So, securing your website used to be as easy as SSL and now TLS.
But now it’s when we deliver your site as HTTPS as opposed to HTTP.
Well, that’s just another bunch of acronyms. In English, please?
There’s always been talk about securing websites. Whether it’s been via a security plugin or a physical firewall on your server, there are a lot of ways to secure your website.
However, having a security certificate has been an interesting development over the past couple of years.
But first, just what is a secure cert? What does it do and how do you get one?
In plain English, if you’re buying something from an e-commerce website, you’ll want to be reassured that when you enter your credit card details that they go to the supplier and are secure and not intercepted by anyone else. Simple.
To elaborate, when you’re at a website and conducting business, you want to see:
- That the website address is correct. So, if you’re buying from amazon.co.uk you’ll want to be assured that you’re really on the amazon.co.uk website.
- The little padlock icon in the address bar. It signifies a secure connection.
- That the URL begins with https, so, for example; https://www.amazon.co.uk/
In order to do this, the website will need to have a secure certificate installed. The secure cert is actually a data file that uses encrypted keys to verify that you are who you say you are and that your website is legitimately yours.
So, a secure cert will ensure that you really ARE at amazon.co.uk and will display both the padlock icon and an https at the beginning of the address bar to prove it’s you and your website. Online shoppers can then conduct their business with confidence.
OK, so what about the SERPs?
Right, that’s another acronym.
SERPs stands for Search Engine Ranking Pages. Go to Google, enter a search term et voila – that page right in front of you? That’s the first of the SERPs.
A few years ago, the mighty Google said that it was going to use HTTPS or the fact that you have a secure certificate installed on your website, as a “ranking signal”.
Again, what does that mean?
Well, let’s put it this way… There are so many websites out there all competing with each other, how do you differentiate one from another?
Let’s just say that there are, for discussion’s sake, 200 things you can do to rank your webpage well. You and your nearest competitor have both scored exactly the same on 199 of those points but you have the secure certificate in place and that is the “ranking signal” that gives you the edge.
You rank higher, you get the clicks, you get the business. (If you’d like to know more then go and read our digital marketing section – we do Search Engine Optimisation (SEO) and run very successful Pay Per Click (PPC) campaigns too.)
So What’s this One More Good Reason Then?
This one’s been actually kicking around since about April of this year.
In Google’s Chromium Blog, the home for updates of their popular web browser, they said that their browser has been showing a “NOT SECURE” message on HTTP pages with password or credit card fields since January 2017.
However, coming up in October, Google’s Chrome browser will go a step further and show users the “NOT SECURE” message for ANY non-secure page that requires data entry.
So, if your website has a simple form on any page, users will be informed that they are entering their information across an insecure connection. We’re sure you’ll want to give your users every reassurance that their information is safe and when you secure your website, it sends out a strong signal that you take their privacy and security very seriously. Clients really appreciate that.
Why Are You Telling Us This Now?
In the world of the web, there are so many things going on, so many sources of information that it’s not always easy to stay abreast of every single development. However, this particular message was broadcast on Google Search Console (What we used to call Webmaster Tools). It’s one of the tools we use at Clever Marketing to monitor our clients’ website health and the alert appeared in the info feed of our data console.
With just a week to go until October, it’s not long before the deadline, but it’s an important one and we’ve already contacted our affected clients. Luckily we have just one client who we’ve notified as all the rest switched to HTTPS some time ago, but this one website has an enquiry form on every single page of their website.
We wanted the client to have a safe, secure website and for their users to have a good experience and be confident in the knowledge that their data is being safely transferred between themselves and a website that they trust.
We’ll be installing the secure certificate on the last remaining website suite and then everyone will be happy.
Can You Help Us With Secure Certs?
If you have an existing website but you’re not with Clever Marketing, then we may be able to help you secure your website. We install secure certs from reputable certificate providers. Because we use top-drawer services there is a charge for the certs and for our installation time. However, if you would like to discuss your requirements, just fill in our contact form or, better still, pick up the phone and call us on 01276 534 680.
And if you think that any old provider of secure certs is OK, then do bear in mind the fact that Chrome will be rejecting certs from one particular firm starting in 2018. Will they stop there or do you want to risk not having a cert from a reputable source?
[UPDATE: October 1st 2017] We’re seeing the message behind the “Info” icon to the left of the address bar. Hover over it and you’ll see the tool-tip “View site information”. When you click, you’ll get a report on the site including the warning as below:
“Your connection to this site is not secure
You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers. Learn more.”