Recently, Google has announced that Chrome 56 will mark HTTP pages that attempt to collect passwords or credit cards as non-secure. There are also plans to mark all http sites as non-secure. This is part of a larger effort to make sure the websites we browse are secure. But let’s back up, what is http vs. https? What are SSL certificates and why is all of this important?
HTTPS - What does it mean, and what does it signal to users?
HTTPS stands for hyper text transfer protocol secure. It’s shorthand for the way data is sent between your browser (Chrome, Firefox, Explorer, etc.) and websites (https://www.lyntonweb.com, etc). Using this secure protocol is preferred to protect sensitive consumer information - when online shopping and banking.
Currently, browsers are signaling to users when websites are secure by using a padlock icon in the browser. This helps users feel confident in sharing sensitive information with websites. With identity theft and hackings on the rise, consumers are starting to pay more attention to this information.
For larger entities like Google, they are encouraging the use of https in order to protect those consumers as well. Just like the push for mobile friendly and fast loading websites before, this is one more area where they are trying to make the web a better place.
I’m not an e-commerce website manager, why should I care about using https?
It’s been known that Google is using https as a ranking signal for quite awhile. Various articles have noted that, as mentioned above, browsers will start to call out http connections in order to protect consumers. This means you may not only be missing out on organic website traffic, but users may abandon your website if they think their browsing experience is unsafe.
How do I setup my website in order to use https?
Websites listed at the https protocol either use SSL (secure sockets layer) or TLS (transport layer security) to encrypt communications. This is where the purchase of a SSL certificate comes in. Business owners have a couple options to obtain these certificates:
- Buy third party SSL certificates, just like you would buy a domain address. This route may require additional developer help to install and configure the SSL certificate.
- Reach out to your current hosting provider. Some hosts offer SSL certificates and will assist with the setup.
Want to know the more technical information regarding how SSL encrypts information? We recommend this article.
Setup may take several days and will require access to your DNS records. After setup is complete, you may require assistance from a developer to modify scripts or remove any insecure content (using a http protocol) from your website.
HubSpot Website Add-on Users
Reach out to your Account Manager to get started. A standard SSL certificate is available for free, for your HubSpot hosted content. More Information is available here.
WordPress WP Engine Users
Users who use WP Engine can take advantage of the free domain-validated certificates, as long as they meet certain requirements.
If you're a LyntonWeb customer you can email email@example.com if you require assistance from a developer upon receiving your SSL certificate or need more information.
Remember that Google will begin rolling out this change at the end of the month so the time to act is now.