Almost two years ago Google announced their aim to make the web a safer place by encouraging every website to have an SSL Certificate.
What’s an SSL Certificate and why is it important?
Essentially, a pair of data files containing a bit of code used to encrypt information being sent between a web server and your web browser. These encryption “keys” not only mean that nobody else can read that information, but that you can also be sure that the server you are talking to really is the one it says it is*
*Note – a green padlock does not mean the server is completely “safe” – there’s nothing to stop someone setting up mybanksecurityscam.com with SSL even if they are not actually mybank.com
Using this SSL (Secure Sockets Layer if you really wanted to know) stops you being snooped on and reduces the chances of your information being stolen.
How can I tell if I’m visiting a secure website?
Websites using SSL start their addresses https instead of http and will tend to have a padlock next to the address in the browser bar…
| Google Chrome |  |
| Firefox |  |
| Microsoft Edge |  |
| Internet Explorer* |  |
*If you are still using Internet Explorer please stop. Now.
So what’s changing?
Until now, if you’ve visited an “insecure” website, nothing particularly special has stuck out. Just an absence of padlock. Over the last few months, that has changed on some forms and login screens to a warning that the information you are submitting may not be secure.
Supposedly there is a minor benefit to your search engine rankings if you have SSL but it’s not huge.
However, to encourage more sites to move over to SSL, Google Chrome and other browsers are making the lack of SSL more noticeable.
Chrome will start marking sites as “Not secure” in Chrome 68 this month (July 2018) and come Chrome 69 (October 2018) it will be even worse, with a red triangle when entering data:
I don’t deal with sensitive information on my website, why should I worry?
Putting the minor SEO advantage aside (and not forgetting that one day it may become major) it’s all about perception.
Do you want your customers to think you take security seriously, or do you want them to think you don’t care? People will start noticing.
So what’s it going to cost me?
While some hosts are seeing this as another money-making opportunity (as if I haven’t ranted about 123-Reg enough recently) many of the better hosts have seen it as a chance to “wow” their customers. By implementing Let’s Encrypt on their servers (indeed some have even sponsored the development of Let’s Encrypt) they are able to offer SSL certificates free of charge.
All fairly marvellous websites built since February 2016 have had SSL enabled free of charge and sites built before then were soon migrated to match.
It’s an easy fix to make and if your host doesn’t offer it free of charge, start looking for a new host (we love Cloudways and 20i).
With Let’s Encrypt it only takes a few minutes to add a certificate to a site. You do need to change some of your website settings (for example, changing all your links to https) but a plugin like Really Simple SSL will sort out most WordPress websites.
If you pay someone to look after your website and you don’t currently have that SSL padlock showing, now is the time to tell your designer to stop being average and start being more fairly marvellous!