If you run a website and have been ignoring Google Chrome’s warnings for the past two years or been living under a rock, then it’s time to get secure. Beginning July 2018 with the release of Chrome version 68, all websites not using the HTTPS protocol will be marked as “not secure.” Whether you’re running a monetized blog or an e-commerce website, a reduction of web traffic will translate to lower income. In this article, I’ll explore the significance of this change and what you can do about it.
This significant change is only occurring with Google’s Chrome browser as of now, but it doesn’t mean other browsers don’t have their own warnings, though not as alerting as Chrome’s. On all browsers, a secure website will show the padlock icon next to the web address. If your site is not secure, most browsers will at least show an information icon, and the user has to click further to read a warning message. Chrome’s approach is to be much more direct by alerting readers that the website is not secure. With more people learning about basic cyber-security, Chrome’s warning message may be enough to deter some of your traffic from proceeding further.
Why does this matter? As of June 2018, Google’s Chrome was by far the dominant browser with 58.94% worldwide market share across all platforms (desktop, mobile, and tablet). Safari followed with a distant second place at 13.7%. And prior to this change in their browser, Google announced in 2014 that their search algorithms will be giving priority to websites that use SSL. If these statistics are sobering, then it’s time to get your website secure. Here’s what you need to know.
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key. SSL certificates are sometimes included in a web hosting package, so there’s not much after thought needed. However, if your web hosting service does not include it, you’ll have to get your own SSL certificates from a paid service or a free one like Let’s Encrypt. I run multiple websites and have used both the paid and free options. Although both were a little tricky to install, I found the paid service to be more intuitive and had live support to walk me through the process. I won’t walk you through the entire process since you’ll be able to find those instructions from the service you end up choosing.