UPDATED: AUGUST 18, 2017: Google will start issuing a penalty in October 2017 to ALL websites that have any type of form on it (that means everyone – newsletter signups, freebies, contact forms, etc.). So that “later” I reference, is NOW. Contact Me to get your site sitting A-OK with Google before October deadline.
As Google steps up its efforts to ensure a “secure web” in 2017 it adds complexity to each and every business owner’s life. It doesn’t have to give you a headache though, because I will help educate you.
Here’s the What, Why, and How that you need to know without all the confusion, hype, and misinformation that is swirling about.
What You Need to Know
I will stay as non-techie as possible here, but I want to define a few terms that you will see floating around so you know what’s what.
What is SSL?
It stands for secure socket layer. It essentially encrypts information from Point A to Point B. It doesn’t inherently make a site more secure per se because there are many factors that make up security. For instance someone can “securely” transport malicious code across a secure connection. So if you download something malicious across a secure connection you will still have an infected computer (and spew profanities!).
What SSL does do is ensure encryption of sensitive data across the open field of the web thereby thwarting “man in the middle” attacks. No one can spy on or steal the data from here to there.
What is HTTP and HTTPS?
Both are protocols for the web. Every website you visit is using it whether you are aware of it or not. The letters stand for Hypertext Transfer Protocol. The “S” in HTTPS stands for secure.
Why It Matters Now
In September, 2016 Google announced that it will start explicitly labeling HTTP connections as non-secure beginning in January 2017. In addition, Google had previously added encryption as a ranking factor for your site. In August 2017 – Google furthered this announcement to label ALL non-SSL websites as not-secure starting in October 2017 and its next release of Chrome browser.
There are three reasons for this:
- Authentication: Addresses the issue of verifying ownership of your website.
- Data integrity: Refers to whether or not data on the site has been tampered with while in transit.
- Encryption: Refers to security of communications between client and server to ensure that no one else can read them.
Quoting directly from Google:
Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
Late in January there was a minor widespread panic in entrepreneurial circles on social media about this deadline. This crying wolf was driven by a lack of understanding and created unnecessary drama. Unless you collect passwords or credit cards on your site, your site will not be marked non-secure (YET) — But it will starting October 2017!. It won’t display the green padlock icon either (but then it never did).
You do not need to panic
You do need to plan and act.
I recommend to all my yearly maintenance clients that a conversion to SSL is worth doing in 2017. As with all things being proactive beats running up a yet to be unnamed date by Google where all HTTP sites will be marked not secure. Consider 2017 the year of HTTPS and SSL.
How to Get Your Site Up to Snuff
Convert your site to SSL. That is the short answer. Going forward all sites that I build for clients will be deployed SSL compliant.Converting your #website to SSL is NOT a matter of IF but WHEN.Click To Tweet
With this need to convert, there is a plethora of misinformation and partial information out there. Hosts are offering free SSL certificates and telling you that one-click will get your site converted. THIS IS NOT TRUE. There is more to a clean, complete conversion that will secure your site and keep it running at optimal performance than one-click (though offering the SSL certificates via your host is a definite plus).
You will also hear a lot of talk about easy to use plug-ins that will make the conversion easy for you. Do not fall for this. Here’s why. The plugins that rewrite your URLS (from http to https) on the fly every time someone visits your site is like having every word you speak or hear spoken to you go through a translator first. It is a tremendous performance hit to your site, might not play well with other site functions you use, and does not address any off-site components that affect your conversion.
Imagine sitting in a professional meeting and the presenter is speaking in another language. You wonder what is going on and then eventually the translator kicks in with her best translation (aka guess) of what they are saying. You get part of the story and at an annoying delay at that. Like the old Kung-Fu movies on cable in the 80’s.
Is this what you want for your website or its visitors?
I didn’t think so.
The first step in getting started is to contact me.
The process I follow for all site conversions is hands-on, thorough, and addresses all the elements that make up a successful SSL conversion. It includes:
- Understanding the scope of how your site is currently set up (you’ll provide details).
- Helping you secure the right level of SSL certificate for your needs.
- Installing the certificate.
- Updating the configuration of your site to point to HTTPS instead of HTTP.
- Converting your site database so all incoming requests, existing site permalinks, and site elements are HTTPS.
- Re-verifying ownership of your site in Google Search Console and updating your sitemap.
- Updating website configuration in Google Analytics.
- Testing and confirming successful conversion.
- Advising you on changes you may need to make (such as changing digital ads and marketing tools to point to the new addresses) for long-term success (they will redirect properly in the short-term).
What To Do Next
This is not a decision about if you should make the switch. This is a decision made more imminent by the latest Google announcement — the time is NOW before October 2017.
Start the conversation today. Contact me sooner rather than later. Stay ahead of the competition and serve your visitors with a secure connection.
Get-It-Done Special Offer
I have a special offer for business owners who want to be proactive and get this off their plate before the October rush!
For $250, I will convert your site following the comprehensive outline above. This offer is limited to the first 3 people who contact me*
* Price does not include third-party fees (if needed). If current site configurations are not conducive to conversion, any additional steps or fees will be discussed with you and mutually agreed upon prior to starting conversion.