Published 20 August 2018
Head of IT
Ryan discusses why your website should be secured with an SSL certificate and how you can get one for your website for FREE!
SSL websites – Google and the penalty of not being secure
Way back in 2017, Google started warning Chrome users if a website that handles passwords or credit card details was not secured and encrypted with an SSL certificate.
This was a good move; It meant that the user had a clear notification that the data they will be transmitting to or from the site, would not be encrypted during its journey and could potentially be read by anyone on the internet.
How do we know if a website is not secure?
As of Chrome version 68, which Google released to the masses on July 24th of this year (2018), ALL websites that are not secured with an SSL certificate will give the user a warning that the site they are about to visit is not encrypted.
The warning itself sits up in the left of the address bar (where the green padlock normally sits if the site is secure). It’s just a note that says “Not Secure”. If you click on the note, Chrome will tell you not to enter sensitive information.
Website that are not secure – what does this mean when browsing?
Now, what does this mean for you while you are browsing the internet? Well, nothing major. You will be warned if you access a site that is not encrypted, letting you know that any data you transmit to the site (be it a password, a card number or even just a blog comment) will not be encrypted.
This gives you the information you need to decide if you want to use the site or not.
That’s not to say that you shouldn’t visit a site if it’s not encrypted. An unencrypted site is not necessarily a dangerous one, just that you should be conscious that any data you transmit to the site will not be encrypted and could be seen. So as a rule of thumb, don’t enter any credit card details into an unsecured site and if a password is required, use a different password to that you would normally use for other sites. Although, that’s good practice in general something like Keepass, which is a password generator and safe storage, can help you with that as it will allow you to generate unique passwords for anything you want and keep them stored in its own encrypted file.
If a site uses a valid SSL certificate, you will be sent straight to the page you requested and the friendly green padlock, now with the word “Secure” next to it, will be sat at the far left of the address bar as always to let you know that any data transmitted between yourself and the site will be encrypted and unable to be intercepted and read by anyone else on the internet.
How to get a free website SSL Certificate
“But I can’t afford to secure my site with SSL certificates. That stuff’s expensive and complicated to do.” Fear not struggling webmaster, securing a website with an SSL certificate can be free and automated.
Since April of 2016, Let’s Encrypt have provided websites with a free, trusted and automated SSL certificate for website owners the world over.
They also make installing and renewing your SSL certificate easy and automatic with tools developed for almost every webserver (and underlying operating system) in use today.
The only downside being that Let’s Encrypt certificates are only valid for 3 months at a time, but with their scheduling tools, this shouldn’t be an issue for you as the certificate will be automatically renewed for you just before it expires.
Let’s Encrypt have a detailed documentation section to help you get your website secured with a Let’s Encrypt certificate and schedule automatic certificate renewals. But if you get stuck, we can do it for you!
If you’re interested to see if any of the big sites around the world aren’t using SSL, Why No HTTPS has a live, daily updated list of the top sites (based on their Alexa rankings) who aren’t using HTTPS/SSL on their sites.
Why not talk to one of our people here about your website and how we can help secure your site for your visitors