Google have announced that Chrome will force SSL, by labelling websites that don’t use an SSL certificate as insecure, starting from January 2017.
SSL Certificates – A brief background
SSL stands for “Secure Sockets Layer”. It’s a way of encrypting data when you visit and use a website. Up to now it’s been primarily used for ecommerce sites and membership sites, where you may enter sensitive personal information such as credit card details and a username & password. Depending on your browser, most commonly you will see a green or gold padlock in the address bar when visiting a site that has an SSL certificate. The URL will start with https:// instead of http://. Many popular websites such as Facebook and Twitter already use https by default.
An SSL certificate will use encryption when you visit a website to make sure that a hacker can’t interfere with your browsing. So for example, if you were surfing in a coffee shop (which is a public open network), a hacker in the same shop could intercept your browsing and steal your credit card information if you made an online purchase. Or they could steal your login for a site such as your bank. (If you are logging into your bank or purchasing online on a public wifi network, then you are putting yourself at risk. We would advise not to visit sensitive sites on a public wifi network).
A hacker could also serve malware or viruses onto an unencrypted web page that you were visiting. This second risk, while potentially dangerous, seems highly unlikely for SME websites.
Chrome will force SSL by labelling insecure websites
However Google have decided that they want to push the web to use https for all websites. To begin with, Chrome will force SSL by labelling insecure websites, that collect passwords or credit card information, as ‘Not secure’ from January 2017 in their popular Chrome browser.
As of writing, Chrome enjoys a 58.75% share of the browser market according to StatCounter:
Which basically means you have little choice but to secure your website as soon as possible. Google go on to state that eventually they will be labelling ALL http:// traffic as insecure so it’s not a question of if but when you secure your website with an SSL certificate.
So what can/ should I do?
You need to secure your website with an SSL certificate as soon as possible. There is little point in waiting for the labelling to come into place. Moreover, Google favour websites with https in their search engine rankings so, all in all, it’s a benefit to get your website secured now.
If you are a 7107 Digital customer and you use our UK hosting packages then you don’t need to do anything, as we have decided to include SSL certificates for all our UK hosting customers free of charge. We have already implimented this as of the beginning of October 2016.
If you use our US hosting then unfortunately we cannot currently offer free SSL, although this might change in the future, (but it’s out of our control). Therefore you need to purchase an SSL certificate. But don’t worry, they are not expensive, an SSL will cost you just $10 per year. We charge an installation fee of $20 so we recommend that you purchase an SSL certificate for several years at a time.
If you do not host with us, but still need to secure your website, then we can help. Please get in contact with us and we can advise you accordingly.