Google is cracking down again on websites that aren't secure. What's coming in October of 2017 is more warnings and alerts when visiting a website that is not supporting HTTPS and is using HTTP. Converting to HTTPS can be difficult but there are some ways that are easier than others to get it done.
What is HTTPS?
HTTPS is using SSL (Secure Socket Layer) to transmit data over the internet. This has been used for many years for capturing credit card information or other private data via an online form.
I wrote about Google warning users of non-SSL websites earlier this year when Google put a big red x-mark over the https:// and caused an uproar. Clients were thinking there was something wrong with their website when in fact nothing had changed. Google eventually backed away from that stance and now just displays a small "i" for information.
Now Google is taking another step forward. If your website page has a login or a form then it will show a "Not Secure" where the "i" currently resides. The message will also appear if a user is using incognito mode for all pages.
This move will most likely cause another round of panic for those who aren't prepared. The only way to make sure you don't have any problems is to migrate to HTTPS. For some this is easier said than done and I've seen a large number of big company's websites still working on this.
How to Move to HTTPS
In years past securing your website used to be harder and more expensive. You'd have to buy an SSL certificate and then have it installed on your hosting account. The process was complicated and took expertise which meant that there was an underlying cost to the whole process with an ongoing annual certificate fee.
Now programmers can install a free certificate from Lets Encrypt. That's the easy part and your hosting provider can help get that done. The harder part is making your website work with HTTPS.
If your website is built with WordPress there's a fairly straightforward method using a plugin called Really Simple SSL. Once you install the certificate and activate the plugin, you should be set. However, there are always issues when loading resources from other websites like images that aren't SSL encrypted. Using this method will still cause a mixed content warning and not get the green Secure lock like we want. Fixing this problem is the hard part and requires some hand coding.
Unfortunately it takes some time to get everything set up properly. This costs business owners more money for something that's not really broken and another example of Google disruption.
For our clients we've created a support plan for WordPress that includes everything you need to manage your own website plus SSL encrypted! Learn more by contacting us via the chat below or clicking through for our form.