Security

WARNING: FEB 1, 2017 

SUMMARY: Upgrade to SSL or you’ll get Google-slapped

Google will not just penalize in rankings, but show a nastygram on Google’s page, AND show a message in Chrome if your site is not running an SSL.

NastygramThis will first affect any site requiring a login. There is an internet-wide push toward secure (httpS not just http) sites.

Bing and IE will surely follow suit over time.

Here’s the plan: starting in January with Chrome 56, password or credit card form fields on non-encrypted sites will be labeled “not secure.”

Then, in following releases, those HTTP warnings will be extended: for example, by labeling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy.

Eventually, all HTTP pages will be labeled non-secure, and the HTTP security indicator will change to the red triangle/exclamation mark that Google uses for broken HTTPS.

Best guess: it will get progressively more noticeable and concerning-looking.

Sounds great, for sure, and hopefully Google will manage to do it in a way that users won’t ignore. As Google is no doubt aware, people ignore security alerts up to 87% of the time.

Google notes that encryption also enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.

Google’s offering set-up guides to get started.

How to proceed:

  1. Free – IF your site is a pretty simple site – non-dynamic, say a typical WordPress site without ecommerce and just a few basic forms, we recommend (free!) Cloudflare.com.Note we have no affiliation nor are we endorsed by them. As of this writing, they have SSL options on their free plans. Note this encrypts only between Cloudflare and the end-user, so it is not suitable for e-commerce or user-info (medical, loan applications, etc.) applications.
  2. $19 for 3 years – CheapSSLSecurity.com – we use them for clients all the time.

A quick note: An SSL requires you to prove you are who you claim to be. There is a small amount of paperwork required during setup – it’s not a big deal, but this isn’t a quick-fix push-one-button sort of thing.

For clients on our hosting not on active retainer, we have a flat-rate clients-only offer of $50 for 3 years offer, which includes a rapid SSL, and we’ll handle installation / hookup. Note this does NOT include theme changes (if required – usually not, but in some cases, related to CSS and Javascript, additional work is required). Contact your account rep and we’ll handle it.

For not-yet clients, contact us if you prefer we handle this for you and we can help.