As you’re likely aware, Google will begin alerting users of their popular Chrome browser of insecure websites beginning July 2018. While we don’t necessarily agree with Google’s “policing” of websites, we also understand that clients will want to make sure that their sites don’t scare away visitors due to a security alert in the Chrome browser.
SSL (Secure Sockets Layer) is a form of data encryption for web traffic. SSL is important if your site uses sensitive information (logins, credit cards, banking) or stores that data. However, for most sites, SSL has not been a requirement until Google has decided that all sites should use SSL. (https://blog.chromium.org/2018/02/a-secure-web-is-here-to- stay.html)
First, and most importantly, don’t fall victim to the many companies that are trying to sell SSL certificates using scare tactics to get you to purchase from them at bloated costs. It’s also very important that you choose a reputable certificate authority, not some fly-by-night company.
You can check if you already have SSL by simply using https instead of http in your web address. If https works and you get a green lock in the browser, you are good to go! (Although you may need to make a configuration change to force https.) If you get an error, you may need to implement a SSL certificate on your web server.
You have options:
1. Do nothing. Yes, this may be an option for you. (Although it’s not an option we would recommend.) The worst that will happen is Chrome will display a “not secure” warning in the address bar of the browser, but that warning will most likely deter visitors or cause them to question the validity of your site. You’ll have to decide if it is feasible to avoid installing SSL on your web site. Again, we wouldn’t recommend this option.
2. Get a free SSL certificate. Many hosting companies provide free shared certificates. These are often adequate if all you are seeking is to avoid the Google Chrome alert. For example many reputable hosting providers provide free shared SSL that can easily be activated from your account. You can also get a free flexible SSL through Cloudflare. Cloudflare is a popular service that provides caching, firewall and free SSL. Another free encryption option is LetsEncrypt, which provides a full free certificate but will require a little technical knowledge for installation.
3. Purchase a full certificate. A full certificate provides the highest level of security and provides full encryption from the browser to the server. Providers include companies such as Comodo. A full certificate is recommended if you are transmitting or requesting secure data. If you are, you likely (or should) already have a full SSL certificate installed. Full certificates are around $100/year and can be more or less expensive depending on the features and type of certificate.
We are here to help.
We can help you determine the best course of action if you need SSL and we can help you get SSL on your web site. You can also do it yourself by either implementing a free resource or contacting your web hosting provider and activating a certificate through them.
Visit our website at 18street.com to get started or if you have any questions.