacking and more are starting to cause some hesitancy in online consumers. Do you really need a message popping up letting people know that they will be continuing onto an unsecure website and asking if they really want to go there? The reality is that this is what Google plans to do to websites without SSL Certification. Customers benefit from SSL protection in the following ways:
- Customers are aware of a site’s credibility as the identity of a certificate owner is verified before any certificate is issued.
- Sensitive data is encrypted during an online transaction.
As of right now, visitors are generally not prompted with a message but messages will become more prominent in the future for websites that do not purchase SSL certification. Currently, there is a small i, or “neutral indicator”, that appears before the url for websites without SSL certification. Click the symbol and see the messages:
- “[Y]our connection to this site is not secure.”
- “[Y]ou should not enter any sensitive information on this site (for example, passwords and credit cards) because it could be stolen by hackers.”
Those using Chrome, may see the words “Not Secure” in the URL bar for pages requiring password or credit card information, according to Eric Lawrence in a Google Developers post.
For those interested in seeing the url for a secure website, feel free to check out Craigslist and Forbes. Both are secure websites and have a lock icon that appears before their url. When the full url is seen, both sites begin with https.
Trusted SSL vendors sell SSL certification and a hosting provider should assist a website owner or developer in the process. Business owners may need to verify their identity and that of their business in order to be issued the certificate. The website needs to be configured in such a way as to ensure any place requiring log in information, contact information or purchase details makes use of the encrypted service. A note for website owners or others tracking website performance is that the site migration is treated as a site move, according to Google. Google specifically stated:
“If you migrate your site from HTTP to HTTPS, Google treats this as a site move with a URL change. This can temporarily affect some of your traffic numbers. See the site move overview page to learn more.”
Google shares tips and common pitfalls to consider when making a website more secure.
The Future with HTTPS
Small business owners need to be aware that in the near future all pages being served without SSL certification and showing HTTP in the url will appear as Not Secure in Chrome. As viewers can use Chrome, Firefox or another platform to view a site, the investment in a SSL certification may make sense. Website owners cannot deter users from choosing to view with Chrome. Businesses can either impress upon visitors that any details to be submitted will be over a secure connection or risk losing potential customers. Ecommerce websites are particularly vulnerable to such changes.
How many websites now have HTTPS and SSL certification? As of January 2017, over 50 percent of desktop page loads are over HTTPS connections and the majority of top sites have made the transition. Consumers should be aware that ebay, a well-known shopping and bidding site, still has not moved to HTTPS.
What are the other benefits to a HTTPS connection? HTTPS sites load faster than unsecure versions—one test claims there is a 334 percent difference. This aspect improves the customer experience for visitors to a site. Sites that make the switch should be aware that Google will give them a preference. Small business owners can expect to take advantage of a boost in rankings over competitors who refuse to make the change. Search Engine Journal reports that Google may decide to penalize sites that continue on as an HTTP site.