Did you feel the ground shift recently? Google has been warning of this day coming and it is now here.
This year Google started a new process: when a web user visits a website that doesn't have SSL encryption, a warning is displayed. The problem is that most people don't know what website SSL even is and what the warning means. In the mean time, the warning message has been wreaking havoc for web developers. Clients are calling panic stricken that there is something wrong with their website. I see this as another example of how Google will disrupt its own SEO industry for monetary gain. This shift in thinking isn't necessary or even urgent. The information presented by its very nature is misleading and makes it difficult for internet marketing companies to manage.
So What is Website SSL?
Let me back up a bit and explain what SSL is. SSL stands for Secure Sockets Layer; it is the industry standard technology that encrypts data transmitted between an individual’s browser and the web server. The link guarantees that any data entered into the web server from the browser will remain private. Essentially, instead of having data visible to anybody that can intercept it for their own purposes, it is invisible with SSL in place. The technology is used by millions of company websites to protect their customers’ interactions with their online business. A good example of this is when you fill out a form on a website with your credit card information. You always want to see a green lock in the address bar because it means that you are using a payment system that will protect you from a hacker stealing your identity online after you click submit. It is also a good idea for websites to have the green lock for contact forms where you enter personal identification such as your phone number and address.
So why do all the other pages need to be encrypted? Well the answer is they don't. Those pages don't have any way to enter anything and the information is visible to the public. Which brings me back to my original question: why is Google doing this? Google will do things to disrupt their own market. This keeps their website issues top of mind, which leads to awareness and conversation about how their websites appear on search engines.
How do I secure my website?
Securing a website used to be a lot more difficult and expensive than it is now. To secure a website today all you need to do is obtain an SSL certificate and install it on the server for the website. The price of the certificate increases with the amount of trust you need. More expensive certificates look more trustworthy and have more credibility.
The process goes like this:
The company enters information about itself. The web server takes this information and creates two cryptographic keys: a Private Key and a Public Key. The Public Key is submitted into a Certificate Signing Request (CSR) and after verifying details, the Certification Authority will issue an SSL Certificate containing business details such as domain name, company name, address, city, state and country and allowing the business to use SSL. The web server then matches the SSL Certificate to the business’ Private Key which enables the web server to establish an encrypted link between the website and the customer's web browser.
When a browser connects to a secure site it searches for the site's SSL Certificate and ensures that it has not expired, that it has been issued by a Certification Authority the browser deems trustworthy, and that it is being used by the website for which it has been issued. If the check turns up a red flag on any of these three points the browser will display a warning to the end user to inform them that the site is not secured by SSL.
There are now options for getting a free certificate from Lets Encrypt but you still need a developer to enable and fix any issues that are caused by the encryption.
Our Website PRO plan comes packed with features including free SSL for your business website. Check it out at https://softwiredweb.net/pricing/