As the number of people worldwide that use the Internet grows (4 billion and counting!), keeping up with hacking, phishing, malware, and other shady web security issues becomes even more of a priority. Whether you use the Internet for work, to stay in touch with friends, post updates to social media, purchase products online, or to manage your finances or investments, the companies whose websites you interact with are making website security a priority to keep your personal and business information safe.
And they’re doing so thanks to Google, who is basically strong-arming all websites into securing their contents and protecting their customers’ information by implementing SSL encryption.
You have until July 24 to install an SSL certificate on your website, or Google will mark your website as “Not Secure”.
So what is SSL?
The web can be a scary place for your customers’ personal data – filling out a form, submitting credit card information for an online purchase, or asking them to sign up for something online on an unsecured site opens the door to hackers to steal their information.
A website that is encrypted with SSL, or Secure Sockets Layer, essentially positions a security guard at the front door of this sensitive data. SSL is security technology that creates an encrypted link between a web server and a browser to keep the internet connection secure, and safeguards any sensitive data to block hackers from getting to it.
What about all the other security terms like HTTPS and TLS?
Internet security is a bit like alphabet soup. When it comes to web security, people often use the terms like SSL, TLS, and HTTPS interchangeably. So, what are all the acronyms, what do they stand for, and what the heck do they mean?
SSL and TLS, short for Transport Layer Security, are both cryptographic protocols that encrypt information travelling between applications and servers over a network. SSL was originally developed by Netscape (remember them!?). TLS, or Transport Layer Security, is the successor to SSL and is actually what is used currently to provide security these days. When SSL reached version 3.0, TLS took over. Version 1.0 of TLS is basically version 3.1 of SSL.
The HTTP in HTTPS stands for Hypertext Transfer Protocol (HTTP). The S stands for Secure. It’s the foundation of data communication on the web. HTTP is a protocol for sending requests and receiving answers over a network aka the Internet. When that protocol is secured by SSL/TLS (remember, those terms can be used interchangeably!), then the protocol becomes HTTPS.
Why is having a secure website important?
Securing your website is important for several reasons:
It keeps your customer’s information safe and secure by encrypting and scrambling it so hackers can’t get to it.
It manages data integrity by preventing files from being corrupted as they’re transferred from your clients using your website to the information they’re sharing or submitting online.
It builds trust and brand power by verifying that the website has both an updated and authenticated security certificate, so your customers know that their information is safe with you
Most importantly, it helps you rank better in search engines – in fact, very soon it will be a requirement for Google’s search rankings, and it will negatively impact your SEO if you don’t have an SSL certificate.
What changes is Google making to prioritize web security?
For years, Google has been pushing websites to be secure, and it’s no surprise that they favor websites that are trusted, secure, and certified.
Currently in the Google Chrome web browser, secure websites are marked green and highlighted within the Google browser bar, while unsecure sites don’t have anything. Google has announced that in July 2018, sites that are insecure and have any kind of text input will be formally marked as insecure. The update will be made available in the next release of Chrome and will look like this:
While this is a big change in outward appearance, the truth is that Google has been using site security as a ranking signal for a while.
Back in 2014, Google rolled out an update in their ranking algorithm that put security as a priority and gave secure websites a slight ranking advantage.
Google has also stated that just in the last year, significant progress was made in moving towards a more secure web they’ve seen these changes year over year:
Over 68% of Chrome traffic on both Android and Windows is now protected
Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
81 of the top 100 sites on the web use HTTPS by default
The fact is, more and more web developers and webmasters are converting their websites to be secure, and it’s no surprise why – it’s clear that having an SSL certificate offers the security and peace of mind that many Internet users demand.
How do I secure my website?
Securing your website is now more important than ever, and Google suggests that the following things be implemented when making the transition:
Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
Use 2048-bit key certificates
Use relative URLs for resources that reside on the same secure domain
Use protocol relative URLs for all other domains
Don’t block your HTTPS site from crawling using robots.txt
Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
While Google has simplified the process of shifting to a secure website, it is still quite an involved process. To enable HTTPS on your website, you need to get your certificate from a Certificate Authority (CA). To do that, you will have to demonstrate control over the domain. To figure out what method will work best for you, you will need to know whether you have shell access (also known as SSH access) to your web host. If you manage your website entirely through a control panel like cPanel, Plesk, or WordPress, there’s a good chance you don’t have shell access. Some of these management panel services have built in SSL tools to help add this extra security layer to your website. You can ask your hosting provider to be sure.
That being said, it’s better for you to be proactive and update to a secure site before Google’s changes take place in July. Relying on a technology partner that is experienced in web security is the best and fastest method to securing your website.
Lucky for you, Ethode has implemented so many of these over the years we can do it in our sleep 😴. If you’d like Ethode to help you migrate to a secure website, get in touch with us today.
Is your website powered by dotCMS? If so, get deeper in the weeds of setting up SSL by reading our other blog post Using Let's Encrypt with dotCMS.