August 2018 UPDATE: Google Chrome 68 is in beta and slated to roll out shortly. That means as early as this month, ALL WEBSITES that are not SSL will be marked NOT SECURE. Contact Me to get your site on Google’s good list before this rolls out!
If it feels like you’ve heard this before, it is because you have (sort-of). In my AUGUST 18, 2017 update we talked about the October 2017 deadline for all websites that have any type of form on it (that means everyone – newsletter signups, freebies, contact forms, etc.). So that “later” I reference in the article, is NOW.
As Google steps up its efforts to ensure a “secure web” (this has been rolling out in stages over several years now) it adds complexity to each and every business owner’s life. It doesn’t have to give you a headache though, because I will help educate you.
Here’s the What, Why, and How that you need to know without all the confusion, hype, and misinformation that is swirling about.
What You Need to Know
I will stay as non-techie as possible here, but I want to define a few terms that you will see floating around so you know what’s what.
What is SSL?
It stands for secure socket layer. It essentially encrypts information from Point A to Point B. It doesn’t inherently make a site more secure per se because there are many factors that make up security. For instance someone can “securely” transport malicious code across a secure connection. So if you download something malicious across a secure connection you will still have an infected computer (and spew profanities!).
What SSL does do is ensure encryption of sensitive data across the open field of the web thereby thwarting “man in the middle” attacks. No one can spy on or steal the data from here to there.
What is HTTP and HTTPS?
Both are protocols for the web. Every website you visit is using it whether you are aware of it or not. The letters stand for Hypertext Transfer Protocol. The “S” in HTTPS stands for secure.
Why It Matters Now
In September, 2016 Google announced that it will start explicitly labeling HTTP connections as non-secure beginning in January 2017. In addition, Google had previously added encryption as a ranking factor for your site. In August 2017 – Google furthered this announcement to label ALL non-SSL websites as not-secure starting in October 2017 and its next release of Chrome browser. Now in August 2018, ALL websites that are not SSL compliant (that means no mixed media messages either) will be marked Not Secure
There are three reasons for this:
- Authentication: Addresses the issue of verifying ownership of your website.
- Data integrity: Refers to whether or not data on the site has been tampered with while in transit.
- Encryption: Refers to security of communications between client and server to ensure that no one else can read them.
Quoting directly from Google:
Beginning in July 2018 (Chrome 68), we’ll mark all HTTP pages as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
The initial announcement in January 2017 (for sites that captured information) created a minor widespread panic in entrepreneurial circles on social media about this deadline. The crying wolf was driven by a lack of understanding and created unnecessary drama. It used to be that unless you collected passwords or credit cards on your site, or collected email addresses/had a contact form that your site would not be marked non-secure (YET) — But it will starting August 2018 It Will!.
You do not need to panic
You do need to plan and act NOW. The time for waiting (when I first wrote this article in January 2017) is long, long gone.
Consider 2018 the year of HTTPS and SSL became mandatory.
What Happens if You Don’t Convert (or Do it Incorrectly)
When SSL conversions started there were a lot of quick-fix and cheap solutions offered by hosting companies and other web professionals looking for a quick buck and to ride the tidal waves of fear. What I can tell you is that each and every business owner who took this route ended up investing 3-4X more than it would have cost them to do it right the first time.
If you don’t get things in order your site could:
- Be blacklisted by Google for unsafe practices
- Experience man-in-the-middle attacks
- Slow way down because of mixed-media warnings creating negative user experience and penalties with Google
You can guarantee that if you don’t get things in order that:
- Google will display a NOT SECURE warning to all website visitors
- If you don’t do it correctly, you will get NOT SECURE and MIXED MEDIA warnings
How to Get Your Site Up to Snuff
Convert your site to SSL. That is the short answer. Going forward all sites that I build for clients will be deployed SSL compliant.
[clickToTweet tweet=”Converting your #website to SSL is NOT a matter of IF but WHEN.” quote=”Converting your #website to SSL is NOT a matter of IF but WHEN.”]
With this need to convert, there is a plethora of misinformation and partial information out there. Hosts are offering free SSL certificates and telling you that one-click will get your site converted. THIS IS NOT TRUE. There is more to a clean, complete conversion that will secure your site and keep it running at optimal performance than one-click (though offering the SSL certificates via your host is a definite plus).
You will also hear a lot of talk about easy to use plug-ins that will make the conversion easy for you. Do not fall for this. Here’s why. The plugins that rewrite your URLS (from http to https) on the fly every time someone visits your site is like having every word you speak or hear spoken to you go through a translator first. It is a tremendous performance hit to your site, might not play well with other site functions you use, and does not address any off-site components that affect your conversion.
Imagine sitting in a professional meeting and the presenter is speaking in another language. You wonder what is going on and then eventually the translator kicks in with her best translation (aka guess) of what they are saying. You get part of the story and at an annoying delay at that. Like the old Kung-Fu movies on cable in the 80’s.
Is this what you want for your website or its visitors?
I didn’t think so.
The first step in getting started is to contact me.
The process I follow for all site conversions is hands-on, thorough, and addresses all the elements that make up a successful SSL conversion. It includes:
- Understanding the scope of how your site is currently set up (you’ll provide details).
- Helping you secure the right level of SSL certificate for your needs.
- Installing the certificate.
- Updating the configuration of your site to point to HTTPS instead of HTTP.
- Converting your site database so all incoming requests, existing site permalinks, and site elements are HTTPS.
- Re-verifying ownership of your site in Google Search Console and updating your sitemap.
- Updating website configuration in Google Analytics.
- Testing and confirming successful conversion.
- Advising you on changes you may need to make (such as changing digital ads and marketing tools to point to the new addresses) for long-term success (they will redirect properly in the short-term).
What To Do Next
This is not a decision about if you should make the switch. This is a decision made more imminent by the latest Google announcement — the time is NOW before October 2018.
Start the conversation today. Contact me sooner rather than later. Stay ahead of the competition and serve your visitors with a secure connection.
Get-It-Done Special Offer
I have a special offer for business owners who want to be proactive and get this off their plate before the last-minute rush!
For $250, I will convert your site following the comprehensive outline above. This offer is limited to the first 3 people who contact me*
* Price does not include third-party fees (if needed). If current site configurations are not conducive to conversion, any additional complexity, steps or fees will be discussed with you and mutually agreed upon prior to starting conversion.