Are you aware that Google will start showing non-HTTPS websites in the Chrome browser as “NOT SECURE” this month?
(source: Google Security)
This is part of their wider push for an encrypted-only internet. Which, admirable as it is – relies a little bit on fear to push adoption…hence the NOT SECURE warning this month.
We’ve written about the other advantages of a secure website before such as SEO and website speed (with http/2).
Recently I’ve spoken to some of our customers who are naturally worried how this will be seen by your site visitors. Are you planning to remediate your site and avoid the user warnings?
If so we can help by:
- Carrying out a website conversion and replace insecure links within the database with secure ones
- Install a free SSL certificate (or your own, hosting dependant)
- Finally, we’ll apply a configuration change to force all users to use the secure website.
Naturally, all work will be done and tested on Staging before converting the Live website.
This will ensure your site is default secure in operation and free from “mixed mode” SSL errors. When Google pushes the new version of Chrome, you can relax whilst admiring your shiny new green padlock and the improved security and trust.
If you want to avoid the Not Secure message for your visitors then we can carry out your site conversion for a one-off fee of just £99.
We are expecting an increase in requests related to this once Chrome 68 is released so if you would like this done then please get in touch so we can get this scheduled in good time.
Last time out we explained what HTTPS is and what advantages it brings. This week we’ll show you how you can get a free SSL certificate and install it on your web site.
Aren’t SSL certificates expensive?
They can be, as they often come with financial guarantees and you can be sure the largest sites on the internet spend many thousands of pounds on security and the certificate is just one part of this. If you are reading this the chances are you don’t need this level of cover and a more basic certificate will do.We love LetsEncrypt as a great free solution – there really is no reason not to run SSL on your site nowadays. Of course, you can choose to purchase an SSL certificate from a provider, but we’ll be focusing on doing it with LetsEncrypt in this article.
From their website:
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
How to install through your hosting provider
Hopefully, you’ve chosen one of the many hosting providers that have chosen to support LetsEncrypt, as this makes it trivial to set up and automatically renew your SSL certificates. The full list of providers can be found here. Log in to your hosting control panel and look for the setting in and simply follow the instructions there – a few clicks later and you’ll be all set.
If there is an option to “enforce” SSL then select this to automatically redirect site visitors to the secure version of your website.