3by400 facebook   3by400 twitter   3by400 linkedin   3by400 Google+   3by400 blog feed
Have an account?  Login




Top of Mind from 3by400

Our blog posts are the result of issues and opportunities we see in our daily work. They are designed to increase understanding and provide a source of vision for your web presence.
Font size: +

Why Do Web Browsers List My Site as Not Secure?

Over the last several months, as new versions of Chrome, FireFox, and Internet Explorer have been released, we have experienced a much higher report of “connection is not secure” messages, especially for sites that collect sensitive or private information. These can be as unassuming as a red unlocked icon near the URL, or as intrusive as a pop-up message indicating pure doom if a viewer continues to the website in question.

Has something changed on the site? No. What has changed is the engineered deprecation of non secure sites on the internet, meaning that your web browser is now reporting sites to you that are not using Secure Sockets Layer (SSL), indicated by “https” at the beginning of the URL rather than “http”.

Since early 2015, browser providers like Mozilla and Google announced their intent to force the universal use encryption by all Internet applications, following the recommendation of the Internet Engineering Task Force (IETF), the World Wide Web Consortium (W3C), and the U.S. federal government. The goal is to keep individual information safe from prying eyes, but what is it really?

What is SSL?

Secure Sockets Layer, or SSL, is technology that safeguards the internet connection between two systems—in most cases, between your local computer and the website you are viewing—but also between different servers that may be used in processing interaction associated with your browser session. SSL ensures that your data is not being scanned or changed during your session.

SSL reduces the ability of a hacker to be able to listen to a session between you and a website over wireless or wired connectivity by encryption algorithms that scramble the data. Although you may not care if someone eavesdrops on your Pinterest posts, you probably feel differently about your online banking password, or your credit card number.

An SSL certificate is purchased and installed to the website server, then configured to redirect to “https” pages. It requires nothing from the viewer’s standpoint, other than connection via “https”. So, even if you follow a link that starts with “http”, if the site is using SSL and properly configured, you should find that the URL is automatically converted to “https”.

Keep in mind that SSL, or the appearance of “https” at the beginning of the URL addresses the protection of data during a browser session. Once you have saved personal or credit card information on a web site, there are other security factors in keeping that information safe, so it is still important to be wary of storing personal data on a site unless you are satisfied with their privacy and general data security policies.

Why Do I Need SSL?

As a website owner, it is important to provide site users and customers with this security, even if it is simply to protect their username, password, and email address being transmitted to your site. Seeing the SSL lock or “https” on your URL shows your customers that you care about their privacy and provides them a higher level of confidence in your site.

Now that browsers are reporting non-SSL sites as insecure, it is also important to simply get rid of the negative impact that messaging creates.

Additionally, your SEO impact is taking a hit by not utilizing SSL and displaying “https” on your URLs, especially by Google. Adding SSL allows you to stay in Google’s good graces, receiving increased rankings and preserved referrer links, both of which improve your SEO results within the context of a Google search. And most, if not all other search engines are following their lead.

If you choose not to implement SSL—even for sites that don’t necessarily require private information transactions—the “not secure” warning and the SEO hit you take make it worth the minimal investment.

How Much Does SSL Cost?

Standard SSL certificates range from free to about $150.00 per year. Transport Layer Security (TLS) is an even more upgraded, higher security version of SSL, and can cost more, but is typically not required for even commercial ventures on the web.

SSL requires a dedicated TCP/IP address for your server, so if you are in a shared hosting environment, there may be an additional cost for a dedicated address.

You can also expect to pay for the SSL certificate to be installed, and the necessary switch to “https” URLs from “http”.

Overall, SSL is good for the web and the right direction for your website. With Internet security being very prevalent in the news, SSL will only help your site traffic and customer growth, and never hurt it.

If you are looking to secure your site, please contact us so we can get started. We can help with securing your SSL certificate, a dedicated IP address, and full installation for 3by400-hosted clients.
Being a Partner 201: Recognizing Your Partner
Top New Features in Joomla 3.5: Detailed Review