Have you seen “Not Secure” warnings popping up in the URL bar? Have you heard about security changes with internet browsers? What’s the deal?
As an everyday internet user, these warnings can be helpful. It is a great way to know whether or not you can trust the site you’re on or feel comfortable submitting your personal information in site forms. On the other hand, if you’re creating or curating a site, you want people to trust your site like that, right? Is your site safe or are you showing “Not Secure” warnings, too?
Lately, there’s been a big step in the right direction when it comes to internet security. It’s safe to say these changes are for the better as we’re working toward a safer internet!
Here’s what we’re going to cover:
- What’s changing with Chrome https
- Google security and why it’s updating
- How to make your site secure
- What is SSL
What’s changing with Chrome https
Back in October of 2017, Google started flagging sites as “Not secure.” Since then, security measures have continued to progress.
As of July 2018, Google Chrome is now taking proactive steps to help increase awareness around insecure versus secure websites, and Mozilla Firefox is joining the efforts as well. As it turns out, the number one requirement is an SSL certificate. Chrome and Firefox released the updates stating their intention to make the web safer for everyone.
When an SSL certificate has been installed on a site, you can tell by looking at the URL. In Chrome and Firefox, there’s usually a little green padlock with the word “Secure.” Safari has a gray padlock next to the site name. You can also tell by looking at the beginning of the URL itself. A not-secure website will use http while a secure site will use https. (That little “s” on the end just means your connection is secure!)
These messages are non-intrusive, and can establish a lot of trust with your users because they know their information is safe on your site! On the other hand, if you don’t install an SSL certificate, you’re going to see some not-so-welcoming errors that might cause your users to abandon your site. In Firefox, there are various icons, including a gray padlock with a warning triangle and a gray padlock with a red strikethrough. In Chrome and Safari, either an information symbol or red warning symbol will pop up for not secure sites. Here’s what they look like.
As you can see, these errors are definitely not something you want your users to see on your site. Let’s explore why these changes are happening.
Google security and why it’s updating
Let’s talk about the importance of online security. Many things have been moving the right direction in regards to internet security, from the Facebook court case to GDPR to SOC security audits. It seems everyone is calling for a safer, more trustworthy online experience.
As I mentioned, website visitors expect a great experience. Yes, they want to see a cool site, but more than that, they want to feel secure and protected.
No one wants to fill out a form on an insecure website – that’s a bad digital experience. Especially in today’s digital age, everyone is more aware of the security they should expect online, even if they don’t know all the nitty-gritty detail. People are really starting to take initiative. And especially for eCommerce sites or anyone handling sensitive customer data, you need to follow these security practices in order to comply with regulations.
Beyond creating a better client experience, there’s also some debate that better security practices and SSL certificates can benefit your site’s SEO. Google has been considering security in their ranking since 2014, and there’s lots of chatter about how current practices affect ranking.
So how are you supposed to implement all these security changes anyway and get rid of that “Not secure” message? The simplest means of securing your site comes down to a little three-letter acronym: SSL.
How to make your site secure
We keep talking about SSL certificates, but what is it? SSL (Secure Sockets Layer) is a protocol used to secure and encrypt communication between computers. In simpler terms, it helps increase website security by keeping information safe!
Wondering what an SSL certificate costs? It all depends on what you’re looking for and how your hosting provider handles website security. You can get different types of SSL certificates in many places for many prices like Let’s Encrypt (for free) or DigiCert starting at ($157). It all depends on the information you’re dealing with on your site and how you manage it. For example, a simple design portfolio and a healthcare employee portal would clearly have very different needs.
If your WordPress site is hosted on Flywheel, we offer free SSL certificates. It only takes a couple clicks, and you’ll have that beautiful green padlock and no more red error messages! (Not to mention a bunch of other built-in security best practices.) Want to learn how to install an SSL certificate on Flywheel? Just follow this simple, 5-step guide.
If your site isn’t on Flywheel yet, you’ll have to check with your hosting provider to see how they handle certificates. Typically, the process includes a little communication between your host and the certificate authority to get everyone on the same page. Check with your host to see if there are fees that come with adding an SSL certificate or if they have any recommendations on what’s best for you and your website.
To wrap it all up, if your site is currently not secure and doesn’t have an SSL certificate installed, you’ll want to fix that as soon as possible so the errors don’t affect your business, site traffic, or SEO.
While it’s a little chaotic for web designers and developers now, this is a really good thing in the long run. Half the internet is already secure, meaning we’re all moving to a better way of browsing the web and transferring data. And the best news is that it’s a simple and easy fix, especially for designers and developers using a host like Flywheel. We’re all just working toward a safer internet, one SSL certificate at a time.
This article has been updated from its original publish date on October 5, 2017. All imagery in the article was shot and created in-house at Flywheel.