Google Just Upped the Ante - SSL is Now REQUIRED

In a post today on the Google Security Blog, the Google team made an announcement:

Beginning in January 2017, the Google Chrome browser will start showing a security error on all unsecured websites. This is a pretty huge deal.

What exactly does that mean? Let me break it down for you.

Why should you secure your website?

An unsecured website transmits data over the web that can be intercepted and “read” by the interceptor. Take your username and password, for example. That’s something you enter into websites many times a day.

Let’s imagine a hacker was savvy enough to get access into a website like Amazon.com.*

If Amazon.com were using an unsecured website, millions of passwords could be intercepted. These could then be hijacked and used for all the bad things that hackers do.

In other words, if Amazon had an unsecured site, that type of hacking would be possible because the data wasn’t encrypted. Basically, it was being passed between computers as plain, readable text.

*Amazon is very secure and this wouldn’t likely happen to them.

Here’s a graphic to help understand this concept:

How data is handled on Unsecured Website

At any given moment, a malicious hacker could potentially grab the text out right out of the air and wreak havoc.

When you secure your website, though, you change all of the transmissions from plain to encrypted text. In a metaphorical sense, it looks like this:

How data is transferred on a secured site

Google really loves a secured website

Long before the announcement that security certificates are required, Google made it clear that having a secured website would help increase the ranking position of your website. Here’s the post where they explain it all.

Not only are you going to be making your (and your user’s) data more secure, you also derive a ranking benefit. Win win? I’d say so.

How do you know if your website is secured?

It’s relatively easy to know if your website is secured or not. A secured website will have a couple of obvious features, starting with the URL.

If your URL has https:// in front of the domain name, you are in luck. Your website is already secured!

If your website is missing the “s” on https:// then you will likely need to setup an SSL certificate.

You can also look for the little green lock symbol next to your domain name, just like this website has:

How much does it cost to secure a website?

If you consider yourself a pretty nerdy fellow, you’re in luck. Using sites like letsencrypt.org, you can get your site secured for a few hours of time and a whopping zero dollars.

There are some caveats, a major one being that you have to renew your security certificate every 90 days. This can be done manually, or if you’re slick, you can setup a cron job to renew the security certificate automatically for you.

Other than that, prices range from about $75 for a basic 1yr SSL certificate, up to up to $300 for a wildcard certificate. You may also have to pay a developer to set it up for you.

What is a wildcard certificate?

If you use more than one subdomain on your site, and you want to secure them all, you’ll need a wildcard certificate.

Can securing your website negatively impact your search engine rankings?

You have to be really careful when setting up your security certificate. You are essentially moving your site to a new domain, and when that happens all of your old backlinks will break UNLESS you have proper redirects in place. It’s a bit much to explain in this post, but when you take the plunge, make sure this is taken into consideration.

Other than the possibility of losing backlink juice, your site should only have a positive reaction in the search engines.