Tag: website security

Websites require SSL certificate to avoid a “Not Secure” warning

Websites now require SSL certificate to avoid a “Not Secure” warning

padlocks on bridge

 

All websites without an SSL certificate will get a ‘Not Secure’ warning in the browser from Chrome 68, currently rolling out as from July 24th 2018. This is on all pages, not just those requiring text or data entry as was previously the case. 

Websites with any kind of text input have since Chrome 62 rolled out in Autumn 2017 required an SSL certificate to avoid a “Not Secure” warning when visitors enter data.  An SSL certificate encrypts messages and information sent to your website. If one is installed on your site, Chrome will show the secure green padlock in the browser bar (other browsers show equivalent secure icons) and your site will have a https web address rather than a http one.

In practice this means visitors completing checkout forms, filling in contact forms or even search forms,  or logging in to their account on sites without an SSL certificate currently see a Not Secure notice.  All http sites in incognito mode now also show as insecure. 

chrome not secure diagram

From Chrome 68, this will extend to every page on a site, whether in Incognito mode or not.

“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” – Emily Schecter from Chrome Security Team.

chrome non secure warning

Of course, when a visitor to your site sees this, it is highly unlikely that they will proceed. You are therefore highly recommended to get an SSL certificate as soon as possible. Furthermore, Google favours sites with an SSL certificate in search results – your site will be at an SEO disadvantage without one.

Many hosts offer a free SSL certificate via Let’s Encrypt or you may have one included in your hosting package. If not you may have to purchase one from your host. Please note that your site may need reconfiguring after the certificate is installed – for WordPress sites I highly recommend the Really Simple SSL plugin to help you with this.

This is an update of the original post from October 2017.

 

 

 

 

Time for an SSL Certificate?

What is an SSL Certificate?

padlock

An SSL certificate is used to encrypt information; without encryption, the information transmitted between a browser and server displayed in plain text, which is much easier for hackers to access. Until recently, it was only really essential to have one if you took direct payments on your website, but Google has indicated it will rank higher websites that have this security layer. In addition, internet browsers like Chrome and Firefox are beginning to show warnings on sites which do not have SSL certificates and where data or text is input (e.g. in a contact, login or checkoout form).

Having an SSL certificate on your hosting is therefore becoming much more important.  A site with an SSL certificate will display the green lock in the browser next to the web address, and your website address will change from http to https. It provides your visitors with a sense of increased trust and safety. 

However, it can add a cost to your annual website hosting. SSL certificates need technical set up, depending on your server and hosting provider. Be aware when moving from non-SSL to SSL that there may also be SEO considerations.  On the positive side, many hosts now offer a free SSL certificate via their own certificate provider or via Let’s Encrypt, a free certificate authority. 

Let’s Encrypt is free and offers a basic SSL certificate – anyone can add if they have access to your website’s control panel. The certificate is a domain validation (DV) one and can only ensure a secure connection to the website. it’s ideal for websites that need encryption without the absolute guarantee of ownership.

However, if your website is a business that’s processing credit cards directly on your site (i.e. not via Paypal) or transmitting sensitive information, it’s recommended that you consider purchasing a certificate so your user’s can rest assure the connection is valid and secure. Such certificates will usually be Organizational Validation (OV) certificates which require additional organizational information about who is purchasing the certificate such as their Name, City, State, Country. (OV) certificates also require the user to respond to an email with a verification code and may also offer warranty protection against losses (check with your host).

Whichever, you choose, if your site is a WordPress one, the Really Simple SSL plugin is highly recommended in helping you make the move.