October 24, 2017
Google will be soon punishing website owners without SSL certificates or a HTTPS connection; here’s what you need to know to avoid having your website publicly shamed.
What is an SSL Certificate?
SSL (Secure Sockets Layer) is a standard security technology that protects data transferred between a website server and a browser. The SSL encrypts data passed between the servers and browsers to ensure that the data remains private.
In the domain bar, you will have noticed a green padlock appearing next to most websites this is the indicator whether the website is protected or not. If you have seen a red padlock – you guessed it – the site you are on hasn’t an SSL.
In past years SSL certificates weren’t needed for every business and mostly only ecommerce websites or those taken payment would have one. Proudly presenting their SSL protected logos on their website at the checkout page to reassure the user that their website was secure and their payment details were safe.
You maybe familiar with seeing logos like these?
Why Does My Website Need an SSL Certificate?
As security has become paramount around any data, it is now not just websites taken payment that will require an SSL certificate.
From late October Google will be penalising websites without an SSL certificate by displaying a message to all users warning them that the website they are about to view has an unsecure connection.
This is Public shaming from Google. Like medieval times without people throwing rotten fruit and vegetables, and maybe your head and arms not in a pillory – but it is public shaming!
It is Google’s way of looking after their customers & visitors by setting a precedent that all websites should offer a secure and encrypted connection.
How Does SSL Work?
An SSL certificate provides users with a website’s security information, allowing the user to view:
i) The name of the certificate holder
ii) A serial number and expiry date
iii) A copy of the certificate holder’s public key
iv) Who’s verified the certificate / The SSL issuer.
The diagram below shows how the web server and the user’s browser communicates several times before providing a secure connection for the website’s data collection.
Why are they Important?
Apart from the upcoming Google change, SEO will also play another important role as Google yet again will penalise websites from its search rankings who haven’t got an SSL certificate.
If that’s not enough, SSL certificates improve trust and reassure visitors that browsing your website is safe, secure and provide another wall of protection against cybercriminals.
Anyone visiting your website will clearly see a green padlock, now this may not seem that important, but anyone typing sensitive data (card details, usernames, passwords etc) or personal information into simple items as contact forms may become hesitant as the site may flag the website is untrustworthy – losing you that hard earned prospect or brand credibility.
SSL is required for PCI compliance
In order to accept credit card information on your website, you must pass certain audits that show that you are complying with the Payment Card Industry (PCI) standards. One of the requirements is properly using an SSL Certificate.
Will My Site Be Affected?
Yes. Although the rollout is focusing on websites for forms, search bars and login panels; if you don’t want your visitors to begin seeing warnings before proceeding to your website – then you’ll need an SSL certificate.
How Do I know If I Have One
If you are unsure whether you have SSL on your WordPress website, simply type your URL into a browser and look for the padlock.
Green padlock = good
Red padlock = bad.
Where Can I Get an SSL?
SSL certificates can be purchased online and you can find loads with a quick Google search.
A few providers are provided below to save your fingers the trouble.
Who Would Implement an SSL Certificate?
If you are a technical wizard then you maybe able to implement this yourself, if you’re not, then your IT department, your website host or your website agency.
In our Unlimited WordPress Support plans the implementation of an SSL would be included – food for thought 🙂
How Much Does an SSL Cost?
As with everything there is both free and paid options.
Starting with free – visit a website called Let’s Encrypt they have issued 100 Million certificates worldwide and although free still provides the level of security you need to protect most websites.
If you are taking payments online or have a membership / subscription website that stores personal data; a paid SSL might serve you better.
Paid SSL’s carry further liability protection compared to the free option. Paid variants also provide options for Organisation Validation (OV) which validates the actual company behind the website and Extended Validation (EV) where the company’s name also appears next to the green padlock in the address bar.
Another benefit of a Paid SSL is the Wildcard option.
Basically typing www.impactmedia.co.uk would be protected under a standard SSL but if a user types blog.impactmedia.co.uk or simply impactmedia.co.uk (as some people are sooo lazy) this wouldn’t be secured under a single SSL certificate. A wildcard SSL would basically provide multiple certificates to cover all subdomains, sites, IP addresses under a single host name.
The wildcard option is not currently available on a free variant, and to achieve this you would require to implement an individual certificate for each variant mentioned above – a slight bit of legwork.
However Let’s Encrypt will be offering free wildcard SSL certificates from January 2018 🙂
A paid SSL is charged and renewed yearly and you should be looking to pay between £100-500 depending on the provider and level of certificate (i.e. Wildcard etc). Some may appear cheaper however please check the renewal fees as companies run discounts on the first year and then hike the price at the renewal stage.
Although the SSL will encrypt data whilst in transit however it doesn’t protect your website from being hacked. Adding an additional firewall to your website such as Securi will help prevent your website from being hacked, whilst also providing constant monitoring and reporting.
If you’re looking for additional protection as well as a standard SSL at Impact if your WordPress website is hacked, we’ll fix it free under our Unlimited Support plans. Speak to Martin on 01268 858292 for 2017 support price plans and features list.
Hopefully that’ll help to educate and answer a few questions regarding SSL certificates and why you need one. If you need help implementing an SSL certificate into your website, then please feel free to get in touch.
If you’re capable of implementing yourself checkout the list above of the paid and free SSL certificate options, if you do get stuck or want to ask any questions drop us a tweet where we’ll be happy to help @impactmedia
KEEP ON READING
If you’re like most businesses, you already have Google Analytics. But are you actually using it to gain actionable insights? These 15 metrics allow you to dig deeper, allowing you to leverage the full power of the platform to improve your website and grow your business over time.
If you’re new to WFH or remote working, Martin shares the tools that the Impacters use to function day-to-day, from video calls to collaboration.
Creating an up-to-date blog is not so much work when you realize how much value it generates.