This October, 2017, Google is rolling out an update to Google Chrome that continues their efforts to let users know if they’re browsing the web safely. If you’re part of the 57% of users who browse on Chrome, you may have noticed the little green lock to the left of the browser bar. That was Chrome’s first push toward safer surfing. Only websites with HTTPS will have a little green lock icon to the left of the web address bar at the top of your web browser window.
Step two for Google Chrome is marking sites that don’t use HTTPS as “Not secure.” Any HTTP website that has a contact form, a search bar, or even an email list sign up will be marked “Not secure” if a user goes to enter any of their personal data. You can imagine how damaging this could be to your company’s credibility, so read on to learn how you can switch from HTTP to HTTPS.
In Chrome, any HTTP website that has a contact form, a search bar, or even an email list sign up will be marked “Not secure” if a user goes to enter any of their personal data.
First, What is HTTPS?
HTTPS stands for “Hypertext Transfer Protocol” with Secure Sockets Layer (SSL). Simply, it’s how your computer’s browser communicates safely with a website you’re using. Websites that have HTTP before their website address are not secure because any nefarious entity could be lurking between your browser and the website you’re trying to access. It is extremely dangerous to give any personal information, such as a credit card number, to websites with the HTTP prefix because it means that website is not encrypted. Even if an HTTP site collects seemingly harmless personal information, such as an email address or phone number, that website could serve as a gateway for a hacker.
Websites that Collect Data Get a Green Lock Icon if They Use HTTPS
Google feels very strongly about safe web surfing, so they started to highly encourage people to upgrade from HTTP to HTTPS with that little green lock icon in Google Chrome. In a blog post from September 2016, they announced, “To help users browse the web safely, Chrome indicates connection security with an icon in the address bar.” They also started to label websites that collect credit cards and passwords without HTTPS as “Not secure.” That was step 1 to safer surfing and it became effective in January, 2016.
Now All HTTP Websites that Collect Data are “Not secure”
If your website has a search bar or a form that collects a name and email address, your website will be labeled “Not secure” when the user starts to give their information. That will likely stop many users from giving out their information. This may not seem very different from their update in January, but this affects many more websites using HTTP.
Common Questions About Switching to HTTPS
I’m sure you have a lot of questions at this point about the process of switching to HTTPS. Below are the most common questions followed by our answers:
Is this process expensive? The short answer is, no. However, you will need to purchase an SSL Certificate which can cost anywhere between $31 and $300/year. I discuss SSL Certificates in more detail below.
How long does it take? Anywhere between 2-10 days. Again, this depends on the kind of SSL Certificate you get. At the very least, we need to gain access to your hosting provider and obtain certain documents to apply for the right kind of SSL Certificate.
Will this affect my Search Engine Optimization (SEO)? If you set it up right, it can actually help your SEO. Google gives a very slight boost to websites that adopt HTTPS. In a blog post from Google, they claim, “For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
Switching to HTTPS can actually help your SEO.
You will need to set up redirects for your website from HTTP to HTTPS, but it won’t affect your rankings if you set up your redirects properly. According to Patrick Stox, an SEO specialist for IBM, “I’ve never had a site drop in rankings or traffic when switching to HTTPS, and a lot of people questioned me on this. Due diligence on redirects and redirect chains is likely the difference, as this is what I see messed up the most when troubleshooting migrations.”
How Do I Switch from HTTP to HTTPS?
Have no fear, Trillion is here to help our clients switch to HTTPS. This is where it can get gritty and technical, but we’ll just lay out the need-to-know information. If you have no need for tech jargon and just want to get started, skip to our contact information!
In order for your website to use HTTPS, you need an SSL certificate. If we already have access to your hosting information and built your website, we can help you get an SSL certificate, but we’ll need some additional business documentation to set it up.
What is an SSL Certificate?
SSL stands for Secure Sockets Layer. It’s what enables the secure connection between a browser and an encrypted website’s server. This is where it gets a little confusing. There are different types of SSL certificates, and you need to know which kind is right for your website. This article from the AboutSSL organization is very helpful, so I’ll summarize its key points below:
Extended Validation (EV) SSL Certificate
This is the most secure kind of certificate and is highly recommended for businesses. However, it takes some time, effort, and money to get this kind of certificate. AboutSSL explains, “To issue an EV SSL certificate, the issuer needs to submit important business documents as per the certificate authority’s requirement. It takes up to 10 days to issue an EV SSL Certificate.” Note, this kind of certificate is only for corporations or other kinds of legally recognized entities. Below, see what it looks like when the website you’re visiting has this kind of certificate. Visually, this kind of certificate inspires the most confidence.
The cost: anywhere between $99 and $300/year* depending on how many domains and subdomains you have.
*This price is based on Godaddy.com.
Organization Validated (OV) SSL Certificate
This kind of certificate is good for entities that don’t qualify for an Extended Validation SSL Certificate. An OV SSL certificate is similar to the EV certificate, but it doesn’t have as much rigorous vetting. You still need to submit certain business documents, but it only takes 3 days or less.
The cost: starting at $90/year* depending on how many domains/subdomains you have.
Domain Validated SSL Certificate
This kind of certificate requires the least amount of time and money because it’s only validating that your domain name is legitimate. AboutSSL clarifies, “Here, the user only needs to prove the domain ownership to the certificate authority (CA).” If you get this kind of certificate, your website is still encrypted, but Google Chrome won’t show your business’s name in the browser bar, just a little green lock and “Secure.” This is the quickest kind of SSL certificate to get, clocking in at 24-48 hours.
The cost: starting at approximately $31/year depending on how many domains/subdomains you have.
Other Factors with SSL Certificates
As you saw above, the price varies based on the kind of Certificate you have as well as how many domains and subdomains you have. An example of a subdomain is blog.yourdomain.com, store.yourdomain.com or news.yourdomain.com. For securing different domain names, you need a SAN/Multi-domain SSL. If you have multiple subdomains you want to secure, you need a Wildcard SSL. I won’t get into the nitty-gritties, but if you want to know more about these, read the article I’ve been summarizing.
Call Trillion to Build a Safer, More Effective Website
This whole process seems very complicated, but Trillion helps our clients navigate the whole process, including making the proper choices regarding SSL certificates. When it comes to website redesigns, we are recommending the right kind of SSL certificates and setting up proper redirects for our clients’ websites. If we can be of assistance in your website redesign and adding secure browsing to it, give us a call at 908.219.4703.