Have you heard that Google is strongly stressing website owners to have SSL (Secure Sockets Layer) yet? You might have seen address bars with “Not Secure” within Chrome, or websites with warnings on them. Months ago warnings weren’t a thing, but Google is now cracking down on websites that don’t have HTTPS and SSL certificates.
In September 2016, Google began making plans to create a more secure web. In January 2017, The Chromium Project, behind the Google Chrome browser, implemented the “Not Secure” warning in the address bar as the start of this plan, especially for websites that contain passwords and credit card forms.
For any WordPress user, your website has a login by default. Even if the front of your website wasn’t HTTPS and didn’t have a warning, when you log into your WordPress admin area, you’d see a “Not Secure” in the address bar of the Chrome browser.
Google posted in April of 2017 that they would execute the second step in their secure web plan in October of the same year. This plan is that when someone visits a HTTP site, Chrome will add the “Not Secure” label in the address bar for any page containing input fields for forms, or when visiting a site in Incognito mode.
[Credit- Google Online Security Blog – Next Steps Toward More Connection Security]
WordPress website owners and other types of webmasters have been receiving emails from Google Search Console about input fields not being secured. (screen shot below)
[Credit: Search Engine Land – Google emails warnings to webmasters that Chrome will mark http pages with forms as ‘not secure’]
So, what does this mean for you as a website owner? Should you have SSL on your WordPress website? Here are some reasons why you should have it, why you really have no excuse, and some bonus material (more of a reminder) on security.
Why purchase and install a SSL?
SSL allows your information to pass through your internet browser and onto the web server using encryption. This means that if there’s a hacker trying to get information from you, they won’t be able to easily steal that sensitive info.
From experience, a lot of our infection cleanup clients use similar passwords throughout all of their logins, whether it be WordPress, their web host, Paypal, and even their bank! That’s pretty scary, and perhaps some of you who are reading this might also be participating in this unsecure password behavior. With SSL, your data is encrypted so it cannot be deciphered easily by any bot or hacker.
Another reason to have SSL is for site speed. HTTPS/2 can actually speed up your website. In the past, HTTPS used to be known as a website speed killer, but technology has improved greatly. Test the difference of HTTP versus HTTPS here.
Think about your website visitors and yourself. If you see a warning that a website is not secure, do you quickly exit or do you continue browsing the website?
Google isn’t doing this to control you. It is to help you realize that you need to create a safer experience for your users.
- Purchase Standard SSLfor $64.99/year (with the white address bar screenshot below) – Verifies your domain control and secures your site.
- Domain validated
- Issued within minutes
- $100,000 warranty
- Premium SSL for $149.99/year (with the green address bar screenshot below) – Most extensive validation. Ideal for eCommerce.
- Domain and company validated
- Trusted green browser bar
- Free 1 year Standard SSL
- $1,000,000 warranty
- Transfer your hosting and purchase your own SSL Certificate
- Do nothing at this time.
Google and other search engines are also ranking websites with an SSL ahead of websites without an SSL certificate. So this is another quick way to get ahead of slow-to-act businesses and websites. 😉