If you’ve spent any time developing or working on a website in the past few months, you may know that there has been a large push from Google, web hosting providers, and others to enable SSL (secure sockets layer). Why? Tl;dr: SSL (https) allows you to have the coveted “green padlock” next to your URL, announcing your site can be confirmed that it is, in fact, the website it claims to be, allowing for security and peace of mind.
What is SSL (Secure Sockets Layer)?
SSL, or Secure Sockets Layer, is a security protocol for your web server and browser to talk to one another. What happens when a certificate is installed is that a browser and web server exchange only encrypted information, allowing an extra layer of security between information submitted on site through the browser and the receiving web server, meaning only the receiving web server should be able to decrypt the received information. What information, you ask? Any, really, but think about any time you’ve filled out a contact form. That’s information that could have been sent unencrypted or even plain text. While most contact forms don’t require any sort of private information to be sent through it, it sure would be a lot nicer if your phone number and email address were encrypted, lessening the chance of a third-party intercepting the information and using it, wouldn’t it?
What is HTTPS?
HTTPS stands for Hyper Text Transfer Protocol Secure. Rather than http://, as you are used to, a site utilizing SSL certificates will show as https:// instead, allowing you to see that the website is secure. If the certificate does not match the site you are visiting, your browser will let you know… Especially if you’re using Chrome!
Google’s push via Chrome
Google announced that starting in July of 2018, Chrome will notify users when they are browsing a non-secure site. Rather than a neutral icon next to the URL in Chrome, it will now show an unsecure notification for all standard http websites. Now’s a great time to try to get that green padlock to show up next to your URL!
Who needs SSL and where can I get it?
While it was not long ago where really only eCommerce sites were expected to have SSL, the broader push has begun for all websites to utilize SSL. Since most web hosts make this terribly easy, if you have a simple blog or website, it can be as easy as pushing a button on your web host’s cPanel or settings page. WordPress is only slightly more complicated whereas you will need to change your URL settings and then use a search and replace function to replace all instances of your non-secure URL to get the padlock to show up. Generally, web hosts are on board with the idea of making the web safer via SSL. However, hosts like GoDaddy and HostGator do not fully support the inclusion of free SSL authorities like Let’s Encrypt or otherwise, but we’ve already told you that those two web hosts aren’t our favorite. Maybe it’s time to consider changing to a different web host?
Need help? We can help get your website set up with SSL/TLS so it’s in line with the latest changes! Don’t scare away your customers by having a non-secure site. Contact us today to get started.