Has something changed on the site? No. What has changed is the engineered deprecation of non secure sites on the internet, meaning that your web browser is now reporting sites to you that are not using Secure Sockets Layer (SSL), indicated by “https” at the beginning of the URL rather than “http”.
Since early 2015, browser providers like Mozilla and Google announced their intent to force the universal use encryption by all Internet applications, following the recommendation of the Internet Engineering Task Force (IETF), the World Wide Web Consortium (W3C), and the U.S. federal government. The goal is to keep individual information safe from prying eyes, but what is it really?
Secure Sockets Layer, or SSL, is technology that safeguards the internet connection between two systems—in most cases, between your local computer and the website you are viewing—but also between different servers that may be used in processing interaction associated with your browser session. SSL ensures that your data is not being scanned or changed during your session.
What is SSL?
SSL reduces the ability of a hacker to be able to listen to a session between you and a website over wireless or wired connectivity by encryption algorithms that scramble the data. Although you may not care if someone eavesdrops on your Pinterest posts, you probably feel differently about your online banking password, or your credit card number.
An SSL certificate is purchased and installed to the website server, then configured to redirect to “https” pages. It requires nothing from the viewer’s standpoint, other than connection via “https”. So, even if you follow a link that starts with “http”, if the site is using SSL and properly configured, you should find that the URL is automatically converted to “https”.
Keep in mind that SSL, or the appearance of “https” at the beginning of the URL addresses the protection of data during a browser session. Once you have saved personal or credit card information on a web site, there are other security factors in keeping that information safe, so it is still important to be wary of storing personal data on a site unless you are satisfied with their privacy and general data security policies.
As a website owner, it is important to provide site users and customers with this security, even if it is simply to protect their username, password, and email address being transmitted to your site. Seeing the SSL lock or “https” on your URL shows your customers that you care about their privacy and provides them a higher level of confidence in your site.
Why Do I Need SSL?
Now that browsers are reporting non-SSL sites as insecure, it is also important to simply get rid of the negative impact that messaging creates.
Additionally, your SEO impact is taking a hit by not utilizing SSL and displaying “https” on your URLs, especially by Google. Adding SSL allows you to stay in Google’s good graces, receiving increased rankings and preserved referrer links, both of which improve your SEO results within the context of a Google search. And most, if not all other search engines are following their lead.
If you choose not to implement SSL—even for sites that don’t necessarily require private information transactions—the “not secure” warning and the SEO hit you take make it worth the minimal investment.
Standard SSL certificates range from free to about $150.00 per year. Transport Layer Security (TLS) is an even more upgraded, higher security version of SSL, and can cost more, but is typically not required for even commercial ventures on the web.
How Much Does SSL Cost?
SSL requires a dedicated TCP/IP address for your server, so if you are in a shared hosting environment, there may be an additional cost for a dedicated address.
You can also expect to pay for the SSL certificate to be installed, and the necessary switch to “https” URLs from “http”.
Overall, SSL is good for the web and the right direction for your website. With Internet security being very prevalent in the news, SSL will only help your site traffic and customer growth, and never hurt it.
If you are looking to secure your site, please contact us so we can get started. We can help with securing your SSL certificate, a dedicated IP address, and full installation for 3by400-hosted clients.