You could be losing business and website visitors if your website is flagged with a “Not Secure” message
In July 2018, Google Chrome made good on it’s announcement to mark all HTTP sites as “not secure,” according to a blog post published by Chrome security product manager Emily Schechter.
So just what’s the difference between “http” and “https” and why should I care?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted.
An un-secure website as seen in the Firefox browser:
An un-secure website as seen in the Google Chrome browser:
All web activity sent over regular HTTP connections are remitted in ‘plain text’ which can be read by anyone who manages to break into the connection between your browser and the website. Fairly easy stuff for hackers to dig into. Obviously, this can be a major problem, especially with credit card and other secure transactions if your website uses an order form that includes personal data, credit card details, social security numbers, etc.
A secure website address let’s your clients and customers know that they can safely view and use your website
Using an HTTPS connection, all communications are securely encrypted. Even if somebody manages to break into your website connection, they would not be able decrypt any of the data which passes between them and the website. The other benefits of a secure, HTTPS connection are that web visitors can verify you as a registered business and that you are the domain owner.
How do I convert from the un-secure HTTP website to a secure HTTPS version?
Fortunately, you don’t need a whole new website or need to spend a lot of money to fix the issue. The first step is to purchase and install an SSL certificate. This can usually be done through the assistance of your web hosting company. As a matter of fact, Alpine Web Media provides free SSL certificates to all of our web hosting clients.
The other things you will need to do is change your website links internally. Any pages or settings that reference HTTP must be changed to HTTPS. In the case of external links to other websites, those links will have to be manually checked. Otherwise, changing those links to HTTPS could break the link if the other website owner is not HTTPS compliant.
Update January 2020
Google has moved forward in it’s threat to penalize websites that are not SSL enabled by placing an “insecure” notice in the address bar of your browser. This is something they threatened to do quite some time ago but many businesses still have insecure websites. Basically, if your website address begins with “http” instead of “https” it’s insecure and you should fix it.
All Alpine Web Media hosted websites already have SSL enabled but if you’re hosting elsewhere, make sure that you’re compliant.
Beware of working with some of the cheap web hosting companies (you probably know the names).
One of our clients registered his domain name with one and his web hosting with the other. Between the two, they cannot seem to coordinate and get his SSL certificates applied correctly. Even though his website is already encoded for SSL, it is currently unreachable. Unless or until one of these “well known” hosting companies get their act together, his website is dead in the water. What should have been an easy 24 hour solution is now an ongoing technical nightmare for this poor guy!