YOUR WEBSITE
IS NOT
SECURE!

Pretty soon that's the message visitors to your website will see in the Chrome web browser.  But only if you're not using an SSL certificate yet.

UPDATE: This post is now outdated. As of July 2018 Google Chrome indicates whether a site has HTTPS installed or not. See this more recent post for details.

If you own a website you have probably heard of the need to install an SSL certificate. An SSL certificate means your website address will begin with https:// rather than http://

Back in April of this year, Google made a seemingly casual announcement about a new feature coming in their Chrome browser in October. If your site doesn't use HTTPS then Chrome will display a "Not Secure" sign in the browser's address bar.

Read on to learn why should you care about this ...

Chrome Warning Not Secure

Why are Google Doing This?

Google have long been advocates for a more secure web.  Central to that is providing greater visibility on a website's security. In practice this means making a lack of security more visible.

Since 2014, Google have been including SSL certificates as a ranking factor. This means if your site uses HTTPS you will rank better than if it used HTTP.  Aside from the obvious advantage to a (slight) boost in search results, what you should really care about is the human factor - how this affects your website visitors.

Why The Not Secure Warning Is Bad For Your Site

Now, to be honest, many visitors won't notice the warning at first.  But many will.

Many of those who do notice may not care.  But many will.

And many of those who do care will leave your site right away.  Seeing your site marked as "Not Secure" does not make for a good user experience.

If you're trying to get your visitors to "know, like and trust" your business, this isn't a great start to the trust part.

“All things being equal, people do business with, and refer business to people they know, like and trust.” -- Bob Burg, Endless Referrals

Click to Tweet

Whether you agree with Google's decision to scare visitors away if you don't follow their wishes or not, you really don't have a choice. Google do have the influence and power to change how people use the Web.

Why HTTPS Is Better

HTTP (Hypertext Transfer Protocol) is the protocol (set of technical rules) used by your web browser to communicate with a website.  With this protocol, data exchanges between a website and a browser is unencrypted. This means it can be read once intercepted (quite easily as it turns out e.g. at your local coffee shop's Wifi).  This includes any and all data passed - passwords, usernames, credit card details ...

HTTPS is the secure version of this HTTP protocl, the S standing for Secure.  With HTTPS, all communication between a website and your computer is encrypted.  Furthermore, it authenticates the website. That means you can be sure that this is the real website and not a fake one used in a man-in-the-middle attack.

It's becoming easier for anyone to become a website owner without technical know-how.  Because of this, websites are becoming, in general, less secure.  (If you're a website owner who can't put the basic security in place on your site then please at least consider hiring someone to do it for you.)

It's also becoming easier for hackers to exploit this trend.  The availability of free, high-quality tools makes it easy for any wanna-be "hacker" to intercept that data. Even if they have limited technical ability.  

Not to worry you too much, but that guy over in the corner of your local coffee shop could be one of them. He could be using the free Wireshark tool to capture every bit of information flowing from your laptop to the public WiFi network you're both using!  Did you log into your email account just now?  Your password is floating somewhere out there as you read this ...

suspicious guy in coffee shop

Just what IS he doing over there?

This is not an ideal state of affairs!  Having that data encrypted is a good first step in protecting yourself.

But what does it all mean in practice?

Why To Deal With It

As business owners with a website, we'd all like the Web to be a safer place to carry out our business, right?  Using SSL will

  • check
    make it a bit harder for the hackers
  • check
     make it a bit easier for Google to rank your site favourably and
  • check
     contribute to encouraging safer use of the Web in general

Technicalities aside, there's one aspect of this that has a more direct effect on our visitors: their negative perception. It's pretty simple: a visitor seeing a "Not Secure" warning will find it hard to trust you and your business.

We can debate the merits of Google having so much power that they can force something like this on us.  At the end of the day it's really your site visitors that matter ...

How to deal with it

You have two options here.  You can ignore it.  Yes, that is an option.  Not everyone uses Google's Chrome browser ...

Chrome accounts for around 51% of all broswers. (Source: averaged reports from Statcounter, NetMarketShare and Wikimedia)

So, that means half of internet users use a different browser like Safari, IE, Firefox, UC etc

various web browsers

If you don't care about the 50% of your visitors who use Chrome then feel free to keep using insecure connections to your website!  You can skip the rest of this article.

Now, for the majority of smart business owners, of whom I hope you are one, should not ignore this.  The only viable option for you is to install an SSL certificate on your website. 

This used to be a technical job but nowadays most hosting companies make it a simple process. Often after taking payment from you, of course. A few clicks and you can have the SSL installed.

The Good News

But, there's even better news. The non-profit organisation Let's Encrypt offer free SSL certs to everyone!

More and more trustworthy hosting providers, such as Siteground, are offering these free SSL certs to customers.  If you have that option then act now and follow their installation instructions.  Check for your hosting company in this list.

If you don't have a free option, it is possible but time-consuming to do it yourself.  To go that route here's a link to the Let's Encrypt documentation.

LetsEncrypt Badge


Know the name: Let's Encrypt

This is the plainly-stated recommendation from Let's Encrypt:

For most people it is better to request Let’s Encrypt support from your hosting provider, or switch providers if they do not plan to implement it.

Click to Tweet

Conclusion

Put it on your to do list for this week:

  • check
    Check if your hosting provider offers free SSL certificates
  • check
    ​If they do, install one or ask their customer service for help
  • check
    If they don't ... consider switching to a hosting provider who does offer free SSL certificates. (We can help you with that - leave a comment below or contact us) or buy a certificate from them

Of course, you can continue to use HTTP and thereby advertise your lack of trustworthiness to your website visitors.

As always, it's your choice!

Do you agree with Google's policy?  Let me know what you think in the comments below.

Update September 12th 2017:

Sucuri just yesterday released a new complete guide to implementing SSL on your site.  If you want to understand it all and do it yourself, their guide has everything you need.  A warning though: it does get technical.

DO YOU NEED HELP GOING FROM HTTP TO HTTPS?

At WPStrands our goal is to remove as much of your technical frustration as possible so that you can get on with business.

If you need help with any of these:

  • tags
    Understanding SSL
  • tags
    Checking if your can install a free SSL certificate on your site
  • tags
    Installing your SSL cert

Just get in touch and we'll see what we can do to help you.

You will receive future WordPress blog posts from us.

  • by Seán
  • |
  • September 2, 2017
Click Here to Leave a Comment Below

Leave a Comment: