Should your website be using SSL?
SSL certificates are fast becoming an essential for ANY website, and these are just some of the reasons why:
- Google has revealed plans to show the following “Not Secure” alert in future versions of it’s Chrome browser’s URL bar for all HTTP pages. When it does make this update, do you really want your customers to see the below on your website?
- Google is now using HTTPS as a ranking signal – this means that you gain an SEO advantage from moving to HTTPS.
- Because SSL gives your website a secure connection, this will prevent malicious third parties from accessing any information given to your business by your website visitors, for example credit card details on a membership or eCommerce site.
- Seeing the green lock in the URL bar gives your customer peace of mind and has the potential to drive up your conversion rate.
- Google introduced the first phase in January 2017 with the release of Chrome 56, which labelled sHTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature. In these instances you will see this:
In following releases of Chrome, Google will slowly extend the HTTP warnings, as an example, in Incognito mode they will label HTTP pages as “not secure”, as users use this mode when they have higher expectations of privacy.
Steps to making your site more secure
Step 1: Pick a type of SSL certificate
There are three different types of certificates you can get:
- Domain Validation (DV) – low authentication; gives you a green padlock and the word ‘secure’; SHA-2 and 2048-bit encryption; suitable for non-eCommerce sites & basic brochure sites. No warranty included (depends on where you purchase the certificate).
- Organisation Validation (OV) – high authentication; gives you a green padlock and the word ‘secure’; SHA-2 and 2048-bit encryption; suitable for eCommerce sites & sites collecting personal info; $100,000 warranty (depends on where you purchase the certificate).
- Extended Validation (EV) – strengthened authentication; gives you a green padlock and names the certificate’s owner in the address bar; SHA-2 and 2048-bit encryption; provides the best security; suitable for eCommerce sites, sites collecting personal info and where user trust is paramount; $1,000,000 warranty (depends on where you purchase the certificate).
Step 2: Buy SSL certificate
You can buy SSL certificate from many places, but we would recommend buying one from your hosting company (like us!). Most hosting companies already offer them and some will help you set them up. Plus it’s convenient to keep the cert in the place as the hosting as they go hand-in-hand.
Step 3: Install onto your server
If you buy from your hosting company this will be done for you.
Step 4: Setup up your website to start using https:// rather than http://
You will need to update:
- all your sites URLs
- internal hyperlinks in your content
- urls located in theme templates
- urls located in theme css
- urls located in theme scripts
- CDN (Content Delivery Network) if you use this service
This will help you avoid mixed content errors – where some content is using http:// and some https://
Next – there are a couple more things to look into:
- Social Shares numbers are reset
- Random plugins may break
- Update Google Search Console (previous WebMaster Tools)
Step 5: Test your site thoroughly
If you would like CuCo to help with this, feel free to drop us a line and we would be more than happy to help!
Update – 9th May 2017
It’s official! Firefox has now followed suit! As of Firefox 52, you will see a lock icon with red strike-through in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could potentially be stolen by eavesdroppers and attackers.
You will also see a warning message when you click inside a login box to enter a username or password.
If you have any questions about SSL or need assistance with setup please feel free to contact CuCo and a member of our digital team will be more than happy to help.